From a6d702c88d3029234e59b3bbd987214ce58b90a2 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Thu, 15 Jul 2021 10:17:16 -0700 Subject: [PATCH 01/40] Port TLS 1.3 from Go (#300) --- go.mod | 2 +- go.sum | 4 +- internal/cfg/cfg.go | 65 + internal/cpu/cpu.go | 226 ++ internal/cpu/cpu.s | 6 + internal/cpu/cpu_386.go | 7 + internal/cpu/cpu_amd64.go | 7 + internal/cpu/cpu_arm.go | 34 + internal/cpu/cpu_arm64.go | 28 + internal/cpu/cpu_arm64.s | 18 + internal/cpu/cpu_arm64_android.go | 11 + internal/cpu/cpu_arm64_darwin.go | 34 + internal/cpu/cpu_arm64_freebsd.go | 45 + internal/cpu/cpu_arm64_hwcap.go | 63 + internal/cpu/cpu_arm64_linux.go | 13 + internal/cpu/cpu_arm64_other.go | 17 + internal/cpu/cpu_mips.go | 10 + internal/cpu/cpu_mips64x.go | 32 + internal/cpu/cpu_mipsle.go | 10 + internal/cpu/cpu_no_name.go | 19 + internal/cpu/cpu_ppc64x.go | 23 + internal/cpu/cpu_ppc64x_aix.go | 21 + internal/cpu/cpu_ppc64x_linux.go | 29 + internal/cpu/cpu_riscv64.go | 10 + internal/cpu/cpu_s390x.go | 205 ++ internal/cpu/cpu_s390x.s | 63 + internal/cpu/cpu_s390x_test.go | 63 + internal/cpu/cpu_test.go | 84 + internal/cpu/cpu_wasm.go | 10 + internal/cpu/cpu_x86.go | 163 + internal/cpu/cpu_x86.s | 26 + internal/cpu/cpu_x86_test.go | 55 + internal/cpu/export_test.go | 9 + internal/testenv/testenv.go | 309 ++ internal/testenv/testenv_cgo.go | 11 + internal/testenv/testenv_notwin.go | 20 + internal/testenv/testenv_windows.go | 47 + tls/alert.go | 114 +- tls/auth.go | 295 ++ tls/auth_test.go | 168 ++ tls/cipher_suites.go | 1338 ++------- tls/cipher_suites_test.go | 47 - tls/common.go | 1875 +++++++----- tls/common_string.go | 116 + tls/conn.go | 1565 ++++++---- tls/conn_test.go | 217 +- tls/example_test.go | 221 +- tls/generate_cert.go | 108 +- tls/handshake_client.go | 1375 ++++----- tls/handshake_client_test.go | 2627 ++++++++++++++--- tls/handshake_client_tls13.go | 685 +++++ tls/handshake_extensions.go | 393 --- tls/handshake_messages.go | 2408 +++++++-------- tls/handshake_messages_test.go | 322 +- tls/handshake_server.go | 764 ++--- tls/handshake_server_test.go | 1647 +++++++++-- tls/handshake_server_tls13.go | 872 ++++++ tls/handshake_test.go | 393 ++- tls/handshake_unix_test.go | 18 + tls/key_agreement.go | 787 ++--- tls/key_schedule.go | 199 ++ tls/key_schedule_test.go | 175 ++ tls/link_test.go | 108 + tls/poly1305.go | 1540 ---------- tls/prf.go | 359 +-- tls/prf_test.go | 60 +- .../Client-TLSv10-ClientCert-ECDSA-ECDSA | 117 +- .../Client-TLSv10-ClientCert-ECDSA-RSA | 185 +- tls/testdata/Client-TLSv10-ClientCert-Ed25519 | 110 + .../Client-TLSv10-ClientCert-RSA-ECDSA | 181 +- tls/testdata/Client-TLSv10-ClientCert-RSA-RSA | 249 +- tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES | 98 +- tls/testdata/Client-TLSv10-ECDHE-RSA-AES | 178 +- tls/testdata/Client-TLSv10-Ed25519 | 0 .../Client-TLSv10-ExportKeyingMaterial | 95 + tls/testdata/Client-TLSv10-RSA-RC4 | 155 +- tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES | 100 +- tls/testdata/Client-TLSv11-ECDHE-RSA-AES | 180 +- tls/testdata/Client-TLSv11-Ed25519 | 0 tls/testdata/Client-TLSv11-RSA-RC4 | 155 +- tls/testdata/Client-TLSv12-AES128-GCM-SHA256 | 86 + tls/testdata/Client-TLSv12-AES128-SHA256 | 95 + tls/testdata/Client-TLSv12-AES256-GCM-SHA384 | 86 + tls/testdata/Client-TLSv12-ALPN | 93 + tls/testdata/Client-TLSv12-ALPN-NoMatch | 91 + .../Client-TLSv12-ClientCert-ECDSA-ECDSA | 125 +- .../Client-TLSv12-ClientCert-ECDSA-RSA | 188 +- tls/testdata/Client-TLSv12-ClientCert-Ed25519 | 119 + ...nt-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 | 137 + .../Client-TLSv12-ClientCert-RSA-ECDSA | 189 +- tls/testdata/Client-TLSv12-ClientCert-RSA-RSA | 251 +- .../Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 | 134 + .../Client-TLSv12-ClientCert-RSA-RSAPSS | 142 + tls/testdata/Client-TLSv12-ClientFingerprint | 106 - tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES | 100 +- .../Client-TLSv12-ECDHE-ECDSA-AES-GCM | 92 +- .../Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 | 97 + ...lient-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 | 88 + ...lient-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 | 84 + tls/testdata/Client-TLSv12-ECDHE-RSA-AES | 180 +- .../Client-TLSv12-ECDHE-RSA-AES128-SHA256 | 101 + .../Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 | 88 + tls/testdata/Client-TLSv12-Ed25519 | 68 + .../Client-TLSv12-ExportKeyingMaterial | 90 + tls/testdata/Client-TLSv12-P256-ECDHE | 98 + tls/testdata/Client-TLSv12-RSA-RC4 | 155 +- tls/testdata/Client-TLSv12-RenegotiateOnce | 244 ++ tls/testdata/Client-TLSv12-RenegotiateTwice | 343 +++ .../Client-TLSv12-RenegotiateTwiceRejected | 247 ++ .../Client-TLSv12-RenegotiationRejected | 95 + tls/testdata/Client-TLSv12-SCT | 113 + tls/testdata/Client-TLSv12-X25519-ECDHE | 92 + tls/testdata/Client-TLSv13-AES128-SHA256 | 90 + tls/testdata/Client-TLSv13-AES256-SHA384 | 92 + tls/testdata/Client-TLSv13-ALPN | 93 + tls/testdata/Client-TLSv13-CHACHA20-SHA256 | 90 + .../Client-TLSv13-ClientCert-ECDSA-RSA | 139 + tls/testdata/Client-TLSv13-ClientCert-Ed25519 | 122 + .../Client-TLSv13-ClientCert-RSA-ECDSA | 134 + .../Client-TLSv13-ClientCert-RSA-RSAPSS | 143 + tls/testdata/Client-TLSv13-ECDSA | 86 + tls/testdata/Client-TLSv13-Ed25519 | 68 + .../Client-TLSv13-ExportKeyingMaterial | 90 + tls/testdata/Client-TLSv13-HelloRetryRequest | 119 + tls/testdata/Client-TLSv13-KeyUpdate | 102 + tls/testdata/Client-TLSv13-P256-ECDHE | 94 + tls/testdata/Client-TLSv13-X25519-ECDHE | 90 + tls/testdata/Server-SSLv3-RSA-3DES | 83 - tls/testdata/Server-SSLv3-RSA-AES | 84 - tls/testdata/Server-SSLv3-RSA-RC4 | 79 - tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES | 154 +- .../Server-TLSv10-ExportKeyingMaterial | 93 + tls/testdata/Server-TLSv10-RSA-3DES | 145 +- tls/testdata/Server-TLSv10-RSA-AES | 151 +- tls/testdata/Server-TLSv10-RSA-RC4 | 139 +- tls/testdata/Server-TLSv11-FallbackSCSV | 11 + tls/testdata/Server-TLSv11-RSA-RC4 | 139 +- tls/testdata/Server-TLSv12-ALPN | 92 + tls/testdata/Server-TLSv12-ALPN-NoMatch | 91 + ...rver-TLSv12-CipherSuiteCertPreferenceECDSA | 163 +- ...Server-TLSv12-CipherSuiteCertPreferenceRSA | 177 +- ...er-TLSv12-ClientAuthRequestedAndECDSAGiven | 170 +- ...-TLSv12-ClientAuthRequestedAndEd25519Given | 109 + .../Server-TLSv12-ClientAuthRequestedAndGiven | 234 +- ...TLSv12-ClientAuthRequestedAndPKCS1v15Given | 125 + .../Server-TLSv12-ClientAuthRequestedNotGiven | 152 +- tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES | 158 +- tls/testdata/Server-TLSv12-Ed25519 | 58 + .../Server-TLSv12-ExportKeyingMaterial | 89 + tls/testdata/Server-TLSv12-IssueTicket | 166 +- .../Server-TLSv12-IssueTicketPreDisable | 166 +- tls/testdata/Server-TLSv12-P256 | 86 + tls/testdata/Server-TLSv12-RSA-3DES | 151 +- tls/testdata/Server-TLSv12-RSA-AES | 155 +- tls/testdata/Server-TLSv12-RSA-AES-GCM | 163 +- .../Server-TLSv12-RSA-AES256-GCM-SHA384 | 82 + tls/testdata/Server-TLSv12-RSA-RC4 | 145 +- tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 | 77 + tls/testdata/Server-TLSv12-RSA-RSAPSS | 77 + tls/testdata/Server-TLSv12-Resume | 68 +- tls/testdata/Server-TLSv12-ResumeDisabled | 166 +- tls/testdata/Server-TLSv12-SNI | 144 +- tls/testdata/Server-TLSv12-SNI-GetCertificate | 84 + .../Server-TLSv12-SNI-GetCertificateNotFound | 84 + tls/testdata/Server-TLSv12-X25519 | 82 + tls/testdata/Server-TLSv13-AES128-SHA256 | 100 + tls/testdata/Server-TLSv13-AES256-SHA384 | 103 + tls/testdata/Server-TLSv13-ALPN | 100 + tls/testdata/Server-TLSv13-ALPN-NoMatch | 100 + tls/testdata/Server-TLSv13-CHACHA20-SHA256 | 100 + ...er-TLSv13-ClientAuthRequestedAndECDSAGiven | 179 ++ ...-TLSv13-ClientAuthRequestedAndEd25519Given | 149 + .../Server-TLSv13-ClientAuthRequestedAndGiven | 177 ++ .../Server-TLSv13-ClientAuthRequestedNotGiven | 104 + tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES | 96 + tls/testdata/Server-TLSv13-Ed25519 | 76 + .../Server-TLSv13-ExportKeyingMaterial | 99 + tls/testdata/Server-TLSv13-HelloRetryRequest | 123 + tls/testdata/Server-TLSv13-IssueTicket | 99 + .../Server-TLSv13-IssueTicketPreDisable | 99 + tls/testdata/Server-TLSv13-P256 | 102 + tls/testdata/Server-TLSv13-RSA-RSAPSS | 97 + .../Server-TLSv13-RSA-RSAPSS-TooSmall | 15 + tls/testdata/Server-TLSv13-Resume | 60 + .../Server-TLSv13-Resume-HelloRetryRequest | 96 + tls/testdata/Server-TLSv13-ResumeDisabled | 99 + tls/testdata/Server-TLSv13-X25519 | 98 + tls/testdata/example-cert.pem | 11 + tls/testdata/example-key.pem | 5 + tls/ticket.go | 232 +- tls/tls.go | 255 +- tls/tls_handshake.go | 464 --- tls/tls_handshake_test.go | 50 - tls/tls_heartbeat.go | 89 - tls/tls_ka.go | 172 -- tls/tls_names.go | 12 +- tls/tls_test.go | 1278 +++++++- verifier/verifier.go | 10 +- x509/cert_pool.go | 5 + x509/pkcs8.go | 86 +- x509/root.go | 31 + x509/root_darwin.go | 239 ++ x509/root_darwin_test.go | 39 + x509/root_linux.go | 23 + x509/root_unix.go | 108 + x509/root_unix_test.go | 261 ++ x509/sec1.go | 12 + x509/verify.go | 31 +- x509/x509.go | 8 +- zcrypto_schemas/zcrypto.py | 4 +- 210 files changed, 27812 insertions(+), 12643 deletions(-) create mode 100644 internal/cfg/cfg.go create mode 100644 internal/cpu/cpu.go create mode 100644 internal/cpu/cpu.s create mode 100644 internal/cpu/cpu_386.go create mode 100644 internal/cpu/cpu_amd64.go create mode 100644 internal/cpu/cpu_arm.go create mode 100644 internal/cpu/cpu_arm64.go create mode 100644 internal/cpu/cpu_arm64.s create mode 100644 internal/cpu/cpu_arm64_android.go create mode 100644 internal/cpu/cpu_arm64_darwin.go create mode 100644 internal/cpu/cpu_arm64_freebsd.go create mode 100644 internal/cpu/cpu_arm64_hwcap.go create mode 100644 internal/cpu/cpu_arm64_linux.go create mode 100644 internal/cpu/cpu_arm64_other.go create mode 100644 internal/cpu/cpu_mips.go create mode 100644 internal/cpu/cpu_mips64x.go create mode 100644 internal/cpu/cpu_mipsle.go create mode 100644 internal/cpu/cpu_no_name.go create mode 100644 internal/cpu/cpu_ppc64x.go create mode 100644 internal/cpu/cpu_ppc64x_aix.go create mode 100644 internal/cpu/cpu_ppc64x_linux.go create mode 100644 internal/cpu/cpu_riscv64.go create mode 100644 internal/cpu/cpu_s390x.go create mode 100644 internal/cpu/cpu_s390x.s create mode 100644 internal/cpu/cpu_s390x_test.go create mode 100644 internal/cpu/cpu_test.go create mode 100644 internal/cpu/cpu_wasm.go create mode 100644 internal/cpu/cpu_x86.go create mode 100644 internal/cpu/cpu_x86.s create mode 100644 internal/cpu/cpu_x86_test.go create mode 100644 internal/cpu/export_test.go create mode 100644 internal/testenv/testenv.go create mode 100644 internal/testenv/testenv_cgo.go create mode 100644 internal/testenv/testenv_notwin.go create mode 100644 internal/testenv/testenv_windows.go create mode 100644 tls/auth.go create mode 100644 tls/auth_test.go delete mode 100644 tls/cipher_suites_test.go create mode 100644 tls/common_string.go create mode 100644 tls/handshake_client_tls13.go delete mode 100644 tls/handshake_extensions.go create mode 100644 tls/handshake_server_tls13.go create mode 100644 tls/handshake_unix_test.go create mode 100644 tls/key_schedule.go create mode 100644 tls/key_schedule_test.go create mode 100644 tls/link_test.go delete mode 100644 tls/poly1305.go create mode 100644 tls/testdata/Client-TLSv10-ClientCert-Ed25519 create mode 100644 tls/testdata/Client-TLSv10-Ed25519 create mode 100644 tls/testdata/Client-TLSv10-ExportKeyingMaterial create mode 100644 tls/testdata/Client-TLSv11-Ed25519 create mode 100644 tls/testdata/Client-TLSv12-AES128-GCM-SHA256 create mode 100644 tls/testdata/Client-TLSv12-AES128-SHA256 create mode 100644 tls/testdata/Client-TLSv12-AES256-GCM-SHA384 create mode 100644 tls/testdata/Client-TLSv12-ALPN create mode 100644 tls/testdata/Client-TLSv12-ALPN-NoMatch create mode 100644 tls/testdata/Client-TLSv12-ClientCert-Ed25519 create mode 100644 tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 create mode 100644 tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 create mode 100644 tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS delete mode 100644 tls/testdata/Client-TLSv12-ClientFingerprint create mode 100644 tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 create mode 100644 tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 create mode 100644 tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 create mode 100644 tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 create mode 100644 tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 create mode 100644 tls/testdata/Client-TLSv12-Ed25519 create mode 100644 tls/testdata/Client-TLSv12-ExportKeyingMaterial create mode 100644 tls/testdata/Client-TLSv12-P256-ECDHE create mode 100644 tls/testdata/Client-TLSv12-RenegotiateOnce create mode 100644 tls/testdata/Client-TLSv12-RenegotiateTwice create mode 100644 tls/testdata/Client-TLSv12-RenegotiateTwiceRejected create mode 100644 tls/testdata/Client-TLSv12-RenegotiationRejected create mode 100644 tls/testdata/Client-TLSv12-SCT create mode 100644 tls/testdata/Client-TLSv12-X25519-ECDHE create mode 100644 tls/testdata/Client-TLSv13-AES128-SHA256 create mode 100644 tls/testdata/Client-TLSv13-AES256-SHA384 create mode 100644 tls/testdata/Client-TLSv13-ALPN create mode 100644 tls/testdata/Client-TLSv13-CHACHA20-SHA256 create mode 100644 tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA create mode 100644 tls/testdata/Client-TLSv13-ClientCert-Ed25519 create mode 100644 tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA create mode 100644 tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS create mode 100644 tls/testdata/Client-TLSv13-ECDSA create mode 100644 tls/testdata/Client-TLSv13-Ed25519 create mode 100644 tls/testdata/Client-TLSv13-ExportKeyingMaterial create mode 100644 tls/testdata/Client-TLSv13-HelloRetryRequest create mode 100644 tls/testdata/Client-TLSv13-KeyUpdate create mode 100644 tls/testdata/Client-TLSv13-P256-ECDHE create mode 100644 tls/testdata/Client-TLSv13-X25519-ECDHE delete mode 100644 tls/testdata/Server-SSLv3-RSA-3DES delete mode 100644 tls/testdata/Server-SSLv3-RSA-AES delete mode 100644 tls/testdata/Server-SSLv3-RSA-RC4 create mode 100644 tls/testdata/Server-TLSv10-ExportKeyingMaterial create mode 100644 tls/testdata/Server-TLSv11-FallbackSCSV create mode 100644 tls/testdata/Server-TLSv12-ALPN create mode 100644 tls/testdata/Server-TLSv12-ALPN-NoMatch create mode 100644 tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given create mode 100644 tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given create mode 100644 tls/testdata/Server-TLSv12-Ed25519 create mode 100644 tls/testdata/Server-TLSv12-ExportKeyingMaterial create mode 100644 tls/testdata/Server-TLSv12-P256 create mode 100644 tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 create mode 100644 tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 create mode 100644 tls/testdata/Server-TLSv12-RSA-RSAPSS create mode 100644 tls/testdata/Server-TLSv12-SNI-GetCertificate create mode 100644 tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound create mode 100644 tls/testdata/Server-TLSv12-X25519 create mode 100644 tls/testdata/Server-TLSv13-AES128-SHA256 create mode 100644 tls/testdata/Server-TLSv13-AES256-SHA384 create mode 100644 tls/testdata/Server-TLSv13-ALPN create mode 100644 tls/testdata/Server-TLSv13-ALPN-NoMatch create mode 100644 tls/testdata/Server-TLSv13-CHACHA20-SHA256 create mode 100644 tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven create mode 100644 tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given create mode 100644 tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven create mode 100644 tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven create mode 100644 tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES create mode 100644 tls/testdata/Server-TLSv13-Ed25519 create mode 100644 tls/testdata/Server-TLSv13-ExportKeyingMaterial create mode 100644 tls/testdata/Server-TLSv13-HelloRetryRequest create mode 100644 tls/testdata/Server-TLSv13-IssueTicket create mode 100644 tls/testdata/Server-TLSv13-IssueTicketPreDisable create mode 100644 tls/testdata/Server-TLSv13-P256 create mode 100644 tls/testdata/Server-TLSv13-RSA-RSAPSS create mode 100644 tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall create mode 100644 tls/testdata/Server-TLSv13-Resume create mode 100644 tls/testdata/Server-TLSv13-Resume-HelloRetryRequest create mode 100644 tls/testdata/Server-TLSv13-ResumeDisabled create mode 100644 tls/testdata/Server-TLSv13-X25519 create mode 100644 tls/testdata/example-cert.pem create mode 100644 tls/testdata/example-key.pem delete mode 100644 tls/tls_handshake_test.go delete mode 100644 tls/tls_heartbeat.go delete mode 100644 tls/tls_ka.go create mode 100644 x509/root.go create mode 100644 x509/root_darwin.go create mode 100644 x509/root_darwin_test.go create mode 100644 x509/root_linux.go create mode 100644 x509/root_unix.go create mode 100644 x509/root_unix_test.go diff --git a/go.mod b/go.mod index ab81fb6f..a9749090 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 github.com/sirupsen/logrus v1.3.0 github.com/stretchr/testify v1.4.0 - github.com/weppos/publicsuffix-go v0.15.1-0.20210607115855-ec3753e8c6e1 + github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 diff --git a/go.sum b/go.sum index 14d67e28..169a1cf1 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/weppos/publicsuffix-go v0.15.1-0.20210607115855-ec3753e8c6e1 h1:1QMSsYHQs/tq8Z/GshPwJpEP7ddhjz3+B/LujFvkNpU= -github.com/weppos/publicsuffix-go v0.15.1-0.20210607115855-ec3753e8c6e1/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= +github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb h1:oPaLW393z/0fKmyrC1rTmXbyst2hTF3uXFXgnT8CcdE= +github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 h1:kKCF7VX/wTmdg2ZjEaqlq99Bjsoiz7vH6sFniF/vI4M= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 h1:17HHAgFKlLcZsDOjBOUrd5hDihb1ggf+1a5dTbkgkIY= diff --git a/internal/cfg/cfg.go b/internal/cfg/cfg.go new file mode 100644 index 00000000..55302137 --- /dev/null +++ b/internal/cfg/cfg.go @@ -0,0 +1,65 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package cfg holds configuration shared by the Go command and internal/testenv. +// Definitions that don't need to be exposed outside of cmd/go should be in +// cmd/go/internal/cfg instead of this package. +package cfg + +// KnownEnv is a list of environment variables that affect the operation +// of the Go command. +const KnownEnv = ` + AR + CC + CGO_CFLAGS + CGO_CFLAGS_ALLOW + CGO_CFLAGS_DISALLOW + CGO_CPPFLAGS + CGO_CPPFLAGS_ALLOW + CGO_CPPFLAGS_DISALLOW + CGO_CXXFLAGS + CGO_CXXFLAGS_ALLOW + CGO_CXXFLAGS_DISALLOW + CGO_ENABLED + CGO_FFLAGS + CGO_FFLAGS_ALLOW + CGO_FFLAGS_DISALLOW + CGO_LDFLAGS + CGO_LDFLAGS_ALLOW + CGO_LDFLAGS_DISALLOW + CXX + FC + GCCGO + GO111MODULE + GO386 + GOARCH + GOARM + GOBIN + GOCACHE + GOENV + GOEXE + GOFLAGS + GOGCCFLAGS + GOHOSTARCH + GOHOSTOS + GOINSECURE + GOMIPS + GOMIPS64 + GOMODCACHE + GONOPROXY + GONOSUMDB + GOOS + GOPATH + GOPPC64 + GOPRIVATE + GOPROXY + GOROOT + GOSUMDB + GOTMPDIR + GOTOOLDIR + GOVCS + GOWASM + GO_EXTLINK_ENABLED + PKG_CONFIG +` diff --git a/internal/cpu/cpu.go b/internal/cpu/cpu.go new file mode 100644 index 00000000..dab5d068 --- /dev/null +++ b/internal/cpu/cpu.go @@ -0,0 +1,226 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package cpu implements processor feature detection +// used by the Go standard library. +package cpu + +// DebugOptions is set to true by the runtime if the OS supports reading +// GODEBUG early in runtime startup. +// This should not be changed after it is initialized. +var DebugOptions bool + +// CacheLinePad is used to pad structs to avoid false sharing. +type CacheLinePad struct{ _ [CacheLinePadSize]byte } + +// CacheLineSize is the CPU's assumed cache line size. +// There is currently no runtime detection of the real cache line size +// so we use the constant per GOARCH CacheLinePadSize as an approximation. +var CacheLineSize uintptr = CacheLinePadSize + +// The booleans in X86 contain the correspondingly named cpuid feature bit. +// HasAVX and HasAVX2 are only set if the OS does support XMM and YMM registers +// in addition to the cpuid feature bit being set. +// The struct is padded to avoid false sharing. +var X86 struct { + _ CacheLinePad + HasAES bool + HasADX bool + HasAVX bool + HasAVX2 bool + HasBMI1 bool + HasBMI2 bool + HasERMS bool + HasFMA bool + HasOSXSAVE bool + HasPCLMULQDQ bool + HasPOPCNT bool + HasSSE2 bool + HasSSE3 bool + HasSSSE3 bool + HasSSE41 bool + HasSSE42 bool + _ CacheLinePad +} + +// The booleans in ARM contain the correspondingly named cpu feature bit. +// The struct is padded to avoid false sharing. +var ARM struct { + _ CacheLinePad + HasVFPv4 bool + HasIDIVA bool + _ CacheLinePad +} + +// The booleans in ARM64 contain the correspondingly named cpu feature bit. +// The struct is padded to avoid false sharing. +var ARM64 struct { + _ CacheLinePad + HasAES bool + HasPMULL bool + HasSHA1 bool + HasSHA2 bool + HasCRC32 bool + HasATOMICS bool + HasCPUID bool + IsNeoverseN1 bool + IsZeus bool + _ CacheLinePad +} + +var MIPS64X struct { + _ CacheLinePad + HasMSA bool // MIPS SIMD architecture + _ CacheLinePad +} + +// For ppc64(le), it is safe to check only for ISA level starting on ISA v3.00, +// since there are no optional categories. There are some exceptions that also +// require kernel support to work (darn, scv), so there are feature bits for +// those as well. The minimum processor requirement is POWER8 (ISA 2.07). +// The struct is padded to avoid false sharing. +var PPC64 struct { + _ CacheLinePad + HasDARN bool // Hardware random number generator (requires kernel enablement) + HasSCV bool // Syscall vectored (requires kernel enablement) + IsPOWER8 bool // ISA v2.07 (POWER8) + IsPOWER9 bool // ISA v3.00 (POWER9) + _ CacheLinePad +} + +var S390X struct { + _ CacheLinePad + HasZARCH bool // z architecture mode is active [mandatory] + HasSTFLE bool // store facility list extended [mandatory] + HasLDISP bool // long (20-bit) displacements [mandatory] + HasEIMM bool // 32-bit immediates [mandatory] + HasDFP bool // decimal floating point + HasETF3EH bool // ETF-3 enhanced + HasMSA bool // message security assist (CPACF) + HasAES bool // KM-AES{128,192,256} functions + HasAESCBC bool // KMC-AES{128,192,256} functions + HasAESCTR bool // KMCTR-AES{128,192,256} functions + HasAESGCM bool // KMA-GCM-AES{128,192,256} functions + HasGHASH bool // KIMD-GHASH function + HasSHA1 bool // K{I,L}MD-SHA-1 functions + HasSHA256 bool // K{I,L}MD-SHA-256 functions + HasSHA512 bool // K{I,L}MD-SHA-512 functions + HasSHA3 bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions + HasVX bool // vector facility. Note: the runtime sets this when it processes auxv records. + HasVXE bool // vector-enhancements facility 1 + HasKDSA bool // elliptic curve functions + HasECDSA bool // NIST curves + HasEDDSA bool // Edwards curves + _ CacheLinePad +} + +// Initialize examines the processor and sets the relevant variables above. +// This is called by the runtime package early in program initialization, +// before normal init functions are run. env is set by runtime if the OS supports +// cpu feature options in GODEBUG. +func Initialize(env string) { + doinit() + processOptions(env) +} + +// options contains the cpu debug options that can be used in GODEBUG. +// Options are arch dependent and are added by the arch specific doinit functions. +// Features that are mandatory for the specific GOARCH should not be added to options +// (e.g. SSE2 on amd64). +var options []option + +// Option names should be lower case. e.g. avx instead of AVX. +type option struct { + Name string + Feature *bool + Specified bool // whether feature value was specified in GODEBUG + Enable bool // whether feature should be enabled + Required bool // whether feature is mandatory and can not be disabled +} + +// processOptions enables or disables CPU feature values based on the parsed env string. +// The env string is expected to be of the form cpu.feature1=value1,cpu.feature2=value2... +// where feature names is one of the architecture specific list stored in the +// cpu packages options variable and values are either 'on' or 'off'. +// If env contains cpu.all=off then all cpu features referenced through the options +// variable are disabled. Other feature names and values result in warning messages. +func processOptions(env string) { +field: + for env != "" { + field := "" + i := indexByte(env, ',') + if i < 0 { + field, env = env, "" + } else { + field, env = env[:i], env[i+1:] + } + if len(field) < 4 || field[:4] != "cpu." { + continue + } + i = indexByte(field, '=') + if i < 0 { + print("GODEBUG: no value specified for \"", field, "\"\n") + continue + } + key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on" + + var enable bool + switch value { + case "on": + enable = true + case "off": + enable = false + default: + print("GODEBUG: value \"", value, "\" not supported for cpu option \"", key, "\"\n") + continue field + } + + if key == "all" { + for i := range options { + options[i].Specified = true + options[i].Enable = enable || options[i].Required + } + continue field + } + + for i := range options { + if options[i].Name == key { + options[i].Specified = true + options[i].Enable = enable + continue field + } + } + + print("GODEBUG: unknown cpu feature \"", key, "\"\n") + } + + for _, o := range options { + if !o.Specified { + continue + } + + if o.Enable && !*o.Feature { + print("GODEBUG: can not enable \"", o.Name, "\", missing CPU support\n") + continue + } + + if !o.Enable && o.Required { + print("GODEBUG: can not disable \"", o.Name, "\", required CPU feature\n") + continue + } + + *o.Feature = o.Enable + } +} + +// indexByte returns the index of the first instance of c in s, +// or -1 if c is not present in s. +func indexByte(s string, c byte) int { + for i := 0; i < len(s); i++ { + if s[i] == c { + return i + } + } + return -1 +} diff --git a/internal/cpu/cpu.s b/internal/cpu/cpu.s new file mode 100644 index 00000000..3c770c13 --- /dev/null +++ b/internal/cpu/cpu.s @@ -0,0 +1,6 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// This assembly file exists to allow internal/cpu to call +// non-exported runtime functions that use "go:linkname". \ No newline at end of file diff --git a/internal/cpu/cpu_386.go b/internal/cpu/cpu_386.go new file mode 100644 index 00000000..561c81f8 --- /dev/null +++ b/internal/cpu/cpu_386.go @@ -0,0 +1,7 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const GOARCH = "386" diff --git a/internal/cpu/cpu_amd64.go b/internal/cpu/cpu_amd64.go new file mode 100644 index 00000000..9b001536 --- /dev/null +++ b/internal/cpu/cpu_amd64.go @@ -0,0 +1,7 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const GOARCH = "amd64" diff --git a/internal/cpu/cpu_arm.go b/internal/cpu/cpu_arm.go new file mode 100644 index 00000000..b6245268 --- /dev/null +++ b/internal/cpu/cpu_arm.go @@ -0,0 +1,34 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 32 + +// arm doesn't have a 'cpuid' equivalent, so we rely on HWCAP/HWCAP2. +// These are initialized by archauxv() and should not be changed after they are +// initialized. +var HWCap uint +var HWCap2 uint + +// HWCAP/HWCAP2 bits. These are exposed by Linux and FreeBSD. +const ( + hwcap_VFPv4 = 1 << 16 + hwcap_IDIVA = 1 << 17 +) + +func doinit() { + options = []option{ + {Name: "vfpv4", Feature: &ARM.HasVFPv4}, + {Name: "idiva", Feature: &ARM.HasIDIVA}, + } + + // HWCAP feature bits + ARM.HasVFPv4 = isSet(HWCap, hwcap_VFPv4) + ARM.HasIDIVA = isSet(HWCap, hwcap_IDIVA) +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/internal/cpu/cpu_arm64.go b/internal/cpu/cpu_arm64.go new file mode 100644 index 00000000..f64d9e4d --- /dev/null +++ b/internal/cpu/cpu_arm64.go @@ -0,0 +1,28 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 64 + +func doinit() { + options = []option{ + {Name: "aes", Feature: &ARM64.HasAES}, + {Name: "pmull", Feature: &ARM64.HasPMULL}, + {Name: "sha1", Feature: &ARM64.HasSHA1}, + {Name: "sha2", Feature: &ARM64.HasSHA2}, + {Name: "crc32", Feature: &ARM64.HasCRC32}, + {Name: "atomics", Feature: &ARM64.HasATOMICS}, + {Name: "cpuid", Feature: &ARM64.HasCPUID}, + {Name: "isNeoverseN1", Feature: &ARM64.IsNeoverseN1}, + {Name: "isZeus", Feature: &ARM64.IsZeus}, + } + + // arm64 uses different ways to detect CPU features at runtime depending on the operating system. + osInit() +} + +func getisar0() uint64 + +func getMIDR() uint64 diff --git a/internal/cpu/cpu_arm64.s b/internal/cpu/cpu_arm64.s new file mode 100644 index 00000000..d6e7f443 --- /dev/null +++ b/internal/cpu/cpu_arm64.s @@ -0,0 +1,18 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +#include "textflag.h" + +// func getisar0() uint64 +TEXT ·getisar0(SB),NOSPLIT,$0 + // get Instruction Set Attributes 0 into R0 + MRS ID_AA64ISAR0_EL1, R0 + MOVD R0, ret+0(FP) + RET + +// func getMIDR() uint64 +TEXT ·getMIDR(SB), NOSPLIT, $0-8 + MRS MIDR_EL1, R0 + MOVD R0, ret+0(FP) + RET diff --git a/internal/cpu/cpu_arm64_android.go b/internal/cpu/cpu_arm64_android.go new file mode 100644 index 00000000..3c9e57c5 --- /dev/null +++ b/internal/cpu/cpu_arm64_android.go @@ -0,0 +1,11 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 + +package cpu + +func osInit() { + hwcapInit("android") +} diff --git a/internal/cpu/cpu_arm64_darwin.go b/internal/cpu/cpu_arm64_darwin.go new file mode 100644 index 00000000..e094b97f --- /dev/null +++ b/internal/cpu/cpu_arm64_darwin.go @@ -0,0 +1,34 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 +// +build darwin +// +build !ios + +package cpu + +func osInit() { + ARM64.HasATOMICS = sysctlEnabled([]byte("hw.optional.armv8_1_atomics\x00")) + ARM64.HasCRC32 = sysctlEnabled([]byte("hw.optional.armv8_crc32\x00")) + + // There are no hw.optional sysctl values for the below features on Mac OS 11.0 + // to detect their supported state dynamically. Assume the CPU features that + // Apple Silicon M1 supports to be available as a minimal set of features + // to all Go programs running on darwin/arm64. + ARM64.HasAES = true + ARM64.HasPMULL = true + ARM64.HasSHA1 = true + ARM64.HasSHA2 = true +} + +//go:noescape +func getsysctlbyname(name []byte) (int32, int32) + +func sysctlEnabled(name []byte) bool { + ret, value := getsysctlbyname(name) + if ret < 0 { + return false + } + return value > 0 +} diff --git a/internal/cpu/cpu_arm64_freebsd.go b/internal/cpu/cpu_arm64_freebsd.go new file mode 100644 index 00000000..9de2005c --- /dev/null +++ b/internal/cpu/cpu_arm64_freebsd.go @@ -0,0 +1,45 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 + +package cpu + +func osInit() { + // Retrieve info from system register ID_AA64ISAR0_EL1. + isar0 := getisar0() + + // ID_AA64ISAR0_EL1 + switch extractBits(isar0, 4, 7) { + case 1: + ARM64.HasAES = true + case 2: + ARM64.HasAES = true + ARM64.HasPMULL = true + } + + switch extractBits(isar0, 8, 11) { + case 1: + ARM64.HasSHA1 = true + } + + switch extractBits(isar0, 12, 15) { + case 1, 2: + ARM64.HasSHA2 = true + } + + switch extractBits(isar0, 16, 19) { + case 1: + ARM64.HasCRC32 = true + } + + switch extractBits(isar0, 20, 23) { + case 2: + ARM64.HasATOMICS = true + } +} + +func extractBits(data uint64, start, end uint) uint { + return (uint)(data>>start) & ((1 << (end - start + 1)) - 1) +} diff --git a/internal/cpu/cpu_arm64_hwcap.go b/internal/cpu/cpu_arm64_hwcap.go new file mode 100644 index 00000000..fdaf43e1 --- /dev/null +++ b/internal/cpu/cpu_arm64_hwcap.go @@ -0,0 +1,63 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 +// +build linux + +package cpu + +// HWCap may be initialized by archauxv and +// should not be changed after it was initialized. +var HWCap uint + +// HWCAP bits. These are exposed by Linux. +const ( + hwcap_AES = 1 << 3 + hwcap_PMULL = 1 << 4 + hwcap_SHA1 = 1 << 5 + hwcap_SHA2 = 1 << 6 + hwcap_CRC32 = 1 << 7 + hwcap_ATOMICS = 1 << 8 + hwcap_CPUID = 1 << 11 +) + +func hwcapInit(os string) { + // HWCap was populated by the runtime from the auxiliary vector. + // Use HWCap information since reading aarch64 system registers + // is not supported in user space on older linux kernels. + ARM64.HasAES = isSet(HWCap, hwcap_AES) + ARM64.HasPMULL = isSet(HWCap, hwcap_PMULL) + ARM64.HasSHA1 = isSet(HWCap, hwcap_SHA1) + ARM64.HasSHA2 = isSet(HWCap, hwcap_SHA2) + ARM64.HasCRC32 = isSet(HWCap, hwcap_CRC32) + ARM64.HasCPUID = isSet(HWCap, hwcap_CPUID) + + // The Samsung S9+ kernel reports support for atomics, but not all cores + // actually support them, resulting in SIGILL. See issue #28431. + // TODO(elias.naur): Only disable the optimization on bad chipsets on android. + ARM64.HasATOMICS = isSet(HWCap, hwcap_ATOMICS) && os != "android" + + // Check to see if executing on a NeoverseN1 and in order to do that, + // check the AUXV for the CPUID bit. The getMIDR function executes an + // instruction which would normally be an illegal instruction, but it's + // trapped by the kernel, the value sanitized and then returned. Without + // the CPUID bit the kernel will not trap the instruction and the process + // will be terminated with SIGILL. + if ARM64.HasCPUID { + midr := getMIDR() + part_num := uint16((midr >> 4) & 0xfff) + implementor := byte((midr >> 24) & 0xff) + + if implementor == 'A' && part_num == 0xd0c { + ARM64.IsNeoverseN1 = true + } + if implementor == 'A' && part_num == 0xd40 { + ARM64.IsZeus = true + } + } +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/internal/cpu/cpu_arm64_linux.go b/internal/cpu/cpu_arm64_linux.go new file mode 100644 index 00000000..2f7411ff --- /dev/null +++ b/internal/cpu/cpu_arm64_linux.go @@ -0,0 +1,13 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 +// +build linux +// +build !android + +package cpu + +func osInit() { + hwcapInit("linux") +} diff --git a/internal/cpu/cpu_arm64_other.go b/internal/cpu/cpu_arm64_other.go new file mode 100644 index 00000000..f191db28 --- /dev/null +++ b/internal/cpu/cpu_arm64_other.go @@ -0,0 +1,17 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build arm64 +// +build !linux +// +build !freebsd +// +build !android +// +build !darwin ios + +package cpu + +func osInit() { + // Other operating systems do not support reading HWCap from auxiliary vector, + // reading privileged aarch64 system registers or sysctl in user space to detect + // CPU features at runtime. +} diff --git a/internal/cpu/cpu_mips.go b/internal/cpu/cpu_mips.go new file mode 100644 index 00000000..14a9c975 --- /dev/null +++ b/internal/cpu/cpu_mips.go @@ -0,0 +1,10 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 32 + +func doinit() { +} diff --git a/internal/cpu/cpu_mips64x.go b/internal/cpu/cpu_mips64x.go new file mode 100644 index 00000000..0c4794a7 --- /dev/null +++ b/internal/cpu/cpu_mips64x.go @@ -0,0 +1,32 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build mips64 mips64le + +package cpu + +const CacheLinePadSize = 32 + +// This is initialized by archauxv and should not be changed after it is +// initialized. +var HWCap uint + +// HWCAP bits. These are exposed by the Linux kernel 5.4. +const ( + // CPU features + hwcap_MIPS_MSA = 1 << 1 +) + +func doinit() { + options = []option{ + {Name: "msa", Feature: &MIPS64X.HasMSA}, + } + + // HWCAP feature bits + MIPS64X.HasMSA = isSet(HWCap, hwcap_MIPS_MSA) +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/internal/cpu/cpu_mipsle.go b/internal/cpu/cpu_mipsle.go new file mode 100644 index 00000000..14a9c975 --- /dev/null +++ b/internal/cpu/cpu_mipsle.go @@ -0,0 +1,10 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 32 + +func doinit() { +} diff --git a/internal/cpu/cpu_no_name.go b/internal/cpu/cpu_no_name.go new file mode 100644 index 00000000..ce1c37a3 --- /dev/null +++ b/internal/cpu/cpu_no_name.go @@ -0,0 +1,19 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !386 +// +build !amd64 + +package cpu + +// Name returns the CPU name given by the vendor +// if it can be read directly from memory or by CPU instructions. +// If the CPU name can not be determined an empty string is returned. +// +// Implementations that use the Operating System (e.g. sysctl or /sys/) +// to gather CPU information for display should be placed in internal/sysinfo. +func Name() string { + // "A CPU has no name". + return "" +} diff --git a/internal/cpu/cpu_ppc64x.go b/internal/cpu/cpu_ppc64x.go new file mode 100644 index 00000000..beb17654 --- /dev/null +++ b/internal/cpu/cpu_ppc64x.go @@ -0,0 +1,23 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build ppc64 ppc64le + +package cpu + +const CacheLinePadSize = 128 + +func doinit() { + options = []option{ + {Name: "darn", Feature: &PPC64.HasDARN}, + {Name: "scv", Feature: &PPC64.HasSCV}, + {Name: "power9", Feature: &PPC64.IsPOWER9}, + } + + osinit() +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/internal/cpu/cpu_ppc64x_aix.go b/internal/cpu/cpu_ppc64x_aix.go new file mode 100644 index 00000000..b840b823 --- /dev/null +++ b/internal/cpu/cpu_ppc64x_aix.go @@ -0,0 +1,21 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build ppc64 ppc64le + +package cpu + +const ( + // getsystemcfg constants + _SC_IMPL = 2 + _IMPL_POWER9 = 0x20000 +) + +func osinit() { + impl := getsystemcfg(_SC_IMPL) + PPC64.IsPOWER9 = isSet(impl, _IMPL_POWER9) +} + +// getsystemcfg is defined in runtime/os2_aix.go +func getsystemcfg(label uint) uint diff --git a/internal/cpu/cpu_ppc64x_linux.go b/internal/cpu/cpu_ppc64x_linux.go new file mode 100644 index 00000000..73b19143 --- /dev/null +++ b/internal/cpu/cpu_ppc64x_linux.go @@ -0,0 +1,29 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build ppc64 ppc64le + +package cpu + +// ppc64 doesn't have a 'cpuid' equivalent, so we rely on HWCAP/HWCAP2. +// These are initialized by archauxv and should not be changed after they are +// initialized. +var HWCap uint +var HWCap2 uint + +// HWCAP bits. These are exposed by Linux. +const ( + // ISA Level + hwcap2_ARCH_3_00 = 0x00800000 + + // CPU features + hwcap2_DARN = 0x00200000 + hwcap2_SCV = 0x00100000 +) + +func osinit() { + PPC64.IsPOWER9 = isSet(HWCap2, hwcap2_ARCH_3_00) + PPC64.HasDARN = isSet(HWCap2, hwcap2_DARN) + PPC64.HasSCV = isSet(HWCap2, hwcap2_SCV) +} diff --git a/internal/cpu/cpu_riscv64.go b/internal/cpu/cpu_riscv64.go new file mode 100644 index 00000000..54b8c337 --- /dev/null +++ b/internal/cpu/cpu_riscv64.go @@ -0,0 +1,10 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 32 + +func doinit() { +} diff --git a/internal/cpu/cpu_s390x.go b/internal/cpu/cpu_s390x.go new file mode 100644 index 00000000..45d8ed27 --- /dev/null +++ b/internal/cpu/cpu_s390x.go @@ -0,0 +1,205 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 256 + +var HWCap uint + +// bitIsSet reports whether the bit at index is set. The bit index +// is in big endian order, so bit index 0 is the leftmost bit. +func bitIsSet(bits []uint64, index uint) bool { + return bits[index/64]&((1<<63)>>(index%64)) != 0 +} + +// function is the function code for the named function. +type function uint8 + +const ( + // KM{,A,C,CTR} function codes + aes128 function = 18 // AES-128 + aes192 function = 19 // AES-192 + aes256 function = 20 // AES-256 + + // K{I,L}MD function codes + sha1 function = 1 // SHA-1 + sha256 function = 2 // SHA-256 + sha512 function = 3 // SHA-512 + sha3_224 function = 32 // SHA3-224 + sha3_256 function = 33 // SHA3-256 + sha3_384 function = 34 // SHA3-384 + sha3_512 function = 35 // SHA3-512 + shake128 function = 36 // SHAKE-128 + shake256 function = 37 // SHAKE-256 + + // KLMD function codes + ghash function = 65 // GHASH +) + +const ( + // KDSA function codes + ecdsaVerifyP256 function = 1 // NIST P256 + ecdsaVerifyP384 function = 2 // NIST P384 + ecdsaVerifyP521 function = 3 // NIST P521 + ecdsaSignP256 function = 9 // NIST P256 + ecdsaSignP384 function = 10 // NIST P384 + ecdsaSignP521 function = 11 // NIST P521 + eddsaVerifyEd25519 function = 32 // Curve25519 + eddsaVerifyEd448 function = 36 // Curve448 + eddsaSignEd25519 function = 40 // Curve25519 + eddsaSignEd448 function = 44 // Curve448 +) + +// queryResult contains the result of a Query function +// call. Bits are numbered in big endian order so the +// leftmost bit (the MSB) is at index 0. +type queryResult struct { + bits [2]uint64 +} + +// Has reports whether the given functions are present. +func (q *queryResult) Has(fns ...function) bool { + if len(fns) == 0 { + panic("no function codes provided") + } + for _, f := range fns { + if !bitIsSet(q.bits[:], uint(f)) { + return false + } + } + return true +} + +// facility is a bit index for the named facility. +type facility uint8 + +const ( + // mandatory facilities + zarch facility = 1 // z architecture mode is active + stflef facility = 7 // store-facility-list-extended + ldisp facility = 18 // long-displacement + eimm facility = 21 // extended-immediate + + // miscellaneous facilities + dfp facility = 42 // decimal-floating-point + etf3eh facility = 30 // extended-translation 3 enhancement + + // cryptography facilities + msa facility = 17 // message-security-assist + msa3 facility = 76 // message-security-assist extension 3 + msa4 facility = 77 // message-security-assist extension 4 + msa5 facility = 57 // message-security-assist extension 5 + msa8 facility = 146 // message-security-assist extension 8 + msa9 facility = 155 // message-security-assist extension 9 + + // vector facilities + vxe facility = 135 // vector-enhancements 1 + + // Note: vx requires kernel support + // and so must be fetched from HWCAP. + + hwcap_VX = 1 << 11 // vector facility +) + +// facilityList contains the result of an STFLE call. +// Bits are numbered in big endian order so the +// leftmost bit (the MSB) is at index 0. +type facilityList struct { + bits [4]uint64 +} + +// Has reports whether the given facilities are present. +func (s *facilityList) Has(fs ...facility) bool { + if len(fs) == 0 { + panic("no facility bits provided") + } + for _, f := range fs { + if !bitIsSet(s.bits[:], uint(f)) { + return false + } + } + return true +} + +// The following feature detection functions are defined in cpu_s390x.s. +// They are likely to be expensive to call so the results should be cached. +func stfle() facilityList +func kmQuery() queryResult +func kmcQuery() queryResult +func kmctrQuery() queryResult +func kmaQuery() queryResult +func kimdQuery() queryResult +func klmdQuery() queryResult +func kdsaQuery() queryResult + +func doinit() { + options = []option{ + {Name: "zarch", Feature: &S390X.HasZARCH}, + {Name: "stfle", Feature: &S390X.HasSTFLE}, + {Name: "ldisp", Feature: &S390X.HasLDISP}, + {Name: "msa", Feature: &S390X.HasMSA}, + {Name: "eimm", Feature: &S390X.HasEIMM}, + {Name: "dfp", Feature: &S390X.HasDFP}, + {Name: "etf3eh", Feature: &S390X.HasETF3EH}, + {Name: "vx", Feature: &S390X.HasVX}, + {Name: "vxe", Feature: &S390X.HasVXE}, + {Name: "kdsa", Feature: &S390X.HasKDSA}, + } + + aes := []function{aes128, aes192, aes256} + facilities := stfle() + + S390X.HasZARCH = facilities.Has(zarch) + S390X.HasSTFLE = facilities.Has(stflef) + S390X.HasLDISP = facilities.Has(ldisp) + S390X.HasEIMM = facilities.Has(eimm) + S390X.HasDFP = facilities.Has(dfp) + S390X.HasETF3EH = facilities.Has(etf3eh) + S390X.HasMSA = facilities.Has(msa) + + if S390X.HasMSA { + // cipher message + km, kmc := kmQuery(), kmcQuery() + S390X.HasAES = km.Has(aes...) + S390X.HasAESCBC = kmc.Has(aes...) + if facilities.Has(msa4) { + kmctr := kmctrQuery() + S390X.HasAESCTR = kmctr.Has(aes...) + } + if facilities.Has(msa8) { + kma := kmaQuery() + S390X.HasAESGCM = kma.Has(aes...) + } + + // compute message digest + kimd := kimdQuery() // intermediate (no padding) + klmd := klmdQuery() // last (padding) + S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1) + S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256) + S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512) + S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist + sha3 := []function{ + sha3_224, sha3_256, sha3_384, sha3_512, + shake128, shake256, + } + S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...) + S390X.HasKDSA = facilities.Has(msa9) // elliptic curves + if S390X.HasKDSA { + kdsa := kdsaQuery() + S390X.HasECDSA = kdsa.Has(ecdsaVerifyP256, ecdsaSignP256, ecdsaVerifyP384, ecdsaSignP384, ecdsaVerifyP521, ecdsaSignP521) + S390X.HasEDDSA = kdsa.Has(eddsaVerifyEd25519, eddsaSignEd25519, eddsaVerifyEd448, eddsaSignEd448) + } + } + + S390X.HasVX = isSet(HWCap, hwcap_VX) + + if S390X.HasVX { + S390X.HasVXE = facilities.Has(vxe) + } +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/internal/cpu/cpu_s390x.s b/internal/cpu/cpu_s390x.s new file mode 100644 index 00000000..a1243aa4 --- /dev/null +++ b/internal/cpu/cpu_s390x.s @@ -0,0 +1,63 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +#include "textflag.h" + +// func stfle() facilityList +TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32 + MOVD $ret+0(FP), R1 + MOVD $3, R0 // last doubleword index to store + XC $32, (R1), (R1) // clear 4 doublewords (32 bytes) + WORD $0xb2b01000 // store facility list extended (STFLE) + RET + +// func kmQuery() queryResult +TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KM-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB92E0024 // cipher message (KM) + RET + +// func kmcQuery() queryResult +TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KMC-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB92F0024 // cipher message with chaining (KMC) + RET + +// func kmctrQuery() queryResult +TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KMCTR-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB92D4024 // cipher message with counter (KMCTR) + RET + +// func kmaQuery() queryResult +TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KMA-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xb9296024 // cipher message with authentication (KMA) + RET + +// func kimdQuery() queryResult +TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KIMD-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB93E0024 // compute intermediate message digest (KIMD) + RET + +// func klmdQuery() queryResult +TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KLMD-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB93F0024 // compute last message digest (KLMD) + RET + +// func kdsaQuery() queryResult +TEXT ·kdsaQuery(SB), NOSPLIT|NOFRAME, $0-16 + MOVD $0, R0 // set function code to 0 (KLMD-Query) + MOVD $ret+0(FP), R1 // address of 16-byte return value + WORD $0xB93A0008 // compute digital signature authentication + RET + diff --git a/internal/cpu/cpu_s390x_test.go b/internal/cpu/cpu_s390x_test.go new file mode 100644 index 00000000..ad86858d --- /dev/null +++ b/internal/cpu/cpu_s390x_test.go @@ -0,0 +1,63 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu_test + +import ( + "errors" + . "internal/cpu" + "os" + "regexp" + "testing" +) + +func getFeatureList() ([]string, error) { + cpuinfo, err := os.ReadFile("/proc/cpuinfo") + if err != nil { + return nil, err + } + r := regexp.MustCompile("features\\s*:\\s*(.*)") + b := r.FindSubmatch(cpuinfo) + if len(b) < 2 { + return nil, errors.New("no feature list in /proc/cpuinfo") + } + return regexp.MustCompile("\\s+").Split(string(b[1]), -1), nil +} + +func TestS390XAgainstCPUInfo(t *testing.T) { + // mapping of linux feature strings to S390X fields + mapping := make(map[string]*bool) + for _, option := range Options { + mapping[option.Name] = option.Feature + } + + // these must be true on the machines Go supports + mandatory := make(map[string]bool) + mandatory["zarch"] = false + mandatory["eimm"] = false + mandatory["ldisp"] = false + mandatory["stfle"] = false + + features, err := getFeatureList() + if err != nil { + t.Error(err) + } + for _, feature := range features { + if _, ok := mandatory[feature]; ok { + mandatory[feature] = true + } + if flag, ok := mapping[feature]; ok { + if !*flag { + t.Errorf("feature '%v' not detected", feature) + } + } else { + t.Logf("no entry for '%v'", feature) + } + } + for k, v := range mandatory { + if !v { + t.Errorf("mandatory feature '%v' not detected", k) + } + } +} diff --git a/internal/cpu/cpu_test.go b/internal/cpu/cpu_test.go new file mode 100644 index 00000000..a156a7b6 --- /dev/null +++ b/internal/cpu/cpu_test.go @@ -0,0 +1,84 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu_test + +import ( + "os" + "os/exec" + "runtime" + "strings" + "testing" + + . "github.com/zmap/zcrypto/internal/cpu" + "github.com/zmap/zcrypto/internal/testenv" +) + +func TestMinimalFeatures(t *testing.T) { + // TODO: maybe do MustSupportFeatureDectection(t) ? + if runtime.GOARCH == "arm64" { + switch runtime.GOOS { + case "linux", "android", "darwin": + default: + t.Skipf("%s/%s is not supported", runtime.GOOS, runtime.GOARCH) + } + } + + for _, o := range Options { + if o.Required && !*o.Feature { + t.Errorf("%v expected true, got false", o.Name) + } + } +} + +func MustHaveDebugOptionsSupport(t *testing.T) { + if !DebugOptions { + t.Skipf("skipping test: cpu feature options not supported by OS") + } +} + +func MustSupportFeatureDectection(t *testing.T) { + // TODO: add platforms that do not have CPU feature detection support. +} + +func runDebugOptionsTest(t *testing.T, test string, options string) { + MustHaveDebugOptionsSupport(t) + + testenv.MustHaveExec(t) + + env := "GODEBUG=" + options + + cmd := exec.Command(os.Args[0], "-test.run="+test) + cmd.Env = append(cmd.Env, env) + + output, err := cmd.CombinedOutput() + lines := strings.Fields(string(output)) + lastline := lines[len(lines)-1] + + got := strings.TrimSpace(lastline) + want := "PASS" + if err != nil || got != want { + t.Fatalf("%s with %s: want %s, got %v", test, env, want, got) + } +} + +func TestDisableAllCapabilities(t *testing.T) { + MustSupportFeatureDectection(t) + runDebugOptionsTest(t, "TestAllCapabilitiesDisabled", "cpu.all=off") +} + +func TestAllCapabilitiesDisabled(t *testing.T) { + MustHaveDebugOptionsSupport(t) + + if os.Getenv("GODEBUG") != "cpu.all=off" { + t.Skipf("skipping test: GODEBUG=cpu.all=off not set") + } + + for _, o := range Options { + want := o.Required + if got := *o.Feature; got != want { + t.Errorf("%v: expected %v, got %v", o.Name, want, got) + } + } +} diff --git a/internal/cpu/cpu_wasm.go b/internal/cpu/cpu_wasm.go new file mode 100644 index 00000000..2310ad6a --- /dev/null +++ b/internal/cpu/cpu_wasm.go @@ -0,0 +1,10 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +const CacheLinePadSize = 64 + +func doinit() { +} diff --git a/internal/cpu/cpu_x86.go b/internal/cpu/cpu_x86.go new file mode 100644 index 00000000..ba6bf690 --- /dev/null +++ b/internal/cpu/cpu_x86.go @@ -0,0 +1,163 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build 386 amd64 + +package cpu + +const CacheLinePadSize = 64 + +// cpuid is implemented in cpu_x86.s. +func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) + +// xgetbv with ecx = 0 is implemented in cpu_x86.s. +func xgetbv() (eax, edx uint32) + +const ( + // edx bits + cpuid_SSE2 = 1 << 26 + + // ecx bits + cpuid_SSE3 = 1 << 0 + cpuid_PCLMULQDQ = 1 << 1 + cpuid_SSSE3 = 1 << 9 + cpuid_FMA = 1 << 12 + cpuid_SSE41 = 1 << 19 + cpuid_SSE42 = 1 << 20 + cpuid_POPCNT = 1 << 23 + cpuid_AES = 1 << 25 + cpuid_OSXSAVE = 1 << 27 + cpuid_AVX = 1 << 28 + + // ebx bits + cpuid_BMI1 = 1 << 3 + cpuid_AVX2 = 1 << 5 + cpuid_BMI2 = 1 << 8 + cpuid_ERMS = 1 << 9 + cpuid_ADX = 1 << 19 +) + +var maxExtendedFunctionInformation uint32 + +func doinit() { + options = []option{ + {Name: "adx", Feature: &X86.HasADX}, + {Name: "aes", Feature: &X86.HasAES}, + {Name: "avx", Feature: &X86.HasAVX}, + {Name: "avx2", Feature: &X86.HasAVX2}, + {Name: "bmi1", Feature: &X86.HasBMI1}, + {Name: "bmi2", Feature: &X86.HasBMI2}, + {Name: "erms", Feature: &X86.HasERMS}, + {Name: "fma", Feature: &X86.HasFMA}, + {Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ}, + {Name: "popcnt", Feature: &X86.HasPOPCNT}, + {Name: "sse3", Feature: &X86.HasSSE3}, + {Name: "sse41", Feature: &X86.HasSSE41}, + {Name: "sse42", Feature: &X86.HasSSE42}, + {Name: "ssse3", Feature: &X86.HasSSSE3}, + + // These capabilities should always be enabled on amd64: + {Name: "sse2", Feature: &X86.HasSSE2, Required: GOARCH == "amd64"}, + } + + maxID, _, _, _ := cpuid(0, 0) + + if maxID < 1 { + return + } + + maxExtendedFunctionInformation, _, _, _ = cpuid(0x80000000, 0) + + _, _, ecx1, edx1 := cpuid(1, 0) + X86.HasSSE2 = isSet(edx1, cpuid_SSE2) + + X86.HasSSE3 = isSet(ecx1, cpuid_SSE3) + X86.HasPCLMULQDQ = isSet(ecx1, cpuid_PCLMULQDQ) + X86.HasSSSE3 = isSet(ecx1, cpuid_SSSE3) + X86.HasSSE41 = isSet(ecx1, cpuid_SSE41) + X86.HasSSE42 = isSet(ecx1, cpuid_SSE42) + X86.HasPOPCNT = isSet(ecx1, cpuid_POPCNT) + X86.HasAES = isSet(ecx1, cpuid_AES) + + // OSXSAVE can be false when using older Operating Systems + // or when explicitly disabled on newer Operating Systems by + // e.g. setting the xsavedisable boot option on Windows 10. + X86.HasOSXSAVE = isSet(ecx1, cpuid_OSXSAVE) + + // The FMA instruction set extension only has VEX prefixed instructions. + // VEX prefixed instructions require OSXSAVE to be enabled. + // See Intel 64 and IA-32 Architecture Software Developer’s Manual Volume 2 + // Section 2.4 "AVX and SSE Instruction Exception Specification" + X86.HasFMA = isSet(ecx1, cpuid_FMA) && X86.HasOSXSAVE + + osSupportsAVX := false + // For XGETBV, OSXSAVE bit is required and sufficient. + if X86.HasOSXSAVE { + eax, _ := xgetbv() + // Check if XMM and YMM registers have OS support. + osSupportsAVX = isSet(eax, 1<<1) && isSet(eax, 1<<2) + } + + X86.HasAVX = isSet(ecx1, cpuid_AVX) && osSupportsAVX + + if maxID < 7 { + return + } + + _, ebx7, _, _ := cpuid(7, 0) + X86.HasBMI1 = isSet(ebx7, cpuid_BMI1) + X86.HasAVX2 = isSet(ebx7, cpuid_AVX2) && osSupportsAVX + X86.HasBMI2 = isSet(ebx7, cpuid_BMI2) + X86.HasERMS = isSet(ebx7, cpuid_ERMS) + X86.HasADX = isSet(ebx7, cpuid_ADX) +} + +func isSet(hwc uint32, value uint32) bool { + return hwc&value != 0 +} + +// Name returns the CPU name given by the vendor. +// If the CPU name can not be determined an +// empty string is returned. +func Name() string { + if maxExtendedFunctionInformation < 0x80000004 { + return "" + } + + data := make([]byte, 0, 3*4*4) + + var eax, ebx, ecx, edx uint32 + eax, ebx, ecx, edx = cpuid(0x80000002, 0) + data = appendBytes(data, eax, ebx, ecx, edx) + eax, ebx, ecx, edx = cpuid(0x80000003, 0) + data = appendBytes(data, eax, ebx, ecx, edx) + eax, ebx, ecx, edx = cpuid(0x80000004, 0) + data = appendBytes(data, eax, ebx, ecx, edx) + + // Trim leading spaces. + for len(data) > 0 && data[0] == ' ' { + data = data[1:] + } + + // Trim tail after and including the first null byte. + for i, c := range data { + if c == '\x00' { + data = data[:i] + break + } + } + + return string(data) +} + +func appendBytes(b []byte, args ...uint32) []byte { + for _, arg := range args { + b = append(b, + byte((arg >> 0)), + byte((arg >> 8)), + byte((arg >> 16)), + byte((arg >> 24))) + } + return b +} diff --git a/internal/cpu/cpu_x86.s b/internal/cpu/cpu_x86.s new file mode 100644 index 00000000..93c712d7 --- /dev/null +++ b/internal/cpu/cpu_x86.s @@ -0,0 +1,26 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build 386 amd64 + +#include "textflag.h" + +// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) +TEXT ·cpuid(SB), NOSPLIT, $0-24 + MOVL eaxArg+0(FP), AX + MOVL ecxArg+4(FP), CX + CPUID + MOVL AX, eax+8(FP) + MOVL BX, ebx+12(FP) + MOVL CX, ecx+16(FP) + MOVL DX, edx+20(FP) + RET + +// func xgetbv() (eax, edx uint32) +TEXT ·xgetbv(SB),NOSPLIT,$0-8 + MOVL $0, CX + XGETBV + MOVL AX, eax+0(FP) + MOVL DX, edx+4(FP) + RET diff --git a/internal/cpu/cpu_x86_test.go b/internal/cpu/cpu_x86_test.go new file mode 100644 index 00000000..52d4310b --- /dev/null +++ b/internal/cpu/cpu_x86_test.go @@ -0,0 +1,55 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build 386 amd64 + +package cpu_test + +import ( + "os" + "runtime" + "testing" + + . "github.com/zmap/zcrypto/internal/cpu" +) + +func TestX86ifAVX2hasAVX(t *testing.T) { + if X86.HasAVX2 && !X86.HasAVX { + t.Fatalf("HasAVX expected true when HasAVX2 is true, got false") + } +} + +func TestDisableSSE2(t *testing.T) { + runDebugOptionsTest(t, "TestSSE2DebugOption", "cpu.sse2=off") +} + +func TestSSE2DebugOption(t *testing.T) { + MustHaveDebugOptionsSupport(t) + + if os.Getenv("GODEBUG") != "cpu.sse2=off" { + t.Skipf("skipping test: GODEBUG=cpu.sse2=off not set") + } + + want := runtime.GOARCH != "386" // SSE2 can only be disabled on 386. + if got := X86.HasSSE2; got != want { + t.Errorf("X86.HasSSE2 on %s expected %v, got %v", runtime.GOARCH, want, got) + } +} + +func TestDisableSSE3(t *testing.T) { + runDebugOptionsTest(t, "TestSSE3DebugOption", "cpu.sse3=off") +} + +func TestSSE3DebugOption(t *testing.T) { + MustHaveDebugOptionsSupport(t) + + if os.Getenv("GODEBUG") != "cpu.sse3=off" { + t.Skipf("skipping test: GODEBUG=cpu.sse3=off not set") + } + + want := false + if got := X86.HasSSE3; got != want { + t.Errorf("X86.HasSSE3 expected %v, got %v", want, got) + } +} diff --git a/internal/cpu/export_test.go b/internal/cpu/export_test.go new file mode 100644 index 00000000..91bfc1bb --- /dev/null +++ b/internal/cpu/export_test.go @@ -0,0 +1,9 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +var ( + Options = options +) diff --git a/internal/testenv/testenv.go b/internal/testenv/testenv.go new file mode 100644 index 00000000..d6a2e8b0 --- /dev/null +++ b/internal/testenv/testenv.go @@ -0,0 +1,309 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package testenv provides information about what functionality +// is available in different testing environments run by the Go team. +// +// It is an internal package because these details are specific +// to the Go team's test setup (on build.golang.org) and not +// fundamental to tests in general. +package testenv + +import ( + "errors" + "flag" + "os" + "os/exec" + "path/filepath" + "runtime" + "strconv" + "strings" + "sync" + "testing" + + "github.com/zmap/zcrypto/internal/cfg" +) + +// Builder reports the name of the builder running this test +// (for example, "linux-amd64" or "windows-386-gce"). +// If the test is not running on the build infrastructure, +// Builder returns the empty string. +func Builder() string { + return os.Getenv("GO_BUILDER_NAME") +} + +// HasGoBuild reports whether the current system can build programs with ``go build'' +// and then run them with os.StartProcess or exec.Command. +func HasGoBuild() bool { + if os.Getenv("GO_GCFLAGS") != "" { + // It's too much work to require every caller of the go command + // to pass along "-gcflags="+os.Getenv("GO_GCFLAGS"). + // For now, if $GO_GCFLAGS is set, report that we simply can't + // run go build. + return false + } + switch runtime.GOOS { + case "android", "js", "ios": + return false + } + return true +} + +// MustHaveGoBuild checks that the current system can build programs with ``go build'' +// and then run them with os.StartProcess or exec.Command. +// If not, MustHaveGoBuild calls t.Skip with an explanation. +func MustHaveGoBuild(t testing.TB) { + if os.Getenv("GO_GCFLAGS") != "" { + t.Skipf("skipping test: 'go build' not compatible with setting $GO_GCFLAGS") + } + if !HasGoBuild() { + t.Skipf("skipping test: 'go build' not available on %s/%s", runtime.GOOS, runtime.GOARCH) + } +} + +// HasGoRun reports whether the current system can run programs with ``go run.'' +func HasGoRun() bool { + // For now, having go run and having go build are the same. + return HasGoBuild() +} + +// MustHaveGoRun checks that the current system can run programs with ``go run.'' +// If not, MustHaveGoRun calls t.Skip with an explanation. +func MustHaveGoRun(t testing.TB) { + if !HasGoRun() { + t.Skipf("skipping test: 'go run' not available on %s/%s", runtime.GOOS, runtime.GOARCH) + } +} + +// GoToolPath reports the path to the Go tool. +// It is a convenience wrapper around GoTool. +// If the tool is unavailable GoToolPath calls t.Skip. +// If the tool should be available and isn't, GoToolPath calls t.Fatal. +func GoToolPath(t testing.TB) string { + MustHaveGoBuild(t) + path, err := GoTool() + if err != nil { + t.Fatal(err) + } + // Add all environment variables that affect the Go command to test metadata. + // Cached test results will be invalidate when these variables change. + // See golang.org/issue/32285. + for _, envVar := range strings.Fields(cfg.KnownEnv) { + os.Getenv(envVar) + } + return path +} + +// GoTool reports the path to the Go tool. +func GoTool() (string, error) { + if !HasGoBuild() { + return "", errors.New("platform cannot run go tool") + } + var exeSuffix string + if runtime.GOOS == "windows" { + exeSuffix = ".exe" + } + path := filepath.Join(runtime.GOROOT(), "bin", "go"+exeSuffix) + if _, err := os.Stat(path); err == nil { + return path, nil + } + goBin, err := exec.LookPath("go" + exeSuffix) + if err != nil { + return "", errors.New("cannot find go tool: " + err.Error()) + } + return goBin, nil +} + +// HasExec reports whether the current system can start new processes +// using os.StartProcess or (more commonly) exec.Command. +func HasExec() bool { + switch runtime.GOOS { + case "js", "ios": + return false + } + return true +} + +// HasSrc reports whether the entire source tree is available under GOROOT. +func HasSrc() bool { + switch runtime.GOOS { + case "ios": + return false + } + return true +} + +// MustHaveExec checks that the current system can start new processes +// using os.StartProcess or (more commonly) exec.Command. +// If not, MustHaveExec calls t.Skip with an explanation. +func MustHaveExec(t testing.TB) { + if !HasExec() { + t.Skipf("skipping test: cannot exec subprocess on %s/%s", runtime.GOOS, runtime.GOARCH) + } +} + +var execPaths sync.Map // path -> error + +// MustHaveExecPath checks that the current system can start the named executable +// using os.StartProcess or (more commonly) exec.Command. +// If not, MustHaveExecPath calls t.Skip with an explanation. +func MustHaveExecPath(t testing.TB, path string) { + MustHaveExec(t) + + err, found := execPaths.Load(path) + if !found { + _, err = exec.LookPath(path) + err, _ = execPaths.LoadOrStore(path, err) + } + if err != nil { + t.Skipf("skipping test: %s: %s", path, err) + } +} + +// HasExternalNetwork reports whether the current system can use +// external (non-localhost) networks. +func HasExternalNetwork() bool { + return !testing.Short() && runtime.GOOS != "js" +} + +// MustHaveExternalNetwork checks that the current system can use +// external (non-localhost) networks. +// If not, MustHaveExternalNetwork calls t.Skip with an explanation. +func MustHaveExternalNetwork(t testing.TB) { + if runtime.GOOS == "js" { + t.Skipf("skipping test: no external network on %s", runtime.GOOS) + } + if testing.Short() { + t.Skipf("skipping test: no external network in -short mode") + } +} + +var haveCGO bool + +// HasCGO reports whether the current system can use cgo. +func HasCGO() bool { + return haveCGO +} + +// MustHaveCGO calls t.Skip if cgo is not available. +func MustHaveCGO(t testing.TB) { + if !haveCGO { + t.Skipf("skipping test: no cgo") + } +} + +// CanInternalLink reports whether the current system can link programs with +// internal linking. +// (This is the opposite of cmd/internal/sys.MustLinkExternal. Keep them in sync.) +func CanInternalLink() bool { + switch runtime.GOOS { + case "android": + if runtime.GOARCH != "arm64" { + return false + } + case "ios": + if runtime.GOARCH == "arm64" { + return false + } + } + return true +} + +// MustInternalLink checks that the current system can link programs with internal +// linking. +// If not, MustInternalLink calls t.Skip with an explanation. +func MustInternalLink(t testing.TB) { + if !CanInternalLink() { + t.Skipf("skipping test: internal linking on %s/%s is not supported", runtime.GOOS, runtime.GOARCH) + } +} + +// HasSymlink reports whether the current system can use os.Symlink. +func HasSymlink() bool { + ok, _ := hasSymlink() + return ok +} + +// MustHaveSymlink reports whether the current system can use os.Symlink. +// If not, MustHaveSymlink calls t.Skip with an explanation. +func MustHaveSymlink(t testing.TB) { + ok, reason := hasSymlink() + if !ok { + t.Skipf("skipping test: cannot make symlinks on %s/%s%s", runtime.GOOS, runtime.GOARCH, reason) + } +} + +// HasLink reports whether the current system can use os.Link. +func HasLink() bool { + // From Android release M (Marshmallow), hard linking files is blocked + // and an attempt to call link() on a file will return EACCES. + // - https://code.google.com/p/android-developer-preview/issues/detail?id=3150 + return runtime.GOOS != "plan9" && runtime.GOOS != "android" +} + +// MustHaveLink reports whether the current system can use os.Link. +// If not, MustHaveLink calls t.Skip with an explanation. +func MustHaveLink(t testing.TB) { + if !HasLink() { + t.Skipf("skipping test: hardlinks are not supported on %s/%s", runtime.GOOS, runtime.GOARCH) + } +} + +var flaky = flag.Bool("flaky", false, "run known-flaky tests too") + +func SkipFlaky(t testing.TB, issue int) { + t.Helper() + if !*flaky { + t.Skipf("skipping known flaky test without the -flaky flag; see golang.org/issue/%d", issue) + } +} + +func SkipFlakyNet(t testing.TB) { + t.Helper() + if v, _ := strconv.ParseBool(os.Getenv("GO_BUILDER_FLAKY_NET")); v { + t.Skip("skipping test on builder known to have frequent network failures") + } +} + +// CleanCmdEnv will fill cmd.Env with the environment, excluding certain +// variables that could modify the behavior of the Go tools such as +// GODEBUG and GOTRACEBACK. +func CleanCmdEnv(cmd *exec.Cmd) *exec.Cmd { + if cmd.Env != nil { + panic("environment already set") + } + for _, env := range os.Environ() { + // Exclude GODEBUG from the environment to prevent its output + // from breaking tests that are trying to parse other command output. + if strings.HasPrefix(env, "GODEBUG=") { + continue + } + // Exclude GOTRACEBACK for the same reason. + if strings.HasPrefix(env, "GOTRACEBACK=") { + continue + } + cmd.Env = append(cmd.Env, env) + } + return cmd +} + +// CPUIsSlow reports whether the CPU running the test is suspected to be slow. +func CPUIsSlow() bool { + switch runtime.GOARCH { + case "arm", "mips", "mipsle", "mips64", "mips64le": + return true + } + return false +} + +// SkipIfShortAndSlow skips t if -short is set and the CPU running the test is +// suspected to be slow. +// +// (This is useful for CPU-intensive tests that otherwise complete quickly.) +func SkipIfShortAndSlow(t testing.TB) { + if testing.Short() && CPUIsSlow() { + t.Helper() + t.Skipf("skipping test in -short mode on %s", runtime.GOARCH) + } +} diff --git a/internal/testenv/testenv_cgo.go b/internal/testenv/testenv_cgo.go new file mode 100644 index 00000000..e3d4d16b --- /dev/null +++ b/internal/testenv/testenv_cgo.go @@ -0,0 +1,11 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build cgo + +package testenv + +func init() { + haveCGO = true +} diff --git a/internal/testenv/testenv_notwin.go b/internal/testenv/testenv_notwin.go new file mode 100644 index 00000000..ccb5d558 --- /dev/null +++ b/internal/testenv/testenv_notwin.go @@ -0,0 +1,20 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !windows + +package testenv + +import ( + "runtime" +) + +func hasSymlink() (ok bool, reason string) { + switch runtime.GOOS { + case "android", "plan9": + return false, "" + } + + return true, "" +} diff --git a/internal/testenv/testenv_windows.go b/internal/testenv/testenv_windows.go new file mode 100644 index 00000000..4802b139 --- /dev/null +++ b/internal/testenv/testenv_windows.go @@ -0,0 +1,47 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package testenv + +import ( + "os" + "path/filepath" + "sync" + "syscall" +) + +var symlinkOnce sync.Once +var winSymlinkErr error + +func initWinHasSymlink() { + tmpdir, err := os.MkdirTemp("", "symtest") + if err != nil { + panic("failed to create temp directory: " + err.Error()) + } + defer os.RemoveAll(tmpdir) + + err = os.Symlink("target", filepath.Join(tmpdir, "symlink")) + if err != nil { + err = err.(*os.LinkError).Err + switch err { + case syscall.EWINDOWS, syscall.ERROR_PRIVILEGE_NOT_HELD: + winSymlinkErr = err + } + } +} + +func hasSymlink() (ok bool, reason string) { + symlinkOnce.Do(initWinHasSymlink) + + switch winSymlinkErr { + case nil: + return true, "" + case syscall.EWINDOWS: + return false, ": symlinks are not supported on your version of Windows" + case syscall.ERROR_PRIVILEGE_NOT_HELD: + return false, ": you don't have enough privileges to create symlinks" + } + + return false, "" +} diff --git a/tls/alert.go b/tls/alert.go index 0856311e..4790b737 100644 --- a/tls/alert.go +++ b/tls/alert.go @@ -15,61 +15,83 @@ const ( ) const ( - alertCloseNotify alert = 0 - alertUnexpectedMessage alert = 10 - alertBadRecordMAC alert = 20 - alertDecryptionFailed alert = 21 - alertRecordOverflow alert = 22 - alertDecompressionFailure alert = 30 - alertHandshakeFailure alert = 40 - alertBadCertificate alert = 42 - alertUnsupportedCertificate alert = 43 - alertCertificateRevoked alert = 44 - alertCertificateExpired alert = 45 - alertCertificateUnknown alert = 46 - alertIllegalParameter alert = 47 - alertUnknownCA alert = 48 - alertAccessDenied alert = 49 - alertDecodeError alert = 50 - alertDecryptError alert = 51 - alertProtocolVersion alert = 70 - alertInsufficientSecurity alert = 71 - alertInternalError alert = 80 - alertUserCanceled alert = 90 - alertNoRenegotiation alert = 100 + alertCloseNotify alert = 0 + alertUnexpectedMessage alert = 10 + alertBadRecordMAC alert = 20 + alertDecryptionFailed alert = 21 + alertRecordOverflow alert = 22 + alertDecompressionFailure alert = 30 + alertHandshakeFailure alert = 40 + alertBadCertificate alert = 42 + alertUnsupportedCertificate alert = 43 + alertCertificateRevoked alert = 44 + alertCertificateExpired alert = 45 + alertCertificateUnknown alert = 46 + alertIllegalParameter alert = 47 + alertUnknownCA alert = 48 + alertAccessDenied alert = 49 + alertDecodeError alert = 50 + alertDecryptError alert = 51 + alertExportRestriction alert = 60 + alertProtocolVersion alert = 70 + alertInsufficientSecurity alert = 71 + alertInternalError alert = 80 + alertInappropriateFallback alert = 86 + alertUserCanceled alert = 90 + alertNoRenegotiation alert = 100 + alertMissingExtension alert = 109 + alertUnsupportedExtension alert = 110 + alertCertificateUnobtainable alert = 111 + alertUnrecognizedName alert = 112 + alertBadCertificateStatusResponse alert = 113 + alertBadCertificateHashValue alert = 114 + alertUnknownPSKIdentity alert = 115 + alertCertificateRequired alert = 116 + alertNoApplicationProtocol alert = 120 ) var alertText = map[alert]string{ - alertCloseNotify: "close notify", - alertUnexpectedMessage: "unexpected message", - alertBadRecordMAC: "bad record MAC", - alertDecryptionFailed: "decryption failed", - alertRecordOverflow: "record overflow", - alertDecompressionFailure: "decompression failure", - alertHandshakeFailure: "handshake failure", - alertBadCertificate: "bad certificate", - alertUnsupportedCertificate: "unsupported certificate", - alertCertificateRevoked: "revoked certificate", - alertCertificateExpired: "expired certificate", - alertCertificateUnknown: "unknown certificate", - alertIllegalParameter: "illegal parameter", - alertUnknownCA: "unknown certificate authority", - alertAccessDenied: "access denied", - alertDecodeError: "error decoding message", - alertDecryptError: "error decrypting message", - alertProtocolVersion: "protocol version not supported", - alertInsufficientSecurity: "insufficient security level", - alertInternalError: "internal error", - alertUserCanceled: "user canceled", - alertNoRenegotiation: "no renegotiation", + alertCloseNotify: "close notify", + alertUnexpectedMessage: "unexpected message", + alertBadRecordMAC: "bad record MAC", + alertDecryptionFailed: "decryption failed", + alertRecordOverflow: "record overflow", + alertDecompressionFailure: "decompression failure", + alertHandshakeFailure: "handshake failure", + alertBadCertificate: "bad certificate", + alertUnsupportedCertificate: "unsupported certificate", + alertCertificateRevoked: "revoked certificate", + alertCertificateExpired: "expired certificate", + alertCertificateUnknown: "unknown certificate", + alertIllegalParameter: "illegal parameter", + alertUnknownCA: "unknown certificate authority", + alertAccessDenied: "access denied", + alertDecodeError: "error decoding message", + alertDecryptError: "error decrypting message", + alertExportRestriction: "export restriction", + alertProtocolVersion: "protocol version not supported", + alertInsufficientSecurity: "insufficient security level", + alertInternalError: "internal error", + alertInappropriateFallback: "inappropriate fallback", + alertUserCanceled: "user canceled", + alertNoRenegotiation: "no renegotiation", + alertMissingExtension: "missing extension", + alertUnsupportedExtension: "unsupported extension", + alertCertificateUnobtainable: "certificate unobtainable", + alertUnrecognizedName: "unrecognized name", + alertBadCertificateStatusResponse: "bad certificate status response", + alertBadCertificateHashValue: "bad certificate hash value", + alertUnknownPSKIdentity: "unknown PSK identity", + alertCertificateRequired: "certificate required", + alertNoApplicationProtocol: "no application protocol", } func (e alert) String() string { s, ok := alertText[e] if ok { - return s + return "tls: " + s } - return "alert(" + strconv.Itoa(int(e)) + ")" + return "tls: alert(" + strconv.Itoa(int(e)) + ")" } func (e alert) Error() string { diff --git a/tls/auth.go b/tls/auth.go new file mode 100644 index 00000000..69302286 --- /dev/null +++ b/tls/auth.go @@ -0,0 +1,295 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" + "crypto/rsa" + "errors" + "fmt" + "hash" + "io" + + "github.com/zmap/zcrypto/x509" +) + +// verifyHandshakeSignature verifies a signature against pre-hashed +// (if required) handshake contents. +func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, signed, sig []byte) error { + switch sigType { + case signatureECDSA: + pubKey, ok := pubkey.(*ecdsa.PublicKey) + if !ok { + augKey, ok := pubkey.(*x509.AugmentedECDSA) + if !ok { + return fmt.Errorf("expected an ECDSA public key, got %T", pubkey) + } + pubKey = augKey.Pub + } + if !ecdsa.VerifyASN1(pubKey, signed, sig) { + return errors.New("ECDSA verification failure") + } + case signatureEd25519: + pubKey, ok := pubkey.(ed25519.PublicKey) + if !ok { + return fmt.Errorf("expected an Ed25519 public key, got %T", pubkey) + } + if !ed25519.Verify(pubKey, signed, sig) { + return errors.New("Ed25519 verification failure") + } + case signaturePKCS1v15: + pubKey, ok := pubkey.(*rsa.PublicKey) + if !ok { + return fmt.Errorf("expected an RSA public key, got %T", pubkey) + } + if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, signed, sig); err != nil { + return err + } + case signatureRSAPSS: + pubKey, ok := pubkey.(*rsa.PublicKey) + if !ok { + return fmt.Errorf("expected an RSA public key, got %T", pubkey) + } + signOpts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash} + if err := rsa.VerifyPSS(pubKey, hashFunc, signed, sig, signOpts); err != nil { + return err + } + default: + return errors.New("internal error: unknown signature type") + } + return nil +} + +const ( + serverSignatureContext = "TLS 1.3, server CertificateVerify\x00" + clientSignatureContext = "TLS 1.3, client CertificateVerify\x00" +) + +var signaturePadding = []byte{ + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +} + +// signedMessage returns the pre-hashed (if necessary) message to be signed by +// certificate keys in TLS 1.3. See RFC 8446, Section 4.4.3. +func signedMessage(sigHash crypto.Hash, context string, transcript hash.Hash) []byte { + if sigHash == directSigning { + b := &bytes.Buffer{} + b.Write(signaturePadding) + io.WriteString(b, context) + b.Write(transcript.Sum(nil)) + return b.Bytes() + } + h := sigHash.New() + h.Write(signaturePadding) + io.WriteString(h, context) + h.Write(transcript.Sum(nil)) + return h.Sum(nil) +} + +// typeAndHashFromSignatureScheme returns the corresponding signature type and +// crypto.Hash for a given TLS SignatureScheme. +func typeAndHashFromSignatureScheme(signatureAlgorithm SignatureScheme) (sigType uint8, hash crypto.Hash, err error) { + switch signatureAlgorithm { + case PKCS1WithSHA1, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512: + sigType = signaturePKCS1v15 + case PSSWithSHA256, PSSWithSHA384, PSSWithSHA512: + sigType = signatureRSAPSS + case ECDSAWithSHA1, ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512: + sigType = signatureECDSA + case Ed25519: + sigType = signatureEd25519 + default: + return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm) + } + switch signatureAlgorithm { + case PKCS1WithSHA1, ECDSAWithSHA1: + hash = crypto.SHA1 + case PKCS1WithSHA256, PSSWithSHA256, ECDSAWithP256AndSHA256: + hash = crypto.SHA256 + case PKCS1WithSHA384, PSSWithSHA384, ECDSAWithP384AndSHA384: + hash = crypto.SHA384 + case PKCS1WithSHA512, PSSWithSHA512, ECDSAWithP521AndSHA512: + hash = crypto.SHA512 + case Ed25519: + hash = directSigning + default: + return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm) + } + return sigType, hash, nil +} + +// legacyTypeAndHashFromPublicKey returns the fixed signature type and crypto.Hash for +// a given public key used with TLS 1.0 and 1.1, before the introduction of +// signature algorithm negotiation. +func legacyTypeAndHashFromPublicKey(pub crypto.PublicKey) (sigType uint8, hash crypto.Hash, err error) { + switch pub.(type) { + case *rsa.PublicKey: + return signaturePKCS1v15, crypto.MD5SHA1, nil + case *ecdsa.PublicKey, *x509.AugmentedECDSA: + return signatureECDSA, crypto.SHA1, nil + case ed25519.PublicKey: + // RFC 8422 specifies support for Ed25519 in TLS 1.0 and 1.1, + // but it requires holding on to a handshake transcript to do a + // full signature, and not even OpenSSL bothers with the + // complexity, so we can't even test it properly. + return 0, 0, fmt.Errorf("tls: Ed25519 public keys are not supported before TLS 1.2") + default: + return 0, 0, fmt.Errorf("tls: unsupported public key: %T", pub) + } +} + +var rsaSignatureSchemes = []struct { + scheme SignatureScheme + minModulusBytes int + maxVersion uint16 +}{ + // RSA-PSS is used with PSSSaltLengthEqualsHash, and requires + // emLen >= hLen + sLen + 2 + {PSSWithSHA256, crypto.SHA256.Size()*2 + 2, VersionTLS13}, + {PSSWithSHA384, crypto.SHA384.Size()*2 + 2, VersionTLS13}, + {PSSWithSHA512, crypto.SHA512.Size()*2 + 2, VersionTLS13}, + // PKCS #1 v1.5 uses prefixes from hashPrefixes in crypto/rsa, and requires + // emLen >= len(prefix) + hLen + 11 + // TLS 1.3 dropped support for PKCS #1 v1.5 in favor of RSA-PSS. + {PKCS1WithSHA256, 19 + crypto.SHA256.Size() + 11, VersionTLS12}, + {PKCS1WithSHA384, 19 + crypto.SHA384.Size() + 11, VersionTLS12}, + {PKCS1WithSHA512, 19 + crypto.SHA512.Size() + 11, VersionTLS12}, + {PKCS1WithSHA1, 15 + crypto.SHA1.Size() + 11, VersionTLS12}, +} + +// signatureSchemesForCertificate returns the list of supported SignatureSchemes +// for a given certificate, based on the public key and the protocol version, +// and optionally filtered by its explicit SupportedSignatureAlgorithms. +// +// This function must be kept in sync with supportedSignatureAlgorithms. +func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme { + priv, ok := cert.PrivateKey.(crypto.Signer) + if !ok { + return nil + } + + var sigAlgs []SignatureScheme + switch pub := priv.Public().(type) { + case *ecdsa.PublicKey: + if version != VersionTLS13 { + // In TLS 1.2 and earlier, ECDSA algorithms are not + // constrained to a single curve. + sigAlgs = []SignatureScheme{ + ECDSAWithP256AndSHA256, + ECDSAWithP384AndSHA384, + ECDSAWithP521AndSHA512, + ECDSAWithSHA1, + } + break + } + switch pub.Curve { + case elliptic.P256(): + sigAlgs = []SignatureScheme{ECDSAWithP256AndSHA256} + case elliptic.P384(): + sigAlgs = []SignatureScheme{ECDSAWithP384AndSHA384} + case elliptic.P521(): + sigAlgs = []SignatureScheme{ECDSAWithP521AndSHA512} + default: + return nil + } + case *rsa.PublicKey: + size := pub.Size() + sigAlgs = make([]SignatureScheme, 0, len(rsaSignatureSchemes)) + for _, candidate := range rsaSignatureSchemes { + if size >= candidate.minModulusBytes && version <= candidate.maxVersion { + sigAlgs = append(sigAlgs, candidate.scheme) + } + } + case ed25519.PublicKey: + sigAlgs = []SignatureScheme{Ed25519} + default: + return nil + } + + if cert.SupportedSignatureAlgorithms != nil { + var filteredSigAlgs []SignatureScheme + for _, sigAlg := range sigAlgs { + if isSupportedSignatureAlgorithm(sigAlg, cert.SupportedSignatureAlgorithms) { + filteredSigAlgs = append(filteredSigAlgs, sigAlg) + } + } + return filteredSigAlgs + } + return sigAlgs +} + +// selectSignatureScheme picks a SignatureScheme from the peer's preference list +// that works with the selected certificate. It's only called for protocol +// versions that support signature algorithms, so TLS 1.2 and 1.3. +func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureScheme) (SignatureScheme, error) { + supportedAlgs := signatureSchemesForCertificate(vers, c) + if len(supportedAlgs) == 0 { + return 0, unsupportedCertificateError(c) + } + if len(peerAlgs) == 0 && vers == VersionTLS12 { + // For TLS 1.2, if the client didn't send signature_algorithms then we + // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1. + peerAlgs = []SignatureScheme{PKCS1WithSHA1, ECDSAWithSHA1} + } + // Pick signature scheme in the peer's preference order, as our + // preference order is not configurable. + for _, preferredAlg := range peerAlgs { + if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) { + return preferredAlg, nil + } + } + return 0, errors.New("tls: peer doesn't support any of the certificate's signature algorithms") +} + +// unsupportedCertificateError returns a helpful error for certificates with +// an unsupported private key. +func unsupportedCertificateError(cert *Certificate) error { + switch cert.PrivateKey.(type) { + case rsa.PrivateKey, ecdsa.PrivateKey: + return fmt.Errorf("tls: unsupported certificate: private key is %T, expected *%T", + cert.PrivateKey, cert.PrivateKey) + case *ed25519.PrivateKey: + return fmt.Errorf("tls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKey") + } + + signer, ok := cert.PrivateKey.(crypto.Signer) + if !ok { + return fmt.Errorf("tls: certificate private key (%T) does not implement crypto.Signer", + cert.PrivateKey) + } + + switch pub := signer.Public().(type) { + case *ecdsa.PublicKey: + switch pub.Curve { + case elliptic.P256(): + case elliptic.P384(): + case elliptic.P521(): + default: + return fmt.Errorf("tls: unsupported certificate curve (%s)", pub.Curve.Params().Name) + } + case *rsa.PublicKey: + return fmt.Errorf("tls: certificate RSA key size too small for supported signature algorithms") + case ed25519.PublicKey: + default: + return fmt.Errorf("tls: unsupported certificate key (%T)", pub) + } + + if cert.SupportedSignatureAlgorithms != nil { + return fmt.Errorf("tls: peer doesn't support the certificate custom signature algorithms") + } + + return fmt.Errorf("tls: internal error: unsupported key (%T)", cert.PrivateKey) +} diff --git a/tls/auth_test.go b/tls/auth_test.go new file mode 100644 index 00000000..c42e3491 --- /dev/null +++ b/tls/auth_test.go @@ -0,0 +1,168 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto" + "testing" +) + +func TestSignatureSelection(t *testing.T) { + rsaCert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + } + pkcs1Cert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, + } + ecdsaCert := &Certificate{ + Certificate: [][]byte{testP256Certificate}, + PrivateKey: testP256PrivateKey, + } + ed25519Cert := &Certificate{ + Certificate: [][]byte{testEd25519Certificate}, + PrivateKey: testEd25519PrivateKey, + } + + tests := []struct { + cert *Certificate + peerSigAlgs []SignatureScheme + tlsVersion uint16 + + expectedSigAlg SignatureScheme + expectedSigType uint8 + expectedHash crypto.Hash + }{ + {rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, + {rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512}, + {rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256}, + {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256}, + {rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, PSSWithSHA384, signatureRSAPSS, crypto.SHA384}, + {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, + {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256}, + {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256}, + {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning}, + {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, Ed25519, signatureEd25519, directSigning}, + + // TLS 1.2 without signature_algorithms extension + {rsaCert, nil, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, + {ecdsaCert, nil, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, + + // TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256) + {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384}, + } + + for testNo, test := range tests { + sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs) + if err != nil { + t.Errorf("test[%d]: unexpected selectSignatureScheme error: %v", testNo, err) + } + if test.expectedSigAlg != sigAlg { + t.Errorf("test[%d]: expected signature scheme %v, got %v", testNo, test.expectedSigAlg, sigAlg) + } + sigType, hashFunc, err := typeAndHashFromSignatureScheme(sigAlg) + if err != nil { + t.Errorf("test[%d]: unexpected typeAndHashFromSignatureScheme error: %v", testNo, err) + } + if test.expectedSigType != sigType { + t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType) + } + if test.expectedHash != hashFunc { + t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc) + } + } + + brokenCert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + SupportedSignatureAlgorithms: []SignatureScheme{Ed25519}, + } + + badTests := []struct { + cert *Certificate + peerSigAlgs []SignatureScheme + tlsVersion uint16 + }{ + {rsaCert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12}, + {ecdsaCert, []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}, VersionTLS12}, + {rsaCert, []SignatureScheme{0}, VersionTLS12}, + {ed25519Cert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12}, + {ecdsaCert, []SignatureScheme{Ed25519}, VersionTLS12}, + {brokenCert, []SignatureScheme{Ed25519}, VersionTLS12}, + {brokenCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS12}, + // RFC 5246, Section 7.4.1.4.1, says to only consider {sha1,ecdsa} as + // default when the extension is missing, and RFC 8422 does not update + // it. Anyway, if a stack supports Ed25519 it better support sigalgs. + {ed25519Cert, nil, VersionTLS12}, + // TLS 1.3 has no default signature_algorithms. + {rsaCert, nil, VersionTLS13}, + {ecdsaCert, nil, VersionTLS13}, + {ed25519Cert, nil, VersionTLS13}, + // Wrong curve, which TLS 1.3 checks + {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS13}, + // TLS 1.3 does not support PKCS1v1.5 or SHA-1. + {rsaCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS13}, + {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS13}, + {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS13}, + // The key can be too small for the hash. + {rsaCert, []SignatureScheme{PSSWithSHA512}, VersionTLS12}, + } + + for testNo, test := range badTests { + sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs) + if err == nil { + t.Errorf("test[%d]: unexpected success, got %v", testNo, sigAlg) + } + } +} + +func TestLegacyTypeAndHash(t *testing.T) { + sigType, hashFunc, err := legacyTypeAndHashFromPublicKey(testRSAPrivateKey.Public()) + if err != nil { + t.Errorf("RSA: unexpected error: %v", err) + } + if expectedSigType := signaturePKCS1v15; expectedSigType != sigType { + t.Errorf("RSA: expected signature type %#x, got %#x", expectedSigType, sigType) + } + if expectedHashFunc := crypto.MD5SHA1; expectedHashFunc != hashFunc { + t.Errorf("RSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc) + } + + sigType, hashFunc, err = legacyTypeAndHashFromPublicKey(testECDSAPrivateKey.Public()) + if err != nil { + t.Errorf("ECDSA: unexpected error: %v", err) + } + if expectedSigType := signatureECDSA; expectedSigType != sigType { + t.Errorf("ECDSA: expected signature type %#x, got %#x", expectedSigType, sigType) + } + if expectedHashFunc := crypto.SHA1; expectedHashFunc != hashFunc { + t.Errorf("ECDSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc) + } + + // Ed25519 is not supported by TLS 1.0 and 1.1. + _, _, err = legacyTypeAndHashFromPublicKey(testEd25519PrivateKey.Public()) + if err == nil { + t.Errorf("Ed25519: unexpected success") + } +} + +// TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms +// have valid type and hash information. +func TestSupportedSignatureAlgorithms(t *testing.T) { + for _, sigAlg := range supportedSignatureAlgorithms { + sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg) + if err != nil { + t.Errorf("%v: unexpected error: %v", sigAlg, err) + } + if sigType == 0 { + t.Errorf("%v: missing signature type", sigAlg) + } + if hash == 0 && sigAlg != Ed25519 { + t.Errorf("%v: missing hash", sigAlg) + } + } +} diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index a81b5575..3bd4ed44 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -5,22 +5,109 @@ package tls import ( + "crypto" "crypto/aes" "crypto/cipher" "crypto/des" "crypto/hmac" - "crypto/md5" "crypto/rc4" "crypto/sha1" "crypto/sha256" - "crypto/sha512" + "fmt" "hash" - "github.com/zmap/rc2" "github.com/zmap/zcrypto/x509" "golang.org/x/crypto/chacha20poly1305" ) +// CipherSuite is a TLS cipher suite. Note that most functions in this package +// accept and expose cipher suite IDs instead of this type. +type CipherSuite struct { + ID uint16 + Name string + + // Supported versions is the list of TLS protocol versions that can + // negotiate this cipher suite. + SupportedVersions []uint16 + + // Insecure is true if the cipher suite has known security issues + // due to its primitives, design, or implementation. + Insecure bool +} + +var ( + supportedUpToTLS12 = []uint16{VersionTLS10, VersionTLS11, VersionTLS12} + supportedOnlyTLS12 = []uint16{VersionTLS12} + supportedOnlyTLS13 = []uint16{VersionTLS13} +) + +// CipherSuites returns a list of cipher suites currently implemented by this +// package, excluding those with security issues, which are returned by +// InsecureCipherSuites. +// +// The list is sorted by ID. Note that the default cipher suites selected by +// this package might depend on logic that can't be captured by a static list. +func CipherSuites() []*CipherSuite { + return []*CipherSuite{ + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false}, + {TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false}, + {TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false}, + + {TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", supportedOnlyTLS13, false}, + {TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", supportedOnlyTLS13, false}, + {TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256", supportedOnlyTLS13, false}, + + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false}, + } +} + +// InsecureCipherSuites returns a list of cipher suites currently implemented by +// this package and which have security issues. +// +// Most applications should not use the cipher suites in this list, and should +// only use those returned by CipherSuites. +func InsecureCipherSuites() []*CipherSuite { + // RC4 suites are broken because RC4 is. + // CBC-SHA256 suites have no Lucky13 countermeasures. + return []*CipherSuite{ + {TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", supportedUpToTLS12, true}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true}, + } +} + +// CipherSuiteName returns the standard name for the passed cipher suite ID +// (e.g. "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), or a fallback representation +// of the ID value if the cipher suite is not implemented by this package. +func CipherSuiteName(id uint16) string { + for _, c := range CipherSuites() { + if c.ID == id { + return c.Name + } + } + for _, c := range InsecureCipherSuites() { + if c.ID == id { + return c.Name + } + } + return fmt.Sprintf("0x%04X", id) +} + // a keyAgreement implements the client and server side of a TLS key agreement // protocol by generating and processing key exchange messages. type keyAgreement interface { @@ -30,7 +117,7 @@ type keyAgreement interface { // ServerKeyExchange message, generateServerKeyExchange can return nil, // nil. generateServerKeyExchange(*Config, *Certificate, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) - processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg) ([]byte, error) + processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg, uint16) ([]byte, error) // On the client side, the next two methods are called in order. @@ -41,172 +128,102 @@ type keyAgreement interface { } const ( - // suiteECDH indicates that the cipher suite involves elliptic curve + // suiteECDHE indicates that the cipher suite involves elliptic curve // Diffie-Hellman. This means that it should only be selected when the // client indicates that it supports ECC with a curve and point format // that we're happy with. suiteECDHE = 1 << iota - // suiteECDSA indicates that the cipher suite involves an ECDSA - // signature and therefore may only be selected when the server's - // certificate is ECDSA. If this is not set then the cipher suite is - // RSA based. - suiteECDSA + // suiteECSign indicates that the cipher suite involves an ECDSA or + // EdDSA signature and therefore may only be selected when the server's + // certificate is ECDSA or EdDSA. If this is not set then the cipher suite + // is RSA based. + suiteECSign // suiteTLS12 indicates that the cipher suite should only be advertised // and accepted when using TLS 1.2. suiteTLS12 - // suiteSHA384 indicates that the cipher suite uses SHA384 as the // handshake hash. suiteSHA384 - - // suiteNoDTLS indicates that the cipher suite cannot be used - // in DTLS. - suiteNoDTLS - - // suitePSK indicates that the cipher suite authenticates with - // a pre-shared key rather than a server private key. - suitePSK - - // suiteExport indicates that the cipher suite is an export suite - suiteExport - - // suiteAnon indicates the cipher suite is anonymous - suiteAnon - - // suiteDSS indicates the cipher suite uses DSS signatures and requires a - // DSA server key - suiteDSS + // suiteDefaultOff indicates that this cipher suite is not included by + // default. + suiteDefaultOff ) -// A cipherSuite is a specific combination of key agreement, cipher and MAC -// function. All cipher suites currently assume RSA key agreement. +// A cipherSuite is a specific combination of key agreement, cipher and MAC function. type cipherSuite struct { id uint16 // the lengths, in bytes, of the key material needed for each component. keyLen int macLen int ivLen int - - // used by export ciphers - expandedKeyLen int - - ka func(version uint16) keyAgreement + ka func(version uint16) keyAgreement // flags is a bitmask of the suite* values, above. flags int cipher func(key, iv []byte, isRead bool) interface{} - mac func(version uint16, macKey []byte) macFunction - aead func(key, fixedNonce []byte) tlsAead -} - -type tlsAead interface { - cipher.AEAD - explicitNonce() bool -} - -// Incidences of unsupported cipher-suites are annotated in-line with comments -// The following guidelines should be noted: -// * DSS Suites: certificates are not supported (Certificate) -// * PSK Suites: Not supported/implemented (Symmetric Key) -// * Non-ephemeral, Anonymous DH: Not supported/implemented (Kex) -var implementedCipherSuites = []*cipherSuite{ - {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, - {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, - {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, - {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, - {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheRSAKA, suiteECDHE | suiteNoDTLS, cipherRC4, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteNoDTLS, cipherRC4, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, 32, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, - {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, dheRSAKA, suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, - {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, dheRSAKA, suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, dheRSAKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, dheRSAKA, 0, cipherAES, macSHA1, nil}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, dheRSAKA, 0, cipherAES, macSHA1, nil}, - {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, - {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, rsaKA, suiteNoDTLS, cipherRC4, macSHA1, nil}, - {TLS_RSA_WITH_RC4_128_MD5, 16, 16, 0, 16, rsaKA, suiteNoDTLS, cipherRC4, macMD5, nil}, - {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, rsaKA, 0, cipherAES, macSHA1, nil}, - {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, rsaKA, 0, cipherAES, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, - {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, dheRSAKA, 0, cipher3DES, macSHA1, nil}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, rsaKA, 0, cipher3DES, macSHA1, nil}, - // WARN: PSK: Not supported/implemented - //{TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdhePSKKA, suiteECDHE | suiteTLS12 | suitePSK, nil, nil, aeadAESGCM}, - //{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, suiteNoDTLS | suitePSK, cipherRC4, macSHA1, nil}, - //{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, - //{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, - //{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, - //{TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, - {TLS_RSA_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, 16, rsaEphemeralKA, suiteExport, cipherRC4, macMD5, nil}, - {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, rsaEphemeralKA, suiteExport, cipherDES, macSHA1, nil}, - {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 5, 16, 8, 16, rsaEphemeralKA, suiteExport, cipherRC2, macMD5, nil}, - {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dheRSAKA, suiteExport, cipherDES, macSHA1, nil}, - // WARN: DSS: Certificate not supported/implemented - {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dheDSSKA, suiteExport | suiteDSS, cipherDES, macSHA1, nil}, - // WARN: Non-ephemeral, Anonymous DH: Not supported/implemented - {TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dhAnonKA, suiteExport | suiteAnon, cipherDES, macSHA1, nil}, - {TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, 16, dhAnonKA, suiteExport | suiteAnon, cipherRC4, macMD5, nil}, - // WARN DSS: Certificate not supported/implemented - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipher3DES, macSHA1, nil}, - // WARN: DSS: Certificate not supported/implemented - {TLS_DHE_DSS_WITH_DES_CBC_SHA, 8, 20, 8, 8, dheDSSKA, suiteDSS, cipherDES, macSHA1, nil}, - {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, dheDSSKA, suiteDSS, cipher3DES, macSHA1, nil}, - {TLS_DHE_RSA_WITH_DES_CBC_SHA, 8, 20, 8, 8, dheRSAKA, 0, cipherDES, macSHA1, nil}, - // WARN: DSS: Certificate not supported/implemented - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_DHE_DSS_WITH_RC4_128_SHA, 16, 20, 0, 16, dheDSSKA, suiteDSS, cipherRC4, macSHA1, nil}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, - {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, dheDSSKA, suiteDSS | suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, dheDSSKA, suiteDSS | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, -} + mac func(key []byte) hash.Hash + aead func(key, fixedNonce []byte) aead +} + +var cipherSuites = []*cipherSuite{ + // Ciphersuite order is chosen so that ECDHE comes before plain RSA and + // AEADs are the top preference. + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECSign, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECSign, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, + + // RC4-based cipher suites are disabled by default. + {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteDefaultOff, cipherRC4, macSHA1, nil}, +} + +// selectCipherSuite returns the first cipher suite from ids which is also in +// supportedIDs and passes the ok filter. +func selectCipherSuite(ids, supportedIDs []uint16, ok func(*cipherSuite) bool) *cipherSuite { + for _, id := range ids { + candidate := cipherSuiteByID(id) + if candidate == nil || !ok(candidate) { + continue + } -var stdlibCipherSuites = []*cipherSuite{ - // Ciphersuite order is chosen so that ECDHE comes before plain RSA - // and RC4 comes before AES (because of the Lucky13 attack). - {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, - {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheRSAKA, suiteECDHE, cipherRC4, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherRC4, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, - {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, - {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, rsaKA, 0, cipherRC4, macSHA1, nil}, - {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, rsaKA, 0, cipherAES, macSHA1, nil}, - {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, rsaKA, 0, cipherAES, macSHA1, nil}, - {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, rsaKA, 0, cipher3DES, macSHA1, nil}, + for _, suppID := range supportedIDs { + if id == suppID { + return candidate + } + } + } + return nil } -func cipherDES(key, iv []byte, isRead bool) interface{} { - block, _ := des.NewCipher(key) - if isRead { - return cipher.NewCBCDecrypter(block, iv) - } - return cipher.NewCBCEncrypter(block, iv) +// A cipherSuiteTLS13 defines only the pair of the AEAD algorithm and hash +// algorithm to be used with HKDF. See RFC 8446, Appendix B.4. +type cipherSuiteTLS13 struct { + id uint16 + keyLen int + aead func(key, fixedNonce []byte) aead + hash crypto.Hash } -func cipherRC2(key, iv []byte, isRead bool) interface{} { - block, _ := rc2.NewCipher(key) - if isRead { - return cipher.NewCBCDecrypter(block, iv) - } - return cipher.NewCBCEncrypter(block, iv) +var cipherSuitesTLS13 = []*cipherSuiteTLS13{ + {TLS_AES_128_GCM_SHA256, 16, aeadAESGCMTLS13, crypto.SHA256}, + {TLS_CHACHA20_POLY1305_SHA256, 32, aeadChaCha20Poly1305, crypto.SHA256}, + {TLS_AES_256_GCM_SHA384, 32, aeadAESGCMTLS13, crypto.SHA384}, } func cipherRC4(key, iv []byte, isRead bool) interface{} { @@ -230,100 +247,51 @@ func cipherAES(key, iv []byte, isRead bool) interface{} { return cipher.NewCBCEncrypter(block, iv) } -// macSHA1 returns a macFunction for the given protocol version. -func macSHA1(version uint16, key []byte) macFunction { - if version == VersionSSL30 { - mac := ssl30MAC{ - h: sha1.New(), - key: make([]byte, len(key)), - } - copy(mac.key, key) - return mac - } - return tls10MAC{hmac.New(sha1.New, key)} +// macSHA1 returns a SHA-1 based constant time MAC. +func macSHA1(key []byte) hash.Hash { + return hmac.New(newConstantTimeHash(sha1.New), key) } -func macMD5(version uint16, key []byte) macFunction { - if version == VersionSSL30 { - mac := ssl30MAC{ - h: md5.New(), - key: make([]byte, len(key)), - } - copy(mac.key, key) - return mac - } - return tls10MAC{hmac.New(md5.New, key)} +// macSHA256 returns a SHA-256 based MAC. This is only supported in TLS 1.2 and +// is currently only used in disabled-by-default cipher suites. +func macSHA256(key []byte) hash.Hash { + return hmac.New(sha256.New, key) } -func macSHA256(version uint16, key []byte) macFunction { - if version == VersionSSL30 { - mac := ssl30MAC{ - h: sha256.New(), - key: make([]byte, len(key)), - } - copy(mac.key, key) - return mac - } - return tls10MAC{hmac.New(sha256.New, key)} -} +type aead interface { + cipher.AEAD -func macSHA384(version uint16, key []byte) macFunction { - if version == VersionSSL30 { - mac := ssl30MAC{ - h: sha512.New384(), - key: make([]byte, len(key)), - } - copy(mac.key, key) - return mac - } - return tls10MAC{hmac.New(sha512.New384, key)} + // explicitNonceLen returns the number of bytes of explicit nonce + // included in each record. This is eight for older AEADs and + // zero for modern ones. + explicitNonceLen() int } -type macFunction interface { - Size() int - MAC(digestBuf, seq, header, length, data []byte) []byte -} +const ( + aeadNonceLength = 12 + noncePrefixLength = 4 +) -// fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to +// prefixNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to // each call. -type fixedNonceAEAD struct { - // sealNonce and openNonce are buffers where the larger nonce will be - // constructed. Since a seal and open operation may be running - // concurrently, there is a separate buffer for each. - sealNonce, openNonce []byte - aead cipher.AEAD +type prefixNonceAEAD struct { + // nonce contains the fixed part of the nonce in the first four bytes. + nonce [aeadNonceLength]byte + aead cipher.AEAD } -func (f *fixedNonceAEAD) NonceSize() int { return 8 } -func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() } - -func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { - copy(f.sealNonce[len(f.sealNonce)-8:], nonce) - return f.aead.Seal(out, f.sealNonce, plaintext, additionalData) -} +func (f *prefixNonceAEAD) NonceSize() int { return aeadNonceLength - noncePrefixLength } +func (f *prefixNonceAEAD) Overhead() int { return f.aead.Overhead() } +func (f *prefixNonceAEAD) explicitNonceLen() int { return f.NonceSize() } -func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { - copy(f.openNonce[len(f.openNonce)-8:], nonce) - return f.aead.Open(out, f.openNonce, plaintext, additionalData) +func (f *prefixNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { + copy(f.nonce[4:], nonce) + return f.aead.Seal(out, f.nonce[:], plaintext, additionalData) } -func (f *fixedNonceAEAD) explicitNonce() bool { return true } - -func aeadAESGCM(key, fixedNonce []byte) tlsAead { - aes, err := aes.NewCipher(key) - if err != nil { - panic(err) - } - aead, err := cipher.NewGCM(aes) - if err != nil { - panic(err) - } - - nonce1, nonce2 := make([]byte, 12), make([]byte, 12) - copy(nonce1, fixedNonce) - copy(nonce2, fixedNonce) - - return &fixedNonceAEAD{nonce1, nonce2, aead} +func (f *prefixNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]byte, error) { + copy(f.nonce[4:], nonce) + return f.aead.Open(out, f.nonce[:], ciphertext, additionalData) } // xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce @@ -336,7 +304,6 @@ type xorNonceAEAD struct { func (f *xorNonceAEAD) NonceSize() int { return 8 } // 64-bit sequence number func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } func (f *xorNonceAEAD) explicitNonceLen() int { return 0 } -func (f *xorNonceAEAD) explicitNonce() bool { return false } func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { for i, b := range nonce { @@ -362,139 +329,107 @@ func (f *xorNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]by return result, err } -const ( - aeadNonceLength = 12 -) - -func aeadCHACHA20POLY1305(key, fixedNonce []byte) tlsAead { - if len(fixedNonce) != aeadNonceLength { +func aeadAESGCM(key, noncePrefix []byte) aead { + if len(noncePrefix) != noncePrefixLength { panic("tls: internal error: wrong nonce length") } - aead, err := chacha20poly1305.New(key) + aes, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + aead, err := cipher.NewGCM(aes) if err != nil { panic(err) } - ret := &xorNonceAEAD{aead: aead} - copy(ret.nonceMask[:], fixedNonce) + ret := &prefixNonceAEAD{aead: aead} + copy(ret.nonce[:], noncePrefix) return ret } -// ssl30MAC implements the SSLv3 MAC function, as defined in -// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 5.2.3.1 -type ssl30MAC struct { - h hash.Hash - key []byte -} +func aeadAESGCMTLS13(key, nonceMask []byte) aead { + if len(nonceMask) != aeadNonceLength { + panic("tls: internal error: wrong nonce length") + } + aes, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + aead, err := cipher.NewGCM(aes) + if err != nil { + panic(err) + } -func (s ssl30MAC) Size() int { - return s.h.Size() + ret := &xorNonceAEAD{aead: aead} + copy(ret.nonceMask[:], nonceMask) + return ret } -var ssl30Pad1 = [48]byte{0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36} - -var ssl30Pad2 = [48]byte{0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c} - -func (s ssl30MAC) MAC(digestBuf, seq, header, length, data []byte) []byte { - padLength := 48 - if s.h.Size() == 20 { - padLength = 40 +func aeadChaCha20Poly1305(key, nonceMask []byte) aead { + if len(nonceMask) != aeadNonceLength { + panic("tls: internal error: wrong nonce length") + } + aead, err := chacha20poly1305.New(key) + if err != nil { + panic(err) } - s.h.Reset() - s.h.Write(s.key) - s.h.Write(ssl30Pad1[:padLength]) - s.h.Write(seq) - s.h.Write(header[:1]) - s.h.Write(length) - s.h.Write(data) - digestBuf = s.h.Sum(digestBuf[:0]) - - s.h.Reset() - s.h.Write(s.key) - s.h.Write(ssl30Pad2[:padLength]) - s.h.Write(digestBuf) - return s.h.Sum(digestBuf[:0]) + ret := &xorNonceAEAD{aead: aead} + copy(ret.nonceMask[:], nonceMask) + return ret } -// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3. -type tls10MAC struct { - h hash.Hash +type constantTimeHash interface { + hash.Hash + ConstantTimeSum(b []byte) []byte } -func (s tls10MAC) Size() int { - return s.h.Size() +// cthWrapper wraps any hash.Hash that implements ConstantTimeSum, and replaces +// with that all calls to Sum. It's used to obtain a ConstantTimeSum-based HMAC. +type cthWrapper struct { + h constantTimeHash } -func (s tls10MAC) MAC(digestBuf, seq, header, length, data []byte) []byte { - s.h.Reset() - s.h.Write(seq) - s.h.Write(header) - s.h.Write(length) - s.h.Write(data) - return s.h.Sum(digestBuf[:0]) -} +func (c *cthWrapper) Size() int { return c.h.Size() } +func (c *cthWrapper) BlockSize() int { return c.h.BlockSize() } +func (c *cthWrapper) Reset() { c.h.Reset() } +func (c *cthWrapper) Write(p []byte) (int, error) { return c.h.Write(p) } +func (c *cthWrapper) Sum(b []byte) []byte { return c.h.ConstantTimeSum(b) } -func rsaKA(version uint16) keyAgreement { - return &rsaKeyAgreement{ - version: version, - auth: &signedKeyAgreement{ - sigType: signatureRSA, - version: version, - }, +func newConstantTimeHash(h func() hash.Hash) func() hash.Hash { + return func() hash.Hash { + return &cthWrapper{h().(constantTimeHash)} } } -func rsaEphemeralKA(version uint16) keyAgreement { - return &rsaKeyAgreement{ - version: version, - ephemeral: true, - auth: &signedKeyAgreement{ - sigType: signatureRSA, - version: version, - }, +// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, Section 6.2.3. +func tls10MAC(h hash.Hash, out, seq, header, data, extra []byte) []byte { + h.Reset() + h.Write(seq) + h.Write(header) + h.Write(data) + res := h.Sum(out) + if extra != nil { + h.Write(extra) } + return res +} + +func rsaKA(version uint16) keyAgreement { + return rsaKeyAgreement{} } func ecdheECDSAKA(version uint16) keyAgreement { return &ecdheKeyAgreement{ - auth: &signedKeyAgreement{ - sigType: signatureECDSA, - version: version, - }, + isRSA: false, + version: version, } } func ecdheRSAKA(version uint16) keyAgreement { return &ecdheKeyAgreement{ - auth: &signedKeyAgreement{ - sigType: signatureRSA, - version: version, - }, - } -} - -func dheRSAKA(version uint16) keyAgreement { - return &dheKeyAgreement{ - auth: &signedKeyAgreement{ - sigType: signatureRSA, - version: version, - }, - } -} - -func dheDSSKA(version uint16) keyAgreement { - return &dheKeyAgreement{ - auth: &signedKeyAgreement{ - sigType: signatureDSA, - version: version, - }, - } -} - -func dhAnonKA(version uint16) keyAgreement { - return &dheKeyAgreement{ - auth: &nilKeyAgreementAuthentication{}, + isRSA: true, + version: version, } } @@ -503,712 +438,79 @@ func dhAnonKA(version uint16) keyAgreement { func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { for _, id := range have { if id == want { - for _, suite := range implementedCipherSuites { - if suite.id == want { - return suite - } - } - return nil + return cipherSuiteByID(id) } } return nil } -// A list of the possible cipher suite ids. Taken from -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml -const ( - TLS_NULL_WITH_NULL_NULL = 0x0000 - TLS_RSA_WITH_NULL_MD5 = 0x0001 - TLS_RSA_WITH_NULL_SHA = 0x0002 - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003 - TLS_RSA_WITH_RC4_128_MD5 = 0x0004 - TLS_RSA_WITH_RC4_128_SHA = 0x0005 - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006 - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007 - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008 - TLS_RSA_WITH_DES_CBC_SHA = 0x0009 - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010 - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011 - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012 - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013 - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014 - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017 - TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018 - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019 - TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D - TLS_KRB5_WITH_DES_CBC_SHA = 0x001E - TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F - TLS_KRB5_WITH_RC4_128_SHA = 0x0020 - TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021 - TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022 - TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023 - TLS_KRB5_WITH_RC4_128_MD5 = 0x0024 - TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025 - TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026 - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027 - TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028 - TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029 - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A - TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B - TLS_PSK_WITH_NULL_SHA = 0x002C - TLS_DHE_PSK_WITH_NULL_SHA = 0x002D - TLS_RSA_PSK_WITH_NULL_SHA = 0x002E - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030 - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031 - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 - TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036 - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 - TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A - TLS_RSA_WITH_NULL_SHA256 = 0x003B - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041 - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042 - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043 - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044 - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045 - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046 - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060 - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061 - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062 - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063 - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064 - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065 - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068 - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B - TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C - TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D - TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080 - TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081 - TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082 - TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084 - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085 - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086 - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088 - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089 - TLS_PSK_WITH_RC4_128_SHA = 0x008A - TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B - TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C - TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D - TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E - TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F - TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091 - TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092 - TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093 - TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094 - TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095 - TLS_RSA_WITH_SEED_CBC_SHA = 0x0096 - TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097 - TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098 - TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099 - TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A - TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B - TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C - TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0 - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1 - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2 - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3 - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4 - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5 - TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6 - TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7 - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8 - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9 - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB - TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC - TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD - TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF - TLS_PSK_WITH_NULL_SHA256 = 0x00B0 - TLS_PSK_WITH_NULL_SHA384 = 0x00B1 - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3 - TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4 - TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5 - TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6 - TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7 - TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8 - TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0 - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1 - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2 - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4 - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5 - TLS_RENEGO_PROTECTION_REQUEST = 0x00FF - TLS_FALLBACK_SCSV = 0x5600 - TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001 - TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002 - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005 - TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007 - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A - TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B - TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F - TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010 - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011 - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 - TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015 - TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016 - TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017 - TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018 - TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019 - TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A - TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B - TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C - TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D - TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E - TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F - TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 - TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 - TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032 - TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033 - TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034 - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035 - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036 - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037 - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038 - TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039 - TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A - TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B - TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C - TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D - TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E - TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F - TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040 - TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041 - TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042 - TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043 - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044 - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045 - TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046 - TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047 - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048 - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049 - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D - TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E - TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F - TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050 - TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051 - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052 - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053 - TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054 - TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055 - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056 - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057 - TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058 - TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059 - TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A - TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060 - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061 - TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062 - TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063 - TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064 - TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065 - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066 - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067 - TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068 - TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069 - TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A - TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070 - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073 - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074 - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075 - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076 - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077 - TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078 - TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079 - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D - TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E - TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F - TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080 - TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081 - TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082 - TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083 - TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084 - TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087 - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088 - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089 - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B - TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C - TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D - TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E - TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090 - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091 - TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092 - TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093 - TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094 - TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095 - TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096 - TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097 - TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098 - TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099 - TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A - TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B - TLS_RSA_WITH_AES_128_CCM = 0xC09C - TLS_RSA_WITH_AES_256_CCM = 0xC09D - TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E - TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F - TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0 - TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1 - TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2 - TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3 - TLS_PSK_WITH_AES_128_CCM = 0xC0A4 - TLS_PSK_WITH_AES_256_CCM = 0xC0A5 - TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6 - TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7 - TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8 - TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9 - TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA - TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB - TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC - TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF - TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xCAFE - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA - // Old ids for Chacha20 ciphers - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC13 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC14 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC15 - //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE - //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF - //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFFE0 - //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFFE1 - SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80 - SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81 - SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82 - SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83 - SSL_EN_RC2_128_CBC_WITH_MD5 = 0xFF03 - OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85 -) - -// RSA Ciphers -var RSACiphers = []uint16{ - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_GCM_SHA256, -} - -// WARN: DSS: Certificate not supported/implemented -var DHECiphers []uint16 = []uint16{ - TLS_DHE_DSS_WITH_DES_CBC_SHA, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_RSA_WITH_DES_CBC_SHA, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_RC4_128_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -} - -var ECDHECiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, -} - -// WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented -// WARN: DSS: Certificate not supported/implemented -// WARN: KRB5: Supported? -var ExportCiphers []uint16 = []uint16{ - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, - TLS_KRB5_EXPORT_WITH_RC4_40_SHA, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_KRB5_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, -} - -var RSAExportCiphers []uint16 = []uint16{ - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, -} - -var RSA512ExportCiphers []uint16 = []uint16{ - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, -} - -var DHEExportCiphers []uint16 = []uint16{ - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, -} - -var ChromeCiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -} - -var ChromeNoDHECiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -} - -var FirefoxCiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - // WARN: DSS: Certificate not supported/implemented - // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -} - -var FirefoxNoDHECiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - // WARN: DSS: Certificate not supported/implemented - // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -} - -var SafariCiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented - // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA256, - TLS_RSA_WITH_AES_128_CBC_SHA256, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, -} - -var SafariNoDHECiphers []uint16 = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA256, - TLS_RSA_WITH_AES_128_CBC_SHA256, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented - // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - // TLS_ECDH_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, -} - -var PortableCiphers []uint16 = []uint16{ - // stdlibCiphers, to preserve the default behavior for common cipher-suites that may be present - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - // Most of the other implemented ciphers, in a somewhat reasonable order - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA256, - TLS_RSA_WITH_AES_128_CBC_SHA256, - TLS_RSA_WITH_RC4_128_MD5, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_DES_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented - // TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, - // TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - // TLS_ECDH_RSA_WITH_RC4_128_SHA, - // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - // WARN: DSS: Certificate not supported/implemented - // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - // TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - // TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, - // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, - // TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - // TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, - // TLS_DHE_DSS_WITH_DES_CBC_SHA, - // TLS_DHE_DSS_WITH_RC4_128_SHA, +func cipherSuiteByID(id uint16) *cipherSuite { + for _, cipherSuite := range cipherSuites { + if cipherSuite.id == id { + return cipherSuite + } + } + return nil } -func cipherIDInCipherIDList(cipher uint16, cipherIDList []uint16) bool { - for _, val := range cipherIDList { - if cipher == val { - return true +func mutualCipherSuiteTLS13(have []uint16, want uint16) *cipherSuiteTLS13 { + for _, id := range have { + if id == want { + return cipherSuiteTLS13ByID(id) } } - return false + return nil } -func cipherIDInCipherList(cipherID uint16, cipherList []*cipherSuite) bool { - for _, cipher := range cipherList { - if cipherID == cipher.id { - return true +func cipherSuiteTLS13ByID(id uint16) *cipherSuiteTLS13 { + for _, cipherSuite := range cipherSuitesTLS13 { + if cipherSuite.id == id { + return cipherSuite } } - return false + return nil } -var SChannelSuites []uint16 = []uint16{ - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_RC4_128_SHA, -} +// A list of cipher suite IDs that are, or have been, implemented by this +// package. +// +// See https://www.iana.org/assignments/tls-parameters/tls-parameters.xml +const ( + // TLS 1.0 - 1.2 cipher suites. + TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 + TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a + TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f + TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 + TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c + TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c + TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a + TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027 + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca8 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca9 + + // TLS 1.3 cipher suites. + TLS_AES_128_GCM_SHA256 uint16 = 0x1301 + TLS_AES_256_GCM_SHA384 uint16 = 0x1302 + TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303 + + // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator + // that the client is doing version fallback. See RFC 7507. + TLS_FALLBACK_SCSV uint16 = 0x5600 + + // Legacy names for the corresponding cipher suites with the correct _SHA256 + // suffix, retained for backward compatibility. + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +) diff --git a/tls/cipher_suites_test.go b/tls/cipher_suites_test.go deleted file mode 100644 index 61dd8932..00000000 --- a/tls/cipher_suites_test.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -import ( - "testing" -) - -func TestChromeCiphersImplemented(t *testing.T) { - for _, cipherID := range ChromeCiphers { - supported := cipherIDInCipherList(cipherID, implementedCipherSuites) - if supported != true { - t.Errorf("Chrome cipher %d (%s) not supported", cipherID, nameForSuite(cipherID)) - } - } -} - -func TestFirefoxCiphersImplemented(t *testing.T) { - for _, cipherID := range FirefoxCiphers { - supported := cipherIDInCipherList(cipherID, implementedCipherSuites) - if supported != true { - t.Errorf("Firefox cipher %d (%s) not supported", cipherID, nameForSuite(cipherID)) - } - } -} - -func TestDHECiphersImplemented(t *testing.T) { - for _, cipherID := range DHECiphers { - supported := cipherIDInCipherList(cipherID, implementedCipherSuites) - if supported != true { - t.Errorf("DHE cipher %d (%s) not supported", cipherID, nameForSuite(cipherID)) - } - } -} - -/* -func TestSafariCiphersImplemented(t *testing.T) { - for _, cipherID := range SafariCiphers { - supported := cipherIDInCipherList(cipherID, implementedCipherSuites) - if supported != true { - t.Errorf("Safari cipher %d (%s) not supported", cipherID, nameForSuite(cipherID)) - } - } -} -*/ diff --git a/tls/common.go b/tls/common.go index fefa68eb..282adc5c 100644 --- a/tls/common.go +++ b/tls/common.go @@ -5,8 +5,12 @@ package tls import ( + "bytes" "container/list" "crypto" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/sha512" @@ -15,31 +19,38 @@ import ( "errors" "fmt" "io" - "math/big" "net" + "runtime" + "sort" "strings" "sync" "time" + "github.com/zmap/zcrypto/internal/cpu" "github.com/zmap/zcrypto/x509" ) const ( - VersionSSL30 = 0x0300 VersionTLS10 = 0x0301 VersionTLS11 = 0x0302 VersionTLS12 = 0x0303 + VersionTLS13 = 0x0304 + + // Deprecated: SSLv3 is cryptographically broken, and is no longer + // supported by this package. See golang.org/issue/32716. + VersionSSL30 = 0x0300 ) const ( - maxPlaintext = 16384 // maximum plaintext payload length - maxCiphertext = 16384 + 2048 // maximum ciphertext payload length - tlsRecordHeaderLen = 5 // record header length - dtlsRecordHeaderLen = 13 - maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) + maxPlaintext = 16384 // maximum plaintext payload length + maxCiphertext = 16384 + 2048 // maximum ciphertext payload length + maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 + recordHeaderLen = 5 // record header length + maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) + maxUselessRecords = 16 // maximum number of consecutive non-advancing records minVersion = VersionSSL30 - maxVersion = VersionTLS12 + maxVersion = VersionTLS13 ) // TLS record types. @@ -59,6 +70,8 @@ const ( typeServerHello uint8 = 2 typeHelloVerifyRequest uint8 = 3 typeNewSessionTicket uint8 = 4 + typeEndOfEarlyData uint8 = 5 + typeEncryptedExtensions uint8 = 8 typeCertificate uint8 = 11 typeServerKeyExchange uint8 = 12 typeCertificateRequest uint8 = 13 @@ -67,8 +80,9 @@ const ( typeClientKeyExchange uint8 = 16 typeFinished uint8 = 20 typeCertificateStatus uint8 = 22 + typeKeyUpdate uint8 = 24 typeNextProtocol uint8 = 67 // Not IANA assigned - typeEncryptedExtensions uint8 = 203 // Not IANA assigned + typeMessageHash uint8 = 254 // synthetic message ) // TLS compression types. @@ -78,18 +92,26 @@ const ( // TLS extension numbers const ( - extensionServerName uint16 = 0 - extensionStatusRequest uint16 = 5 - extensionSupportedCurves uint16 = 10 - extensionSupportedPoints uint16 = 11 - extensionSignatureAlgorithms uint16 = 13 - extensionALPN uint16 = 16 - extensionExtendedMasterSecret uint16 = 23 - extensionSessionTicket uint16 = 35 - extensionNextProtoNeg uint16 = 13172 // not IANA assigned - extensionRenegotiationInfo uint16 = 0xff01 - extensionExtendedRandom uint16 = 0x0028 // not IANA assigned - extensionSCT uint16 = 18 + extensionServerName uint16 = 0 + extensionStatusRequest uint16 = 5 + extensionSupportedCurves uint16 = 10 // supported_groups in TLS 1.3, see RFC 8446, Section 4.2.7 + extensionSupportedPoints uint16 = 11 + extensionSignatureAlgorithms uint16 = 13 + extensionALPN uint16 = 16 + extensionSCT uint16 = 18 + extensionExtendedMasterSecret uint16 = 23 + extensionSessionTicket uint16 = 35 + extensionPreSharedKey uint16 = 41 + extensionEarlyData uint16 = 42 + extensionSupportedVersions uint16 = 43 + extensionCookie uint16 = 44 + extensionPSKModes uint16 = 45 + extensionCertificateAuthorities uint16 = 47 + extensionSignatureAlgorithmsCert uint16 = 50 + extensionKeyShare uint16 = 51 + extensionNextProtoNeg uint16 = 13172 // not IANA assigned + extensionRenegotiationInfo uint16 = 0xff01 + extensionExtendedRandom uint16 = 0x0028 // not IANA assigned ) // TLS signaling cipher suite values @@ -98,13 +120,17 @@ const ( ) // CurveID is the type of a TLS identifier for an elliptic curve. See -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8. +// +// In TLS 1.3, this type is called NamedGroup, but at this time this library +// only supports Elliptic Curve based groups. See RFC 8446, Section 4.2.7. type CurveID uint16 const ( CurveP256 CurveID = 23 CurveP384 CurveID = 24 CurveP521 CurveID = 25 + X25519 CurveID = 29 ) func (curveID *CurveID) MarshalJSON() ([]byte, error) { @@ -182,6 +208,25 @@ func (pFormat *PointFormat) UnmarshalJSON(b []byte) error { return nil } +// TLS 1.3 Key Share. See RFC 8446, Section 4.2.8. +type keyShare struct { + group CurveID + data []byte +} + +// TLS 1.3 PSK Key Exchange Modes. See RFC 8446, Section 4.2.9. +const ( + pskModePlain uint8 = 0 + pskModeDHE uint8 = 1 +) + +// TLS 1.3 PSK Identity. Can be a Session Ticket, or a reference to a saved +// session. See RFC 8446, Section 4.2.11. +type pskIdentity struct { + label []byte + obfuscatedTicketAge uint32 +} + // TLS CertificateStatusType (RFC 3546) const ( statusTypeOCSP uint8 = 1 @@ -212,71 +257,135 @@ const ( hashSHA512 uint8 = 6 ) -// Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1) +// Signature algorithms (for internal signaling use). Starting at 225 to avoid overlap with +// TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do. const ( - signatureRSA uint8 = 1 - signatureDSA uint8 = 2 - signatureECDSA uint8 = 3 + signatureRSA uint8 = 1 + signatureDSA uint8 = 2 + signaturePKCS1v15 uint8 = iota + 225 + signatureRSAPSS + signatureECDSA + signatureEd25519 ) -// SigAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See -// RFC 5246, section A.4.1. -type SigAndHash struct { - Signature, Hash uint8 +// directSigning is a standard Hash value that signals that no pre-hashing +// should be performed, and that the input should be signed directly. It is the +// hash function associated with the Ed25519 signature scheme. +var directSigning crypto.Hash = 0 + +// supportedSignatureAlgorithms contains the signature and hash algorithms that +// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+ +// CertificateRequest. The two fields are merged to match with TLS 1.3. +// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc. +var supportedSignatureAlgorithms = []SignatureScheme{ + PSSWithSHA256, + ECDSAWithP256AndSHA256, + Ed25519, + PSSWithSHA384, + PSSWithSHA512, + PKCS1WithSHA256, + PKCS1WithSHA384, + PKCS1WithSHA512, + ECDSAWithP384AndSHA384, + ECDSAWithP521AndSHA512, + PKCS1WithSHA1, + ECDSAWithSHA1, +} + +// helloRetryRequestRandom is set as the Random value of a ServerHello +// to signal that the message is actually a HelloRetryRequest. +var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3. + 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C, } -// supportedSKXSignatureAlgorithms contains the signature and hash algorithms -// that the code advertises as supported in a TLS 1.2 ClientHello. -var supportedSKXSignatureAlgorithms = []SigAndHash{ - {signatureRSA, hashSHA512}, - {signatureECDSA, hashSHA512}, - {signatureDSA, hashSHA512}, - {signatureRSA, hashSHA384}, - {signatureECDSA, hashSHA384}, - {signatureDSA, hashSHA384}, - {signatureRSA, hashSHA256}, - {signatureECDSA, hashSHA256}, - {signatureDSA, hashSHA256}, - {signatureRSA, hashSHA224}, - {signatureECDSA, hashSHA224}, - {signatureDSA, hashSHA224}, - {signatureRSA, hashSHA1}, - {signatureECDSA, hashSHA1}, - {signatureDSA, hashSHA1}, - {signatureRSA, hashMD5}, - {signatureECDSA, hashMD5}, - {signatureDSA, hashMD5}, -} +const ( + // downgradeCanaryTLS12 or downgradeCanaryTLS11 is embedded in the server + // random as a downgrade protection if the server would be capable of + // negotiating a higher version. See RFC 8446, Section 4.1.3. + downgradeCanaryTLS12 = "DOWNGRD\x01" + downgradeCanaryTLS11 = "DOWNGRD\x00" +) -var defaultSKXSignatureAlgorithms = []SigAndHash{ - {signatureRSA, hashSHA256}, - {signatureECDSA, hashSHA256}, - {signatureRSA, hashSHA1}, - {signatureECDSA, hashSHA1}, - {signatureRSA, hashSHA256}, - {signatureRSA, hashSHA384}, - {signatureRSA, hashSHA512}, -} - -// supportedClientCertSignatureAlgorithms contains the signature and hash -// algorithms that the code advertises as supported in a TLS 1.2 -// CertificateRequest. -var supportedClientCertSignatureAlgorithms = []SigAndHash{ - {signatureRSA, hashSHA256}, - {signatureECDSA, hashSHA256}, -} +// testingOnlyForceDowngradeCanary is set in tests to force the server side to +// include downgrade canaries even if it's using its highers supported version. +var testingOnlyForceDowngradeCanary bool // ConnectionState records basic TLS details about the connection. type ConnectionState struct { - Version uint16 // TLS version used by the connection (e.g. VersionTLS12) - HandshakeComplete bool // TLS handshake is complete - DidResume bool // connection resumes a previous TLS connection - CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...) - NegotiatedProtocol string // negotiated next protocol (from Config.NextProtos) - NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server - ServerName string // server name requested by client, if any (server side only) - PeerCertificates []*x509.Certificate // certificate chain presented by remote peer - VerifiedChains []x509.CertificateChain // verified chains built from PeerCertificates + // Version is the TLS version used by the connection (e.g. VersionTLS12). + Version uint16 + + // HandshakeComplete is true if the handshake has concluded. + HandshakeComplete bool + + // DidResume is true if this connection was successfully resumed from a + // previous session with a session ticket or similar mechanism. + DidResume bool + + // CipherSuite is the cipher suite negotiated for the connection (e.g. + // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_AES_128_GCM_SHA256). + CipherSuite uint16 + + // NegotiatedProtocol is the application protocol negotiated with ALPN. + NegotiatedProtocol string + + // NegotiatedProtocolIsMutual used to indicate a mutual NPN negotiation. + // + // Deprecated: this value is always true. + NegotiatedProtocolIsMutual bool + + // ServerName is the value of the Server Name Indication extension sent by + // the client. It's available both on the server and on the client side. + ServerName string + + // PeerCertificates are the parsed certificates sent by the peer, in the + // order in which they were sent. The first element is the leaf certificate + // that the connection is verified against. + // + // On the client side, it can't be empty. On the server side, it can be + // empty if Config.ClientAuth is not RequireAnyClientCert or + // RequireAndVerifyClientCert. + PeerCertificates []*x509.Certificate + + // VerifiedChains is a list of one or more chains where the first element is + // PeerCertificates[0] and the last element is from Config.RootCAs (on the + // client side) or Config.ClientCAs (on the server side). + // + // On the client side, it's set if Config.InsecureSkipVerify is false. On + // the server side, it's set if Config.ClientAuth is VerifyClientCertIfGiven + // (and the peer provided a certificate) or RequireAndVerifyClientCert. + VerifiedChains []x509.CertificateChain + + // SignedCertificateTimestamps is a list of SCTs provided by the peer + // through the TLS handshake for the leaf certificate, if any. + SignedCertificateTimestamps [][]byte + + // OCSPResponse is a stapled Online Certificate Status Protocol (OCSP) + // response provided by the peer for the leaf certificate, if any. + OCSPResponse []byte + + // TLSUnique contains the "tls-unique" channel binding value (see RFC 5929, + // Section 3). This value will be nil for TLS 1.3 connections and for all + // resumed connections. + // + // Deprecated: there are conditions in which this value might not be unique + // to a connection. See the Security Considerations sections of RFC 5705 and + // RFC 7627, and https://mitls.org/pages/attacks/3SHAKE#channelbindings. + TLSUnique []byte + + // ekm is a closure exposed via ExportKeyingMaterial. + ekm func(label string, context []byte, length int) ([]byte, error) +} + +// ExportKeyingMaterial returns length bytes of exported key material in a new +// slice as defined in RFC 5705. If context is nil, it is not used as part of +// the seed. If the connection was set to allow renegotiation via +// Config.Renegotiation, this function will return an error. +func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) { + return cs.ekm(label, context, length) } // ClientAuthType declares the policy the server will follow for @@ -284,56 +393,207 @@ type ConnectionState struct { type ClientAuthType int const ( - // Values have no meaning (were previously 'iota') - // Values added IOT allow dereference to name for JSON - NoClientCert ClientAuthType = 0 - RequestClientCert ClientAuthType = 1 - RequireAnyClientCert ClientAuthType = 2 - VerifyClientCertIfGiven ClientAuthType = 3 - RequireAndVerifyClientCert ClientAuthType = 4 + // NoClientCert indicates that no client certificate should be requested + // during the handshake, and if any certificates are sent they will not + // be verified. + NoClientCert ClientAuthType = iota + // RequestClientCert indicates that a client certificate should be requested + // during the handshake, but does not require that the client send any + // certificates. + RequestClientCert + // RequireAnyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one certificate is required to be + // sent by the client, but that certificate is not required to be valid. + RequireAnyClientCert + // VerifyClientCertIfGiven indicates that a client certificate should be requested + // during the handshake, but does not require that the client sends a + // certificate. If the client does send a certificate it is required to be + // valid. + VerifyClientCertIfGiven + // RequireAndVerifyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one valid certificate is required + // to be sent by the client. + RequireAndVerifyClientCert ) -func (authType *ClientAuthType) String() string { - if name, ok := clientAuthTypeNames[int(*authType)]; ok { - return name +// requiresClientCert reports whether the ClientAuthType requires a client +// certificate to be provided. +func requiresClientCert(c ClientAuthType) bool { + switch c { + case RequireAnyClientCert, RequireAndVerifyClientCert: + return true + default: + return false } - - return "unknown" -} - -func (authType *ClientAuthType) MarshalJSON() ([]byte, error) { - return []byte(`"` + authType.String() + `"`), nil -} - -func (authType *ClientAuthType) UnmarshalJSON(b []byte) error { - panic("unimplemented") } // ClientSessionState contains the state needed by clients to resume TLS // sessions. type ClientSessionState struct { - sessionTicket []uint8 // Encrypted ticket used for session resumption with server - lifetimeHint uint32 // Hint from server about how long the session ticket should be stored - vers uint16 // SSL/TLS version negotiated for the session - cipherSuite uint16 // Ciphersuite negotiated for the session - masterSecret []byte // MasterSecret generated by client on a full handshake - serverCertificates []*x509.Certificate // Certificate chain presented by the server - extendedMasterSecret bool // Whether an extended master secret was used to generate the session + sessionTicket []uint8 // Encrypted ticket used for session resumption with server + vers uint16 // TLS version negotiated for the session + cipherSuite uint16 // Ciphersuite negotiated for the session + masterSecret []byte // Full handshake MasterSecret, or TLS 1.3 resumption_master_secret + serverCertificates []*x509.Certificate // Certificate chain presented by the server + verifiedChains []x509.CertificateChain // Certificate chains we built for verification + receivedAt time.Time // When the session ticket was received from the server + ocspResponse []byte // Stapled OCSP response presented by the server + scts [][]byte // SCTs presented by the server + + // TLS 1.3 fields. + nonce []byte // Ticket nonce sent by the server, to derive PSK + useBy time.Time // Expiration of the ticket lifetime as set by the server + ageAdd uint32 // Random obfuscation factor for sending the ticket age } // ClientSessionCache is a cache of ClientSessionState objects that can be used // by a client to resume a TLS session with a given server. ClientSessionCache // implementations should expect to be called concurrently from different -// goroutines. +// goroutines. Up to TLS 1.2, only ticket-based resumption is supported, not +// SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which +// are supported via this interface. type ClientSessionCache interface { // Get searches for a ClientSessionState associated with the given key. // On return, ok is true if one was found. Get(sessionKey string) (session *ClientSessionState, ok bool) - // Put adds the ClientSessionState to the cache with the given key. + // Put adds the ClientSessionState to the cache with the given key. It might + // get called multiple times in a connection if a TLS 1.3 server provides + // more than one session ticket. If called with a nil *ClientSessionState, + // it should remove the cache entry. Put(sessionKey string, cs *ClientSessionState) } +//go:generate stringer -type=SignatureScheme,CurveID,ClientAuthType -output=common_string.go + +// SignatureScheme identifies a signature algorithm supported by TLS. See +// RFC 8446, Section 4.2.3. +type SignatureScheme uint16 + +const ( + // RSASSA-PKCS1-v1_5 algorithms. + PKCS1WithSHA256 SignatureScheme = 0x0401 + PKCS1WithSHA384 SignatureScheme = 0x0501 + PKCS1WithSHA512 SignatureScheme = 0x0601 + + // RSASSA-PSS algorithms with public key OID rsaEncryption. + PSSWithSHA256 SignatureScheme = 0x0804 + PSSWithSHA384 SignatureScheme = 0x0805 + PSSWithSHA512 SignatureScheme = 0x0806 + + // ECDSA algorithms. Only constrained to a specific curve in TLS 1.3. + ECDSAWithP256AndSHA256 SignatureScheme = 0x0403 + ECDSAWithP384AndSHA384 SignatureScheme = 0x0503 + ECDSAWithP521AndSHA512 SignatureScheme = 0x0603 + + // EdDSA algorithms. + Ed25519 SignatureScheme = 0x0807 + EdDSAWithEd25519 SignatureScheme = 0x0807 + EdDSAWithEd448 SignatureScheme = 0x0808 + + // Legacy signature and hash algorithms for TLS 1.2. + PKCS1WithSHA1 SignatureScheme = 0x0201 + ECDSAWithSHA1 SignatureScheme = 0x0203 +) + +// ClientHelloInfo contains information from a ClientHello message in order to +// guide application logic in the GetCertificate and GetConfigForClient callbacks. +type ClientHelloInfo struct { + // CipherSuites lists the CipherSuites supported by the client (e.g. + // TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256). + CipherSuites []uint16 + + // ServerName indicates the name of the server requested by the client + // in order to support virtual hosting. ServerName is only set if the + // client is using SNI (see RFC 4366, Section 3.1). + ServerName string + + // SupportedCurves lists the elliptic curves supported by the client. + // SupportedCurves is set only if the Supported Elliptic Curves + // Extension is being used (see RFC 4492, Section 5.1.1). + SupportedCurves []CurveID + + // SupportedPoints lists the point formats supported by the client. + // SupportedPoints is set only if the Supported Point Formats Extension + // is being used (see RFC 4492, Section 5.1.2). + SupportedPoints []uint8 + + // SignatureSchemes lists the signature and hash schemes that the client + // is willing to verify. SignatureSchemes is set only if the Signature + // Algorithms Extension is being used (see RFC 5246, Section 7.4.1.4.1). + SignatureSchemes []SignatureScheme + + // SupportedProtos lists the application protocols supported by the client. + // SupportedProtos is set only if the Application-Layer Protocol + // Negotiation Extension is being used (see RFC 7301, Section 3.1). + // + // Servers can select a protocol by setting Config.NextProtos in a + // GetConfigForClient return value. + SupportedProtos []string + + // SupportedVersions lists the TLS versions supported by the client. + // For TLS versions less than 1.3, this is extrapolated from the max + // version advertised by the client, so values other than the greatest + // might be rejected if used. + SupportedVersions []uint16 + + // Conn is the underlying net.Conn for the connection. Do not read + // from, or write to, this connection; that will cause the TLS + // connection to fail. + Conn net.Conn + + // config is embedded by the GetCertificate or GetConfigForClient caller, + // for use with SupportsCertificate. + config *Config +} + +// CertificateRequestInfo contains information from a server's +// CertificateRequest message, which is used to demand a certificate and proof +// of control from a client. +type CertificateRequestInfo struct { + // AcceptableCAs contains zero or more, DER-encoded, X.501 + // Distinguished Names. These are the names of root or intermediate CAs + // that the server wishes the returned certificate to be signed by. An + // empty slice indicates that the server has no preference. + AcceptableCAs [][]byte + + // SignatureSchemes lists the signature schemes that the server is + // willing to verify. + SignatureSchemes []SignatureScheme + + // Version is the TLS version that was negotiated for this connection. + Version uint16 +} + +// RenegotiationSupport enumerates the different levels of support for TLS +// renegotiation. TLS renegotiation is the act of performing subsequent +// handshakes on a connection after the first. This significantly complicates +// the state machine and has been the source of numerous, subtle security +// issues. Initiating a renegotiation is not supported, but support for +// accepting renegotiation requests may be enabled. +// +// Even when enabled, the server may not change its identity between handshakes +// (i.e. the leaf certificate must be the same). Additionally, concurrent +// handshake and application data flow is not permitted so renegotiation can +// only be used with protocols that synchronise with the renegotiation, such as +// HTTPS. +// +// Renegotiation is not defined in TLS 1.3. +type RenegotiationSupport int + +const ( + // RenegotiateNever disables renegotiation. + RenegotiateNever RenegotiationSupport = iota + + // RenegotiateOnceAsClient allows a remote server to request + // renegotiation once per connection. + RenegotiateOnceAsClient + + // RenegotiateFreelyAsClient allows a remote server to repeatedly + // request renegotiation. + RenegotiateFreelyAsClient +) + // A Config structure is used to configure a TLS client or server. // After one has been passed to a TLS function it must not be // modified. A Config may be reused; the tls package will also not @@ -349,30 +609,103 @@ type Config struct { // If Time is nil, TLS uses time.Now. Time func() time.Time - // Certificates contains one or more certificate chains - // to present to the other side of the connection. - // Server configurations must include at least one certificate. + // Certificates contains one or more certificate chains to present to the + // other side of the connection. The first certificate compatible with the + // peer's requirements is selected automatically. + // + // Server configurations must set one of Certificates, GetCertificate or + // GetConfigForClient. Clients doing client-authentication may set either + // Certificates or GetClientCertificate. + // + // Note: if there are multiple Certificates, and they don't have the + // optional field Leaf set, certificate selection will incur a significant + // per-handshake performance cost. Certificates []Certificate // NameToCertificate maps from a certificate name to an element of // Certificates. Note that a certificate name can be of the form // '*.example.com' and so doesn't have to be a domain name as such. - // See Config.BuildNameToCertificate - // The nil value causes the first element of Certificates to be used - // for all connections. + // + // Deprecated: NameToCertificate only allows associating a single + // certificate with a given name. Leave this field nil to let the library + // select the first compatible chain from Certificates. NameToCertificate map[string]*Certificate + // GetCertificate returns a Certificate based on the given + // ClientHelloInfo. It will only be called if the client supplies SNI + // information or if Certificates is empty. + // + // If GetCertificate is nil or returns nil, then the certificate is + // retrieved from NameToCertificate. If NameToCertificate is nil, the + // best element of Certificates will be used. + GetCertificate func(*ClientHelloInfo) (*Certificate, error) + + // GetClientCertificate, if not nil, is called when a server requests a + // certificate from a client. If set, the contents of Certificates will + // be ignored. + // + // If GetClientCertificate returns an error, the handshake will be + // aborted and that error will be returned. Otherwise + // GetClientCertificate must return a non-nil Certificate. If + // Certificate.Certificate is empty then no certificate will be sent to + // the server. If this is unacceptable to the server then it may abort + // the handshake. + // + // GetClientCertificate may be called multiple times for the same + // connection if renegotiation occurs or if TLS 1.3 is in use. + GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error) + + // GetConfigForClient, if not nil, is called after a ClientHello is + // received from a client. It may return a non-nil Config in order to + // change the Config that will be used to handle this connection. If + // the returned Config is nil, the original Config will be used. The + // Config returned by this callback may not be subsequently modified. + // + // If GetConfigForClient is nil, the Config passed to Server() will be + // used for all connections. + // + // If SessionTicketKey was explicitly set on the returned Config, or if + // SetSessionTicketKeys was called on the returned Config, those keys will + // be used. Otherwise, the original Config keys will be used (and possibly + // rotated if they are automatically managed). + GetConfigForClient func(*ClientHelloInfo) (*Config, error) + + // VerifyPeerCertificate, if not nil, is called after normal + // certificate verification by either a TLS client or server. It + // receives the raw ASN.1 certificates provided by the peer and also + // any verified chains that normal processing found. If it returns a + // non-nil error, the handshake is aborted and that error results. + // + // If normal verification fails then the handshake will abort before + // considering this callback. If normal verification is disabled by + // setting InsecureSkipVerify, or (for a server) when ClientAuth is + // RequestClientCert or RequireAnyClientCert, then this callback will + // be considered but the verifiedChains argument will always be nil. + VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains []x509.CertificateChain) error + + // VerifyConnection, if not nil, is called after normal certificate + // verification and after VerifyPeerCertificate by either a TLS client + // or server. If it returns a non-nil error, the handshake is aborted + // and that error results. + // + // If normal verification fails then the handshake will abort before + // considering this callback. This callback will run for all connections + // regardless of InsecureSkipVerify or ClientAuth settings. + VerifyConnection func(ConnectionState) error + // RootCAs defines the set of root certificate authorities // that clients use when verifying server certificates. // If RootCAs is nil, TLS uses the host's root CA set. RootCAs *x509.CertPool - // NextProtos is a list of supported, application level protocols. + // NextProtos is a list of supported application level protocols, in + // order of preference. NextProtos []string // ServerName is used to verify the hostname on the returned // certificates unless InsecureSkipVerify is given. It is also included - // in the client's handshake to support virtual hosting. + // in the client's handshake to support virtual hosting unless it is + // an IP address. ServerName string // ClientAuth determines the server's policy for @@ -384,16 +717,19 @@ type Config struct { // by the policy in ClientAuth. ClientCAs *x509.CertPool - // InsecureSkipVerify controls whether a client verifies the - // server's certificate chain and host name. - // If InsecureSkipVerify is true, TLS accepts any certificate - // presented by the server and any host name in that certificate. - // In this mode, TLS is susceptible to man-in-the-middle attacks. - // This should be used only for testing. + // InsecureSkipVerify controls whether a client verifies the server's + // certificate chain and host name. If InsecureSkipVerify is true, crypto/tls + // accepts any certificate presented by the server and any host name in that + // certificate. In this mode, TLS is susceptible to machine-in-the-middle + // attacks unless custom verification is used. This should be used only for + // testing or in combination with VerifyConnection or VerifyPeerCertificate. InsecureSkipVerify bool - // CipherSuites is a list of supported cipher suites. If CipherSuites - // is nil, TLS uses a list of suites supported by the implementation. + // CipherSuites is a list of supported cipher suites for TLS versions up to + // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites + // is used, with a preference order based on hardware performance. The + // default cipher suites might change over Go versions. Note that TLS 1.3 + // ciphersuites are not configurable. CipherSuites []uint16 // PreferServerCipherSuites controls whether the server selects the @@ -402,126 +738,84 @@ type Config struct { // the order of elements in CipherSuites, is used. PreferServerCipherSuites bool - // SessionTicketsDisabled may be set to true to disable session ticket - // (resumption) support. + // SessionTicketsDisabled may be set to true to disable session ticket and + // PSK (resumption) support. Note that on clients, session ticket support is + // also disabled if ClientSessionCache is nil. SessionTicketsDisabled bool - // SessionTicketKey is used by TLS servers to provide session - // resumption. See RFC 5077. If zero, it will be filled with - // random data before the first server handshake. + // SessionTicketKey is used by TLS servers to provide session resumption. + // See RFC 5077 and the PSK mode of RFC 8446. If zero, it will be filled + // with random data before the first server handshake. // - // If multiple servers are terminating connections for the same host - // they should all have the same SessionTicketKey. If the - // SessionTicketKey leaks, previously recorded and future TLS - // connections using that key are compromised. + // Deprecated: if this field is left at zero, session ticket keys will be + // automatically rotated every day and dropped after seven days. For + // customizing the rotation schedule or synchronizing servers that are + // terminating connections for the same host, use SetSessionTicketKeys. SessionTicketKey [32]byte - // SessionCache is a cache of ClientSessionState entries for TLS session - // resumption. + // ClientSessionCache is a cache of ClientSessionState entries for TLS + // session resumption. It is only used by clients. ClientSessionCache ClientSessionCache - // MinVersion contains the minimum SSL/TLS version that is acceptable. - // If zero, then SSLv3 is taken as the minimum. + // MinVersion contains the minimum TLS version that is acceptable. + // If zero, TLS 1.0 is currently taken as the minimum. MinVersion uint16 - // MaxVersion contains the maximum SSL/TLS version that is acceptable. - // If zero, then the maximum version supported by this package is used, - // which is currently TLS 1.2. + // MaxVersion contains the maximum TLS version that is acceptable. + // If zero, the maximum version supported by this package is used, + // which is currently TLS 1.3. MaxVersion uint16 // CurvePreferences contains the elliptic curves that will be used in // an ECDHE handshake, in preference order. If empty, the default will - // be used. + // be used. The client will use the first preference as the type for + // its key share in TLS 1.3. This may change in the future. CurvePreferences []CurveID - // If enabled, empty CurvePreferences indicates that there are no curves - // supported for ECDHE key exchanges - ExplicitCurvePreferences bool - - // If enabled, specifies the signature and hash algorithms to be accepted by - // a server, or sent by a client - SignatureAndHashes []SigAndHash - - serverInitOnce sync.Once // guards calling (*Config).serverInit - - // Add all ciphers in CipherSuites to Client Hello even if unimplemented - // Client-side Only - ForceSuites bool - - // Export RSA Key - ExportRSAKey *rsa.PrivateKey - - // HeartbeatEnabled sets whether the heartbeat extension is sent - HeartbeatEnabled bool - - // ClientDSAEnabled sets whether a TLS client will accept server DSA keys - // and DSS signatures - ClientDSAEnabled bool - - // Use extended random - ExtendedRandom bool - - // Force Client Hello to send TLS Session Ticket extension - ForceSessionTicketExt bool - - // Enable use of the Extended Master Secret extension - ExtendedMasterSecret bool - - SignedCertificateTimestampExt bool - - // Explicitly set Client random - ClientRandom []byte - - // Explicitly set ClientHello with raw data - ExternalClientHello []byte - - // If non-null specifies the contents of the client-hello - // WARNING: Setting this may invalidate other fields in the Config object - ClientFingerprintConfiguration *ClientFingerprintConfiguration - - // GetConfigForClient, if not nil, is called after a ClientHello is - // received from a client. It may return a non-nil Config in order to - // change the Config that will be used to handle this connection. If - // the returned Config is nil, the original Config will be used. The - // Config returned by this callback may not be subsequently modified. - // - // If GetConfigForClient is nil, the Config passed to Server() will be - // used for all connections. - // - // Uniquely for the fields in the returned Config, session ticket keys - // will be duplicated from the original Config if not set. - // Specifically, if SetSessionTicketKeys was called on the original - // config but not on the returned config then the ticket keys from the - // original config will be copied into the new config before use. - // Otherwise, if SessionTicketKey was set in the original config but - // not in the returned config then it will be copied into the returned - // config before use. If neither of those cases applies then the key - // material from the returned config will be used for session tickets. - GetConfigForClient func(*ClientHelloInfo) (*Config, error) - - // CertsOnly is used to cause a client to close the TLS connection - // as soon as the server's certificates have been received - CertsOnly bool - - // DontBufferHandshakes causes Handshake() to act like older versions of the go crypto library, where each TLS packet is sent in a separate Write. - DontBufferHandshakes bool - - // mutex protects sessionTicketKeys and originalConfig. + // DynamicRecordSizingDisabled disables adaptive sizing of TLS records. + // When true, the largest possible TLS record size is always used. When + // false, the size of TLS records may be adjusted in an attempt to + // improve latency. + DynamicRecordSizingDisabled bool + + // Renegotiation controls what types of renegotiation are supported. + // The default, none, is correct for the vast majority of applications. + Renegotiation RenegotiationSupport + + // KeyLogWriter optionally specifies a destination for TLS master secrets + // in NSS key log format that can be used to allow external programs + // such as Wireshark to decrypt TLS connections. + // See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. + // Use of KeyLogWriter compromises security and should only be + // used for debugging. + KeyLogWriter io.Writer + + // mutex protects sessionTicketKeys and autoSessionTicketKeys. mutex sync.RWMutex - // sessionTicketKeys contains zero or more ticket keys. If the length - // is zero, SessionTicketsDisabled must be true. The first key is used - // for new tickets and any subsequent keys can be used to decrypt old - // tickets. + // sessionTicketKeys contains zero or more ticket keys. If set, it means the + // the keys were set with SessionTicketKey or SetSessionTicketKeys. The + // first key is used for new tickets and any subsequent keys can be used to + // decrypt old tickets. The slice contents are not protected by the mutex + // and are immutable. sessionTicketKeys []ticketKey - // originalConfig is set to the Config that was passed to Server if - // this Config is returned by a GetConfigForClient callback. It's used - // by serverInit in order to copy session ticket keys if needed. - originalConfig *Config + // autoSessionTicketKeys is like sessionTicketKeys but is owned by the + // auto-rotation logic. See Config.ticketKeys. + autoSessionTicketKeys []ticketKey } -// ticketKeyNameLen is the number of bytes of identifier that is prepended to -// an encrypted session ticket in order to identify the key used to encrypt it. -const ticketKeyNameLen = 16 +const ( + // ticketKeyNameLen is the number of bytes of identifier that is prepended to + // an encrypted session ticket in order to identify the key used to encrypt it. + ticketKeyNameLen = 16 + + // ticketKeyLifetime is how long a ticket key remains valid and can be used to + // resume a client connection. + ticketKeyLifetime = 7 * 24 * time.Hour // 7 days + + // ticketKeyRotation is how often the server should rotate the session ticket key + // that is used for new tickets. + ticketKeyRotation = 24 * time.Hour +) // ticketKey is the internal representation of a session ticket key. type ticketKey struct { @@ -530,108 +824,190 @@ type ticketKey struct { keyName [ticketKeyNameLen]byte aesKey [16]byte hmacKey [16]byte + // created is the time at which this ticket key was created. See Config.ticketKeys. + created time.Time } // ticketKeyFromBytes converts from the external representation of a session // ticket key to a ticketKey. Externally, session ticket keys are 32 random // bytes and this function expands that into sufficient name and key material. -func ticketKeyFromBytes(b [32]byte) (key ticketKey) { +func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) { hashed := sha512.Sum512(b[:]) copy(key.keyName[:], hashed[:ticketKeyNameLen]) copy(key.aesKey[:], hashed[ticketKeyNameLen:ticketKeyNameLen+16]) copy(key.hmacKey[:], hashed[ticketKeyNameLen+16:ticketKeyNameLen+32]) + key.created = c.time() return key } -// Clone returns a shallow clone of c. It is safe to clone a Config that is +// maxSessionTicketLifetime is the maximum allowed lifetime of a TLS 1.3 session +// ticket, and the lifetime we set for tickets we send. +const maxSessionTicketLifetime = 7 * 24 * time.Hour + +// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a Config that is // being used concurrently by a TLS client or server. func (c *Config) Clone() *Config { - // Running serverInit ensures that it's safe to read - // SessionTicketsDisabled. - c.serverInitOnce.Do(c.serverInit) - - var sessionTicketKeys []ticketKey + if c == nil { + return nil + } c.mutex.RLock() - sessionTicketKeys = c.sessionTicketKeys - c.mutex.RUnlock() - + defer c.mutex.RUnlock() return &Config{ - Rand: c.Rand, - Time: c.Time, - Certificates: c.Certificates, - NameToCertificate: c.NameToCertificate, - GetConfigForClient: c.GetConfigForClient, - RootCAs: c.RootCAs, - NextProtos: c.NextProtos, - ServerName: c.ServerName, - ClientAuth: c.ClientAuth, - ClientCAs: c.ClientCAs, - InsecureSkipVerify: c.InsecureSkipVerify, - CipherSuites: c.CipherSuites, - PreferServerCipherSuites: c.PreferServerCipherSuites, - SessionTicketsDisabled: c.SessionTicketsDisabled, - SessionTicketKey: c.SessionTicketKey, - ClientSessionCache: c.ClientSessionCache, - MinVersion: c.MinVersion, - MaxVersion: c.MaxVersion, - CurvePreferences: c.CurvePreferences, - ExplicitCurvePreferences: c.ExplicitCurvePreferences, - sessionTicketKeys: sessionTicketKeys, - ClientFingerprintConfiguration: c.ClientFingerprintConfiguration, - // originalConfig is deliberately not duplicated. - - // Not merged from upstream: - // GetCertificate: c.GetCertificate, - // DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, - // VerifyPeerCertificate: c.VerifyPeerCertificate, - // KeyLogWriter: c.KeyLogWriter, - // Renegotiation: c.Renegotiation, + Rand: c.Rand, + Time: c.Time, + Certificates: c.Certificates, + NameToCertificate: c.NameToCertificate, + GetCertificate: c.GetCertificate, + GetClientCertificate: c.GetClientCertificate, + GetConfigForClient: c.GetConfigForClient, + VerifyPeerCertificate: c.VerifyPeerCertificate, + VerifyConnection: c.VerifyConnection, + RootCAs: c.RootCAs, + NextProtos: c.NextProtos, + ServerName: c.ServerName, + ClientAuth: c.ClientAuth, + ClientCAs: c.ClientCAs, + InsecureSkipVerify: c.InsecureSkipVerify, + CipherSuites: c.CipherSuites, + PreferServerCipherSuites: c.PreferServerCipherSuites, + SessionTicketsDisabled: c.SessionTicketsDisabled, + SessionTicketKey: c.SessionTicketKey, + ClientSessionCache: c.ClientSessionCache, + MinVersion: c.MinVersion, + MaxVersion: c.MaxVersion, + CurvePreferences: c.CurvePreferences, + DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, + Renegotiation: c.Renegotiation, + KeyLogWriter: c.KeyLogWriter, + sessionTicketKeys: c.sessionTicketKeys, + autoSessionTicketKeys: c.autoSessionTicketKeys, } } -func (c *Config) serverInit() { - if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 { +// deprecatedSessionTicketKey is set as the prefix of SessionTicketKey if it was +// randomized for backwards compatibility but is not in use. +var deprecatedSessionTicketKey = []byte("DEPRECATED") + +// initLegacySessionTicketKeyRLocked ensures the legacy SessionTicketKey field is +// randomized if empty, and that sessionTicketKeys is populated from it otherwise. +func (c *Config) initLegacySessionTicketKeyRLocked() { + // Don't write if SessionTicketKey is already defined as our deprecated string, + // or if it is defined by the user but sessionTicketKeys is already set. + if c.SessionTicketKey != [32]byte{} && + (bytes.HasPrefix(c.SessionTicketKey[:], deprecatedSessionTicketKey) || len(c.sessionTicketKeys) > 0) { return } - var originalConfig *Config + // We need to write some data, so get an exclusive lock and re-check any conditions. + c.mutex.RUnlock() + defer c.mutex.RLock() c.mutex.Lock() - originalConfig, c.originalConfig = c.originalConfig, nil - c.mutex.Unlock() - - alreadySet := false - for _, b := range c.SessionTicketKey { - if b != 0 { - alreadySet = true - break + defer c.mutex.Unlock() + if c.SessionTicketKey == [32]byte{} { + if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil { + panic(fmt.Sprintf("tls: unable to generate random session ticket key: %v", err)) } + // Write the deprecated prefix at the beginning so we know we created + // it. This key with the DEPRECATED prefix isn't used as an actual + // session ticket key, and is only randomized in case the application + // reuses it for some reason. + copy(c.SessionTicketKey[:], deprecatedSessionTicketKey) + } else if !bytes.HasPrefix(c.SessionTicketKey[:], deprecatedSessionTicketKey) && len(c.sessionTicketKeys) == 0 { + c.sessionTicketKeys = []ticketKey{c.ticketKeyFromBytes(c.SessionTicketKey)} } - if !alreadySet { - if originalConfig != nil { - copy(c.SessionTicketKey[:], originalConfig.SessionTicketKey[:]) - } else if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil { - c.SessionTicketsDisabled = true - return +} + +// ticketKeys returns the ticketKeys for this connection. +// If configForClient has explicitly set keys, those will +// be returned. Otherwise, the keys on c will be used and +// may be rotated if auto-managed. +// During rotation, any expired session ticket keys are deleted from +// c.sessionTicketKeys. If the session ticket key that is currently +// encrypting tickets (ie. the first ticketKey in c.sessionTicketKeys) +// is not fresh, then a new session ticket key will be +// created and prepended to c.sessionTicketKeys. +func (c *Config) ticketKeys(configForClient *Config) []ticketKey { + // If the ConfigForClient callback returned a Config with explicitly set + // keys, use those, otherwise just use the original Config. + if configForClient != nil { + configForClient.mutex.RLock() + if configForClient.SessionTicketsDisabled { + return nil } + configForClient.initLegacySessionTicketKeyRLocked() + if len(configForClient.sessionTicketKeys) != 0 { + ret := configForClient.sessionTicketKeys + configForClient.mutex.RUnlock() + return ret + } + configForClient.mutex.RUnlock() } - if originalConfig != nil { - originalConfig.mutex.RLock() - c.sessionTicketKeys = originalConfig.sessionTicketKeys - originalConfig.mutex.RUnlock() - } else { - c.sessionTicketKeys = []ticketKey{ticketKeyFromBytes(c.SessionTicketKey)} + c.mutex.RLock() + defer c.mutex.RUnlock() + if c.SessionTicketsDisabled { + return nil + } + c.initLegacySessionTicketKeyRLocked() + if len(c.sessionTicketKeys) != 0 { + return c.sessionTicketKeys + } + // Fast path for the common case where the key is fresh enough. + if len(c.autoSessionTicketKeys) > 0 && c.time().Sub(c.autoSessionTicketKeys[0].created) < ticketKeyRotation { + return c.autoSessionTicketKeys } -} -func (c *Config) ticketKeys() []ticketKey { - c.mutex.RLock() - // c.sessionTicketKeys is constant once created. SetSessionTicketKeys - // will only update it by replacing it with a new value. - ret := c.sessionTicketKeys + // autoSessionTicketKeys are managed by auto-rotation. c.mutex.RUnlock() - return ret + defer c.mutex.RLock() + c.mutex.Lock() + defer c.mutex.Unlock() + // Re-check the condition in case it changed since obtaining the new lock. + if len(c.autoSessionTicketKeys) == 0 || c.time().Sub(c.autoSessionTicketKeys[0].created) >= ticketKeyRotation { + var newKey [32]byte + if _, err := io.ReadFull(c.rand(), newKey[:]); err != nil { + panic(fmt.Sprintf("unable to generate random session ticket key: %v", err)) + } + valid := make([]ticketKey, 0, len(c.autoSessionTicketKeys)+1) + valid = append(valid, c.ticketKeyFromBytes(newKey)) + for _, k := range c.autoSessionTicketKeys { + // While rotating the current key, also remove any expired ones. + if c.time().Sub(k.created) < ticketKeyLifetime { + valid = append(valid, k) + } + } + c.autoSessionTicketKeys = valid + } + return c.autoSessionTicketKeys +} + +// SetSessionTicketKeys updates the session ticket keys for a server. +// +// The first key will be used when creating new tickets, while all keys can be +// used for decrypting tickets. It is safe to call this function while the +// server is running in order to rotate the session ticket keys. The function +// will panic if keys is empty. +// +// Calling this function will turn off automatic session ticket key rotation. +// +// If multiple servers are terminating connections for the same host they should +// all have the same session ticket keys. If the session ticket keys leaks, +// previously recorded and future TLS connections using those keys might be +// compromised. +func (c *Config) SetSessionTicketKeys(keys [][32]byte) { + if len(keys) == 0 { + panic("tls: keys must have at least one key") + } + + newKeys := make([]ticketKey, len(keys)) + for i, bytes := range keys { + newKeys[i] = c.ticketKeyFromBytes(bytes) + } + + c.mutex.Lock() + c.sessionTicketKeys = newKeys + c.mutex.Unlock() } func (c *Config) rand() io.Reader { @@ -658,129 +1034,339 @@ func (c *Config) cipherSuites() []uint16 { return s } -func (c *Config) minVersion() uint16 { - if c == nil || c.MinVersion == 0 { - return minVersion +var supportedVersions = []uint16{ + VersionTLS13, + VersionTLS12, + VersionTLS11, + VersionTLS10, +} + +func (c *Config) supportedVersions() []uint16 { + versions := make([]uint16, 0, len(supportedVersions)) + for _, v := range supportedVersions { + if c != nil && c.MinVersion != 0 && v < c.MinVersion { + continue + } + if c != nil && c.MaxVersion != 0 && v > c.MaxVersion { + continue + } + versions = append(versions, v) + } + return versions +} + +func (c *Config) maxSupportedVersion() uint16 { + supportedVersions := c.supportedVersions() + if len(supportedVersions) == 0 { + return 0 } - return c.MinVersion + return supportedVersions[0] } -func (c *Config) maxVersion() uint16 { - if c == nil || c.MaxVersion == 0 { - return maxVersion +// supportedVersionsFromMax returns a list of supported versions derived from a +// legacy maximum version value. Note that only versions supported by this +// library are returned. Any newer peer will use supportedVersions anyway. +func supportedVersionsFromMax(maxVersion uint16) []uint16 { + versions := make([]uint16, 0, len(supportedVersions)) + for _, v := range supportedVersions { + if v > maxVersion { + continue + } + versions = append(versions, v) } - return c.MaxVersion + return versions } -var defaultCurvePreferences = []CurveID{CurveP256, CurveP384, CurveP521} +var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521} func (c *Config) curvePreferences() []CurveID { - if c.ExplicitCurvePreferences { - return c.CurvePreferences - } if c == nil || len(c.CurvePreferences) == 0 { return defaultCurvePreferences } return c.CurvePreferences } +func (c *Config) supportsCurve(curve CurveID) bool { + for _, cc := range c.curvePreferences() { + if cc == curve { + return true + } + } + return false +} + // mutualVersion returns the protocol version to use given the advertised -// version of the peer. -func (c *Config) mutualVersion(vers uint16) (uint16, bool) { - minVersion := c.minVersion() - maxVersion := c.maxVersion() +// versions of the peer. Priority is given to the peer preference order. +func (c *Config) mutualVersion(peerVersions []uint16) (uint16, bool) { + supportedVersions := c.supportedVersions() + for _, peerVersion := range peerVersions { + for _, v := range supportedVersions { + if v == peerVersion { + return v, true + } + } + } + return 0, false +} - if vers < minVersion { - return 0, false +var errNoCertificates = errors.New("tls: no certificates configured") + +// getCertificate returns the best certificate for the given ClientHelloInfo, +// defaulting to the first element of c.Certificates. +func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) { + if c.GetCertificate != nil && + (len(c.Certificates) == 0 || len(clientHello.ServerName) > 0) { + cert, err := c.GetCertificate(clientHello) + if cert != nil || err != nil { + return cert, err + } } - if vers > maxVersion { - vers = maxVersion + + if len(c.Certificates) == 0 { + return nil, errNoCertificates } - return vers, true -} -// SetSessionTicketKeys updates the session ticket keys for a server. The first -// key will be used when creating new tickets, while all keys can be used for -// decrypting tickets. It is safe to call this function while the server is -// running in order to rotate the session ticket keys. The function will panic -// if keys is empty. -func (c *Config) SetSessionTicketKeys(keys [][32]byte) { - if len(keys) == 0 { - panic("tls: keys must have at least one key") + if len(c.Certificates) == 1 { + // There's only one choice, so no point doing any work. + return &c.Certificates[0], nil } - newKeys := make([]ticketKey, len(keys)) - for i, bytes := range keys { - newKeys[i] = ticketKeyFromBytes(bytes) + if c.NameToCertificate != nil { + name := strings.ToLower(clientHello.ServerName) + if cert, ok := c.NameToCertificate[name]; ok { + return cert, nil + } + if len(name) > 0 { + labels := strings.Split(name, ".") + labels[0] = "*" + wildcardName := strings.Join(labels, ".") + if cert, ok := c.NameToCertificate[wildcardName]; ok { + return cert, nil + } + } } - c.mutex.Lock() - c.sessionTicketKeys = newKeys - c.mutex.Unlock() -} + for _, cert := range c.Certificates { + if err := clientHello.SupportsCertificate(&cert); err == nil { + return &cert, nil + } + } -// getCertificateForName returns the best certificate for the given name, -// defaulting to the first element of c.Certificates if there are no good -// options. -func (c *Config) getCertificateForName(name string) *Certificate { - if len(c.Certificates) == 1 || c.NameToCertificate == nil { - // There's only one choice, so no point doing any work. - return &c.Certificates[0] + // If nothing matches, return the first certificate. + return &c.Certificates[0], nil +} + +// SupportsCertificate returns nil if the provided certificate is supported by +// the client that sent the ClientHello. Otherwise, it returns an error +// describing the reason for the incompatibility. +// +// If this ClientHelloInfo was passed to a GetConfigForClient or GetCertificate +// callback, this method will take into account the associated Config. Note that +// if GetConfigForClient returns a different Config, the change can't be +// accounted for by this method. +// +// This function will call x509.ParseCertificate unless c.Leaf is set, which can +// incur a significant performance cost. +func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error { + // Note we don't currently support certificate_authorities nor + // signature_algorithms_cert, and don't check the algorithms of the + // signatures on the chain (which anyway are a SHOULD, see RFC 8446, + // Section 4.4.2.2). + + config := chi.config + if config == nil { + config = &Config{} + } + vers, ok := config.mutualVersion(chi.SupportedVersions) + if !ok { + return errors.New("no mutually supported protocol versions") } - name = strings.ToLower(name) - for len(name) > 0 && name[len(name)-1] == '.' { - name = name[:len(name)-1] + // If the client specified the name they are trying to connect to, the + // certificate needs to be valid for it. + if chi.ServerName != "" { + x509Cert, err := c.leaf() + if err != nil { + return fmt.Errorf("failed to parse certificate: %w", err) + } + if err := x509Cert.VerifyHostname(chi.ServerName); err != nil { + return fmt.Errorf("certificate is not valid for requested server name: %w", err) + } } - if cert, ok := c.NameToCertificate[name]; ok { - return cert + // supportsRSAFallback returns nil if the certificate and connection support + // the static RSA key exchange, and unsupported otherwise. The logic for + // supporting static RSA is completely disjoint from the logic for + // supporting signed key exchanges, so we just check it as a fallback. + supportsRSAFallback := func(unsupported error) error { + // TLS 1.3 dropped support for the static RSA key exchange. + if vers == VersionTLS13 { + return unsupported + } + // The static RSA key exchange works by decrypting a challenge with the + // RSA private key, not by signing, so check the PrivateKey implements + // crypto.Decrypter, like *rsa.PrivateKey does. + if priv, ok := c.PrivateKey.(crypto.Decrypter); ok { + if _, ok := priv.Public().(*rsa.PublicKey); !ok { + return unsupported + } + } else { + return unsupported + } + // Finally, there needs to be a mutual cipher suite that uses the static + // RSA key exchange instead of ECDHE. + rsaCipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool { + if c.flags&suiteECDHE != 0 { + return false + } + if vers < VersionTLS12 && c.flags&suiteTLS12 != 0 { + return false + } + return true + }) + if rsaCipherSuite == nil { + return unsupported + } + return nil } - // try replacing labels in the name with wildcards until we get a - // match. - labels := strings.Split(name, ".") - for i := range labels { - labels[i] = "*" - candidate := strings.Join(labels, ".") - if cert, ok := c.NameToCertificate[candidate]; ok { - return cert + // If the client sent the signature_algorithms extension, ensure it supports + // schemes we can use with this certificate and TLS version. + if len(chi.SignatureSchemes) > 0 { + if _, err := selectSignatureScheme(vers, c, chi.SignatureSchemes); err != nil { + return supportsRSAFallback(err) } } - // If nothing matches, return the first certificate. - return &c.Certificates[0] -} + // In TLS 1.3 we are done because supported_groups is only relevant to the + // ECDHE computation, point format negotiation is removed, cipher suites are + // only relevant to the AEAD choice, and static RSA does not exist. + if vers == VersionTLS13 { + return nil + } + + // The only signed key exchange we support is ECDHE. + if !supportsECDHE(config, chi.SupportedCurves, chi.SupportedPoints) { + return supportsRSAFallback(errors.New("client doesn't support ECDHE, can only use legacy RSA key exchange")) + } -func (c *Config) signatureAndHashesForServer() []SigAndHash { - if c != nil && c.SignatureAndHashes != nil { - return c.SignatureAndHashes + var ecdsaCipherSuite bool + if priv, ok := c.PrivateKey.(crypto.Signer); ok { + switch pub := priv.Public().(type) { + case *ecdsa.PublicKey: + var curve CurveID + switch pub.Curve { + case elliptic.P256(): + curve = CurveP256 + case elliptic.P384(): + curve = CurveP384 + case elliptic.P521(): + curve = CurveP521 + default: + return supportsRSAFallback(unsupportedCertificateError(c)) + } + var curveOk bool + for _, c := range chi.SupportedCurves { + if c == curve && config.supportsCurve(c) { + curveOk = true + break + } + } + if !curveOk { + return errors.New("client doesn't support certificate curve") + } + ecdsaCipherSuite = true + case ed25519.PublicKey: + if vers < VersionTLS12 || len(chi.SignatureSchemes) == 0 { + return errors.New("connection doesn't support Ed25519") + } + ecdsaCipherSuite = true + case *rsa.PublicKey: + default: + return supportsRSAFallback(unsupportedCertificateError(c)) + } + } else { + return supportsRSAFallback(unsupportedCertificateError(c)) } - return supportedClientCertSignatureAlgorithms + + // Make sure that there is a mutually supported cipher suite that works with + // this certificate. Cipher suite selection will then apply the logic in + // reverse to pick it. See also serverHandshakeState.cipherSuiteOk. + cipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool { + if c.flags&suiteECDHE == 0 { + return false + } + if c.flags&suiteECSign != 0 { + if !ecdsaCipherSuite { + return false + } + } else { + if ecdsaCipherSuite { + return false + } + } + if vers < VersionTLS12 && c.flags&suiteTLS12 != 0 { + return false + } + return true + }) + if cipherSuite == nil { + return supportsRSAFallback(errors.New("client doesn't support any cipher suites compatible with the certificate")) + } + + return nil } -func (c *Config) signatureAndHashesForClient() []SigAndHash { - if c != nil && c.SignatureAndHashes != nil { - return c.SignatureAndHashes +// SupportsCertificate returns nil if the provided certificate is supported by +// the server that sent the CertificateRequest. Otherwise, it returns an error +// describing the reason for the incompatibility. +func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error { + if _, err := selectSignatureScheme(cri.Version, c, cri.SignatureSchemes); err != nil { + return err } - if c.ClientDSAEnabled { - return supportedSKXSignatureAlgorithms + + if len(cri.AcceptableCAs) == 0 { + return nil + } + + for j, cert := range c.Certificate { + x509Cert := c.Leaf + // Parse the certificate if this isn't the leaf node, or if + // chain.Leaf was nil. + if j != 0 || x509Cert == nil { + var err error + if x509Cert, err = x509.ParseCertificate(cert); err != nil { + return fmt.Errorf("failed to parse certificate #%d in the chain: %w", j, err) + } + } + + for _, ca := range cri.AcceptableCAs { + if bytes.Equal(x509Cert.RawIssuer, ca) { + return nil + } + } } - return defaultSKXSignatureAlgorithms + return errors.New("chain is not signed by an acceptable CA") } // BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate // from the CommonName and SubjectAlternateName fields of each of the leaf // certificates. +// +// Deprecated: NameToCertificate only allows associating a single certificate +// with a given name. Leave that field nil to let the library select the first +// compatible chain from Certificates. func (c *Config) BuildNameToCertificate() { c.NameToCertificate = make(map[string]*Certificate) for i := range c.Certificates { cert := &c.Certificates[i] - x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) + x509Cert, err := cert.leaf() if err != nil { continue } - if len(x509Cert.Subject.CommonName) > 0 { + // If SANs are *not* present, some clients will consider the certificate + // valid for the name in the Common Name. + if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 { c.NameToCertificate[x509Cert.Subject.CommonName] = cert } for _, san := range x509Cert.DNSNames { @@ -789,30 +1375,62 @@ func (c *Config) BuildNameToCertificate() { } } -// A Certificate is a chain of one or more certificates, leaf first. -type Certificate struct { - Certificate [][]byte `json:"certificate_chain,omitempty"` +const ( + keyLogLabelTLS12 = "CLIENT_RANDOM" + keyLogLabelClientHandshake = "CLIENT_HANDSHAKE_TRAFFIC_SECRET" + keyLogLabelServerHandshake = "SERVER_HANDSHAKE_TRAFFIC_SECRET" + keyLogLabelClientTraffic = "CLIENT_TRAFFIC_SECRET_0" + keyLogLabelServerTraffic = "SERVER_TRAFFIC_SECRET_0" +) - // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey - // OCSPStaple contains an optional OCSP response which will be served - // to clients that request it. - // Don't expose the private key by default (can be marshalled manually) - PrivateKey crypto.PrivateKey `json:"-"` +func (c *Config) writeKeyLog(label string, clientRandom, secret []byte) error { + if c.KeyLogWriter == nil { + return nil + } + + logLine := []byte(fmt.Sprintf("%s %x %x\n", label, clientRandom, secret)) - OCSPStaple []byte `json:"ocsp_staple,omitempty"` + writerMutex.Lock() + _, err := c.KeyLogWriter.Write(logLine) + writerMutex.Unlock() - // Leaf is the parsed form of the leaf certificate, which may be - // initialized using x509.ParseCertificate to reduce per-handshake - // processing for TLS clients doing client authentication. If nil, the - // leaf certificate will be parsed as needed. - Leaf *x509.Certificate `json:"leaf,omitempty"` + return err } -// A TLS record. -type record struct { - contentType recordType - major, minor uint8 - payload []byte +// writerMutex protects all KeyLogWriters globally. It is rarely enabled, +// and is only for debugging, so a global mutex saves space. +var writerMutex sync.Mutex + +// A Certificate is a chain of one or more certificates, leaf first. +type Certificate struct { + Certificate [][]byte + // PrivateKey contains the private key corresponding to the public key in + // Leaf. This must implement crypto.Signer with an RSA, ECDSA or Ed25519 PublicKey. + // For a server up to TLS 1.2, it can also implement crypto.Decrypter with + // an RSA PublicKey. + PrivateKey crypto.PrivateKey + // SupportedSignatureAlgorithms is an optional list restricting what + // signature algorithms the PrivateKey can be used for. + SupportedSignatureAlgorithms []SignatureScheme + // OCSPStaple contains an optional OCSP response which will be served + // to clients that request it. + OCSPStaple []byte + // SignedCertificateTimestamps contains an optional list of Signed + // Certificate Timestamps which will be served to clients that request it. + SignedCertificateTimestamps [][]byte + // Leaf is the parsed form of the leaf certificate, which may be initialized + // using x509.ParseCertificate to reduce per-handshake processing. If nil, + // the leaf certificate will be parsed as needed. + Leaf *x509.Certificate +} + +// leaf returns the parsed leaf certificate, either from c.Leaf or by parsing +// the corresponding c.Certificate[0]. +func (c *Certificate) leaf() (*x509.Certificate, error) { + if c.Leaf != nil { + return c.Leaf, nil + } + return x509.ParseCertificate(c.Certificate[0]) } type handshakeMessage interface { @@ -851,15 +1469,21 @@ func NewLRUClientSessionCache(capacity int) ClientSessionCache { } } -// Put adds the provided (sessionKey, cs) pair to the cache. +// Put adds the provided (sessionKey, cs) pair to the cache. If cs is nil, the entry +// corresponding to sessionKey is removed from the cache instead. func (c *lruSessionCache) Put(sessionKey string, cs *ClientSessionState) { c.Lock() defer c.Unlock() if elem, ok := c.m[sessionKey]; ok { - entry := elem.Value.(*lruSessionCacheEntry) - entry.state = cs - c.q.MoveToFront(elem) + if cs == nil { + c.q.Remove(elem) + delete(c.m, sessionKey) + } else { + entry := elem.Value.(*lruSessionCacheEntry) + entry.state = cs + c.q.MoveToFront(elem) + } return } @@ -891,22 +1515,16 @@ func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) { return nil, false } -// TODO(jsing): Make these available to both crypto/x509 and crypto/tls. -type dsaSignature struct { - R, S *big.Int -} - -type ecdsaSignature dsaSignature - -var emptyConfig Config = Config{InsecureSkipVerify: true} +var emptyConfig Config func defaultConfig() *Config { return &emptyConfig } var ( - once sync.Once - varDefaultCipherSuites []uint16 + once sync.Once + varDefaultCipherSuites []uint16 + varDefaultCipherSuitesTLS13 []uint16 ) func defaultCipherSuites() []uint16 { @@ -914,370 +1532,133 @@ func defaultCipherSuites() []uint16 { return varDefaultCipherSuites } -func initDefaultCipherSuites() { - varDefaultCipherSuites = make([]uint16, len(stdlibCipherSuites)) - for i, suite := range stdlibCipherSuites { - varDefaultCipherSuites[i] = suite.id - } -} - -func unexpectedMessageError(wanted, got interface{}) error { - return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted) -} - -func isSupportedSignatureAndHash(sigHash SigAndHash, sigHashes []SigAndHash) bool { - for _, s := range sigHashes { - if s == sigHash { - return true - } - } - return false +func defaultCipherSuitesTLS13() []uint16 { + once.Do(initDefaultCipherSuites) + return varDefaultCipherSuitesTLS13 } -// SignatureScheme identifies a signature algorithm supported by TLS. See -// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3. -type SignatureScheme uint16 - -const ( - PKCS1WithSHA1 SignatureScheme = 0x0201 - PKCS1WithSHA256 SignatureScheme = 0x0401 - PKCS1WithSHA384 SignatureScheme = 0x0501 - PKCS1WithSHA512 SignatureScheme = 0x0601 - - PSSWithSHA256 SignatureScheme = 0x0804 - PSSWithSHA384 SignatureScheme = 0x0805 - PSSWithSHA512 SignatureScheme = 0x0806 - - ECDSAWithP256AndSHA256 SignatureScheme = 0x0403 - ECDSAWithP384AndSHA384 SignatureScheme = 0x0503 - ECDSAWithP521AndSHA512 SignatureScheme = 0x0603 - - EdDSAWithEd25519 SignatureScheme = 0x0807 - EdDSAWithEd448 SignatureScheme = 0x0808 +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X ) -func (sigScheme *SignatureScheme) MarshalJSON() ([]byte, error) { - buf := sigScheme.Bytes() - enc := strings.ToUpper(hex.EncodeToString(buf)) - aux := struct { - Hex string `json:"hex"` - Name string `json:"name"` - Value uint16 `json:"value"` - }{ - Hex: fmt.Sprintf("0x%s", enc), - Name: sigScheme.String(), - Value: uint16(*sigScheme), +func initDefaultCipherSuites() { + var topCipherSuites []uint16 + + if hasAESGCMHardwareSupport { + // If AES-GCM hardware is provided then prioritise AES-GCM + // cipher suites. + topCipherSuites = []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + } + varDefaultCipherSuitesTLS13 = []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + } + } else { + // Without AES-GCM hardware, we put the ChaCha20-Poly1305 + // cipher suites first. + topCipherSuites = []uint16{ + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + } + varDefaultCipherSuitesTLS13 = []uint16{ + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + } } - return json.Marshal(aux) -} + varDefaultCipherSuites = make([]uint16, 0, len(cipherSuites)) + varDefaultCipherSuites = append(varDefaultCipherSuites, topCipherSuites...) -func (sigScheme *SignatureScheme) UnmarshalJSON(b []byte) error { - aux := struct { - Hex string `json:"hex"` - Name string `json:"name"` - Value uint16 `json:"value"` - }{} - if err := json.Unmarshal(b, &aux); err != nil { - return err - } - if expectedName := nameForSignatureScheme(aux.Value); expectedName != aux.Name { - return fmt.Errorf("mismatched signature scheme and name, signature scheme: %d, name: %s, expected name: %s", aux.Value, aux.Name, expectedName) +NextCipherSuite: + for _, suite := range cipherSuites { + if suite.flags&suiteDefaultOff != 0 { + continue + } + for _, existing := range varDefaultCipherSuites { + if existing == suite.id { + continue NextCipherSuite + } + } + varDefaultCipherSuites = append(varDefaultCipherSuites, suite.id) } - *sigScheme = SignatureScheme(aux.Value) - return nil -} - -// ClientHelloInfo contains information from a ClientHello message in order to -// guide certificate selection in the GetCertificate callback. -type ClientHelloInfo struct { - // CipherSuites lists the CipherSuites supported by the client (e.g. - // TLS_RSA_WITH_RC4_128_SHA). - CipherSuites []uint16 - - // ServerName indicates the name of the server requested by the client - // in order to support virtual hosting. ServerName is only set if the - // client is using SNI (see - // http://tools.ietf.org/html/rfc4366#section-3.1). - ServerName string - - // SupportedCurves lists the elliptic curves supported by the client. - // SupportedCurves is set only if the Supported Elliptic Curves - // Extension is being used (see - // http://tools.ietf.org/html/rfc4492#section-5.1.1). - SupportedCurves []CurveID - - // SupportedPoints lists the point formats supported by the client. - // SupportedPoints is set only if the Supported Point Formats Extension - // is being used (see - // http://tools.ietf.org/html/rfc4492#section-5.1.2). - SupportedPoints []uint8 - - // SignatureSchemes lists the signature and hash schemes that the client - // is willing to verify. SignatureSchemes is set only if the Signature - // Algorithms Extension is being used (see - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1). - SignatureSchemes []SignatureScheme - - // SupportedProtos lists the application protocols supported by the client. - // SupportedProtos is set only if the Application-Layer Protocol - // Negotiation Extension is being used (see - // https://tools.ietf.org/html/rfc7301#section-3.1). - // - // Servers can select a protocol by setting Config.NextProtos in a - // GetConfigForClient return value. - SupportedProtos []string - - // SupportedVersions lists the TLS versions supported by the client. - // For TLS versions less than 1.3, this is extrapolated from the max - // version advertised by the client, so values other than the greatest - // might be rejected if used. - SupportedVersions []uint16 - - // Conn is the underlying net.Conn for the connection. Do not read - // from, or write to, this connection; that will cause the TLS - // connection to fail. - Conn net.Conn - - // Add a pointer to the entire tls handshake structure so that it can - // be retrieved without hijacking the connection from higher-level - // packages - HandshakeLog *ServerHandshake } -func (info *ClientHelloInfo) MarshalJSON() ([]byte, error) { - aux := struct { - CipherSuites []CipherSuite `json:"cipher_suites"` - ServerName string `json:"server_name,omitempty"` - SupportedCurves []CurveID `json:"supported_curves,omitempty"` - SupportedPoints []PointFormat `json:"supported_point_formats,omitempty"` - SignatureSchemes []SignatureScheme `json:"signature_schemes,omitempty"` - SupportedProtos []string `json:"supported_protocols,omitempty"` - SupportedVersions []TLSVersion `json:"supported_versions,omitempty"` - LocalAddr string `json:"local_address,omitempty"` - RemoteAddr string `json:"remote_address,omitempty"` - }{ - ServerName: info.ServerName, - SupportedCurves: info.SupportedCurves, - SignatureSchemes: info.SignatureSchemes, - SupportedProtos: info.SupportedProtos, - // Do not marshal HandshakeLog IOT avoid duplication of data - // HandshakeLog can be marshalled manually from - // ClientHelloInfo.HandshakeLog or Conn.GetHandshakeLog() - } - - aux.CipherSuites = make([]CipherSuite, len(info.CipherSuites)) - for i, cipher := range info.CipherSuites { - aux.CipherSuites[i] = CipherSuite(cipher) - } - - aux.SupportedPoints = make([]PointFormat, len(info.SupportedPoints)) - for i, format := range info.SupportedPoints { - aux.SupportedPoints[i] = PointFormat(format) - } - - aux.SupportedVersions = make([]TLSVersion, len(info.SupportedVersions)) - for i, version := range info.SupportedVersions { - aux.SupportedVersions[i] = TLSVersion(version) - } - - aux.LocalAddr = fmt.Sprintf("%s+%s", info.Conn.LocalAddr().String(), info.Conn.LocalAddr().Network()) - aux.RemoteAddr = fmt.Sprintf("%s+%s", info.Conn.RemoteAddr().String(), info.Conn.RemoteAddr().Network()) - - return json.Marshal(aux) +func unexpectedMessageError(wanted, got interface{}) error { + return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted) } -func (info *ClientHelloInfo) UnmarshalJSON(b []byte) error { - aux := struct { - CipherSuites []CipherSuite `json:"cipher_suites"` - ServerName string `json:"server_name,omitempty"` - SupportedCurves []CurveID `json:"supported_curves,omitempty"` - SupportedPoints []PointFormat `json:"supported_point_formats,omitempty"` - SignatureSchemes []SignatureScheme `json:"signature_schemes,omitempty"` - SupportedProtos []string `json:"supported_protocols,omitempty"` - SupportedVersions []TLSVersion `json:"supported_versions,omitempty"` - LocalAddr string `json:"local_address,omitempty"` - RemoteAddr string `json:"remote_address,omitempty"` - }{} - - err := json.Unmarshal(b, &aux) - if err != nil { - return err - } - - splitLocalAddr := strings.Split(aux.LocalAddr, "+") - if len(splitLocalAddr) != 2 { - return errors.New("local_address is not unmarshalable") - } - splitRemoteAddr := strings.Split(aux.RemoteAddr, "+") - if len(splitRemoteAddr) != 2 { - return errors.New("remote_address is not unmarshalable") - } - - info.Conn = FakeConn{ - localAddr: FakeAddr{ - stringStr: splitLocalAddr[0], - networkStr: splitLocalAddr[1], - }, - remoteAddr: FakeAddr{ - stringStr: splitRemoteAddr[0], - networkStr: splitLocalAddr[1], - }, - } - - info.ServerName = aux.ServerName - info.SupportedCurves = aux.SupportedCurves - info.SignatureSchemes = aux.SignatureSchemes - info.SupportedProtos = aux.SupportedProtos - - info.CipherSuites = make([]uint16, len(aux.CipherSuites)) - for i, cipher := range aux.CipherSuites { - info.CipherSuites[i] = uint16(cipher) - } - - info.SupportedPoints = make([]uint8, len(aux.SupportedPoints)) - for i, format := range aux.SupportedPoints { - info.SupportedPoints[i] = uint8(format) - } - - info.SupportedVersions = make([]uint16, len(aux.SupportedVersions)) - for i, version := range aux.SupportedVersions { - info.SupportedVersions[i] = uint16(version) +func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlgorithms []SignatureScheme) bool { + for _, s := range supportedSignatureAlgorithms { + if s == sigAlg { + return true + } } - - return nil -} - -// FakeConn and FakeAddr are to allow unmarshaling of tls objects that contain -// net.Conn objects -// With the exeption of recovering the net.Addr strings contained in the JSON, -// any attempt to use these objects will result in a runtime panic() -type FakeConn struct { - localAddr FakeAddr - remoteAddr FakeAddr -} - -func (fConn FakeConn) Read(b []byte) (int, error) { - panic("Read() on FakeConn") -} - -func (fConn FakeConn) Write(b []byte) (int, error) { - panic("Write() on FakeConn") -} - -func (fConn FakeConn) Close() error { - panic("Close() on FakeConn") -} - -func (fConn FakeConn) LocalAddr() net.Addr { - return fConn.localAddr -} - -func (fConn FakeConn) RemoteAddr() net.Addr { - return fConn.remoteAddr -} - -func (fConn FakeConn) SetDeadline(t time.Time) error { - panic("SetDeadline() on FakeConn") -} - -func (fConn FakeConn) SetReadDeadline(t time.Time) error { - panic("SetReadDeadline() on FakeConn") -} - -func (fConn FakeConn) SetWriteDeadline(t time.Time) error { - panic("SetWriteDeadline() on FakeConn") -} - -type FakeAddr struct { - networkStr string - stringStr string -} - -func (fAddr FakeAddr) String() string { - return fAddr.stringStr -} - -func (fAddr FakeAddr) Network() string { - return fAddr.networkStr -} - -type ConfigJSON struct { - Certificates []Certificate `json:"certificates,omitempty"` - RootCAs *x509.CertPool `json:"root_cas,omitempty"` - NextProtos []string `json:"next_protocols,omitempty"` - ServerName string `json:"server_name,omitempty"` - ClientAuth ClientAuthType `json:"client_auth_type"` - ClientCAs *x509.CertPool `json:"client_cas,omitempty"` - InsecureSkipVerify bool `json:"skip_verify"` - CipherSuites []CipherSuite `json:"cipher_suites,omitempty"` - PreferServerCipherSuites bool `json:"prefer_server_cipher_suites"` - SessionTicketsDisabled bool `json:"session_tickets_disabled"` - SessionTicketKey []byte `json:"session_ticket_key,omitempty"` - ClientSessionCache ClientSessionCache `json:"client_session_cache,omitempty"` - MinVersion TLSVersion `json:"min_tls_version,omitempty"` - MaxVersion TLSVersion `json:"max_tls_version,omitempty"` - CurvePreferences []CurveID `json:"curve_preferences,omitempty"` - ExplicitCurvePreferences bool `json:"explicit_curve_preferences"` - ForceSuites bool `json:"force_cipher_suites"` - ExportRSAKey *rsa.PrivateKey `json:"export_rsa_key,omitempty"` - HeartbeatEnabled bool `json:"heartbeat_enabled"` - ClientDSAEnabled bool `json:"client_dsa_enabled"` - ExtendedRandom bool `json:"extended_random_enabled"` - ForceSessionTicketExt bool `json:"session_ticket_ext_enabled"` - ExtendedMasterSecret bool `json:"extended_master_secret_enabled"` - SignedCertificateTimestampExt bool `json:"sct_ext_enabled"` - ClientRandom []byte `json:"client_random,omitempty"` - ExternalClientHello []byte `json:"external_client_hello,omitempty"` - ClientFingerprintConfiguration *ClientFingerprintConfiguration `json:"client_fingerprint_config,omitempty"` - DontBufferHandshakes bool `json:"dont_buffer_handshakes"` + return false } -func (config *Config) MarshalJSON() ([]byte, error) { - aux := new(ConfigJSON) - - aux.Certificates = config.Certificates - aux.RootCAs = config.RootCAs - aux.NextProtos = config.NextProtos - aux.ServerName = config.ServerName - aux.ClientAuth = config.ClientAuth - aux.ClientCAs = config.ClientCAs - aux.InsecureSkipVerify = config.InsecureSkipVerify - - ciphers := config.cipherSuites() - aux.CipherSuites = make([]CipherSuite, len(ciphers)) - for i, aCipher := range ciphers { - aux.CipherSuites[i] = CipherSuite(aCipher) +var aesgcmCiphers = map[uint16]bool{ + // 1.2 + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: true, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: true, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: true, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: true, + // 1.3 + TLS_AES_128_GCM_SHA256: true, + TLS_AES_256_GCM_SHA384: true, +} + +var nonAESGCMAEADCiphers = map[uint16]bool{ + // 1.2 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: true, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: true, + // 1.3 + TLS_CHACHA20_POLY1305_SHA256: true, +} + +// aesgcmPreferred returns whether the first valid cipher in the preference list +// is an AES-GCM cipher, implying the peer has hardware support for it. +func aesgcmPreferred(ciphers []uint16) bool { + for _, cID := range ciphers { + c := cipherSuiteByID(cID) + if c == nil { + c13 := cipherSuiteTLS13ByID(cID) + if c13 == nil { + continue + } + return aesgcmCiphers[cID] + } + return aesgcmCiphers[cID] } - - aux.PreferServerCipherSuites = config.PreferServerCipherSuites - aux.SessionTicketsDisabled = config.SessionTicketsDisabled - aux.SessionTicketKey = config.SessionTicketKey[:] - aux.ClientSessionCache = config.ClientSessionCache - aux.MinVersion = TLSVersion(config.minVersion()) - aux.MaxVersion = TLSVersion(config.maxVersion()) - aux.CurvePreferences = config.curvePreferences() - aux.ExplicitCurvePreferences = config.ExplicitCurvePreferences - aux.ForceSuites = config.ForceSuites - aux.ExportRSAKey = config.ExportRSAKey - aux.HeartbeatEnabled = config.HeartbeatEnabled - aux.ClientDSAEnabled = config.ClientDSAEnabled - aux.ExtendedRandom = config.ExtendedRandom - aux.ForceSessionTicketExt = config.ForceSessionTicketExt - aux.ExtendedMasterSecret = config.ExtendedMasterSecret - aux.SignedCertificateTimestampExt = config.SignedCertificateTimestampExt - aux.ClientRandom = config.ClientRandom - aux.ExternalClientHello = config.ExternalClientHello - aux.ClientFingerprintConfiguration = config.ClientFingerprintConfiguration - aux.DontBufferHandshakes = config.DontBufferHandshakes - - return json.Marshal(aux) + return false } -func (config *Config) UnmarshalJSON(b []byte) error { - panic("unimplemented") +// deprioritizeAES reorders cipher preference lists by rearranging +// adjacent AEAD ciphers such that AES-GCM based ciphers are moved +// after other AEAD ciphers. It returns a fresh slice. +func deprioritizeAES(ciphers []uint16) []uint16 { + reordered := make([]uint16, len(ciphers)) + copy(reordered, ciphers) + sort.SliceStable(reordered, func(i, j int) bool { + return nonAESGCMAEADCiphers[reordered[i]] && aesgcmCiphers[reordered[j]] + }) + return reordered } - -// Error type raised by doFullHandshake() when the CertsOnly option is -// in use -var ErrCertsOnly = errors.New("handshake abandoned per CertsOnly option") diff --git a/tls/common_string.go b/tls/common_string.go new file mode 100644 index 00000000..23810881 --- /dev/null +++ b/tls/common_string.go @@ -0,0 +1,116 @@ +// Code generated by "stringer -type=SignatureScheme,CurveID,ClientAuthType -output=common_string.go"; DO NOT EDIT. + +package tls + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[PKCS1WithSHA256-1025] + _ = x[PKCS1WithSHA384-1281] + _ = x[PKCS1WithSHA512-1537] + _ = x[PSSWithSHA256-2052] + _ = x[PSSWithSHA384-2053] + _ = x[PSSWithSHA512-2054] + _ = x[ECDSAWithP256AndSHA256-1027] + _ = x[ECDSAWithP384AndSHA384-1283] + _ = x[ECDSAWithP521AndSHA512-1539] + _ = x[Ed25519-2055] + _ = x[PKCS1WithSHA1-513] + _ = x[ECDSAWithSHA1-515] +} + +const ( + _SignatureScheme_name_0 = "PKCS1WithSHA1" + _SignatureScheme_name_1 = "ECDSAWithSHA1" + _SignatureScheme_name_2 = "PKCS1WithSHA256" + _SignatureScheme_name_3 = "ECDSAWithP256AndSHA256" + _SignatureScheme_name_4 = "PKCS1WithSHA384" + _SignatureScheme_name_5 = "ECDSAWithP384AndSHA384" + _SignatureScheme_name_6 = "PKCS1WithSHA512" + _SignatureScheme_name_7 = "ECDSAWithP521AndSHA512" + _SignatureScheme_name_8 = "PSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519" +) + +var ( + _SignatureScheme_index_8 = [...]uint8{0, 13, 26, 39, 46} +) + +func (i SignatureScheme) String() string { + switch { + case i == 513: + return _SignatureScheme_name_0 + case i == 515: + return _SignatureScheme_name_1 + case i == 1025: + return _SignatureScheme_name_2 + case i == 1027: + return _SignatureScheme_name_3 + case i == 1281: + return _SignatureScheme_name_4 + case i == 1283: + return _SignatureScheme_name_5 + case i == 1537: + return _SignatureScheme_name_6 + case i == 1539: + return _SignatureScheme_name_7 + case 2052 <= i && i <= 2055: + i -= 2052 + return _SignatureScheme_name_8[_SignatureScheme_index_8[i]:_SignatureScheme_index_8[i+1]] + default: + return "SignatureScheme(" + strconv.FormatInt(int64(i), 10) + ")" + } +} +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[CurveP256-23] + _ = x[CurveP384-24] + _ = x[CurveP521-25] + _ = x[X25519-29] +} + +const ( + _CurveID_name_0 = "CurveP256CurveP384CurveP521" + _CurveID_name_1 = "X25519" +) + +var ( + _CurveID_index_0 = [...]uint8{0, 9, 18, 27} +) + +func (i CurveID) String() string { + switch { + case 23 <= i && i <= 25: + i -= 23 + return _CurveID_name_0[_CurveID_index_0[i]:_CurveID_index_0[i+1]] + case i == 29: + return _CurveID_name_1 + default: + return "CurveID(" + strconv.FormatInt(int64(i), 10) + ")" + } +} +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[NoClientCert-0] + _ = x[RequestClientCert-1] + _ = x[RequireAnyClientCert-2] + _ = x[VerifyClientCertIfGiven-3] + _ = x[RequireAndVerifyClientCert-4] +} + +const _ClientAuthType_name = "NoClientCertRequestClientCertRequireAnyClientCertVerifyClientCertIfGivenRequireAndVerifyClientCert" + +var _ClientAuthType_index = [...]uint8{0, 12, 29, 49, 72, 98} + +func (i ClientAuthType) String() string { + if i < 0 || i >= ClientAuthType(len(_ClientAuthType_index)-1) { + return "ClientAuthType(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _ClientAuthType_name[_ClientAuthType_index[i]:_ClientAuthType_index[i+1]] +} diff --git a/tls/conn.go b/tls/conn.go index c09ec320..f464c5b2 100644 --- a/tls/conn.go +++ b/tls/conn.go @@ -12,9 +12,11 @@ import ( "crypto/subtle" "errors" "fmt" + "hash" "io" "net" "sync" + "sync/atomic" "time" "github.com/zmap/zcrypto/x509" @@ -24,71 +26,95 @@ import ( // It implements the net.Conn interface. type Conn struct { // constant - conn net.Conn - isClient bool - + conn net.Conn + isClient bool + handshakeFn func() error // (*Conn).clientHandshake or serverHandshake + + // handshakeStatus is 1 if the connection is currently transferring + // application data (i.e. is not currently processing a handshake). + // This field is only to be accessed with sync/atomic. + handshakeStatus uint32 // constant after handshake; protected by handshakeMutex - handshakeMutex sync.Mutex // handshakeMutex < in.Mutex, out.Mutex, errMutex - handshakeErr error // error resulting from handshake - vers uint16 // TLS version - haveVers bool // version has been negotiated - config *Config // configuration passed to constructor - handshakeComplete bool - didResume bool // whether this connection was a session resumption - extendedMasterSecret bool // whether this session used an extended master secret - cipherSuite uint16 - ocspResponse []byte // stapled OCSP response - peerCertificates []*x509.Certificate + handshakeMutex sync.Mutex + handshakeErr error // error resulting from handshake + vers uint16 // TLS version + haveVers bool // version has been negotiated + config *Config // configuration passed to constructor + // handshakes counts the number of handshakes performed on the + // connection so far. If renegotiation is disabled then this is either + // zero or one. + handshakes int + didResume bool // whether this connection was a session resumption + cipherSuite uint16 + ocspResponse []byte // stapled OCSP response + scts [][]byte // signed certificate timestamps from server + peerCertificates []*x509.Certificate // verifiedChains contains the certificate chains that we built, as // opposed to the ones presented by the server. verifiedChains []x509.CertificateChain // serverName contains the server name indicated by the client, if any. serverName string - - clientProtocol string - clientProtocolFallback bool + // secureRenegotiation is true if the server echoed the secure + // renegotiation extension. (This is meaningless as a server because + // renegotiation is not supported in that case.) + secureRenegotiation bool + // ekm is a closure for exporting keying material. + ekm func(label string, context []byte, length int) ([]byte, error) + // resumptionSecret is the resumption_master_secret for handling + // NewSessionTicket messages. nil if config.SessionTicketsDisabled. + resumptionSecret []byte + + // ticketKeys is the set of active session ticket keys for this + // connection. The first one is used to encrypt new tickets and + // all are tried to decrypt tickets. + ticketKeys []ticketKey + + // clientFinishedIsFirst is true if the client sent the first Finished + // message during the most recent handshake. This is recorded because + // the first transmitted Finished message is the tls-unique + // channel-binding value. + clientFinishedIsFirst bool + + // closeNotifyErr is any error from sending the alertCloseNotify record. + closeNotifyErr error + // closeNotifySent is true if the Conn attempted to send an + // alertCloseNotify record. + closeNotifySent bool + + // clientFinished and serverFinished contain the Finished message sent + // by the client or server in the most recent handshake. This is + // retained to support the renegotiation extension and tls-unique + // channel-binding. + clientFinished [12]byte + serverFinished [12]byte + + // clientProtocol is the negotiated ALPN protocol. + clientProtocol string // input/output - in, out halfConn // in.Mutex < out.Mutex - rawInput *block // raw input, right off the wire - input *block // application data waiting to be read + in, out halfConn + rawInput bytes.Buffer // raw input, starting with a record header + input bytes.Reader // application data waiting to be read, from rawInput.Next hand bytes.Buffer // handshake data waiting to be read buffering bool // whether records are buffered in sendBuf sendBuf []byte // a buffer of records waiting to be sent - tmp [16]byte - - // tls - heartbeat bool - handshakeLog *ServerHandshake - heartbleedLog *Heartbleed - - // Missing cipher - cipherError error + // bytesSent counts the bytes of application data sent. + // packetsSent counts packets. + bytesSent int64 + packetsSent int64 - // Client ciphers - clientCiphers []uint16 + // retryCount counts the number of consecutive non-advancing records + // received by Conn.readRecord. That is, records that neither advance the + // handshake, nor deliver application data. Protected by in.Mutex. + retryCount int - // Raw client hello - clientHelloRaw []byte -} + // activeCall is an atomic int32; the low bit is whether Close has + // been called. the rest of the bits are the number of goroutines + // in Conn.Write. + activeCall int32 -func (c *Conn) ClientHelloRaw() []byte { - if c.clientHelloRaw == nil { - return []byte{} - } - return c.clientHelloRaw -} - -func (c *Conn) ClientCiphers() []CipherSuite { - if c.clientCiphers == nil { - return []CipherSuite{} - } - out := make([]CipherSuite, len(c.clientCiphers)) - for idx, val := range c.clientCiphers { - out[idx] = CipherSuite(val) - } - return out + tmp [16]byte } // Access to net.Conn methods. @@ -133,32 +159,38 @@ type halfConn struct { err error // first permanent error version uint16 // protocol version cipher interface{} // cipher algorithm - mac macFunction + mac hash.Hash seq [8]byte // 64-bit sequence number - bfree *block // list of free blocks + + scratchBuf [13]byte // to avoid allocs; interface method args escape nextCipher interface{} // next encryption state - nextMac macFunction // next MAC algorithm + nextMac hash.Hash // next MAC algorithm - // used to save allocating a new buffer for each MAC. - inDigestBuf, outDigestBuf []byte + trafficSecret []byte // current TLS 1.3 traffic secret } -func (hc *halfConn) setErrorLocked(err error) error { - hc.err = err - return err +type permanentError struct { + err net.Error } -func (hc *halfConn) error() error { - hc.Lock() - err := hc.err - hc.Unlock() - return err +func (e *permanentError) Error() string { return e.err.Error() } +func (e *permanentError) Unwrap() error { return e.err } +func (e *permanentError) Timeout() bool { return e.err.Timeout() } +func (e *permanentError) Temporary() bool { return false } + +func (hc *halfConn) setErrorLocked(err error) error { + if e, ok := err.(net.Error); ok { + hc.err = &permanentError{err: e} + } else { + hc.err = err + } + return hc.err } // prepareCipherSpec sets the encryption and MAC states // that a subsequent changeCipherSpec will use. -func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction) { +func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac hash.Hash) { hc.version = version hc.nextCipher = cipher hc.nextMac = mac @@ -167,7 +199,7 @@ func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac ma // changeCipherSpec changes the encryption and MAC states // to the ones previously passed to prepareCipherSpec. func (hc *halfConn) changeCipherSpec() error { - if hc.nextCipher == nil { + if hc.nextCipher == nil || hc.version == VersionTLS13 { return alertInternalError } hc.cipher = hc.nextCipher @@ -180,52 +212,72 @@ func (hc *halfConn) changeCipherSpec() error { return nil } +func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, secret []byte) { + hc.trafficSecret = secret + key, iv := suite.trafficKey(secret) + hc.cipher = suite.aead(key, iv) + for i := range hc.seq { + hc.seq[i] = 0 + } +} + // incSeq increments the sequence number. -func (hc *halfConn) incSeq(isOutgoing bool) { - limit := 0 - increment := uint64(1) - for i := 7; i >= limit; i-- { - increment += uint64(hc.seq[i]) - hc.seq[i] = byte(increment) - increment >>= 8 +func (hc *halfConn) incSeq() { + for i := 7; i >= 0; i-- { + hc.seq[i]++ + if hc.seq[i] != 0 { + return + } } // Not allowed to let sequence number wrap. // Instead, must renegotiate before it does. // Not likely enough to bother. - if increment != 0 { - panic("TLS: sequence number wraparound") - } + panic("TLS: sequence number wraparound") } -// resetSeq resets the sequence number to zero. -func (hc *halfConn) resetSeq() { - for i := range hc.seq { - hc.seq[i] = 0 +// explicitNonceLen returns the number of bytes of explicit nonce or IV included +// in each record. Explicit nonces are present only in CBC modes after TLS 1.0 +// and in certain AEAD modes in TLS 1.2. +func (hc *halfConn) explicitNonceLen() int { + if hc.cipher == nil { + return 0 + } + + switch c := hc.cipher.(type) { + case cipher.Stream: + return 0 + case aead: + return c.explicitNonceLen() + case cbcMode: + // TLS 1.1 introduced a per-record explicit IV to fix the BEAST attack. + if hc.version >= VersionTLS11 { + return c.BlockSize() + } + return 0 + default: + panic("unknown cipher type") } } -func (hc *halfConn) recordHeaderLen() int { - return tlsRecordHeaderLen -} - -// removePadding returns an unpadded slice, in constant time, which is a prefix -// of the input. It also returns a byte which is equal to 255 if the padding -// was valid and 0 otherwise. See RFC 2246, section 6.2.3.2 -func removePadding(payload []byte) ([]byte, byte) { +// extractPadding returns, in constant time, the length of the padding to remove +// from the end of payload. It also returns a byte which is equal to 255 if the +// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2. +func extractPadding(payload []byte) (toRemove int, good byte) { if len(payload) < 1 { - return payload, 0 + return 0, 0 } paddingLen := payload[len(payload)-1] t := uint(len(payload)-1) - uint(paddingLen) // if len(payload) >= (paddingLen - 1) then the MSB of t is zero - good := byte(int32(^t) >> 31) + good = byte(int32(^t) >> 31) - toCheck := 255 // the maximum possible padding length + // The maximum possible padding length plus the actual length field + toCheck := 256 // The length of the padded data is public, so we can use an if here - if toCheck+1 > len(payload) { - toCheck = len(payload) - 1 + if toCheck > len(payload) { + toCheck = len(payload) } for i := 0; i < toCheck; i++ { @@ -243,24 +295,19 @@ func removePadding(payload []byte) ([]byte, byte) { good &= good << 1 good = uint8(int8(good) >> 7) - toRemove := good&paddingLen + 1 - return payload[:len(payload)-int(toRemove)], good -} - -// removePaddingSSL30 is a replacement for removePadding in the case that the -// protocol version is SSLv3. In this version, the contents of the padding -// are random and cannot be checked. -func removePaddingSSL30(payload []byte) ([]byte, byte) { - if len(payload) < 1 { - return payload, 0 - } - - paddingLen := int(payload[len(payload)-1]) + 1 - if paddingLen > len(payload) { - return payload, 0 - } + // Zero the padding length on error. This ensures any unchecked bytes + // are included in the MAC. Otherwise, an attacker that could + // distinguish MAC failures from padding failures could mount an attack + // similar to POODLE in SSL 3.0: given a good ciphertext that uses a + // full block's worth of padding, replace the final block with another + // block. If the MAC check passed but the padding check failed, the + // last byte of that block decrypted to the block size. + // + // See also macAndPaddingGood logic below. + paddingLen &= good - return payload[:len(payload)-paddingLen], 255 + toRemove = int(paddingLen) + 1 + return } func roundUp(a, b int) int { @@ -273,374 +320,335 @@ type cbcMode interface { SetIV([]byte) } -// decrypt checks and strips the mac and decrypts the data in b. Returns a -// success boolean, the number of bytes to skip from the start of the record in -// order to get the application payload, and an optional alert value. -func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert) { - recordHeaderLen := hc.recordHeaderLen() - - // pull out payload - payload := b.data[recordHeaderLen:] +// decrypt authenticates and decrypts the record if protection is active at +// this stage. The returned plaintext might overlap with the input. +func (hc *halfConn) decrypt(record []byte) ([]byte, recordType, error) { + var plaintext []byte + typ := recordType(record[0]) + payload := record[recordHeaderLen:] - macSize := 0 - if hc.mac != nil { - macSize = hc.mac.Size() + // In TLS 1.3, change_cipher_spec messages are to be ignored without being + // decrypted. See RFC 8446, Appendix D.4. + if hc.version == VersionTLS13 && typ == recordTypeChangeCipherSpec { + return payload, typ, nil } paddingGood := byte(255) - explicitIVLen := 0 + paddingLen := 0 - seq := hc.seq[:] + explicitNonceLen := hc.explicitNonceLen() - // decrypt if hc.cipher != nil { switch c := hc.cipher.(type) { case cipher.Stream: c.XORKeyStream(payload, payload) - case tlsAead: - nonce := seq - if c.explicitNonce() { - explicitIVLen = 8 - if len(payload) < explicitIVLen { - return false, 0, alertBadRecordMAC - } - nonce = payload[:8] - payload = payload[8:] + case aead: + if len(payload) < explicitNonceLen { + return nil, 0, alertBadRecordMAC + } + nonce := payload[:explicitNonceLen] + if len(nonce) == 0 { + nonce = hc.seq[:] + } + payload = payload[explicitNonceLen:] + + var additionalData []byte + if hc.version == VersionTLS13 { + additionalData = record[:recordHeaderLen] + } else { + additionalData = append(hc.scratchBuf[:0], hc.seq[:]...) + additionalData = append(additionalData, record[:3]...) + n := len(payload) - c.Overhead() + additionalData = append(additionalData, byte(n>>8), byte(n)) } - var additionalData [13]byte - copy(additionalData[:], seq) - copy(additionalData[8:], b.data[:3]) - n := len(payload) - c.Overhead() - additionalData[11] = byte(n >> 8) - additionalData[12] = byte(n) var err error - payload, err = c.Open(payload[:0], nonce, payload, additionalData[:]) + plaintext, err = c.Open(payload[:0], nonce, payload, additionalData) if err != nil { - return false, 0, alertBadRecordMAC + return nil, 0, alertBadRecordMAC } - b.resize(recordHeaderLen + explicitIVLen + len(payload)) case cbcMode: blockSize := c.BlockSize() - if hc.version >= VersionTLS11 { - explicitIVLen = blockSize + minPayload := explicitNonceLen + roundUp(hc.mac.Size()+1, blockSize) + if len(payload)%blockSize != 0 || len(payload) < minPayload { + return nil, 0, alertBadRecordMAC } - if len(payload)%blockSize != 0 || len(payload) < roundUp(explicitIVLen+macSize+1, blockSize) { - return false, 0, alertBadRecordMAC - } - - if explicitIVLen > 0 { - c.SetIV(payload[:explicitIVLen]) - payload = payload[explicitIVLen:] + if explicitNonceLen > 0 { + c.SetIV(payload[:explicitNonceLen]) + payload = payload[explicitNonceLen:] } c.CryptBlocks(payload, payload) - if hc.version == VersionSSL30 { - payload, paddingGood = removePaddingSSL30(payload) - } else { - payload, paddingGood = removePadding(payload) - } - b.resize(recordHeaderLen + explicitIVLen + len(payload)) - - // note that we still have a timing side-channel in the - // MAC check, below. An attacker can align the record - // so that a correct padding will cause one less hash - // block to be calculated. Then they can iteratively - // decrypt a record by breaking each byte. See - // "Password Interception in a SSL/TLS Channel", Brice - // Canvel et al. - // - // However, our behavior matches OpenSSL, so we leak - // only as much as they do. + + // In a limited attempt to protect against CBC padding oracles like + // Lucky13, the data past paddingLen (which is secret) is passed to + // the MAC function as extra data, to be fed into the HMAC after + // computing the digest. This makes the MAC roughly constant time as + // long as the digest computation is constant time and does not + // affect the subsequent write, modulo cache effects. + paddingLen, paddingGood = extractPadding(payload) default: panic("unknown cipher type") } + + if hc.version == VersionTLS13 { + if typ != recordTypeApplicationData { + return nil, 0, alertUnexpectedMessage + } + if len(plaintext) > maxPlaintext+1 { + return nil, 0, alertRecordOverflow + } + // Remove padding and find the ContentType scanning from the end. + for i := len(plaintext) - 1; i >= 0; i-- { + if plaintext[i] != 0 { + typ = recordType(plaintext[i]) + plaintext = plaintext[:i] + break + } + if i == 0 { + return nil, 0, alertUnexpectedMessage + } + } + } + } else { + plaintext = payload } - // check, strip mac if hc.mac != nil { + macSize := hc.mac.Size() if len(payload) < macSize { - return false, 0, alertBadRecordMAC + return nil, 0, alertBadRecordMAC } - // strip mac off payload, b.data - n := len(payload) - macSize - b.data[recordHeaderLen-2] = byte(n >> 8) - b.data[recordHeaderLen-1] = byte(n) - b.resize(recordHeaderLen + explicitIVLen + n) - remoteMAC := payload[n:] - localMAC := hc.mac.MAC(hc.inDigestBuf, seq, b.data[:3], b.data[recordHeaderLen-2:recordHeaderLen], payload[:n]) - - if subtle.ConstantTimeCompare(localMAC, remoteMAC) != 1 || paddingGood != 255 { - return false, 0, alertBadRecordMAC + n := len(payload) - macSize - paddingLen + n = subtle.ConstantTimeSelect(int(uint32(n)>>31), 0, n) // if n < 0 { n = 0 } + record[3] = byte(n >> 8) + record[4] = byte(n) + remoteMAC := payload[n : n+macSize] + localMAC := tls10MAC(hc.mac, hc.scratchBuf[:0], hc.seq[:], record[:recordHeaderLen], payload[:n], payload[n+macSize:]) + + // This is equivalent to checking the MACs and paddingGood + // separately, but in constant-time to prevent distinguishing + // padding failures from MAC failures. Depending on what value + // of paddingLen was returned on bad padding, distinguishing + // bad MAC from bad padding can lead to an attack. + // + // See also the logic at the end of extractPadding. + macAndPaddingGood := subtle.ConstantTimeCompare(localMAC, remoteMAC) & int(paddingGood) + if macAndPaddingGood != 1 { + return nil, 0, alertBadRecordMAC } - hc.inDigestBuf = localMAC + + plaintext = payload[:n] } - hc.incSeq(false) - return true, recordHeaderLen + explicitIVLen, 0 + hc.incSeq() + return plaintext, typ, nil } -// padToBlockSize calculates the needed padding block, if any, for a payload. -// On exit, prefix aliases payload and extends to the end of the last full -// block of payload. finalBlock is a fresh slice which contains the contents of -// any suffix of payload as well as the needed padding to make finalBlock a -// full block. -func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) { - overrun := len(payload) % blockSize - prefix = payload[:len(payload)-overrun] - - paddingLen := blockSize - overrun - finalSize := blockSize - finalBlock = make([]byte, finalSize) - for i := range finalBlock { - finalBlock[i] = byte(paddingLen - 1) - } - copy(finalBlock, payload[len(payload)-overrun:]) +// sliceForAppend extends the input slice by n bytes. head is the full extended +// slice, while tail is the appended part. If the original slice has sufficient +// capacity no allocation is performed. +func sliceForAppend(in []byte, n int) (head, tail []byte) { + if total := len(in) + n; cap(in) >= total { + head = in[:total] + } else { + head = make([]byte, total) + copy(head, in) + } + tail = head[len(in):] return } -// encrypt encrypts and macs the data in b. -func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { - recordHeaderLen := hc.recordHeaderLen() - - // mac - if hc.mac != nil { - mac := hc.mac.MAC(hc.outDigestBuf, hc.seq[0:], b.data[:3], b.data[recordHeaderLen-2:recordHeaderLen], b.data[recordHeaderLen+explicitIVLen:]) - - n := len(b.data) - b.resize(n + len(mac)) - copy(b.data[n:], mac) - hc.outDigestBuf = mac - } - - payload := b.data[recordHeaderLen:] - - // encrypt - if hc.cipher != nil { - switch c := hc.cipher.(type) { - case cipher.Stream: - c.XORKeyStream(payload, payload) - case tlsAead: - payloadLen := len(b.data) - recordHeaderLen - explicitIVLen - b.resize(len(b.data) + c.Overhead()) - nonce := hc.seq[:] - if c.explicitNonce() { - nonce = b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] - } - payload := b.data[recordHeaderLen+explicitIVLen:] - payload = payload[:payloadLen] - - var additionalData [13]byte - copy(additionalData[:], hc.seq[:]) - copy(additionalData[8:], b.data[:3]) - additionalData[11] = byte(payloadLen >> 8) - additionalData[12] = byte(payloadLen) - - c.Seal(payload[:0], nonce, payload, additionalData[:]) - case cbcMode: - blockSize := c.BlockSize() - if explicitIVLen > 0 { - c.SetIV(payload[:explicitIVLen]) - payload = payload[explicitIVLen:] +// encrypt encrypts payload, adding the appropriate nonce and/or MAC, and +// appends it to record, which must already contain the record header. +func (hc *halfConn) encrypt(record, payload []byte, rand io.Reader) ([]byte, error) { + if hc.cipher == nil { + return append(record, payload...), nil + } + + var explicitNonce []byte + if explicitNonceLen := hc.explicitNonceLen(); explicitNonceLen > 0 { + record, explicitNonce = sliceForAppend(record, explicitNonceLen) + if _, isCBC := hc.cipher.(cbcMode); !isCBC && explicitNonceLen < 16 { + // The AES-GCM construction in TLS has an explicit nonce so that the + // nonce can be random. However, the nonce is only 8 bytes which is + // too small for a secure, random nonce. Therefore we use the + // sequence number as the nonce. The 3DES-CBC construction also has + // an 8 bytes nonce but its nonces must be unpredictable (see RFC + // 5246, Appendix F.3), forcing us to use randomness. That's not + // 3DES' biggest problem anyway because the birthday bound on block + // collision is reached first due to its similarly small block size + // (see the Sweet32 attack). + copy(explicitNonce, hc.seq[:]) + } else { + if _, err := io.ReadFull(rand, explicitNonce); err != nil { + return nil, err } - prefix, finalBlock := padToBlockSize(payload, blockSize) - b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock)) - c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix) - c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock) - default: - panic("unknown cipher type") } } - // update length to include MAC and any block padding needed. - n := len(b.data) - recordHeaderLen - b.data[recordHeaderLen-2] = byte(n >> 8) - b.data[recordHeaderLen-1] = byte(n) - hc.incSeq(true) - - return true, 0 -} - -// A block is a simple data buffer. -type block struct { - data []byte - off int // index for Read - link *block -} + var dst []byte + switch c := hc.cipher.(type) { + case cipher.Stream: + mac := tls10MAC(hc.mac, hc.scratchBuf[:0], hc.seq[:], record[:recordHeaderLen], payload, nil) + record, dst = sliceForAppend(record, len(payload)+len(mac)) + c.XORKeyStream(dst[:len(payload)], payload) + c.XORKeyStream(dst[len(payload):], mac) + case aead: + nonce := explicitNonce + if len(nonce) == 0 { + nonce = hc.seq[:] + } -// resize resizes block to be n bytes, growing if necessary. -func (b *block) resize(n int) { - if n > cap(b.data) { - b.reserve(n) - } - b.data = b.data[0:n] -} + if hc.version == VersionTLS13 { + record = append(record, payload...) -// reserve makes sure that block contains a capacity of at least n bytes. -func (b *block) reserve(n int) { - if cap(b.data) >= n { - return - } - m := cap(b.data) - if m == 0 { - m = 1024 - } - for m < n { - m *= 2 - } - data := make([]byte, len(b.data), m) - copy(data, b.data) - b.data = data -} + // Encrypt the actual ContentType and replace the plaintext one. + record = append(record, record[0]) + record[0] = byte(recordTypeApplicationData) -// readFromUntil reads from r into b until b contains at least n bytes -// or else returns an error. -func (b *block) readFromUntil(r io.Reader, n int) error { - // quick case - if len(b.data) >= n { - return nil - } + n := len(payload) + 1 + c.Overhead() + record[3] = byte(n >> 8) + record[4] = byte(n) - // read until have enough. - b.reserve(n) - for { - m, err := r.Read(b.data[len(b.data):cap(b.data)]) - b.data = b.data[0 : len(b.data)+m] - if len(b.data) >= n { - // TODO(bradfitz,agl): slightly suspicious - // that we're throwing away r.Read's err here. - break + record = c.Seal(record[:recordHeaderLen], + nonce, record[recordHeaderLen:], record[:recordHeaderLen]) + } else { + additionalData := append(hc.scratchBuf[:0], hc.seq[:]...) + additionalData = append(additionalData, record[:recordHeaderLen]...) + record = c.Seal(record, nonce, payload, additionalData) } - if err != nil { - return err + case cbcMode: + mac := tls10MAC(hc.mac, hc.scratchBuf[:0], hc.seq[:], record[:recordHeaderLen], payload, nil) + blockSize := c.BlockSize() + plaintextLen := len(payload) + len(mac) + paddingLen := blockSize - plaintextLen%blockSize + record, dst = sliceForAppend(record, plaintextLen+paddingLen) + copy(dst, payload) + copy(dst[len(payload):], mac) + for i := plaintextLen; i < len(dst); i++ { + dst[i] = byte(paddingLen - 1) + } + if len(explicitNonce) > 0 { + c.SetIV(explicitNonce) } + c.CryptBlocks(dst, dst) + default: + panic("unknown cipher type") } - return nil + + // Update length to include nonce, MAC and any block padding needed. + n := len(record) - recordHeaderLen + record[3] = byte(n >> 8) + record[4] = byte(n) + hc.incSeq() + + return record, nil } -func (b *block) Read(p []byte) (n int, err error) { - n = copy(p, b.data[b.off:]) - b.off += n - return +// RecordHeaderError is returned when a TLS record header is invalid. +type RecordHeaderError struct { + // Msg contains a human readable string that describes the error. + Msg string + // RecordHeader contains the five bytes of TLS record header that + // triggered the error. + RecordHeader [5]byte + // Conn provides the underlying net.Conn in the case that a client + // sent an initial handshake that didn't look like TLS. + // It is nil if there's already been a handshake or a TLS alert has + // been written to the connection. + Conn net.Conn } -// newBlock allocates a new block, from hc's free list if possible. -func (hc *halfConn) newBlock() *block { - b := hc.bfree - if b == nil { - return new(block) - } - hc.bfree = b.link - b.link = nil - b.resize(0) - return b +func (e RecordHeaderError) Error() string { return "tls: " + e.Msg } + +func (c *Conn) newRecordHeaderError(conn net.Conn, msg string) (err RecordHeaderError) { + err.Msg = msg + err.Conn = conn + copy(err.RecordHeader[:], c.rawInput.Bytes()) + return err } -// freeBlock returns a block to hc's free list. -// The protocol is such that each side only has a block or two on -// its free list at a time, so there's no need to worry about -// trimming the list, etc. -func (hc *halfConn) freeBlock(b *block) { - b.link = hc.bfree - hc.bfree = b +func (c *Conn) readRecord() error { + return c.readRecordOrCCS(false) } -// splitBlock splits a block after the first n bytes, -// returning a block with those n bytes and a -// block with the remainder. the latter may be nil. -func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { - if len(b.data) <= n { - return b, nil - } - bb := hc.newBlock() - bb.resize(len(b.data) - n) - copy(bb.data, b.data[n:]) - b.data = b.data[0:n] - return b, bb +func (c *Conn) readChangeCipherSpec() error { + return c.readRecordOrCCS(true) } -// readRecord reads the next TLS record from the connection -// and updates the record layer state. -// c.in.Mutex <= L; c.input == nil. -func (c *Conn) readRecord(want recordType) error { - // Caller must be in sync with connection: - // handshake data if handshake not yet completed, - // else application data. (We don't support renegotiation.) - switch want { - default: - c.sendAlert(alertInternalError) - return c.in.setErrorLocked(errors.New("tls: unknown record type requested")) - case recordTypeHandshake, recordTypeChangeCipherSpec: - if c.handshakeComplete { - c.sendAlert(alertInternalError) - return c.in.setErrorLocked(errors.New("tls: handshake or ChangeCipherSpec requested after handshake complete")) - } - case recordTypeApplicationData, recordTypeHeartbeat: - if !c.handshakeComplete { - c.sendAlert(alertInternalError) - return c.in.setErrorLocked(errors.New("tls: application data record requested before handshake complete")) - } - } +// readRecordOrCCS reads one or more TLS records from the connection and +// updates the record layer state. Some invariants: +// * c.in must be locked +// * c.input must be empty +// During the handshake one and only one of the following will happen: +// - c.hand grows +// - c.in.changeCipherSpec is called +// - an error is returned +// After the handshake one and only one of the following will happen: +// - c.hand grows +// - c.input is set +// - an error is returned +func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error { + if c.in.err != nil { + return c.in.err + } + handshakeComplete := c.handshakeComplete() + + // This function modifies c.rawInput, which owns the c.input memory. + if c.input.Len() != 0 { + return c.in.setErrorLocked(errors.New("tls: internal error: attempted to read record with pending application data")) + } + c.input.Reset(nil) -Again: - if c.rawInput == nil { - c.rawInput = c.in.newBlock() - } - b := c.rawInput - recordHeaderLen := c.in.recordHeaderLen() // Read header, payload. - if err := b.readFromUntil(c.conn, recordHeaderLen); err != nil { - // RFC suggests that EOF without an alertCloseNotify is - // an error, but popular web sites seem to do this, - // so we can't make it an error. - // if err == io.EOF { - // err = io.ErrUnexpectedEOF - // } + if err := c.readFromUntil(c.conn, recordHeaderLen); err != nil { + // RFC 8446, Section 6.1 suggests that EOF without an alertCloseNotify + // is an error, but popular web sites seem to do this, so we accept it + // if and only if at the record boundary. + if err == io.ErrUnexpectedEOF && c.rawInput.Len() == 0 { + err = io.EOF + } if e, ok := err.(net.Error); !ok || !e.Temporary() { c.in.setErrorLocked(err) } return err } - typ := recordType(b.data[0]) + hdr := c.rawInput.Bytes()[:recordHeaderLen] + typ := recordType(hdr[0]) // No valid TLS record has a type of 0x80, however SSLv2 handshakes // start with a uint16 length where the MSB is set and the first record // is always < 256 bytes long. Therefore typ == 0x80 strongly suggests // an SSLv2 client. - if want == recordTypeHandshake && typ == 0x80 { + if !handshakeComplete && typ == 0x80 { c.sendAlert(alertProtocolVersion) - return c.in.setErrorLocked(errors.New("tls: unsupported SSLv2 handshake received")) + return c.in.setErrorLocked(c.newRecordHeaderError(nil, "unsupported SSLv2 handshake received")) } - vers := uint16(b.data[1])<<8 | uint16(b.data[2]) - n := int(b.data[3])<<8 | int(b.data[4]) - if c.haveVers && vers != c.vers { + vers := uint16(hdr[1])<<8 | uint16(hdr[2]) + n := int(hdr[3])<<8 | int(hdr[4]) + if c.haveVers && c.vers != VersionTLS13 && vers != c.vers { c.sendAlert(alertProtocolVersion) - return c.in.setErrorLocked(fmt.Errorf("tls: received record with version %x when expecting version %x", vers, c.vers)) - } - if n > maxCiphertext { - c.sendAlert(alertRecordOverflow) - return c.in.setErrorLocked(fmt.Errorf("tls: oversized record received with length %d", n)) + msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers) + return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg)) } if !c.haveVers { - // First message, be extra suspicious: - // this might not be a TLS client. - // Bail out before reading a full 'body', if possible. - // The current max version is 3.1. - // If the version is >= 16.0, it's probably not real. - // Similarly, a clientHello message encodes in - // well under a kilobyte. If the length is >= 12 kB, + // First message, be extra suspicious: this might not be a TLS + // client. Bail out before reading a full 'body', if possible. + // The current max version is 3.3 so if the version is >= 16.0, // it's probably not real. - if (typ != recordTypeAlert && typ != want) || vers >= 0x1000 || n >= 0x3000 { - c.sendAlert(alertUnexpectedMessage) - return c.in.setErrorLocked(fmt.Errorf("tls: first record does not look like a TLS handshake")) + if (typ != recordTypeAlert && typ != recordTypeHandshake) || vers >= 0x1000 { + return c.in.setErrorLocked(c.newRecordHeaderError(c.conn, "first record does not look like a TLS handshake")) } } - if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil { - if err == io.EOF { - err = io.ErrUnexpectedEOF - } + if c.vers == VersionTLS13 && n > maxCiphertextTLS13 || n > maxCiphertext { + c.sendAlert(alertRecordOverflow) + msg := fmt.Sprintf("oversized record received with length %d", n) + return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg)) + } + if err := c.readFromUntil(c.conn, recordHeaderLen+n); err != nil { if e, ok := err.(net.Error); !ok || !e.Temporary() { c.in.setErrorLocked(err) } @@ -648,84 +656,151 @@ Again: } // Process message. - b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n) - ok, off, err := c.in.decrypt(b) - if !ok { - c.in.setErrorLocked(c.sendAlert(err)) + record := c.rawInput.Next(recordHeaderLen + n) + data, typ, err := c.in.decrypt(record) + if err != nil { + return c.in.setErrorLocked(c.sendAlert(err.(alert))) } - b.off = off - data := b.data[b.off:] if len(data) > maxPlaintext { - err := c.sendAlert(alertRecordOverflow) - c.in.freeBlock(b) - return c.in.setErrorLocked(err) + return c.in.setErrorLocked(c.sendAlert(alertRecordOverflow)) + } + + // Application Data messages are always protected. + if c.in.cipher == nil && typ == recordTypeApplicationData { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + + if typ != recordTypeAlert && typ != recordTypeChangeCipherSpec && len(data) > 0 { + // This is a state-advancing message: reset the retry count. + c.retryCount = 0 + } + + // Handshake messages MUST NOT be interleaved with other record types in TLS 1.3. + if c.vers == VersionTLS13 && typ != recordTypeHandshake && c.hand.Len() > 0 { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) } switch typ { default: - c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) case recordTypeAlert: if len(data) != 2 { - c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) - break + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) } if alert(data[1]) == alertCloseNotify { - c.in.setErrorLocked(io.EOF) - break + return c.in.setErrorLocked(io.EOF) + } + if c.vers == VersionTLS13 { + return c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])}) } switch data[0] { case alertLevelWarning: - // drop on the floor - c.in.freeBlock(b) - goto Again + // Drop the record on the floor and retry. + return c.retryReadRecord(expectChangeCipherSpec) case alertLevelError: - c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])}) + return c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])}) default: - c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) } case recordTypeChangeCipherSpec: - if typ != want || len(data) != 1 || data[0] != 1 { - c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) - break + if len(data) != 1 || data[0] != 1 { + return c.in.setErrorLocked(c.sendAlert(alertDecodeError)) } - err := c.in.changeCipherSpec() - if err != nil { - c.in.setErrorLocked(c.sendAlert(err.(alert))) + // Handshake messages are not allowed to fragment across the CCS. + if c.hand.Len() > 0 { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + // In TLS 1.3, change_cipher_spec records are ignored until the + // Finished. See RFC 8446, Appendix D.4. Note that according to Section + // 5, a server can send a ChangeCipherSpec before its ServerHello, when + // c.vers is still unset. That's not useful though and suspicious if the + // server then selects a lower protocol version, so don't allow that. + if c.vers == VersionTLS13 { + return c.retryReadRecord(expectChangeCipherSpec) + } + if !expectChangeCipherSpec { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + if err := c.in.changeCipherSpec(); err != nil { + return c.in.setErrorLocked(c.sendAlert(err.(alert))) } case recordTypeApplicationData: - if typ != want { - c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) - break + if !handshakeComplete || expectChangeCipherSpec { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + // Some OpenSSL servers send empty records in order to randomize the + // CBC IV. Ignore a limited number of empty records. + if len(data) == 0 { + return c.retryReadRecord(expectChangeCipherSpec) } - c.input = b - b = nil + // Note that data is owned by c.rawInput, following the Next call above, + // to avoid copying the plaintext. This is safe because c.rawInput is + // not read from or written to until c.input is drained. + c.input.Reset(data) case recordTypeHandshake: - // TODO(rsc): Should at least pick off connection close. - if typ != want { - return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation)) + if len(data) == 0 || expectChangeCipherSpec { + return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) } c.hand.Write(data) - case recordTypeHeartbeat: - if want != recordTypeHeartbeat { - return c.sendAlert(alertUnexpectedMessage) - } - c.heartbleedLog.Vulnerable = true - c.input = b - b = nil } - if b != nil { - c.in.freeBlock(b) + return nil +} + +// retryReadRecord recurses into readRecordOrCCS to drop a non-advancing record, like +// a warning alert, empty application_data, or a change_cipher_spec in TLS 1.3. +func (c *Conn) retryReadRecord(expectChangeCipherSpec bool) error { + c.retryCount++ + if c.retryCount > maxUselessRecords { + c.sendAlert(alertUnexpectedMessage) + return c.in.setErrorLocked(errors.New("tls: too many ignored records")) } - return c.in.err + return c.readRecordOrCCS(expectChangeCipherSpec) +} + +// atLeastReader reads from R, stopping with EOF once at least N bytes have been +// read. It is different from an io.LimitedReader in that it doesn't cut short +// the last Read call, and in that it considers an early EOF an error. +type atLeastReader struct { + R io.Reader + N int64 +} + +func (r *atLeastReader) Read(p []byte) (int, error) { + if r.N <= 0 { + return 0, io.EOF + } + n, err := r.R.Read(p) + r.N -= int64(n) // won't underflow unless len(p) >= n > 9223372036854775809 + if r.N > 0 && err == io.EOF { + return n, io.ErrUnexpectedEOF + } + if r.N <= 0 && err == nil { + return n, io.EOF + } + return n, err +} + +// readFromUntil reads from r into c.rawInput until c.rawInput contains +// at least n bytes or else returns an error. +func (c *Conn) readFromUntil(r io.Reader, n int) error { + if c.rawInput.Len() >= n { + return nil + } + needs := n - c.rawInput.Len() + // There might be extra input waiting on the wire. Make a best effort + // attempt to fetch it so that it can be used in (*Conn).Read to + // "predict" closeNotify alerts. + c.rawInput.Grow(needs + bytes.MinRead) + _, err := c.rawInput.ReadFrom(&atLeastReader{r, int64(needs)}) + return err } // sendAlert sends a TLS alert message. -// c.out.Mutex <= L. func (c *Conn) sendAlertLocked(err alert) error { switch err { case alertNoRenegotiation, alertCloseNotify: @@ -734,23 +809,100 @@ func (c *Conn) sendAlertLocked(err alert) error { c.tmp[0] = alertLevelError } c.tmp[1] = byte(err) - c.writeRecord(recordTypeAlert, c.tmp[0:2]) - // closeNotify is a special case in that it isn't an error: - if err != alertCloseNotify { - return c.out.setErrorLocked(&net.OpError{Op: "local error", Err: err}) + + _, writeErr := c.writeRecordLocked(recordTypeAlert, c.tmp[0:2]) + if err == alertCloseNotify { + // closeNotify is a special case in that it isn't an error. + return writeErr } - return nil + + return c.out.setErrorLocked(&net.OpError{Op: "local error", Err: err}) } // sendAlert sends a TLS alert message. -// L < c.out.Mutex. func (c *Conn) sendAlert(err alert) error { c.out.Lock() defer c.out.Unlock() return c.sendAlertLocked(err) } -// c.out.Mutex <= L. +const ( + // tcpMSSEstimate is a conservative estimate of the TCP maximum segment + // size (MSS). A constant is used, rather than querying the kernel for + // the actual MSS, to avoid complexity. The value here is the IPv6 + // minimum MTU (1280 bytes) minus the overhead of an IPv6 header (40 + // bytes) and a TCP header with timestamps (32 bytes). + tcpMSSEstimate = 1208 + + // recordSizeBoostThreshold is the number of bytes of application data + // sent after which the TLS record size will be increased to the + // maximum. + recordSizeBoostThreshold = 128 * 1024 +) + +// maxPayloadSizeForWrite returns the maximum TLS payload size to use for the +// next application data record. There is the following trade-off: +// +// - For latency-sensitive applications, such as web browsing, each TLS +// record should fit in one TCP segment. +// - For throughput-sensitive applications, such as large file transfers, +// larger TLS records better amortize framing and encryption overheads. +// +// A simple heuristic that works well in practice is to use small records for +// the first 1MB of data, then use larger records for subsequent data, and +// reset back to smaller records after the connection becomes idle. See "High +// Performance Web Networking", Chapter 4, or: +// https://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/ +// +// In the interests of simplicity and determinism, this code does not attempt +// to reset the record size once the connection is idle, however. +func (c *Conn) maxPayloadSizeForWrite(typ recordType) int { + if c.config.DynamicRecordSizingDisabled || typ != recordTypeApplicationData { + return maxPlaintext + } + + if c.bytesSent >= recordSizeBoostThreshold { + return maxPlaintext + } + + // Subtract TLS overheads to get the maximum payload size. + payloadBytes := tcpMSSEstimate - recordHeaderLen - c.out.explicitNonceLen() + if c.out.cipher != nil { + switch ciph := c.out.cipher.(type) { + case cipher.Stream: + payloadBytes -= c.out.mac.Size() + case cipher.AEAD: + payloadBytes -= ciph.Overhead() + case cbcMode: + blockSize := ciph.BlockSize() + // The payload must fit in a multiple of blockSize, with + // room for at least one padding byte. + payloadBytes = (payloadBytes & ^(blockSize - 1)) - 1 + // The MAC is appended before padding so affects the + // payload size directly. + payloadBytes -= c.out.mac.Size() + default: + panic("unknown cipher type") + } + } + if c.vers == VersionTLS13 { + payloadBytes-- // encrypted ContentType + } + + // Allow packet growth in arithmetic progression up to max. + pkt := c.packetsSent + c.packetsSent++ + if pkt > 1000 { + return maxPlaintext // avoid overflow in multiply below + } + + n := payloadBytes * int(pkt+1) + if n > maxPlaintext { + n = maxPlaintext + } + return n +} + func (c *Conn) write(data []byte) (int, error) { if c.buffering { c.sendBuf = append(c.sendBuf, data...) @@ -758,6 +910,7 @@ func (c *Conn) write(data []byte) (int, error) { } n, err := c.conn.Write(data) + c.bytesSent += int64(n) return n, err } @@ -767,104 +920,93 @@ func (c *Conn) flush() (int, error) { } n, err := c.conn.Write(c.sendBuf) + c.bytesSent += int64(n) c.sendBuf = nil c.buffering = false return n, err } -// writeRecord writes a TLS record with the given type and payload -// to the connection and updates the record layer state. -// c.out.Mutex <= L. -func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { +// outBufPool pools the record-sized scratch buffers used by writeRecordLocked. +var outBufPool = sync.Pool{ + New: func() interface{} { + return new([]byte) + }, +} - recordHeaderLen := tlsRecordHeaderLen - b := c.out.newBlock() - first := true - //isClientHello := typ == recordTypeHandshake && len(data) > 0 && data[0] == typeClientHello - for len(data) > 0 || first { +// writeRecordLocked writes a TLS record with the given type and payload to the +// connection and updates the record layer state. +func (c *Conn) writeRecordLocked(typ recordType, data []byte) (int, error) { + outBufPtr := outBufPool.Get().(*[]byte) + outBuf := *outBufPtr + defer func() { + // You might be tempted to simplify this by just passing &outBuf to Put, + // but that would make the local copy of the outBuf slice header escape + // to the heap, causing an allocation. Instead, we keep around the + // pointer to the slice header returned by Get, which is already on the + // heap, and overwrite and return that. + *outBufPtr = outBuf + outBufPool.Put(outBufPtr) + }() + + var n int + for len(data) > 0 { m := len(data) - if m > maxPlaintext { - m = maxPlaintext + if maxPayload := c.maxPayloadSizeForWrite(typ); m > maxPayload { + m = maxPayload } - explicitIVLen := 0 - explicitIVIsSeq := false - first = false - - var cbc cbcMode - if c.out.version >= VersionTLS11 { - var ok bool - if cbc, ok = c.out.cipher.(cbcMode); ok { - explicitIVLen = cbc.BlockSize() - } - } - if explicitIVLen == 0 { - if aead, ok := c.out.cipher.(tlsAead); ok && aead.explicitNonce() { - explicitIVLen = 8 - // The AES-GCM construction in TLS has an - // explicit nonce so that the nonce can be - // random. However, the nonce is only 8 bytes - // which is too small for a secure, random - // nonce. Therefore we use the sequence number - // as the nonce. - explicitIVIsSeq = true - } - } - b.resize(recordHeaderLen + explicitIVLen + m) - b.data[0] = byte(typ) + + _, outBuf = sliceForAppend(outBuf[:0], recordHeaderLen) + outBuf[0] = byte(typ) vers := c.vers if vers == 0 { // Some TLS servers fail if the record version is // greater than TLS 1.0 for the initial ClientHello. vers = VersionTLS10 + } else if vers == VersionTLS13 { + // TLS 1.3 froze the record layer version to 1.2. + // See RFC 8446, Section 5.1. + vers = VersionTLS12 } - b.data[1] = byte(vers >> 8) - b.data[2] = byte(vers) - b.data[3] = byte(m >> 8) - b.data[4] = byte(m) - if explicitIVLen > 0 { - explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] - if explicitIVIsSeq { - copy(explicitIV, c.out.seq[:]) - } else { - if _, err = io.ReadFull(c.config.rand(), explicitIV); err != nil { - break - } - } - } - copy(b.data[recordHeaderLen+explicitIVLen:], data) - c.out.encrypt(b, explicitIVLen) - _, err = c.write(b.data) + outBuf[1] = byte(vers >> 8) + outBuf[2] = byte(vers) + outBuf[3] = byte(m >> 8) + outBuf[4] = byte(m) + + var err error + outBuf, err = c.out.encrypt(outBuf, data[:m], c.config.rand()) if err != nil { - break + return n, err + } + if _, err := c.write(outBuf); err != nil { + return n, err } n += m data = data[m:] } - c.out.freeBlock(b) - if typ == recordTypeChangeCipherSpec { - err = c.out.changeCipherSpec() - if err != nil { - // Cannot call sendAlert directly, - // because we already hold c.out.Mutex. - c.tmp[0] = alertLevelError - c.tmp[1] = byte(err.(alert)) - c.writeRecord(recordTypeAlert, c.tmp[0:2]) - return n, c.out.setErrorLocked(&net.OpError{Op: "local error", Err: err}) + if typ == recordTypeChangeCipherSpec && c.vers != VersionTLS13 { + if err := c.out.changeCipherSpec(); err != nil { + return n, c.sendAlertLocked(err.(alert)) } } - return + + return n, nil +} + +// writeRecord writes a TLS record with the given type and payload to the +// connection and updates the record layer state. +func (c *Conn) writeRecord(typ recordType, data []byte) (int, error) { + c.out.Lock() + defer c.out.Unlock() + + return c.writeRecordLocked(typ, data) } // readHandshake reads the next handshake message from // the record layer. -// c.in.Mutex < L; c.out.Mutex < L. func (c *Conn) readHandshake() (interface{}, error) { for c.hand.Len() < 4 { - if err := c.in.err; err != nil { - return nil, err - } - if err := c.readRecord(recordTypeHandshake); err != nil { + if err := c.readRecord(); err != nil { return nil, err } } @@ -872,13 +1014,11 @@ func (c *Conn) readHandshake() (interface{}, error) { data := c.hand.Bytes() n := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) if n > maxHandshake { - return nil, c.in.setErrorLocked(c.sendAlert(alertInternalError)) + c.sendAlertLocked(alertInternalError) + return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake)) } for c.hand.Len() < 4+n { - if err := c.in.err; err != nil { - return nil, err - } - if err := c.readRecord(recordTypeHandshake); err != nil { + if err := c.readRecord(); err != nil { return nil, err } } @@ -892,12 +1032,24 @@ func (c *Conn) readHandshake() (interface{}, error) { case typeServerHello: m = new(serverHelloMsg) case typeNewSessionTicket: - m = new(newSessionTicketMsg) + if c.vers == VersionTLS13 { + m = new(newSessionTicketMsgTLS13) + } else { + m = new(newSessionTicketMsg) + } case typeCertificate: - m = new(certificateMsg) + if c.vers == VersionTLS13 { + m = new(certificateMsgTLS13) + } else { + m = new(certificateMsg) + } case typeCertificateRequest: - m = &certificateRequestMsg{ - hasSignatureAndHash: c.vers >= VersionTLS12, + if c.vers == VersionTLS13 { + m = new(certificateRequestMsgTLS13) + } else { + m = &certificateRequestMsg{ + hasSignatureAlgorithm: c.vers >= VersionTLS12, + } } case typeCertificateStatus: m = new(certificateStatusMsg) @@ -909,17 +1061,21 @@ func (c *Conn) readHandshake() (interface{}, error) { m = new(clientKeyExchangeMsg) case typeCertificateVerify: m = &certificateVerifyMsg{ - hasSignatureAndHash: c.vers >= VersionTLS12, + hasSignatureAlgorithm: c.vers >= VersionTLS12, } - case typeNextProtocol: - m = new(nextProtoMsg) case typeFinished: m = new(finishedMsg) + case typeEncryptedExtensions: + m = new(encryptedExtensionsMsg) + case typeEndOfEarlyData: + m = new(endOfEarlyDataMsg) + case typeKeyUpdate: + m = new(keyUpdateMsg) default: return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) } - // The handshake message unmarshallers + // The handshake message unmarshalers // expect to be able to keep references to data, // so pass in a fresh copy that won't be overwritten. data = append([]byte(nil), data...) @@ -930,8 +1086,29 @@ func (c *Conn) readHandshake() (interface{}, error) { return m, nil } +var ( + errShutdown = errors.New("tls: protocol is shutdown") +) + // Write writes data to the connection. +// +// As Write calls Handshake, in order to prevent indefinite blocking a deadline +// must be set for both Read and Write before Write is called when the handshake +// has not yet completed. See SetDeadline, SetReadDeadline, and +// SetWriteDeadline. func (c *Conn) Write(b []byte) (int, error) { + // interlock with Close below + for { + x := atomic.LoadInt32(&c.activeCall) + if x&1 != 0 { + return 0, net.ErrClosed + } + if atomic.CompareAndSwapInt32(&c.activeCall, x, x+2) { + break + } + } + defer atomic.AddInt32(&c.activeCall, -2) + if err := c.Handshake(); err != nil { return 0, err } @@ -943,23 +1120,27 @@ func (c *Conn) Write(b []byte) (int, error) { return 0, err } - if !c.handshakeComplete { + if !c.handshakeComplete() { return 0, alertInternalError } - // SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext + if c.closeNotifySent { + return 0, errShutdown + } + + // TLS 1.0 is susceptible to a chosen-plaintext // attack when using block mode ciphers due to predictable IVs. // This can be prevented by splitting each Application Data // record into two records, effectively randomizing the IV. // - // http://www.openssl.org/~bodo/tls-cbc.txt + // https://www.openssl.org/~bodo/tls-cbc.txt // https://bugzilla.mozilla.org/show_bug.cgi?id=665814 - // http://www.imperialviolet.org/2012/01/15/beastfollowup.html + // https://www.imperialviolet.org/2012/01/15/beastfollowup.html var m int - if len(b) > 1 && c.vers <= VersionTLS10 { + if len(b) > 1 && c.vers == VersionTLS10 { if _, ok := c.out.cipher.(cipher.BlockMode); ok { - n, err := c.writeRecord(recordTypeApplicationData, b[:1]) + n, err := c.writeRecordLocked(recordTypeApplicationData, b[:1]) if err != nil { return n, c.out.setErrorLocked(err) } @@ -967,80 +1148,189 @@ func (c *Conn) Write(b []byte) (int, error) { } } - n, err := c.writeRecord(recordTypeApplicationData, b) + n, err := c.writeRecordLocked(recordTypeApplicationData, b) return n + m, c.out.setErrorLocked(err) } -// Read can be made to time out and return a net.Error with Timeout() == true -// after a fixed time limit; see SetDeadline and SetReadDeadline. -func (c *Conn) Read(b []byte) (n int, err error) { - if err = c.Handshake(); err != nil { - return +// handleRenegotiation processes a HelloRequest handshake message. +func (c *Conn) handleRenegotiation() error { + if c.vers == VersionTLS13 { + return errors.New("tls: internal error: unexpected renegotiation") + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + helloReq, ok := msg.(*helloRequestMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(helloReq, msg) + } + + if !c.isClient { + return c.sendAlert(alertNoRenegotiation) + } + + switch c.config.Renegotiation { + case RenegotiateNever: + return c.sendAlert(alertNoRenegotiation) + case RenegotiateOnceAsClient: + if c.handshakes > 1 { + return c.sendAlert(alertNoRenegotiation) + } + case RenegotiateFreelyAsClient: + // Ok. + default: + c.sendAlert(alertInternalError) + return errors.New("tls: unknown Renegotiation value") + } + + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + + atomic.StoreUint32(&c.handshakeStatus, 0) + if c.handshakeErr = c.clientHandshake(); c.handshakeErr == nil { + c.handshakes++ + } + return c.handshakeErr +} + +// handlePostHandshakeMessage processes a handshake message arrived after the +// handshake is complete. Up to TLS 1.2, it indicates the start of a renegotiation. +func (c *Conn) handlePostHandshakeMessage() error { + if c.vers != VersionTLS13 { + return c.handleRenegotiation() + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + c.retryCount++ + if c.retryCount > maxUselessRecords { + c.sendAlert(alertUnexpectedMessage) + return c.in.setErrorLocked(errors.New("tls: too many non-advancing records")) + } + + switch msg := msg.(type) { + case *newSessionTicketMsgTLS13: + return c.handleNewSessionTicket(msg) + case *keyUpdateMsg: + return c.handleKeyUpdate(msg) + default: + c.sendAlert(alertUnexpectedMessage) + return fmt.Errorf("tls: received unexpected handshake message of type %T", msg) + } +} + +func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error { + cipherSuite := cipherSuiteTLS13ByID(c.cipherSuite) + if cipherSuite == nil { + return c.in.setErrorLocked(c.sendAlert(alertInternalError)) + } + + newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret) + c.in.setTrafficSecret(cipherSuite, newSecret) + + if keyUpdate.updateRequested { + c.out.Lock() + defer c.out.Unlock() + + msg := &keyUpdateMsg{} + _, err := c.writeRecordLocked(recordTypeHandshake, msg.marshal()) + if err != nil { + // Surface the error at the next write. + c.out.setErrorLocked(err) + return nil + } + + newSecret := cipherSuite.nextTrafficSecret(c.out.trafficSecret) + c.out.setTrafficSecret(cipherSuite, newSecret) + } + + return nil +} + +// Read reads data from the connection. +// +// As Read calls Handshake, in order to prevent indefinite blocking a deadline +// must be set for both Read and Write before Read is called when the handshake +// has not yet completed. See SetDeadline, SetReadDeadline, and +// SetWriteDeadline. +func (c *Conn) Read(b []byte) (int, error) { + if err := c.Handshake(); err != nil { + return 0, err } if len(b) == 0 { // Put this after Handshake, in case people were calling // Read(nil) for the side effect of the Handshake. - return + return 0, nil } c.in.Lock() defer c.in.Unlock() - // Some OpenSSL servers send empty records in order to randomize the - // CBC IV. So this loop ignores a limited number of empty records. - const maxConsecutiveEmptyRecords = 100 - for emptyRecordCount := 0; emptyRecordCount <= maxConsecutiveEmptyRecords; emptyRecordCount++ { - for c.input == nil && c.in.err == nil { - if err := c.readRecord(recordTypeApplicationData); err != nil { - // Soft error, like EAGAIN - return 0, err - } - } - if err := c.in.err; err != nil { + for c.input.Len() == 0 { + if err := c.readRecord(); err != nil { return 0, err } - - n, err = c.input.Read(b) - if c.input.off >= len(c.input.data) { - c.in.freeBlock(c.input) - c.input = nil - } - - // If a close-notify alert is waiting, read it so that - // we can return (n, EOF) instead of (n, nil), to signal - // to the HTTP response reading goroutine that the - // connection is now closed. This eliminates a race - // where the HTTP response reading goroutine would - // otherwise not observe the EOF until its next read, - // by which time a client goroutine might have already - // tried to reuse the HTTP connection for a new - // request. - // See https://codereview.appspot.com/76400046 - // and http://golang.org/issue/3514 - if ri := c.rawInput; ri != nil && - n != 0 && err == nil && - c.input == nil && len(ri.data) > 0 && recordType(ri.data[0]) == recordTypeAlert { - if recErr := c.readRecord(recordTypeApplicationData); recErr != nil { - err = recErr // will be io.EOF on closeNotify + for c.hand.Len() > 0 { + if err := c.handlePostHandshakeMessage(); err != nil { + return 0, err } } + } - if n != 0 || err != nil { - return n, err + n, _ := c.input.Read(b) + + // If a close-notify alert is waiting, read it so that we can return (n, + // EOF) instead of (n, nil), to signal to the HTTP response reading + // goroutine that the connection is now closed. This eliminates a race + // where the HTTP response reading goroutine would otherwise not observe + // the EOF until its next read, by which time a client goroutine might + // have already tried to reuse the HTTP connection for a new request. + // See https://golang.org/cl/76400046 and https://golang.org/issue/3514 + if n != 0 && c.input.Len() == 0 && c.rawInput.Len() > 0 && + recordType(c.rawInput.Bytes()[0]) == recordTypeAlert { + if err := c.readRecord(); err != nil { + return n, err // will be io.EOF on closeNotify } } - return 0, io.ErrNoProgress + return n, nil } // Close closes the connection. func (c *Conn) Close() error { - var alertErr error + // Interlock with Conn.Write above. + var x int32 + for { + x = atomic.LoadInt32(&c.activeCall) + if x&1 != 0 { + return net.ErrClosed + } + if atomic.CompareAndSwapInt32(&c.activeCall, x, x|1) { + break + } + } + if x != 0 { + // io.Writer and io.Closer should not be used concurrently. + // If Close is called while a Write is currently in-flight, + // interpret that as a sign that this Close is really just + // being used to break the Write and/or clean up resources and + // avoid sending the alertCloseNotify, which may block + // waiting on handshakeMutex or the c.out mutex. + return c.conn.Close() + } - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - if c.handshakeComplete { - alertErr = c.sendAlert(alertCloseNotify) + var alertErr error + if c.handshakeComplete() { + if err := c.closeNotify(); err != nil { + alertErr = fmt.Errorf("tls: failed to send closeNotify alert (but connection was closed anyway): %w", err) + } } if err := c.conn.Close(); err != nil { @@ -1049,25 +1339,69 @@ func (c *Conn) Close() error { return alertErr } +var errEarlyCloseWrite = errors.New("tls: CloseWrite called before handshake complete") + +// CloseWrite shuts down the writing side of the connection. It should only be +// called once the handshake has completed and does not call CloseWrite on the +// underlying connection. Most callers should just use Close. +func (c *Conn) CloseWrite() error { + if !c.handshakeComplete() { + return errEarlyCloseWrite + } + + return c.closeNotify() +} + +func (c *Conn) closeNotify() error { + c.out.Lock() + defer c.out.Unlock() + + if !c.closeNotifySent { + // Set a Write Deadline to prevent possibly blocking forever. + c.SetWriteDeadline(time.Now().Add(time.Second * 5)) + c.closeNotifyErr = c.sendAlertLocked(alertCloseNotify) + c.closeNotifySent = true + // Any subsequent writes will fail. + c.SetWriteDeadline(time.Now()) + } + return c.closeNotifyErr +} + // Handshake runs the client or server handshake // protocol if it has not yet been run. -// Most uses of this package need not call Handshake -// explicitly: the first Read or Write will call it automatically. +// +// Most uses of this package need not call Handshake explicitly: the +// first Read or Write will call it automatically. +// +// For control over canceling or setting a timeout on a handshake, use +// the Dialer's DialContext method. func (c *Conn) Handshake() error { c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() + if err := c.handshakeErr; err != nil { return err } - if c.handshakeComplete { + if c.handshakeComplete() { return nil } - if c.isClient { - c.handshakeErr = c.clientHandshake() + c.in.Lock() + defer c.in.Unlock() + + c.handshakeErr = c.handshakeFn() + if c.handshakeErr == nil { + c.handshakes++ } else { - c.handshakeErr = c.serverHandshake() + // If an error occurred during the handshake try to flush the + // alert that might be left in the buffer. + c.flush() } + + if c.handshakeErr == nil && !c.handshakeComplete() { + c.handshakeErr = errors.New("tls: internal error: handshake should have had a result") + } + return c.handshakeErr } @@ -1075,20 +1409,34 @@ func (c *Conn) Handshake() error { func (c *Conn) ConnectionState() ConnectionState { c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() + return c.connectionStateLocked() +} +func (c *Conn) connectionStateLocked() ConnectionState { var state ConnectionState - state.HandshakeComplete = c.handshakeComplete - if c.handshakeComplete { - state.Version = c.vers - state.NegotiatedProtocol = c.clientProtocol - state.DidResume = c.didResume - state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback - state.CipherSuite = c.cipherSuite - state.PeerCertificates = c.peerCertificates - state.VerifiedChains = c.verifiedChains - state.ServerName = c.serverName + state.HandshakeComplete = c.handshakeComplete() + state.Version = c.vers + state.NegotiatedProtocol = c.clientProtocol + state.DidResume = c.didResume + state.NegotiatedProtocolIsMutual = true + state.ServerName = c.serverName + state.CipherSuite = c.cipherSuite + state.PeerCertificates = c.peerCertificates + state.VerifiedChains = c.verifiedChains + state.SignedCertificateTimestamps = c.scts + state.OCSPResponse = c.ocspResponse + if !c.didResume && c.vers != VersionTLS13 { + if c.clientFinishedIsFirst { + state.TLSUnique = c.clientFinished[:] + } else { + state.TLSUnique = c.serverFinished[:] + } + } + if c.config.Renegotiation != RenegotiateNever { + state.ekm = noExportedKeyingMaterial + } else { + state.ekm = c.ekm } - return state } @@ -1102,7 +1450,7 @@ func (c *Conn) OCSPResponse() []byte { } // VerifyHostname checks that the peer certificate chain is valid for -// connecting to host. If so, it returns nil; if not, it returns an error +// connecting to host. If so, it returns nil; if not, it returns an error // describing the problem. func (c *Conn) VerifyHostname(host string) error { c.handshakeMutex.Lock() @@ -1110,12 +1458,15 @@ func (c *Conn) VerifyHostname(host string) error { if !c.isClient { return errors.New("tls: VerifyHostname called on TLS server connection") } - if !c.handshakeComplete { + if !c.handshakeComplete() { return errors.New("tls: handshake has not yet been performed") } + if len(c.verifiedChains) == 0 { + return errors.New("tls: handshake did not verify certificate chain") + } return c.peerCertificates[0].VerifyHostname(host) } -func (c *Conn) Config() *Config { - return c.config +func (c *Conn) handshakeComplete() bool { + return atomic.LoadUint32(&c.handshakeStatus) == 1 } diff --git a/tls/conn_test.go b/tls/conn_test.go index 5c555147..78935b12 100644 --- a/tls/conn_test.go +++ b/tls/conn_test.go @@ -5,6 +5,9 @@ package tls import ( + "bytes" + "io" + "net" "testing" ) @@ -18,6 +21,12 @@ func TestRoundUp(t *testing.T) { } } +// will be initialized with {0, 255, 255, ..., 255} +var padding255Bad = [256]byte{} + +// will be initialized with {255, 255, 255, ..., 255} +var padding255Good = [256]byte{255} + var paddingTests = []struct { in []byte good bool @@ -33,11 +42,17 @@ var paddingTests = []struct { {[]byte{1, 4, 4, 4, 4, 4}, true, 1}, {[]byte{5, 5, 5, 5, 5, 5}, true, 0}, {[]byte{6, 6, 6, 6, 6, 6}, false, 0}, + {padding255Bad[:], false, 0}, + {padding255Good[:], true, 0}, } func TestRemovePadding(t *testing.T) { + for i := 1; i < len(padding255Bad); i++ { + padding255Bad[i] = 255 + padding255Good[i] = 255 + } for i, test := range paddingTests { - payload, good := removePadding(test.in) + paddingLen, good := extractPadding(test.in) expectedGood := byte(255) if !test.good { expectedGood = 0 @@ -45,19 +60,17 @@ func TestRemovePadding(t *testing.T) { if good != expectedGood { t.Errorf("#%d: wrong validity, want:%d got:%d", i, expectedGood, good) } - if good == 255 && len(payload) != test.expectedLen { - t.Errorf("#%d: got %d, want %d", i, len(payload), test.expectedLen) + if good == 255 && len(test.in)-paddingLen != test.expectedLen { + t.Errorf("#%d: got %d, want %d", i, len(test.in)-paddingLen, test.expectedLen) } } } -var certExampleCom = `308201403081eda003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313138353835325a170d3132303933303138353835325a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31a301830160603551d11040f300d820b6578616d706c652e636f6d300b06092a864886f70d0101050341001a0b419d2c74474c6450654e5f10b32bf426ffdf55cad1c52602e7a9151513a3424c70f5960dcd682db0c33769cc1daa3fcdd3db10809d2392ed4a1bf50ced18` - -var certWildcardExampleCom = `308201423081efa003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303034365a170d3132303933303139303034365a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31c301a30180603551d110411300f820d2a2e6578616d706c652e636f6d300b06092a864886f70d0101050341001676f0c9e7c33c1b656ed5a6476c4e2ee9ec8e62df7407accb1875272b2edd0a22096cb2c22598d11604104d604f810eb4b5987ca6bb319c7e6ce48725c54059` +var certExampleCom = `308201713082011ba003020102021005a75ddf21014d5f417083b7a010ba2e300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343135335a170d3137303831373231343135335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b37f0fdd67e715bf532046ac34acbd8fdc4dabe2b598588f3f58b1f12e6219a16cbfe54d2b4b665396013589262360b6721efa27d546854f17cc9aeec6751db10203010001a34d304b300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030160603551d11040f300d820b6578616d706c652e636f6d300d06092a864886f70d01010b050003410059fc487866d3d855503c8e064ca32aac5e9babcece89ec597f8b2b24c17867f4a5d3b4ece06e795bfc5448ccbd2ffca1b3433171ebf3557a4737b020565350a0` -var certFooExampleCom = `308201443081f1a003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303131345a170d3132303933303139303131345a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31e301c301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300b06092a864886f70d010105034100646a2a51f2aa2477add854b462cf5207ba16d3213ffb5d3d0eed473fbf09935019192d1d5b8ca6a2407b424cf04d97c4cd9197c83ecf81f0eab9464a1109d09f` +var certWildcardExampleCom = `308201743082011ea003020102021100a7aa6297c9416a4633af8bec2958c607300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343231395a170d3137303831373231343231395a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b105afc859a711ee864114e7d2d46c2dcbe392d3506249f6c2285b0eb342cc4bf2d803677c61c0abde443f084745c1a6d62080e5664ef2cc8f50ad8a0ab8870b0203010001a34f304d300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030180603551d110411300f820d2a2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100af26088584d266e3f6566360cf862c7fecc441484b098b107439543144a2b93f20781988281e108c6d7656934e56950e1e5f2bcf38796b814ccb729445856c34` -var certDoubleWildcardExampleCom = `308201443081f1a003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303134315a170d3132303933303139303134315a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31e301c301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300b06092a864886f70d0101050341001c3de267975f56ef57771c6218ef95ecc65102e57bd1defe6f7efea90d9b26cf40de5bd7ad75e46201c7f2a92aaa3e907451e9409f65e28ddb6db80d726290f6` +var certFooExampleCom = `308201753082011fa00302010202101bbdb6070b0aeffc49008cde74deef29300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343234345a170d3137303831373231343234345a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100f00ac69d8ca2829f26216c7b50f1d4bbabad58d447706476cd89a2f3e1859943748aa42c15eedc93ac7c49e40d3b05ed645cb6b81c4efba60d961f44211a54eb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100a0957fca6d1e0f1ef4b247348c7a8ca092c29c9c0ecc1898ea6b8065d23af6d922a410dd2335a0ea15edd1394cef9f62c9e876a21e35250a0b4fe1ddceba0f36` func TestCertificateSelection(t *testing.T) { config := Config{ @@ -71,9 +84,6 @@ func TestCertificateSelection(t *testing.T) { { Certificate: [][]byte{fromHex(certFooExampleCom)}, }, - { - Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)}, - }, }, } @@ -88,19 +98,190 @@ func TestCertificateSelection(t *testing.T) { return -1 } - if n := pointerToIndex(config.getCertificateForName("example.com")); n != 0 { + certificateForName := func(name string) *Certificate { + clientHello := &ClientHelloInfo{ + ServerName: name, + } + if cert, err := config.getCertificate(clientHello); err != nil { + t.Errorf("unable to get certificate for name '%s': %s", name, err) + return nil + } else { + return cert + } + } + + if n := pointerToIndex(certificateForName("example.com")); n != 0 { t.Errorf("example.com returned certificate %d, not 0", n) } - if n := pointerToIndex(config.getCertificateForName("bar.example.com")); n != 1 { + if n := pointerToIndex(certificateForName("bar.example.com")); n != 1 { t.Errorf("bar.example.com returned certificate %d, not 1", n) } - if n := pointerToIndex(config.getCertificateForName("foo.example.com")); n != 2 { + if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 { t.Errorf("foo.example.com returned certificate %d, not 2", n) } - if n := pointerToIndex(config.getCertificateForName("foo.bar.example.com")); n != 3 { - t.Errorf("foo.bar.example.com returned certificate %d, not 3", n) + if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 0 { + t.Errorf("foo.bar.example.com returned certificate %d, not 0", n) } - if n := pointerToIndex(config.getCertificateForName("foo.bar.baz.example.com")); n != 0 { - t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n) +} + +// Run with multiple crypto configs to test the logic for computing TLS record overheads. +func runDynamicRecordSizingTest(t *testing.T, config *Config) { + clientConn, serverConn := localPipe(t) + + serverConfig := config.Clone() + serverConfig.DynamicRecordSizingDisabled = false + tlsConn := Server(serverConn, serverConfig) + + handshakeDone := make(chan struct{}) + recordSizesChan := make(chan []int, 1) + defer func() { <-recordSizesChan }() // wait for the goroutine to exit + go func() { + // This goroutine performs a TLS handshake over clientConn and + // then reads TLS records until EOF. It writes a slice that + // contains all the record sizes to recordSizesChan. + defer close(recordSizesChan) + defer clientConn.Close() + + tlsConn := Client(clientConn, config) + if err := tlsConn.Handshake(); err != nil { + t.Errorf("Error from client handshake: %v", err) + return + } + close(handshakeDone) + + var recordHeader [recordHeaderLen]byte + var record []byte + var recordSizes []int + + for { + n, err := io.ReadFull(clientConn, recordHeader[:]) + if err == io.EOF { + break + } + if err != nil || n != len(recordHeader) { + t.Errorf("io.ReadFull = %d, %v", n, err) + return + } + + length := int(recordHeader[3])<<8 | int(recordHeader[4]) + if len(record) < length { + record = make([]byte, length) + } + + n, err = io.ReadFull(clientConn, record[:length]) + if err != nil || n != length { + t.Errorf("io.ReadFull = %d, %v", n, err) + return + } + + recordSizes = append(recordSizes, recordHeaderLen+length) + } + + recordSizesChan <- recordSizes + }() + + if err := tlsConn.Handshake(); err != nil { + t.Fatalf("Error from server handshake: %s", err) } + <-handshakeDone + + // The server writes these plaintexts in order. + plaintext := bytes.Join([][]byte{ + bytes.Repeat([]byte("x"), recordSizeBoostThreshold), + bytes.Repeat([]byte("y"), maxPlaintext*2), + bytes.Repeat([]byte("z"), maxPlaintext), + }, nil) + + if _, err := tlsConn.Write(plaintext); err != nil { + t.Fatalf("Error from server write: %s", err) + } + if err := tlsConn.Close(); err != nil { + t.Fatalf("Error from server close: %s", err) + } + + recordSizes := <-recordSizesChan + if recordSizes == nil { + t.Fatalf("Client encountered an error") + } + + // Drop the size of the second to last record, which is likely to be + // truncated, and the last record, which is a close_notify alert. + recordSizes = recordSizes[:len(recordSizes)-2] + + // recordSizes should contain a series of records smaller than + // tcpMSSEstimate followed by some larger than maxPlaintext. + seenLargeRecord := false + for i, size := range recordSizes { + if !seenLargeRecord { + if size > (i+1)*tcpMSSEstimate { + t.Fatalf("Record #%d has size %d, which is too large too soon", i, size) + } + if size >= maxPlaintext { + seenLargeRecord = true + } + } else if size <= maxPlaintext { + t.Fatalf("Record #%d has size %d but should be full sized", i, size) + } + } + + if !seenLargeRecord { + t.Fatalf("No large records observed") + } +} + +func TestDynamicRecordSizingWithStreamCipher(t *testing.T) { + config := testConfig.Clone() + config.MaxVersion = VersionTLS12 + config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} + runDynamicRecordSizingTest(t, config) +} + +func TestDynamicRecordSizingWithCBC(t *testing.T) { + config := testConfig.Clone() + config.MaxVersion = VersionTLS12 + config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA} + runDynamicRecordSizingTest(t, config) +} + +func TestDynamicRecordSizingWithAEAD(t *testing.T) { + config := testConfig.Clone() + config.MaxVersion = VersionTLS12 + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256} + runDynamicRecordSizingTest(t, config) +} + +func TestDynamicRecordSizingWithTLSv13(t *testing.T) { + config := testConfig.Clone() + runDynamicRecordSizingTest(t, config) +} + +// hairpinConn is a net.Conn that makes a “hairpin” call when closed, back into +// the tls.Conn which is calling it. +type hairpinConn struct { + net.Conn + tlsConn *Conn +} + +func (conn *hairpinConn) Close() error { + conn.tlsConn.ConnectionState() + return nil +} + +func TestHairpinInClose(t *testing.T) { + // This tests that the underlying net.Conn can call back into the + // tls.Conn when being closed without deadlocking. + client, server := localPipe(t) + defer server.Close() + defer client.Close() + + conn := &hairpinConn{client, nil} + tlsConn := Server(conn, &Config{ + GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { + panic("unreachable") + }, + }) + conn.tlsConn = tlsConn + + // This call should not deadlock. + tlsConn.Close() } diff --git a/tls/example_test.go b/tls/example_test.go index 54018328..3c028a60 100644 --- a/tls/example_test.go +++ b/tls/example_test.go @@ -5,37 +5,54 @@ package tls_test import ( + stdtls "crypto/tls" + "log" + "net/http" + "net/http/httptest" + "os" + "time" + "github.com/zmap/zcrypto/tls" "github.com/zmap/zcrypto/x509" ) +// zeroSource is an io.Reader that returns an unlimited number of zero bytes. +type zeroSource struct{} + +func (zeroSource) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = 0 + } + + return len(b), nil +} + func ExampleDial() { // Connecting with a custom root-certificate set. const rootPEM = ` +-- GlobalSign Root R2, valid until Dec 15, 2021 -----BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG -EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy -bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP -VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv -h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE -ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ -EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC -DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 -qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD -VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g -K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI -KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n -ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB -BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY -/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ -zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza -HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto -WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 -yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== -----END CERTIFICATE-----` // First, create the set of root certificates. For this example we only @@ -55,3 +72,163 @@ yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx } conn.Close() } + +func ExampleConfig_keyLogWriter() { + // Debugging TLS applications by decrypting a network traffic capture. + + // WARNING: Use of KeyLogWriter compromises security and should only be + // used for debugging. + + // Dummy test HTTP server for the example with insecure random so output is + // reproducible. + server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) + server.TLS = &stdtls.Config{ + Rand: zeroSource{}, // for example only; don't do this. + } + server.StartTLS() + defer server.Close() + + // Typically the log would go to an open file: + // w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + w := os.Stdout + + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &stdtls.Config{ + KeyLogWriter: w, + + Rand: zeroSource{}, // for reproducible output; don't do this. + InsecureSkipVerify: true, // test server certificate is not trusted. + }, + }, + } + resp, err := client.Get(server.URL) + if err != nil { + log.Fatalf("Failed to get URL: %v", err) + } + resp.Body.Close() + + // The resulting file can be used with Wireshark to decrypt the TLS + // connection by setting (Pre)-Master-Secret log filename in SSL Protocol + // preferences. +} + +func ExampleLoadX509KeyPair() { + cert, err := tls.LoadX509KeyPair("testdata/example-cert.pem", "testdata/example-key.pem") + if err != nil { + log.Fatal(err) + } + cfg := &tls.Config{Certificates: []tls.Certificate{cert}} + listener, err := tls.Listen("tcp", ":2000", cfg) + if err != nil { + log.Fatal(err) + } + _ = listener +} + +func ExampleX509KeyPair() { + certPem := []byte(`-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw +DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow +EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d +7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B +5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr +BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 +NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l +Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc +6MF9+Yw1Yy0t +-----END CERTIFICATE-----`) + keyPem := []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49 +AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q +EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA== +-----END EC PRIVATE KEY-----`) + cert, err := tls.X509KeyPair(certPem, keyPem) + if err != nil { + log.Fatal(err) + } + cfg := &tls.Config{Certificates: []tls.Certificate{cert}} + listener, err := tls.Listen("tcp", ":2000", cfg) + if err != nil { + log.Fatal(err) + } + _ = listener +} + +func ExampleX509KeyPair_httpServer() { + certPem := []byte(`-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw +DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow +EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d +7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B +5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr +BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 +NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l +Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc +6MF9+Yw1Yy0t +-----END CERTIFICATE-----`) + keyPem := []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49 +AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q +EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA== +-----END EC PRIVATE KEY-----`) + cert, err := stdtls.X509KeyPair(certPem, keyPem) + if err != nil { + log.Fatal(err) + } + cfg := &stdtls.Config{Certificates: []stdtls.Certificate{cert}} + srv := &http.Server{ + TLSConfig: cfg, + ReadTimeout: time.Minute, + WriteTimeout: time.Minute, + } + log.Fatal(srv.ListenAndServeTLS("", "")) +} + +func ExampleConfig_verifyConnection() { + // VerifyConnection can be used to replace and customize connection + // verification. This example shows a VerifyConnection implementation that + // will be approximately equivalent to what crypto/tls does normally to + // verify the peer's certificate. + + // Client side configuration. + _ = &tls.Config{ + // Set InsecureSkipVerify to skip the default validation we are + // replacing. This will not disable VerifyConnection. + InsecureSkipVerify: true, + VerifyConnection: func(cs tls.ConnectionState) error { + opts := x509.VerifyOptions{ + DNSName: cs.ServerName, + Intermediates: x509.NewCertPool(), + } + for _, cert := range cs.PeerCertificates[1:] { + opts.Intermediates.AddCert(cert) + } + _, _, _, err := cs.PeerCertificates[0].Verify(opts) + return err + }, + } + + // Server side configuration. + _ = &tls.Config{ + // Require client certificates (or VerifyConnection will run anyway and + // panic accessing cs.PeerCertificates[0]) but don't verify them with the + // default verifier. This will not disable VerifyConnection. + ClientAuth: tls.RequireAnyClientCert, + VerifyConnection: func(cs tls.ConnectionState) error { + opts := x509.VerifyOptions{ + DNSName: cs.ServerName, + Intermediates: x509.NewCertPool(), + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + } + for _, cert := range cs.PeerCertificates[1:] { + opts.Intermediates.AddCert(cert) + } + _, _, _, err := cs.PeerCertificates[0].Verify(opts) + return err + }, + } + + // Note that when certificates are not handled by the default verifier + // ConnectionState.VerifiedChains will be nil. +} diff --git a/tls/generate_cert.go b/tls/generate_cert.go index bd4472a9..3ece82e2 100644 --- a/tls/generate_cert.go +++ b/tls/generate_cert.go @@ -10,31 +10,47 @@ package main import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" "crypto/rand" "crypto/rsa" - - "github.com/zmap/zcrypto/x509" - "github.com/zmap/zcrypto/x509/pkix" - "encoding/pem" "flag" - "fmt" "log" "math/big" "net" "os" "strings" "time" + + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zcrypto/x509/pkix" ) var ( - host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") - validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") - validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") - isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") - rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate") + host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") + validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") + validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") + isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") + rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") + ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521") + ed25519Key = flag.Bool("ed25519", false, "Generate an Ed25519 key") ) +func publicKey(priv interface{}) interface{} { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &k.PublicKey + case *ecdsa.PrivateKey: + return &k.PublicKey + case ed25519.PrivateKey: + return k.Public().(ed25519.PublicKey) + default: + return nil + } +} + func main() { flag.Parse() @@ -42,9 +58,38 @@ func main() { log.Fatalf("Missing required --host parameter") } - priv, err := rsa.GenerateKey(rand.Reader, *rsaBits) + var priv interface{} + var err error + switch *ecdsaCurve { + case "": + if *ed25519Key { + _, priv, err = ed25519.GenerateKey(rand.Reader) + } else { + priv, err = rsa.GenerateKey(rand.Reader, *rsaBits) + } + case "P224": + priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + case "P256": + priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + case "P384": + priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + case "P521": + priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + default: + log.Fatalf("Unrecognized elliptic curve: %q", *ecdsaCurve) + } if err != nil { - log.Fatalf("failed to generate private key: %s", err) + log.Fatalf("Failed to generate private key: %v", err) + } + + // ECDSA, ED25519 and RSA subject keys should have the DigitalSignature + // KeyUsage bits set in the x509.Certificate template + keyUsage := x509.KeyUsageDigitalSignature + // Only RSA subject keys should have the KeyEncipherment KeyUsage bits set. In + // the context of TLS this KeyUsage is particular to RSA key exchange and + // authentication. + if _, isRSA := priv.(*rsa.PrivateKey); isRSA { + keyUsage |= x509.KeyUsageKeyEncipherment } var notBefore time.Time @@ -53,8 +98,7 @@ func main() { } else { notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) - os.Exit(1) + log.Fatalf("Failed to parse creation date: %v", err) } } @@ -63,7 +107,7 @@ func main() { serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { - log.Fatalf("failed to generate serial number: %s", err) + log.Fatalf("Failed to generate serial number: %v", err) } template := x509.Certificate{ @@ -74,7 +118,7 @@ func main() { NotBefore: notBefore, NotAfter: notAfter, - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + KeyUsage: keyUsage, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } @@ -93,25 +137,37 @@ func main() { template.KeyUsage |= x509.KeyUsageCertSign } - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { - log.Fatalf("Failed to create certificate: %s", err) + log.Fatalf("Failed to create certificate: %v", err) } certOut, err := os.Create("cert.pem") if err != nil { - log.Fatalf("failed to open cert.pem for writing: %s", err) + log.Fatalf("Failed to open cert.pem for writing: %v", err) + } + if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { + log.Fatalf("Failed to write data to cert.pem: %v", err) } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - log.Print("written cert.pem\n") + if err := certOut.Close(); err != nil { + log.Fatalf("Error closing cert.pem: %v", err) + } + log.Print("wrote cert.pem\n") keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { - log.Print("failed to open key.pem for writing:", err) + log.Fatalf("Failed to open key.pem for writing: %v", err) return } - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - log.Print("written key.pem\n") + privBytes, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + log.Fatalf("Unable to marshal private key: %v", err) + } + if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { + log.Fatalf("Failed to write data to key.pem: %v", err) + } + if err := keyOut.Close(); err != nil { + log.Fatalf("Error closing key.pem: %v", err) + } + log.Print("wrote key.pem\n") } diff --git a/tls/handshake_client.go b/tls/handshake_client.go index dab45c30..fb167828 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -6,513 +6,413 @@ package tls import ( "bytes" + "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "crypto/subtle" - "encoding/asn1" - "encoding/binary" "errors" "fmt" + "hash" "io" - "math/big" "net" - "strconv" + "strings" + "sync/atomic" "time" - "github.com/zmap/zcrypto/dsa" - "github.com/zmap/zcrypto/x509" ) type clientHandshakeState struct { - c *Conn - serverHello *serverHelloMsg - hello *clientHelloMsg - suite *cipherSuite - finishedHash finishedHash - masterSecret []byte - preMasterSecret []byte - session *ClientSessionState -} - -type CacheKeyGenerator interface { - Key(net.Addr) string + c *Conn + serverHello *serverHelloMsg + hello *clientHelloMsg + suite *cipherSuite + finishedHash finishedHash + masterSecret []byte + session *ClientSessionState } -type ClientFingerprintConfiguration struct { - // Version in the handshake header - HandshakeVersion uint16 - - // if len == 32, it will specify the client random. - // Otherwise, the field will be random - // except the top 4 bytes if InsertTimestamp is true - ClientRandom []byte - InsertTimestamp bool - - // if RandomSessionID > 0, will overwrite SessionID w/ that many - // random bytes when a session resumption occurs - RandomSessionID int - SessionID []byte - - // These fields will appear exactly in order in the ClientHello - CipherSuites []uint16 - CompressionMethods []uint8 - Extensions []ClientExtension - - // Optional, both must be non-nil, or neither. - // Custom Session cache implementations allowed - SessionCache ClientSessionCache - CacheKey CacheKeyGenerator -} - -type ClientExtension interface { - // Produce the bytes on the wire for this extension, type and length included - Marshal() []byte - - // Function will return an error if zTLS does not implement the necessary features for this extension - CheckImplemented() error - - // Modifies the config to reflect the state of the extension - WriteToConfig(*Config) error -} - -func (c *ClientFingerprintConfiguration) CheckImplementedExtensions() error { - for _, ext := range c.Extensions { - if err := ext.CheckImplemented(); err != nil { - return err - } +func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) { + config := c.config + if len(config.ServerName) == 0 && !config.InsecureSkipVerify { + return nil, nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config") } - return nil -} - -func (c *clientHelloMsg) WriteToConfig(config *Config) error { - config.NextProtos = c.alpnProtocols - config.CipherSuites = c.cipherSuites - config.MaxVersion = c.vers - config.ClientRandom = c.random - config.CurvePreferences = c.supportedCurves - config.HeartbeatEnabled = c.heartbeatEnabled - config.ExtendedRandom = c.extendedRandomEnabled - config.ForceSessionTicketExt = c.ticketSupported - config.ExtendedMasterSecret = c.extendedMasterSecret - config.SignedCertificateTimestampExt = c.sctEnabled - return nil -} -func (c *ClientFingerprintConfiguration) WriteToConfig(config *Config) error { - config.NextProtos = []string{} - config.CipherSuites = c.CipherSuites - config.MaxVersion = c.HandshakeVersion - config.ClientRandom = c.ClientRandom - config.CurvePreferences = []CurveID{} - config.HeartbeatEnabled = false - config.ExtendedRandom = false - config.ForceSessionTicketExt = false - config.ExtendedMasterSecret = false - config.SignedCertificateTimestampExt = false - for _, ext := range c.Extensions { - if err := ext.WriteToConfig(config); err != nil { - return err + nextProtosLength := 0 + for _, proto := range config.NextProtos { + if l := len(proto); l == 0 || l > 255 { + return nil, nil, errors.New("tls: invalid NextProtos value") + } else { + nextProtosLength += 1 + l } } - return nil -} - -func currentTimestamp() ([]byte, error) { - t := time.Now().Unix() - buf := new(bytes.Buffer) - err := binary.Write(buf, binary.BigEndian, t) - return buf.Bytes(), err -} + if nextProtosLength > 0xffff { + return nil, nil, errors.New("tls: NextProtos values too large") + } -func (c *ClientFingerprintConfiguration) marshal(config *Config) ([]byte, error) { - if err := c.CheckImplementedExtensions(); err != nil { - return nil, err + supportedVersions := config.supportedVersions() + if len(supportedVersions) == 0 { + return nil, nil, errors.New("tls: no supported versions satisfy MinVersion and MaxVersion") } - head := make([]byte, 38) - head[0] = 1 - head[4] = uint8(c.HandshakeVersion >> 8) - head[5] = uint8(c.HandshakeVersion) - if len(c.ClientRandom) == 32 { - copy(head[6:38], c.ClientRandom[0:32]) - } else { - start := 6 - if c.InsertTimestamp { - t, err := currentTimestamp() - if err != nil { - return nil, err - } - copy(head[start:start+4], t) - start = start + 4 - } - _, err := io.ReadFull(config.rand(), head[start:38]) - if err != nil { - return nil, errors.New("tls: short read from Rand: " + err.Error()) - } + + clientHelloVersion := config.maxSupportedVersion() + // The version at the beginning of the ClientHello was capped at TLS 1.2 + // for compatibility reasons. The supported_versions extension is used + // to negotiate versions now. See RFC 8446, Section 4.2.1. + if clientHelloVersion > VersionTLS12 { + clientHelloVersion = VersionTLS12 } - if len(c.SessionID) >= 256 { - return nil, errors.New("tls: SessionID too long") + hello := &clientHelloMsg{ + vers: clientHelloVersion, + compressionMethods: []uint8{compressionNone}, + random: make([]byte, 32), + sessionId: make([]byte, 32), + ocspStapling: true, + scts: true, + serverName: hostnameInSNI(config.ServerName), + supportedCurves: config.curvePreferences(), + supportedPoints: []uint8{pointFormatUncompressed}, + secureRenegotiationSupported: true, + alpnProtocols: config.NextProtos, + supportedVersions: supportedVersions, } - sessionID := make([]byte, len(c.SessionID)+1) - sessionID[0] = uint8(len(c.SessionID)) - if len(c.SessionID) > 0 { - copy(sessionID[1:], c.SessionID) + + if c.handshakes > 0 { + hello.secureRenegotiation = c.clientFinished[:] } - ciphers := make([]byte, 2+2*len(c.CipherSuites)) - ciphers[0] = uint8(len(c.CipherSuites) >> 7) - ciphers[1] = uint8(len(c.CipherSuites) << 1) - for i, suite := range c.CipherSuites { - if !config.ForceSuites { - found := false - for _, impl := range implementedCipherSuites { - if impl.id == suite { - found = true - } + possibleCipherSuites := config.cipherSuites() + hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites)) + + for _, suiteId := range possibleCipherSuites { + for _, suite := range cipherSuites { + if suite.id != suiteId { + continue } - if !found { - return nil, errors.New(fmt.Sprintf("tls: unimplemented cipher suite %d", suite)) + // Don't advertise TLS 1.2-only cipher suites unless + // we're attempting TLS 1.2. + if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 { + break } + hello.cipherSuites = append(hello.cipherSuites, suiteId) + break } - - ciphers[2+i*2] = uint8(suite >> 8) - ciphers[3+i*2] = uint8(suite) } - if len(c.CompressionMethods) >= 256 { - return nil, errors.New("tls: Too many compression methods") - } - compressions := make([]byte, len(c.CompressionMethods)+1) - compressions[0] = uint8(len(c.CompressionMethods)) - if len(c.CompressionMethods) > 0 { - copy(compressions[1:], c.CompressionMethods) - if c.CompressionMethods[0] != 0 { - return nil, errors.New(fmt.Sprintf("tls: unimplemented compression method %d", c.CompressionMethods[0])) - } - if len(c.CompressionMethods) > 1 { - return nil, errors.New(fmt.Sprintf("tls: unimplemented compression method %d", c.CompressionMethods[1])) - } - } else { - return nil, errors.New("tls: no compression method") + _, err := io.ReadFull(config.rand(), hello.random) + if err != nil { + return nil, nil, errors.New("tls: short read from Rand: " + err.Error()) } - var extensions []byte - for _, ext := range c.Extensions { - extensions = append(extensions, ext.Marshal()...) - } - if len(extensions) > 0 { - length := make([]byte, 2) - length[0] = uint8(len(extensions) >> 8) - length[1] = uint8(len(extensions)) - extensions = append(length, extensions...) + // A random session ID is used to detect when the server accepted a ticket + // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as + // a compatibility measure (see RFC 8446, Section 4.1.2). + if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil { + return nil, nil, errors.New("tls: short read from Rand: " + err.Error()) } - helloArray := [][]byte{head, sessionID, ciphers, compressions, extensions} - hello := []byte{} - for _, b := range helloArray { - hello = append(hello, b...) + + if hello.vers >= VersionTLS12 { + hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms } - lengthOnTheWire := len(hello) - 4 - if lengthOnTheWire >= 1<<24 { - return nil, errors.New("ClientHello message too long") + + var params ecdheParameters + if hello.supportedVersions[0] == VersionTLS13 { + hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13()...) + + curveID := config.curvePreferences()[0] + if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { + return nil, nil, errors.New("tls: CurvePreferences includes unsupported curve") + } + params, err = generateECDHEParameters(config.rand(), curveID) + if err != nil { + return nil, nil, err + } + hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}} } - hello[1] = uint8(lengthOnTheWire >> 16) - hello[2] = uint8(lengthOnTheWire >> 8) - hello[3] = uint8(lengthOnTheWire) - return hello, nil + return hello, params, nil } -func (c *Conn) clientHandshake() error { +func (c *Conn) clientHandshake() (err error) { if c.config == nil { c.config = defaultConfig() } - var hello *clientHelloMsg - var helloBytes []byte - var session *ClientSessionState - var sessionCache ClientSessionCache - var cacheKey string - // first, let's check if a ClientFingerprintConfiguration template was provided by the config - if c.config.ClientFingerprintConfiguration != nil { - if err := c.config.ClientFingerprintConfiguration.WriteToConfig(c.config); err != nil { - return err - } - session = nil - sessionCache = c.config.ClientFingerprintConfiguration.SessionCache - if sessionCache != nil { - if c.config.ClientFingerprintConfiguration.CacheKey == nil { - return errors.New("tls: must specify CacheKey if SessionCache is defined in Config.ClientFingerprintConfiguration") - } - cacheKey = c.config.ClientFingerprintConfiguration.CacheKey.Key(c.conn.RemoteAddr()) - candidateSession, ok := sessionCache.Get(cacheKey) - if ok { - cipherSuiteOk := false - for _, id := range c.config.ClientFingerprintConfiguration.CipherSuites { - if id == candidateSession.cipherSuite { - cipherSuiteOk = true - break - } - } - versOk := candidateSession.vers >= c.config.minVersion() && - candidateSession.vers <= c.config.ClientFingerprintConfiguration.HandshakeVersion - if versOk && cipherSuiteOk { - session = candidateSession - } - } - } - for i, ext := range c.config.ClientFingerprintConfiguration.Extensions { - switch casted := ext.(type) { - case *SessionTicketExtension: - if casted.Autopopulate { - if session == nil { - if !c.config.ForceSessionTicketExt { - c.config.ClientFingerprintConfiguration.Extensions[i] = &NullExtension{} - } - } else { - c.config.ClientFingerprintConfiguration.Extensions[i] = &SessionTicketExtension{session.sessionTicket, true} - if c.config.ClientFingerprintConfiguration.RandomSessionID > 0 { - c.config.ClientFingerprintConfiguration.SessionID = make([]byte, c.config.ClientFingerprintConfiguration.RandomSessionID) - if _, err := io.ReadFull(c.config.rand(), c.config.ClientFingerprintConfiguration.SessionID); err != nil { - c.sendAlert(alertInternalError) - return errors.New("tls: short read from Rand: " + err.Error()) - } - - } - } - } + // This may be a renegotiation handshake, in which case some fields + // need to be reset. + c.didResume = false + + hello, ecdheParams, err := c.makeClientHello() + if err != nil { + return err + } + c.serverName = hello.serverName + + cacheKey, session, earlySecret, binderKey := c.loadSession(hello) + if cacheKey != "" && session != nil { + defer func() { + // If we got a handshake failure when resuming a session, throw away + // the session ticket. See RFC 5077, Section 3.2. + // + // RFC 8446 makes no mention of dropping tickets on failure, but it + // does require servers to abort on invalid binders, so we need to + // delete tickets to recover from a corrupted PSK. + if err != nil { + c.config.ClientSessionCache.Put(cacheKey, nil) } - } - var err error - helloBytes, err = c.config.ClientFingerprintConfiguration.marshal(c.config) - if err != nil { - return err - } - hello = &clientHelloMsg{} - if ok := hello.unmarshal(helloBytes); !ok { - return errors.New("tls: incompatible ClientFingerprintConfiguration") - } + }() + } - // next, let's check if a ClientHello template was provided by the user - } else if c.config.ExternalClientHello != nil { + if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil { + return err + } - hello = new(clientHelloMsg) + msg, err := c.readHandshake() + if err != nil { + return err + } - if !hello.unmarshal(c.config.ExternalClientHello) { - return errors.New("could not read the ClientHello provided") - } - if err := hello.WriteToConfig(c.config); err != nil { - return err - } + serverHello, ok := msg.(*serverHelloMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(serverHello, msg) + } - // update the SNI with one name, whether or not the extension was already there - hello.serverName = c.config.ServerName + if err := c.pickTLSVersion(serverHello); err != nil { + return err + } - // then we update the 'raw' value of the message - hello.raw = nil - helloBytes = hello.marshal() + // If we are negotiating a protocol version that's lower than what we + // support, check for the server downgrade canaries. + // See RFC 8446, Section 4.1.3. + maxVers := c.config.maxSupportedVersion() + tls12Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS12 + tls11Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS11 + if maxVers == VersionTLS13 && c.vers <= VersionTLS12 && (tls12Downgrade || tls11Downgrade) || + maxVers == VersionTLS12 && c.vers <= VersionTLS11 && tls11Downgrade { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: downgrade attempt detected, possibly due to a MitM attack or a broken middlebox") + } - session = nil - sessionCache = nil - } else { - if len(c.config.ServerName) == 0 && !c.config.InsecureSkipVerify { - return errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config") + if c.vers == VersionTLS13 { + hs := &clientHandshakeStateTLS13{ + c: c, + serverHello: serverHello, + hello: hello, + ecdheParams: ecdheParams, + session: session, + earlySecret: earlySecret, + binderKey: binderKey, } - hello = &clientHelloMsg{ - vers: c.config.maxVersion(), - compressionMethods: []uint8{compressionNone}, - random: make([]byte, 32), - ocspStapling: true, - serverName: c.config.ServerName, - supportedCurves: c.config.curvePreferences(), - supportedPoints: []uint8{pointFormatUncompressed}, - nextProtoNeg: len(c.config.NextProtos) > 0, - secureRenegotiation: true, - alpnProtocols: c.config.NextProtos, - extendedMasterSecret: c.config.maxVersion() >= VersionTLS10 && c.config.ExtendedMasterSecret, - } + // In TLS 1.3, session tickets are delivered after the handshake. + return hs.handshake() + } - if c.config.ForceSessionTicketExt { - hello.ticketSupported = true - } - if c.config.SignedCertificateTimestampExt { - hello.sctEnabled = true - } + hs := &clientHandshakeState{ + c: c, + serverHello: serverHello, + hello: hello, + session: session, + } - if c.config.HeartbeatEnabled && !c.config.ExtendedRandom { - hello.heartbeatEnabled = true - hello.heartbeatMode = heartbeatModePeerAllowed - } + if err := hs.handshake(); err != nil { + return err + } - possibleCipherSuites := c.config.cipherSuites() - hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites)) + // If we had a successful handshake and hs.session is different from + // the one already cached - cache a new one. + if cacheKey != "" && hs.session != nil && session != hs.session { + c.config.ClientSessionCache.Put(cacheKey, hs.session) + } - if c.config.ForceSuites { - hello.cipherSuites = possibleCipherSuites - } else { + return nil +} - NextCipherSuite: - for _, suiteId := range possibleCipherSuites { - for _, suite := range implementedCipherSuites { - if suite.id != suiteId { - continue - } - // Don't advertise TLS 1.2-only cipher suites unless - // we're attempting TLS 1.2. - if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 { - continue - } - hello.cipherSuites = append(hello.cipherSuites, suiteId) - continue NextCipherSuite - } - } - } +func (c *Conn) loadSession(hello *clientHelloMsg) (cacheKey string, + session *ClientSessionState, earlySecret, binderKey []byte) { + if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil { + return "", nil, nil, nil + } - if len(c.config.ClientRandom) == 32 { - copy(hello.random, c.config.ClientRandom) - } else { - _, err := io.ReadFull(c.config.rand(), hello.random) - if err != nil { - c.sendAlert(alertInternalError) - return errors.New("tls: short read from Rand: " + err.Error()) - } - } + hello.ticketSupported = true - if c.config.ExtendedRandom { - hello.extendedRandomEnabled = true - hello.extendedRandom = make([]byte, 32) - if _, err := io.ReadFull(c.config.rand(), hello.extendedRandom); err != nil { - return errors.New("tls: short read from Rand: " + err.Error()) - } - } + if hello.supportedVersions[0] == VersionTLS13 { + // Require DHE on resumption as it guarantees forward secrecy against + // compromise of the session ticket key. See RFC 8446, Section 4.2.9. + hello.pskModes = []uint8{pskModeDHE} + } + + // Session resumption is not allowed if renegotiating because + // renegotiation is primarily used to allow a client to send a client + // certificate, which would be skipped if session resumption occurred. + if c.handshakes != 0 { + return "", nil, nil, nil + } + + // Try to resume a previously negotiated TLS session, if available. + cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config) + session, ok := c.config.ClientSessionCache.Get(cacheKey) + if !ok || session == nil { + return cacheKey, nil, nil, nil + } - if hello.vers >= VersionTLS12 { - hello.signatureAndHashes = c.config.signatureAndHashesForClient() + // Check that version used for the previous session is still valid. + versOk := false + for _, v := range hello.supportedVersions { + if v == session.vers { + versOk = true + break } + } + if !versOk { + return cacheKey, nil, nil, nil + } - sessionCache = c.config.ClientSessionCache - if c.config.SessionTicketsDisabled { - sessionCache = nil + // Check that the cached server certificate is not expired, and that it's + // valid for the ServerName. This should be ensured by the cache key, but + // protect the application from a faulty ClientSessionCache implementation. + if !c.config.InsecureSkipVerify { + if len(session.verifiedChains) == 0 { + // The original connection had InsecureSkipVerify, while this doesn't. + return cacheKey, nil, nil, nil } - if sessionCache != nil { - hello.ticketSupported = true - - // Try to resume a previously negotiated TLS session, if - // available. - cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config) - candidateSession, ok := sessionCache.Get(cacheKey) - if ok { - // Check that the ciphersuite/version used for the - // previous session are still valid. - cipherSuiteOk := false - for _, id := range hello.cipherSuites { - if id == candidateSession.cipherSuite { - cipherSuiteOk = true - break - } - } - - versOk := candidateSession.vers >= c.config.minVersion() && - candidateSession.vers <= c.config.maxVersion() - if versOk && cipherSuiteOk { - session = candidateSession - } - } + serverCert := session.serverCertificates[0] + if c.config.time().After(serverCert.NotAfter) { + // Expired certificate, delete the entry. + c.config.ClientSessionCache.Put(cacheKey, nil) + return cacheKey, nil, nil, nil } + if err := serverCert.VerifyHostname(c.config.ServerName); err != nil { + return cacheKey, nil, nil, nil + } + } - if session != nil { - hello.sessionTicket = session.sessionTicket - // A random session ID is used to detect when the - // server accepted the ticket and is resuming a session - // (see RFC 5077). - hello.sessionId = make([]byte, 16) - if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil { - c.sendAlert(alertInternalError) - return errors.New("tls: short read from Rand: " + err.Error()) - } - + if session.vers != VersionTLS13 { + // In TLS 1.2 the cipher suite must match the resumed session. Ensure we + // are still offering it. + if mutualCipherSuite(hello.cipherSuites, session.cipherSuite) == nil { + return cacheKey, nil, nil, nil } - helloBytes = hello.marshal() + hello.sessionTicket = session.sessionTicket + return } - c.handshakeLog = new(ServerHandshake) - c.heartbleedLog = new(Heartbleed) - c.writeRecord(recordTypeHandshake, helloBytes) - c.handshakeLog.ClientHello = hello.MakeLog() + // Check that the session ticket is not expired. + if c.config.time().After(session.useBy) { + c.config.ClientSessionCache.Put(cacheKey, nil) + return cacheKey, nil, nil, nil + } - msg, err := c.readHandshake() - if err != nil { - return err + // In TLS 1.3 the KDF hash must match the resumed session. Ensure we + // offer at least one cipher suite with that hash. + cipherSuite := cipherSuiteTLS13ByID(session.cipherSuite) + if cipherSuite == nil { + return cacheKey, nil, nil, nil } - serverHello, ok := msg.(*serverHelloMsg) - if !ok { - c.sendAlert(alertUnexpectedMessage) - return unexpectedMessageError(serverHello, msg) + cipherSuiteOk := false + for _, offeredID := range hello.cipherSuites { + offeredSuite := cipherSuiteTLS13ByID(offeredID) + if offeredSuite != nil && offeredSuite.hash == cipherSuite.hash { + cipherSuiteOk = true + break + } + } + if !cipherSuiteOk { + return cacheKey, nil, nil, nil } - c.handshakeLog.ServerHello = serverHello.MakeLog() - if serverHello.heartbeatEnabled { - c.heartbeat = true - c.heartbleedLog.HeartbeatEnabled = true + // Set the pre_shared_key extension. See RFC 8446, Section 4.2.11.1. + ticketAge := uint32(c.config.time().Sub(session.receivedAt) / time.Millisecond) + identity := pskIdentity{ + label: session.sessionTicket, + obfuscatedTicketAge: ticketAge + session.ageAdd, } + hello.pskIdentities = []pskIdentity{identity} + hello.pskBinders = [][]byte{make([]byte, cipherSuite.hash.Size())} + + // Compute the PSK binders. See RFC 8446, Section 4.2.11.2. + psk := cipherSuite.expandLabel(session.masterSecret, "resumption", + session.nonce, cipherSuite.hash.Size()) + earlySecret = cipherSuite.extract(psk, nil) + binderKey = cipherSuite.deriveSecret(earlySecret, resumptionBinderLabel, nil) + transcript := cipherSuite.hash.New() + transcript.Write(hello.marshalWithoutBinders()) + pskBinders := [][]byte{cipherSuite.finishedHash(binderKey, transcript)} + hello.updateBinders(pskBinders) - vers, ok := c.config.mutualVersion(serverHello.vers) + return +} + +func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { + peerVersion := serverHello.vers + if serverHello.supportedVersion != 0 { + peerVersion = serverHello.supportedVersion + } + + vers, ok := c.config.mutualVersion([]uint16{peerVersion}) if !ok { c.sendAlert(alertProtocolVersion) - return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers) + return fmt.Errorf("tls: server selected unsupported protocol version %x", peerVersion) } + c.vers = vers c.haveVers = true + c.in.version = vers + c.out.version = vers - suite := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite) - cipherImplemented := cipherIDInCipherList(serverHello.cipherSuite, implementedCipherSuites) - cipherShared := cipherIDInCipherIDList(serverHello.cipherSuite, c.config.cipherSuites()) - if suite == nil { - // c.sendAlert(alertHandshakeFailure) - if !cipherShared { - c.cipherError = ErrNoMutualCipher - } else if !cipherImplemented { - c.cipherError = ErrUnimplementedCipher - } - } - - hs := &clientHandshakeState{ - c: c, - serverHello: serverHello, - hello: hello, - suite: suite, - finishedHash: newFinishedHash(c.vers, suite), - session: session, - } + return nil +} - hs.finishedHash.Write(helloBytes) - hs.finishedHash.Write(hs.serverHello.marshal()) +// Does the handshake, either a full one or resumes old session. Requires hs.c, +// hs.hello, hs.serverHello, and, optionally, hs.session to be set. +func (hs *clientHandshakeState) handshake() error { + c := hs.c isResume, err := hs.processServerHello() if err != nil { return err } - if !c.config.DontBufferHandshakes { - c.buffering = true - defer c.flush() + + hs.finishedHash = newFinishedHash(c.vers, hs.suite) + + // No signatures of the handshake are needed in a resumption. + // Otherwise, in a full handshake, if we don't have any certificates + // configured then we will never send a CertificateVerify message and + // thus no signatures are needed in that case either. + if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) { + hs.finishedHash.discardHandshakeBuffer() } + + hs.finishedHash.Write(hs.hello.marshal()) + hs.finishedHash.Write(hs.serverHello.marshal()) + + c.buffering = true + c.didResume = isResume if isResume { - if c.cipherError != nil { - c.sendAlert(alertHandshakeFailure) - return c.cipherError - } if err := hs.establishKeys(); err != nil { return err } if err := hs.readSessionTicket(); err != nil { return err } - if err := hs.readFinished(); err != nil { + if err := hs.readFinished(c.serverFinished[:]); err != nil { return err } - if err := hs.sendFinished(); err != nil { + c.clientFinishedIsFirst = false + // Make sure the connection is still being verified whether or not this + // is a resumption. Resumptions currently don't reverify certificates so + // they don't call verifyServerCertificate. See Issue 31641. + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + if err := hs.sendFinished(c.clientFinished[:]); err != nil { return err } if _, err := c.flush(); err != nil { @@ -520,43 +420,39 @@ func (c *Conn) clientHandshake() error { } } else { if err := hs.doFullHandshake(); err != nil { - if err == ErrCertsOnly { - c.sendAlert(alertCloseNotify) - } return err } if err := hs.establishKeys(); err != nil { return err } - if err := hs.sendFinished(); err != nil { + if err := hs.sendFinished(c.clientFinished[:]); err != nil { return err } if _, err := c.flush(); err != nil { return err } + c.clientFinishedIsFirst = true if err := hs.readSessionTicket(); err != nil { return err } - if err := hs.readFinished(); err != nil { + if err := hs.readFinished(c.serverFinished[:]); err != nil { return err } } - if hs.session == nil { - c.handshakeLog.SessionTicket = nil - } else { - c.handshakeLog.SessionTicket = hs.session.MakeLog() - } + c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random) + atomic.StoreUint32(&c.handshakeStatus, 1) - c.handshakeLog.KeyMaterial = hs.MakeLog() + return nil +} - if sessionCache != nil && hs.session != nil && session != hs.session { - sessionCache.Put(cacheKey, hs.session) +func (hs *clientHandshakeState) pickCipherSuite() error { + if hs.suite = mutualCipherSuite(hs.hello.cipherSuites, hs.serverHello.cipherSuite); hs.suite == nil { + hs.c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server chose an unconfigured cipher suite") } - c.didResume = isResume - c.handshakeComplete = true - c.cipherSuite = suite.id + hs.c.cipherSuite = hs.suite.id return nil } @@ -567,114 +463,34 @@ func (hs *clientHandshakeState) doFullHandshake() error { if err != nil { return err } + certMsg, ok := msg.(*certificateMsg) + if !ok || len(certMsg.certificates) == 0 { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) + } + hs.finishedHash.Write(certMsg.marshal()) - var serverCert *x509.Certificate + msg, err = c.readHandshake() + if err != nil { + return err + } - isAnon := hs.suite != nil && (hs.suite.flags&suiteAnon > 0) + cs, ok := msg.(*certificateStatusMsg) + if ok { + // RFC4366 on Certificate Status Request: + // The server MAY return a "certificate_status" message. - if !isAnon { + if !hs.serverHello.ocspStapling { + // If a server returns a "CertificateStatus" message, then the + // server MUST have included an extension of type "status_request" + // with empty "extension_data" in the extended server hello. - certMsg, ok := msg.(*certificateMsg) - if !ok || len(certMsg.certificates) == 0 { c.sendAlert(alertUnexpectedMessage) - return unexpectedMessageError(certMsg, msg) - } - hs.finishedHash.Write(certMsg.marshal()) - - certs := make([]*x509.Certificate, len(certMsg.certificates)) - invalidCert := false - var invalidCertErr error - for i, asn1Data := range certMsg.certificates { - cert, err := x509.ParseCertificate(asn1Data) - if err != nil { - invalidCert = true - invalidCertErr = err - break - } - certs[i] = cert - } - - c.handshakeLog.ServerCertificates = certMsg.MakeLog() - - if c.config.CertsOnly { - // short circuit! - err = ErrCertsOnly - return err - } - - if !invalidCert { - opts := x509.VerifyOptions{ - Roots: c.config.RootCAs, - CurrentTime: c.config.time(), - DNSName: c.config.ServerName, - Intermediates: x509.NewCertPool(), - } - - // Always check validity of the certificates - for _, cert := range certs { - /* - if i == 0 { - continue - } - */ - opts.Intermediates.AddCert(cert) - } - var validation *x509.Validation - c.verifiedChains, validation, err = certs[0].ValidateWithStupidDetail(opts) - c.handshakeLog.ServerCertificates.addParsed(certs, validation) - - // If actually verifying and invalid, reject - if !c.config.InsecureSkipVerify { - if err != nil { - c.sendAlert(alertBadCertificate) - return err - } - } - } - - if invalidCert { - c.sendAlert(alertBadCertificate) - return errors.New("tls: failed to parse certificate from server: " + invalidCertErr.Error()) - } - - c.peerCertificates = certs - - if hs.serverHello.ocspStapling { - msg, err = c.readHandshake() - if err != nil { - return err - } - cs, ok := msg.(*certificateStatusMsg) - if !ok { - c.sendAlert(alertUnexpectedMessage) - return unexpectedMessageError(cs, msg) - } - hs.finishedHash.Write(cs.marshal()) - - if cs.statusType == statusTypeOCSP { - c.ocspResponse = cs.response - } + return errors.New("tls: received unexpected CertificateStatus message") } + hs.finishedHash.Write(cs.marshal()) - serverCert = certs[0] - - var supportedCertKeyType bool - switch serverCert.PublicKey.(type) { - case *rsa.PublicKey, *ecdsa.PublicKey, *x509.AugmentedECDSA: - supportedCertKeyType = true - break - case *dsa.PublicKey: - if c.config.ClientDSAEnabled { - supportedCertKeyType = true - } - default: - break - } - - if !supportedCertKeyType { - c.sendAlert(alertUnsupportedCertificate) - return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", serverCert.PublicKey) - } + c.ocspResponse = cs.response msg, err = c.readHandshake() if err != nil { @@ -682,21 +498,31 @@ func (hs *clientHandshakeState) doFullHandshake() error { } } - // If we don't support the cipher, quit before we need to read the hs.suite - // variable - if c.cipherError != nil { - return c.cipherError + if c.handshakes == 0 { + // If this is the first handshake on a connection, process and + // (optionally) verify the server's certificates. + if err := c.verifyServerCertificate(certMsg.certificates); err != nil { + return err + } + } else { + // This is a renegotiation handshake. We require that the + // server's identity (i.e. leaf certificate) is unchanged and + // thus any previous trust decision is still valid. + // + // See https://mitls.org/pages/attacks/3SHAKE for the + // motivation behind this requirement. + if !bytes.Equal(c.peerCertificates[0].Raw, certMsg.certificates[0]) { + c.sendAlert(alertBadCertificate) + return errors.New("tls: server's identity changed during renegotiation") + } } - skx, ok := msg.(*serverKeyExchangeMsg) - keyAgreement := hs.suite.ka(c.vers) + skx, ok := msg.(*serverKeyExchangeMsg) if ok { hs.finishedHash.Write(skx.marshal()) - - err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, serverCert, skx) - c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) + err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx) if err != nil { c.sendAlert(alertUnexpectedMessage) return err @@ -713,71 +539,12 @@ func (hs *clientHandshakeState) doFullHandshake() error { certReq, ok := msg.(*certificateRequestMsg) if ok { certRequested = true - - // RFC 4346 on the certificateAuthorities field: - // A list of the distinguished names of acceptable certificate - // authorities. These distinguished names may specify a desired - // distinguished name for a root CA or for a subordinate CA; - // thus, this message can be used to describe both known roots - // and a desired authorization space. If the - // certificate_authorities list is empty then the client MAY - // send any certificate of the appropriate - // ClientCertificateType, unless there is some external - // arrangement to the contrary. - hs.finishedHash.Write(certReq.marshal()) - var rsaAvail, ecdsaAvail bool - for _, certType := range certReq.certificateTypes { - switch certType { - case certTypeRSASign: - rsaAvail = true - case certTypeECDSASign: - ecdsaAvail = true - } - } - - // We need to search our list of client certs for one - // where SignatureAlgorithm is RSA and the Issuer is in - // certReq.certificateAuthorities - findCert: - for i, chain := range c.config.Certificates { - if !rsaAvail && !ecdsaAvail { - continue - } - - for j, cert := range chain.Certificate { - x509Cert := chain.Leaf - // parse the certificate if this isn't the leaf - // node, or if chain.Leaf was nil - if j != 0 || x509Cert == nil { - if x509Cert, err = x509.ParseCertificate(cert); err != nil { - c.sendAlert(alertInternalError) - return errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error()) - } - } - - switch { - case rsaAvail && x509Cert.PublicKeyAlgorithm == x509.RSA: - case ecdsaAvail && x509Cert.PublicKeyAlgorithm == x509.ECDSA: - default: - continue findCert - } - - if len(certReq.certificateAuthorities) == 0 { - // they gave us an empty list, so just take the - // first RSA cert from c.config.Certificates - chainToSend = &chain - break findCert - } - - for _, ca := range certReq.certificateAuthorities { - if bytes.Equal(x509Cert.RawIssuer, ca) { - chainToSend = &chain - break findCert - } - } - } + cri := certificateRequestInfoFromMsg(c.vers, certReq) + if chainToSend, err = c.getClientCertificate(cri); err != nil { + c.sendAlert(alertInternalError) + return err } msg, err = c.readHandshake() @@ -797,105 +564,81 @@ func (hs *clientHandshakeState) doFullHandshake() error { // Certificate message, even if it's empty because we don't have a // certificate to send. if certRequested { - certMsg := new(certificateMsg) - if chainToSend != nil { - certMsg.certificates = chainToSend.Certificate - } + certMsg = new(certificateMsg) + certMsg.certificates = chainToSend.Certificate hs.finishedHash.Write(certMsg.marshal()) - c.writeRecord(recordTypeHandshake, certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } } - preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, serverCert) + preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) if err != nil { c.sendAlert(alertInternalError) return err } - - c.handshakeLog.ClientKeyExchange = ckx.MakeLog(keyAgreement) - if ckx != nil { hs.finishedHash.Write(ckx.marshal()) - c.writeRecord(recordTypeHandshake, ckx.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, ckx.marshal()); err != nil { + return err + } } - if chainToSend != nil { - var signed []byte - certVerify := &certificateVerifyMsg{ - hasSignatureAndHash: c.vers >= VersionTLS12, - } + if chainToSend != nil && len(chainToSend.Certificate) > 0 { + certVerify := &certificateVerifyMsg{} - // Determine the hash to sign. - var signatureType uint8 - switch c.config.Certificates[0].PrivateKey.(type) { - case *ecdsa.PrivateKey: - signatureType = signatureECDSA - case *rsa.PrivateKey: - signatureType = signatureRSA - default: - c.sendAlert(alertInternalError) - return errors.New("unknown private key type") - } - certVerify.signatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.signatureAndHashes, c.config.signatureAndHashesForClient(), signatureType) - if err != nil { - c.sendAlert(alertInternalError) - return err - } - digest, hashFunc, err := hs.finishedHash.hashForClientCertificate(certVerify.signatureAndHash, hs.masterSecret) - if err != nil { + key, ok := chainToSend.PrivateKey.(crypto.Signer) + if !ok { c.sendAlert(alertInternalError) - return err + return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey) } - switch key := c.config.Certificates[0].PrivateKey.(type) { - case *ecdsa.PrivateKey: - var r, s *big.Int - r, s, err = ecdsa.Sign(c.config.rand(), key, digest) - if err == nil { - signed, err = asn1.Marshal(ecdsaSignature{r, s}) + var sigType uint8 + var sigHash crypto.Hash + if c.vers >= VersionTLS12 { + signatureAlgorithm, err := selectSignatureScheme(c.vers, chainToSend, certReq.supportedSignatureAlgorithms) + if err != nil { + c.sendAlert(alertIllegalParameter) + return err + } + sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm) + if err != nil { + return c.sendAlert(alertInternalError) + } + certVerify.hasSignatureAlgorithm = true + certVerify.signatureAlgorithm = signatureAlgorithm + } else { + sigType, sigHash, err = legacyTypeAndHashFromPublicKey(key.Public()) + if err != nil { + c.sendAlert(alertIllegalParameter) + return err } - case *rsa.PrivateKey: - signed, err = rsa.SignPKCS1v15(c.config.rand(), key, hashFunc, digest) - default: - err = errors.New("unknown private key type") } + + signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret) + signOpts := crypto.SignerOpts(sigHash) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash} + } + certVerify.signature, err = key.Sign(c.config.rand(), signed, signOpts) if err != nil { c.sendAlert(alertInternalError) - return errors.New("tls: failed to sign handshake with client certificate: " + err.Error()) + return err } - certVerify.signature = signed - hs.writeClientHash(certVerify.marshal()) - c.writeRecord(recordTypeHandshake, certVerify.marshal()) - } - - var cr, sr []byte - if hs.hello.extendedRandomEnabled { - helloRandomLen := len(hs.hello.random) - helloExtendedRandomLen := len(hs.hello.extendedRandom) - - cr = make([]byte, helloRandomLen+helloExtendedRandomLen) - copy(cr, hs.hello.random) - copy(cr[helloRandomLen:], hs.hello.extendedRandom) + hs.finishedHash.Write(certVerify.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certVerify.marshal()); err != nil { + return err + } } - if hs.serverHello.extendedRandomEnabled { - serverRandomLen := len(hs.serverHello.random) - serverExtendedRandomLen := len(hs.serverHello.extendedRandom) - - sr = make([]byte, serverRandomLen+serverExtendedRandomLen) - copy(sr, hs.serverHello.random) - copy(sr[serverRandomLen:], hs.serverHello.extendedRandom) + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random) + if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil { + c.sendAlert(alertInternalError) + return errors.New("tls: failed to write to key log: " + err.Error()) } - hs.preMasterSecret = make([]byte, len(preMasterSecret)) - copy(hs.preMasterSecret, preMasterSecret) - - if hs.serverHello.extendedMasterSecret && c.vers >= VersionTLS10 { - hs.masterSecret = extendedMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.finishedHash) - c.extendedMasterSecret = true - } else { - hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random) - } + hs.finishedHash.discardHandshakeBuffer() return nil } @@ -903,14 +646,15 @@ func (hs *clientHandshakeState) doFullHandshake() error { func (hs *clientHandshakeState) establishKeys() error { c := hs.c - clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) + clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := + keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) var clientCipher, serverCipher interface{} - var clientHash, serverHash macFunction + var clientHash, serverHash hash.Hash if hs.suite.cipher != nil { clientCipher = hs.suite.cipher(clientKey, clientIV, false /* not for reading */) - clientHash = hs.suite.mac(c.vers, clientMAC) + clientHash = hs.suite.mac(clientMAC) serverCipher = hs.suite.cipher(serverKey, serverIV, true /* for reading */) - serverHash = hs.suite.mac(c.vers, serverMAC) + serverHash = hs.suite.mac(serverMAC) } else { clientCipher = hs.suite.aead(clientKey, clientIV) serverCipher = hs.suite.aead(serverKey, serverIV) @@ -931,51 +675,79 @@ func (hs *clientHandshakeState) serverResumedSession() bool { func (hs *clientHandshakeState) processServerHello() (bool, error) { c := hs.c + if err := hs.pickCipherSuite(); err != nil { + return false, err + } + if hs.serverHello.compressionMethod != compressionNone { c.sendAlert(alertUnexpectedMessage) return false, errors.New("tls: server selected unsupported compression format") } - clientDidNPN := hs.hello.nextProtoNeg - clientDidALPN := len(hs.hello.alpnProtocols) > 0 - serverHasNPN := hs.serverHello.nextProtoNeg - serverHasALPN := len(hs.serverHello.alpnProtocol) > 0 + if c.handshakes == 0 && hs.serverHello.secureRenegotiationSupported { + c.secureRenegotiation = true + if len(hs.serverHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: initial handshake had non-empty renegotiation extension") + } + } - if !clientDidNPN && serverHasNPN { - c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: server advertised unrequested NPN extension") + if c.handshakes > 0 && c.secureRenegotiation { + var expectedSecureRenegotiation [24]byte + copy(expectedSecureRenegotiation[:], c.clientFinished[:]) + copy(expectedSecureRenegotiation[12:], c.serverFinished[:]) + if !bytes.Equal(hs.serverHello.secureRenegotiation, expectedSecureRenegotiation[:]) { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: incorrect renegotiation extension contents") + } } - if !clientDidALPN && serverHasALPN { - c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: server advertised unrequested ALPN extension") + if hs.serverHello.alpnProtocol != "" { + if len(hs.hello.alpnProtocols) == 0 { + c.sendAlert(alertUnsupportedExtension) + return false, errors.New("tls: server advertised unrequested ALPN extension") + } + if mutualProtocol([]string{hs.serverHello.alpnProtocol}, hs.hello.alpnProtocols) == "" { + c.sendAlert(alertUnsupportedExtension) + return false, errors.New("tls: server selected unadvertised ALPN protocol") + } + c.clientProtocol = hs.serverHello.alpnProtocol + } + + c.scts = hs.serverHello.scts + + if !hs.serverResumedSession() { + return false, nil } - if serverHasNPN && serverHasALPN { + if hs.session.vers != c.vers { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: server advertised both NPN and ALPN extensions") + return false, errors.New("tls: server resumed a session with a different version") } - if serverHasALPN { - c.clientProtocol = hs.serverHello.alpnProtocol - c.clientProtocolFallback = false + if hs.session.cipherSuite != hs.suite.id { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server resumed a session with a different cipher suite") } - if hs.serverResumedSession() { - // Restore masterSecret and peerCerts from previous state - hs.masterSecret = hs.session.masterSecret - c.extendedMasterSecret = hs.session.extendedMasterSecret - c.peerCertificates = hs.session.serverCertificates - return true, nil + // Restore masterSecret, peerCerts, and ocspResponse from previous state + hs.masterSecret = hs.session.masterSecret + c.peerCertificates = hs.session.serverCertificates + c.verifiedChains = hs.session.verifiedChains + c.ocspResponse = hs.session.ocspResponse + // Let the ServerHello SCTs override the session SCTs from the original + // connection, if any are provided + if len(c.scts) == 0 && len(hs.session.scts) != 0 { + c.scts = hs.session.scts } - return false, nil + + return true, nil } -func (hs *clientHandshakeState) readFinished() error { +func (hs *clientHandshakeState) readFinished(out []byte) error { c := hs.c - c.readRecord(recordTypeChangeCipherSpec) - if err := c.in.error(); err != nil { + if err := c.readChangeCipherSpec(); err != nil { return err } @@ -988,7 +760,6 @@ func (hs *clientHandshakeState) readFinished() error { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(serverFinished, msg) } - c.handshakeLog.ServerFinished = serverFinished.MakeLog() verify := hs.finishedHash.serverSum(hs.masterSecret) if len(verify) != len(serverFinished.verifyData) || @@ -997,6 +768,7 @@ func (hs *clientHandshakeState) readFinished() error { return errors.New("tls: server's Finished message was incorrect") } hs.finishedHash.Write(serverFinished.marshal()) + copy(out, verify) return nil } @@ -1023,49 +795,169 @@ func (hs *clientHandshakeState) readSessionTicket() error { cipherSuite: hs.suite.id, masterSecret: hs.masterSecret, serverCertificates: c.peerCertificates, - lifetimeHint: sessionTicketMsg.lifetimeHint, + verifiedChains: c.verifiedChains, + receivedAt: c.config.time(), + ocspResponse: c.ocspResponse, + scts: c.scts, } return nil } -func (hs *clientHandshakeState) sendFinished() error { +func (hs *clientHandshakeState) sendFinished(out []byte) error { c := hs.c - c.writeRecord(recordTypeChangeCipherSpec, []byte{1}) - if hs.serverHello.nextProtoNeg { - nextProto := new(nextProtoMsg) - proto, fallback := mutualProtocol(c.config.NextProtos, hs.serverHello.nextProtos) - nextProto.proto = proto - c.clientProtocol = proto - c.clientProtocolFallback = fallback - - hs.finishedHash.Write(nextProto.marshal()) - c.writeRecord(recordTypeHandshake, nextProto.marshal()) + if _, err := c.writeRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil { + return err } finished := new(finishedMsg) finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) hs.finishedHash.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + copy(out, finished.verifyData) + return nil +} - c.handshakeLog.ClientFinished = finished.MakeLog() +// verifyServerCertificate parses and verifies the provided chain, setting +// c.verifiedChains and c.peerCertificates or sending the appropriate alert. +func (c *Conn) verifyServerCertificate(certificates [][]byte) error { + certs := make([]*x509.Certificate, len(certificates)) + for i, asn1Data := range certificates { + cert, err := x509.ParseCertificate(asn1Data) + if err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: failed to parse certificate from server: " + err.Error()) + } + certs[i] = cert + } + + if !c.config.InsecureSkipVerify { + opts := x509.VerifyOptions{ + Roots: c.config.RootCAs, + CurrentTime: c.config.time(), + DNSName: c.config.ServerName, + Intermediates: x509.NewCertPool(), + } + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + var err error + c.verifiedChains, _, _, err = certs[0].Verify(opts) + if err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + + switch certs[0].PublicKey.(type) { + case *rsa.PublicKey, *x509.AugmentedECDSA, *ecdsa.PublicKey, ed25519.PublicKey: + break + default: + c.sendAlert(alertUnsupportedCertificate) + return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey) + } + + c.peerCertificates = certs + + if c.config.VerifyPeerCertificate != nil { + if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } - c.writeRecord(recordTypeHandshake, finished.marshal()) return nil } -func (hs *clientHandshakeState) writeClientHash(msg []byte) { - // writeClientHash is called before writeRecord. - hs.writeHash(msg, 0) -} +// certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS +// <= 1.2 CertificateRequest, making an effort to fill in missing information. +func certificateRequestInfoFromMsg(vers uint16, certReq *certificateRequestMsg) *CertificateRequestInfo { + cri := &CertificateRequestInfo{ + AcceptableCAs: certReq.certificateAuthorities, + Version: vers, + } + + var rsaAvail, ecAvail bool + for _, certType := range certReq.certificateTypes { + switch certType { + case certTypeRSASign: + rsaAvail = true + case certTypeECDSASign: + ecAvail = true + } + } + + if !certReq.hasSignatureAlgorithm { + // Prior to TLS 1.2, signature schemes did not exist. In this case we + // make up a list based on the acceptable certificate types, to help + // GetClientCertificate and SupportsCertificate select the right certificate. + // The hash part of the SignatureScheme is a lie here, because + // TLS 1.0 and 1.1 always use MD5+SHA1 for RSA and SHA1 for ECDSA. + switch { + case rsaAvail && ecAvail: + cri.SignatureSchemes = []SignatureScheme{ + ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, + PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1, + } + case rsaAvail: + cri.SignatureSchemes = []SignatureScheme{ + PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1, + } + case ecAvail: + cri.SignatureSchemes = []SignatureScheme{ + ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, + } + } + return cri + } + + // Filter the signature schemes based on the certificate types. + // See RFC 5246, Section 7.4.4 (where it calls this "somewhat complicated"). + cri.SignatureSchemes = make([]SignatureScheme, 0, len(certReq.supportedSignatureAlgorithms)) + for _, sigScheme := range certReq.supportedSignatureAlgorithms { + sigType, _, err := typeAndHashFromSignatureScheme(sigScheme) + if err != nil { + continue + } + switch sigType { + case signatureECDSA, signatureEd25519: + if ecAvail { + cri.SignatureSchemes = append(cri.SignatureSchemes, sigScheme) + } + case signatureRSAPSS, signaturePKCS1v15: + if rsaAvail { + cri.SignatureSchemes = append(cri.SignatureSchemes, sigScheme) + } + } + } -func (hs *clientHandshakeState) writeServerHash(msg []byte) { - // writeServerHash is called after readHandshake. - hs.writeHash(msg, 0) + return cri } -func (hs *clientHandshakeState) writeHash(msg []byte, seqno uint16) { - hs.finishedHash.Write(msg) +func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate, error) { + if c.config.GetClientCertificate != nil { + return c.config.GetClientCertificate(cri) + } + + for _, chain := range c.config.Certificates { + if err := cri.SupportsCertificate(&chain); err != nil { + continue + } + return &chain, nil + } + + // No acceptable certificate found. Don't send a certificate. + return new(Certificate), nil } // clientSessionCacheKey returns a key used to cache sessionTickets that could @@ -1077,18 +969,35 @@ func clientSessionCacheKey(serverAddr net.Addr, config *Config) string { return serverAddr.String() } -// mutualProtocol finds the mutual Next Protocol Negotiation or ALPN protocol -// given list of possible protocols and a list of the preference order. The -// first list must not be empty. It returns the resulting protocol and flag -// indicating if the fallback case was reached. -func mutualProtocol(protos, preferenceProtos []string) (string, bool) { +// mutualProtocol finds the mutual ALPN protocol given list of possible +// protocols and a list of the preference order. +func mutualProtocol(protos, preferenceProtos []string) string { for _, s := range preferenceProtos { for _, c := range protos { if s == c { - return s, false + return s } } } + return "" +} - return protos[0], true +// hostnameInSNI converts name into an appropriate hostname for SNI. +// Literal IP addresses and absolute FQDNs are not permitted as SNI values. +// See RFC 6066, Section 3. +func hostnameInSNI(name string) string { + host := name + if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' { + host = host[1 : len(host)-1] + } + if i := strings.LastIndex(host, "%"); i > 0 { + host = host[:i] + } + if net.ParseIP(host) != nil { + return "" + } + for len(name) > 0 && name[len(name)-1] == '.' { + name = name[:len(name)-1] + } + return name } diff --git a/tls/handshake_client_test.go b/tls/handshake_client_test.go index d7907b7b..692e2e81 100644 --- a/tls/handshake_client_test.go +++ b/tls/handshake_client_test.go @@ -6,16 +6,21 @@ package tls import ( "bytes" - "crypto/ecdsa" "crypto/rsa" + "encoding/base64" + "encoding/binary" "encoding/pem" + "errors" "fmt" "io" + "math/big" "net" "os" "os/exec" "path/filepath" + "reflect" "strconv" + "strings" "testing" "time" @@ -25,40 +30,139 @@ import ( // Note: see comment in handshake_test.go for details of how the reference // tests work. -// blockingSource is an io.Reader that blocks a Read call until it's closed. -type blockingSource chan bool +// opensslInputEvent enumerates possible inputs that can be sent to an `openssl +// s_client` process. +type opensslInputEvent int + +const ( + // opensslRenegotiate causes OpenSSL to request a renegotiation of the + // connection. + opensslRenegotiate opensslInputEvent = iota + + // opensslSendBanner causes OpenSSL to send the contents of + // opensslSentinel on the connection. + opensslSendSentinel + + // opensslKeyUpdate causes OpenSSL to send send a key update message to the + // client and request one back. + opensslKeyUpdate +) + +const opensslSentinel = "SENTINEL\n" + +type opensslInput chan opensslInputEvent + +func (i opensslInput) Read(buf []byte) (n int, err error) { + for event := range i { + switch event { + case opensslRenegotiate: + return copy(buf, []byte("R\n")), nil + case opensslKeyUpdate: + return copy(buf, []byte("K\n")), nil + case opensslSendSentinel: + return copy(buf, []byte(opensslSentinel)), nil + default: + panic("unknown event") + } + } -func (b blockingSource) Read([]byte) (n int, err error) { - <-b return 0, io.EOF } +// opensslOutputSink is an io.Writer that receives the stdout and stderr from an +// `openssl` process and sends a value to handshakeComplete or readKeyUpdate +// when certain messages are seen. +type opensslOutputSink struct { + handshakeComplete chan struct{} + readKeyUpdate chan struct{} + all []byte + line []byte +} + +func newOpensslOutputSink() *opensslOutputSink { + return &opensslOutputSink{make(chan struct{}), make(chan struct{}), nil, nil} +} + +// opensslEndOfHandshake is a message that the “openssl s_server” tool will +// print when a handshake completes if run with “-state”. +const opensslEndOfHandshake = "SSL_accept:SSLv3/TLS write finished" + +// opensslReadKeyUpdate is a message that the “openssl s_server” tool will +// print when a KeyUpdate message is received if run with “-state”. +const opensslReadKeyUpdate = "SSL_accept:TLSv1.3 read client key update" + +func (o *opensslOutputSink) Write(data []byte) (n int, err error) { + o.line = append(o.line, data...) + o.all = append(o.all, data...) + + for { + i := bytes.IndexByte(o.line, '\n') + if i < 0 { + break + } + + if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) { + o.handshakeComplete <- struct{}{} + } + if bytes.Equal([]byte(opensslReadKeyUpdate), o.line[:i]) { + o.readKeyUpdate <- struct{}{} + } + o.line = o.line[i+1:] + } + + return len(data), nil +} + +func (o *opensslOutputSink) String() string { + return string(o.all) +} + // clientTest represents a test of the TLS client handshake against a reference // implementation. type clientTest struct { // name is a freeform string identifying the test and the file in which // the expected results will be stored. name string - // command, if not empty, contains a series of arguments for the + // args, if not empty, contains a series of arguments for the // command to run for the reference server. - command []string + args []string // config, if not nil, contains a custom Config to use for this test. config *Config // cert, if not empty, contains a DER-encoded certificate for the // reference server. cert []byte - // key, if not nil, contains either a *rsa.PrivateKey or + // key, if not nil, contains either a *rsa.PrivateKey, ed25519.PrivateKey or // *ecdsa.PrivateKey which is the private key for the reference server. key interface{} + // extensions, if not nil, contains a list of extension data to be returned + // from the ServerHello. The data should be in standard TLS format with + // a 2-byte uint16 type, 2-byte data length, followed by the extension data. + extensions [][]byte + // validate, if not nil, is a function that will be called with the + // ConnectionState of the resulting connection. It returns a non-nil + // error if the ConnectionState is unacceptable. + validate func(ConnectionState) error + // numRenegotiations is the number of times that the connection will be + // renegotiated. + numRenegotiations int + // renegotiationExpectedToFail, if not zero, is the number of the + // renegotiation attempt that is expected to fail. + renegotiationExpectedToFail int + // checkRenegotiationError, if not nil, is called with any error + // arising from renegotiation. It can map expected errors to nil to + // ignore them. + checkRenegotiationError func(renegotiationNum int, err error) error + // sendKeyUpdate will cause the server to send a KeyUpdate message. + sendKeyUpdate bool } -var defaultServerCommand = []string{"openssl", "s_server"} +var serverCommand = []string{"openssl", "s_server", "-no_ticket", "-num_tickets", "0"} // connFromCommand starts the reference server process, connects to it and -// returns a recordingConn for the connection. The stdin return value is a -// blockingSource for the stdin of the child process. It must be closed before +// returns a recordingConn for the connection. The stdin return value is an +// opensslInput for the stdin of the child process. It must be closed before // Waiting for child. -func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, stdin blockingSource, err error) { +func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, stdin opensslInput, stdout *opensslOutputSink, err error) { cert := testRSACertificate if len(test.cert) > 0 { cert = test.cert @@ -70,35 +174,20 @@ func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, if test.key != nil { key = test.key } - var pemType string - var derBytes []byte - switch key := key.(type) { - case *rsa.PrivateKey: - pemType = "RSA" - derBytes = x509.MarshalPKCS1PrivateKey(key) - case *ecdsa.PrivateKey: - pemType = "EC" - var err error - derBytes, err = x509.MarshalECPrivateKey(key) - if err != nil { - panic(err) - } - default: - panic("unknown key type") + derBytes, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + panic(err) } var pemOut bytes.Buffer - pem.Encode(&pemOut, &pem.Block{Type: pemType + " PRIVATE KEY", Bytes: derBytes}) + pem.Encode(&pemOut, &pem.Block{Type: "PRIVATE KEY", Bytes: derBytes}) - keyPath := tempFile(string(pemOut.Bytes())) + keyPath := tempFile(pemOut.String()) defer os.Remove(keyPath) var command []string - if len(test.command) > 0 { - command = append(command, test.command...) - } else { - command = append(command, defaultServerCommand...) - } + command = append(command, serverCommand...) + command = append(command, test.args...) command = append(command, "-cert", certPath, "-certform", "DER", "-key", keyPath) // serverPort contains the port that OpenSSL will listen on. OpenSSL // can't take "0" as an argument here so we have to pick a number and @@ -108,14 +197,41 @@ func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, const serverPort = 24323 command = append(command, "-accept", strconv.Itoa(serverPort)) + if len(test.extensions) > 0 { + var serverInfo bytes.Buffer + for _, ext := range test.extensions { + pem.Encode(&serverInfo, &pem.Block{ + Type: fmt.Sprintf("SERVERINFO FOR EXTENSION %d", binary.BigEndian.Uint16(ext)), + Bytes: ext, + }) + } + serverInfoPath := tempFile(serverInfo.String()) + defer os.Remove(serverInfoPath) + command = append(command, "-serverinfo", serverInfoPath) + } + + if test.numRenegotiations > 0 || test.sendKeyUpdate { + found := false + for _, flag := range command[1:] { + if flag == "-state" { + found = true + break + } + } + + if !found { + panic("-state flag missing to OpenSSL, you need this if testing renegotiation or KeyUpdate") + } + } + cmd := exec.Command(command[0], command[1:]...) - stdin = blockingSource(make(chan bool)) + stdin = opensslInput(make(chan opensslInputEvent)) cmd.Stdin = stdin - var out bytes.Buffer - cmd.Stdout = &out - cmd.Stderr = &out + out := newOpensslOutputSink() + cmd.Stdout = out + cmd.Stderr = out if err := cmd.Start(); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } // OpenSSL does print an "ACCEPT" banner, but it does so *before* @@ -124,7 +240,6 @@ func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, // connection. var tcpConn net.Conn for i := uint(0); i < 5; i++ { - var err error tcpConn, err = net.DialTCP("tcp", nil, &net.TCPAddr{ IP: net.IPv4(127, 0, 0, 1), Port: serverPort, @@ -134,18 +249,18 @@ func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, } time.Sleep((1 << i) * 5 * time.Millisecond) } - if tcpConn == nil { + if err != nil { close(stdin) - out.WriteTo(os.Stdout) cmd.Process.Kill() - return nil, nil, nil, cmd.Wait() + err = fmt.Errorf("error connecting to the OpenSSL server: %v (%v)\n\n%s", err, cmd.Wait(), out) + return nil, nil, nil, nil, err } record := &recordingConn{ Conn: tcpConn, } - return record, cmd, stdin, nil + return record, cmd, stdin, out, nil } func (test *clientTest) dataPath() string { @@ -165,58 +280,195 @@ func (test *clientTest) run(t *testing.T, write bool) { var clientConn, serverConn net.Conn var recordingConn *recordingConn var childProcess *exec.Cmd - var stdin blockingSource + var stdin opensslInput + var stdout *opensslOutputSink if write { var err error - recordingConn, childProcess, stdin, err = test.connFromCommand() + recordingConn, childProcess, stdin, stdout, err = test.connFromCommand() if err != nil { t.Fatalf("Failed to start subcommand: %s", err) } clientConn = recordingConn + defer func() { + if t.Failed() { + t.Logf("OpenSSL output:\n\n%s", stdout.all) + } + }() } else { - clientConn, serverConn = net.Pipe() - } - - config := test.config - if config == nil { - config = testConfig + clientConn, serverConn = localPipe(t) } - client := Client(clientConn, config) doneChan := make(chan bool) + defer func() { + clientConn.Close() + <-doneChan + }() go func() { + defer close(doneChan) + + config := test.config + if config == nil { + config = testConfig + } + client := Client(clientConn, config) + defer client.Close() + if _, err := client.Write([]byte("hello\n")); err != nil { - t.Logf("Client.Write failed: %s", err) + t.Errorf("Client.Write failed: %s", err) + return + } + + for i := 1; i <= test.numRenegotiations; i++ { + t.Logf("Renegotiation %d", i) + // The initial handshake will generate a + // handshakeComplete signal which needs to be quashed. + if i == 1 && write { + <-stdout.handshakeComplete + } + + // OpenSSL will try to interleave application data and + // a renegotiation if we send both concurrently. + // Therefore: ask OpensSSL to start a renegotiation, run + // a goroutine to call client.Read and thus process the + // renegotiation request, watch for OpenSSL's stdout to + // indicate that the handshake is complete and, + // finally, have OpenSSL write something to cause + // client.Read to complete. + if write { + stdin <- opensslRenegotiate + } + + signalChan := make(chan struct{}) + + go func() { + defer close(signalChan) + + buf := make([]byte, 256) + n, err := client.Read(buf) + + if test.checkRenegotiationError != nil { + newErr := test.checkRenegotiationError(i, err) + if err != nil && newErr == nil { + t.Logf("checkRenegotiationError failed: %s", err) + return + } + err = newErr + } + + if err != nil { + t.Errorf("Client.Read failed after renegotiation #%d: %s", i, err) + return + } + + buf = buf[:n] + if !bytes.Equal([]byte(opensslSentinel), buf) { + t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel) + } + + if expected := i + 1; client.handshakes != expected { + t.Errorf("client should have recorded %d handshakes, but believes that %d have occurred", expected, client.handshakes) + } + }() + + if write && test.renegotiationExpectedToFail != i { + <-stdout.handshakeComplete + stdin <- opensslSendSentinel + } + <-signalChan + } + + if test.sendKeyUpdate { + if write { + <-stdout.handshakeComplete + stdin <- opensslKeyUpdate + } + + doneRead := make(chan struct{}) + + go func() { + defer close(doneRead) + + buf := make([]byte, 256) + n, err := client.Read(buf) + + if err != nil { + t.Errorf("Client.Read failed after KeyUpdate: %s", err) + return + } + + buf = buf[:n] + if !bytes.Equal([]byte(opensslSentinel), buf) { + t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel) + } + }() + + if write { + // There's no real reason to wait for the client KeyUpdate to + // send data with the new server keys, except that s_server + // drops writes if they are sent at the wrong time. + <-stdout.readKeyUpdate + stdin <- opensslSendSentinel + } + <-doneRead + + if _, err := client.Write([]byte("hello again\n")); err != nil { + t.Errorf("Client.Write failed: %s", err) + return + } + } + + if test.validate != nil { + if err := test.validate(client.ConnectionState()); err != nil { + t.Errorf("validate callback returned error: %s", err) + } + } + + // If the server sent us an alert after our last flight, give it a + // chance to arrive. + if write && test.renegotiationExpectedToFail == 0 { + if err := peekError(client); err != nil { + t.Errorf("final Read returned an error: %s", err) + } } - client.Close() - clientConn.Close() - doneChan <- true }() if !write { flows, err := test.loadData() if err != nil { - t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) + t.Fatalf("%s: failed to load data from %s: %v", test.name, test.dataPath(), err) } for i, b := range flows { + t.Logf("flow %d", i) if i%2 == 1 { + if *fast { + serverConn.SetWriteDeadline(time.Now().Add(1 * time.Second)) + } else { + serverConn.SetWriteDeadline(time.Now().Add(10 * time.Second)) + } serverConn.Write(b) continue } bb := make([]byte, len(b)) + if *fast { + serverConn.SetReadDeadline(time.Now().Add(1 * time.Second)) + } else { + serverConn.SetReadDeadline(time.Now().Add(10 * time.Second)) + } _, err := io.ReadFull(serverConn, bb) if err != nil { - t.Fatalf("%s #%d: %s", test.name, i, err) + t.Fatalf("%s, flow %d: %s", test.name, i+1, err) } if !bytes.Equal(b, bb) { - t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i, bb, b) + t.Fatalf("%s, flow %d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) } } - serverConn.Close() } <-doneChan + if !write { + serverConn.Close() + } if write { path := test.dataPath() @@ -230,348 +482,2039 @@ func (test *clientTest) run(t *testing.T, write bool) { childProcess.Process.Kill() childProcess.Wait() if len(recordingConn.flows) < 3 { - childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout) t.Fatalf("Client connection didn't work") } recordingConn.WriteTo(out) - fmt.Printf("Wrote %s\n", path) + t.Logf("Wrote %s\n", path) + } +} + +// peekError does a read with a short timeout to check if the next read would +// cause an error, for example if there is an alert waiting on the wire. +func peekError(conn net.Conn) error { + conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) + if n, err := conn.Read(make([]byte, 1)); n != 0 { + return errors.New("unexpectedly read data") + } else if err != nil { + if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() { + return err + } } + return nil } -func runClientTestForVersion(t *testing.T, template *clientTest, prefix, option string) { +func runClientTestForVersion(t *testing.T, template *clientTest, version, option string) { + // Make a deep copy of the template before going parallel. test := *template - test.name = prefix + test.name - if len(test.command) == 0 { - test.command = defaultClientCommand + if template.config != nil { + test.config = template.config.Clone() } - test.command = append([]string(nil), test.command...) - test.command = append(test.command, option) - test.run(t, *update) + test.name = version + "-" + test.name + test.args = append([]string{option}, test.args...) + + runTestAndUpdateIfNeeded(t, version, test.run, false) } func runClientTestTLS10(t *testing.T, template *clientTest) { - runClientTestForVersion(t, template, "TLSv10-", "-tls1") + runClientTestForVersion(t, template, "TLSv10", "-tls1") } func runClientTestTLS11(t *testing.T, template *clientTest) { - runClientTestForVersion(t, template, "TLSv11-", "-tls1_1") + runClientTestForVersion(t, template, "TLSv11", "-tls1_1") } func runClientTestTLS12(t *testing.T, template *clientTest) { - runClientTestForVersion(t, template, "TLSv12-", "-tls1_2") -} - -//func TestHandshakeClientRSARC4(t *testing.T) { -// test := &clientTest{ -// name: "RSA-RC4", -// command: []string{"openssl", "s_server", "-cipher", "RC4-SHA"}, -// } -// runClientTestTLS10(t, test) -// runClientTestTLS11(t, test) -// runClientTestTLS12(t, test) -//} -// -//func TestHandshakeClientECDHERSAAES(t *testing.T) { -// test := &clientTest{ -// name: "ECDHE-RSA-AES", -// command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-SHA"}, -// } -// runClientTestTLS10(t, test) -// runClientTestTLS11(t, test) -// runClientTestTLS12(t, test) -//} -// -//func TestHandshakeClientECDHEECDSAAES(t *testing.T) { -// test := &clientTest{ -// name: "ECDHE-ECDSA-AES", -// command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA"}, -// cert: testECDSACertificate, -// key: testECDSAPrivateKey, -// } -// runClientTestTLS10(t, test) -// runClientTestTLS11(t, test) -// runClientTestTLS12(t, test) -//} -// -//func TestHandshakeClientECDHEECDSAAESGCM(t *testing.T) { -// test := &clientTest{ -// name: "ECDHE-ECDSA-AES-GCM", -// command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"}, -// cert: testECDSACertificate, -// key: testECDSAPrivateKey, -// } -// runClientTestTLS12(t, test) -//} -// -//func TestHandshakeClientCertRSA(t *testing.T) { -// config := *testConfig -// cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) -// config.Certificates = []Certificate{cert} -// -// test := &clientTest{ -// name: "ClientCert-RSA-RSA", -// command: []string{"openssl", "s_server", "-cipher", "RC4-SHA", "-verify", "1"}, -// config: &config, -// } -// -// runClientTestTLS10(t, test) -// runClientTestTLS12(t, test) -// -// test = &clientTest{ -// name: "ClientCert-RSA-ECDSA", -// command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, -// config: &config, -// cert: testECDSACertificate, -// key: testECDSAPrivateKey, -// } -// -// runClientTestTLS10(t, test) -// runClientTestTLS12(t, test) -//} - -// TODO: figure out why this test is failing -//func TestHandshakeClientCertECDSA(t *testing.T) { -// config := *testConfig -// cert, _ := X509KeyPair([]byte(clientECDSACertificatePEM), []byte(clientECDSAKeyPEM)) -// config.Certificates = []Certificate{cert} -// -// test := &clientTest{ -// name: "ClientCert-ECDSA-RSA", -// command: []string{"openssl", "s_server", "-cipher", "RC4-SHA", "-verify", "1"}, -// config: &config, -// } -// -// runClientTestTLS10(t, test) -// runClientTestTLS12(t, test) -// -// test = &clientTest{ -// name: "ClientCert-ECDSA-ECDSA", -// command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, -// config: &config, -// cert: testECDSACertificate, -// key: testECDSAPrivateKey, -// } -// -// runClientTestTLS10(t, test) -// runClientTestTLS12(t, test) -//} - -func TestClientResumption(t *testing.T) { - serverConfig := &Config{ - CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, - Certificates: testConfig.Certificates, - } - clientConfig := &Config{ - CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, - InsecureSkipVerify: true, - ClientSessionCache: NewLRUClientSessionCache(32), - } - - testResumeState := func(test string, didResume bool) { - hs, err := testHandshake(clientConfig, serverConfig) - if err != nil { - t.Fatalf("%s: handshake failed: %s", test, err) - } - if hs.DidResume != didResume { - t.Fatalf("%s resumed: %v, expected: %v", test, hs.DidResume, didResume) - } - } + runClientTestForVersion(t, template, "TLSv12", "-tls1_2") +} - testResumeState("Handshake", false) - testResumeState("Resume", true) +func runClientTestTLS13(t *testing.T, template *clientTest) { + runClientTestForVersion(t, template, "TLSv13", "-tls1_3") +} - if _, err := io.ReadFull(serverConfig.rand(), serverConfig.SessionTicketKey[:]); err != nil { - t.Fatalf("Failed to invalidate SessionTicketKey") +func TestHandshakeClientRSARC4(t *testing.T) { + test := &clientTest{ + name: "RSA-RC4", + args: []string{"-cipher", "RC4-SHA"}, } - testResumeState("InvalidSessionTicketKey", false) - testResumeState("ResumeAfterInvalidSessionTicketKey", true) + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} - clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} - testResumeState("DifferentCipherSuite", false) - testResumeState("DifferentCipherSuiteRecovers", true) +func TestHandshakeClientRSAAES128GCM(t *testing.T) { + test := &clientTest{ + name: "AES128-GCM-SHA256", + args: []string{"-cipher", "AES128-GCM-SHA256"}, + } + runClientTestTLS12(t, test) +} - clientConfig.ClientSessionCache = nil - testResumeState("WithoutSessionCache", false) +func TestHandshakeClientRSAAES256GCM(t *testing.T) { + test := &clientTest{ + name: "AES256-GCM-SHA384", + args: []string{"-cipher", "AES256-GCM-SHA384"}, + } + runClientTestTLS12(t, test) } -func TestLRUClientSessionCache(t *testing.T) { - // Initialize cache of capacity 4. - cache := NewLRUClientSessionCache(4) - cs := make([]ClientSessionState, 6) - keys := []string{"0", "1", "2", "3", "4", "5", "6"} +func TestHandshakeClientECDHERSAAES(t *testing.T) { + test := &clientTest{ + name: "ECDHE-RSA-AES", + args: []string{"-cipher", "ECDHE-RSA-AES128-SHA"}, + } + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} - // Add 4 entries to the cache and look them up. - for i := 0; i < 4; i++ { - cache.Put(keys[i], &cs[i]) +func TestHandshakeClientECDHEECDSAAES(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES", + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, } - for i := 0; i < 4; i++ { - if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { - t.Fatalf("session cache failed lookup for added key: %s", keys[i]) - } + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAAESGCM(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES-GCM", + args: []string{"-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, } + runClientTestTLS12(t, test) +} - // Add 2 more entries to the cache. First 2 should be evicted. - for i := 4; i < 6; i++ { - cache.Put(keys[i], &cs[i]) +func TestHandshakeClientAES256GCMSHA384(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES256-GCM-SHA384", + args: []string{"-cipher", "ECDHE-ECDSA-AES256-GCM-SHA384"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, } - for i := 0; i < 2; i++ { - if s, ok := cache.Get(keys[i]); ok || s != nil { - t.Fatalf("session cache should have evicted key: %s", keys[i]) - } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "AES128-SHA256", + args: []string{"-cipher", "AES128-SHA256"}, } + runClientTestTLS12(t, test) +} - // Touch entry 2. LRU should evict 3 next. - cache.Get(keys[2]) - cache.Put(keys[0], &cs[0]) - if s, ok := cache.Get(keys[3]); ok || s != nil { - t.Fatalf("session cache should have evicted key 3") +func TestHandshakeClientECDHERSAAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "ECDHE-RSA-AES128-SHA256", + args: []string{"-cipher", "ECDHE-RSA-AES128-SHA256"}, } + runClientTestTLS12(t, test) +} - // Update entry 0 in place. - cache.Put(keys[0], &cs[3]) - if s, ok := cache.Get(keys[0]); !ok || s != &cs[3] { - t.Fatalf("session cache failed update for key 0") +func TestHandshakeClientECDHEECDSAAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES128-SHA256", + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA256"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, } + runClientTestTLS12(t, test) +} - // Adding a nil entry is valid. - cache.Put(keys[0], nil) - if s, ok := cache.Get(keys[0]); !ok || s != nil { - t.Fatalf("failed to add nil entry to cache") - } -} - -// Test the custom client hello feature by imitating a Firefox ClientHello message -func TestHandshakeClientCustomHello(t *testing.T) { - hello := ClientFingerprintConfiguration{} - hello.HandshakeVersion = 0x0303 - - hello.CipherSuites = []uint16{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - } - hello.CompressionMethods = []uint8{0} - sni := SNIExtension{[]string{}, true} - ec := SupportedCurvesExtension{[]CurveID{CurveP256, CurveP384, CurveP521}} - points := PointFormatExtension{[]uint8{0}} - st := SessionTicketExtension{[]byte{}, true} - alpn := ALPNExtension{[]string{"h2", "http/1.1"}} - sigs := SignatureAlgorithmExtension{[]uint16{0x0401, - 0x0501, - 0x0601, - 0x0201, - 0x0403, - 0x0503, - 0x0603, - 0x0203, - 0x0502, - 0x0402, - 0x0202, - }} +func TestHandshakeClientX25519(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{X25519} - hello.Extensions = []ClientExtension{&sni, - &ExtendedMasterSecretExtension{}, - &SecureRenegotiationExtension{}, - &ec, - &points, - &st, - &NextProtocolNegotiationExtension{}, - &alpn, - &StatusRequestExtension{}, - &sigs, - } - config := *testConfig - config.ClientFingerprintConfiguration = &hello test := &clientTest{ - name: "ClientFingerprint", - command: []string{"openssl", "s_server"}, - config: &config, + name: "X25519-ECDHE", + args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "X25519"}, + config: config, } + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) } -// writeCountingConn wraps a net.Conn and counts the number of Write calls. -type writeCountingConn struct { - net.Conn +func TestHandshakeClientP256(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} - // numWrites is the number of writes that have been done. - numWrites int -} + test := &clientTest{ + name: "P256-ECDHE", + args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"}, + config: config, + } -func (wcc *writeCountingConn) Write(data []byte) (int, error) { - wcc.numWrites++ - return wcc.Conn.Write(data) + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) } -func TestBuffering(t *testing.T) { - c, s := net.Pipe() - done := make(chan bool) +func TestHandshakeClientHelloRetryRequest(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{X25519, CurveP256} - clientWCC := &writeCountingConn{Conn: c} - serverWCC := &writeCountingConn{Conn: s} + test := &clientTest{ + name: "HelloRetryRequest", + args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"}, + config: config, + } - go func() { - Server(serverWCC, testConfig).Handshake() - serverWCC.Close() - done <- true - }() + runClientTestTLS13(t, test) +} - err := Client(clientWCC, testConfig).Handshake() - if err != nil { - t.Fatal(err) +func TestHandshakeClientECDHERSAChaCha20(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305} + + test := &clientTest{ + name: "ECDHE-RSA-CHACHA20-POLY1305", + args: []string{"-cipher", "ECDHE-RSA-CHACHA20-POLY1305"}, + config: config, } - clientWCC.Close() - <-done - if n := clientWCC.numWrites; n != 2 { - t.Errorf("expected client handshake to complete with only two writes, but saw %d", n) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAChaCha20(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305} + + test := &clientTest{ + name: "ECDHE-ECDSA-CHACHA20-POLY1305", + args: []string{"-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, } - if n := serverWCC.numWrites; n != 2 { - t.Errorf("expected server handshake to complete with only two writes, but saw %d", n) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientAES128SHA256(t *testing.T) { + test := &clientTest{ + name: "AES128-SHA256", + args: []string{"-ciphersuites", "TLS_AES_128_GCM_SHA256"}, + } + runClientTestTLS13(t, test) +} +func TestHandshakeClientAES256SHA384(t *testing.T) { + test := &clientTest{ + name: "AES256-SHA384", + args: []string{"-ciphersuites", "TLS_AES_256_GCM_SHA384"}, } + runClientTestTLS13(t, test) +} +func TestHandshakeClientCHACHA20SHA256(t *testing.T) { + test := &clientTest{ + name: "CHACHA20-SHA256", + args: []string{"-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + } + runClientTestTLS13(t, test) } -func TestDontBuffer(t *testing.T) { - c, s := net.Pipe() - done := make(chan bool) +func TestHandshakeClientECDSATLS13(t *testing.T) { + test := &clientTest{ + name: "ECDSA", + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + runClientTestTLS13(t, test) +} - clientWCC := &writeCountingConn{Conn: c} - serverWCC := &writeCountingConn{Conn: s} - testConfig.DontBufferHandshakes = true - defer func() { - testConfig.DontBufferHandshakes = false - }() - go func() { - Server(serverWCC, testConfig).Handshake() - serverWCC.Close() - done <- true - }() +func TestHandshakeClientEd25519(t *testing.T) { + test := &clientTest{ + name: "Ed25519", + cert: testEd25519Certificate, + key: testEd25519PrivateKey, + } + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) - err := Client(clientWCC, testConfig).Handshake() + config := testConfig.Clone() + cert, err := X509KeyPair([]byte(clientEd25519CertificatePEM), []byte(clientEd25519KeyPEM)) if err != nil { - t.Fatal(err) + t.Fatalf("failed to create cert: %v", err) } - clientWCC.Close() - <-done + config.Certificates = []Certificate{cert} - if n := clientWCC.numWrites; n != 4 { - t.Errorf("expected client handshake to complete with only two writes, but saw %d", n) + test = &clientTest{ + name: "ClientCert-Ed25519", + args: []string{"-Verify", "1"}, + config: config, } - if n := serverWCC.numWrites; n != 6 { - t.Errorf("expected server handshake to complete with only two writes, but saw %d", n) + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) +} + +func TestHandshakeClientCertRSA(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-RSA-RSA", + args: []string{"-cipher", "AES128", "-Verify", "1"}, + config: config, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + + test = &clientTest{ + name: "ClientCert-RSA-ECDSA", + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) + + test = &clientTest{ + name: "ClientCert-RSA-AES256-GCM-SHA384", + args: []string{"-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-Verify", "1"}, + config: config, + cert: testRSACertificate, + key: testRSAPrivateKey, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientCertECDSA(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientECDSACertificatePEM), []byte(clientECDSAKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-ECDSA-RSA", + args: []string{"-cipher", "AES128", "-Verify", "1"}, + config: config, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) + + test = &clientTest{ + name: "ClientCert-ECDSA-ECDSA", + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) +} + +// TestHandshakeClientCertRSAPSS tests rsa_pss_rsae_sha256 signatures from both +// client and server certificates. It also serves from both sides a certificate +// signed itself with RSA-PSS, mostly to check that crypto/x509 chain validation +// works. +func TestHandshakeClientCertRSAPSS(t *testing.T) { + cert, err := x509.ParseCertificate(testRSAPSSCertificate) + if err != nil { + panic(err) + } + rootCAs := x509.NewCertPool() + rootCAs.AddCert(cert) + + config := testConfig.Clone() + // Use GetClientCertificate to bypass the client certificate selection logic. + config.GetClientCertificate = func(*CertificateRequestInfo) (*Certificate, error) { + return &Certificate{ + Certificate: [][]byte{testRSAPSSCertificate}, + PrivateKey: testRSAPrivateKey, + }, nil + } + config.RootCAs = rootCAs + + test := &clientTest{ + name: "ClientCert-RSA-RSAPSS", + args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", + "rsa_pss_rsae_sha256", "-sigalgs", "rsa_pss_rsae_sha256"}, + config: config, + cert: testRSAPSSCertificate, + key: testRSAPrivateKey, + } + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) +} + +func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-RSA-RSAPKCS1v15", + args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", + "rsa_pkcs1_sha256", "-sigalgs", "rsa_pkcs1_sha256"}, + config: config, + } + + runClientTestTLS12(t, test) +} + +func TestClientKeyUpdate(t *testing.T) { + test := &clientTest{ + name: "KeyUpdate", + args: []string{"-state"}, + sendKeyUpdate: true, + } + runClientTestTLS13(t, test) +} + +func TestResumption(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testResumption(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testResumption(t, VersionTLS13) }) +} + +func testResumption(t *testing.T, version uint16) { + if testing.Short() { + t.Skip("skipping in -short mode") + } + serverConfig := &Config{ + MaxVersion: version, + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Certificates: testConfig.Certificates, + } + + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + clientConfig := &Config{ + MaxVersion: version, + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + ClientSessionCache: NewLRUClientSessionCache(32), + RootCAs: rootCAs, + ServerName: "example.golang", + } + + testResumeState := func(test string, didResume bool) { + _, hs, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("%s: handshake failed: %s", test, err) + } + if hs.DidResume != didResume { + t.Fatalf("%s resumed: %v, expected: %v", test, hs.DidResume, didResume) + } + if didResume && (hs.PeerCertificates == nil || hs.VerifiedChains == nil) { + t.Fatalf("expected non-nil certificates after resumption. Got peerCertificates: %#v, verifiedCertificates: %#v", hs.PeerCertificates, hs.VerifiedChains) + } + if got, want := hs.ServerName, clientConfig.ServerName; got != want { + t.Errorf("%s: server name %s, want %s", test, got, want) + } + } + + getTicket := func() []byte { + return clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.sessionTicket + } + deleteTicket := func() { + ticketKey := clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).sessionKey + clientConfig.ClientSessionCache.Put(ticketKey, nil) + } + corruptTicket := func() { + clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.masterSecret[0] ^= 0xff + } + randomKey := func() [32]byte { + var k [32]byte + if _, err := io.ReadFull(serverConfig.rand(), k[:]); err != nil { + t.Fatalf("Failed to read new SessionTicketKey: %s", err) + } + return k + } + + testResumeState("Handshake", false) + ticket := getTicket() + testResumeState("Resume", true) + if !bytes.Equal(ticket, getTicket()) && version != VersionTLS13 { + t.Fatal("first ticket doesn't match ticket after resumption") + } + if bytes.Equal(ticket, getTicket()) && version == VersionTLS13 { + t.Fatal("ticket didn't change after resumption") + } + + // An old session ticket can resume, but the server will provide a ticket encrypted with a fresh key. + serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) } + testResumeState("ResumeWithOldTicket", true) + if bytes.Equal(ticket[:ticketKeyNameLen], getTicket()[:ticketKeyNameLen]) { + t.Fatal("old first ticket matches the fresh one") + } + + // Now the session tickey key is expired, so a full handshake should occur. + serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) } + testResumeState("ResumeWithExpiredTicket", false) + if bytes.Equal(ticket, getTicket()) { + t.Fatal("expired first ticket matches the fresh one") + } + + serverConfig.Time = func() time.Time { return time.Now() } // reset the time back + key1 := randomKey() + serverConfig.SetSessionTicketKeys([][32]byte{key1}) + + testResumeState("InvalidSessionTicketKey", false) + testResumeState("ResumeAfterInvalidSessionTicketKey", true) + + key2 := randomKey() + serverConfig.SetSessionTicketKeys([][32]byte{key2, key1}) + ticket = getTicket() + testResumeState("KeyChange", true) + if bytes.Equal(ticket, getTicket()) { + t.Fatal("new ticket wasn't included while resuming") + } + testResumeState("KeyChangeFinish", true) + + // Age the session ticket a bit, but not yet expired. + serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) } + testResumeState("OldSessionTicket", true) + ticket = getTicket() + // Expire the session ticket, which would force a full handshake. + serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) } + testResumeState("ExpiredSessionTicket", false) + if bytes.Equal(ticket, getTicket()) { + t.Fatal("new ticket wasn't provided after old ticket expired") + } + + // Age the session ticket a bit at a time, but don't expire it. + d := 0 * time.Hour + for i := 0; i < 13; i++ { + d += 12 * time.Hour + serverConfig.Time = func() time.Time { return time.Now().Add(d) } + testResumeState("OldSessionTicket", true) + } + // Expire it (now a little more than 7 days) and make sure a full + // handshake occurs for TLS 1.2. Resumption should still occur for + // TLS 1.3 since the client should be using a fresh ticket sent over + // by the server. + d += 12 * time.Hour + serverConfig.Time = func() time.Time { return time.Now().Add(d) } + if version == VersionTLS13 { + testResumeState("ExpiredSessionTicket", true) + } else { + testResumeState("ExpiredSessionTicket", false) + } + if bytes.Equal(ticket, getTicket()) { + t.Fatal("new ticket wasn't provided after old ticket expired") + } + + // Reset serverConfig to ensure that calling SetSessionTicketKeys + // before the serverConfig is used works. + serverConfig = &Config{ + MaxVersion: version, + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Certificates: testConfig.Certificates, + } + serverConfig.SetSessionTicketKeys([][32]byte{key2}) + + testResumeState("FreshConfig", true) + + // In TLS 1.3, cross-cipher suite resumption is allowed as long as the KDF + // hash matches. Also, Config.CipherSuites does not apply to TLS 1.3. + if version != VersionTLS13 { + clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} + testResumeState("DifferentCipherSuite", false) + testResumeState("DifferentCipherSuiteRecovers", true) + } + + deleteTicket() + testResumeState("WithoutSessionTicket", false) + + // Session resumption should work when using client certificates + deleteTicket() + serverConfig.ClientCAs = rootCAs + serverConfig.ClientAuth = RequireAndVerifyClientCert + clientConfig.Certificates = serverConfig.Certificates + testResumeState("InitialHandshake", false) + testResumeState("WithClientCertificates", true) + serverConfig.ClientAuth = NoClientCert + + // Tickets should be removed from the session cache on TLS handshake + // failure, and the client should recover from a corrupted PSK + testResumeState("FetchTicketToCorrupt", false) + corruptTicket() + _, _, err = testHandshake(t, clientConfig, serverConfig) + if err == nil { + t.Fatalf("handshake did not fail with a corrupted client secret") + } + testResumeState("AfterHandshakeFailure", false) + + clientConfig.ClientSessionCache = nil + testResumeState("WithoutSessionCache", false) +} + +func TestLRUClientSessionCache(t *testing.T) { + // Initialize cache of capacity 4. + cache := NewLRUClientSessionCache(4) + cs := make([]ClientSessionState, 6) + keys := []string{"0", "1", "2", "3", "4", "5", "6"} + + // Add 4 entries to the cache and look them up. + for i := 0; i < 4; i++ { + cache.Put(keys[i], &cs[i]) + } + for i := 0; i < 4; i++ { + if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { + t.Fatalf("session cache failed lookup for added key: %s", keys[i]) + } + } + + // Add 2 more entries to the cache. First 2 should be evicted. + for i := 4; i < 6; i++ { + cache.Put(keys[i], &cs[i]) + } + for i := 0; i < 2; i++ { + if s, ok := cache.Get(keys[i]); ok || s != nil { + t.Fatalf("session cache should have evicted key: %s", keys[i]) + } + } + + // Touch entry 2. LRU should evict 3 next. + cache.Get(keys[2]) + cache.Put(keys[0], &cs[0]) + if s, ok := cache.Get(keys[3]); ok || s != nil { + t.Fatalf("session cache should have evicted key 3") + } + + // Update entry 0 in place. + cache.Put(keys[0], &cs[3]) + if s, ok := cache.Get(keys[0]); !ok || s != &cs[3] { + t.Fatalf("session cache failed update for key 0") + } + + // Calling Put with a nil entry deletes the key. + cache.Put(keys[0], nil) + if _, ok := cache.Get(keys[0]); ok { + t.Fatalf("session cache failed to delete key 0") + } + + // Delete entry 2. LRU should keep 4 and 5 + cache.Put(keys[2], nil) + if _, ok := cache.Get(keys[2]); ok { + t.Fatalf("session cache failed to delete key 4") + } + for i := 4; i < 6; i++ { + if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { + t.Fatalf("session cache should not have deleted key: %s", keys[i]) + } + } +} + +func TestKeyLogTLS12(t *testing.T) { + var serverBuf, clientBuf bytes.Buffer + + clientConfig := testConfig.Clone() + clientConfig.KeyLogWriter = &clientBuf + clientConfig.MaxVersion = VersionTLS12 + + serverConfig := testConfig.Clone() + serverConfig.KeyLogWriter = &serverBuf + serverConfig.MaxVersion = VersionTLS12 + + c, s := localPipe(t) + done := make(chan bool) + + go func() { + defer close(done) + + if err := Server(s, serverConfig).Handshake(); err != nil { + t.Errorf("server: %s", err) + return + } + s.Close() + }() + + if err := Client(c, clientConfig).Handshake(); err != nil { + t.Fatalf("client: %s", err) + } + + c.Close() + <-done + + checkKeylogLine := func(side, loggedLine string) { + if len(loggedLine) == 0 { + t.Fatalf("%s: no keylog line was produced", side) + } + const expectedLen = 13 /* "CLIENT_RANDOM" */ + + 1 /* space */ + + 32*2 /* hex client nonce */ + + 1 /* space */ + + 48*2 /* hex master secret */ + + 1 /* new line */ + if len(loggedLine) != expectedLen { + t.Fatalf("%s: keylog line has incorrect length (want %d, got %d): %q", side, expectedLen, len(loggedLine), loggedLine) + } + if !strings.HasPrefix(loggedLine, "CLIENT_RANDOM "+strings.Repeat("0", 64)+" ") { + t.Fatalf("%s: keylog line has incorrect structure or nonce: %q", side, loggedLine) + } + } + + checkKeylogLine("client", clientBuf.String()) + checkKeylogLine("server", serverBuf.String()) +} + +func TestKeyLogTLS13(t *testing.T) { + var serverBuf, clientBuf bytes.Buffer + + clientConfig := testConfig.Clone() + clientConfig.KeyLogWriter = &clientBuf + + serverConfig := testConfig.Clone() + serverConfig.KeyLogWriter = &serverBuf + + c, s := localPipe(t) + done := make(chan bool) + + go func() { + defer close(done) + + if err := Server(s, serverConfig).Handshake(); err != nil { + t.Errorf("server: %s", err) + return + } + s.Close() + }() + + if err := Client(c, clientConfig).Handshake(); err != nil { + t.Fatalf("client: %s", err) + } + + c.Close() + <-done + + checkKeylogLines := func(side, loggedLines string) { + loggedLines = strings.TrimSpace(loggedLines) + lines := strings.Split(loggedLines, "\n") + if len(lines) != 4 { + t.Errorf("Expected the %s to log 4 lines, got %d", side, len(lines)) + } + } + + checkKeylogLines("client", clientBuf.String()) + checkKeylogLines("server", serverBuf.String()) +} + +func TestHandshakeClientALPNMatch(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto2", "proto1"} + + test := &clientTest{ + name: "ALPN", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + args: []string{"-alpn", "proto1,proto2"}, + config: config, + validate: func(state ConnectionState) error { + // The server's preferences should override the client. + if state.NegotiatedProtocol != "proto1" { + return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) + } + return nil + }, + } + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) +} + +// sctsBase64 contains data from `openssl s_client -serverinfo 18 -connect ritter.vg:443` +const sctsBase64 = "ABIBaQFnAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFHl5nuFgAABAMARjBEAiAcS4JdlW5nW9sElUv2zvQyPoZ6ejKrGGB03gjaBZFMLwIgc1Qbbn+hsH0RvObzhS+XZhr3iuQQJY8S9G85D9KeGPAAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUeX4bVwAAAEAwBHMEUCIDIhFDgG2HIuADBkGuLobU5a4dlCHoJLliWJ1SYT05z6AiEAjxIoZFFPRNWMGGIjskOTMwXzQ1Wh2e7NxXE1kd1J0QsAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAUhcZIqHAAAEAwBHMEUCICmJ1rBT09LpkbzxtUC+Hi7nXLR0J+2PmwLp+sJMuqK+AiEAr0NkUnEVKVhAkccIFpYDqHOlZaBsuEhWWrYpg2RtKp0=" + +func TestHandshakClientSCTs(t *testing.T) { + config := testConfig.Clone() + + scts, err := base64.StdEncoding.DecodeString(sctsBase64) + if err != nil { + t.Fatal(err) + } + + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -serverinfo flag. + test := &clientTest{ + name: "SCT", + config: config, + extensions: [][]byte{scts}, + validate: func(state ConnectionState) error { + expectedSCTs := [][]byte{ + scts[8:125], + scts[127:245], + scts[247:], + } + if n := len(state.SignedCertificateTimestamps); n != len(expectedSCTs) { + return fmt.Errorf("Got %d scts, wanted %d", n, len(expectedSCTs)) + } + for i, expected := range expectedSCTs { + if sct := state.SignedCertificateTimestamps[i]; !bytes.Equal(sct, expected) { + return fmt.Errorf("SCT #%d contained %x, expected %x", i, sct, expected) + } + } + return nil + }, + } + runClientTestTLS12(t, test) + + // TLS 1.3 moved SCTs to the Certificate extensions and -serverinfo only + // supports ServerHello extensions. +} + +func TestRenegotiationRejected(t *testing.T) { + config := testConfig.Clone() + test := &clientTest{ + name: "RenegotiationRejected", + args: []string{"-state"}, + config: config, + numRenegotiations: 1, + renegotiationExpectedToFail: 1, + checkRenegotiationError: func(renegotiationNum int, err error) error { + if err == nil { + return errors.New("expected error from renegotiation but got nil") + } + if !strings.Contains(err.Error(), "no renegotiation") { + return fmt.Errorf("expected renegotiation to be rejected but got %q", err) + } + return nil + }, + } + runClientTestTLS12(t, test) +} + +func TestRenegotiateOnce(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateOnceAsClient + + test := &clientTest{ + name: "RenegotiateOnce", + args: []string{"-state"}, + config: config, + numRenegotiations: 1, + } + + runClientTestTLS12(t, test) +} + +func TestRenegotiateTwice(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateFreelyAsClient + + test := &clientTest{ + name: "RenegotiateTwice", + args: []string{"-state"}, + config: config, + numRenegotiations: 2, + } + + runClientTestTLS12(t, test) +} + +func TestRenegotiateTwiceRejected(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateOnceAsClient + + test := &clientTest{ + name: "RenegotiateTwiceRejected", + args: []string{"-state"}, + config: config, + numRenegotiations: 2, + renegotiationExpectedToFail: 2, + checkRenegotiationError: func(renegotiationNum int, err error) error { + if renegotiationNum == 1 { + return err + } + + if err == nil { + return errors.New("expected error from renegotiation but got nil") + } + if !strings.Contains(err.Error(), "no renegotiation") { + return fmt.Errorf("expected renegotiation to be rejected but got %q", err) + } + return nil + }, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientExportKeyingMaterial(t *testing.T) { + test := &clientTest{ + name: "ExportKeyingMaterial", + config: testConfig.Clone(), + validate: func(state ConnectionState) error { + if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil { + return fmt.Errorf("ExportKeyingMaterial failed: %v", err) + } else if len(km) != 42 { + return fmt.Errorf("Got %d bytes from ExportKeyingMaterial, wanted %d", len(km), 42) + } + return nil + }, + } + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) +} + +var hostnameInSNITests = []struct { + in, out string +}{ + // Opaque string + {"", ""}, + {"localhost", "localhost"}, + {"foo, bar, baz and qux", "foo, bar, baz and qux"}, + + // DNS hostname + {"golang.org", "golang.org"}, + {"golang.org.", "golang.org"}, + + // Literal IPv4 address + {"1.2.3.4", ""}, + + // Literal IPv6 address + {"::1", ""}, + {"::1%lo0", ""}, // with zone identifier + {"[::1]", ""}, // as per RFC 5952 we allow the [] style as IPv6 literal + {"[::1%lo0]", ""}, +} + +func TestHostnameInSNI(t *testing.T) { + for _, tt := range hostnameInSNITests { + c, s := localPipe(t) + + go func(host string) { + Client(c, &Config{ServerName: host, InsecureSkipVerify: true}).Handshake() + }(tt.in) + + var header [5]byte + if _, err := io.ReadFull(s, header[:]); err != nil { + t.Fatal(err) + } + recordLen := int(header[3])<<8 | int(header[4]) + + record := make([]byte, recordLen) + if _, err := io.ReadFull(s, record[:]); err != nil { + t.Fatal(err) + } + + c.Close() + s.Close() + + var m clientHelloMsg + if !m.unmarshal(record) { + t.Errorf("unmarshaling ClientHello for %q failed", tt.in) + continue + } + if tt.in != tt.out && m.serverName == tt.in { + t.Errorf("prohibited %q found in ClientHello: %x", tt.in, record) + } + if m.serverName != tt.out { + t.Errorf("expected %q not found in ClientHello: %x", tt.out, record) + } + } +} + +func TestServerSelectingUnconfiguredCipherSuite(t *testing.T) { + // This checks that the server can't select a cipher suite that the + // client didn't offer. See #13174. + + c, s := localPipe(t) + errChan := make(chan error, 1) + + go func() { + client := Client(c, &Config{ + ServerName: "foo", + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + }) + errChan <- client.Handshake() + }() + + var header [5]byte + if _, err := io.ReadFull(s, header[:]); err != nil { + t.Fatal(err) + } + recordLen := int(header[3])<<8 | int(header[4]) + + record := make([]byte, recordLen) + if _, err := io.ReadFull(s, record); err != nil { + t.Fatal(err) + } + + // Create a ServerHello that selects a different cipher suite than the + // sole one that the client offered. + serverHello := &serverHelloMsg{ + vers: VersionTLS12, + random: make([]byte, 32), + cipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384, + } + serverHelloBytes := serverHello.marshal() + + s.Write([]byte{ + byte(recordTypeHandshake), + byte(VersionTLS12 >> 8), + byte(VersionTLS12 & 0xff), + byte(len(serverHelloBytes) >> 8), + byte(len(serverHelloBytes)), + }) + s.Write(serverHelloBytes) + s.Close() + + if err := <-errChan; !strings.Contains(err.Error(), "unconfigured cipher") { + t.Fatalf("Expected error about unconfigured cipher suite but got %q", err) + } +} + +func TestVerifyConnection(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testVerifyConnection(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testVerifyConnection(t, VersionTLS13) }) +} + +func testVerifyConnection(t *testing.T, version uint16) { + checkFields := func(c ConnectionState, called *int, errorType string) error { + if c.Version != version { + return fmt.Errorf("%s: got Version %v, want %v", errorType, c.Version, version) + } + if c.HandshakeComplete { + return fmt.Errorf("%s: got HandshakeComplete, want false", errorType) + } + if c.ServerName != "example.golang" { + return fmt.Errorf("%s: got ServerName %s, want %s", errorType, c.ServerName, "example.golang") + } + if c.NegotiatedProtocol != "protocol1" { + return fmt.Errorf("%s: got NegotiatedProtocol %s, want %s", errorType, c.NegotiatedProtocol, "protocol1") + } + if c.CipherSuite == 0 { + return fmt.Errorf("%s: got CipherSuite 0, want non-zero", errorType) + } + wantDidResume := false + if *called == 2 { // if this is the second time, then it should be a resumption + wantDidResume = true + } + if c.DidResume != wantDidResume { + return fmt.Errorf("%s: got DidResume %t, want %t", errorType, c.DidResume, wantDidResume) + } + return nil + } + + tests := []struct { + name string + configureServer func(*Config, *int) + configureClient func(*Config, *int) + }{ + { + name: "RequireAndVerifyClientCert", + configureServer: func(config *Config, called *int) { + config.ClientAuth = RequireAndVerifyClientCert + config.VerifyConnection = func(c ConnectionState) error { + *called++ + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("server: got len(PeerCertificates) = %d, wanted 1", l) + } + if len(c.VerifiedChains) == 0 { + return fmt.Errorf("server: got len(VerifiedChains) = 0, wanted non-zero") + } + return checkFields(c, called, "server") + } + }, + configureClient: func(config *Config, called *int) { + config.VerifyConnection = func(c ConnectionState) error { + *called++ + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("client: got len(PeerCertificates) = %d, wanted 1", l) + } + if len(c.VerifiedChains) == 0 { + return fmt.Errorf("client: got len(VerifiedChains) = 0, wanted non-zero") + } + if c.DidResume { + return nil + // The SCTs and OCSP Responce are dropped on resumption. + // See http://golang.org/issue/39075. + } + if len(c.OCSPResponse) == 0 { + return fmt.Errorf("client: got len(OCSPResponse) = 0, wanted non-zero") + } + if len(c.SignedCertificateTimestamps) == 0 { + return fmt.Errorf("client: got len(SignedCertificateTimestamps) = 0, wanted non-zero") + } + return checkFields(c, called, "client") + } + }, + }, + { + name: "InsecureSkipVerify", + configureServer: func(config *Config, called *int) { + config.ClientAuth = RequireAnyClientCert + config.InsecureSkipVerify = true + config.VerifyConnection = func(c ConnectionState) error { + *called++ + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("server: got len(PeerCertificates) = %d, wanted 1", l) + } + if c.VerifiedChains != nil { + return fmt.Errorf("server: got Verified Chains %v, want nil", c.VerifiedChains) + } + return checkFields(c, called, "server") + } + }, + configureClient: func(config *Config, called *int) { + config.InsecureSkipVerify = true + config.VerifyConnection = func(c ConnectionState) error { + *called++ + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("client: got len(PeerCertificates) = %d, wanted 1", l) + } + if c.VerifiedChains != nil { + return fmt.Errorf("server: got Verified Chains %v, want nil", c.VerifiedChains) + } + if c.DidResume { + return nil + // The SCTs and OCSP Responce are dropped on resumption. + // See http://golang.org/issue/39075. + } + if len(c.OCSPResponse) == 0 { + return fmt.Errorf("client: got len(OCSPResponse) = 0, wanted non-zero") + } + if len(c.SignedCertificateTimestamps) == 0 { + return fmt.Errorf("client: got len(SignedCertificateTimestamps) = 0, wanted non-zero") + } + return checkFields(c, called, "client") + } + }, + }, + { + name: "NoClientCert", + configureServer: func(config *Config, called *int) { + config.ClientAuth = NoClientCert + config.VerifyConnection = func(c ConnectionState) error { + *called++ + return checkFields(c, called, "server") + } + }, + configureClient: func(config *Config, called *int) { + config.VerifyConnection = func(c ConnectionState) error { + *called++ + return checkFields(c, called, "client") + } + }, + }, + { + name: "RequestClientCert", + configureServer: func(config *Config, called *int) { + config.ClientAuth = RequestClientCert + config.VerifyConnection = func(c ConnectionState) error { + *called++ + return checkFields(c, called, "server") + } + }, + configureClient: func(config *Config, called *int) { + config.Certificates = nil // clear the client cert + config.VerifyConnection = func(c ConnectionState) error { + *called++ + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("client: got len(PeerCertificates) = %d, wanted 1", l) + } + if len(c.VerifiedChains) == 0 { + return fmt.Errorf("client: got len(VerifiedChains) = 0, wanted non-zero") + } + if c.DidResume { + return nil + // The SCTs and OCSP Responce are dropped on resumption. + // See http://golang.org/issue/39075. + } + if len(c.OCSPResponse) == 0 { + return fmt.Errorf("client: got len(OCSPResponse) = 0, wanted non-zero") + } + if len(c.SignedCertificateTimestamps) == 0 { + return fmt.Errorf("client: got len(SignedCertificateTimestamps) = 0, wanted non-zero") + } + return checkFields(c, called, "client") + } + }, + }, + } + for _, test := range tests { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + var serverCalled, clientCalled int + + serverConfig := &Config{ + MaxVersion: version, + Certificates: []Certificate{testConfig.Certificates[0]}, + ClientCAs: rootCAs, + NextProtos: []string{"protocol1"}, + } + serverConfig.Certificates[0].SignedCertificateTimestamps = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} + serverConfig.Certificates[0].OCSPStaple = []byte("dummy ocsp") + test.configureServer(serverConfig, &serverCalled) + + clientConfig := &Config{ + MaxVersion: version, + ClientSessionCache: NewLRUClientSessionCache(32), + RootCAs: rootCAs, + ServerName: "example.golang", + Certificates: []Certificate{testConfig.Certificates[0]}, + NextProtos: []string{"protocol1"}, + } + test.configureClient(clientConfig, &clientCalled) + + testHandshakeState := func(name string, didResume bool) { + _, hs, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("%s: handshake failed: %s", name, err) + } + if hs.DidResume != didResume { + t.Errorf("%s: resumed: %v, expected: %v", name, hs.DidResume, didResume) + } + wantCalled := 1 + if didResume { + wantCalled = 2 // resumption would mean this is the second time it was called in this test + } + if clientCalled != wantCalled { + t.Errorf("%s: expected client VerifyConnection called %d times, did %d times", name, wantCalled, clientCalled) + } + if serverCalled != wantCalled { + t.Errorf("%s: expected server VerifyConnection called %d times, did %d times", name, wantCalled, serverCalled) + } + } + testHandshakeState(fmt.Sprintf("%s-FullHandshake", test.name), false) + testHandshakeState(fmt.Sprintf("%s-Resumption", test.name), true) + } +} + +func TestVerifyPeerCertificate(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS13) }) +} + +func testVerifyPeerCertificate(t *testing.T, version uint16) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + now := func() time.Time { return time.Unix(1476984729, 0) } + + sentinelErr := errors.New("TestVerifyPeerCertificate") + + verifyPeerCertificateCallback := func(called *bool, rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + if l := len(rawCerts); l != 1 { + return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) + } + if len(validatedChains) == 0 { + return errors.New("got len(validatedChains) = 0, wanted non-zero") + } + *called = true + return nil + } + verifyConnectionCallback := func(called *bool, isClient bool, c ConnectionState) error { + if l := len(c.PeerCertificates); l != 1 { + return fmt.Errorf("got len(PeerCertificates) = %d, wanted 1", l) + } + if len(c.VerifiedChains) == 0 { + return fmt.Errorf("got len(VerifiedChains) = 0, wanted non-zero") + } + if isClient && len(c.OCSPResponse) == 0 { + return fmt.Errorf("got len(OCSPResponse) = 0, wanted non-zero") + } + *called = true + return nil + } + + tests := []struct { + configureServer func(*Config, *bool) + configureClient func(*Config, *bool) + validate func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) + }{ + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return verifyPeerCertificateCallback(called, rawCerts, validatedChains) + } + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return verifyPeerCertificateCallback(called, rawCerts, validatedChains) + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != nil { + t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) + } + if serverErr != nil { + t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + if !serverCalled { + t.Errorf("test[%d]: server did not call callback", testNo) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return sentinelErr + } + }, + configureClient: func(config *Config, called *bool) { + config.VerifyPeerCertificate = nil + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if serverErr != sentinelErr { + t.Errorf("#%d: got server error %v, wanted sentinelErr", testNo, serverErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + }, + configureClient: func(config *Config, called *bool) { + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return sentinelErr + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != sentinelErr { + t.Errorf("#%d: got client error %v, wanted sentinelErr", testNo, clientErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = true + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + if l := len(rawCerts); l != 1 { + return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) + } + // With InsecureSkipVerify set, this + // callback should still be called but + // validatedChains must be empty. + if l := len(validatedChains); l != 0 { + return fmt.Errorf("got len(validatedChains) = %d, wanted zero", l) + } + *called = true + return nil + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != nil { + t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) + } + if serverErr != nil { + t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = func(c ConnectionState) error { + return verifyConnectionCallback(called, false, c) + } + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = func(c ConnectionState) error { + return verifyConnectionCallback(called, true, c) + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != nil { + t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) + } + if serverErr != nil { + t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + if !serverCalled { + t.Errorf("test[%d]: server did not call callback", testNo) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = func(c ConnectionState) error { + return sentinelErr + } + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = nil + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if serverErr != sentinelErr { + t.Errorf("#%d: got server error %v, wanted sentinelErr", testNo, serverErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = nil + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyConnection = func(c ConnectionState) error { + return sentinelErr + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != sentinelErr { + t.Errorf("#%d: got client error %v, wanted sentinelErr", testNo, clientErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return verifyPeerCertificateCallback(called, rawCerts, validatedChains) + } + config.VerifyConnection = func(c ConnectionState) error { + return sentinelErr + } + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = nil + config.VerifyConnection = nil + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if serverErr != sentinelErr { + t.Errorf("#%d: got server error %v, wanted sentinelErr", testNo, serverErr) + } + if !serverCalled { + t.Errorf("test[%d]: server did not call callback", testNo) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = nil + config.VerifyConnection = nil + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains []x509.CertificateChain) error { + return verifyPeerCertificateCallback(called, rawCerts, validatedChains) + } + config.VerifyConnection = func(c ConnectionState) error { + return sentinelErr + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != sentinelErr { + t.Errorf("#%d: got client error %v, wanted sentinelErr", testNo, clientErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + }, + }, + } + + for i, test := range tests { + c, s := localPipe(t) + done := make(chan error) + + var clientCalled, serverCalled bool + + go func() { + config := testConfig.Clone() + config.ServerName = "example.golang" + config.ClientAuth = RequireAndVerifyClientCert + config.ClientCAs = rootCAs + config.Time = now + config.MaxVersion = version + config.Certificates = make([]Certificate, 1) + config.Certificates[0].Certificate = [][]byte{testRSACertificate} + config.Certificates[0].PrivateKey = testRSAPrivateKey + config.Certificates[0].SignedCertificateTimestamps = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} + config.Certificates[0].OCSPStaple = []byte("dummy ocsp") + test.configureServer(config, &serverCalled) + + err = Server(s, config).Handshake() + s.Close() + done <- err + }() + + config := testConfig.Clone() + config.ServerName = "example.golang" + config.RootCAs = rootCAs + config.Time = now + config.MaxVersion = version + test.configureClient(config, &clientCalled) + clientErr := Client(c, config).Handshake() + c.Close() + serverErr := <-done + + test.validate(t, i, clientCalled, serverCalled, clientErr, serverErr) + } +} + +// brokenConn wraps a net.Conn and causes all Writes after a certain number to +// fail with brokenConnErr. +type brokenConn struct { + net.Conn + + // breakAfter is the number of successful writes that will be allowed + // before all subsequent writes fail. + breakAfter int + + // numWrites is the number of writes that have been done. + numWrites int +} + +// brokenConnErr is the error that brokenConn returns once exhausted. +var brokenConnErr = errors.New("too many writes to brokenConn") + +func (b *brokenConn) Write(data []byte) (int, error) { + if b.numWrites >= b.breakAfter { + return 0, brokenConnErr + } + + b.numWrites++ + return b.Conn.Write(data) +} + +func TestFailedWrite(t *testing.T) { + // Test that a write error during the handshake is returned. + for _, breakAfter := range []int{0, 1} { + c, s := localPipe(t) + done := make(chan bool) + + go func() { + Server(s, testConfig).Handshake() + s.Close() + done <- true + }() + + brokenC := &brokenConn{Conn: c, breakAfter: breakAfter} + err := Client(brokenC, testConfig).Handshake() + if err != brokenConnErr { + t.Errorf("#%d: expected error from brokenConn but got %q", breakAfter, err) + } + brokenC.Close() + + <-done + } +} + +// writeCountingConn wraps a net.Conn and counts the number of Write calls. +type writeCountingConn struct { + net.Conn + + // numWrites is the number of writes that have been done. + numWrites int +} + +func (wcc *writeCountingConn) Write(data []byte) (int, error) { + wcc.numWrites++ + return wcc.Conn.Write(data) +} + +func TestBuffering(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testBuffering(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testBuffering(t, VersionTLS13) }) +} + +func testBuffering(t *testing.T, version uint16) { + c, s := localPipe(t) + done := make(chan bool) + + clientWCC := &writeCountingConn{Conn: c} + serverWCC := &writeCountingConn{Conn: s} + + go func() { + config := testConfig.Clone() + config.MaxVersion = version + Server(serverWCC, config).Handshake() + serverWCC.Close() + done <- true + }() + + err := Client(clientWCC, testConfig).Handshake() + if err != nil { + t.Fatal(err) + } + clientWCC.Close() + <-done + + var expectedClient, expectedServer int + if version == VersionTLS13 { + expectedClient = 2 + expectedServer = 1 + } else { + expectedClient = 2 + expectedServer = 2 + } + + if n := clientWCC.numWrites; n != expectedClient { + t.Errorf("expected client handshake to complete with %d writes, but saw %d", expectedClient, n) + } + + if n := serverWCC.numWrites; n != expectedServer { + t.Errorf("expected server handshake to complete with %d writes, but saw %d", expectedServer, n) + } +} + +func TestAlertFlushing(t *testing.T) { + c, s := localPipe(t) + done := make(chan bool) + + clientWCC := &writeCountingConn{Conn: c} + serverWCC := &writeCountingConn{Conn: s} + + serverConfig := testConfig.Clone() + + // Cause a signature-time error + brokenKey := rsa.PrivateKey{PublicKey: testRSAPrivateKey.PublicKey} + brokenKey.D = big.NewInt(42) + serverConfig.Certificates = []Certificate{{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: &brokenKey, + }} + + go func() { + Server(serverWCC, serverConfig).Handshake() + serverWCC.Close() + done <- true + }() + + err := Client(clientWCC, testConfig).Handshake() + if err == nil { + t.Fatal("client unexpectedly returned no error") + } + + const expectedError = "remote error: tls: internal error" + if e := err.Error(); !strings.Contains(e, expectedError) { + t.Fatalf("expected to find %q in error but error was %q", expectedError, e) + } + clientWCC.Close() + <-done + + if n := serverWCC.numWrites; n != 1 { + t.Errorf("expected server handshake to complete with one write, but saw %d", n) + } +} + +func TestHandshakeRace(t *testing.T) { + if testing.Short() { + t.Skip("skipping in -short mode") + } + t.Parallel() + // This test races a Read and Write to try and complete a handshake in + // order to provide some evidence that there are no races or deadlocks + // in the handshake locking. + for i := 0; i < 32; i++ { + c, s := localPipe(t) + + go func() { + server := Server(s, testConfig) + if err := server.Handshake(); err != nil { + panic(err) + } + + var request [1]byte + if n, err := server.Read(request[:]); err != nil || n != 1 { + panic(err) + } + + server.Write(request[:]) + server.Close() + }() + + startWrite := make(chan struct{}) + startRead := make(chan struct{}) + readDone := make(chan struct{}, 1) + + client := Client(c, testConfig) + go func() { + <-startWrite + var request [1]byte + client.Write(request[:]) + }() + + go func() { + <-startRead + var reply [1]byte + if _, err := io.ReadFull(client, reply[:]); err != nil { + panic(err) + } + c.Close() + readDone <- struct{}{} + }() + + if i&1 == 1 { + startWrite <- struct{}{} + startRead <- struct{}{} + } else { + startRead <- struct{}{} + startWrite <- struct{}{} + } + <-readDone + } +} + +var getClientCertificateTests = []struct { + setup func(*Config, *Config) + expectedClientError string + verify func(*testing.T, int, *ConnectionState) +}{ + { + func(clientConfig, serverConfig *Config) { + // Returning a Certificate with no certificate data + // should result in an empty message being sent to the + // server. + serverConfig.ClientCAs = nil + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + if len(cri.SignatureSchemes) == 0 { + panic("empty SignatureSchemes") + } + if len(cri.AcceptableCAs) != 0 { + panic("AcceptableCAs should have been empty") + } + return new(Certificate), nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if l := len(cs.PeerCertificates); l != 0 { + t.Errorf("#%d: expected no certificates but got %d", testNum, l) + } + }, + }, + { + func(clientConfig, serverConfig *Config) { + // With TLS 1.1, the SignatureSchemes should be + // synthesised from the supported certificate types. + clientConfig.MaxVersion = VersionTLS11 + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + if len(cri.SignatureSchemes) == 0 { + panic("empty SignatureSchemes") + } + return new(Certificate), nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if l := len(cs.PeerCertificates); l != 0 { + t.Errorf("#%d: expected no certificates but got %d", testNum, l) + } + }, + }, + { + func(clientConfig, serverConfig *Config) { + // Returning an error should abort the handshake with + // that error. + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + return nil, errors.New("GetClientCertificate") + } + }, + "GetClientCertificate", + func(t *testing.T, testNum int, cs *ConnectionState) { + }, + }, + { + func(clientConfig, serverConfig *Config) { + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + if len(cri.AcceptableCAs) == 0 { + panic("empty AcceptableCAs") + } + cert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + } + return cert, nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if len(cs.VerifiedChains) == 0 { + t.Errorf("#%d: expected some verified chains, but found none", testNum) + } + }, + }, +} + +func TestGetClientCertificate(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testGetClientCertificate(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testGetClientCertificate(t, VersionTLS13) }) +} + +func testGetClientCertificate(t *testing.T, version uint16) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + for i, test := range getClientCertificateTests { + serverConfig := testConfig.Clone() + serverConfig.ClientAuth = VerifyClientCertIfGiven + serverConfig.RootCAs = x509.NewCertPool() + serverConfig.RootCAs.AddCert(issuer) + serverConfig.ClientCAs = serverConfig.RootCAs + serverConfig.Time = func() time.Time { return time.Unix(1476984729, 0) } + serverConfig.MaxVersion = version + + clientConfig := testConfig.Clone() + clientConfig.MaxVersion = version + + test.setup(clientConfig, serverConfig) + + type serverResult struct { + cs ConnectionState + err error + } + + c, s := localPipe(t) + done := make(chan serverResult) + + go func() { + defer s.Close() + server := Server(s, serverConfig) + err := server.Handshake() + + var cs ConnectionState + if err == nil { + cs = server.ConnectionState() + } + done <- serverResult{cs, err} + }() + + clientErr := Client(c, clientConfig).Handshake() + c.Close() + + result := <-done + + if clientErr != nil { + if len(test.expectedClientError) == 0 { + t.Errorf("#%d: client error: %v", i, clientErr) + } else if got := clientErr.Error(); got != test.expectedClientError { + t.Errorf("#%d: expected client error %q, but got %q", i, test.expectedClientError, got) + } else { + test.verify(t, i, &result.cs) + } + } else if len(test.expectedClientError) > 0 { + t.Errorf("#%d: expected client error %q, but got no error", i, test.expectedClientError) + } else if err := result.err; err != nil { + t.Errorf("#%d: server error: %v", i, err) + } else { + test.verify(t, i, &result.cs) + } + } +} + +func TestRSAPSSKeyError(t *testing.T) { + // crypto/tls does not support the rsa_pss_pss_* SignatureSchemes. If support for + // public keys with OID RSASSA-PSS is added to crypto/x509, they will be misused with + // the rsa_pss_rsae_* SignatureSchemes. Assert that RSASSA-PSS certificates don't + // parse, or that they don't carry *rsa.PublicKey keys. + b, _ := pem.Decode([]byte(` +-----BEGIN CERTIFICATE----- +MIIDZTCCAhygAwIBAgIUCF2x0FyTgZG0CC9QTDjGWkB5vgEwPgYJKoZIhvcNAQEK +MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC +AgDeMBIxEDAOBgNVBAMMB1JTQS1QU1MwHhcNMTgwNjI3MjI0NDM2WhcNMTgwNzI3 +MjI0NDM2WjASMRAwDgYDVQQDDAdSU0EtUFNTMIIBIDALBgkqhkiG9w0BAQoDggEP +ADCCAQoCggEBANxDm0f76JdI06YzsjB3AmmjIYkwUEGxePlafmIASFjDZl/elD0Z +/a7xLX468b0qGxLS5al7XCcEprSdsDR6DF5L520+pCbpfLyPOjuOvGmk9KzVX4x5 +b05YXYuXdsQ0Kjxcx2i3jjCday6scIhMJVgBZxTEyMj1thPQM14SHzKCd/m6HmCL +QmswpH2yMAAcBRWzRpp/vdH5DeOJEB3aelq7094no731mrLUCHRiZ1htq8BDB3ou +czwqgwspbqZ4dnMXl2MvfySQ5wJUxQwILbiuAKO2lVVPUbFXHE9pgtznNoPvKwQT +JNcX8ee8WIZc2SEGzofjk3NpjR+2ADB2u3sCAwEAAaNTMFEwHQYDVR0OBBYEFNEz +AdyJ2f+fU+vSCS6QzohnOnprMB8GA1UdIwQYMBaAFNEzAdyJ2f+fU+vSCS6Qzohn +OnprMA8GA1UdEwEB/wQFMAMBAf8wPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQME +AgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeA4IBAQCjEdrR5aab +sZmCwrMeKidXgfkmWvfuLDE+TCbaqDZp7BMWcMQXT9O0UoUT5kqgKj2ARm2pEW0Z +H3Z1vj3bbds72qcDIJXp+l0fekyLGeCrX/CbgnMZXEP7+/+P416p34ChR1Wz4dU1 +KD3gdsUuTKKeMUog3plxlxQDhRQmiL25ygH1LmjLd6dtIt0GVRGr8lj3euVeprqZ +bZ3Uq5eLfsn8oPgfC57gpO6yiN+UURRTlK3bgYvLh4VWB3XXk9UaQZ7Mq1tpXjoD +HYFybkWzibkZp4WRo+Fa28rirH+/wHt0vfeN7UCceURZEx4JaxIIfe4ku7uDRhJi +RwBA9Xk1KBNF +-----END CERTIFICATE-----`)) + if b == nil { + t.Fatal("Failed to decode certificate") + } + cert, err := x509.ParseCertificate(b.Bytes) + if err != nil { + return + } + if _, ok := cert.PublicKey.(*rsa.PublicKey); ok { + t.Error("A RSASSA-PSS certificate was parsed like a PKCS#1 v1.5 one, and it will be mistakenly used with rsa_pss_rsae_* signature algorithms") + } +} + +func TestCloseClientConnectionOnIdleServer(t *testing.T) { + clientConn, serverConn := localPipe(t) + client := Client(clientConn, testConfig.Clone()) + go func() { + var b [1]byte + serverConn.Read(b[:]) + client.Close() + }() + client.SetWriteDeadline(time.Now().Add(time.Minute)) + err := client.Handshake() + if err != nil { + if err, ok := err.(net.Error); ok && err.Timeout() { + t.Errorf("Expected a closed network connection error but got '%s'", err.Error()) + } + } else { + t.Errorf("Error expected, but no error returned") + } +} + +func testDowngradeCanary(t *testing.T, clientVersion, serverVersion uint16) error { + defer func() { testingOnlyForceDowngradeCanary = false }() + testingOnlyForceDowngradeCanary = true + + clientConfig := testConfig.Clone() + clientConfig.MaxVersion = clientVersion + serverConfig := testConfig.Clone() + serverConfig.MaxVersion = serverVersion + _, _, err := testHandshake(t, clientConfig, serverConfig) + return err +} + +func TestDowngradeCanary(t *testing.T) { + if err := testDowngradeCanary(t, VersionTLS13, VersionTLS12); err == nil { + t.Errorf("downgrade from TLS 1.3 to TLS 1.2 was not detected") + } + if testing.Short() { + t.Skip("skipping the rest of the checks in short mode") + } + if err := testDowngradeCanary(t, VersionTLS13, VersionTLS11); err == nil { + t.Errorf("downgrade from TLS 1.3 to TLS 1.1 was not detected") + } + if err := testDowngradeCanary(t, VersionTLS13, VersionTLS10); err == nil { + t.Errorf("downgrade from TLS 1.3 to TLS 1.0 was not detected") + } + if err := testDowngradeCanary(t, VersionTLS12, VersionTLS11); err == nil { + t.Errorf("downgrade from TLS 1.2 to TLS 1.1 was not detected") + } + if err := testDowngradeCanary(t, VersionTLS12, VersionTLS10); err == nil { + t.Errorf("downgrade from TLS 1.2 to TLS 1.0 was not detected") + } + if err := testDowngradeCanary(t, VersionTLS13, VersionTLS13); err != nil { + t.Errorf("server unexpectedly sent downgrade canary for TLS 1.3") + } + if err := testDowngradeCanary(t, VersionTLS12, VersionTLS12); err != nil { + t.Errorf("client didn't ignore expected TLS 1.2 canary") + } + if err := testDowngradeCanary(t, VersionTLS11, VersionTLS11); err != nil { + t.Errorf("client unexpectedly reacted to a canary in TLS 1.1") + } + if err := testDowngradeCanary(t, VersionTLS10, VersionTLS10); err != nil { + t.Errorf("client unexpectedly reacted to a canary in TLS 1.0") + } +} + +func TestResumptionKeepsOCSPAndSCT(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS13) }) +} + +func testResumptionKeepsOCSPAndSCT(t *testing.T, ver uint16) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + t.Fatalf("failed to parse test issuer") + } + roots := x509.NewCertPool() + roots.AddCert(issuer) + clientConfig := &Config{ + MaxVersion: ver, + ClientSessionCache: NewLRUClientSessionCache(32), + ServerName: "example.golang", + RootCAs: roots, + } + serverConfig := testConfig.Clone() + serverConfig.MaxVersion = ver + serverConfig.Certificates[0].OCSPStaple = []byte{1, 2, 3} + serverConfig.Certificates[0].SignedCertificateTimestamps = [][]byte{{4, 5, 6}} + + _, ccs, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + // after a new session we expect to see OCSPResponse and + // SignedCertificateTimestamps populated as usual + if !bytes.Equal(ccs.OCSPResponse, serverConfig.Certificates[0].OCSPStaple) { + t.Errorf("client ConnectionState contained unexpected OCSPResponse: wanted %v, got %v", + serverConfig.Certificates[0].OCSPStaple, ccs.OCSPResponse) + } + if !reflect.DeepEqual(ccs.SignedCertificateTimestamps, serverConfig.Certificates[0].SignedCertificateTimestamps) { + t.Errorf("client ConnectionState contained unexpected SignedCertificateTimestamps: wanted %v, got %v", + serverConfig.Certificates[0].SignedCertificateTimestamps, ccs.SignedCertificateTimestamps) + } + + // if the server doesn't send any SCTs, repopulate the old SCTs + oldSCTs := serverConfig.Certificates[0].SignedCertificateTimestamps + serverConfig.Certificates[0].SignedCertificateTimestamps = nil + _, ccs, err = testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !ccs.DidResume { + t.Fatalf("expected session to be resumed") + } + // after a resumed session we also expect to see OCSPResponse + // and SignedCertificateTimestamps populated + if !bytes.Equal(ccs.OCSPResponse, serverConfig.Certificates[0].OCSPStaple) { + t.Errorf("client ConnectionState contained unexpected OCSPResponse after resumption: wanted %v, got %v", + serverConfig.Certificates[0].OCSPStaple, ccs.OCSPResponse) + } + if !reflect.DeepEqual(ccs.SignedCertificateTimestamps, oldSCTs) { + t.Errorf("client ConnectionState contained unexpected SignedCertificateTimestamps after resumption: wanted %v, got %v", + oldSCTs, ccs.SignedCertificateTimestamps) + } + + // Only test overriding the SCTs for TLS 1.2, since in 1.3 + // the server won't send the message containing them + if ver == VersionTLS13 { + return + } + + // if the server changes the SCTs it sends, they should override the saved SCTs + serverConfig.Certificates[0].SignedCertificateTimestamps = [][]byte{{7, 8, 9}} + _, ccs, err = testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !ccs.DidResume { + t.Fatalf("expected session to be resumed") + } + if !reflect.DeepEqual(ccs.SignedCertificateTimestamps, serverConfig.Certificates[0].SignedCertificateTimestamps) { + t.Errorf("client ConnectionState contained unexpected SignedCertificateTimestamps after resumption: wanted %v, got %v", + serverConfig.Certificates[0].SignedCertificateTimestamps, ccs.SignedCertificateTimestamps) } } diff --git a/tls/handshake_client_tls13.go b/tls/handshake_client_tls13.go new file mode 100644 index 00000000..daa5d97f --- /dev/null +++ b/tls/handshake_client_tls13.go @@ -0,0 +1,685 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto" + "crypto/hmac" + "crypto/rsa" + "errors" + "hash" + "sync/atomic" + "time" +) + +type clientHandshakeStateTLS13 struct { + c *Conn + serverHello *serverHelloMsg + hello *clientHelloMsg + ecdheParams ecdheParameters + + session *ClientSessionState + earlySecret []byte + binderKey []byte + + certReq *certificateRequestMsgTLS13 + usingPSK bool + sentDummyCCS bool + suite *cipherSuiteTLS13 + transcript hash.Hash + masterSecret []byte + trafficSecret []byte // client_application_traffic_secret_0 +} + +// handshake requires hs.c, hs.hello, hs.serverHello, hs.ecdheParams, and, +// optionally, hs.session, hs.earlySecret and hs.binderKey to be set. +func (hs *clientHandshakeStateTLS13) handshake() error { + c := hs.c + + // The server must not select TLS 1.3 in a renegotiation. See RFC 8446, + // sections 4.1.2 and 4.1.3. + if c.handshakes > 0 { + c.sendAlert(alertProtocolVersion) + return errors.New("tls: server selected TLS 1.3 in a renegotiation") + } + + // Consistency check on the presence of a keyShare and its parameters. + if hs.ecdheParams == nil || len(hs.hello.keyShares) != 1 { + return c.sendAlert(alertInternalError) + } + + if err := hs.checkServerHelloOrHRR(); err != nil { + return err + } + + hs.transcript = hs.suite.hash.New() + hs.transcript.Write(hs.hello.marshal()) + + if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) { + if err := hs.sendDummyChangeCipherSpec(); err != nil { + return err + } + if err := hs.processHelloRetryRequest(); err != nil { + return err + } + } + + hs.transcript.Write(hs.serverHello.marshal()) + + c.buffering = true + if err := hs.processServerHello(); err != nil { + return err + } + if err := hs.sendDummyChangeCipherSpec(); err != nil { + return err + } + if err := hs.establishHandshakeKeys(); err != nil { + return err + } + if err := hs.readServerParameters(); err != nil { + return err + } + if err := hs.readServerCertificate(); err != nil { + return err + } + if err := hs.readServerFinished(); err != nil { + return err + } + if err := hs.sendClientCertificate(); err != nil { + return err + } + if err := hs.sendClientFinished(); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + + atomic.StoreUint32(&c.handshakeStatus, 1) + + return nil +} + +// checkServerHelloOrHRR does validity checks that apply to both ServerHello and +// HelloRetryRequest messages. It sets hs.suite. +func (hs *clientHandshakeStateTLS13) checkServerHelloOrHRR() error { + c := hs.c + + if hs.serverHello.supportedVersion == 0 { + c.sendAlert(alertMissingExtension) + return errors.New("tls: server selected TLS 1.3 using the legacy version field") + } + + if hs.serverHello.supportedVersion != VersionTLS13 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected an invalid version after a HelloRetryRequest") + } + + if hs.serverHello.vers != VersionTLS12 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server sent an incorrect legacy version") + } + + if hs.serverHello.ocspStapling || + hs.serverHello.ticketSupported || + hs.serverHello.secureRenegotiationSupported || + len(hs.serverHello.secureRenegotiation) != 0 || + len(hs.serverHello.alpnProtocol) != 0 || + len(hs.serverHello.scts) != 0 { + c.sendAlert(alertUnsupportedExtension) + return errors.New("tls: server sent a ServerHello extension forbidden in TLS 1.3") + } + + if !bytes.Equal(hs.hello.sessionId, hs.serverHello.sessionId) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server did not echo the legacy session ID") + } + + if hs.serverHello.compressionMethod != compressionNone { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected unsupported compression format") + } + + selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite) + if hs.suite != nil && selectedSuite != hs.suite { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server changed cipher suite after a HelloRetryRequest") + } + if selectedSuite == nil { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server chose an unconfigured cipher suite") + } + hs.suite = selectedSuite + c.cipherSuite = hs.suite.id + + return nil +} + +// sendDummyChangeCipherSpec sends a ChangeCipherSpec record for compatibility +// with middleboxes that didn't implement TLS correctly. See RFC 8446, Appendix D.4. +func (hs *clientHandshakeStateTLS13) sendDummyChangeCipherSpec() error { + if hs.sentDummyCCS { + return nil + } + hs.sentDummyCCS = true + + _, err := hs.c.writeRecord(recordTypeChangeCipherSpec, []byte{1}) + return err +} + +// processHelloRetryRequest handles the HRR in hs.serverHello, modifies and +// resends hs.hello, and reads the new ServerHello into hs.serverHello. +func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { + c := hs.c + + // The first ClientHello gets double-hashed into the transcript upon a + // HelloRetryRequest. (The idea is that the server might offload transcript + // storage to the client in the cookie.) See RFC 8446, Section 4.4.1. + chHash := hs.transcript.Sum(nil) + hs.transcript.Reset() + hs.transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))}) + hs.transcript.Write(chHash) + hs.transcript.Write(hs.serverHello.marshal()) + + // The only HelloRetryRequest extensions we support are key_share and + // cookie, and clients must abort the handshake if the HRR would not result + // in any change in the ClientHello. + if hs.serverHello.selectedGroup == 0 && hs.serverHello.cookie == nil { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server sent an unnecessary HelloRetryRequest message") + } + + if hs.serverHello.cookie != nil { + hs.hello.cookie = hs.serverHello.cookie + } + + if hs.serverHello.serverShare.group != 0 { + c.sendAlert(alertDecodeError) + return errors.New("tls: received malformed key_share extension") + } + + // If the server sent a key_share extension selecting a group, ensure it's + // a group we advertised but did not send a key share for, and send a key + // share for it this time. + if curveID := hs.serverHello.selectedGroup; curveID != 0 { + curveOK := false + for _, id := range hs.hello.supportedCurves { + if id == curveID { + curveOK = true + break + } + } + if !curveOK { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected unsupported group") + } + if hs.ecdheParams.CurveID() == curveID { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server sent an unnecessary HelloRetryRequest key_share") + } + if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { + c.sendAlert(alertInternalError) + return errors.New("tls: CurvePreferences includes unsupported curve") + } + params, err := generateECDHEParameters(c.config.rand(), curveID) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + hs.ecdheParams = params + hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}} + } + + hs.hello.raw = nil + if len(hs.hello.pskIdentities) > 0 { + pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite) + if pskSuite == nil { + return c.sendAlert(alertInternalError) + } + if pskSuite.hash == hs.suite.hash { + // Update binders and obfuscated_ticket_age. + ticketAge := uint32(c.config.time().Sub(hs.session.receivedAt) / time.Millisecond) + hs.hello.pskIdentities[0].obfuscatedTicketAge = ticketAge + hs.session.ageAdd + + transcript := hs.suite.hash.New() + transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))}) + transcript.Write(chHash) + transcript.Write(hs.serverHello.marshal()) + transcript.Write(hs.hello.marshalWithoutBinders()) + pskBinders := [][]byte{hs.suite.finishedHash(hs.binderKey, transcript)} + hs.hello.updateBinders(pskBinders) + } else { + // Server selected a cipher suite incompatible with the PSK. + hs.hello.pskIdentities = nil + hs.hello.pskBinders = nil + } + } + + hs.transcript.Write(hs.hello.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + serverHello, ok := msg.(*serverHelloMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(serverHello, msg) + } + hs.serverHello = serverHello + + if err := hs.checkServerHelloOrHRR(); err != nil { + return err + } + + return nil +} + +func (hs *clientHandshakeStateTLS13) processServerHello() error { + c := hs.c + + if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) { + c.sendAlert(alertUnexpectedMessage) + return errors.New("tls: server sent two HelloRetryRequest messages") + } + + if len(hs.serverHello.cookie) != 0 { + c.sendAlert(alertUnsupportedExtension) + return errors.New("tls: server sent a cookie in a normal ServerHello") + } + + if hs.serverHello.selectedGroup != 0 { + c.sendAlert(alertDecodeError) + return errors.New("tls: malformed key_share extension") + } + + if hs.serverHello.serverShare.group == 0 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server did not send a key share") + } + if hs.serverHello.serverShare.group != hs.ecdheParams.CurveID() { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected unsupported group") + } + + if !hs.serverHello.selectedIdentityPresent { + return nil + } + + if int(hs.serverHello.selectedIdentity) >= len(hs.hello.pskIdentities) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected an invalid PSK") + } + + if len(hs.hello.pskIdentities) != 1 || hs.session == nil { + return c.sendAlert(alertInternalError) + } + pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite) + if pskSuite == nil { + return c.sendAlert(alertInternalError) + } + if pskSuite.hash != hs.suite.hash { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server selected an invalid PSK and cipher suite pair") + } + + hs.usingPSK = true + c.didResume = true + c.peerCertificates = hs.session.serverCertificates + c.verifiedChains = hs.session.verifiedChains + c.ocspResponse = hs.session.ocspResponse + c.scts = hs.session.scts + return nil +} + +func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error { + c := hs.c + + sharedKey := hs.ecdheParams.SharedKey(hs.serverHello.serverShare.data) + if sharedKey == nil { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: invalid server key share") + } + + earlySecret := hs.earlySecret + if !hs.usingPSK { + earlySecret = hs.suite.extract(nil, nil) + } + handshakeSecret := hs.suite.extract(sharedKey, + hs.suite.deriveSecret(earlySecret, "derived", nil)) + + clientSecret := hs.suite.deriveSecret(handshakeSecret, + clientHandshakeTrafficLabel, hs.transcript) + c.out.setTrafficSecret(hs.suite, clientSecret) + serverSecret := hs.suite.deriveSecret(handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) + c.in.setTrafficSecret(hs.suite, serverSecret) + + err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.hello.random, clientSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.hello.random, serverSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + + hs.masterSecret = hs.suite.extract(nil, + hs.suite.deriveSecret(handshakeSecret, "derived", nil)) + + return nil +} + +func (hs *clientHandshakeStateTLS13) readServerParameters() error { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return err + } + + encryptedExtensions, ok := msg.(*encryptedExtensionsMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(encryptedExtensions, msg) + } + hs.transcript.Write(encryptedExtensions.marshal()) + + if encryptedExtensions.alpnProtocol != "" { + if len(hs.hello.alpnProtocols) == 0 { + c.sendAlert(alertUnsupportedExtension) + return errors.New("tls: server advertised unrequested ALPN extension") + } + if mutualProtocol([]string{encryptedExtensions.alpnProtocol}, hs.hello.alpnProtocols) == "" { + c.sendAlert(alertUnsupportedExtension) + return errors.New("tls: server selected unadvertised ALPN protocol") + } + c.clientProtocol = encryptedExtensions.alpnProtocol + } + + return nil +} + +func (hs *clientHandshakeStateTLS13) readServerCertificate() error { + c := hs.c + + // Either a PSK or a certificate is always used, but not both. + // See RFC 8446, Section 4.1.1. + if hs.usingPSK { + // Make sure the connection is still being verified whether or not this + // is a resumption. Resumptions currently don't reverify certificates so + // they don't call verifyServerCertificate. See Issue 31641. + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + return nil + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + certReq, ok := msg.(*certificateRequestMsgTLS13) + if ok { + hs.transcript.Write(certReq.marshal()) + + hs.certReq = certReq + + msg, err = c.readHandshake() + if err != nil { + return err + } + } + + certMsg, ok := msg.(*certificateMsgTLS13) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) + } + if len(certMsg.certificate.Certificate) == 0 { + c.sendAlert(alertDecodeError) + return errors.New("tls: received empty certificates message") + } + hs.transcript.Write(certMsg.marshal()) + + c.scts = certMsg.certificate.SignedCertificateTimestamps + c.ocspResponse = certMsg.certificate.OCSPStaple + + if err := c.verifyServerCertificate(certMsg.certificate.Certificate); err != nil { + return err + } + + msg, err = c.readHandshake() + if err != nil { + return err + } + + certVerify, ok := msg.(*certificateVerifyMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certVerify, msg) + } + + // See RFC 8446, Section 4.4.3. + if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: certificate used with invalid signature algorithm") + } + sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm) + if err != nil { + return c.sendAlert(alertInternalError) + } + if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: certificate used with invalid signature algorithm") + } + signed := signedMessage(sigHash, serverSignatureContext, hs.transcript) + if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey, + sigHash, signed, certVerify.signature); err != nil { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid signature by the server certificate: " + err.Error()) + } + + hs.transcript.Write(certVerify.marshal()) + + return nil +} + +func (hs *clientHandshakeStateTLS13) readServerFinished() error { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return err + } + + finished, ok := msg.(*finishedMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(finished, msg) + } + + expectedMAC := hs.suite.finishedHash(c.in.trafficSecret, hs.transcript) + if !hmac.Equal(expectedMAC, finished.verifyData) { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid server finished hash") + } + + hs.transcript.Write(finished.marshal()) + + // Derive secrets that take context through the server Finished. + + hs.trafficSecret = hs.suite.deriveSecret(hs.masterSecret, + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(hs.masterSecret, + serverApplicationTrafficLabel, hs.transcript) + c.in.setTrafficSecret(hs.suite, serverSecret) + + err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.hello.random, serverSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + + c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript) + + return nil +} + +func (hs *clientHandshakeStateTLS13) sendClientCertificate() error { + c := hs.c + + if hs.certReq == nil { + return nil + } + + cert, err := c.getClientCertificate(&CertificateRequestInfo{ + AcceptableCAs: hs.certReq.certificateAuthorities, + SignatureSchemes: hs.certReq.supportedSignatureAlgorithms, + Version: c.vers, + }) + if err != nil { + return err + } + + certMsg := new(certificateMsgTLS13) + + certMsg.certificate = *cert + certMsg.scts = hs.certReq.scts && len(cert.SignedCertificateTimestamps) > 0 + certMsg.ocspStapling = hs.certReq.ocspStapling && len(cert.OCSPStaple) > 0 + + hs.transcript.Write(certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } + + // If we sent an empty certificate message, skip the CertificateVerify. + if len(cert.Certificate) == 0 { + return nil + } + + certVerifyMsg := new(certificateVerifyMsg) + certVerifyMsg.hasSignatureAlgorithm = true + + certVerifyMsg.signatureAlgorithm, err = selectSignatureScheme(c.vers, cert, hs.certReq.supportedSignatureAlgorithms) + if err != nil { + // getClientCertificate returned a certificate incompatible with the + // CertificateRequestInfo supported signature algorithms. + c.sendAlert(alertHandshakeFailure) + return err + } + + sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerifyMsg.signatureAlgorithm) + if err != nil { + return c.sendAlert(alertInternalError) + } + + signed := signedMessage(sigHash, clientSignatureContext, hs.transcript) + signOpts := crypto.SignerOpts(sigHash) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash} + } + sig, err := cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts) + if err != nil { + c.sendAlert(alertInternalError) + return errors.New("tls: failed to sign handshake: " + err.Error()) + } + certVerifyMsg.signature = sig + + hs.transcript.Write(certVerifyMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certVerifyMsg.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *clientHandshakeStateTLS13) sendClientFinished() error { + c := hs.c + + finished := &finishedMsg{ + verifyData: hs.suite.finishedHash(c.out.trafficSecret, hs.transcript), + } + + hs.transcript.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + + c.out.setTrafficSecret(hs.suite, hs.trafficSecret) + + if !c.config.SessionTicketsDisabled && c.config.ClientSessionCache != nil { + c.resumptionSecret = hs.suite.deriveSecret(hs.masterSecret, + resumptionLabel, hs.transcript) + } + + return nil +} + +func (c *Conn) handleNewSessionTicket(msg *newSessionTicketMsgTLS13) error { + if !c.isClient { + c.sendAlert(alertUnexpectedMessage) + return errors.New("tls: received new session ticket from a client") + } + + if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil { + return nil + } + + // See RFC 8446, Section 4.6.1. + if msg.lifetime == 0 { + return nil + } + lifetime := time.Duration(msg.lifetime) * time.Second + if lifetime > maxSessionTicketLifetime { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: received a session ticket with invalid lifetime") + } + + cipherSuite := cipherSuiteTLS13ByID(c.cipherSuite) + if cipherSuite == nil || c.resumptionSecret == nil { + return c.sendAlert(alertInternalError) + } + + // Save the resumption_master_secret and nonce instead of deriving the PSK + // to do the least amount of work on NewSessionTicket messages before we + // know if the ticket will be used. Forward secrecy of resumed connections + // is guaranteed by the requirement for pskModeDHE. + session := &ClientSessionState{ + sessionTicket: msg.label, + vers: c.vers, + cipherSuite: c.cipherSuite, + masterSecret: c.resumptionSecret, + serverCertificates: c.peerCertificates, + verifiedChains: c.verifiedChains, + receivedAt: c.config.time(), + nonce: msg.nonce, + useBy: c.config.time().Add(lifetime), + ageAdd: msg.ageAdd, + ocspResponse: c.ocspResponse, + scts: c.scts, + } + + cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config) + c.config.ClientSessionCache.Put(cacheKey, session) + + return nil +} diff --git a/tls/handshake_extensions.go b/tls/handshake_extensions.go deleted file mode 100644 index 2fbcee15..00000000 --- a/tls/handshake_extensions.go +++ /dev/null @@ -1,393 +0,0 @@ -package tls - -import ( - "errors" - "fmt" -) - -type NullExtension struct { -} - -func (e *NullExtension) WriteToConfig(c *Config) error { - return nil -} - -func (e *NullExtension) CheckImplemented() error { - return nil -} - -func (e *NullExtension) Marshal() []byte { - return []byte{} -} - -type SNIExtension struct { - Domains []string - Autopopulate bool -} - -func (e *SNIExtension) WriteToConfig(c *Config) error { - if e.Autopopulate { - for i, ext := range c.ClientFingerprintConfiguration.Extensions { - switch ext.(type) { - case *SNIExtension: - if c.ServerName == "" { - c.ClientFingerprintConfiguration.Extensions[i] = &NullExtension{} - } else { - c.ClientFingerprintConfiguration.Extensions[i] = &SNIExtension{ - Domains: []string{c.ServerName}, - Autopopulate: true, - } - } - default: - continue - } - } - } - // If a server name is not specified in the config, but is available in the extensions - // we set it for certificate validation later on - if c.ServerName == "" && len(e.Domains) > 0 { - c.ServerName = e.Domains[0] - } - return nil -} - -func (e *SNIExtension) CheckImplemented() error { - return nil -} - -func (e *SNIExtension) Marshal() []byte { - result := []byte{} - for _, domain := range e.Domains { - current := make([]byte, 2+len(domain)) - copy(current[2:], []byte(domain)) - current[0] = uint8(len(domain) >> 8) - current[1] = uint8(len(domain)) - result = append(result, current...) - } - sniHeader := make([]byte, 3) - sniHeader[0] = uint8((len(result) + 1) >> 8) - sniHeader[1] = uint8((len(result) + 1)) - sniHeader[2] = 0 - result = append(sniHeader, result...) - - extHeader := make([]byte, 4) - extHeader[0] = 0 - extHeader[1] = 0 - extHeader[2] = uint8((len(result)) >> 8) - extHeader[3] = uint8((len(result))) - result = append(extHeader, result...) - - return result -} - -type ALPNExtension struct { - Protocols []string -} - -func (e *ALPNExtension) WriteToConfig(c *Config) error { - c.NextProtos = e.Protocols - return nil -} - -func (e *ALPNExtension) CheckImplemented() error { - return nil -} - -func (e *ALPNExtension) Marshal() []byte { - result := []byte{} - for _, protocol := range e.Protocols { - current := make([]byte, 1+len(protocol)) - copy(current[1:], []byte(protocol)) - current[0] = uint8(len(protocol)) - result = append(result, current...) - } - alpnHeader := make([]byte, 2) - alpnHeader[0] = uint8((len(result)) >> 8) - alpnHeader[1] = uint8((len(result))) - result = append(alpnHeader, result...) - - extHeader := make([]byte, 4) - extHeader[0] = byte(extensionALPN >> 8) - extHeader[1] = byte(extensionALPN & 0xff) - extHeader[2] = uint8((len(result)) >> 8) - extHeader[3] = uint8((len(result))) - result = append(extHeader, result...) - - return result -} - -type SecureRenegotiationExtension struct { -} - -func (e *SecureRenegotiationExtension) WriteToConfig(c *Config) error { - return nil -} - -func (e *SecureRenegotiationExtension) CheckImplemented() error { - return nil -} - -func (e *SecureRenegotiationExtension) Marshal() []byte { - result := make([]byte, 5) - result[0] = byte(extensionRenegotiationInfo >> 8) - result[1] = byte(extensionRenegotiationInfo & 0xff) - result[2] = 0 - result[3] = 1 - result[4] = 0 - return result -} - -type ExtendedMasterSecretExtension struct { -} - -func (e *ExtendedMasterSecretExtension) WriteToConfig(c *Config) error { - c.ExtendedMasterSecret = true - return nil -} - -func (e *ExtendedMasterSecretExtension) CheckImplemented() error { - return nil -} - -func (e *ExtendedMasterSecretExtension) Marshal() []byte { - result := make([]byte, 4) - result[0] = byte(extensionExtendedMasterSecret >> 8) - result[1] = byte(extensionExtendedMasterSecret & 0xff) - result[2] = 0 - result[3] = 0 - return result -} - -type NextProtocolNegotiationExtension struct { - Protocols []string -} - -func (e *NextProtocolNegotiationExtension) WriteToConfig(c *Config) error { - c.NextProtos = e.Protocols - return nil -} - -func (e *NextProtocolNegotiationExtension) CheckImplemented() error { - return nil -} - -func (e *NextProtocolNegotiationExtension) Marshal() []byte { - result := make([]byte, 4) - result[0] = byte(extensionNextProtoNeg >> 8) - result[1] = byte(extensionNextProtoNeg & 0xff) - result[2] = 0 - result[3] = 0 - return result -} - -type StatusRequestExtension struct { -} - -func (e *StatusRequestExtension) WriteToConfig(c *Config) error { - return nil -} - -func (e *StatusRequestExtension) CheckImplemented() error { - return nil -} - -func (e *StatusRequestExtension) Marshal() []byte { - result := make([]byte, 9) - result[0] = byte(extensionStatusRequest >> 8) - result[1] = byte(extensionStatusRequest & 0xff) - result[2] = 0 - result[3] = 5 - result[4] = 1 // OCSP type - result[5] = 0 - result[6] = 0 - result[7] = 0 - result[8] = 0 - return result -} - -type SCTExtension struct { -} - -func (e *SCTExtension) WriteToConfig(c *Config) error { - c.SignedCertificateTimestampExt = true - return nil -} - -func (e *SCTExtension) CheckImplemented() error { - return nil -} - -func (e *SCTExtension) Marshal() []byte { - result := make([]byte, 4) - result[0] = byte(extensionSCT >> 8) - result[1] = byte(extensionSCT & 0xff) - result[2] = 0 - result[3] = 0 - return result -} - -type SupportedCurvesExtension struct { - Curves []CurveID -} - -func (e *SupportedCurvesExtension) WriteToConfig(c *Config) error { - c.CurvePreferences = e.Curves - return nil -} - -func (e *SupportedCurvesExtension) CheckImplemented() error { - for _, curve := range e.Curves { - found := false - for _, supported := range defaultCurvePreferences { - if curve == supported { - found = true - } - } - if !found { - return fmt.Errorf("Unsupported CurveID %d", curve) - } - } - return nil -} - -func (e *SupportedCurvesExtension) Marshal() []byte { - result := make([]byte, 6+2*len(e.Curves)) - result[0] = byte(extensionSupportedCurves >> 8) - result[1] = byte(extensionSupportedCurves & 0xff) - result[2] = uint8((2 + 2*len(e.Curves)) >> 8) - result[3] = uint8((2 + 2*len(e.Curves))) - result[4] = uint8((2 * len(e.Curves)) >> 8) - result[5] = uint8((2 * len(e.Curves))) - for i, curve := range e.Curves { - result[6+2*i] = uint8(curve >> 8) - result[7+2*i] = uint8(curve) - } - return result -} - -type PointFormatExtension struct { - Formats []uint8 -} - -func (e *PointFormatExtension) WriteToConfig(c *Config) error { - return nil -} - -func (e *PointFormatExtension) CheckImplemented() error { - for _, format := range e.Formats { - if format != pointFormatUncompressed { - return fmt.Errorf("Unsupported EC Point Format %d", format) - } - } - return nil -} - -func (e *PointFormatExtension) Marshal() []byte { - result := make([]byte, 5+len(e.Formats)) - result[0] = byte(extensionSupportedPoints >> 8) - result[1] = byte(extensionSupportedPoints & 0xff) - result[2] = uint8((1 + len(e.Formats)) >> 8) - result[3] = uint8((1 + len(e.Formats))) - result[4] = uint8((len(e.Formats))) - for i, format := range e.Formats { - result[5+i] = format - } - return result -} - -type SessionTicketExtension struct { - Ticket []byte - Autopopulate bool -} - -func (e *SessionTicketExtension) WriteToConfig(c *Config) error { - c.ForceSessionTicketExt = true - return nil -} - -func (e *SessionTicketExtension) CheckImplemented() error { - return nil -} - -func (e *SessionTicketExtension) Marshal() []byte { - result := make([]byte, 4+len(e.Ticket)) - result[0] = byte(extensionSessionTicket >> 8) - result[1] = byte(extensionSessionTicket & 0xff) - result[2] = uint8(len(e.Ticket) >> 8) - result[3] = uint8(len(e.Ticket)) - if len(e.Ticket) > 0 { - copy(result[4:], e.Ticket) - } - return result -} - -type HeartbeatExtension struct { - Mode byte -} - -func (e *HeartbeatExtension) WriteToConfig(c *Config) error { - return nil -} - -func (e *HeartbeatExtension) CheckImplemented() error { - return nil -} - -func (e *HeartbeatExtension) Marshal() []byte { - result := make([]byte, 5) - result[0] = byte(extensionHeartbeat >> 8) - result[1] = byte(extensionHeartbeat & 0xff) - result[2] = uint8(1 >> 8) - result[3] = uint8(1) - result[4] = e.Mode - return result -} - -type SignatureAlgorithmExtension struct { - SignatureAndHashes []uint16 -} - -func (e *SignatureAlgorithmExtension) WriteToConfig(c *Config) error { - c.SignatureAndHashes = e.getStructuredAlgorithms() - return nil -} - -func (e *SignatureAlgorithmExtension) CheckImplemented() error { - for _, algs := range e.getStructuredAlgorithms() { - found := false - for _, supported := range supportedSKXSignatureAlgorithms { - if algs.Hash == supported.Hash && algs.Signature == supported.Signature { - found = true - break - } - } - if !found { - return errors.New(fmt.Sprintf("Unsupported Hash and Signature Algorithm (%d, %d)", algs.Hash, algs.Signature)) - } - } - return nil -} - -func (e *SignatureAlgorithmExtension) getStructuredAlgorithms() []SigAndHash { - result := make([]SigAndHash, len(e.SignatureAndHashes)) - for i, alg := range e.SignatureAndHashes { - result[i].Hash = uint8(alg >> 8) - result[i].Signature = uint8(alg) - } - return result -} - -func (e *SignatureAlgorithmExtension) Marshal() []byte { - result := make([]byte, 6+2*len(e.SignatureAndHashes)) - result[0] = byte(extensionSignatureAlgorithms >> 8) - result[1] = byte(extensionSignatureAlgorithms & 0xff) - result[2] = uint8((2 + 2*len(e.SignatureAndHashes)) >> 8) - result[3] = uint8((2 + 2*len(e.SignatureAndHashes))) - result[4] = uint8((2 * len(e.SignatureAndHashes)) >> 8) - result[5] = uint8((2 * len(e.SignatureAndHashes))) - for i, pair := range e.getStructuredAlgorithms() { - result[6+2*i] = uint8(pair.Hash) - result[7+2*i] = uint8(pair.Signature) - } - return result -} diff --git a/tls/handshake_messages.go b/tls/handshake_messages.go index a2268db6..b5f81e44 100644 --- a/tls/handshake_messages.go +++ b/tls/handshake_messages.go @@ -5,66 +5,93 @@ package tls import ( - "bytes" - "reflect" + "fmt" + "strings" + + "golang.org/x/crypto/cryptobyte" ) -type clientHelloMsg struct { - raw []byte - vers uint16 - random []byte - sessionId []byte - cipherSuites []uint16 - compressionMethods []uint8 - nextProtoNeg bool - serverName string - ocspStapling bool - scts bool - supportedCurves []CurveID - supportedPoints []uint8 - ticketSupported bool - sessionTicket []uint8 - signatureAndHashes []SigAndHash - secureRenegotiation bool - heartbeatEnabled bool - heartbeatMode uint8 - extendedRandomEnabled bool - extendedRandom []byte - extendedMasterSecret bool - sctEnabled bool - alpnProtocols []string - unknownExtensions [][]byte +// The marshalingFunction type is an adapter to allow the use of ordinary +// functions as cryptobyte.MarshalingValue. +type marshalingFunction func(b *cryptobyte.Builder) error + +func (f marshalingFunction) Marshal(b *cryptobyte.Builder) error { + return f(b) +} + +// addBytesWithLength appends a sequence of bytes to the cryptobyte.Builder. If +// the length of the sequence is not the value specified, it produces an error. +func addBytesWithLength(b *cryptobyte.Builder, v []byte, n int) { + b.AddValue(marshalingFunction(func(b *cryptobyte.Builder) error { + if len(v) != n { + return fmt.Errorf("invalid value length: expected %d, got %d", n, len(v)) + } + b.AddBytes(v) + return nil + })) } -func (m *clientHelloMsg) equal(i interface{}) bool { - m1, ok := i.(*clientHelloMsg) - if !ok { +// addUint64 appends a big-endian, 64-bit value to the cryptobyte.Builder. +func addUint64(b *cryptobyte.Builder, v uint64) { + b.AddUint32(uint32(v >> 32)) + b.AddUint32(uint32(v)) +} + +// readUint64 decodes a big-endian, 64-bit value into out and advances over it. +// It reports whether the read was successful. +func readUint64(s *cryptobyte.String, out *uint64) bool { + var hi, lo uint32 + if !s.ReadUint32(&hi) || !s.ReadUint32(&lo) { return false } + *out = uint64(hi)<<32 | uint64(lo) + return true +} + +// readUint8LengthPrefixed acts like s.ReadUint8LengthPrefixed, but targets a +// []byte instead of a cryptobyte.String. +func readUint8LengthPrefixed(s *cryptobyte.String, out *[]byte) bool { + return s.ReadUint8LengthPrefixed((*cryptobyte.String)(out)) +} + +// readUint16LengthPrefixed acts like s.ReadUint16LengthPrefixed, but targets a +// []byte instead of a cryptobyte.String. +func readUint16LengthPrefixed(s *cryptobyte.String, out *[]byte) bool { + return s.ReadUint16LengthPrefixed((*cryptobyte.String)(out)) +} - return bytes.Equal(m.raw, m1.raw) && - m.vers == m1.vers && - bytes.Equal(m.random, m1.random) && - bytes.Equal(m.sessionId, m1.sessionId) && - eqUint16s(m.cipherSuites, m1.cipherSuites) && - bytes.Equal(m.compressionMethods, m1.compressionMethods) && - m.nextProtoNeg == m1.nextProtoNeg && - m.serverName == m1.serverName && - m.ocspStapling == m1.ocspStapling && - m.scts == m1.scts && - eqCurveIDs(m.supportedCurves, m1.supportedCurves) && - bytes.Equal(m.supportedPoints, m1.supportedPoints) && - m.ticketSupported == m1.ticketSupported && - bytes.Equal(m.sessionTicket, m1.sessionTicket) && - eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) && - m.secureRenegotiation == m1.secureRenegotiation && - m.heartbeatEnabled == m1.heartbeatEnabled && - m.heartbeatMode == m1.heartbeatMode && - m.extendedRandomEnabled == m1.extendedRandomEnabled && - bytes.Equal(m.extendedRandom, m1.extendedRandom) && - m.extendedMasterSecret == m1.extendedMasterSecret && - eqStrings(m.alpnProtocols, m1.alpnProtocols) && - reflect.DeepEqual(m.unknownExtensions, m1.unknownExtensions) +// readUint24LengthPrefixed acts like s.ReadUint24LengthPrefixed, but targets a +// []byte instead of a cryptobyte.String. +func readUint24LengthPrefixed(s *cryptobyte.String, out *[]byte) bool { + return s.ReadUint24LengthPrefixed((*cryptobyte.String)(out)) +} + +type clientHelloMsg struct { + raw []byte + vers uint16 + random []byte + sessionId []byte + cipherSuites []uint16 + compressionMethods []uint8 + serverName string + ocspStapling bool + supportedCurves []CurveID + supportedPoints []uint8 + ticketSupported bool + sessionTicket []uint8 + supportedSignatureAlgorithms []SignatureScheme + supportedSignatureAlgorithmsCert []SignatureScheme + secureRenegotiationSupported bool + secureRenegotiation []byte + alpnProtocols []string + scts bool + supportedVersions []uint16 + cookie []byte + keyShares []keyShare + earlyData bool + pskModes []uint8 + pskIdentities []pskIdentity + pskBinders [][]byte } func (m *clientHelloMsg) marshal() []byte { @@ -72,562 +99,518 @@ func (m *clientHelloMsg) marshal() []byte { return m.raw } - length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods) - numExtensions := 0 - extensionsLength := 0 - if m.nextProtoNeg { - numExtensions++ - } - if m.ocspStapling { - extensionsLength += 1 + 2 + 2 - numExtensions++ - } - if len(m.serverName) > 0 { - extensionsLength += 5 + len(m.serverName) - numExtensions++ - } - if len(m.supportedCurves) > 0 { - extensionsLength += 2 + 2*len(m.supportedCurves) - numExtensions++ - } - if len(m.supportedPoints) > 0 { - extensionsLength += 1 + len(m.supportedPoints) - numExtensions++ - } - if m.ticketSupported { - extensionsLength += len(m.sessionTicket) - numExtensions++ - } - if len(m.signatureAndHashes) > 0 { - extensionsLength += 2 + 2*len(m.signatureAndHashes) - numExtensions++ - } - if m.secureRenegotiation { - extensionsLength += 1 - numExtensions++ - } - if len(m.alpnProtocols) > 0 { - extensionsLength += 2 - for _, s := range m.alpnProtocols { - if l := len(s); l == 0 || l > 255 { - panic("invalid ALPN protocol") + var b cryptobyte.Builder + b.AddUint8(typeClientHello) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(m.vers) + addBytesWithLength(b, m.random, 32) + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.sessionId) + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, suite := range m.cipherSuites { + b.AddUint16(suite) + } + }) + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.compressionMethods) + }) + + // If extensions aren't present, omit them. + var extensionsPresent bool + bWithoutExtensions := *b + + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if len(m.serverName) > 0 { + // RFC 6066, Section 3 + b.AddUint16(extensionServerName) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8(0) // name_type = host_name + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes([]byte(m.serverName)) + }) + }) + }) + } + if m.ocspStapling { + // RFC 4366, Section 3.6 + b.AddUint16(extensionStatusRequest) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8(1) // status_type = ocsp + b.AddUint16(0) // empty responder_id_list + b.AddUint16(0) // empty request_extensions + }) + } + if len(m.supportedCurves) > 0 { + // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7 + b.AddUint16(extensionSupportedCurves) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, curve := range m.supportedCurves { + b.AddUint16(uint16(curve)) + } + }) + }) + } + if len(m.supportedPoints) > 0 { + // RFC 4492, Section 5.1.2 + b.AddUint16(extensionSupportedPoints) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.supportedPoints) + }) + }) + } + if m.ticketSupported { + // RFC 5077, Section 3.2 + b.AddUint16(extensionSessionTicket) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.sessionTicket) + }) + } + if len(m.supportedSignatureAlgorithms) > 0 { + // RFC 5246, Section 7.4.1.4.1 + b.AddUint16(extensionSignatureAlgorithms) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sigAlgo := range m.supportedSignatureAlgorithms { + b.AddUint16(uint16(sigAlgo)) + } + }) + }) + } + if len(m.supportedSignatureAlgorithmsCert) > 0 { + // RFC 8446, Section 4.2.3 + b.AddUint16(extensionSignatureAlgorithmsCert) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sigAlgo := range m.supportedSignatureAlgorithmsCert { + b.AddUint16(uint16(sigAlgo)) + } + }) + }) + } + if m.secureRenegotiationSupported { + // RFC 5746, Section 3.2 + b.AddUint16(extensionRenegotiationInfo) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.secureRenegotiation) + }) + }) + } + if len(m.alpnProtocols) > 0 { + // RFC 7301, Section 3.1 + b.AddUint16(extensionALPN) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, proto := range m.alpnProtocols { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes([]byte(proto)) + }) + } + }) + }) + } + if m.scts { + // RFC 6962, Section 3.3.1 + b.AddUint16(extensionSCT) + b.AddUint16(0) // empty extension_data + } + if len(m.supportedVersions) > 0 { + // RFC 8446, Section 4.2.1 + b.AddUint16(extensionSupportedVersions) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + for _, vers := range m.supportedVersions { + b.AddUint16(vers) + } + }) + }) + } + if len(m.cookie) > 0 { + // RFC 8446, Section 4.2.2 + b.AddUint16(extensionCookie) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.cookie) + }) + }) + } + if len(m.keyShares) > 0 { + // RFC 8446, Section 4.2.8 + b.AddUint16(extensionKeyShare) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, ks := range m.keyShares { + b.AddUint16(uint16(ks.group)) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(ks.data) + }) + } + }) + }) + } + if m.earlyData { + // RFC 8446, Section 4.2.10 + b.AddUint16(extensionEarlyData) + b.AddUint16(0) // empty extension_data + } + if len(m.pskModes) > 0 { + // RFC 8446, Section 4.2.9 + b.AddUint16(extensionPSKModes) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.pskModes) + }) + }) + } + if len(m.pskIdentities) > 0 { // pre_shared_key must be the last extension + // RFC 8446, Section 4.2.11 + b.AddUint16(extensionPreSharedKey) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, psk := range m.pskIdentities { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(psk.label) + }) + b.AddUint32(psk.obfuscatedTicketAge) + } + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, binder := range m.pskBinders { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(binder) + }) + } + }) + }) } - extensionsLength++ - extensionsLength += len(s) - } - numExtensions++ - } - if m.heartbeatEnabled { - extensionsLength += 1 - numExtensions++ - } - if m.extendedRandomEnabled { - extensionsLength += 2 + len(m.extendedRandom) - numExtensions++ - } - if m.extendedMasterSecret { - numExtensions++ - } - if m.sctEnabled { - numExtensions++ - } - if len(m.unknownExtensions) > 0 { - // we do not update numExtensions because the extension code and length - // are already contained at the beginning of every 'ext' below - for _, ext := range m.unknownExtensions { - extensionsLength += len(ext) - } - } - if numExtensions > 0 { - extensionsLength += 4 * numExtensions - length += 2 + extensionsLength - } - x := make([]byte, 4+length) - x[0] = typeClientHello - x[1] = uint8(length >> 16) - x[2] = uint8(length >> 8) - x[3] = uint8(length) - x[4] = uint8(m.vers >> 8) - x[5] = uint8(m.vers) - copy(x[6:38], m.random) - x[38] = uint8(len(m.sessionId)) - copy(x[39:39+len(m.sessionId)], m.sessionId) - y := x[39+len(m.sessionId):] - // This is a clever way to store the lower 16 bits of 2*len(m.cipherSuites) - y[0] = uint8(len(m.cipherSuites) >> 7) - y[1] = uint8(len(m.cipherSuites) << 1) - for i, suite := range m.cipherSuites { - y[2+i*2] = uint8(suite >> 8) - y[3+i*2] = uint8(suite) - } - z := y[2+len(m.cipherSuites)*2:] - z[0] = uint8(len(m.compressionMethods)) - copy(z[1:], m.compressionMethods) - - z = z[1+len(m.compressionMethods):] - if numExtensions > 0 || len(m.unknownExtensions) > 0 { - z[0] = byte(extensionsLength >> 8) - z[1] = byte(extensionsLength) - z = z[2:] - } - if m.nextProtoNeg { - z[0] = byte(extensionNextProtoNeg >> 8) - z[1] = byte(extensionNextProtoNeg & 0xff) - // The length is always 0 - z = z[4:] - } - if len(m.serverName) > 0 { - z[0] = byte(extensionServerName >> 8) - z[1] = byte(extensionServerName & 0xff) - l := len(m.serverName) + 5 - z[2] = byte(l >> 8) - z[3] = byte(l) - z = z[4:] - - // RFC 3546, section 3.1 - // - // struct { - // NameType name_type; - // select (name_type) { - // case host_name: HostName; - // } name; - // } ServerName; - // - // enum { - // host_name(0), (255) - // } NameType; - // - // opaque HostName<1..2^16-1>; - // - // struct { - // ServerName server_name_list<1..2^16-1> - // } ServerNameList; - - z[0] = byte((len(m.serverName) + 3) >> 8) - z[1] = byte(len(m.serverName) + 3) - z[3] = byte(len(m.serverName) >> 8) - z[4] = byte(len(m.serverName)) - copy(z[5:], []byte(m.serverName)) - z = z[l:] - } - if m.ocspStapling { - // RFC 4366, section 3.6 - z[0] = byte(extensionStatusRequest >> 8) - z[1] = byte(extensionStatusRequest) - z[2] = 0 - z[3] = 5 - z[4] = 1 // OCSP type - // Two zero valued uint16s for the two lengths. - z = z[9:] - } - if len(m.supportedCurves) > 0 { - // http://tools.ietf.org/html/rfc4492#section-5.5.1 - z[0] = byte(extensionSupportedCurves >> 8) - z[1] = byte(extensionSupportedCurves) - l := 2 + 2*len(m.supportedCurves) - z[2] = byte(l >> 8) - z[3] = byte(l) - l -= 2 - z[4] = byte(l >> 8) - z[5] = byte(l) - z = z[6:] - for _, curve := range m.supportedCurves { - z[0] = byte(curve >> 8) - z[1] = byte(curve) - z = z[2:] + extensionsPresent = len(b.BytesOrPanic()) > 2 + }) + + if !extensionsPresent { + *b = bWithoutExtensions } + }) + + m.raw = b.BytesOrPanic() + return m.raw +} + +// marshalWithoutBinders returns the ClientHello through the +// PreSharedKeyExtension.identities field, according to RFC 8446, Section +// 4.2.11.2. Note that m.pskBinders must be set to slices of the correct length. +func (m *clientHelloMsg) marshalWithoutBinders() []byte { + bindersLen := 2 // uint16 length prefix + for _, binder := range m.pskBinders { + bindersLen += 1 // uint8 length prefix + bindersLen += len(binder) } - if len(m.supportedPoints) > 0 { - // http://tools.ietf.org/html/rfc4492#section-5.5.2 - z[0] = byte(extensionSupportedPoints >> 8) - z[1] = byte(extensionSupportedPoints) - l := 1 + len(m.supportedPoints) - z[2] = byte(l >> 8) - z[3] = byte(l) - l-- - z[4] = byte(l) - z = z[5:] - for _, pointFormat := range m.supportedPoints { - z[0] = byte(pointFormat) - z = z[1:] - } + + fullMessage := m.marshal() + return fullMessage[:len(fullMessage)-bindersLen] +} + +// updateBinders updates the m.pskBinders field, if necessary updating the +// cached marshaled representation. The supplied binders must have the same +// length as the current m.pskBinders. +func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) { + if len(pskBinders) != len(m.pskBinders) { + panic("tls: internal error: pskBinders length mismatch") } - if m.ticketSupported { - // http://tools.ietf.org/html/rfc5077#section-3.2 - z[0] = byte(extensionSessionTicket >> 8) - z[1] = byte(extensionSessionTicket) - l := len(m.sessionTicket) - z[2] = byte(l >> 8) - z[3] = byte(l) - z = z[4:] - copy(z, m.sessionTicket) - z = z[len(m.sessionTicket):] - } - if len(m.signatureAndHashes) > 0 { - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - z[0] = byte(extensionSignatureAlgorithms >> 8) - z[1] = byte(extensionSignatureAlgorithms) - l := 2 + 2*len(m.signatureAndHashes) - z[2] = byte(l >> 8) - z[3] = byte(l) - z = z[4:] - - l -= 2 - z[0] = byte(l >> 8) - z[1] = byte(l) - z = z[2:] - for _, sigAndHash := range m.signatureAndHashes { - z[0] = sigAndHash.Hash - z[1] = sigAndHash.Signature - z = z[2:] + for i := range m.pskBinders { + if len(pskBinders[i]) != len(m.pskBinders[i]) { + panic("tls: internal error: pskBinders length mismatch") } } - if m.secureRenegotiation { - z[0] = byte(extensionRenegotiationInfo >> 8) - z[1] = byte(extensionRenegotiationInfo & 0xff) - z[2] = 0 - z[3] = 1 - z = z[5:] - } - if len(m.alpnProtocols) > 0 { - z[0] = byte(extensionALPN >> 8) - z[1] = byte(extensionALPN & 0xff) - lengths := z[2:] - z = z[6:] - - stringsLength := 0 - for _, s := range m.alpnProtocols { - l := len(s) - z[0] = byte(l) - copy(z[1:], s) - z = z[1+l:] - stringsLength += 1 + l - } - - lengths[2] = byte(stringsLength >> 8) - lengths[3] = byte(stringsLength) - stringsLength += 2 - lengths[0] = byte(stringsLength >> 8) - lengths[1] = byte(stringsLength) - } - if m.heartbeatEnabled { - z[0] = byte(extensionHeartbeat >> 8) - z[1] = byte(extensionHeartbeat) - length := 1 - z[2] = byte(length >> 8) - z[3] = byte(length) - z[4] = m.heartbeatMode - z = z[5:] - } - if m.extendedRandomEnabled { - z[0] = byte(extensionExtendedRandom >> 8) - z[1] = byte(extensionExtendedRandom) - exLen := len(m.extendedRandom) - length := 2 + exLen - z[2] = byte(length >> 8) - z[3] = byte(length) - z[4] = byte(exLen >> 8) - z[5] = byte(exLen) - z = z[6:] - copy(z, m.extendedRandom) - z = z[exLen:] - } - if m.extendedMasterSecret { - // https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 - z[0] = byte(extensionExtendedMasterSecret >> 8) - z[1] = byte(extensionExtendedMasterSecret & 0xff) - z = z[4:] - } - if m.sctEnabled { - // https://tools.ietf.org/html/rfc6962#section-3.3.1 - z[0] = byte(extensionSCT >> 8) - z[1] = byte(extensionSCT) - // zero uint16 for the zero-length extension_data - z = z[4:] - } - if len(m.unknownExtensions) > 0 { - for _, ext := range m.unknownExtensions { - copy(z, ext) - z = z[len(ext):] + m.pskBinders = pskBinders + if m.raw != nil { + lenWithoutBinders := len(m.marshalWithoutBinders()) + // TODO(filippo): replace with NewFixedBuilder once CL 148882 is imported. + b := cryptobyte.NewBuilder(m.raw[:lenWithoutBinders]) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, binder := range m.pskBinders { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(binder) + }) + } + }) + if len(b.BytesOrPanic()) != len(m.raw) { + panic("tls: internal error: failed to update binders") } } - - m.raw = x - - return x } func (m *clientHelloMsg) unmarshal(data []byte) bool { - if len(data) < 42 { - return false - } - m.raw = data - m.vers = uint16(data[4])<<8 | uint16(data[5]) - m.random = data[6:38] - sessionIdLen := int(data[38]) - if sessionIdLen > 32 || len(data) < 39+sessionIdLen { - return false - } - m.sessionId = data[39 : 39+sessionIdLen] - data = data[39+sessionIdLen:] - if len(data) < 2 { + *m = clientHelloMsg{raw: data} + s := cryptobyte.String(data) + + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint16(&m.vers) || !s.ReadBytes(&m.random, 32) || + !readUint8LengthPrefixed(&s, &m.sessionId) { return false } - // cipherSuiteLen is the number of bytes of cipher suite numbers. Since - // they are uint16s, the number must be even. - cipherSuiteLen := int(data[0])<<8 | int(data[1]) - if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen { + + var cipherSuites cryptobyte.String + if !s.ReadUint16LengthPrefixed(&cipherSuites) { return false } - numCipherSuites := cipherSuiteLen / 2 - m.cipherSuites = make([]uint16, numCipherSuites) - for i := 0; i < numCipherSuites; i++ { - m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i]) - if m.cipherSuites[i] == scsvRenegotiation { - m.secureRenegotiation = true + m.cipherSuites = []uint16{} + m.secureRenegotiationSupported = false + for !cipherSuites.Empty() { + var suite uint16 + if !cipherSuites.ReadUint16(&suite) { + return false } + if suite == scsvRenegotiation { + m.secureRenegotiationSupported = true + } + m.cipherSuites = append(m.cipherSuites, suite) } - data = data[2+cipherSuiteLen:] - if len(data) < 1 { - return false - } - compressionMethodsLen := int(data[0]) - if len(data) < 1+compressionMethodsLen { + + if !readUint8LengthPrefixed(&s, &m.compressionMethods) { return false } - m.compressionMethods = data[1 : 1+compressionMethodsLen] - - data = data[1+compressionMethodsLen:] - m.nextProtoNeg = false - m.serverName = "" - m.ocspStapling = false - m.ticketSupported = false - m.sessionTicket = nil - m.signatureAndHashes = nil - m.heartbeatEnabled = false - m.extendedMasterSecret = false - m.alpnProtocols = nil - m.scts = false - m.unknownExtensions = [][]byte(nil) - - if len(data) == 0 { + if s.Empty() { // ClientHello is optionally followed by extension data return true } - if len(data) < 2 { - return false - } - extensionsLength := int(data[0])<<8 | int(data[1]) - data = data[2:] - if extensionsLength != len(data) { + var extensions cryptobyte.String + if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() { return false } - for len(data) != 0 { - if len(data) < 4 { - return false - } - fullData := data - extension := uint16(data[0])<<8 | uint16(data[1]) - length := int(data[2])<<8 | int(data[3]) - data = data[4:] - if len(data) < length { + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { return false } switch extension { case extensionServerName: - // we keep only the last name for m.serverName - if length < 2 { + // RFC 6066, Section 3 + var nameList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&nameList) || nameList.Empty() { return false } - numNames := int(data[0])<<8 | int(data[1]) - d := data[2:] - for i := 0; i < numNames; i++ { - if len(d) < 3 { + for !nameList.Empty() { + var nameType uint8 + var serverName cryptobyte.String + if !nameList.ReadUint8(&nameType) || + !nameList.ReadUint16LengthPrefixed(&serverName) || + serverName.Empty() { return false } - nameType := d[0] - nameLen := int(d[1])<<8 | int(d[2]) - d = d[3:] - if len(d) < nameLen { + if nameType != 0 { + continue + } + if len(m.serverName) != 0 { + // Multiple names of the same name_type are prohibited. return false } - if nameType == 0 { - m.serverName = string(d[0:nameLen]) - break + m.serverName = string(serverName) + // An SNI value may not include a trailing dot. + if strings.HasSuffix(m.serverName, ".") { + return false } - d = d[nameLen:] - } - case extensionNextProtoNeg: - if length > 0 { - return false } - m.nextProtoNeg = true case extensionStatusRequest: - m.ocspStapling = length > 0 && data[0] == statusTypeOCSP - case extensionSupportedCurves: - // http://tools.ietf.org/html/rfc4492#section-5.5.1 - if length < 2 { + // RFC 4366, Section 3.6 + var statusType uint8 + var ignored cryptobyte.String + if !extData.ReadUint8(&statusType) || + !extData.ReadUint16LengthPrefixed(&ignored) || + !extData.ReadUint16LengthPrefixed(&ignored) { return false } - l := int(data[0])<<8 | int(data[1]) - if l%2 == 1 || length != l+2 { + m.ocspStapling = statusType == statusTypeOCSP + case extensionSupportedCurves: + // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7 + var curves cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&curves) || curves.Empty() { return false } - numCurves := l / 2 - m.supportedCurves = make([]CurveID, numCurves) - d := data[2:] - for i := 0; i < numCurves; i++ { - m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1]) - d = d[2:] + for !curves.Empty() { + var curve uint16 + if !curves.ReadUint16(&curve) { + return false + } + m.supportedCurves = append(m.supportedCurves, CurveID(curve)) } case extensionSupportedPoints: - // http://tools.ietf.org/html/rfc4492#section-5.5.2 - if length < 1 { - return false - } - l := int(data[0]) - if length != l+1 { + // RFC 4492, Section 5.1.2 + if !readUint8LengthPrefixed(&extData, &m.supportedPoints) || + len(m.supportedPoints) == 0 { return false } - m.supportedPoints = make([]uint8, l) - copy(m.supportedPoints, data[1:]) case extensionSessionTicket: - // http://tools.ietf.org/html/rfc5077#section-3.2 + // RFC 5077, Section 3.2 m.ticketSupported = true - m.sessionTicket = data[:length] + extData.ReadBytes(&m.sessionTicket, len(extData)) case extensionSignatureAlgorithms: - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - if length < 2 || length&1 != 0 { + // RFC 5246, Section 7.4.1.4.1 + var sigAndAlgs cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() { return false } - l := int(data[0])<<8 | int(data[1]) - if l != length-2 { + for !sigAndAlgs.Empty() { + var sigAndAlg uint16 + if !sigAndAlgs.ReadUint16(&sigAndAlg) { + return false + } + m.supportedSignatureAlgorithms = append( + m.supportedSignatureAlgorithms, SignatureScheme(sigAndAlg)) + } + case extensionSignatureAlgorithmsCert: + // RFC 8446, Section 4.2.3 + var sigAndAlgs cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() { return false } - n := l / 2 - d := data[2:] - m.signatureAndHashes = make([]SigAndHash, n) - for i := range m.signatureAndHashes { - m.signatureAndHashes[i].Hash = d[0] - m.signatureAndHashes[i].Signature = d[1] - d = d[2:] + for !sigAndAlgs.Empty() { + var sigAndAlg uint16 + if !sigAndAlgs.ReadUint16(&sigAndAlg) { + return false + } + m.supportedSignatureAlgorithmsCert = append( + m.supportedSignatureAlgorithmsCert, SignatureScheme(sigAndAlg)) } case extensionRenegotiationInfo: - if length != 1 || data[0] != 0 { + // RFC 5746, Section 3.2 + if !readUint8LengthPrefixed(&extData, &m.secureRenegotiation) { return false } - m.secureRenegotiation = true + m.secureRenegotiationSupported = true case extensionALPN: - if length < 2 { + // RFC 7301, Section 3.1 + var protoList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() { return false } - l := int(data[0])<<8 | int(data[1]) - if l != length-2 { + for !protoList.Empty() { + var proto cryptobyte.String + if !protoList.ReadUint8LengthPrefixed(&proto) || proto.Empty() { + return false + } + m.alpnProtocols = append(m.alpnProtocols, string(proto)) + } + case extensionSCT: + // RFC 6962, Section 3.3.1 + m.scts = true + case extensionSupportedVersions: + // RFC 8446, Section 4.2.1 + var versList cryptobyte.String + if !extData.ReadUint8LengthPrefixed(&versList) || versList.Empty() { return false } - d := data[2:length] - for len(d) != 0 { - stringLen := int(d[0]) - d = d[1:] - if stringLen == 0 || stringLen > len(d) { + for !versList.Empty() { + var vers uint16 + if !versList.ReadUint16(&vers) { return false } - m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen])) - d = d[stringLen:] + m.supportedVersions = append(m.supportedVersions, vers) } - case extensionHeartbeat: - // https://tools.ietf.org/html/rfc6520 - if length != 1 { + case extensionCookie: + // RFC 8446, Section 4.2.2 + if !readUint16LengthPrefixed(&extData, &m.cookie) || + len(m.cookie) == 0 { return false } - mode := data[0] - if mode != heartbeatModePeerAllowed && - mode != heartbeatModePeerNotAllowed { + case extensionKeyShare: + // RFC 8446, Section 4.2.8 + var clientShares cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&clientShares) { return false } - m.heartbeatEnabled = true - m.heartbeatMode = mode - case extensionExtendedRandom: - if length < 3 { - return false + for !clientShares.Empty() { + var ks keyShare + if !clientShares.ReadUint16((*uint16)(&ks.group)) || + !readUint16LengthPrefixed(&clientShares, &ks.data) || + len(ks.data) == 0 { + return false + } + m.keyShares = append(m.keyShares, ks) } - exLen := int(data[0])<<8 | int(data[1]) - if length != exLen+2 { + case extensionEarlyData: + // RFC 8446, Section 4.2.10 + m.earlyData = true + case extensionPSKModes: + // RFC 8446, Section 4.2.9 + if !readUint8LengthPrefixed(&extData, &m.pskModes) { return false } - if exLen > len(data) { - return false + case extensionPreSharedKey: + // RFC 8446, Section 4.2.11 + if !extensions.Empty() { + return false // pre_shared_key must be the last extension } - m.extendedRandomEnabled = true - m.extendedRandom = make([]byte, exLen) - copy(m.extendedRandom, data[2:]) - case extensionExtendedMasterSecret: - if length != 0 { + var identities cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&identities) || identities.Empty() { return false } - m.extendedMasterSecret = true - case extensionSCT: - m.scts = true - if length != 0 { + for !identities.Empty() { + var psk pskIdentity + if !readUint16LengthPrefixed(&identities, &psk.label) || + !identities.ReadUint32(&psk.obfuscatedTicketAge) || + len(psk.label) == 0 { + return false + } + m.pskIdentities = append(m.pskIdentities, psk) + } + var binders cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&binders) || binders.Empty() { return false } + for !binders.Empty() { + var binder []byte + if !readUint8LengthPrefixed(&binders, &binder) || + len(binder) == 0 { + return false + } + m.pskBinders = append(m.pskBinders, binder) + } default: - fullExt := append(fullData[:4], data[:length]...) - m.unknownExtensions = append(m.unknownExtensions, fullExt) + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false } - data = data[length:] } return true } type serverHelloMsg struct { - raw []byte - vers uint16 - random []byte - sessionId []byte - cipherSuite uint16 - compressionMethod uint8 - nextProtoNeg bool - nextProtos []string - ocspStapling bool - scts [][]byte - ticketSupported bool - secureRenegotiation bool - heartbeatEnabled bool - heartbeatMode uint8 - extendedRandomEnabled bool - extendedRandom []byte - extendedMasterSecret bool - alpnProtocol string - unknownExtensions [][]byte -} - -func (m *serverHelloMsg) equal(i interface{}) bool { - m1, ok := i.(*serverHelloMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - m.vers == m1.vers && - bytes.Equal(m.random, m1.random) && - bytes.Equal(m.sessionId, m1.sessionId) && - m.cipherSuite == m1.cipherSuite && - m.compressionMethod == m1.compressionMethod && - m.nextProtoNeg == m1.nextProtoNeg && - eqStrings(m.nextProtos, m1.nextProtos) && - m.ocspStapling == m1.ocspStapling && - m.ticketSupported == m1.ticketSupported && - m.secureRenegotiation == m1.secureRenegotiation && - m.extendedMasterSecret == m1.extendedMasterSecret && - m.alpnProtocol == m1.alpnProtocol && - reflect.DeepEqual(m.unknownExtensions, m1.unknownExtensions) + raw []byte + vers uint16 + random []byte + sessionId []byte + cipherSuite uint16 + compressionMethod uint8 + ocspStapling bool + ticketSupported bool + secureRenegotiationSupported bool + secureRenegotiation []byte + alpnProtocol string + scts [][]byte + supportedVersion uint16 + serverShare keyShare + selectedIdentityPresent bool + selectedIdentity uint16 + supportedPoints []uint8 + + // HelloRetryRequest extensions + cookie []byte + selectedGroup CurveID } func (m *serverHelloMsg) marshal() []byte { @@ -635,346 +618,583 @@ func (m *serverHelloMsg) marshal() []byte { return m.raw } - length := 38 + len(m.sessionId) - numExtensions := 0 - extensionsLength := 0 + var b cryptobyte.Builder + b.AddUint8(typeServerHello) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(m.vers) + addBytesWithLength(b, m.random, 32) + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.sessionId) + }) + b.AddUint16(m.cipherSuite) + b.AddUint8(m.compressionMethod) + + // If extensions aren't present, omit them. + var extensionsPresent bool + bWithoutExtensions := *b + + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if m.ocspStapling { + b.AddUint16(extensionStatusRequest) + b.AddUint16(0) // empty extension_data + } + if m.ticketSupported { + b.AddUint16(extensionSessionTicket) + b.AddUint16(0) // empty extension_data + } + if m.secureRenegotiationSupported { + b.AddUint16(extensionRenegotiationInfo) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.secureRenegotiation) + }) + }) + } + if len(m.alpnProtocol) > 0 { + b.AddUint16(extensionALPN) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes([]byte(m.alpnProtocol)) + }) + }) + }) + } + if len(m.scts) > 0 { + b.AddUint16(extensionSCT) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sct := range m.scts { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(sct) + }) + } + }) + }) + } + if m.supportedVersion != 0 { + b.AddUint16(extensionSupportedVersions) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(m.supportedVersion) + }) + } + if m.serverShare.group != 0 { + b.AddUint16(extensionKeyShare) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(uint16(m.serverShare.group)) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.serverShare.data) + }) + }) + } + if m.selectedIdentityPresent { + b.AddUint16(extensionPreSharedKey) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(m.selectedIdentity) + }) + } - nextProtoLen := 0 - if m.nextProtoNeg { - numExtensions++ - for _, v := range m.nextProtos { - nextProtoLen += len(v) - } - nextProtoLen += len(m.nextProtos) - extensionsLength += nextProtoLen - } - if m.ocspStapling { - numExtensions++ - } - if m.ticketSupported { - numExtensions++ - } - if m.secureRenegotiation { - extensionsLength += 1 - numExtensions++ - } - if alpnLen := len(m.alpnProtocol); alpnLen > 0 { - if alpnLen >= 256 { - panic("invalid ALPN protocol") - } - extensionsLength += 2 + 1 + alpnLen - numExtensions++ - } - if m.heartbeatEnabled { - extensionsLength += 1 - numExtensions++ - } - if m.extendedRandomEnabled { - extensionsLength += 2 + len(m.extendedRandom) - numExtensions++ - } - if m.extendedMasterSecret { - numExtensions++ - } - sctLen := 0 - if len(m.scts) > 0 { - for _, sct := range m.scts { - sctLen += len(sct) + 2 - } - extensionsLength += 2 + sctLen - numExtensions++ - } - if len(m.unknownExtensions) > 0 { - // we do not update numExtensions because the extension code and length - // are already contained at the beginning of every 'ext' below - for _, ext := range m.unknownExtensions { - extensionsLength += len(ext) - } - } - if numExtensions > 0 { - extensionsLength += 4 * numExtensions - length += 2 + extensionsLength - } + if len(m.cookie) > 0 { + b.AddUint16(extensionCookie) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.cookie) + }) + }) + } + if m.selectedGroup != 0 { + b.AddUint16(extensionKeyShare) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16(uint16(m.selectedGroup)) + }) + } + if len(m.supportedPoints) > 0 { + b.AddUint16(extensionSupportedPoints) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.supportedPoints) + }) + }) + } - x := make([]byte, 4+length) - x[0] = typeServerHello - x[1] = uint8(length >> 16) - x[2] = uint8(length >> 8) - x[3] = uint8(length) - x[4] = uint8(m.vers >> 8) - x[5] = uint8(m.vers) - copy(x[6:38], m.random) - x[38] = uint8(len(m.sessionId)) - copy(x[39:39+len(m.sessionId)], m.sessionId) - z := x[39+len(m.sessionId):] - z[0] = uint8(m.cipherSuite >> 8) - z[1] = uint8(m.cipherSuite) - z[2] = uint8(m.compressionMethod) - - z = z[3:] - if numExtensions > 0 || len(m.unknownExtensions) > 0 { - z[0] = byte(extensionsLength >> 8) - z[1] = byte(extensionsLength) - z = z[2:] - } - if m.nextProtoNeg { - z[0] = byte(extensionNextProtoNeg >> 8) - z[1] = byte(extensionNextProtoNeg & 0xff) - z[2] = byte(nextProtoLen >> 8) - z[3] = byte(nextProtoLen) - z = z[4:] - - for _, v := range m.nextProtos { - l := len(v) - if l > 255 { - l = 255 - } - z[0] = byte(l) - copy(z[1:], []byte(v[0:l])) - z = z[1+l:] - } - } - if m.ocspStapling { - z[0] = byte(extensionStatusRequest >> 8) - z[1] = byte(extensionStatusRequest) - z = z[4:] - } - if m.ticketSupported { - z[0] = byte(extensionSessionTicket >> 8) - z[1] = byte(extensionSessionTicket) - z = z[4:] - } - if m.secureRenegotiation { - z[0] = byte(extensionRenegotiationInfo >> 8) - z[1] = byte(extensionRenegotiationInfo & 0xff) - z[2] = 0 - z[3] = 1 - z = z[5:] - } - if alpnLen := len(m.alpnProtocol); alpnLen > 0 { - z[0] = byte(extensionALPN >> 8) - z[1] = byte(extensionALPN & 0xff) - l := 2 + 1 + alpnLen - z[2] = byte(l >> 8) - z[3] = byte(l) - l -= 2 - z[4] = byte(l >> 8) - z[5] = byte(l) - l -= 1 - z[6] = byte(l) - copy(z[7:], []byte(m.alpnProtocol)) - z = z[7+alpnLen:] - } - if m.heartbeatEnabled { - z[0] = byte(extensionHeartbeat >> 8) - z[1] = byte(extensionHeartbeat) - z[2] = byte(1 >> 8) - z[3] = byte(1) - z[4] = m.heartbeatMode - z = z[5:] - } - if m.extendedRandomEnabled { - z[0] = byte(extensionExtendedRandom >> 8) - z[1] = byte(extensionExtendedRandom) - exLen := len(m.extendedRandom) - fullLength := 2 + exLen - z[2] = byte(fullLength << 8) - z[3] = byte(fullLength) - z[4] = byte(exLen << 8) - z[5] = byte(exLen) - z = z[6:] - copy(z, m.extendedRandom) - z = z[exLen:] - } - if m.extendedMasterSecret { - z[0] = byte(extensionExtendedMasterSecret >> 8) - z[1] = byte(extensionExtendedMasterSecret & 0xff) - z = z[4:] - } - if sctLen > 0 { - z[0] = byte(extensionSCT >> 8) - z[1] = byte(extensionSCT) - l := sctLen + 2 - z[2] = byte(l >> 8) - z[3] = byte(l) - z[4] = byte(sctLen >> 8) - z[5] = byte(sctLen) - - z = z[6:] - for _, sct := range m.scts { - z[0] = byte(len(sct) >> 8) - z[1] = byte(len(sct)) - copy(z[2:], sct) - z = z[len(sct)+2:] - } - } - if len(m.unknownExtensions) > 0 { - for _, ext := range m.unknownExtensions { - copy(z, ext) - z = z[len(ext):] + extensionsPresent = len(b.BytesOrPanic()) > 2 + }) + + if !extensionsPresent { + *b = bWithoutExtensions } - } - m.raw = x - return x + }) + + m.raw = b.BytesOrPanic() + return m.raw } func (m *serverHelloMsg) unmarshal(data []byte) bool { - if len(data) < 42 { - return false - } - m.raw = data - m.vers = uint16(data[4])<<8 | uint16(data[5]) - m.random = data[6:38] - sessionIdLen := int(data[38]) - if sessionIdLen > 32 || len(data) < 39+sessionIdLen { + *m = serverHelloMsg{raw: data} + s := cryptobyte.String(data) + + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint16(&m.vers) || !s.ReadBytes(&m.random, 32) || + !readUint8LengthPrefixed(&s, &m.sessionId) || + !s.ReadUint16(&m.cipherSuite) || + !s.ReadUint8(&m.compressionMethod) { return false } - m.sessionId = data[39 : 39+sessionIdLen] - data = data[39+sessionIdLen:] - if len(data) < 3 { - return false - } - m.cipherSuite = uint16(data[0])<<8 | uint16(data[1]) - m.compressionMethod = data[2] - data = data[3:] - - m.nextProtoNeg = false - m.nextProtos = nil - m.scts = nil - m.ocspStapling = false - m.ticketSupported = false - m.heartbeatEnabled = false - m.extendedRandomEnabled = false - m.extendedMasterSecret = false - m.alpnProtocol = "" - m.unknownExtensions = [][]byte(nil) - - if len(data) == 0 { + + if s.Empty() { // ServerHello is optionally followed by extension data return true } - if len(data) < 2 { - return false - } - extensionsLength := int(data[0])<<8 | int(data[1]) - data = data[2:] - if len(data) != extensionsLength { + var extensions cryptobyte.String + if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() { return false } - for len(data) != 0 { - if len(data) < 4 { - return false - } - fullData := data - extension := uint16(data[0])<<8 | uint16(data[1]) - length := int(data[2])<<8 | int(data[3]) - data = data[4:] - if len(data) < length { + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { return false } switch extension { - case extensionNextProtoNeg: - m.nextProtoNeg = true - d := data[:length] - for len(d) > 0 { - l := int(d[0]) - d = d[1:] - if l == 0 || l > len(d) { + case extensionStatusRequest: + m.ocspStapling = true + case extensionSessionTicket: + m.ticketSupported = true + case extensionRenegotiationInfo: + if !readUint8LengthPrefixed(&extData, &m.secureRenegotiation) { + return false + } + m.secureRenegotiationSupported = true + case extensionALPN: + var protoList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() { + return false + } + var proto cryptobyte.String + if !protoList.ReadUint8LengthPrefixed(&proto) || + proto.Empty() || !protoList.Empty() { + return false + } + m.alpnProtocol = string(proto) + case extensionSCT: + var sctList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sctList) || sctList.Empty() { + return false + } + for !sctList.Empty() { + var sct []byte + if !readUint16LengthPrefixed(&sctList, &sct) || + len(sct) == 0 { return false } - m.nextProtos = append(m.nextProtos, string(d[:l])) - d = d[l:] + m.scts = append(m.scts, sct) } - case extensionStatusRequest: - if length > 0 { + case extensionSupportedVersions: + if !extData.ReadUint16(&m.supportedVersion) { return false } - m.ocspStapling = true - case extensionSessionTicket: - if length > 0 { + case extensionCookie: + if !readUint16LengthPrefixed(&extData, &m.cookie) || + len(m.cookie) == 0 { return false } - m.ticketSupported = true - case extensionRenegotiationInfo: - if length != 1 || data[0] != 0 { + case extensionKeyShare: + // This extension has different formats in SH and HRR, accept either + // and let the handshake logic decide. See RFC 8446, Section 4.2.8. + if len(extData) == 2 { + if !extData.ReadUint16((*uint16)(&m.selectedGroup)) { + return false + } + } else { + if !extData.ReadUint16((*uint16)(&m.serverShare.group)) || + !readUint16LengthPrefixed(&extData, &m.serverShare.data) { + return false + } + } + case extensionPreSharedKey: + m.selectedIdentityPresent = true + if !extData.ReadUint16(&m.selectedIdentity) { return false } - m.secureRenegotiation = true - case extensionALPN: - d := data[:length] - if len(d) < 3 { + case extensionSupportedPoints: + // RFC 4492, Section 5.1.2 + if !readUint8LengthPrefixed(&extData, &m.supportedPoints) || + len(m.supportedPoints) == 0 { return false } - l := int(d[0])<<8 | int(d[1]) - if l != len(d)-2 { + default: + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false + } + } + + return true +} + +type encryptedExtensionsMsg struct { + raw []byte + alpnProtocol string +} + +func (m *encryptedExtensionsMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var b cryptobyte.Builder + b.AddUint8(typeEncryptedExtensions) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if len(m.alpnProtocol) > 0 { + b.AddUint16(extensionALPN) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes([]byte(m.alpnProtocol)) + }) + }) + }) + } + }) + }) + + m.raw = b.BytesOrPanic() + return m.raw +} + +func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool { + *m = encryptedExtensionsMsg{raw: data} + s := cryptobyte.String(data) + + var extensions cryptobyte.String + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() { + return false + } + + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { + return false + } + + switch extension { + case extensionALPN: + var protoList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() { return false } - d = d[2:] - l = int(d[0]) - if l != len(d)-1 { + var proto cryptobyte.String + if !protoList.ReadUint8LengthPrefixed(&proto) || + proto.Empty() || !protoList.Empty() { return false } - d = d[1:] - if len(d) == 0 { - // ALPN protocols must not be empty. + m.alpnProtocol = string(proto) + default: + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false + } + } + + return true +} + +type endOfEarlyDataMsg struct{} + +func (m *endOfEarlyDataMsg) marshal() []byte { + x := make([]byte, 4) + x[0] = typeEndOfEarlyData + return x +} + +func (m *endOfEarlyDataMsg) unmarshal(data []byte) bool { + return len(data) == 4 +} + +type keyUpdateMsg struct { + raw []byte + updateRequested bool +} + +func (m *keyUpdateMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var b cryptobyte.Builder + b.AddUint8(typeKeyUpdate) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + if m.updateRequested { + b.AddUint8(1) + } else { + b.AddUint8(0) + } + }) + + m.raw = b.BytesOrPanic() + return m.raw +} + +func (m *keyUpdateMsg) unmarshal(data []byte) bool { + m.raw = data + s := cryptobyte.String(data) + + var updateRequested uint8 + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint8(&updateRequested) || !s.Empty() { + return false + } + switch updateRequested { + case 0: + m.updateRequested = false + case 1: + m.updateRequested = true + default: + return false + } + return true +} + +type newSessionTicketMsgTLS13 struct { + raw []byte + lifetime uint32 + ageAdd uint32 + nonce []byte + label []byte + maxEarlyData uint32 +} + +func (m *newSessionTicketMsgTLS13) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var b cryptobyte.Builder + b.AddUint8(typeNewSessionTicket) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint32(m.lifetime) + b.AddUint32(m.ageAdd) + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.nonce) + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.label) + }) + + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if m.maxEarlyData > 0 { + b.AddUint16(extensionEarlyData) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint32(m.maxEarlyData) + }) + } + }) + }) + + m.raw = b.BytesOrPanic() + return m.raw +} + +func (m *newSessionTicketMsgTLS13) unmarshal(data []byte) bool { + *m = newSessionTicketMsgTLS13{raw: data} + s := cryptobyte.String(data) + + var extensions cryptobyte.String + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint32(&m.lifetime) || + !s.ReadUint32(&m.ageAdd) || + !readUint8LengthPrefixed(&s, &m.nonce) || + !readUint16LengthPrefixed(&s, &m.label) || + !s.ReadUint16LengthPrefixed(&extensions) || + !s.Empty() { + return false + } + + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { + return false + } + + switch extension { + case extensionEarlyData: + if !extData.ReadUint32(&m.maxEarlyData) { return false } - m.alpnProtocol = string(d) - case extensionHeartbeat: - m.heartbeatEnabled = true - m.heartbeatMode = data[0] - case extensionExtendedRandom: - m.extendedRandomEnabled = true - if length < 3 { - return false + default: + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false + } + } + + return true +} + +type certificateRequestMsgTLS13 struct { + raw []byte + ocspStapling bool + scts bool + supportedSignatureAlgorithms []SignatureScheme + supportedSignatureAlgorithmsCert []SignatureScheme + certificateAuthorities [][]byte +} + +func (m *certificateRequestMsgTLS13) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var b cryptobyte.Builder + b.AddUint8(typeCertificateRequest) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + // certificate_request_context (SHALL be zero length unless used for + // post-handshake authentication) + b.AddUint8(0) + + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if m.ocspStapling { + b.AddUint16(extensionStatusRequest) + b.AddUint16(0) // empty extension_data + } + if m.scts { + // RFC 8446, Section 4.4.2.1 makes no mention of + // signed_certificate_timestamp in CertificateRequest, but + // "Extensions in the Certificate message from the client MUST + // correspond to extensions in the CertificateRequest message + // from the server." and it appears in the table in Section 4.2. + b.AddUint16(extensionSCT) + b.AddUint16(0) // empty extension_data } - exRandLen := int(data[0])<<8 | int(data[1]) - if length != exRandLen+2 { - return false + if len(m.supportedSignatureAlgorithms) > 0 { + b.AddUint16(extensionSignatureAlgorithms) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sigAlgo := range m.supportedSignatureAlgorithms { + b.AddUint16(uint16(sigAlgo)) + } + }) + }) } - exRand := data[2:] - if len(exRand) < exRandLen { - return false + if len(m.supportedSignatureAlgorithmsCert) > 0 { + b.AddUint16(extensionSignatureAlgorithmsCert) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sigAlgo := range m.supportedSignatureAlgorithmsCert { + b.AddUint16(uint16(sigAlgo)) + } + }) + }) } - m.extendedRandom = make([]byte, exRandLen) - copy(m.extendedRandom, data[2:]) - case extensionExtendedMasterSecret: - if length != 0 { - return false + if len(m.certificateAuthorities) > 0 { + b.AddUint16(extensionCertificateAuthorities) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, ca := range m.certificateAuthorities { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(ca) + }) + } + }) + }) } - m.extendedMasterSecret = true + }) + }) + + m.raw = b.BytesOrPanic() + return m.raw +} +func (m *certificateRequestMsgTLS13) unmarshal(data []byte) bool { + *m = certificateRequestMsgTLS13{raw: data} + s := cryptobyte.String(data) + + var context, extensions cryptobyte.String + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint8LengthPrefixed(&context) || !context.Empty() || + !s.ReadUint16LengthPrefixed(&extensions) || + !s.Empty() { + return false + } + + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { + return false + } + + switch extension { + case extensionStatusRequest: + m.ocspStapling = true case extensionSCT: - d := data[:length] - if len(d) < 2 { + m.scts = true + case extensionSignatureAlgorithms: + var sigAndAlgs cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() { return false } - l := int(d[0])<<8 | int(d[1]) - d = d[2:] - if len(d) != l || l == 0 { + for !sigAndAlgs.Empty() { + var sigAndAlg uint16 + if !sigAndAlgs.ReadUint16(&sigAndAlg) { + return false + } + m.supportedSignatureAlgorithms = append( + m.supportedSignatureAlgorithms, SignatureScheme(sigAndAlg)) + } + case extensionSignatureAlgorithmsCert: + var sigAndAlgs cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() { return false } - m.scts = make([][]byte, 0, 3) - for len(d) != 0 { - if len(d) < 2 { + for !sigAndAlgs.Empty() { + var sigAndAlg uint16 + if !sigAndAlgs.ReadUint16(&sigAndAlg) { return false } - sctLen := int(d[0])<<8 | int(d[1]) - d = d[2:] - if sctLen == 0 || len(d) < sctLen { + m.supportedSignatureAlgorithmsCert = append( + m.supportedSignatureAlgorithmsCert, SignatureScheme(sigAndAlg)) + } + case extensionCertificateAuthorities: + var auths cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&auths) || auths.Empty() { + return false + } + for !auths.Empty() { + var ca []byte + if !readUint16LengthPrefixed(&auths, &ca) || len(ca) == 0 { return false } - m.scts = append(m.scts, d[:sctLen]) - d = d[sctLen:] + m.certificateAuthorities = append(m.certificateAuthorities, ca) } default: - fullExt := append(fullData[:4], data[:length]...) - m.unknownExtensions = append(m.unknownExtensions, fullExt) + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false } - data = data[length:] } return true @@ -985,16 +1205,6 @@ type certificateMsg struct { certificates [][]byte } -func (m *certificateMsg) equal(i interface{}) bool { - m1, ok := i.(*certificateMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - eqByteSlices(m.certificates, m1.certificates) -} - func (m *certificateMsg) marshal() (x []byte) { if m.raw != nil { return m.raw @@ -1067,20 +1277,155 @@ func (m *certificateMsg) unmarshal(data []byte) bool { return true } -type serverKeyExchangeMsg struct { - raw []byte - digest []byte - key []byte +type certificateMsgTLS13 struct { + raw []byte + certificate Certificate + ocspStapling bool + scts bool +} + +func (m *certificateMsgTLS13) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var b cryptobyte.Builder + b.AddUint8(typeCertificate) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8(0) // certificate_request_context + + certificate := m.certificate + if !m.ocspStapling { + certificate.OCSPStaple = nil + } + if !m.scts { + certificate.SignedCertificateTimestamps = nil + } + marshalCertificate(b, certificate) + }) + + m.raw = b.BytesOrPanic() + return m.raw +} + +func marshalCertificate(b *cryptobyte.Builder, certificate Certificate) { + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + for i, cert := range certificate.Certificate { + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(cert) + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + if i > 0 { + // This library only supports OCSP and SCT for leaf certificates. + return + } + if certificate.OCSPStaple != nil { + b.AddUint16(extensionStatusRequest) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8(statusTypeOCSP) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(certificate.OCSPStaple) + }) + }) + } + if certificate.SignedCertificateTimestamps != nil { + b.AddUint16(extensionSCT) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, sct := range certificate.SignedCertificateTimestamps { + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(sct) + }) + } + }) + }) + } + }) + } + }) +} + +func (m *certificateMsgTLS13) unmarshal(data []byte) bool { + *m = certificateMsgTLS13{raw: data} + s := cryptobyte.String(data) + + var context cryptobyte.String + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint8LengthPrefixed(&context) || !context.Empty() || + !unmarshalCertificate(&s, &m.certificate) || + !s.Empty() { + return false + } + + m.scts = m.certificate.SignedCertificateTimestamps != nil + m.ocspStapling = m.certificate.OCSPStaple != nil + + return true } -func (m *serverKeyExchangeMsg) equal(i interface{}) bool { - m1, ok := i.(*serverKeyExchangeMsg) - if !ok { +func unmarshalCertificate(s *cryptobyte.String, certificate *Certificate) bool { + var certList cryptobyte.String + if !s.ReadUint24LengthPrefixed(&certList) { return false } + for !certList.Empty() { + var cert []byte + var extensions cryptobyte.String + if !readUint24LengthPrefixed(&certList, &cert) || + !certList.ReadUint16LengthPrefixed(&extensions) { + return false + } + certificate.Certificate = append(certificate.Certificate, cert) + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { + return false + } + if len(certificate.Certificate) > 1 { + // This library only supports OCSP and SCT for leaf certificates. + continue + } + + switch extension { + case extensionStatusRequest: + var statusType uint8 + if !extData.ReadUint8(&statusType) || statusType != statusTypeOCSP || + !readUint24LengthPrefixed(&extData, &certificate.OCSPStaple) || + len(certificate.OCSPStaple) == 0 { + return false + } + case extensionSCT: + var sctList cryptobyte.String + if !extData.ReadUint16LengthPrefixed(&sctList) || sctList.Empty() { + return false + } + for !sctList.Empty() { + var sct []byte + if !readUint16LengthPrefixed(&sctList, &sct) || + len(sct) == 0 { + return false + } + certificate.SignedCertificateTimestamps = append( + certificate.SignedCertificateTimestamps, sct) + } + default: + // Ignore unknown extensions. + continue + } + + if !extData.Empty() { + return false + } + } + } + return true +} - return bytes.Equal(m.raw, m1.raw) && - bytes.Equal(m.key, m1.key) +type serverKeyExchangeMsg struct { + raw []byte + key []byte } func (m *serverKeyExchangeMsg) marshal() []byte { @@ -1109,20 +1454,8 @@ func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool { } type certificateStatusMsg struct { - raw []byte - statusType uint8 - response []byte -} - -func (m *certificateStatusMsg) equal(i interface{}) bool { - m1, ok := i.(*certificateStatusMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - m.statusType == m1.statusType && - bytes.Equal(m.response, m1.response) + raw []byte + response []byte } func (m *certificateStatusMsg) marshal() []byte { @@ -1130,57 +1463,35 @@ func (m *certificateStatusMsg) marshal() []byte { return m.raw } - var x []byte - if m.statusType == statusTypeOCSP { - x = make([]byte, 4+4+len(m.response)) - x[0] = typeCertificateStatus - l := len(m.response) + 4 - x[1] = byte(l >> 16) - x[2] = byte(l >> 8) - x[3] = byte(l) - x[4] = statusTypeOCSP + var b cryptobyte.Builder + b.AddUint8(typeCertificateStatus) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddUint8(statusTypeOCSP) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.response) + }) + }) - l -= 4 - x[5] = byte(l >> 16) - x[6] = byte(l >> 8) - x[7] = byte(l) - copy(x[8:], m.response) - } else { - x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType} - } - - m.raw = x - return x + m.raw = b.BytesOrPanic() + return m.raw } func (m *certificateStatusMsg) unmarshal(data []byte) bool { m.raw = data - if len(data) < 5 { - return false - } - m.statusType = data[4] + s := cryptobyte.String(data) - m.response = nil - if m.statusType == statusTypeOCSP { - if len(data) < 8 { - return false - } - respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7]) - if uint32(len(data)) != 4+4+respLen { - return false - } - m.response = data[8:] + var statusType uint8 + if !s.Skip(4) || // message type and uint24 length field + !s.ReadUint8(&statusType) || statusType != statusTypeOCSP || + !readUint24LengthPrefixed(&s, &m.response) || + len(m.response) == 0 || !s.Empty() { + return false } return true } type serverHelloDoneMsg struct{} -func (m *serverHelloDoneMsg) equal(i interface{}) bool { - _, ok := i.(*serverHelloDoneMsg) - return ok -} - func (m *serverHelloDoneMsg) marshal() []byte { x := make([]byte, 4) x[0] = typeServerHelloDone @@ -1196,16 +1507,6 @@ type clientKeyExchangeMsg struct { ciphertext []byte } -func (m *clientKeyExchangeMsg) equal(i interface{}) bool { - m1, ok := i.(*clientKeyExchangeMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - bytes.Equal(m.ciphertext, m1.ciphertext) -} - func (m *clientKeyExchangeMsg) marshal() []byte { if m.raw != nil { return m.raw @@ -1240,130 +1541,38 @@ type finishedMsg struct { verifyData []byte } -func (m *finishedMsg) equal(i interface{}) bool { - m1, ok := i.(*finishedMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - bytes.Equal(m.verifyData, m1.verifyData) -} - -func (m *finishedMsg) marshal() (x []byte) { - if m.raw != nil { - return m.raw - } - - x = make([]byte, 4+len(m.verifyData)) - x[0] = typeFinished - x[3] = byte(len(m.verifyData)) - copy(x[4:], m.verifyData) - m.raw = x - return -} - -func (m *finishedMsg) unmarshal(data []byte) bool { - m.raw = data - if len(data) < 4 { - return false - } - m.verifyData = data[4:] - return true -} - -type nextProtoMsg struct { - raw []byte - proto string -} - -func (m *nextProtoMsg) equal(i interface{}) bool { - m1, ok := i.(*nextProtoMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - m.proto == m1.proto -} - -func (m *nextProtoMsg) marshal() []byte { +func (m *finishedMsg) marshal() []byte { if m.raw != nil { return m.raw } - l := len(m.proto) - if l > 255 { - l = 255 - } - padding := 32 - (l+2)%32 - length := l + padding + 2 - x := make([]byte, length+4) - x[0] = typeNextProtocol - x[1] = uint8(length >> 16) - x[2] = uint8(length >> 8) - x[3] = uint8(length) + var b cryptobyte.Builder + b.AddUint8(typeFinished) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.verifyData) + }) - y := x[4:] - y[0] = byte(l) - copy(y[1:], []byte(m.proto[0:l])) - y = y[1+l:] - y[0] = byte(padding) - - m.raw = x - - return x + m.raw = b.BytesOrPanic() + return m.raw } -func (m *nextProtoMsg) unmarshal(data []byte) bool { +func (m *finishedMsg) unmarshal(data []byte) bool { m.raw = data - - if len(data) < 5 { - return false - } - data = data[4:] - protoLen := int(data[0]) - data = data[1:] - if len(data) < protoLen { - return false - } - m.proto = string(data[0:protoLen]) - data = data[protoLen:] - - if len(data) < 1 { - return false - } - paddingLen := int(data[0]) - data = data[1:] - if len(data) != paddingLen { - return false - } - - return true + s := cryptobyte.String(data) + return s.Skip(1) && + readUint24LengthPrefixed(&s, &m.verifyData) && + s.Empty() } type certificateRequestMsg struct { raw []byte - // hasSignatureAndHash indicates whether this message includes a list - // of signature and hash functions. This change was introduced with TLS - // 1.2. - hasSignatureAndHash bool - - certificateTypes []byte - signatureAndHashes []SigAndHash - certificateAuthorities [][]byte -} - -func (m *certificateRequestMsg) equal(i interface{}) bool { - m1, ok := i.(*certificateRequestMsg) - if !ok { - return false - } + // hasSignatureAlgorithm indicates whether this message includes a list of + // supported signature algorithms. This change was introduced with TLS 1.2. + hasSignatureAlgorithm bool - return bytes.Equal(m.raw, m1.raw) && - bytes.Equal(m.certificateTypes, m1.certificateTypes) && - eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) && - eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) + certificateTypes []byte + supportedSignatureAlgorithms []SignatureScheme + certificateAuthorities [][]byte } func (m *certificateRequestMsg) marshal() (x []byte) { @@ -1371,7 +1580,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) { return m.raw } - // See http://tools.ietf.org/html/rfc4346#section-7.4.4 + // See RFC 4346, Section 7.4.4. length := 1 + len(m.certificateTypes) + 2 casLength := 0 for _, ca := range m.certificateAuthorities { @@ -1379,8 +1588,8 @@ func (m *certificateRequestMsg) marshal() (x []byte) { } length += casLength - if m.hasSignatureAndHash { - length += 2 + 2*len(m.signatureAndHashes) + if m.hasSignatureAlgorithm { + length += 2 + 2*len(m.supportedSignatureAlgorithms) } x = make([]byte, 4+length) @@ -1394,14 +1603,14 @@ func (m *certificateRequestMsg) marshal() (x []byte) { copy(x[5:], m.certificateTypes) y := x[5+len(m.certificateTypes):] - if m.hasSignatureAndHash { - n := len(m.signatureAndHashes) * 2 + if m.hasSignatureAlgorithm { + n := len(m.supportedSignatureAlgorithms) * 2 y[0] = uint8(n >> 8) y[1] = uint8(n) y = y[2:] - for _, sigAndHash := range m.signatureAndHashes { - y[0] = sigAndHash.Hash - y[1] = sigAndHash.Signature + for _, sigAlgo := range m.supportedSignatureAlgorithms { + y[0] = uint8(sigAlgo >> 8) + y[1] = uint8(sigAlgo) y = y[2:] } } @@ -1446,7 +1655,7 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool { data = data[numCertTypes:] - if m.hasSignatureAndHash { + if m.hasSignatureAlgorithm { if len(data) < 2 { return false } @@ -1458,11 +1667,10 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool { if len(data) < int(sigAndHashLen) { return false } - numSigAndHash := sigAndHashLen / 2 - m.signatureAndHashes = make([]SigAndHash, numSigAndHash) - for i := range m.signatureAndHashes { - m.signatureAndHashes[i].Hash = data[0] - m.signatureAndHashes[i].Signature = data[1] + numSigAlgos := sigAndHashLen / 2 + m.supportedSignatureAlgorithms = make([]SignatureScheme, numSigAlgos) + for i := range m.supportedSignatureAlgorithms { + m.supportedSignatureAlgorithms[i] = SignatureScheme(data[0])<<8 | SignatureScheme(data[1]) data = data[2:] } } @@ -1494,31 +1702,15 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool { m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen]) cas = cas[caLen:] } - if len(data) > 0 { - return false - } - return true + return len(data) == 0 } type certificateVerifyMsg struct { - raw []byte - hasSignatureAndHash bool - signatureAndHash SigAndHash - signature []byte -} - -func (m *certificateVerifyMsg) equal(i interface{}) bool { - m1, ok := i.(*certificateVerifyMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - m.hasSignatureAndHash == m1.hasSignatureAndHash && - m.signatureAndHash.Hash == m1.signatureAndHash.Hash && - m.signatureAndHash.Signature == m1.signatureAndHash.Signature && - bytes.Equal(m.signature, m1.signature) + raw []byte + hasSignatureAlgorithm bool // format change introduced in TLS 1.2 + signatureAlgorithm SignatureScheme + signature []byte } func (m *certificateVerifyMsg) marshal() (x []byte) { @@ -1526,79 +1718,39 @@ func (m *certificateVerifyMsg) marshal() (x []byte) { return m.raw } - // See http://tools.ietf.org/html/rfc4346#section-7.4.8 - siglength := len(m.signature) - length := 2 + siglength - if m.hasSignatureAndHash { - length += 2 - } - x = make([]byte, 4+length) - x[0] = typeCertificateVerify - x[1] = uint8(length >> 16) - x[2] = uint8(length >> 8) - x[3] = uint8(length) - y := x[4:] - if m.hasSignatureAndHash { - y[0] = m.signatureAndHash.Hash - y[1] = m.signatureAndHash.Signature - y = y[2:] - } - y[0] = uint8(siglength >> 8) - y[1] = uint8(siglength) - copy(y[2:], m.signature) - - m.raw = x + var b cryptobyte.Builder + b.AddUint8(typeCertificateVerify) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + if m.hasSignatureAlgorithm { + b.AddUint16(uint16(m.signatureAlgorithm)) + } + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.signature) + }) + }) - return + m.raw = b.BytesOrPanic() + return m.raw } func (m *certificateVerifyMsg) unmarshal(data []byte) bool { m.raw = data + s := cryptobyte.String(data) - if len(data) < 6 { - return false - } - - length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) - if uint32(len(data))-4 != length { - return false - } - - data = data[4:] - if m.hasSignatureAndHash { - m.signatureAndHash.Hash = data[0] - m.signatureAndHash.Signature = data[1] - data = data[2:] - } - - if len(data) < 2 { + if !s.Skip(4) { // message type and uint24 length field return false } - siglength := int(data[0])<<8 + int(data[1]) - data = data[2:] - if len(data) != siglength { - return false + if m.hasSignatureAlgorithm { + if !s.ReadUint16((*uint16)(&m.signatureAlgorithm)) { + return false + } } - - m.signature = data - - return true + return readUint16LengthPrefixed(&s, &m.signature) && s.Empty() } type newSessionTicketMsg struct { - raw []byte - ticket []byte - lifetimeHint uint32 -} - -func (m *newSessionTicketMsg) equal(i interface{}) bool { - m1, ok := i.(*newSessionTicketMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - bytes.Equal(m.ticket, m1.ticket) + raw []byte + ticket []byte } func (m *newSessionTicketMsg) marshal() (x []byte) { @@ -1606,7 +1758,7 @@ func (m *newSessionTicketMsg) marshal() (x []byte) { return m.raw } - // See http://tools.ietf.org/html/rfc5077#section-3.3 + // See RFC 5077, Section 3.3. ticketLen := len(m.ticket) length := 2 + 4 + ticketLen x = make([]byte, 4+length) @@ -1640,7 +1792,6 @@ func (m *newSessionTicketMsg) unmarshal(data []byte) bool { return false } - m.lifetimeHint = uint32(data[4])<<24 | uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7]) m.ticket = data[10:] return true @@ -1656,64 +1807,3 @@ func (*helloRequestMsg) marshal() []byte { func (*helloRequestMsg) unmarshal(data []byte) bool { return len(data) == 4 } - -func eqUint16s(x, y []uint16) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqCurveIDs(x, y []CurveID) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqStrings(x, y []string) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqByteSlices(x, y [][]byte) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if !bytes.Equal(v, y[i]) { - return false - } - } - return true -} - -func eqSignatureAndHashes(x, y []SigAndHash) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - v2 := y[i] - if v.Hash != v2.Hash || v.Signature != v2.Signature { - return false - } - } - return true -} diff --git a/tls/handshake_messages_test.go b/tls/handshake_messages_test.go index a96e95c3..bb8aea86 100644 --- a/tls/handshake_messages_test.go +++ b/tls/handshake_messages_test.go @@ -5,10 +5,13 @@ package tls import ( + "bytes" "math/rand" "reflect" + "strings" "testing" "testing/quick" + "time" ) var tests = []interface{}{ @@ -18,22 +21,24 @@ var tests = []interface{}{ &certificateMsg{}, &certificateRequestMsg{}, - &certificateVerifyMsg{}, + &certificateVerifyMsg{ + hasSignatureAlgorithm: true, + }, &certificateStatusMsg{}, &clientKeyExchangeMsg{}, - &nextProtoMsg{}, &newSessionTicketMsg{}, &sessionState{}, -} - -type testMessage interface { - marshal() []byte - unmarshal([]byte) bool - equal(interface{}) bool + &sessionStateTLS13{}, + &encryptedExtensionsMsg{}, + &endOfEarlyDataMsg{}, + &keyUpdateMsg{}, + &newSessionTicketMsgTLS13{}, + &certificateRequestMsgTLS13{}, + &certificateMsgTLS13{}, } func TestMarshalUnmarshal(t *testing.T) { - rand := rand.New(rand.NewSource(0)) + rand := rand.New(rand.NewSource(time.Now().UnixNano())) for i, iface := range tests { ty := reflect.ValueOf(iface).Type() @@ -49,16 +54,16 @@ func TestMarshalUnmarshal(t *testing.T) { break } - m1 := v.Interface().(testMessage) + m1 := v.Interface().(handshakeMessage) marshaled := m1.marshal() - m2 := iface.(testMessage) + m2 := iface.(handshakeMessage) if !m2.unmarshal(marshaled) { t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled) break } m2.marshal() // to fill any marshal cache in the message - if !m1.equal(m2) { + if !reflect.DeepEqual(m1, m2) { t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled) break } @@ -83,7 +88,7 @@ func TestMarshalUnmarshal(t *testing.T) { func TestFuzz(t *testing.T) { rand := rand.New(rand.NewSource(0)) for _, iface := range tests { - m := iface.(testMessage) + m := iface.(handshakeMessage) for j := 0; j < 1000; j++ { len := rand.Intn(100) @@ -96,8 +101,8 @@ func TestFuzz(t *testing.T) { func randomBytes(n int, rand *rand.Rand) []byte { r := make([]byte, n) - for i := 0; i < n; i++ { - r[i] = byte(rand.Int31()) + if _, err := rand.Read(r); err != nil { + panic("rand.Read failed: " + err.Error()) } return r } @@ -114,33 +119,76 @@ func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value { m.sessionId = randomBytes(rand.Intn(32), rand) m.cipherSuites = make([]uint16, rand.Intn(63)+1) for i := 0; i < len(m.cipherSuites); i++ { - m.cipherSuites[i] = uint16(rand.Int31()) + cs := uint16(rand.Int31()) + if cs == scsvRenegotiation { + cs += 1 + } + m.cipherSuites[i] = cs } m.compressionMethods = randomBytes(rand.Intn(63)+1, rand) - if rand.Intn(10) > 5 { - m.nextProtoNeg = true - } if rand.Intn(10) > 5 { m.serverName = randomString(rand.Intn(255), rand) + for strings.HasSuffix(m.serverName, ".") { + m.serverName = m.serverName[:len(m.serverName)-1] + } } m.ocspStapling = rand.Intn(10) > 5 m.supportedPoints = randomBytes(rand.Intn(5)+1, rand) m.supportedCurves = make([]CurveID, rand.Intn(5)+1) for i := range m.supportedCurves { - m.supportedCurves[i] = CurveID(rand.Intn(30000)) + m.supportedCurves[i] = CurveID(rand.Intn(30000) + 1) } if rand.Intn(10) > 5 { m.ticketSupported = true if rand.Intn(10) > 5 { m.sessionTicket = randomBytes(rand.Intn(300), rand) + } else { + m.sessionTicket = make([]byte, 0) } } if rand.Intn(10) > 5 { - m.signatureAndHashes = supportedSKXSignatureAlgorithms + m.supportedSignatureAlgorithms = supportedSignatureAlgorithms + } + if rand.Intn(10) > 5 { + m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms + } + for i := 0; i < rand.Intn(5); i++ { + m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand)) + } + if rand.Intn(10) > 5 { + m.scts = true + } + if rand.Intn(10) > 5 { + m.secureRenegotiationSupported = true + m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand) + } + for i := 0; i < rand.Intn(5); i++ { + m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1)) + } + if rand.Intn(10) > 5 { + m.cookie = randomBytes(rand.Intn(500)+1, rand) + } + for i := 0; i < rand.Intn(5); i++ { + var ks keyShare + ks.group = CurveID(rand.Intn(30000) + 1) + ks.data = randomBytes(rand.Intn(200)+1, rand) + m.keyShares = append(m.keyShares, ks) + } + switch rand.Intn(3) { + case 1: + m.pskModes = []uint8{pskModeDHE} + case 2: + m.pskModes = []uint8{pskModeDHE, pskModePlain} } - m.alpnProtocols = make([]string, rand.Intn(5)) - for i := range m.alpnProtocols { - m.alpnProtocols[i] = randomString(rand.Intn(20)+1, rand) + for i := 0; i < rand.Intn(5); i++ { + var psk pskIdentity + psk.obfuscatedTicketAge = uint32(rand.Intn(500000)) + psk.label = randomBytes(rand.Intn(500)+1, rand) + m.pskIdentities = append(m.pskIdentities, psk) + m.pskBinders = append(m.pskBinders, randomBytes(rand.Intn(50)+32, rand)) + } + if rand.Intn(10) > 5 { + m.earlyData = true } return reflect.ValueOf(m) @@ -153,24 +201,54 @@ func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value { m.sessionId = randomBytes(rand.Intn(32), rand) m.cipherSuite = uint16(rand.Int31()) m.compressionMethod = uint8(rand.Intn(256)) + m.supportedPoints = randomBytes(rand.Intn(5)+1, rand) if rand.Intn(10) > 5 { - m.nextProtoNeg = true + m.ocspStapling = true + } + if rand.Intn(10) > 5 { + m.ticketSupported = true + } + if rand.Intn(10) > 5 { + m.alpnProtocol = randomString(rand.Intn(32)+1, rand) + } - n := rand.Intn(10) - m.nextProtos = make([]string, n) - for i := 0; i < n; i++ { - m.nextProtos[i] = randomString(20, rand) - } + for i := 0; i < rand.Intn(4); i++ { + m.scts = append(m.scts, randomBytes(rand.Intn(500)+1, rand)) } if rand.Intn(10) > 5 { - m.ocspStapling = true + m.secureRenegotiationSupported = true + m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand) } if rand.Intn(10) > 5 { - m.ticketSupported = true + m.supportedVersion = uint16(rand.Intn(0xffff) + 1) + } + if rand.Intn(10) > 5 { + m.cookie = randomBytes(rand.Intn(500)+1, rand) + } + if rand.Intn(10) > 5 { + for i := 0; i < rand.Intn(5); i++ { + m.serverShare.group = CurveID(rand.Intn(30000) + 1) + m.serverShare.data = randomBytes(rand.Intn(200)+1, rand) + } + } else if rand.Intn(10) > 5 { + m.selectedGroup = CurveID(rand.Intn(30000) + 1) + } + if rand.Intn(10) > 5 { + m.selectedIdentityPresent = true + m.selectedIdentity = uint16(rand.Intn(0xffff)) + } + + return reflect.ValueOf(m) +} + +func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &encryptedExtensionsMsg{} + + if rand.Intn(10) > 5 { + m.alpnProtocol = randomString(rand.Intn(32)+1, rand) } - m.alpnProtocol = randomString(rand.Intn(32)+1, rand) return reflect.ValueOf(m) } @@ -188,28 +266,23 @@ func (*certificateMsg) Generate(rand *rand.Rand, size int) reflect.Value { func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value { m := &certificateRequestMsg{} m.certificateTypes = randomBytes(rand.Intn(5)+1, rand) - numCAs := rand.Intn(100) - m.certificateAuthorities = make([][]byte, numCAs) - for i := 0; i < numCAs; i++ { - m.certificateAuthorities[i] = randomBytes(rand.Intn(15)+1, rand) + for i := 0; i < rand.Intn(100); i++ { + m.certificateAuthorities = append(m.certificateAuthorities, randomBytes(rand.Intn(15)+1, rand)) } return reflect.ValueOf(m) } func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value { m := &certificateVerifyMsg{} + m.hasSignatureAlgorithm = true + m.signatureAlgorithm = SignatureScheme(rand.Intn(30000)) m.signature = randomBytes(rand.Intn(15)+1, rand) return reflect.ValueOf(m) } func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value { m := &certificateStatusMsg{} - if rand.Intn(10) > 5 { - m.statusType = statusTypeOCSP - m.response = randomBytes(rand.Intn(10)+1, rand) - } else { - m.statusType = 42 - } + m.response = randomBytes(rand.Intn(10)+1, rand) return reflect.ValueOf(m) } @@ -225,12 +298,6 @@ func (*finishedMsg) Generate(rand *rand.Rand, size int) reflect.Value { return reflect.ValueOf(m) } -func (*nextProtoMsg) Generate(rand *rand.Rand, size int) reflect.Value { - m := &nextProtoMsg{} - m.proto = randomString(rand.Intn(255), rand) - return reflect.ValueOf(m) -} - func (*newSessionTicketMsg) Generate(rand *rand.Rand, size int) reflect.Value { m := &newSessionTicketMsg{} m.ticket = randomBytes(rand.Intn(4), rand) @@ -241,11 +308,158 @@ func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value { s := &sessionState{} s.vers = uint16(rand.Intn(10000)) s.cipherSuite = uint16(rand.Intn(10000)) - s.masterSecret = randomBytes(rand.Intn(100), rand) - numCerts := rand.Intn(20) - s.certificates = make([][]byte, numCerts) - for i := 0; i < numCerts; i++ { - s.certificates[i] = randomBytes(rand.Intn(10)+1, rand) + s.masterSecret = randomBytes(rand.Intn(100)+1, rand) + s.createdAt = uint64(rand.Int63()) + for i := 0; i < rand.Intn(20); i++ { + s.certificates = append(s.certificates, randomBytes(rand.Intn(500)+1, rand)) + } + return reflect.ValueOf(s) +} + +func (*sessionStateTLS13) Generate(rand *rand.Rand, size int) reflect.Value { + s := &sessionStateTLS13{} + s.cipherSuite = uint16(rand.Intn(10000)) + s.resumptionSecret = randomBytes(rand.Intn(100)+1, rand) + s.createdAt = uint64(rand.Int63()) + for i := 0; i < rand.Intn(2)+1; i++ { + s.certificate.Certificate = append( + s.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand)) + } + if rand.Intn(10) > 5 { + s.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand) + } + if rand.Intn(10) > 5 { + for i := 0; i < rand.Intn(2)+1; i++ { + s.certificate.SignedCertificateTimestamps = append( + s.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand)) + } } return reflect.ValueOf(s) } + +func (*endOfEarlyDataMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &endOfEarlyDataMsg{} + return reflect.ValueOf(m) +} + +func (*keyUpdateMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &keyUpdateMsg{} + m.updateRequested = rand.Intn(10) > 5 + return reflect.ValueOf(m) +} + +func (*newSessionTicketMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value { + m := &newSessionTicketMsgTLS13{} + m.lifetime = uint32(rand.Intn(500000)) + m.ageAdd = uint32(rand.Intn(500000)) + m.nonce = randomBytes(rand.Intn(100), rand) + m.label = randomBytes(rand.Intn(1000), rand) + if rand.Intn(10) > 5 { + m.maxEarlyData = uint32(rand.Intn(500000)) + } + return reflect.ValueOf(m) +} + +func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateRequestMsgTLS13{} + if rand.Intn(10) > 5 { + m.ocspStapling = true + } + if rand.Intn(10) > 5 { + m.scts = true + } + if rand.Intn(10) > 5 { + m.supportedSignatureAlgorithms = supportedSignatureAlgorithms + } + if rand.Intn(10) > 5 { + m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms + } + if rand.Intn(10) > 5 { + m.certificateAuthorities = make([][]byte, 3) + for i := 0; i < 3; i++ { + m.certificateAuthorities[i] = randomBytes(rand.Intn(10)+1, rand) + } + } + return reflect.ValueOf(m) +} + +func (*certificateMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateMsgTLS13{} + for i := 0; i < rand.Intn(2)+1; i++ { + m.certificate.Certificate = append( + m.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand)) + } + if rand.Intn(10) > 5 { + m.ocspStapling = true + m.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand) + } + if rand.Intn(10) > 5 { + m.scts = true + for i := 0; i < rand.Intn(2)+1; i++ { + m.certificate.SignedCertificateTimestamps = append( + m.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand)) + } + } + return reflect.ValueOf(m) +} + +func TestRejectEmptySCTList(t *testing.T) { + // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid. + + var random [32]byte + sct := []byte{0x42, 0x42, 0x42, 0x42} + serverHello := serverHelloMsg{ + vers: VersionTLS12, + random: random[:], + scts: [][]byte{sct}, + } + serverHelloBytes := serverHello.marshal() + + var serverHelloCopy serverHelloMsg + if !serverHelloCopy.unmarshal(serverHelloBytes) { + t.Fatal("Failed to unmarshal initial message") + } + + // Change serverHelloBytes so that the SCT list is empty + i := bytes.Index(serverHelloBytes, sct) + if i < 0 { + t.Fatal("Cannot find SCT in ServerHello") + } + + var serverHelloEmptySCT []byte + serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[:i-6]...) + // Append the extension length and SCT list length for an empty list. + serverHelloEmptySCT = append(serverHelloEmptySCT, []byte{0, 2, 0, 0}...) + serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[i+4:]...) + + // Update the handshake message length. + serverHelloEmptySCT[1] = byte((len(serverHelloEmptySCT) - 4) >> 16) + serverHelloEmptySCT[2] = byte((len(serverHelloEmptySCT) - 4) >> 8) + serverHelloEmptySCT[3] = byte(len(serverHelloEmptySCT) - 4) + + // Update the extensions length + serverHelloEmptySCT[42] = byte((len(serverHelloEmptySCT) - 44) >> 8) + serverHelloEmptySCT[43] = byte((len(serverHelloEmptySCT) - 44)) + + if serverHelloCopy.unmarshal(serverHelloEmptySCT) { + t.Fatal("Unmarshaled ServerHello with empty SCT list") + } +} + +func TestRejectEmptySCT(t *testing.T) { + // Not only must the SCT list be non-empty, but the SCT elements must + // not be zero length. + + var random [32]byte + serverHello := serverHelloMsg{ + vers: VersionTLS12, + random: random[:], + scts: [][]byte{nil}, + } + serverHelloBytes := serverHello.marshal() + + var serverHelloCopy serverHelloMsg + if serverHelloCopy.unmarshal(serverHelloBytes) { + t.Fatal("Unmarshaled ServerHello with zero-length SCT") + } +} diff --git a/tls/handshake_server.go b/tls/handshake_server.go index a97532f4..40ad3230 100644 --- a/tls/handshake_server.go +++ b/tls/handshake_server.go @@ -7,12 +7,15 @@ package tls import ( "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "crypto/subtle" - "encoding/asn1" "errors" "fmt" + "hash" "io" + "sync/atomic" + "time" "github.com/zmap/zcrypto/x509" ) @@ -20,78 +23,94 @@ import ( // serverHandshakeState contains details of a server handshake in progress. // It's discarded once the handshake has completed. type serverHandshakeState struct { - c *Conn - clientHello *clientHelloMsg - hello *serverHelloMsg - suite *cipherSuite - ellipticOk bool - ecdsaOk bool - sessionState *sessionState - finishedHash finishedHash - masterSecret []byte - certsFromClient [][]byte - cert *Certificate - preMasterSecret []byte - cachedClientHelloInfo *ClientHelloInfo + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + suite *cipherSuite + ecdheOk bool + ecSignOk bool + rsaDecryptOk bool + rsaSignOk bool + sessionState *sessionState + finishedHash finishedHash + masterSecret []byte + cert *Certificate } // serverHandshake performs a TLS handshake as a server. func (c *Conn) serverHandshake() error { - // If this is the first server handshake, we generate a random key to - // encrypt the tickets with. - c.config.serverInitOnce.Do(c.config.serverInit) + clientHello, err := c.readClientHello() + if err != nil { + return err + } + + if c.vers == VersionTLS13 { + hs := serverHandshakeStateTLS13{ + c: c, + clientHello: clientHello, + } + return hs.handshake() + } hs := serverHandshakeState{ - c: c, + c: c, + clientHello: clientHello, } - isResume, err := hs.readClientHello() - if err != nil { + return hs.handshake() +} + +func (hs *serverHandshakeState) handshake() error { + c := hs.c + + if err := hs.processClientHello(); err != nil { return err } - // For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3 - if !c.config.DontBufferHandshakes { - c.buffering = true - defer c.flush() - } - if isResume { + // For an overview of TLS handshaking, see RFC 5246, Section 7.3. + c.buffering = true + if hs.checkForResumption() { // The client has included a session ticket and so we do an abbreviated handshake. + c.didResume = true if err := hs.doResumeHandshake(); err != nil { return err } if err := hs.establishKeys(); err != nil { return err } - if err := hs.sendFinished(); err != nil { + if err := hs.sendSessionTicket(); err != nil { + return err + } + if err := hs.sendFinished(c.serverFinished[:]); err != nil { return err } if _, err := c.flush(); err != nil { return err } - if err := hs.readFinished(); err != nil { + c.clientFinishedIsFirst = false + if err := hs.readFinished(nil); err != nil { return err } - c.didResume = true } else { // The client didn't include a session ticket, or it wasn't // valid so we do a full handshake. + if err := hs.pickCipherSuite(); err != nil { + return err + } if err := hs.doFullHandshake(); err != nil { return err } if err := hs.establishKeys(); err != nil { return err } - if err := hs.readFinished(); err != nil { + if err := hs.readFinished(c.clientFinished[:]); err != nil { return err } - if !c.config.DontBufferHandshakes { - c.buffering = true - defer c.flush() - } + c.clientFinishedIsFirst = true + c.buffering = true if err := hs.sendSessionTicket(); err != nil { return err } - if err := hs.sendFinished(); err != nil { + if err := hs.sendFinished(nil); err != nil { return err } if _, err := c.flush(); err != nil { @@ -99,79 +118,58 @@ func (c *Conn) serverHandshake() error { } } - c.handshakeLog.KeyMaterial = hs.MakeLog() - - c.handshakeComplete = true + c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) + atomic.StoreUint32(&c.handshakeStatus, 1) return nil } -// readClientHello reads a ClientHello message from the client and decides -// whether we will perform session resumption. -func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { - c := hs.c - c.handshakeLog = new(ServerHandshake) - +// readClientHello reads a ClientHello message and selects the protocol version. +func (c *Conn) readClientHello() (*clientHelloMsg, error) { msg, err := c.readHandshake() if err != nil { - return false, err + return nil, err } - var ok bool - hs.clientHello, ok = msg.(*clientHelloMsg) + clientHello, ok := msg.(*clientHelloMsg) if !ok { c.sendAlert(alertUnexpectedMessage) - return false, unexpectedMessageError(hs.clientHello, msg) + return nil, unexpectedMessageError(clientHello, msg) } - c.clientHelloRaw = hs.clientHello.raw - c.clientCiphers = hs.clientHello.cipherSuites - c.handshakeLog.ClientHello = hs.clientHello.MakeLog() + var configForClient *Config + originalConfig := c.config if c.config.GetConfigForClient != nil { - if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil { + chi := clientHelloInfo(c, clientHello) + if configForClient, err = c.config.GetConfigForClient(chi); err != nil { c.sendAlert(alertInternalError) - return false, err - } else if newConfig != nil { - newConfig.mutex.Lock() - newConfig.originalConfig = c.config - newConfig.mutex.Unlock() - - newConfig.serverInitOnce.Do(newConfig.serverInit) - c.config = newConfig + return nil, err + } else if configForClient != nil { + c.config = configForClient } } + c.ticketKeys = originalConfig.ticketKeys(configForClient) - c.vers, ok = c.config.mutualVersion(hs.clientHello.vers) + clientVersions := clientHello.supportedVersions + if len(clientHello.supportedVersions) == 0 { + clientVersions = supportedVersionsFromMax(clientHello.vers) + } + c.vers, ok = c.config.mutualVersion(clientVersions) if !ok { c.sendAlert(alertProtocolVersion) - return false, fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.vers) + return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions) } c.haveVers = true + c.in.version = c.vers + c.out.version = c.vers - hs.finishedHash = newFinishedHash(c.vers, hs.suite) - hs.finishedHash.Write(hs.clientHello.marshal()) - - hs.hello = new(serverHelloMsg) + return clientHello, nil +} - supportedCurve := false - preferredCurves := c.config.curvePreferences() -Curves: - for _, curve := range hs.clientHello.supportedCurves { - for _, supported := range preferredCurves { - if supported == curve { - supportedCurve = true - break Curves - } - } - } +func (hs *serverHandshakeState) processClientHello() error { + c := hs.c - supportedPointFormat := false - for _, pointFormat := range hs.clientHello.supportedPoints { - if pointFormat == pointFormatUncompressed { - supportedPointFormat = true - break - } - } - hs.ellipticOk = supportedCurve && supportedPointFormat + hs.hello = new(serverHelloMsg) + hs.hello.vers = c.vers foundCompression := false // We only support null compression, so check that the client offered it. @@ -184,77 +182,186 @@ Curves: if !foundCompression { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: client does not support uncompressed connections") + return errors.New("tls: client does not support uncompressed connections") } - hs.hello.vers = c.vers hs.hello.random = make([]byte, 32) - _, err = io.ReadFull(c.config.rand(), hs.hello.random) + serverRandom := hs.hello.random + // Downgrade protection canaries. See RFC 8446, Section 4.1.3. + maxVers := c.config.maxSupportedVersion() + if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary { + if c.vers == VersionTLS12 { + copy(serverRandom[24:], downgradeCanaryTLS12) + } else { + copy(serverRandom[24:], downgradeCanaryTLS11) + } + serverRandom = serverRandom[:24] + } + _, err := io.ReadFull(c.config.rand(), serverRandom) if err != nil { c.sendAlert(alertInternalError) - return false, err + return err + } + + if len(hs.clientHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: initial handshake had non-empty renegotiation extension") } - hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation + + hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported hs.hello.compressionMethod = compressionNone - hs.hello.extendedMasterSecret = c.vers >= VersionTLS10 && hs.clientHello.extendedMasterSecret && c.config.ExtendedMasterSecret if len(hs.clientHello.serverName) > 0 { c.serverName = hs.clientHello.serverName } + if len(hs.clientHello.alpnProtocols) > 0 { - if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback { + if selectedProto := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); selectedProto != "" { hs.hello.alpnProtocol = selectedProto c.clientProtocol = selectedProto } - } else { - // Although sending an empty NPN extension is reasonable, Firefox has - // had a bug around this. Best to send nothing at all if - // c.config.NextProtos is empty. See - // https://code.google.com/p/go/issues/detail?id=5445. - if hs.clientHello.nextProtoNeg && len(c.config.NextProtos) > 0 { - hs.hello.nextProtoNeg = true - hs.hello.nextProtos = c.config.NextProtos + } + + hs.cert, err = c.config.getCertificate(clientHelloInfo(c, hs.clientHello)) + if err != nil { + if err == errNoCertificates { + c.sendAlert(alertUnrecognizedName) + } else { + c.sendAlert(alertInternalError) } + return err + } + if hs.clientHello.scts { + hs.hello.scts = hs.cert.SignedCertificateTimestamps } - if len(c.config.Certificates) == 0 { - c.sendAlert(alertInternalError) - return false, errors.New("tls: no certificates configured") + hs.ecdheOk = supportsECDHE(c.config, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints) + + if hs.ecdheOk { + // Although omitting the ec_point_formats extension is permitted, some + // old OpenSSL version will refuse to handshake if not present. + // + // Per RFC 4492, section 5.1.2, implementations MUST support the + // uncompressed point format. See golang.org/issue/31943. + hs.hello.supportedPoints = []uint8{pointFormatUncompressed} } - hs.cert = &c.config.Certificates[0] - if len(hs.clientHello.serverName) > 0 { - hs.cert = c.config.getCertificateForName(hs.clientHello.serverName) + + if priv, ok := hs.cert.PrivateKey.(crypto.Signer); ok { + switch priv.Public().(type) { + case *ecdsa.PublicKey: + hs.ecSignOk = true + case ed25519.PublicKey: + hs.ecSignOk = true + case *rsa.PublicKey: + hs.rsaSignOk = true + default: + c.sendAlert(alertInternalError) + return fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public()) + } + } + if priv, ok := hs.cert.PrivateKey.(crypto.Decrypter); ok { + switch priv.Public().(type) { + case *rsa.PublicKey: + hs.rsaDecryptOk = true + default: + c.sendAlert(alertInternalError) + return fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public()) + } } - _, hs.ecdsaOk = hs.cert.PrivateKey.(*ecdsa.PrivateKey) + return nil +} - if hs.checkForResumption() { - return true, nil +// supportsECDHE returns whether ECDHE key exchanges can be used with this +// pre-TLS 1.3 client. +func supportsECDHE(c *Config, supportedCurves []CurveID, supportedPoints []uint8) bool { + supportsCurve := false + for _, curve := range supportedCurves { + if c.supportsCurve(curve) { + supportsCurve = true + break + } } + supportsPointFormat := false + for _, pointFormat := range supportedPoints { + if pointFormat == pointFormatUncompressed { + supportsPointFormat = true + break + } + } + + return supportsCurve && supportsPointFormat +} + +func (hs *serverHandshakeState) pickCipherSuite() error { + c := hs.c + var preferenceList, supportedList []uint16 if c.config.PreferServerCipherSuites { preferenceList = c.config.cipherSuites() supportedList = hs.clientHello.cipherSuites + + // If the client does not seem to have hardware support for AES-GCM, + // and the application did not specify a cipher suite preference order, + // prefer other AEAD ciphers even if we prioritized AES-GCM ciphers + // by default. + if c.config.CipherSuites == nil && !aesgcmPreferred(hs.clientHello.cipherSuites) { + preferenceList = deprioritizeAES(preferenceList) + } } else { preferenceList = hs.clientHello.cipherSuites supportedList = c.config.cipherSuites() - } - for _, id := range preferenceList { - if hs.suite = c.tryCipherSuite(id, supportedList, c.vers, hs.ellipticOk, hs.ecdsaOk); hs.suite != nil { - break + // If we don't have hardware support for AES-GCM, prefer other AEAD + // ciphers even if the client prioritized AES-GCM. + if !hasAESGCMHardwareSupport { + preferenceList = deprioritizeAES(preferenceList) } } + hs.suite = selectCipherSuite(preferenceList, supportedList, hs.cipherSuiteOk) if hs.suite == nil { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: no cipher suite supported by both client and server") + return errors.New("tls: no cipher suite supported by both client and server") + } + c.cipherSuite = hs.suite.id + + for _, id := range hs.clientHello.cipherSuites { + if id == TLS_FALLBACK_SCSV { + // The client is doing a fallback connection. See RFC 7507. + if hs.clientHello.vers < c.config.maxSupportedVersion() { + c.sendAlert(alertInappropriateFallback) + return errors.New("tls: client using inappropriate protocol fallback") + } + break + } } - return false, nil + return nil +} + +func (hs *serverHandshakeState) cipherSuiteOk(c *cipherSuite) bool { + if c.flags&suiteECDHE != 0 { + if !hs.ecdheOk { + return false + } + if c.flags&suiteECSign != 0 { + if !hs.ecSignOk { + return false + } + } else if !hs.rsaSignOk { + return false + } + } else if !hs.rsaDecryptOk { + return false + } + if hs.c.vers < VersionTLS12 && c.flags&suiteTLS12 != 0 { + return false + } + return true } -// checkForResumption returns true if we should perform resumption on this connection. +// checkForResumption reports whether we should perform resumption on this connection. func (hs *serverHandshakeState) checkForResumption() bool { c := hs.c @@ -262,15 +369,23 @@ func (hs *serverHandshakeState) checkForResumption() bool { return false } - var ok bool - if hs.sessionState, ok = c.decryptTicket(hs.clientHello.sessionTicket); !ok { + plaintext, usedOldKey := c.decryptTicket(hs.clientHello.sessionTicket) + if plaintext == nil { + return false + } + hs.sessionState = &sessionState{usedOldKey: usedOldKey} + ok := hs.sessionState.unmarshal(plaintext) + if !ok { return false } - if hs.sessionState.vers > hs.clientHello.vers { + createdAt := time.Unix(int64(hs.sessionState.createdAt), 0) + if c.config.time().Sub(createdAt) > maxSessionTicketLifetime { return false } - if vers, ok := c.config.mutualVersion(hs.sessionState.vers); !ok || vers != hs.sessionState.vers { + + // Never resume a session for a different TLS version. + if c.vers != hs.sessionState.vers { return false } @@ -287,13 +402,14 @@ func (hs *serverHandshakeState) checkForResumption() bool { } // Check that we also support the ciphersuite from the session. - hs.suite = c.tryCipherSuite(hs.sessionState.cipherSuite, c.config.cipherSuites(), hs.sessionState.vers, hs.ellipticOk, hs.ecdsaOk) + hs.suite = selectCipherSuite([]uint16{hs.sessionState.cipherSuite}, + c.config.cipherSuites(), hs.cipherSuiteOk) if hs.suite == nil { return false } sessionHasClientCerts := len(hs.sessionState.certificates) != 0 - needClientCerts := c.config.ClientAuth == RequireAnyClientCert || c.config.ClientAuth == RequireAndVerifyClientCert + needClientCerts := requiresClientCert(c.config.ClientAuth) if needClientCerts && !sessionHasClientCerts { return false } @@ -308,21 +424,33 @@ func (hs *serverHandshakeState) doResumeHandshake() error { c := hs.c hs.hello.cipherSuite = hs.suite.id + c.cipherSuite = hs.suite.id // We echo the client's session ID in the ServerHello to let it know // that we're doing a resumption. hs.hello.sessionId = hs.clientHello.sessionId + hs.hello.ticketSupported = hs.sessionState.usedOldKey + hs.finishedHash = newFinishedHash(c.vers, hs.suite) + hs.finishedHash.discardHandshakeBuffer() + hs.finishedHash.Write(hs.clientHello.marshal()) hs.finishedHash.Write(hs.hello.marshal()) - c.writeRecord(recordTypeHandshake, hs.hello.marshal()) - c.handshakeLog.ServerHello = hs.hello.MakeLog() + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } - if len(hs.sessionState.certificates) > 0 { - if _, err := hs.processCertsFromClient(hs.sessionState.certificates); err != nil { + if err := c.processCertsFromClient(Certificate{ + Certificate: hs.sessionState.certificates, + }); err != nil { + return err + } + + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) return err } } hs.masterSecret = hs.sessionState.masterSecret - c.extendedMasterSecret = hs.sessionState.extendedMasterSecret return nil } @@ -336,23 +464,33 @@ func (hs *serverHandshakeState) doFullHandshake() error { hs.hello.ticketSupported = hs.clientHello.ticketSupported && !c.config.SessionTicketsDisabled hs.hello.cipherSuite = hs.suite.id - c.extendedMasterSecret = hs.hello.extendedMasterSecret + + hs.finishedHash = newFinishedHash(hs.c.vers, hs.suite) + if c.config.ClientAuth == NoClientCert { + // No need to keep a full record of the handshake if client + // certificates won't be used. + hs.finishedHash.discardHandshakeBuffer() + } + hs.finishedHash.Write(hs.clientHello.marshal()) hs.finishedHash.Write(hs.hello.marshal()) - c.writeRecord(recordTypeHandshake, hs.hello.marshal()) - c.handshakeLog.ServerHello = hs.hello.MakeLog() + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } certMsg := new(certificateMsg) certMsg.certificates = hs.cert.Certificate hs.finishedHash.Write(certMsg.marshal()) - c.writeRecord(recordTypeHandshake, certMsg.marshal()) - c.handshakeLog.ServerCertificates = certMsg.MakeLog() + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } if hs.hello.ocspStapling { certStatus := new(certificateStatusMsg) - certStatus.statusType = statusTypeOCSP certStatus.response = hs.cert.OCSPStaple hs.finishedHash.Write(certStatus.marshal()) - c.writeRecord(recordTypeHandshake, certStatus.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certStatus.marshal()); err != nil { + return err + } } keyAgreement := hs.suite.ka(c.vers) @@ -363,20 +501,22 @@ func (hs *serverHandshakeState) doFullHandshake() error { } if skx != nil { hs.finishedHash.Write(skx.marshal()) - c.writeRecord(recordTypeHandshake, skx.marshal()) - c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) + if _, err := c.writeRecord(recordTypeHandshake, skx.marshal()); err != nil { + return err + } } + var certReq *certificateRequestMsg if c.config.ClientAuth >= RequestClientCert { // Request a client certificate - certReq := new(certificateRequestMsg) + certReq = new(certificateRequestMsg) certReq.certificateTypes = []byte{ byte(certTypeRSASign), byte(certTypeECDSASign), } if c.vers >= VersionTLS12 { - certReq.hasSignatureAndHash = true - certReq.signatureAndHashes = c.config.signatureAndHashesForServer() + certReq.hasSignatureAlgorithm = true + certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms } // An empty list of certificateAuthorities signals to @@ -388,12 +528,16 @@ func (hs *serverHandshakeState) doFullHandshake() error { certReq.certificateAuthorities = c.config.ClientCAs.Subjects() } hs.finishedHash.Write(certReq.marshal()) - c.writeRecord(recordTypeHandshake, certReq.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certReq.marshal()); err != nil { + return err + } } helloDone := new(serverHelloDoneMsg) hs.finishedHash.Write(helloDone.marshal()) - c.writeRecord(recordTypeHandshake, helloDone.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, helloDone.marshal()); err != nil { + return err + } if _, err := c.flush(); err != nil { return err @@ -406,35 +550,36 @@ func (hs *serverHandshakeState) doFullHandshake() error { return err } - var ok bool // If we requested a client certificate, then the client must send a // certificate message, even if it's empty. if c.config.ClientAuth >= RequestClientCert { - if certMsg, ok = msg.(*certificateMsg); !ok { + certMsg, ok := msg.(*certificateMsg) + if !ok { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(certMsg, msg) } hs.finishedHash.Write(certMsg.marshal()) - if len(certMsg.certificates) == 0 { - // The client didn't actually send a certificate - switch c.config.ClientAuth { - case RequireAnyClientCert, RequireAndVerifyClientCert: - c.sendAlert(alertBadCertificate) - return errors.New("tls: client didn't provide a certificate") - } - } - - pub, err = hs.processCertsFromClient(certMsg.certificates) - if err != nil { + if err := c.processCertsFromClient(Certificate{ + Certificate: certMsg.certificates, + }); err != nil { return err } + if len(certMsg.certificates) != 0 { + pub = c.peerCertificates[0].PublicKey + } msg, err = c.readHandshake() if err != nil { return err } } + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } // Get client key exchange ckx, ok := msg.(*clientKeyExchangeMsg) @@ -444,25 +589,20 @@ func (hs *serverHandshakeState) doFullHandshake() error { } hs.finishedHash.Write(ckx.marshal()) - preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx) + preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers) if err != nil { c.sendAlert(alertHandshakeFailure) return err } - c.handshakeLog.ClientKeyExchange = ckx.MakeLog(keyAgreement) - - hs.preMasterSecret = make([]byte, len(preMasterSecret)) - copy(hs.preMasterSecret, preMasterSecret) - - if c.extendedMasterSecret { - hs.masterSecret = extendedMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.finishedHash) - } else { - hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random) + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random) + if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil { + c.sendAlert(alertInternalError) + return err } // If we received a client cert in response to our certificate request message, // the client will send us a certificateVerifyMsg immediately after the - // clientKeyExchangeMsg. This message is a digest of all preceding + // clientKeyExchangeMsg. This message is a digest of all preceding // handshake-layer messages that is signed using the private key corresponding // to the client's certificate. This allows us to verify that the client is in // possession of the private key of the certificate. @@ -477,91 +617,36 @@ func (hs *serverHandshakeState) doFullHandshake() error { return unexpectedMessageError(certVerify, msg) } - // Determine the signature type. - var signatureAndHash SigAndHash - if certVerify.hasSignatureAndHash { - signatureAndHash = certVerify.signatureAndHash - if !isSupportedSignatureAndHash(signatureAndHash, c.config.signatureAndHashesForServer()) { - return errors.New("tls: unsupported hash function for client certificate") - } - } else { - // Before TLS 1.2 the signature algorithm was implicit - // from the key type, and only one hash per signature - // algorithm was possible. Leave the hash as zero. - switch pub.(type) { - case *ecdsa.PublicKey: - signatureAndHash.Signature = signatureECDSA - case *rsa.PublicKey: - signatureAndHash.Signature = signatureRSA - } - } - - switch key := pub.(type) { - case *x509.AugmentedECDSA: - if signatureAndHash.Signature != signatureECDSA { - err = errors.New("tls: bad signature type for client's ECDSA certificate") - break - } - ecdsaSig := new(ecdsaSignature) - if _, err = asn1.Unmarshal(certVerify.signature, ecdsaSig); err != nil { - break - } - if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { - err = errors.New("ECDSA signature contained zero or negative values") - break - } - var digest []byte - digest, _, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret) - if err != nil { - break - } - if !ecdsa.Verify(key.Pub, digest, ecdsaSig.R, ecdsaSig.S) { - err = errors.New("ECDSA verification failure") - break - } - case *ecdsa.PublicKey: - if signatureAndHash.Signature != signatureECDSA { - err = errors.New("tls: bad signature type for client's ECDSA certificate") - break - } - ecdsaSig := new(ecdsaSignature) - if _, err = asn1.Unmarshal(certVerify.signature, ecdsaSig); err != nil { - break - } - if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { - err = errors.New("ECDSA signature contained zero or negative values") - break + var sigType uint8 + var sigHash crypto.Hash + if c.vers >= VersionTLS12 { + if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, certReq.supportedSignatureAlgorithms) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client certificate used with invalid signature algorithm") } - var digest []byte - digest, _, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret) + sigType, sigHash, err = typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm) if err != nil { - break - } - if !ecdsa.Verify(key, digest, ecdsaSig.R, ecdsaSig.S) { - err = errors.New("ECDSA verification failure") - break - } - case *rsa.PublicKey: - if signatureAndHash.Signature != signatureRSA { - err = errors.New("tls: bad signature type for client's RSA certificate") - break + return c.sendAlert(alertInternalError) } - var digest []byte - var hashFunc crypto.Hash - digest, hashFunc, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret) + } else { + sigType, sigHash, err = legacyTypeAndHashFromPublicKey(pub) if err != nil { - break + c.sendAlert(alertIllegalParameter) + return err } - err = rsa.VerifyPKCS1v15(key, hashFunc, digest, certVerify.signature) } - if err != nil { - c.sendAlert(alertBadCertificate) - return errors.New("could not validate signature of connection nonces: " + err.Error()) + + signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret) + if err := verifyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid signature by the client certificate: " + err.Error()) } - hs.writeClientHash(certVerify.marshal()) + hs.finishedHash.Write(certVerify.marshal()) } + hs.finishedHash.discardHandshakeBuffer() + return nil } @@ -572,13 +657,13 @@ func (hs *serverHandshakeState) establishKeys() error { keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) var clientCipher, serverCipher interface{} - var clientHash, serverHash macFunction + var clientHash, serverHash hash.Hash if hs.suite.aead == nil { clientCipher = hs.suite.cipher(clientKey, clientIV, true /* for reading */) - clientHash = hs.suite.mac(c.vers, clientMAC) + clientHash = hs.suite.mac(clientMAC) serverCipher = hs.suite.cipher(serverKey, serverIV, false /* not for reading */) - serverHash = hs.suite.mac(c.vers, serverMAC) + serverHash = hs.suite.mac(serverMAC) } else { clientCipher = hs.suite.aead(clientKey, clientIV) serverCipher = hs.suite.aead(serverKey, serverIV) @@ -590,28 +675,13 @@ func (hs *serverHandshakeState) establishKeys() error { return nil } -func (hs *serverHandshakeState) readFinished() error { +func (hs *serverHandshakeState) readFinished(out []byte) error { c := hs.c - c.readRecord(recordTypeChangeCipherSpec) - if err := c.in.error(); err != nil { + if err := c.readChangeCipherSpec(); err != nil { return err } - if hs.hello.nextProtoNeg { - msg, err := c.readHandshake() - if err != nil { - return err - } - nextProto, ok := msg.(*nextProtoMsg) - if !ok { - c.sendAlert(alertUnexpectedMessage) - return unexpectedMessageError(nextProto, msg) - } - hs.finishedHash.Write(nextProto.marshal()) - c.clientProtocol = nextProto.proto - } - msg, err := c.readHandshake() if err != nil { return err @@ -621,7 +691,6 @@ func (hs *serverHandshakeState) readFinished() error { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(clientFinished, msg) } - c.handshakeLog.ClientFinished = clientFinished.MakeLog() verify := hs.finishedHash.clientSum(hs.masterSecret) if len(verify) != len(clientFinished.verifyData) || @@ -631,10 +700,14 @@ func (hs *serverHandshakeState) readFinished() error { } hs.finishedHash.Write(clientFinished.marshal()) + copy(out, verify) return nil } func (hs *serverHandshakeState) sendSessionTicket() error { + // ticketSupported is set in a resumption handshake if the + // ticket from the client was encrypted with an old session + // ticket key and thus a refreshed ticket should be sent. if !hs.hello.ticketSupported { return nil } @@ -642,36 +715,53 @@ func (hs *serverHandshakeState) sendSessionTicket() error { c := hs.c m := new(newSessionTicketMsg) - var err error + createdAt := uint64(c.config.time().Unix()) + if hs.sessionState != nil { + // If this is re-wrapping an old key, then keep + // the original time it was created. + createdAt = hs.sessionState.createdAt + } + + var certsFromClient [][]byte + for _, cert := range c.peerCertificates { + certsFromClient = append(certsFromClient, cert.Raw) + } state := sessionState{ vers: c.vers, cipherSuite: hs.suite.id, + createdAt: createdAt, masterSecret: hs.masterSecret, - certificates: hs.certsFromClient, + certificates: certsFromClient, } - m.ticket, err = c.encryptTicket(&state) + var err error + m.ticket, err = c.encryptTicket(state.marshal()) if err != nil { return err } hs.finishedHash.Write(m.marshal()) - c.writeRecord(recordTypeHandshake, m.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil { + return err + } return nil } -func (hs *serverHandshakeState) sendFinished() error { +func (hs *serverHandshakeState) sendFinished(out []byte) error { c := hs.c - c.writeRecord(recordTypeChangeCipherSpec, []byte{1}) + if _, err := c.writeRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil { + return err + } finished := new(finishedMsg) finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) hs.finishedHash.Write(finished.marshal()) - c.writeRecord(recordTypeHandshake, finished.marshal()) - c.handshakeLog.ServerFinished = finished.MakeLog() + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } - c.cipherSuite = hs.suite.id + copy(out, finished.verifyData) return nil } @@ -679,19 +769,22 @@ func (hs *serverHandshakeState) sendFinished() error { // processCertsFromClient takes a chain of client certificates either from a // Certificates message or from a sessionState and verifies them. It returns // the public key of the leaf certificate. -func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (crypto.PublicKey, error) { - c := hs.c - - hs.certsFromClient = certificates +func (c *Conn) processCertsFromClient(certificate Certificate) error { + certificates := certificate.Certificate certs := make([]*x509.Certificate, len(certificates)) var err error for i, asn1Data := range certificates { if certs[i], err = x509.ParseCertificate(asn1Data); err != nil { c.sendAlert(alertBadCertificate) - return nil, errors.New("tls: failed to parse client certificate: " + err.Error()) + return errors.New("tls: failed to parse client certificate: " + err.Error()) } } + if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) { + c.sendAlert(alertBadCertificate) + return errors.New("tls: client didn't provide a certificate") + } + if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 { opts := x509.VerifyOptions{ Roots: c.config.ClientCAs, @@ -707,121 +800,50 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c chains, _, _, err := certs[0].Verify(opts) if err != nil { c.sendAlert(alertBadCertificate) - return nil, errors.New("tls: failed to verify client's certificate: " + err.Error()) - } - - ok := false - for _, ku := range certs[0].ExtKeyUsage { - if ku == x509.ExtKeyUsageClientAuth { - ok = true - break - } - } - if !ok { - c.sendAlert(alertHandshakeFailure) - return nil, errors.New("tls: client's certificate's extended key usage doesn't permit it to be used for client authentication") + return errors.New("tls: failed to verify client certificate: " + err.Error()) } c.verifiedChains = chains } + c.peerCertificates = certs + c.ocspResponse = certificate.OCSPStaple + c.scts = certificate.SignedCertificateTimestamps + if len(certs) > 0 { - var pub crypto.PublicKey - switch key := certs[0].PublicKey.(type) { - case *ecdsa.PublicKey, *rsa.PublicKey: - pub = key - case *x509.AugmentedECDSA: - pub = key.Pub + switch certs[0].PublicKey.(type) { + case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey, *x509.AugmentedECDSA: default: c.sendAlert(alertUnsupportedCertificate) - return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey) + return fmt.Errorf("tls: client certificate contains an unsupported public key of type %T", certs[0].PublicKey) } - c.peerCertificates = certs - return pub, nil } - return nil, nil -} - -func (hs *serverHandshakeState) writeServerHash(msg []byte) { - // writeServerHash is called before writeRecord. - hs.writeHash(msg, 0) -} - -func (hs *serverHandshakeState) writeClientHash(msg []byte) { - // writeClientHash is called after readHandshake. - hs.writeHash(msg, 0) -} - -func (hs *serverHandshakeState) writeHash(msg []byte, seqno uint16) { - hs.finishedHash.Write(msg) -} - -// tryCipherSuite returns a cipherSuite with the given id if that cipher suite -// is acceptable to use. -func (c *Conn) tryCipherSuite(id uint16, supportedCipherSuites []uint16, version uint16, ellipticOk, ecdsaOk bool) *cipherSuite { - for _, supported := range supportedCipherSuites { - if id == supported { - var candidate *cipherSuite - - for _, s := range implementedCipherSuites { - if s.id == id { - candidate = s - break - } - } - if candidate == nil { - continue - } - // Don't select a ciphersuite which we can't - // support for this client. - if (candidate.flags&suiteECDHE != 0) && !ellipticOk { - continue - } - if (candidate.flags&suiteECDSA != 0) != ecdsaOk { - continue - } - if version < VersionTLS12 && candidate.flags&suiteTLS12 != 0 { - continue - } - return candidate + if c.config.VerifyPeerCertificate != nil { + if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil { + c.sendAlert(alertBadCertificate) + return err } } return nil } -// suppVersArray is the backing array of ClientHelloInfo.SupportedVersions -var suppVersArray = [...]uint16{VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30} - -func (hs *serverHandshakeState) clientHelloInfo() *ClientHelloInfo { - if hs.cachedClientHelloInfo != nil { - return hs.cachedClientHelloInfo - } - - var supportedVersions []uint16 - if hs.clientHello.vers > VersionTLS12 { - supportedVersions = suppVersArray[:] - } else if hs.clientHello.vers >= VersionSSL30 { - supportedVersions = suppVersArray[VersionTLS12-hs.clientHello.vers:] +func clientHelloInfo(c *Conn, clientHello *clientHelloMsg) *ClientHelloInfo { + supportedVersions := clientHello.supportedVersions + if len(clientHello.supportedVersions) == 0 { + supportedVersions = supportedVersionsFromMax(clientHello.vers) } - signatureSchemes := make([]SignatureScheme, 0, len(hs.clientHello.signatureAndHashes)) - for _, sah := range hs.clientHello.signatureAndHashes { - signatureSchemes = append(signatureSchemes, SignatureScheme(sah.Hash)<<8+SignatureScheme(sah.Signature)) - } - - hs.cachedClientHelloInfo = &ClientHelloInfo{ - CipherSuites: hs.clientHello.cipherSuites, - ServerName: hs.clientHello.serverName, - SupportedCurves: hs.clientHello.supportedCurves, - SupportedPoints: hs.clientHello.supportedPoints, - SignatureSchemes: signatureSchemes, - SupportedProtos: hs.clientHello.alpnProtocols, + return &ClientHelloInfo{ + CipherSuites: clientHello.cipherSuites, + ServerName: clientHello.serverName, + SupportedCurves: clientHello.supportedCurves, + SupportedPoints: clientHello.supportedPoints, + SignatureSchemes: clientHello.supportedSignatureAlgorithms, + SupportedProtos: clientHello.alpnProtocols, SupportedVersions: supportedVersions, - Conn: hs.c.conn, - HandshakeLog: hs.c.handshakeLog, + Conn: c.conn, + config: c.config, } - - return hs.cachedClientHelloInfo } diff --git a/tls/handshake_server_test.go b/tls/handshake_server_test.go index af56fdce..a7acc952 100644 --- a/tls/handshake_server_test.go +++ b/tls/handshake_server_test.go @@ -6,15 +6,12 @@ package tls import ( "bytes" - "crypto/ecdsa" + "crypto" "crypto/elliptic" - "crypto/rsa" - "encoding/hex" "encoding/pem" "errors" "fmt" "io" - "math/big" "net" "os" "os/exec" @@ -24,42 +21,15 @@ import ( "time" "github.com/zmap/zcrypto/x509" + "golang.org/x/crypto/curve25519" ) -// zeroSource is an io.Reader that returns an unlimited number of zero bytes. -type zeroSource struct{} - -func (zeroSource) Read(b []byte) (n int, err error) { - for i := range b { - b[i] = 0 - } - - return len(b), nil -} - -var testConfig *Config - -func init() { - testConfig = &Config{ - Time: func() time.Time { return time.Unix(0, 0) }, - Rand: zeroSource{}, - Certificates: make([]Certificate, 2), - InsecureSkipVerify: true, - MinVersion: VersionSSL30, - MaxVersion: VersionTLS12, - } - testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate} - testConfig.Certificates[0].PrivateKey = testRSAPrivateKey - testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate} - testConfig.Certificates[1].PrivateKey = testRSAPrivateKey - testConfig.BuildNameToCertificate() +func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) { + testClientHelloFailure(t, serverConfig, m, "") } -func testClientHelloFailure(t *testing.T, m handshakeMessage, expectedSubStr string) { - // Create in-memory network connection, - // send message to server. Should return - // expected error. - c, s := net.Pipe() +func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) { + c, s := localPipe(t) go func() { cli := Client(c, testConfig) if ch, ok := m.(*clientHelloMsg); ok { @@ -68,51 +38,199 @@ func testClientHelloFailure(t *testing.T, m handshakeMessage, expectedSubStr str cli.writeRecord(recordTypeHandshake, m.marshal()) c.Close() }() - err := Server(s, testConfig).Handshake() + conn := Server(s, serverConfig) + ch, err := conn.readClientHello() + hs := serverHandshakeState{ + c: conn, + clientHello: ch, + } + if err == nil { + err = hs.processClientHello() + } + if err == nil { + err = hs.pickCipherSuite() + } s.Close() - if err == nil || !strings.Contains(err.Error(), expectedSubStr) { - t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr) + if len(expectedSubStr) == 0 { + if err != nil && err != io.EOF { + t.Errorf("Got error: %s; expected to succeed", err) + } + } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { + t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr) } } func TestSimpleError(t *testing.T) { - testClientHelloFailure(t, &serverHelloDoneMsg{}, "unexpected handshake message") + testClientHelloFailure(t, testConfig, &serverHelloDoneMsg{}, "unexpected handshake message") } -var badProtocolVersions = []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205} +var badProtocolVersions = []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205, VersionSSL30} func TestRejectBadProtocolVersion(t *testing.T) { + config := testConfig.Clone() + config.MinVersion = VersionSSL30 for _, v := range badProtocolVersions { - testClientHelloFailure(t, &clientHelloMsg{vers: v}, "unsupported, maximum protocol version") + testClientHelloFailure(t, config, &clientHelloMsg{ + vers: v, + random: make([]byte, 32), + }, "unsupported versions") } + testClientHelloFailure(t, config, &clientHelloMsg{ + vers: VersionTLS12, + supportedVersions: badProtocolVersions, + random: make([]byte, 32), + }, "unsupported versions") } func TestNoSuiteOverlap(t *testing.T) { clientHello := &clientHelloMsg{ - vers: 0x0301, + vers: VersionTLS10, + random: make([]byte, 32), cipherSuites: []uint16{0xff00}, - compressionMethods: []uint8{0}, + compressionMethods: []uint8{compressionNone}, } - testClientHelloFailure(t, clientHello, "no cipher suite supported by both client and server") + testClientHelloFailure(t, testConfig, clientHello, "no cipher suite supported by both client and server") } func TestNoCompressionOverlap(t *testing.T) { clientHello := &clientHelloMsg{ - vers: 0x0301, + vers: VersionTLS10, + random: make([]byte, 32), cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, compressionMethods: []uint8{0xff}, } - testClientHelloFailure(t, clientHello, "client does not support uncompressed connections") + testClientHelloFailure(t, testConfig, clientHello, "client does not support uncompressed connections") +} + +func TestNoRC4ByDefault(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + serverConfig := testConfig.Clone() + // Reset the enabled cipher suites to nil in order to test the + // defaults. + serverConfig.CipherSuites = nil + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestRejectSNIWithTrailingDot(t *testing.T) { + testClientHelloFailure(t, testConfig, &clientHelloMsg{ + vers: VersionTLS12, + random: make([]byte, 32), + serverName: "foo.com.", + }, "unexpected message") +} + +func TestDontSelectECDSAWithRSAKey(t *testing.T) { + // Test that, even when both sides support an ECDSA cipher suite, it + // won't be selected if the server's private key doesn't support it. + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, + compressionMethods: []uint8{compressionNone}, + supportedCurves: []CurveID{CurveP256}, + supportedPoints: []uint8{pointFormatUncompressed}, + } + serverConfig := testConfig.Clone() + serverConfig.CipherSuites = clientHello.cipherSuites + serverConfig.Certificates = make([]Certificate, 1) + serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} + serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey + serverConfig.BuildNameToCertificate() + // First test that it *does* work when the server's key is ECDSA. + testClientHello(t, serverConfig, clientHello) + + // Now test that switching to an RSA key causes the expected error (and + // not an internal error about a signing failure). + serverConfig.Certificates = testConfig.Certificates + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestDontSelectRSAWithECDSAKey(t *testing.T) { + // Test that, even when both sides support an RSA cipher suite, it + // won't be selected if the server's private key doesn't support it. + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, + compressionMethods: []uint8{compressionNone}, + supportedCurves: []CurveID{CurveP256}, + supportedPoints: []uint8{pointFormatUncompressed}, + } + serverConfig := testConfig.Clone() + serverConfig.CipherSuites = clientHello.cipherSuites + // First test that it *does* work when the server's key is RSA. + testClientHello(t, serverConfig, clientHello) + + // Now test that switching to an ECDSA key causes the expected error + // (and not an internal error about a signing failure). + serverConfig.Certificates = make([]Certificate, 1) + serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} + serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey + serverConfig.BuildNameToCertificate() + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestRenegotiationExtension(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS12, + compressionMethods: []uint8{compressionNone}, + random: make([]byte, 32), + secureRenegotiationSupported: true, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + } + + bufChan := make(chan []byte, 1) + c, s := localPipe(t) + + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + + buf := make([]byte, 1024) + n, err := c.Read(buf) + if err != nil { + t.Errorf("Server read returned error: %s", err) + return + } + c.Close() + bufChan <- buf[:n] + }() + + Server(s, testConfig).Handshake() + buf := <-bufChan + + if len(buf) < 5+4 { + t.Fatalf("Server returned short message of length %d", len(buf)) + } + // buf contains a TLS record, with a 5 byte record header and a 4 byte + // handshake header. The length of the ServerHello is taken from the + // handshake header. + serverHelloLen := int(buf[6])<<16 | int(buf[7])<<8 | int(buf[8]) + + var serverHello serverHelloMsg + // unmarshal expects to be given the handshake header, but + // serverHelloLen doesn't include it. + if !serverHello.unmarshal(buf[5 : 9+serverHelloLen]) { + t.Fatalf("Failed to parse ServerHello") + } + + if !serverHello.secureRenegotiationSupported { + t.Errorf("Secure renegotiation extension was not echoed.") + } } func TestTLS12OnlyCipherSuites(t *testing.T) { // Test that a Server doesn't select a TLS 1.2-only cipher suite when // the client negotiates TLS 1.1. - var zeros [32]byte - clientHello := &clientHelloMsg{ vers: VersionTLS11, - random: zeros[:], + random: make([]byte, 32), cipherSuites: []uint16{ // The Server, by default, will use the client's // preference order. So the GCM cipher suite @@ -126,22 +244,27 @@ func TestTLS12OnlyCipherSuites(t *testing.T) { supportedPoints: []uint8{pointFormatUncompressed}, } - c, s := net.Pipe() - var reply interface{} - var clientErr error + c, s := localPipe(t) + replyChan := make(chan interface{}) go func() { cli := Client(c, testConfig) cli.vers = clientHello.vers cli.writeRecord(recordTypeHandshake, clientHello.marshal()) - reply, clientErr = cli.readHandshake() + reply, err := cli.readHandshake() c.Close() + if err != nil { + replyChan <- err + } else { + replyChan <- reply + } }() - config := *testConfig + config := testConfig.Clone() config.CipherSuites = clientHello.cipherSuites - Server(s, &config).Handshake() + Server(s, config).Handshake() s.Close() - if clientErr != nil { - t.Fatal(clientErr) + reply := <-replyChan + if err, ok := reply.(error); ok { + t.Fatal(err) } serverHello, ok := reply.(*serverHelloMsg) if !ok { @@ -152,8 +275,81 @@ func TestTLS12OnlyCipherSuites(t *testing.T) { } } +func TestTLSPointFormats(t *testing.T) { + // Test that a Server returns the ec_point_format extension when ECC is + // negotiated, and not returned on RSA handshake. + tests := []struct { + name string + cipherSuites []uint16 + supportedCurves []CurveID + supportedPoints []uint8 + wantSupportedPoints bool + }{ + {"ECC", []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, []CurveID{CurveP256}, []uint8{compressionNone}, true}, + {"RSA", []uint16{TLS_RSA_WITH_AES_256_GCM_SHA384}, nil, nil, false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS12, + random: make([]byte, 32), + cipherSuites: tt.cipherSuites, + compressionMethods: []uint8{compressionNone}, + supportedCurves: tt.supportedCurves, + supportedPoints: tt.supportedPoints, + } + + c, s := localPipe(t) + replyChan := make(chan interface{}) + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + reply, err := cli.readHandshake() + c.Close() + if err != nil { + replyChan <- err + } else { + replyChan <- reply + } + }() + config := testConfig.Clone() + config.CipherSuites = clientHello.cipherSuites + Server(s, config).Handshake() + s.Close() + reply := <-replyChan + if err, ok := reply.(error); ok { + t.Fatal(err) + } + serverHello, ok := reply.(*serverHelloMsg) + if !ok { + t.Fatalf("didn't get ServerHello message in reply. Got %v\n", reply) + } + if tt.wantSupportedPoints { + if len(serverHello.supportedPoints) < 1 { + t.Fatal("missing ec_point_format extension from server") + } + found := false + for _, p := range serverHello.supportedPoints { + if p == pointFormatUncompressed { + found = true + break + } + } + if !found { + t.Fatal("missing uncompressed format in ec_point_format extension from server") + } + } else { + if len(serverHello.supportedPoints) != 0 { + t.Fatalf("unexcpected ec_point_format extension from server: %v", serverHello.supportedPoints) + } + } + }) + } +} + func TestAlertForwarding(t *testing.T) { - c, s := net.Pipe() + c, s := localPipe(t) go func() { Client(c, testConfig).sendAlert(alertUnknownCA) c.Close() @@ -161,13 +357,14 @@ func TestAlertForwarding(t *testing.T) { err := Server(s, testConfig).Handshake() s.Close() - if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) { + var opErr *net.OpError + if !errors.As(err, &opErr) || opErr.Err != error(alertUnknownCA) { t.Errorf("Got error: %s; expected: %s", err, error(alertUnknownCA)) } } func TestClose(t *testing.T) { - c, s := net.Pipe() + c, s := localPipe(t) go c.Close() err := Server(s, testConfig).Handshake() @@ -177,25 +374,6 @@ func TestClose(t *testing.T) { } } -func testHandshake(clientConfig, serverConfig *Config) (state ConnectionState, err error) { - c, s := net.Pipe() - done := make(chan bool) - go func() { - cli := Client(c, clientConfig) - cli.Handshake() - c.Close() - done <- true - }() - server := Server(s, serverConfig) - err = server.Handshake() - if err == nil { - state = server.ConnectionState() - } - s.Close() - <-done - return -} - func TestVersion(t *testing.T) { serverConfig := &Config{ Certificates: testConfig.Certificates, @@ -204,7 +382,7 @@ func TestVersion(t *testing.T) { clientConfig := &Config{ InsecureSkipVerify: true, } - state, err := testHandshake(clientConfig, serverConfig) + state, _, err := testHandshake(t, clientConfig, serverConfig) if err != nil { t.Fatalf("handshake failed: %s", err) } @@ -223,7 +401,7 @@ func TestCipherSuitePreference(t *testing.T) { CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, InsecureSkipVerify: true, } - state, err := testHandshake(clientConfig, serverConfig) + state, _, err := testHandshake(t, clientConfig, serverConfig) if err != nil { t.Fatalf("handshake failed: %s", err) } @@ -233,7 +411,7 @@ func TestCipherSuitePreference(t *testing.T) { } serverConfig.PreferServerCipherSuites = true - state, err = testHandshake(clientConfig, serverConfig) + state, _, err = testHandshake(t, clientConfig, serverConfig) if err != nil { t.Fatalf("handshake failed: %s", err) } @@ -242,6 +420,102 @@ func TestCipherSuitePreference(t *testing.T) { } } +func TestSCTHandshake(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testSCTHandshake(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testSCTHandshake(t, VersionTLS13) }) +} + +func testSCTHandshake(t *testing.T, version uint16) { + expected := [][]byte{[]byte("certificate"), []byte("transparency")} + serverConfig := &Config{ + Certificates: []Certificate{{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + SignedCertificateTimestamps: expected, + }}, + MaxVersion: version, + } + clientConfig := &Config{ + InsecureSkipVerify: true, + } + _, state, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + actual := state.SignedCertificateTimestamps + if len(actual) != len(expected) { + t.Fatalf("got %d scts, want %d", len(actual), len(expected)) + } + for i, sct := range expected { + if !bytes.Equal(sct, actual[i]) { + t.Fatalf("SCT #%d was %x, but expected %x", i, actual[i], sct) + } + } +} + +func TestCrossVersionResume(t *testing.T) { + t.Run("TLSv12", func(t *testing.T) { testCrossVersionResume(t, VersionTLS12) }) + t.Run("TLSv13", func(t *testing.T) { testCrossVersionResume(t, VersionTLS13) }) +} + +func testCrossVersionResume(t *testing.T, version uint16) { + serverConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, + Certificates: testConfig.Certificates, + } + clientConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, + InsecureSkipVerify: true, + ClientSessionCache: NewLRUClientSessionCache(1), + ServerName: "servername", + } + + // Establish a session at TLS 1.1. + clientConfig.MaxVersion = VersionTLS11 + _, _, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + + // The client session cache now contains a TLS 1.1 session. + state, _, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !state.DidResume { + t.Fatalf("handshake did not resume at the same version") + } + + // Test that the server will decline to resume at a lower version. + clientConfig.MaxVersion = VersionTLS10 + state, _, err = testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.DidResume { + t.Fatalf("handshake resumed at a lower version") + } + + // The client session cache now contains a TLS 1.0 session. + state, _, err = testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !state.DidResume { + t.Fatalf("handshake did not resume at the same version") + } + + // Test that the server will decline to resume at a higher version. + clientConfig.MaxVersion = VersionTLS11 + state, _, err = testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.DidResume { + t.Fatalf("handshake resumed at a higher version") + } +} + // Note: see comment in handshake_test.go for details of how the reference // tests work. @@ -259,6 +533,16 @@ type serverTest struct { expectedPeerCerts []string // config, if not nil, contains a custom Config to use for this test. config *Config + // expectHandshakeErrorIncluding, when not empty, contains a string + // that must be a substring of the error resulting from the handshake. + expectHandshakeErrorIncluding string + // validate, if not nil, is a function that will be called with the + // ConnectionState of the resulting connection. It returns false if the + // ConnectionState is unacceptable. + validate func(ConnectionState) error + // wait, if true, prevents this subtest from calling t.Parallel. + // If false, runServerTest* returns immediately. + wait bool } var defaultClientCommand = []string{"openssl", "s_client", "-no_ticket"} @@ -294,11 +578,12 @@ func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, return nil, nil, err } - connChan := make(chan interface{}) + connChan := make(chan interface{}, 1) go func() { tcpConn, err := l.Accept() if err != nil { connChan <- err + return } connChan <- tcpConn }() @@ -311,7 +596,6 @@ func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, } tcpConn = connOrError.(net.Conn) case <-time.After(2 * time.Second): - output.WriteTo(os.Stdout) return nil, nil, errors.New("timed out waiting for connection from child process") } @@ -347,22 +631,36 @@ func (test *serverTest) run(t *testing.T, write bool) { t.Fatalf("Failed to start subcommand: %s", err) } serverConn = recordingConn + defer func() { + if t.Failed() { + t.Logf("OpenSSL output:\n\n%s", childProcess.Stdout) + } + }() } else { - clientConn, serverConn = net.Pipe() + clientConn, serverConn = localPipe(t) } config := test.config if config == nil { config = testConfig } server := Server(serverConn, config) - peerCertsChan := make(chan []*x509.Certificate, 1) + connStateChan := make(chan ConnectionState, 1) go func() { - if _, err := server.Write([]byte("hello, world\n")); err != nil { - t.Logf("Error from Server.Write: %s", err) + _, err := server.Write([]byte("hello, world\n")) + if len(test.expectHandshakeErrorIncluding) > 0 { + if err == nil { + t.Errorf("Error expected, but no error returned") + } else if s := err.Error(); !strings.Contains(s, test.expectHandshakeErrorIncluding) { + t.Errorf("Error expected containing '%s' but got '%s'", test.expectHandshakeErrorIncluding, s) + } + } else { + if err != nil { + t.Logf("Error from Server.Write: '%s'", err) + } } server.Close() serverConn.Close() - peerCertsChan <- server.ConnectionState().PeerCertificates + connStateChan <- server.ConnectionState() }() if !write { @@ -372,10 +670,20 @@ func (test *serverTest) run(t *testing.T, write bool) { } for i, b := range flows { if i%2 == 0 { + if *fast { + clientConn.SetWriteDeadline(time.Now().Add(1 * time.Second)) + } else { + clientConn.SetWriteDeadline(time.Now().Add(1 * time.Minute)) + } clientConn.Write(b) continue } bb := make([]byte, len(b)) + if *fast { + clientConn.SetReadDeadline(time.Now().Add(1 * time.Second)) + } else { + clientConn.SetReadDeadline(time.Now().Add(1 * time.Minute)) + } n, err := io.ReadFull(clientConn, bb) if err != nil { t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) @@ -387,7 +695,8 @@ func (test *serverTest) run(t *testing.T, write bool) { clientConn.Close() } - peerCerts := <-peerCertsChan + connState := <-connStateChan + peerCerts := connState.PeerCertificates if len(peerCerts) == len(test.expectedPeerCerts) { for i, peerCert := range peerCerts { block, _ := pem.Decode([]byte(test.expectedPeerCerts[i])) @@ -399,6 +708,12 @@ func (test *serverTest) run(t *testing.T, write bool) { t.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test.name, len(test.expectedPeerCerts), len(peerCerts)) } + if test.validate != nil { + if err := test.validate(connState); err != nil { + t.Fatalf("validate callback returned error: %s", err) + } + } + if write { path := test.dataPath() out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) @@ -408,40 +723,46 @@ func (test *serverTest) run(t *testing.T, write bool) { defer out.Close() recordingConn.Close() if len(recordingConn.flows) < 3 { - childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout) - t.Fatalf("Handshake failed") + if len(test.expectHandshakeErrorIncluding) == 0 { + t.Fatalf("Handshake failed") + } } recordingConn.WriteTo(out) - fmt.Printf("Wrote %s\n", path) + t.Logf("Wrote %s\n", path) childProcess.Wait() } } -func runServerTestForVersion(t *testing.T, template *serverTest, prefix, option string) { +func runServerTestForVersion(t *testing.T, template *serverTest, version, option string) { + // Make a deep copy of the template before going parallel. test := *template - test.name = prefix + test.name + if template.config != nil { + test.config = template.config.Clone() + } + test.name = version + "-" + test.name if len(test.command) == 0 { test.command = defaultClientCommand } test.command = append([]string(nil), test.command...) test.command = append(test.command, option) - test.run(t, *update) -} -func runServerTestSSLv3(t *testing.T, template *serverTest) { - runServerTestForVersion(t, template, "SSLv3-", "-ssl3") + runTestAndUpdateIfNeeded(t, version, test.run, test.wait) } func runServerTestTLS10(t *testing.T, template *serverTest) { - runServerTestForVersion(t, template, "TLSv10-", "-tls1") + runServerTestForVersion(t, template, "TLSv10", "-tls1") } func runServerTestTLS11(t *testing.T, template *serverTest) { - runServerTestForVersion(t, template, "TLSv11-", "-tls1_1") + runServerTestForVersion(t, template, "TLSv11", "-tls1_1") } func runServerTestTLS12(t *testing.T, template *serverTest) { - runServerTestForVersion(t, template, "TLSv12-", "-tls1_2") + runServerTestForVersion(t, template, "TLSv12", "-tls1_2") +} + +func runServerTestTLS13(t *testing.T, template *serverTest) { + runServerTestForVersion(t, template, "TLSv13", "-tls1_3") } func TestHandshakeServerRSARC4(t *testing.T) { @@ -449,7 +770,6 @@ func TestHandshakeServerRSARC4(t *testing.T) { name: "RSA-RC4", command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"}, } - runServerTestSSLv3(t, test) runServerTestTLS10(t, test) runServerTestTLS11(t, test) runServerTestTLS12(t, test) @@ -460,7 +780,6 @@ func TestHandshakeServerRSA3DES(t *testing.T) { name: "RSA-3DES", command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "DES-CBC3-SHA"}, } - runServerTestSSLv3(t, test) runServerTestTLS10(t, test) runServerTestTLS12(t, test) } @@ -470,7 +789,6 @@ func TestHandshakeServerRSAAES(t *testing.T) { name: "RSA-AES", command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, } - runServerTestSSLv3(t, test) runServerTestTLS10(t, test) runServerTestTLS12(t, test) } @@ -483,22 +801,135 @@ func TestHandshakeServerAESGCM(t *testing.T) { runServerTestTLS12(t, test) } -// TODO: figure out why this test is failing -//func TestHandshakeServerECDHEECDSAAES(t *testing.T) { -// config := *testConfig -// config.Certificates = make([]Certificate, 1) -// config.Certificates[0].Certificate = [][]byte{testECDSACertificate} -// config.Certificates[0].PrivateKey = testECDSAPrivateKey -// config.BuildNameToCertificate() -// -// test := &serverTest{ -// name: "ECDHE-ECDSA-AES", -// command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"}, -// config: &config, -// } -// runServerTestTLS10(t, test) -// runServerTestTLS12(t, test) -//} +func TestHandshakeServerAES256GCMSHA384(t *testing.T) { + test := &serverTest{ + name: "RSA-AES256-GCM-SHA384", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384"}, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerAES128SHA256(t *testing.T) { + test := &serverTest{ + name: "AES128-SHA256", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_128_GCM_SHA256"}, + } + runServerTestTLS13(t, test) +} +func TestHandshakeServerAES256SHA384(t *testing.T) { + test := &serverTest{ + name: "AES256-SHA384", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_256_GCM_SHA384"}, + } + runServerTestTLS13(t, test) +} +func TestHandshakeServerCHACHA20SHA256(t *testing.T) { + test := &serverTest{ + name: "CHACHA20-SHA256", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + } + runServerTestTLS13(t, test) +} + +func TestHandshakeServerECDHEECDSAAES(t *testing.T) { + config := testConfig.Clone() + config.Certificates = make([]Certificate, 1) + config.Certificates[0].Certificate = [][]byte{testECDSACertificate} + config.Certificates[0].PrivateKey = testECDSAPrivateKey + config.BuildNameToCertificate() + + test := &serverTest{ + name: "ECDHE-ECDSA-AES", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256"}, + config: config, + } + runServerTestTLS10(t, test) + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerX25519(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{X25519} + + test := &serverTest{ + name: "X25519", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-curves", "X25519"}, + config: config, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerP256(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} + + test := &serverTest{ + name: "P256", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-curves", "P-256"}, + config: config, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerHelloRetryRequest(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} + + test := &serverTest{ + name: "HelloRetryRequest", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-curves", "X25519:P-256"}, + config: config, + } + runServerTestTLS13(t, test) +} + +func TestHandshakeServerALPN(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto1", "proto2"} + + test := &serverTest{ + name: "ALPN", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + command: []string{"openssl", "s_client", "-alpn", "proto2,proto1", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + config: config, + validate: func(state ConnectionState) error { + // The server's preferences should override the client. + if state.NegotiatedProtocol != "proto1" { + return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) + } + return nil + }, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerALPNNoMatch(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto3"} + + test := &serverTest{ + name: "ALPN-NoMatch", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + command: []string{"openssl", "s_client", "-alpn", "proto2,proto1", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + config: config, + validate: func(state ConnectionState) error { + // Rather than reject the connection, Go doesn't select + // a protocol when there is no overlap. + if state.NegotiatedProtocol != "" { + return fmt.Errorf("Got protocol %q, wanted ''", state.NegotiatedProtocol) + } + return nil + }, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} // TestHandshakeServerSNI involves a client sending an SNI extension of // "snitest.com", which happens to match the CN of testSNICertificate. The test @@ -511,146 +942,393 @@ func TestHandshakeServerSNI(t *testing.T) { runServerTestTLS12(t, test) } +// TestHandshakeServerSNICertForName is similar to TestHandshakeServerSNI, but +// tests the dynamic GetCertificate method +func TestHandshakeServerSNIGetCertificate(t *testing.T) { + config := testConfig.Clone() + + // Replace the NameToCertificate map with a GetCertificate function + nameToCert := config.NameToCertificate + config.NameToCertificate = nil + config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + cert := nameToCert[clientHello.ServerName] + return cert, nil + } + test := &serverTest{ + name: "SNI-GetCertificate", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, + config: config, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNICertForNameNotFound is similar to +// TestHandshakeServerSNICertForName, but tests to make sure that when the +// GetCertificate method doesn't return a cert, we fall back to what's in +// the NameToCertificate map. +func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { + config := testConfig.Clone() + + config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, nil + } + test := &serverTest{ + name: "SNI-GetCertificateNotFound", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, + config: config, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNICertForNameError tests to make sure that errors in +// GetCertificate result in a tls alert. +func TestHandshakeServerSNIGetCertificateError(t *testing.T) { + const errMsg = "TestHandshakeServerSNIGetCertificateError error" + + serverConfig := testConfig.Clone() + serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, errors.New(errMsg) + } + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + serverName: "test", + } + testClientHelloFailure(t, serverConfig, clientHello, errMsg) +} + +// TestHandshakeServerEmptyCertificates tests that GetCertificates is called in +// the case that Certificates is empty, even without SNI. +func TestHandshakeServerEmptyCertificates(t *testing.T) { + const errMsg = "TestHandshakeServerEmptyCertificates error" + + serverConfig := testConfig.Clone() + serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, errors.New(errMsg) + } + serverConfig.Certificates = nil + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + testClientHelloFailure(t, serverConfig, clientHello, errMsg) + + // With an empty Certificates and a nil GetCertificate, the server + // should always return a “no certificates” error. + serverConfig.GetCertificate = nil + + clientHello = &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + testClientHelloFailure(t, serverConfig, clientHello, "no certificates") +} + // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate. -// TODO: figure out why this test is failing -//func TestCipherSuiteCertPreferenceECDSA(t *testing.T) { -// config := *testConfig -// config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} -// config.PreferServerCipherSuites = true -// -// test := &serverTest{ -// name: "CipherSuiteCertPreferenceRSA", -// config: &config, -// } -// runServerTestTLS12(t, test) -// -// config = *testConfig -// config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA} -// config.Certificates = []Certificate{ -// Certificate{ -// Certificate: [][]byte{testECDSACertificate}, -// PrivateKey: testECDSAPrivateKey, -// }, -// } -// config.BuildNameToCertificate() -// config.PreferServerCipherSuites = true -// -// test = &serverTest{ -// name: "CipherSuiteCertPreferenceECDSA", -// config: &config, -// } -// runServerTestTLS12(t, test) -//} - -func TestResumption(t *testing.T) { - sessionFilePath := tempFile("") - defer os.Remove(sessionFilePath) +func TestCipherSuiteCertPreferenceECDSA(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} + config.PreferServerCipherSuites = true test := &serverTest{ - name: "IssueTicket", - command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_out", sessionFilePath}, + name: "CipherSuiteCertPreferenceRSA", + config: config, } runServerTestTLS12(t, test) + config = testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA} + config.Certificates = []Certificate{ + { + Certificate: [][]byte{testECDSACertificate}, + PrivateKey: testECDSAPrivateKey, + }, + } + config.BuildNameToCertificate() + config.PreferServerCipherSuites = true + test = &serverTest{ - name: "Resume", - command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_in", sessionFilePath}, + name: "CipherSuiteCertPreferenceECDSA", + config: config, } runServerTestTLS12(t, test) } -func TestResumptionDisabled(t *testing.T) { +func TestServerResumption(t *testing.T) { sessionFilePath := tempFile("") defer os.Remove(sessionFilePath) - config := *testConfig + testIssue := &serverTest{ + name: "IssueTicket", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", "-sess_out", sessionFilePath}, + wait: true, + } + testResume := &serverTest{ + name: "Resume", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", "-sess_in", sessionFilePath}, + validate: func(state ConnectionState) error { + if !state.DidResume { + return errors.New("did not resume") + } + return nil + }, + } + + runServerTestTLS12(t, testIssue) + runServerTestTLS12(t, testResume) - test := &serverTest{ + runServerTestTLS13(t, testIssue) + runServerTestTLS13(t, testResume) + + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} + + testResumeHRR := &serverTest{ + name: "Resume-HelloRetryRequest", + command: []string{"openssl", "s_client", "-curves", "X25519:P-256", "-cipher", "AES128-SHA", "-ciphersuites", + "TLS_AES_128_GCM_SHA256", "-sess_in", sessionFilePath}, + config: config, + validate: func(state ConnectionState) error { + if !state.DidResume { + return errors.New("did not resume") + } + return nil + }, + } + + runServerTestTLS13(t, testResumeHRR) +} + +func TestServerResumptionDisabled(t *testing.T) { + sessionFilePath := tempFile("") + defer os.Remove(sessionFilePath) + + config := testConfig.Clone() + + testIssue := &serverTest{ name: "IssueTicketPreDisable", - command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_out", sessionFilePath}, - config: &config, + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", "-sess_out", sessionFilePath}, + config: config, + wait: true, + } + testResume := &serverTest{ + name: "ResumeDisabled", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", "-sess_in", sessionFilePath}, + config: config, + validate: func(state ConnectionState) error { + if state.DidResume { + return errors.New("resumed with SessionTicketsDisabled") + } + return nil + }, } - runServerTestTLS12(t, test) + config.SessionTicketsDisabled = false + runServerTestTLS12(t, testIssue) config.SessionTicketsDisabled = true + runServerTestTLS12(t, testResume) + + config.SessionTicketsDisabled = false + runServerTestTLS13(t, testIssue) + config.SessionTicketsDisabled = true + runServerTestTLS13(t, testResume) +} + +func TestFallbackSCSV(t *testing.T) { + serverConfig := Config{ + Certificates: testConfig.Certificates, + } + test := &serverTest{ + name: "FallbackSCSV", + config: &serverConfig, + // OpenSSL 1.0.1j is needed for the -fallback_scsv option. + command: []string{"openssl", "s_client", "-fallback_scsv"}, + expectHandshakeErrorIncluding: "inappropriate protocol fallback", + } + runServerTestTLS11(t, test) +} + +func TestHandshakeServerExportKeyingMaterial(t *testing.T) { + test := &serverTest{ + name: "ExportKeyingMaterial", + command: []string{"openssl", "s_client", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + config: testConfig.Clone(), + validate: func(state ConnectionState) error { + if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil { + return fmt.Errorf("ExportKeyingMaterial failed: %v", err) + } else if len(km) != 42 { + return fmt.Errorf("Got %d bytes from ExportKeyingMaterial, wanted %d", len(km), 42) + } + return nil + }, + } + runServerTestTLS10(t, test) + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerRSAPKCS1v15(t *testing.T) { + test := &serverTest{ + name: "RSA-RSAPKCS1v15", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-sigalgs", "rsa_pkcs1_sha256"}, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerRSAPSS(t *testing.T) { + // We send rsa_pss_rsae_sha512 first, as the test key won't fit, and we + // verify the server implementation will disregard the client preference in + // that case. See Issue 29793. + test := &serverTest{ + name: "RSA-RSAPSS", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-sigalgs", "rsa_pss_rsae_sha512:rsa_pss_rsae_sha256"}, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) test = &serverTest{ - name: "ResumeDisabled", - command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_in", sessionFilePath}, - config: &config, + name: "RSA-RSAPSS-TooSmall", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-sigalgs", "rsa_pss_rsae_sha512"}, + expectHandshakeErrorIncluding: "peer doesn't support any of the certificate's signature algorithms", + } + runServerTestTLS13(t, test) +} + +func TestHandshakeServerEd25519(t *testing.T) { + config := testConfig.Clone() + config.Certificates = make([]Certificate, 1) + config.Certificates[0].Certificate = [][]byte{testEd25519Certificate} + config.Certificates[0].PrivateKey = testEd25519PrivateKey + config.BuildNameToCertificate() + + test := &serverTest{ + name: "Ed25519", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + config: config, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func benchmarkHandshakeServer(b *testing.B, version uint16, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) { + config := testConfig.Clone() + config.CipherSuites = []uint16{cipherSuite} + config.CurvePreferences = []CurveID{curve} + config.Certificates = make([]Certificate, 1) + config.Certificates[0].Certificate = [][]byte{cert} + config.Certificates[0].PrivateKey = key + config.BuildNameToCertificate() + + clientConn, serverConn := localPipe(b) + serverConn = &recordingConn{Conn: serverConn} + go func() { + config := testConfig.Clone() + config.MaxVersion = version + config.CurvePreferences = []CurveID{curve} + client := Client(clientConn, config) + client.Handshake() + }() + server := Server(serverConn, config) + if err := server.Handshake(); err != nil { + b.Fatalf("handshake failed: %v", err) + } + serverConn.Close() + flows := serverConn.(*recordingConn).flows + + feeder := make(chan struct{}) + clientConn, serverConn = localPipe(b) + + go func() { + for range feeder { + for i, f := range flows { + if i%2 == 0 { + clientConn.Write(f) + continue + } + ff := make([]byte, len(f)) + n, err := io.ReadFull(clientConn, ff) + if err != nil { + b.Errorf("#%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", i+1, err, n, len(ff), ff[:n], f) + } + if !bytes.Equal(f, ff) { + b.Errorf("#%d: mismatch on read: got:%x want:%x", i+1, ff, f) + } + } + } + }() - // One needs to manually confirm that the handshake in the golden data - // file for ResumeDisabled does not include a resumption handshake. -} - -// cert.pem and key.pem were generated with generate_cert.go -// Thus, they have no ExtKeyUsage fields and trigger an error -// when verification is turned on. - -const clientCertificatePEM = ` ------BEGIN CERTIFICATE----- -MIIB7TCCAVigAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD -bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIwODA3NTUxMloXDTEyMTIwNzA4 -MDAxMlowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGc -MAsGCSqGSIb3DQEBAQOBjAAwgYgCgYBO0Hsx44Jk2VnAwoekXh6LczPHY1PfZpIG -hPZk1Y/kNqcdK+izIDZFI7Xjla7t4PUgnI2V339aEu+H5Fto5OkOdOwEin/ekyfE -ARl6vfLcPRSr0FTKIQzQTW6HLlzF0rtNS0/Otiz3fojsfNcCkXSmHgwa2uNKWi7e -E5xMQIhZkwIDAQABozIwMDAOBgNVHQ8BAf8EBAMCAKAwDQYDVR0OBAYEBAECAwQw -DwYDVR0jBAgwBoAEAQIDBDALBgkqhkiG9w0BAQUDgYEANh+zegx1yW43RmEr1b3A -p0vMRpqBWHyFeSnIyMZn3TJWRSt1tukkqVCavh9a+hoV2cxVlXIWg7nCto/9iIw4 -hB2rXZIxE0/9gzvGnfERYraL7KtnvshksBFQRlgXa5kc0x38BvEO5ZaoDPl4ILdE -GFGNEH5PlGffo05wc46QkYU= ------END CERTIFICATE-----` - -const clientKeyPEM = ` ------BEGIN RSA PRIVATE KEY----- -MIICWgIBAAKBgE7QezHjgmTZWcDCh6ReHotzM8djU99mkgaE9mTVj+Q2px0r6LMg -NkUjteOVru3g9SCcjZXff1oS74fkW2jk6Q507ASKf96TJ8QBGXq98tw9FKvQVMoh -DNBNbocuXMXSu01LT862LPd+iOx81wKRdKYeDBra40paLt4TnExAiFmTAgMBAAEC -gYBxvXd8yNteFTns8A/2yomEMC4yeosJJSpp1CsN3BJ7g8/qTnrVPxBy+RU+qr63 -t2WquaOu/cr5P8iEsa6lk20tf8pjKLNXeX0b1RTzK8rJLbS7nGzP3tvOhL096VtQ -dAo4ROEaro0TzYpHmpciSvxVIeEIAAdFDObDJPKqcJAxyQJBAJizfYgK8Gzx9fsx -hxp+VteCbVPg2euASH5Yv3K5LukRdKoSzHE2grUVQgN/LafC0eZibRanxHegYSr7 -7qaswKUCQQCEIWor/X4XTMdVj3Oj+vpiw75y/S9gh682+myZL+d/02IEkwnB098P -RkKVpenBHyrGg0oeN5La7URILWKj7CPXAkBKo6F+d+phNjwIFoN1Xb/RA32w/D1I -saG9sF+UEhRt9AxUfW/U/tIQ9V0ZHHcSg1XaCM5Nvp934brdKdvTOKnJAkBD5h/3 -Rybatlvg/fzBEaJFyq09zhngkxlZOUtBVTqzl17RVvY2orgH02U4HbCHy4phxOn7 -qTdQRYlHRftgnWK1AkANibn9PRYJ7mJyJ9Dyj2QeNcSkSTzrt0tPvUMf4+meJymN -1Ntu5+S1DLLzfxlaljWG6ylW6DNxujCyuXIV2rvA ------END RSA PRIVATE KEY-----` - -const clientECDSACertificatePEM = ` ------BEGIN CERTIFICATE----- -MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw -EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 -eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG -EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK -b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv -ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs -jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q -ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg -C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa -2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw -jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes= ------END CERTIFICATE-----` - -const clientECDSAKeyPEM = ` ------BEGIN EC PARAMETERS----- -BgUrgQQAIw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8 -k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1 -FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd -3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx -+U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q== ------END EC PRIVATE KEY-----` + b.ResetTimer() + for i := 0; i < b.N; i++ { + feeder <- struct{}{} + server := Server(serverConn, config) + if err := server.Handshake(); err != nil { + b.Fatalf("handshake failed: %v", err) + } + } + close(feeder) +} + +func BenchmarkHandshakeServer(b *testing.B) { + b.Run("RSA", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS12, TLS_RSA_WITH_AES_128_GCM_SHA256, + 0, testRSACertificate, testRSAPrivateKey) + }) + b.Run("ECDHE-P256-RSA", func(b *testing.B) { + b.Run("TLSv13", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + CurveP256, testRSACertificate, testRSAPrivateKey) + }) + b.Run("TLSv12", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + CurveP256, testRSACertificate, testRSAPrivateKey) + }) + }) + b.Run("ECDHE-P256-ECDSA-P256", func(b *testing.B) { + b.Run("TLSv13", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + CurveP256, testP256Certificate, testP256PrivateKey) + }) + b.Run("TLSv12", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + CurveP256, testP256Certificate, testP256PrivateKey) + }) + }) + b.Run("ECDHE-X25519-ECDSA-P256", func(b *testing.B) { + b.Run("TLSv13", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + X25519, testP256Certificate, testP256PrivateKey) + }) + b.Run("TLSv12", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + X25519, testP256Certificate, testP256PrivateKey) + }) + }) + b.Run("ECDHE-P521-ECDSA-P521", func(b *testing.B) { + if testECDSAPrivateKey.PublicKey.Curve != elliptic.P521() { + b.Fatal("test ECDSA key doesn't use curve P-521") + } + b.Run("TLSv13", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + CurveP521, testECDSACertificate, testECDSAPrivateKey) + }) + b.Run("TLSv12", func(b *testing.B) { + benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + CurveP521, testECDSACertificate, testECDSAPrivateKey) + }) + }) +} func TestClientAuth(t *testing.T) { - var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath string + var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath, ed25519CertPath, ed25519KeyPath string if *update { certPath = tempFile(clientCertificatePEM) @@ -661,33 +1339,113 @@ func TestClientAuth(t *testing.T) { defer os.Remove(ecdsaCertPath) ecdsaKeyPath = tempFile(clientECDSAKeyPEM) defer os.Remove(ecdsaKeyPath) + ed25519CertPath = tempFile(clientEd25519CertificatePEM) + defer os.Remove(ed25519CertPath) + ed25519KeyPath = tempFile(clientEd25519KeyPEM) + defer os.Remove(ed25519KeyPath) + } else { + t.Parallel() } - config := *testConfig + config := testConfig.Clone() config.ClientAuth = RequestClientCert test := &serverTest{ name: "ClientAuthRequestedNotGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"}, - config: &config, + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256"}, + config: config, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) test = &serverTest{ - name: "ClientAuthRequestedAndGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA", "-cert", certPath, "-key", keyPath}, - config: &config, + name: "ClientAuthRequestedAndGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", + "-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"}, + config: config, expectedPeerCerts: []string{clientCertificatePEM}, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) test = &serverTest{ - name: "ClientAuthRequestedAndECDSAGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA", "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, - config: &config, + name: "ClientAuthRequestedAndECDSAGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", + "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, + config: config, expectedPeerCerts: []string{clientECDSACertificatePEM}, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndEd25519Given", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256", + "-cert", ed25519CertPath, "-key", ed25519KeyPath}, + config: config, + expectedPeerCerts: []string{clientEd25519CertificatePEM}, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndPKCS1v15Given", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pkcs1_sha256"}, + config: config, + expectedPeerCerts: []string{clientCertificatePEM}, + } + runServerTestTLS12(t, test) +} + +func TestSNIGivenOnFailure(t *testing.T) { + const expectedServerName = "test.testing" + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + random: make([]byte, 32), + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + serverName: expectedServerName, + } + + serverConfig := testConfig.Clone() + // Erase the server's cipher suites to ensure the handshake fails. + serverConfig.CipherSuites = nil + + c, s := localPipe(t) + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + c.Close() + }() + conn := Server(s, serverConfig) + ch, err := conn.readClientHello() + hs := serverHandshakeState{ + c: conn, + clientHello: ch, + } + if err == nil { + err = hs.processClientHello() + } + if err == nil { + err = hs.pickCipherSuite() + } + defer s.Close() + + if err == nil { + t.Error("No error reported from server") + } + + cs := hs.c.ConnectionState() + if cs.HandshakeComplete { + t.Error("Handshake registered as complete") + } + + if cs.ServerName != expectedServerName { + t.Errorf("Expected ServerName of %q, but got %q", expectedServerName, cs.ServerName) + } } var getConfigForClientTests = []struct { @@ -712,20 +1470,18 @@ var getConfigForClientTests = []struct { "should bubble up", nil, }, - /* TODO: Find out why this test hangs { nil, func(clientHello *ClientHelloInfo) (*Config, error) { config := testConfig.Clone() // Setting a maximum version of TLS 1.1 should cause - // the handshake to fail. + // the handshake to fail, as the client MinVersion is TLS 1.2. config.MaxVersion = VersionTLS11 return config, nil }, - "version 301 when expecting version 302", + "client offered only unsupported versions", nil, }, - */ { func(config *Config) { for i := range config.SessionTicketKey { @@ -743,12 +1499,8 @@ var getConfigForClientTests = []struct { }, "", func(config *Config) error { - // The value of SessionTicketKey should have been - // duplicated into the per-connection Config. - for i := range config.SessionTicketKey { - if b := config.SessionTicketKey[i]; b != byte(i) { - return fmt.Errorf("SessionTicketKey was not duplicated from original Config: byte %d has value %d", i, b) - } + if config.SessionTicketKey == [32]byte{} { + return fmt.Errorf("expected SessionTicketKey to be set") } return nil }, @@ -769,10 +1521,8 @@ var getConfigForClientTests = []struct { }, "", func(config *Config) error { - // The session ticket keys should have been duplicated - // into the per-connection Config. - if l := len(config.sessionTicketKeys); l != 1 { - return fmt.Errorf("got len(sessionTicketKeys) == %d, wanted 1", l) + if config.SessionTicketKey == [32]byte{} { + return fmt.Errorf("expected SessionTicketKey to be set") } return nil }, @@ -795,7 +1545,7 @@ func TestGetConfigForClient(t *testing.T) { configReturned = config return config, err } - c, s := net.Pipe() + c, s := localPipe(t) done := make(chan error) go func() { @@ -827,40 +1577,365 @@ func TestGetConfigForClient(t *testing.T) { } } -func bigFromString(s string) *big.Int { - ret := new(big.Int) - ret.SetString(s, 10) - return ret +func TestCloseServerConnectionOnIdleClient(t *testing.T) { + clientConn, serverConn := localPipe(t) + server := Server(serverConn, testConfig.Clone()) + go func() { + clientConn.Write([]byte{'0'}) + server.Close() + }() + server.SetReadDeadline(time.Now().Add(time.Minute)) + err := server.Handshake() + if err != nil { + if err, ok := err.(net.Error); ok && err.Timeout() { + t.Errorf("Expected a closed network connection error but got '%s'", err.Error()) + } + } else { + t.Errorf("Error expected, but no error returned") + } } -func fromHex(s string) []byte { - b, _ := hex.DecodeString(s) - return b +func TestCloneHash(t *testing.T) { + h1 := crypto.SHA256.New() + h1.Write([]byte("test")) + s1 := h1.Sum(nil) + h2 := cloneHash(h1, crypto.SHA256) + s2 := h2.Sum(nil) + if !bytes.Equal(s1, s2) { + t.Error("cloned hash generated a different sum") + } } -var testRSACertificate = fromHex("308202b030820219a00302010202090085b0bba48a7fb8ca300d06092a864886f70d01010505003045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3130303432343039303933385a170d3131303432343039303933385a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819f300d06092a864886f70d010101050003818d0030818902818100bb79d6f517b5e5bf4610d0dc69bee62b07435ad0032d8a7a4385b71452e7a5654c2c78b8238cb5b482e5de1f953b7e62a52ca533d6fe125c7a56fcf506bffa587b263fb5cd04d3d0c921964ac7f4549f5abfef427100fe1899077f7e887d7df10439c4a22edb51c97ce3c04c3b326601cfafb11db8719a1ddbdb896baeda2d790203010001a381a73081a4301d0603551d0e04160414b1ade2855acfcb28db69ce2369ded3268e18883930750603551d23046e306c8014b1ade2855acfcb28db69ce2369ded3268e188839a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746482090085b0bba48a7fb8ca300c0603551d13040530030101ff300d06092a864886f70d010105050003818100086c4524c76bb159ab0c52ccf2b014d7879d7a6475b55a9566e4c52b8eae12661feb4f38b36e60d392fdf74108b52513b1187a24fb301dbaed98b917ece7d73159db95d31d78ea50565cd5825a2d5a5f33c4b6d8c97590968c0f5298b5cd981f89205ff2a01ca31b9694dda9fd57e970e8266d71999b266e3850296c90a7bdd9") +func expectError(t *testing.T, err error, sub string) { + if err == nil { + t.Errorf(`expected error %q, got nil`, sub) + } else if !strings.Contains(err.Error(), sub) { + t.Errorf(`expected error %q, got %q`, sub, err) + } +} + +func TestKeyTooSmallForRSAPSS(t *testing.T) { + cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE----- +MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy +OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd +ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ +nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE +DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu +Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q +KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA== +-----END CERTIFICATE-----`), []byte(testingKey(`-----BEGIN RSA TESTING KEY----- +MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T +HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/ +yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z +4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz +nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd +hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s +T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g +-----END RSA TESTING KEY-----`))) + if err != nil { + t.Fatal(err) + } -var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a") + clientConn, serverConn := localPipe(t) + client := Client(clientConn, testConfig) + done := make(chan struct{}) + go func() { + config := testConfig.Clone() + config.Certificates = []Certificate{cert} + config.MinVersion = VersionTLS13 + server := Server(serverConn, config) + err := server.Handshake() + expectError(t, err, "key size too small") + close(done) + }() + err = client.Handshake() + expectError(t, err, "handshake failure") + <-done +} -var testSNICertificate = fromHex("308201f23082015da003020102020100300b06092a864886f70d01010530283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d301e170d3132303431313137343033355a170d3133303431313137343533355a30283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d30819d300b06092a864886f70d01010103818d0030818902818100bb79d6f517b5e5bf4610d0dc69bee62b07435ad0032d8a7a4385b71452e7a5654c2c78b8238cb5b482e5de1f953b7e62a52ca533d6fe125c7a56fcf506bffa587b263fb5cd04d3d0c921964ac7f4549f5abfef427100fe1899077f7e887d7df10439c4a22edb51c97ce3c04c3b326601cfafb11db8719a1ddbdb896baeda2d790203010001a3323030300e0603551d0f0101ff0404030200a0300d0603551d0e0406040401020304300f0603551d2304083006800401020304300b06092a864886f70d0101050381810089c6455f1c1f5ef8eb1ab174ee2439059f5c4259bb1a8d86cdb1d056f56a717da40e95ab90f59e8deaf627c157995094db0802266eb34fc6842dea8a4b68d9c1389103ab84fb9e1f85d9b5d23ff2312c8670fbb540148245a4ebafe264d90c8a4cf4f85b0fac12ac2fc4a3154bad52462868af96c62c6525d652b6e31845bdcc") +func TestMultipleCertificates(t *testing.T) { + clientConfig := testConfig.Clone() + clientConfig.CipherSuites = []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256} + clientConfig.MaxVersion = VersionTLS12 -var testRSAPrivateKey = &rsa.PrivateKey{ - PublicKey: rsa.PublicKey{ - N: bigFromString("131650079503776001033793877885499001334664249354723305978524647182322416328664556247316495448366990052837680518067798333412266673813370895702118944398081598789828837447552603077848001020611640547221687072142537202428102790818451901395596882588063427854225330436740647715202971973145151161964464812406232198521"), - E: 65537, - }, - D: bigFromString("29354450337804273969007277378287027274721892607543397931919078829901848876371746653677097639302788129485893852488285045793268732234230875671682624082413996177431586734171663258657462237320300610850244186316880055243099640544518318093544057213190320837094958164973959123058337475052510833916491060913053867729"), - Primes: []*big.Int{ - bigFromString("11969277782311800166562047708379380720136961987713178380670422671426759650127150688426177829077494755200794297055316163155755835813760102405344560929062149"), - bigFromString("10998999429884441391899182616418192492905073053684657075974935218461686523870125521822756579792315215543092255516093840728890783887287417039645833477273829"), - }, + serverConfig := testConfig.Clone() + serverConfig.Certificates = []Certificate{{ + Certificate: [][]byte{testECDSACertificate}, + PrivateKey: testECDSAPrivateKey, + }, { + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + }} + + _, clientState, err := testHandshake(t, clientConfig, serverConfig) + if err != nil { + t.Fatal(err) + } + if got := clientState.PeerCertificates[0].PublicKeyAlgorithm; got != x509.RSA { + t.Errorf("expected RSA certificate, got %v", got) + } } -var testECDSAPrivateKey = &ecdsa.PrivateKey{ - PublicKey: ecdsa.PublicKey{ - Curve: elliptic.P521(), - X: bigFromString("2636411247892461147287360222306590634450676461695221912739908880441342231985950069527906976759812296359387337367668045707086543273113073382714101597903639351"), - Y: bigFromString("3204695818431246682253994090650952614555094516658732116404513121125038617915183037601737180082382202488628239201196033284060130040574800684774115478859677243"), - }, - D: bigFromString("5477294338614160138026852784385529180817726002953041720191098180813046231640184669647735805135001309477695746518160084669446643325196003346204701381388769751"), +func TestAESCipherReordering(t *testing.T) { + currentAESSupport := hasAESGCMHardwareSupport + defer func() { hasAESGCMHardwareSupport = currentAESSupport; initDefaultCipherSuites() }() + + tests := []struct { + name string + clientCiphers []uint16 + serverHasAESGCM bool + preferServerCipherSuites bool + serverCiphers []uint16 + expectedCipher uint16 + }{ + { + name: "server has hardware AES, client doesn't (pick ChaCha)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: true, + preferServerCipherSuites: true, + expectedCipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + }, + { + name: "server strongly prefers AES-GCM, client doesn't (pick AES-GCM)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: true, + preferServerCipherSuites: true, + serverCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES-GCM, server doesn't have hardware AES (pick ChaCha)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: false, + expectedCipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + }, + { + name: "client prefers AES-GCM, server has hardware AES (pick AES-GCM)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: true, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES-GCM and sends GREASE, server has hardware AES (pick AES-GCM)", + clientCiphers: []uint16{ + 0x0A0A, // GREASE value + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: true, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES-GCM and doesn't support ChaCha, server doesn't have hardware AES (pick AES-GCM)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: false, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES-GCM and AES-CBC over ChaCha, server doesn't have hardware AES (pick AES-GCM)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + }, + serverHasAESGCM: false, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES-GCM over ChaCha and sends GREASE, server doesn't have hardware AES (pick ChaCha)", + clientCiphers: []uint16{ + 0x0A0A, // GREASE value + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_RSA_WITH_AES_128_CBC_SHA, + }, + serverHasAESGCM: false, + expectedCipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + }, + { + name: "client supports multiple AES-GCM, server doesn't have hardware AES and doesn't support ChaCha (pick corrent AES-GCM)", + clientCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + serverHasAESGCM: false, + serverCiphers: []uint16{ + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + expectedCipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + hasAESGCMHardwareSupport = tc.serverHasAESGCM + initDefaultCipherSuites() + hs := &serverHandshakeState{ + c: &Conn{ + config: &Config{ + PreferServerCipherSuites: tc.preferServerCipherSuites, + CipherSuites: tc.serverCiphers, + }, + vers: VersionTLS12, + }, + clientHello: &clientHelloMsg{ + cipherSuites: tc.clientCiphers, + vers: VersionTLS12, + }, + ecdheOk: true, + rsaSignOk: true, + rsaDecryptOk: true, + } + + err := hs.pickCipherSuite() + if err != nil { + t.Errorf("pickCipherSuite failed: %s", err) + } + + if tc.expectedCipher != hs.suite.id { + t.Errorf("unexpected cipher chosen: want %d, got %d", tc.expectedCipher, hs.suite.id) + } + }) + } +} + +func TestAESCipherReordering13(t *testing.T) { + currentAESSupport := hasAESGCMHardwareSupport + defer func() { hasAESGCMHardwareSupport = currentAESSupport; initDefaultCipherSuites() }() + + tests := []struct { + name string + clientCiphers []uint16 + serverHasAESGCM bool + preferServerCipherSuites bool + expectedCipher uint16 + }{ + { + name: "server has hardware AES, client doesn't (pick ChaCha)", + clientCiphers: []uint16{ + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_128_GCM_SHA256, + }, + serverHasAESGCM: true, + preferServerCipherSuites: true, + expectedCipher: TLS_CHACHA20_POLY1305_SHA256, + }, + { + name: "neither server nor client have hardware AES (pick ChaCha)", + clientCiphers: []uint16{ + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_128_GCM_SHA256, + }, + serverHasAESGCM: false, + preferServerCipherSuites: true, + expectedCipher: TLS_CHACHA20_POLY1305_SHA256, + }, + { + name: "client prefers AES, server doesn't have hardware, prefer server ciphers (pick ChaCha)", + clientCiphers: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + }, + serverHasAESGCM: false, + preferServerCipherSuites: true, + expectedCipher: TLS_CHACHA20_POLY1305_SHA256, + }, + { + name: "client prefers AES and sends GREASE, server doesn't have hardware, prefer server ciphers (pick ChaCha)", + clientCiphers: []uint16{ + 0x0A0A, // GREASE value + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + }, + serverHasAESGCM: false, + preferServerCipherSuites: true, + expectedCipher: TLS_CHACHA20_POLY1305_SHA256, + }, + { + name: "client prefers AES, server doesn't (pick ChaCha)", + clientCiphers: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + }, + serverHasAESGCM: false, + expectedCipher: TLS_CHACHA20_POLY1305_SHA256, + }, + { + name: "client prefers AES, server has hardware AES (pick AES)", + clientCiphers: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + }, + serverHasAESGCM: true, + expectedCipher: TLS_AES_128_GCM_SHA256, + }, + { + name: "client prefers AES and sends GREASE, server has hardware AES (pick AES)", + clientCiphers: []uint16{ + 0x0A0A, // GREASE value + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + }, + serverHasAESGCM: true, + expectedCipher: TLS_AES_128_GCM_SHA256, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + hasAESGCMHardwareSupport = tc.serverHasAESGCM + initDefaultCipherSuites() + hs := &serverHandshakeStateTLS13{ + c: &Conn{ + config: &Config{ + PreferServerCipherSuites: tc.preferServerCipherSuites, + }, + vers: VersionTLS13, + }, + clientHello: &clientHelloMsg{ + cipherSuites: tc.clientCiphers, + supportedVersions: []uint16{VersionTLS13}, + compressionMethods: []uint8{compressionNone}, + keyShares: []keyShare{{group: X25519, data: curve25519.Basepoint}}, + }, + } + + err := hs.processClientHello() + if err != nil { + t.Errorf("pickCipherSuite failed: %s", err) + } + + if tc.expectedCipher != hs.suite.id { + t.Errorf("unexpected cipher chosen: want %d, got %d", tc.expectedCipher, hs.suite.id) + } + }) + } } diff --git a/tls/handshake_server_tls13.go b/tls/handshake_server_tls13.go new file mode 100644 index 00000000..c2c288ae --- /dev/null +++ b/tls/handshake_server_tls13.go @@ -0,0 +1,872 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto" + "crypto/hmac" + "crypto/rsa" + "errors" + "hash" + "io" + "sync/atomic" + "time" +) + +// maxClientPSKIdentities is the number of client PSK identities the server will +// attempt to validate. It will ignore the rest not to let cheap ClientHello +// messages cause too much work in session ticket decryption attempts. +const maxClientPSKIdentities = 5 + +type serverHandshakeStateTLS13 struct { + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + sentDummyCCS bool + usingPSK bool + suite *cipherSuiteTLS13 + cert *Certificate + sigAlg SignatureScheme + earlySecret []byte + sharedKey []byte + handshakeSecret []byte + masterSecret []byte + trafficSecret []byte // client_application_traffic_secret_0 + transcript hash.Hash + clientFinished []byte +} + +func (hs *serverHandshakeStateTLS13) handshake() error { + c := hs.c + + // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. + if err := hs.processClientHello(); err != nil { + return err + } + if err := hs.checkForResumption(); err != nil { + return err + } + if err := hs.pickCertificate(); err != nil { + return err + } + c.buffering = true + if err := hs.sendServerParameters(); err != nil { + return err + } + if err := hs.sendServerCertificate(); err != nil { + return err + } + if err := hs.sendServerFinished(); err != nil { + return err + } + // Note that at this point we could start sending application data without + // waiting for the client's second flight, but the application might not + // expect the lack of replay protection of the ClientHello parameters. + if _, err := c.flush(); err != nil { + return err + } + if err := hs.readClientCertificate(); err != nil { + return err + } + if err := hs.readClientFinished(); err != nil { + return err + } + + atomic.StoreUint32(&c.handshakeStatus, 1) + + return nil +} + +func (hs *serverHandshakeStateTLS13) processClientHello() error { + c := hs.c + + hs.hello = new(serverHelloMsg) + + // TLS 1.3 froze the ServerHello.legacy_version field, and uses + // supported_versions instead. See RFC 8446, sections 4.1.3 and 4.2.1. + hs.hello.vers = VersionTLS12 + hs.hello.supportedVersion = c.vers + + if len(hs.clientHello.supportedVersions) == 0 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client used the legacy version field to negotiate TLS 1.3") + } + + // Abort if the client is doing a fallback and landing lower than what we + // support. See RFC 7507, which however does not specify the interaction + // with supported_versions. The only difference is that with + // supported_versions a client has a chance to attempt a [TLS 1.2, TLS 1.4] + // handshake in case TLS 1.3 is broken but 1.2 is not. Alas, in that case, + // it will have to drop the TLS_FALLBACK_SCSV protection if it falls back to + // TLS 1.2, because a TLS 1.3 server would abort here. The situation before + // supported_versions was not better because there was just no way to do a + // TLS 1.4 handshake without risking the server selecting TLS 1.3. + for _, id := range hs.clientHello.cipherSuites { + if id == TLS_FALLBACK_SCSV { + // Use c.vers instead of max(supported_versions) because an attacker + // could defeat this by adding an arbitrary high version otherwise. + if c.vers < c.config.maxSupportedVersion() { + c.sendAlert(alertInappropriateFallback) + return errors.New("tls: client using inappropriate protocol fallback") + } + break + } + } + + if len(hs.clientHello.compressionMethods) != 1 || + hs.clientHello.compressionMethods[0] != compressionNone { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: TLS 1.3 client supports illegal compression methods") + } + + hs.hello.random = make([]byte, 32) + if _, err := io.ReadFull(c.config.rand(), hs.hello.random); err != nil { + c.sendAlert(alertInternalError) + return err + } + + if len(hs.clientHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: initial handshake had non-empty renegotiation extension") + } + + if hs.clientHello.earlyData { + // See RFC 8446, Section 4.2.10 for the complicated behavior required + // here. The scenario is that a different server at our address offered + // to accept early data in the past, which we can't handle. For now, all + // 0-RTT enabled session tickets need to expire before a Go server can + // replace a server or join a pool. That's the same requirement that + // applies to mixing or replacing with any TLS 1.2 server. + c.sendAlert(alertUnsupportedExtension) + return errors.New("tls: client sent unexpected early data") + } + + hs.hello.sessionId = hs.clientHello.sessionId + hs.hello.compressionMethod = compressionNone + + var preferenceList, supportedList []uint16 + if c.config.PreferServerCipherSuites { + preferenceList = defaultCipherSuitesTLS13() + supportedList = hs.clientHello.cipherSuites + + // If the client does not seem to have hardware support for AES-GCM, + // prefer other AEAD ciphers even if we prioritized AES-GCM ciphers + // by default. + if !aesgcmPreferred(hs.clientHello.cipherSuites) { + preferenceList = deprioritizeAES(preferenceList) + } + } else { + preferenceList = hs.clientHello.cipherSuites + supportedList = defaultCipherSuitesTLS13() + + // If we don't have hardware support for AES-GCM, prefer other AEAD + // ciphers even if the client prioritized AES-GCM. + if !hasAESGCMHardwareSupport { + preferenceList = deprioritizeAES(preferenceList) + } + } + for _, suiteID := range preferenceList { + hs.suite = mutualCipherSuiteTLS13(supportedList, suiteID) + if hs.suite != nil { + break + } + } + if hs.suite == nil { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: no cipher suite supported by both client and server") + } + c.cipherSuite = hs.suite.id + hs.hello.cipherSuite = hs.suite.id + hs.transcript = hs.suite.hash.New() + + // Pick the ECDHE group in server preference order, but give priority to + // groups with a key share, to avoid a HelloRetryRequest round-trip. + var selectedGroup CurveID + var clientKeyShare *keyShare +GroupSelection: + for _, preferredGroup := range c.config.curvePreferences() { + for _, ks := range hs.clientHello.keyShares { + if ks.group == preferredGroup { + selectedGroup = ks.group + clientKeyShare = &ks + break GroupSelection + } + } + if selectedGroup != 0 { + continue + } + for _, group := range hs.clientHello.supportedCurves { + if group == preferredGroup { + selectedGroup = group + break + } + } + } + if selectedGroup == 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: no ECDHE curve supported by both client and server") + } + if clientKeyShare == nil { + if err := hs.doHelloRetryRequest(selectedGroup); err != nil { + return err + } + clientKeyShare = &hs.clientHello.keyShares[0] + } + + if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && !ok { + c.sendAlert(alertInternalError) + return errors.New("tls: CurvePreferences includes unsupported curve") + } + params, err := generateECDHEParameters(c.config.rand(), selectedGroup) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()} + hs.sharedKey = params.SharedKey(clientKeyShare.data) + if hs.sharedKey == nil { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: invalid client key share") + } + + c.serverName = hs.clientHello.serverName + return nil +} + +func (hs *serverHandshakeStateTLS13) checkForResumption() error { + c := hs.c + + if c.config.SessionTicketsDisabled { + return nil + } + + modeOK := false + for _, mode := range hs.clientHello.pskModes { + if mode == pskModeDHE { + modeOK = true + break + } + } + if !modeOK { + return nil + } + + if len(hs.clientHello.pskIdentities) != len(hs.clientHello.pskBinders) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: invalid or missing PSK binders") + } + if len(hs.clientHello.pskIdentities) == 0 { + return nil + } + + for i, identity := range hs.clientHello.pskIdentities { + if i >= maxClientPSKIdentities { + break + } + + plaintext, _ := c.decryptTicket(identity.label) + if plaintext == nil { + continue + } + sessionState := new(sessionStateTLS13) + if ok := sessionState.unmarshal(plaintext); !ok { + continue + } + + createdAt := time.Unix(int64(sessionState.createdAt), 0) + if c.config.time().Sub(createdAt) > maxSessionTicketLifetime { + continue + } + + // We don't check the obfuscated ticket age because it's affected by + // clock skew and it's only a freshness signal useful for shrinking the + // window for replay attacks, which don't affect us as we don't do 0-RTT. + + pskSuite := cipherSuiteTLS13ByID(sessionState.cipherSuite) + if pskSuite == nil || pskSuite.hash != hs.suite.hash { + continue + } + + // PSK connections don't re-establish client certificates, but carry + // them over in the session ticket. Ensure the presence of client certs + // in the ticket is consistent with the configured requirements. + sessionHasClientCerts := len(sessionState.certificate.Certificate) != 0 + needClientCerts := requiresClientCert(c.config.ClientAuth) + if needClientCerts && !sessionHasClientCerts { + continue + } + if sessionHasClientCerts && c.config.ClientAuth == NoClientCert { + continue + } + + psk := hs.suite.expandLabel(sessionState.resumptionSecret, "resumption", + nil, hs.suite.hash.Size()) + hs.earlySecret = hs.suite.extract(psk, nil) + binderKey := hs.suite.deriveSecret(hs.earlySecret, resumptionBinderLabel, nil) + // Clone the transcript in case a HelloRetryRequest was recorded. + transcript := cloneHash(hs.transcript, hs.suite.hash) + if transcript == nil { + c.sendAlert(alertInternalError) + return errors.New("tls: internal error: failed to clone hash") + } + transcript.Write(hs.clientHello.marshalWithoutBinders()) + pskBinder := hs.suite.finishedHash(binderKey, transcript) + if !hmac.Equal(hs.clientHello.pskBinders[i], pskBinder) { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid PSK binder") + } + + c.didResume = true + if err := c.processCertsFromClient(sessionState.certificate); err != nil { + return err + } + + hs.hello.selectedIdentityPresent = true + hs.hello.selectedIdentity = uint16(i) + hs.usingPSK = true + return nil + } + + return nil +} + +// cloneHash uses the encoding.BinaryMarshaler and encoding.BinaryUnmarshaler +// interfaces implemented by standard library hashes to clone the state of in +// to a new instance of h. It returns nil if the operation fails. +func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { + // Recreate the interface to avoid importing encoding. + type binaryMarshaler interface { + MarshalBinary() (data []byte, err error) + UnmarshalBinary(data []byte) error + } + marshaler, ok := in.(binaryMarshaler) + if !ok { + return nil + } + state, err := marshaler.MarshalBinary() + if err != nil { + return nil + } + out := h.New() + unmarshaler, ok := out.(binaryMarshaler) + if !ok { + return nil + } + if err := unmarshaler.UnmarshalBinary(state); err != nil { + return nil + } + return out +} + +func (hs *serverHandshakeStateTLS13) pickCertificate() error { + c := hs.c + + // Only one of PSK and certificates are used at a time. + if hs.usingPSK { + return nil + } + + // signature_algorithms is required in TLS 1.3. See RFC 8446, Section 4.2.3. + if len(hs.clientHello.supportedSignatureAlgorithms) == 0 { + return c.sendAlert(alertMissingExtension) + } + + certificate, err := c.config.getCertificate(clientHelloInfo(c, hs.clientHello)) + if err != nil { + if err == errNoCertificates { + c.sendAlert(alertUnrecognizedName) + } else { + c.sendAlert(alertInternalError) + } + return err + } + hs.sigAlg, err = selectSignatureScheme(c.vers, certificate, hs.clientHello.supportedSignatureAlgorithms) + if err != nil { + // getCertificate returned a certificate that is unsupported or + // incompatible with the client's signature algorithms. + c.sendAlert(alertHandshakeFailure) + return err + } + hs.cert = certificate + + return nil +} + +// sendDummyChangeCipherSpec sends a ChangeCipherSpec record for compatibility +// with middleboxes that didn't implement TLS correctly. See RFC 8446, Appendix D.4. +func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error { + if hs.sentDummyCCS { + return nil + } + hs.sentDummyCCS = true + + _, err := hs.c.writeRecord(recordTypeChangeCipherSpec, []byte{1}) + return err +} + +func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error { + c := hs.c + + // The first ClientHello gets double-hashed into the transcript upon a + // HelloRetryRequest. See RFC 8446, Section 4.4.1. + hs.transcript.Write(hs.clientHello.marshal()) + chHash := hs.transcript.Sum(nil) + hs.transcript.Reset() + hs.transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))}) + hs.transcript.Write(chHash) + + helloRetryRequest := &serverHelloMsg{ + vers: hs.hello.vers, + random: helloRetryRequestRandom, + sessionId: hs.hello.sessionId, + cipherSuite: hs.hello.cipherSuite, + compressionMethod: hs.hello.compressionMethod, + supportedVersion: hs.hello.supportedVersion, + selectedGroup: selectedGroup, + } + + hs.transcript.Write(helloRetryRequest.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, helloRetryRequest.marshal()); err != nil { + return err + } + + if err := hs.sendDummyChangeCipherSpec(); err != nil { + return err + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + clientHello, ok := msg.(*clientHelloMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(clientHello, msg) + } + + if len(clientHello.keyShares) != 1 || clientHello.keyShares[0].group != selectedGroup { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client sent invalid key share in second ClientHello") + } + + if clientHello.earlyData { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client indicated early data in second ClientHello") + } + + if illegalClientHelloChange(clientHello, hs.clientHello) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client illegally modified second ClientHello") + } + + hs.clientHello = clientHello + return nil +} + +// illegalClientHelloChange reports whether the two ClientHello messages are +// different, with the exception of the changes allowed before and after a +// HelloRetryRequest. See RFC 8446, Section 4.1.2. +func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool { + if len(ch.supportedVersions) != len(ch1.supportedVersions) || + len(ch.cipherSuites) != len(ch1.cipherSuites) || + len(ch.supportedCurves) != len(ch1.supportedCurves) || + len(ch.supportedSignatureAlgorithms) != len(ch1.supportedSignatureAlgorithms) || + len(ch.supportedSignatureAlgorithmsCert) != len(ch1.supportedSignatureAlgorithmsCert) || + len(ch.alpnProtocols) != len(ch1.alpnProtocols) { + return true + } + for i := range ch.supportedVersions { + if ch.supportedVersions[i] != ch1.supportedVersions[i] { + return true + } + } + for i := range ch.cipherSuites { + if ch.cipherSuites[i] != ch1.cipherSuites[i] { + return true + } + } + for i := range ch.supportedCurves { + if ch.supportedCurves[i] != ch1.supportedCurves[i] { + return true + } + } + for i := range ch.supportedSignatureAlgorithms { + if ch.supportedSignatureAlgorithms[i] != ch1.supportedSignatureAlgorithms[i] { + return true + } + } + for i := range ch.supportedSignatureAlgorithmsCert { + if ch.supportedSignatureAlgorithmsCert[i] != ch1.supportedSignatureAlgorithmsCert[i] { + return true + } + } + for i := range ch.alpnProtocols { + if ch.alpnProtocols[i] != ch1.alpnProtocols[i] { + return true + } + } + return ch.vers != ch1.vers || + !bytes.Equal(ch.random, ch1.random) || + !bytes.Equal(ch.sessionId, ch1.sessionId) || + !bytes.Equal(ch.compressionMethods, ch1.compressionMethods) || + ch.serverName != ch1.serverName || + ch.ocspStapling != ch1.ocspStapling || + !bytes.Equal(ch.supportedPoints, ch1.supportedPoints) || + ch.ticketSupported != ch1.ticketSupported || + !bytes.Equal(ch.sessionTicket, ch1.sessionTicket) || + ch.secureRenegotiationSupported != ch1.secureRenegotiationSupported || + !bytes.Equal(ch.secureRenegotiation, ch1.secureRenegotiation) || + ch.scts != ch1.scts || + !bytes.Equal(ch.cookie, ch1.cookie) || + !bytes.Equal(ch.pskModes, ch1.pskModes) +} + +func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + c := hs.c + + hs.transcript.Write(hs.clientHello.marshal()) + hs.transcript.Write(hs.hello.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + if err := hs.sendDummyChangeCipherSpec(); err != nil { + return err + } + + earlySecret := hs.earlySecret + if earlySecret == nil { + earlySecret = hs.suite.extract(nil, nil) + } + hs.handshakeSecret = hs.suite.extract(hs.sharedKey, + hs.suite.deriveSecret(earlySecret, "derived", nil)) + + clientSecret := hs.suite.deriveSecret(hs.handshakeSecret, + clientHandshakeTrafficLabel, hs.transcript) + c.in.setTrafficSecret(hs.suite, clientSecret) + serverSecret := hs.suite.deriveSecret(hs.handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) + c.out.setTrafficSecret(hs.suite, serverSecret) + + err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.clientHello.random, clientSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.clientHello.random, serverSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + + encryptedExtensions := new(encryptedExtensionsMsg) + + if len(hs.clientHello.alpnProtocols) > 0 { + if selectedProto := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); selectedProto != "" { + encryptedExtensions.alpnProtocol = selectedProto + c.clientProtocol = selectedProto + } + } + + hs.transcript.Write(encryptedExtensions.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, encryptedExtensions.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) requestClientCert() bool { + return hs.c.config.ClientAuth >= RequestClientCert && !hs.usingPSK +} + +func (hs *serverHandshakeStateTLS13) sendServerCertificate() error { + c := hs.c + + // Only one of PSK and certificates are used at a time. + if hs.usingPSK { + return nil + } + + if hs.requestClientCert() { + // Request a client certificate + certReq := new(certificateRequestMsgTLS13) + certReq.ocspStapling = true + certReq.scts = true + certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms + if c.config.ClientCAs != nil { + certReq.certificateAuthorities = c.config.ClientCAs.Subjects() + } + + hs.transcript.Write(certReq.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certReq.marshal()); err != nil { + return err + } + } + + certMsg := new(certificateMsgTLS13) + + certMsg.certificate = *hs.cert + certMsg.scts = hs.clientHello.scts && len(hs.cert.SignedCertificateTimestamps) > 0 + certMsg.ocspStapling = hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 + + hs.transcript.Write(certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } + + certVerifyMsg := new(certificateVerifyMsg) + certVerifyMsg.hasSignatureAlgorithm = true + certVerifyMsg.signatureAlgorithm = hs.sigAlg + + sigType, sigHash, err := typeAndHashFromSignatureScheme(hs.sigAlg) + if err != nil { + return c.sendAlert(alertInternalError) + } + + signed := signedMessage(sigHash, serverSignatureContext, hs.transcript) + signOpts := crypto.SignerOpts(sigHash) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash} + } + sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts) + if err != nil { + public := hs.cert.PrivateKey.(crypto.Signer).Public() + if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS && + rsaKey.N.BitLen()/8 < sigHash.Size()*2+2 { // key too small for RSA-PSS + c.sendAlert(alertHandshakeFailure) + } else { + c.sendAlert(alertInternalError) + } + return errors.New("tls: failed to sign handshake: " + err.Error()) + } + certVerifyMsg.signature = sig + + hs.transcript.Write(certVerifyMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certVerifyMsg.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) sendServerFinished() error { + c := hs.c + + finished := &finishedMsg{ + verifyData: hs.suite.finishedHash(c.out.trafficSecret, hs.transcript), + } + + hs.transcript.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + + // Derive secrets that take context through the server Finished. + + hs.masterSecret = hs.suite.extract(nil, + hs.suite.deriveSecret(hs.handshakeSecret, "derived", nil)) + + hs.trafficSecret = hs.suite.deriveSecret(hs.masterSecret, + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(hs.masterSecret, + serverApplicationTrafficLabel, hs.transcript) + c.out.setTrafficSecret(hs.suite, serverSecret) + + err := c.config.writeKeyLog(keyLogLabelClientTraffic, hs.clientHello.random, hs.trafficSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.clientHello.random, serverSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + + c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript) + + // If we did not request client certificates, at this point we can + // precompute the client finished and roll the transcript forward to send + // session tickets in our first flight. + if !hs.requestClientCert() { + if err := hs.sendSessionTickets(); err != nil { + return err + } + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) shouldSendSessionTickets() bool { + if hs.c.config.SessionTicketsDisabled { + return false + } + + // Don't send tickets the client wouldn't use. See RFC 8446, Section 4.2.9. + for _, pskMode := range hs.clientHello.pskModes { + if pskMode == pskModeDHE { + return true + } + } + return false +} + +func (hs *serverHandshakeStateTLS13) sendSessionTickets() error { + c := hs.c + + hs.clientFinished = hs.suite.finishedHash(c.in.trafficSecret, hs.transcript) + finishedMsg := &finishedMsg{ + verifyData: hs.clientFinished, + } + hs.transcript.Write(finishedMsg.marshal()) + + if !hs.shouldSendSessionTickets() { + return nil + } + + resumptionSecret := hs.suite.deriveSecret(hs.masterSecret, + resumptionLabel, hs.transcript) + + m := new(newSessionTicketMsgTLS13) + + var certsFromClient [][]byte + for _, cert := range c.peerCertificates { + certsFromClient = append(certsFromClient, cert.Raw) + } + state := sessionStateTLS13{ + cipherSuite: hs.suite.id, + createdAt: uint64(c.config.time().Unix()), + resumptionSecret: resumptionSecret, + certificate: Certificate{ + Certificate: certsFromClient, + OCSPStaple: c.ocspResponse, + SignedCertificateTimestamps: c.scts, + }, + } + var err error + m.label, err = c.encryptTicket(state.marshal()) + if err != nil { + return err + } + m.lifetime = uint32(maxSessionTicketLifetime / time.Second) + + if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) readClientCertificate() error { + c := hs.c + + if !hs.requestClientCert() { + // Make sure the connection is still being verified whether or not + // the server requested a client certificate. + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + return nil + } + + // If we requested a client certificate, then the client must send a + // certificate message. If it's empty, no CertificateVerify is sent. + + msg, err := c.readHandshake() + if err != nil { + return err + } + + certMsg, ok := msg.(*certificateMsgTLS13) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) + } + hs.transcript.Write(certMsg.marshal()) + + if err := c.processCertsFromClient(certMsg.certificate); err != nil { + return err + } + + if c.config.VerifyConnection != nil { + if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + + if len(certMsg.certificate.Certificate) != 0 { + msg, err = c.readHandshake() + if err != nil { + return err + } + + certVerify, ok := msg.(*certificateVerifyMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certVerify, msg) + } + + // See RFC 8446, Section 4.4.3. + if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client certificate used with invalid signature algorithm") + } + sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm) + if err != nil { + return c.sendAlert(alertInternalError) + } + if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client certificate used with invalid signature algorithm") + } + signed := signedMessage(sigHash, clientSignatureContext, hs.transcript) + if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey, + sigHash, signed, certVerify.signature); err != nil { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid signature by the client certificate: " + err.Error()) + } + + hs.transcript.Write(certVerify.marshal()) + } + + // If we waited until the client certificates to send session tickets, we + // are ready to do it now. + if err := hs.sendSessionTickets(); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) readClientFinished() error { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return err + } + + finished, ok := msg.(*finishedMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(finished, msg) + } + + if !hmac.Equal(hs.clientFinished, finished.verifyData) { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid client finished hash") + } + + c.in.setTrafficSecret(hs.suite, hs.trafficSecret) + + return nil +} diff --git a/tls/handshake_test.go b/tls/handshake_test.go index f95f274a..c4e5f0ef 100644 --- a/tls/handshake_test.go +++ b/tls/handshake_test.go @@ -6,16 +6,23 @@ package tls import ( "bufio" + "crypto/ed25519" "encoding/hex" "errors" "flag" "fmt" "io" - "io/ioutil" "net" + "os" + "os/exec" + "runtime" "strconv" "strings" "sync" + "testing" + "time" + + "crypto/x509" ) // TLS reference tests run a connection against a reference implementation @@ -30,12 +37,61 @@ import ( // implementation. // // Tests can be updated by running them with the -update flag. This will cause -// the test files. Generally one should combine the -update flag with -test.run -// to updated a specific test. Since the reference implementation will always -// generate fresh random numbers, large parts of the reference connection will -// always change. +// the test files for failing tests to be regenerated. Since the reference +// implementation will always generate fresh random numbers, large parts of the +// reference connection will always change. + +var ( + update = flag.Bool("update", false, "update golden files on failure") + fast = flag.Bool("fast", false, "impose a quick, possibly flaky timeout on recorded tests") + keyFile = flag.String("keylog", "", "destination file for KeyLogWriter") +) -var update = flag.Bool("update", false, "update golden files on disk") +func runTestAndUpdateIfNeeded(t *testing.T, name string, run func(t *testing.T, update bool), wait bool) { + success := t.Run(name, func(t *testing.T) { + if !*update && !wait { + t.Parallel() + } + run(t, false) + }) + + if !success && *update { + t.Run(name+"#update", func(t *testing.T) { + run(t, true) + }) + } +} + +// checkOpenSSLVersion ensures that the version of OpenSSL looks reasonable +// before updating the test data. +func checkOpenSSLVersion() error { + if !*update { + return nil + } + + openssl := exec.Command("openssl", "version") + output, err := openssl.CombinedOutput() + if err != nil { + return err + } + + version := string(output) + if strings.HasPrefix(version, "OpenSSL 1.1.1") { + return nil + } + + println("***********************************************") + println("") + println("You need to build OpenSSL 1.1.1 from source in order") + println("to update the test data.") + println("") + println("Configure it with:") + println("./Configure enable-weak-ssl-ciphers no-shared") + println("and then add the apps/ directory at the front of your PATH.") + println("***********************************************") + + return errors.New("version of OpenSSL does not appear to be suitable for updating test data") +} // recordingConn is a net.Conn that records the traffic that passes through it. // WriteTo can be used to produce output that can be later be loaded with @@ -88,21 +144,33 @@ func (r *recordingConn) Write(b []byte) (n int, err error) { } // WriteTo writes Go source code to w that contains the recorded traffic. -func (r *recordingConn) WriteTo(w io.Writer) { +func (r *recordingConn) WriteTo(w io.Writer) (int64, error) { // TLS always starts with a client to server flow. clientToServer := true - + var written int64 for i, flow := range r.flows { source, dest := "client", "server" if !clientToServer { source, dest = dest, source } - fmt.Fprintf(w, ">>> Flow %d (%s to %s)\n", i+1, source, dest) + n, err := fmt.Fprintf(w, ">>> Flow %d (%s to %s)\n", i+1, source, dest) + written += int64(n) + if err != nil { + return written, err + } dumper := hex.Dumper(w) - dumper.Write(flow) - dumper.Close() + n, err = dumper.Write(flow) + written += int64(n) + if err != nil { + return written, err + } + err = dumper.Close() + if err != nil { + return written, err + } clientToServer = !clientToServer } + return written, nil } func parseTestData(r io.Reader) (flows [][]byte, err error) { @@ -156,7 +224,7 @@ func parseTestData(r io.Reader) (flows [][]byte, err error) { // tempFile creates a temp file containing contents and returns its path. func tempFile(contents string) string { - file, err := ioutil.TempFile("", "go-tls-test") + file, err := os.CreateTemp("", "go-tls-test") if err != nil { panic("failed to create temp file: " + err.Error()) } @@ -165,3 +233,304 @@ func tempFile(contents string) string { file.Close() return path } + +// localListener is set up by TestMain and used by localPipe to create Conn +// pairs like net.Pipe, but connected by an actual buffered TCP connection. +var localListener struct { + mu sync.Mutex + addr net.Addr + ch chan net.Conn +} + +const localFlakes = 0 // change to 1 or 2 to exercise localServer/localPipe handling of mismatches + +func localServer(l net.Listener) { + for n := 0; ; n++ { + c, err := l.Accept() + if err != nil { + return + } + if localFlakes == 1 && n%2 == 0 { + c.Close() + continue + } + localListener.ch <- c + } +} + +var isConnRefused = func(err error) bool { return false } + +func localPipe(t testing.TB) (net.Conn, net.Conn) { + localListener.mu.Lock() + defer localListener.mu.Unlock() + + addr := localListener.addr + + var err error +Dialing: + // We expect a rare mismatch, but probably not 5 in a row. + for i := 0; i < 5; i++ { + tooSlow := time.NewTimer(1 * time.Second) + defer tooSlow.Stop() + var c1 net.Conn + c1, err = net.Dial(addr.Network(), addr.String()) + if err != nil { + if runtime.GOOS == "dragonfly" && (isConnRefused(err) || os.IsTimeout(err)) { + // golang.org/issue/29583: Dragonfly sometimes returns a spurious + // ECONNREFUSED or ETIMEDOUT. + <-tooSlow.C + continue + } + t.Fatalf("localPipe: %v", err) + } + if localFlakes == 2 && i == 0 { + c1.Close() + continue + } + for { + select { + case <-tooSlow.C: + t.Logf("localPipe: timeout waiting for %v", c1.LocalAddr()) + c1.Close() + continue Dialing + + case c2 := <-localListener.ch: + if c2.RemoteAddr().String() == c1.LocalAddr().String() { + return c1, c2 + } + t.Logf("localPipe: unexpected connection: %v != %v", c2.RemoteAddr(), c1.LocalAddr()) + c2.Close() + } + } + } + + t.Fatalf("localPipe: failed to connect: %v", err) + panic("unreachable") +} + +// zeroSource is an io.Reader that returns an unlimited number of zero bytes. +type zeroSource struct{} + +func (zeroSource) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = 0 + } + + return len(b), nil +} + +func allCipherSuites() []uint16 { + ids := make([]uint16, len(cipherSuites)) + for i, suite := range cipherSuites { + ids[i] = suite.id + } + + return ids +} + +var testConfig *Config + +func TestMain(m *testing.M) { + flag.Parse() + os.Exit(runMain(m)) +} + +func runMain(m *testing.M) int { + // TLS 1.3 cipher suites preferences are not configurable and change based + // on the architecture. Force them to the version with AES acceleration for + // test consistency. + once.Do(initDefaultCipherSuites) + varDefaultCipherSuitesTLS13 = []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + } + + // Set up localPipe. + l, err := net.Listen("tcp", "127.0.0.1:0") + if err != nil { + l, err = net.Listen("tcp6", "[::1]:0") + } + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to open local listener: %v", err) + os.Exit(1) + } + localListener.ch = make(chan net.Conn) + localListener.addr = l.Addr() + defer l.Close() + go localServer(l) + + if err := checkOpenSSLVersion(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v", err) + os.Exit(1) + } + + testConfig = &Config{ + Time: func() time.Time { return time.Unix(0, 0) }, + Rand: zeroSource{}, + Certificates: make([]Certificate, 2), + InsecureSkipVerify: true, + CipherSuites: allCipherSuites(), + } + testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate} + testConfig.Certificates[0].PrivateKey = testRSAPrivateKey + testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate} + testConfig.Certificates[1].PrivateKey = testRSAPrivateKey + testConfig.BuildNameToCertificate() + if *keyFile != "" { + f, err := os.OpenFile(*keyFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) + if err != nil { + panic("failed to open -keylog file: " + err.Error()) + } + testConfig.KeyLogWriter = f + defer f.Close() + } + + return m.Run() +} + +func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) { + const sentinel = "SENTINEL\n" + c, s := localPipe(t) + errChan := make(chan error) + go func() { + cli := Client(c, clientConfig) + err := cli.Handshake() + if err != nil { + errChan <- fmt.Errorf("client: %v", err) + c.Close() + return + } + defer cli.Close() + clientState = cli.ConnectionState() + buf, err := io.ReadAll(cli) + if err != nil { + t.Errorf("failed to call cli.Read: %v", err) + } + if got := string(buf); got != sentinel { + t.Errorf("read %q from TLS connection, but expected %q", got, sentinel) + } + errChan <- nil + }() + server := Server(s, serverConfig) + err = server.Handshake() + if err == nil { + serverState = server.ConnectionState() + if _, err := io.WriteString(server, sentinel); err != nil { + t.Errorf("failed to call server.Write: %v", err) + } + if err := server.Close(); err != nil { + t.Errorf("failed to call server.Close: %v", err) + } + err = <-errChan + } else { + s.Close() + <-errChan + } + return +} + +func fromHex(s string) []byte { + b, _ := hex.DecodeString(s) + return b +} + +var testRSACertificate = fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7") + +var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76") + +// testRSAPSSCertificate has signatureAlgorithm rsassaPss, but subjectPublicKeyInfo +// algorithm rsaEncryption, for use with the rsa_pss_rsae_* SignatureSchemes. +// See also TestRSAPSSKeyError. testRSAPSSCertificate is self-signed. +var testRSAPSSCertificate = fromHex("308202583082018da003020102021100f29926eb87ea8a0db9fcc247347c11b0304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a20302012030123110300e060355040a130741636d6520436f301e170d3137313132333136313631305a170d3138313132333136313631305a30123110300e060355040a130741636d6520436f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3463044300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000300f0603551d110408300687047f000001304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a20302012003818100cdac4ef2ce5f8d79881042707f7cbf1b5a8a00ef19154b40151771006cd41626e5496d56da0c1a139fd84695593cb67f87765e18aa03ea067522dd78d2a589b8c92364e12838ce346c6e067b51f1a7e6f4b37ffab13f1411896679d18e880e0ba09e302ac067efca460288e9538122692297ad8093d4f7dd701424d7700a46a1") + +var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a") + +var testEd25519Certificate = fromHex("3082012e3081e1a00302010202100f431c425793941de987e4f1ad15005d300506032b657030123110300e060355040a130741636d6520436f301e170d3139303531363231333830315a170d3230303531353231333830315a30123110300e060355040a130741636d6520436f302a300506032b65700321003fe2152ee6e3ef3f4e854a7577a3649eede0bf842ccc92268ffa6f3483aaec8fa34d304b300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030160603551d11040f300d820b6578616d706c652e636f6d300506032b65700341006344ed9cc4be5324539fd2108d9fe82108909539e50dc155ff2c16b71dfcab7d4dd4e09313d0a942e0b66bfe5d6748d79f50bc6ccd4b03837cf20858cdaccf0c") + +var testSNICertificate = fromHex("0441883421114c81480804c430820237308201a0a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a3023310b3009060355040a1302476f311430120603550403130b736e69746573742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3773075300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b0500038181007beeecff0230dbb2e7a334af65430b7116e09f327c3bbf918107fc9c66cb497493207ae9b4dbb045cb63d605ec1b5dd485bb69124d68fa298dc776699b47632fd6d73cab57042acb26f083c4087459bc5a3bb3ca4d878d7fe31016b7bc9a627438666566e3389bfaeebe6becc9a0093ceed18d0f9ac79d56f3a73f18188988ed") + +var testP256Certificate = fromHex("308201693082010ea00302010202105012dc24e1124ade4f3e153326ff27bf300a06082a8648ce3d04030230123110300e060355040a130741636d6520436f301e170d3137303533313232343934375a170d3138303533313232343934375a30123110300e060355040a130741636d6520436f3059301306072a8648ce3d020106082a8648ce3d03010703420004c02c61c9b16283bbcc14956d886d79b358aa614596975f78cece787146abf74c2d5dc578c0992b4f3c631373479ebf3892efe53d21c4f4f1cc9a11c3536b7f75a3463044300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000300f0603551d1104083006820474657374300a06082a8648ce3d0403020349003046022100963712d6226c7b2bef41512d47e1434131aaca3ba585d666c924df71ac0448b3022100f4d05c725064741aef125f243cdbccaa2a5d485927831f221c43023bd5ae471a") + +var testRSAPrivateKey, _ = x509.ParsePKCS1PrivateKey(fromHex("3082025b02010002818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d702030100010281800b07fbcf48b50f1388db34b016298b8217f2092a7c9a04f77db6775a3d1279b62ee9951f7e371e9de33f015aea80660760b3951dc589a9f925ed7de13e8f520e1ccbc7498ce78e7fab6d59582c2386cc07ed688212a576ff37833bd5943483b5554d15a0b9b4010ed9bf09f207e7e9805f649240ed6c1256ed75ab7cd56d9671024100fded810da442775f5923debae4ac758390a032a16598d62f059bb2e781a9c2f41bfa015c209f966513fe3bf5a58717cbdb385100de914f88d649b7d15309fa49024100dd10978c623463a1802c52f012cfa72ff5d901f25a2292446552c2568b1840e49a312e127217c2186615aae4fb6602a4f6ebf3f3d160f3b3ad04c592f65ae41f02400c69062ca781841a09de41ed7a6d9f54adc5d693a2c6847949d9e1358555c9ac6a8d9e71653ac77beb2d3abaf7bb1183aa14278956575dbebf525d0482fd72d90240560fe1900ba36dae3022115fd952f2399fb28e2975a1c3e3d0b679660bdcb356cc189d611cfdd6d87cd5aea45aa30a2082e8b51e94c2f3dd5d5c6036a8a615ed0240143993d80ece56f877cb80048335701eb0e608cc0c1ca8c2227b52edf8f1ac99c562f2541b5ce81f0515af1c5b4770dba53383964b4b725ff46fdec3d08907df")) + +var testECDSAPrivateKey, _ = x509.ParseECPrivateKey(fromHex("3081dc0201010442019883e909ad0ac9ea3d33f9eae661f1785206970f8ca9a91672f1eedca7a8ef12bd6561bb246dda5df4b4d5e7e3a92649bc5d83a0bf92972e00e62067d0c7bd99d7a00706052b81040023a18189038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b")) + +var testP256PrivateKey, _ = x509.ParseECPrivateKey(fromHex("30770201010420012f3b52bc54c36ba3577ad45034e2e8efe1e6999851284cb848725cfe029991a00a06082a8648ce3d030107a14403420004c02c61c9b16283bbcc14956d886d79b358aa614596975f78cece787146abf74c2d5dc578c0992b4f3c631373479ebf3892efe53d21c4f4f1cc9a11c3536b7f75")) + +var testEd25519PrivateKey = ed25519.PrivateKey(fromHex("3a884965e76b3f55e5faf9615458a92354894234de3ec9f684d46d55cebf3dc63fe2152ee6e3ef3f4e854a7577a3649eede0bf842ccc92268ffa6f3483aaec8f")) + +const clientCertificatePEM = ` +-----BEGIN CERTIFICATE----- +MIIB7zCCAVigAwIBAgIQXBnBiWWDVW/cC8m5k5/pvDANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMB4XDTE2MDgxNzIxNTIzMVoXDTE3MDgxNzIxNTIz +MVowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAum+qhr3Pv5/y71yUYHhv6BPy0ZZvzdkybiI3zkH5yl0prOEn2mGi7oHLEMff +NFiVhuk9GeZcJ3NgyI14AvQdpJgJoxlwaTwlYmYqqyIjxXuFOE8uCXMyp70+m63K +hAfmDzr/d8WdQYUAirab7rCkPy1MTOZCPrtRyN1IVPQMjkcCAwEAAaNGMEQwDgYD +VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBGq0Si+yhU+Fpn+GKU +8ZqyGJ7ysd4dfm92lam6512oFmyc9wnTN+RLKzZ8Aa1B0jLYw9KT+RBrjpW5LBeK +o0RIvFkTgxYEiKSBXCUNmAysEbEoVr4dzWFihAm/1oDGRY2CLLTYg5vbySK3KhIR +e/oCO8HJ/+rJnahJ05XX1Q7lNQ== +-----END CERTIFICATE-----` + +var clientKeyPEM = testingKey(` +-----BEGIN RSA TESTING KEY----- +MIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa +YaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J +czKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB +AoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc +qeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv +PJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z +9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY +dkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ +zbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w +jUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ +rWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr +FhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU +csPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6 +-----END RSA TESTING KEY-----`) + +const clientECDSACertificatePEM = ` +-----BEGIN CERTIFICATE----- +MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG +EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK +b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv +ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs +jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q +ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg +C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa +2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw +jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes= +-----END CERTIFICATE-----` + +var clientECDSAKeyPEM = testingKey(` +-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- +-----BEGIN EC TESTING KEY----- +MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8 +k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1 +FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd +3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx ++U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q== +-----END EC TESTING KEY-----`) + +const clientEd25519CertificatePEM = ` +-----BEGIN CERTIFICATE----- +MIIBLjCB4aADAgECAhAX0YGTviqMISAQJRXoNCNPMAUGAytlcDASMRAwDgYDVQQK +EwdBY21lIENvMB4XDTE5MDUxNjIxNTQyNloXDTIwMDUxNTIxNTQyNlowEjEQMA4G +A1UEChMHQWNtZSBDbzAqMAUGAytlcAMhAAvgtWC14nkwPb7jHuBQsQTIbcd4bGkv +xRStmmNveRKRo00wSzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH +AwIwDAYDVR0TAQH/BAIwADAWBgNVHREEDzANggtleGFtcGxlLmNvbTAFBgMrZXAD +QQD8GRcqlKUx+inILn9boF2KTjRAOdazENwZ/qAicbP1j6FYDc308YUkv+Y9FN/f +7Q7hF9gRomDQijcjKsJGqjoI +-----END CERTIFICATE-----` + +var clientEd25519KeyPEM = testingKey(` +-----BEGIN TESTING KEY----- +MC4CAQAwBQYDK2VwBCIEINifzf07d9qx3d44e0FSbV4mC/xQxT644RRbpgNpin7I +-----END TESTING KEY-----`) diff --git a/tls/handshake_unix_test.go b/tls/handshake_unix_test.go new file mode 100644 index 00000000..72718544 --- /dev/null +++ b/tls/handshake_unix_test.go @@ -0,0 +1,18 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris + +package tls + +import ( + "errors" + "syscall" +) + +func init() { + isConnRefused = func(err error) bool { + return errors.Is(err, syscall.ECONNREFUSED) + } +} diff --git a/tls/key_agreement.go b/tls/key_agreement.go index 5f103ea5..becdc824 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -6,102 +6,47 @@ package tls import ( "crypto" - "crypto/ecdsa" - "crypto/elliptic" "crypto/md5" - "crypto/rand" "crypto/rsa" "crypto/sha1" - "crypto/sha256" - "crypto/sha512" - "encoding/asn1" "errors" + "fmt" "io" - "math/big" - - "github.com/zmap/zcrypto/dsa" "github.com/zmap/zcrypto/x509" ) var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message") var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message") -var errUnexpectedServerKeyExchange = errors.New("tls: unexpected ServerKeyExchange message") // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. -type rsaKeyAgreement struct { - auth keyAgreementAuthentication - version uint16 - clientVersion uint16 - ephemeral bool - privateKey *rsa.PrivateKey - publicKey *rsa.PublicKey - verifyError error -} - -func (ka *rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { - // Only send a server key agreement when the cipher is an RSA export - // TODO: Make this a configuration parameter - ka.clientVersion = clientHello.vers - if !ka.ephemeral { - return nil, nil - } +type rsaKeyAgreement struct{} - // Generate an ephemeral RSA key or use the one in the config - if config.ExportRSAKey != nil { - ka.privateKey = config.ExportRSAKey - } else { - key, err := rsa.GenerateKey(config.rand(), 512) - if err != nil { - return nil, err - } - ka.privateKey = key - } - - // Serialize the key parameters to a nice byte array. The byte array can be - // positioned later. - modulus := ka.privateKey.N.Bytes() - exponent := big.NewInt(int64(ka.privateKey.E)).Bytes() - serverRSAParams := make([]byte, 0, 2+len(modulus)+2+len(exponent)) - serverRSAParams = append(serverRSAParams, byte(len(modulus)>>8), byte(len(modulus))) - serverRSAParams = append(serverRSAParams, modulus...) - serverRSAParams = append(serverRSAParams, byte(len(exponent)>>8), byte(len(exponent))) - serverRSAParams = append(serverRSAParams, exponent...) - - return ka.auth.signParameters(config, cert, clientHello, hello, serverRSAParams) +func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { + return nil, nil } -func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg) ([]byte, error) { - preMasterSecret := make([]byte, 48) - _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) - if err != nil { - return nil, err - } - +func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { if len(ckx.ciphertext) < 2 { return nil, errClientKeyExchange } - - ciphertext := ckx.ciphertext - if ka.version != VersionSSL30 { - ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) - if ciphertextLen != len(ckx.ciphertext)-2 { - return nil, errClientKeyExchange - } - ciphertext = ckx.ciphertext[2:] + ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) + if ciphertextLen != len(ckx.ciphertext)-2 { + return nil, errClientKeyExchange } + ciphertext := ckx.ciphertext[2:] - key := ka.privateKey - if key == nil { - key = cert.PrivateKey.(*rsa.PrivateKey) + priv, ok := cert.PrivateKey.(crypto.Decrypter) + if !ok { + return nil, errors.New("tls: certificate private key does not implement crypto.Decrypter") } - - err = rsa.DecryptPKCS1v15SessionKey(config.rand(), key, ciphertext, preMasterSecret) + // Perform constant time RSA PKCS #1 v1.5 decryption + preMasterSecret, err := priv.Decrypt(config.rand(), ciphertext, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: 48}) if err != nil { return nil, err } - // We don't check the version number in the premaster secret. For one, + // We don't check the version number in the premaster secret. For one, // by checking it, we would leak information about the validity of the // encrypted pre-master secret. Secondly, it provides only a small // benefit against a downgrade attack and some implementations send the @@ -110,56 +55,11 @@ func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certif return preMasterSecret, nil } -func (ka *rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { - if !ka.ephemeral { - return nil - } - - k := skx.key - // Read the modulus - if len(k) < 2 { - return errServerKeyExchange - } - modulusLen := (int(k[0]) << 8) | int(k[1]) - k = k[2:] - if len(k) < modulusLen { - return errServerKeyExchange - } - modulus := new(big.Int).SetBytes(k[:modulusLen]) - k = k[modulusLen:] - - // Read the exponent - if len(k) < 2 { - return errServerKeyExchange - } - exponentLength := (int(k[0]) << 8) | int(k[1]) - k = k[2:] - if len(k) < exponentLength || exponentLength > 4 { - return errServerKeyExchange - } - rawExponent := k[0:exponentLength] - exponent := 0 - for _, b := range rawExponent { - exponent <<= 8 - exponent |= int(b) - } - ka.publicKey = new(rsa.PublicKey) - ka.publicKey.E = exponent - ka.publicKey.N = modulus - - paramsLen := 2 + exponentLength + 2 + modulusLen - - serverRSAParams := skx.key[:paramsLen] - sig := skx.key[paramsLen:] - - skx.digest, ka.verifyError = ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverRSAParams, sig) - if config.InsecureSkipVerify { - return nil - } - return ka.verifyError +func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { + return errors.New("tls: unexpected ServerKeyExchange") } -func (ka *rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { +func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { preMasterSecret := make([]byte, 48) preMasterSecret[0] = byte(clientHello.vers >> 8) preMasterSecret[1] = byte(clientHello.vers) @@ -167,44 +67,19 @@ func (ka *rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello if err != nil { return nil, nil, err } - var publicKey *rsa.PublicKey - if ka.publicKey != nil { - publicKey = ka.publicKey - } else { - var ok bool - publicKey, ok = cert.PublicKey.(*rsa.PublicKey) - if !ok { - return nil, nil, errClientKeyExchange - } - } - encrypted, err := rsa.EncryptPKCS1v15(config.rand(), publicKey, preMasterSecret) + + encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret) if err != nil { return nil, nil, err } ckx := new(clientKeyExchangeMsg) - var body []byte - if ka.version != VersionSSL30 { - ckx.ciphertext = make([]byte, len(encrypted)+2) - ckx.ciphertext[0] = byte(len(encrypted) >> 8) - ckx.ciphertext[1] = byte(len(encrypted)) - body = ckx.ciphertext[2:] - } else { - ckx.ciphertext = make([]byte, len(encrypted)) - body = ckx.ciphertext - } - copy(body, encrypted) + ckx.ciphertext = make([]byte, len(encrypted)+2) + ckx.ciphertext[0] = byte(len(encrypted) >> 8) + ckx.ciphertext[1] = byte(len(encrypted)) + copy(ckx.ciphertext[2:], encrypted) return preMasterSecret, ckx, nil } -// sha1Hash calculates a SHA1 hash over the given byte slices. -func md5Hash(slices [][]byte) []byte { - h := md5.New() - for _, slice := range slices { - h.Write(slice) - } - return h.Sum(nil) -} - // sha1Hash calculates a SHA1 hash over the given byte slices. func sha1Hash(slices [][]byte) []byte { hsha1 := sha1.New() @@ -227,356 +102,146 @@ func md5SHA1Hash(slices [][]byte) []byte { return md5sha1 } -// sha224Hash implements TLS 1.2's hash function. -func sha224Hash(slices [][]byte) []byte { - h := crypto.SHA224.New() - for _, slice := range slices { - h.Write(slice) +// hashForServerKeyExchange hashes the given slices and returns their digest +// using the given hash function (for >= TLS 1.2) or using a default based on +// the sigType (for earlier TLS versions). For Ed25519 signatures, which don't +// do pre-hashing, it returns the concatenation of the slices. +func hashForServerKeyExchange(sigType uint8, hashFunc crypto.Hash, version uint16, slices ...[]byte) []byte { + if sigType == signatureEd25519 { + var signed []byte + for _, slice := range slices { + signed = append(signed, slice...) + } + return signed } - return h.Sum(nil) -} - -// sha256Hash implements TLS 1.2's hash function. -func sha256Hash(slices [][]byte) []byte { - h := sha256.New() - for _, slice := range slices { - h.Write(slice) + if version >= VersionTLS12 { + h := hashFunc.New() + for _, slice := range slices { + h.Write(slice) + } + digest := h.Sum(nil) + return digest } - return h.Sum(nil) -} - -// sha256Hash implements TLS 1.2's hash function. -func sha384Hash(slices [][]byte) []byte { - h := crypto.SHA384.New() - for _, slice := range slices { - h.Write(slice) + if sigType == signatureECDSA { + return sha1Hash(slices) } - return h.Sum(nil) + return md5SHA1Hash(slices) } -// sha512Hash implements TLS 1.2's hash function. -func sha512Hash(slices [][]byte) []byte { - h := sha512.New() - for _, slice := range slices { - h.Write(slice) - } - return h.Sum(nil) +// ecdheKeyAgreement implements a TLS key agreement where the server +// generates an ephemeral EC public/private key pair and signs it. The +// pre-master secret is then calculated using ECDH. The signature may +// be ECDSA, Ed25519 or RSA. +type ecdheKeyAgreement struct { + version uint16 + isRSA bool + params ecdheParameters + + // ckx and preMasterSecret are generated in processServerKeyExchange + // and returned in generateClientKeyExchange. + ckx *clientKeyExchangeMsg + preMasterSecret []byte } -// hashForServerKeyExchange hashes the given slices and returns their digest -// and the identifier of the hash function used. The hashFunc argument is only -// used for >= TLS 1.2 and precisely identifies the hash function to use. -func hashForServerKeyExchange(sigType, hashFunc uint8, version uint16, slices ...[]byte) ([]byte, crypto.Hash, error) { - if version >= VersionTLS12 { - switch hashFunc { - case hashSHA512: - return sha512Hash(slices), crypto.SHA512, nil - case hashSHA384: - return sha384Hash(slices), crypto.SHA384, nil - case hashSHA256: - return sha256Hash(slices), crypto.SHA256, nil - case hashSHA224: - return sha224Hash(slices), crypto.SHA224, nil - case hashSHA1: - return sha1Hash(slices), crypto.SHA1, nil - case hashMD5: - return md5Hash(slices), crypto.MD5, nil - default: - return nil, crypto.Hash(0), errors.New("tls: unknown hash function used by peer") +func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { + var curveID CurveID + for _, c := range clientHello.supportedCurves { + if config.supportsCurve(c) { + curveID = c + break } } - if sigType == signatureECDSA || sigType == signatureDSA { - return sha1Hash(slices), crypto.SHA1, nil - } - return md5SHA1Hash(slices), crypto.MD5SHA1, nil -} -// pickTLS12HashForSignature returns a TLS 1.2 hash identifier for signing a -// ServerKeyExchange given the signature type being used and the client's -// advertised list of supported signature and hash combinations. -func pickTLS12HashForSignature(sigType uint8, clientList, serverList []SigAndHash) (uint8, error) { - if len(clientList) == 0 { - // If the client didn't specify any signature_algorithms - // extension then we can assume that it supports SHA1. See - // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - return hashSHA1, nil + if curveID == 0 { + return nil, errors.New("tls: no supported elliptic curves offered") } - - for _, sigAndHash := range clientList { - if sigAndHash.Signature != sigType { - continue - } - if isSupportedSignatureAndHash(sigAndHash, serverList) { - return sigAndHash.Hash, nil - } + if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { + return nil, errors.New("tls: CurvePreferences includes unsupported curve") } - return 0, errors.New("tls: client doesn't support any common hash functions") -} - -func curveForCurveID(id CurveID) (elliptic.Curve, bool) { - switch id { - case CurveP256: - return elliptic.P256(), true - case CurveP384: - return elliptic.P384(), true - case CurveP521: - return elliptic.P521(), true - default: - return nil, false + params, err := generateECDHEParameters(config.rand(), curveID) + if err != nil { + return nil, err } -} + ka.params = params -// keyAgreementAuthentication is a helper interface that specifies how -// to authenticate the ServerKeyExchange parameters. -type keyAgreementAuthentication interface { - signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) - verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) -} - -// nilKeyAgreementAuthentication does not authenticate the key -// agreement parameters. -type nilKeyAgreementAuthentication struct{} + // See RFC 4492, Section 5.4. + ecdhePublic := params.PublicKey() + serverECDHEParams := make([]byte, 1+2+1+len(ecdhePublic)) + serverECDHEParams[0] = 3 // named curve + serverECDHEParams[1] = byte(curveID >> 8) + serverECDHEParams[2] = byte(curveID) + serverECDHEParams[3] = byte(len(ecdhePublic)) + copy(serverECDHEParams[4:], ecdhePublic) -func (ka *nilKeyAgreementAuthentication) signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) { - skx := new(serverKeyExchangeMsg) - skx.key = params - return skx, nil -} - -func (ka *nilKeyAgreementAuthentication) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) { - return nil, nil -} - -// signedKeyAgreement signs the ServerKeyExchange parameters with the -// server's private key. -type signedKeyAgreement struct { - version uint16 - sigType uint8 - raw []byte - valid bool - sh SigAndHash -} + priv, ok := cert.PrivateKey.(crypto.Signer) + if !ok { + return nil, fmt.Errorf("tls: certificate private key of type %T does not implement crypto.Signer", cert.PrivateKey) + } -func (ka *signedKeyAgreement) signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) { - var tls12HashId uint8 - var err error + var signatureAlgorithm SignatureScheme + var sigType uint8 + var sigHash crypto.Hash if ka.version >= VersionTLS12 { - if tls12HashId, err = pickTLS12HashForSignature(ka.sigType, clientHello.signatureAndHashes, config.signatureAndHashesForServer()); err != nil { + signatureAlgorithm, err = selectSignatureScheme(ka.version, cert, clientHello.supportedSignatureAlgorithms) + if err != nil { return nil, err } - ka.sh.Hash = tls12HashId - } - ka.sh.Signature = ka.sigType - digest, hashFunc, err := hashForServerKeyExchange(ka.sigType, tls12HashId, ka.version, clientHello.random, hello.random, params) - if err != nil { - return nil, err - } - var sig []byte - switch ka.sigType { - case signatureECDSA: - privKey, ok := cert.PrivateKey.(*ecdsa.PrivateKey) - if !ok { - return nil, errors.New("ECDHE ECDSA requires an ECDSA server private key") - } - r, s, err := ecdsa.Sign(config.rand(), privKey, digest) + sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm) if err != nil { - return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) - } - sig, err = asn1.Marshal(ecdsaSignature{r, s}) - case signatureRSA: - privKey, ok := cert.PrivateKey.(*rsa.PrivateKey) - if !ok { - return nil, errors.New("ECDHE RSA requires a RSA server private key") + return nil, err } - sig, err = rsa.SignPKCS1v15(config.rand(), privKey, hashFunc, digest) + } else { + sigType, sigHash, err = legacyTypeAndHashFromPublicKey(priv.Public()) if err != nil { - return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) + return nil, err } - default: - return nil, errors.New("unknown ECDHE signature algorithm") + } + if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA { + return nil, errors.New("tls: certificate cannot be used with the selected cipher suite") + } + + signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, hello.random, serverECDHEParams) + + signOpts := crypto.SignerOpts(sigHash) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash} + } + sig, err := priv.Sign(config.rand(), signed, signOpts) + if err != nil { + return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error()) } skx := new(serverKeyExchangeMsg) - skx.digest = digest sigAndHashLen := 0 if ka.version >= VersionTLS12 { sigAndHashLen = 2 } - skx.key = make([]byte, len(params)+sigAndHashLen+2+len(sig)) - copy(skx.key, params) - k := skx.key[len(params):] + skx.key = make([]byte, len(serverECDHEParams)+sigAndHashLen+2+len(sig)) + copy(skx.key, serverECDHEParams) + k := skx.key[len(serverECDHEParams):] if ka.version >= VersionTLS12 { - k[0] = tls12HashId - k[1] = ka.sigType + k[0] = byte(signatureAlgorithm >> 8) + k[1] = byte(signatureAlgorithm) k = k[2:] } k[0] = byte(len(sig) >> 8) k[1] = byte(len(sig)) copy(k[2:], sig) - ka.raw = sig - ka.valid = true // We (the server) signed - return skx, nil -} -func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) { - if len(sig) < 2 { - return nil, errServerKeyExchange - } - - var tls12HashId uint8 - if ka.version >= VersionTLS12 { - // handle SignatureAndHashAlgorithm - var sigAndHash []uint8 - sigAndHash, sig = sig[:2], sig[2:] - tls12HashId = sigAndHash[0] - ka.sh.Hash = tls12HashId - ka.sh.Signature = sigAndHash[1] - if sigAndHash[1] != ka.sigType { - return nil, errServerKeyExchange - } - if len(sig) < 2 { - return nil, errServerKeyExchange - } - - if !isSupportedSignatureAndHash(SigAndHash{ka.sigType, tls12HashId}, config.signatureAndHashesForClient()) { - return nil, errors.New("tls: unsupported hash function for ServerKeyExchange") - } - } - sigLen := int(sig[0])<<8 | int(sig[1]) - if sigLen+2 != len(sig) { - return nil, errServerKeyExchange - } - sig = sig[2:] - ka.raw = sig - - digest, hashFunc, err := hashForServerKeyExchange(ka.sigType, tls12HashId, ka.version, clientHello.random, serverHello.random, params) - if err != nil { - return nil, err - } - switch ka.sigType { - case signatureECDSA: - augECDSA, ok := cert.PublicKey.(*x509.AugmentedECDSA) - if !ok { - return nil, errors.New("ECDHE ECDSA: could not covert cert.PublicKey to x509.AugmentedECDSA") - } - pubKey := augECDSA.Pub - ecdsaSig := new(ecdsaSignature) - if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil { - return nil, err - } - if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { - return nil, errors.New("ECDSA signature contained zero or negative values") - } - if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) { - return nil, errors.New("ECDSA verification failure") - } - case signatureRSA: - pubKey, ok := cert.PublicKey.(*rsa.PublicKey) - if !ok { - return nil, errors.New("ECDHE RSA requires a RSA server public key") - } - if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil { - return nil, err - } - case signatureDSA: - pubKey, ok := cert.PublicKey.(*dsa.PublicKey) - if !ok { - return nil, errors.New("DSS ciphers require a DSA server public key") - } - dsaSig := new(dsaSignature) - if _, err := asn1.Unmarshal(sig, dsaSig); err != nil { - return nil, err - } - if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 { - return nil, errors.New("DSA signature contained zero or negative values") - } - if !dsa.Verify(pubKey, digest, dsaSig.R, dsaSig.S) { - return nil, errors.New("DSA verification failure") - } - default: - return nil, errors.New("unknown ECDHE signature algorithm") - } - ka.valid = true - return digest, nil -} - -// ecdheRSAKeyAgreement implements a TLS key agreement where the server -// generates a ephemeral EC public/private key pair and signs it. The -// pre-master secret is then calculated using ECDH. The signature may -// either be ECDSA or RSA. -type ecdheKeyAgreement struct { - auth keyAgreementAuthentication - privateKey []byte - curve elliptic.Curve - x, y *big.Int - verifyError error - curveID uint16 - clientPrivKey []byte - serverPrivKey []byte - clientX *big.Int - clientY *big.Int -} - -func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { - var curveid CurveID - preferredCurves := config.curvePreferences() - -NextCandidate: - for _, candidate := range preferredCurves { - for _, c := range clientHello.supportedCurves { - if candidate == c { - curveid = c - break NextCandidate - } - } - } - - if curveid == 0 { - return nil, errors.New("tls: no supported elliptic curves offered") - } - ka.curveID = uint16(curveid) - - var ok bool - if ka.curve, ok = curveForCurveID(curveid); !ok { - return nil, errors.New("tls: preferredCurves includes unsupported curve") - } - - var err error - ka.privateKey, ka.x, ka.y, err = elliptic.GenerateKey(ka.curve, config.rand()) - if err != nil { - return nil, err - } - ecdhePublic := elliptic.Marshal(ka.curve, ka.x, ka.y) - - ka.serverPrivKey = make([]byte, len(ka.privateKey)) - copy(ka.serverPrivKey, ka.privateKey) - - // http://tools.ietf.org/html/rfc4492#section-5.4 - serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic)) - serverECDHParams[0] = 3 // named curve - serverECDHParams[1] = byte(curveid >> 8) - serverECDHParams[2] = byte(curveid) - serverECDHParams[3] = byte(len(ecdhePublic)) - copy(serverECDHParams[4:], ecdhePublic) - - return ka.auth.signParameters(config, cert, clientHello, hello, serverECDHParams) + return skx, nil } -func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg) ([]byte, error) { +func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 { return nil, errClientKeyExchange } - ka.clientX, ka.clientY = elliptic.Unmarshal(ka.curve, ckx.ciphertext[1:]) - if ka.clientX == nil { + + preMasterSecret := ka.params.SharedKey(ckx.ciphertext[1:]) + if preMasterSecret == nil { return nil, errClientKeyExchange } - sharedX, _ := ka.curve.ScalarMult(ka.clientX, ka.clientY, ka.privateKey) - preMasterSecret := make([]byte, (ka.curve.Params().BitSize+7)>>3) - xBytes := sharedX.Bytes() - copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) - return preMasterSecret, nil } @@ -587,198 +252,84 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell if skx.key[0] != 3 { // named curve return errors.New("tls: server selected unsupported curve") } - curveid := CurveID(skx.key[1])<<8 | CurveID(skx.key[2]) - ka.curveID = uint16(curveid) - - var ok bool - if ka.curve, ok = curveForCurveID(curveid); !ok { - return errors.New("tls: server selected unsupported curve") - } + curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2]) publicLen := int(skx.key[3]) if publicLen+4 > len(skx.key) { return errServerKeyExchange } - ka.x, ka.y = elliptic.Unmarshal(ka.curve, skx.key[4:4+publicLen]) - if ka.x == nil { - return errServerKeyExchange - } - serverECDHParams := skx.key[:4+publicLen] + serverECDHEParams := skx.key[:4+publicLen] + publicKey := serverECDHEParams[4:] sig := skx.key[4+publicLen:] - skx.digest, ka.verifyError = ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverECDHParams, sig) - if config.InsecureSkipVerify { - return nil + if len(sig) < 2 { + return errServerKeyExchange } - return ka.verifyError -} -func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { - if ka.curve == nil { - return nil, nil, errors.New("missing ServerKeyExchange message") - } - priv, mx, my, err := elliptic.GenerateKey(ka.curve, config.rand()) - if err != nil { - return nil, nil, err + if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { + return errors.New("tls: server selected unsupported curve") } - ka.clientPrivKey = make([]byte, len(priv)) - copy(ka.clientPrivKey, priv) - ka.clientX = mx - ka.clientY = my - - x, _ := ka.curve.ScalarMult(ka.x, ka.y, priv) - preMasterSecret := make([]byte, (ka.curve.Params().BitSize+7)>>3) - xBytes := x.Bytes() - copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) - - serialized := elliptic.Marshal(ka.curve, mx, my) - - ckx := new(clientKeyExchangeMsg) - var body []byte - ckx.ciphertext = make([]byte, 1+len(serialized)) - ckx.ciphertext[0] = byte(len(serialized)) - body = ckx.ciphertext[1:] - copy(body, serialized) - - return preMasterSecret, ckx, nil -} - -// dheRSAKeyAgreement implements a TLS key agreement where the server generates -// an ephemeral Diffie-Hellman public/private key pair and signs it. The -// pre-master secret is then calculated using Diffie-Hellman. -type dheKeyAgreement struct { - auth keyAgreementAuthentication - p, g *big.Int - yTheirs *big.Int - yOurs *big.Int - xOurs *big.Int - yServer *big.Int - yClient *big.Int - verifyError error -} - -func (ka *dheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { - var q *big.Int - // 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC - // 5114, Section 2.3) - // TODO: Take a prime in the config - ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16) - ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16) - q, _ = new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16) - - var err error - ka.xOurs, err = rand.Int(config.rand(), q) + params, err := generateECDHEParameters(config.rand(), curveID) if err != nil { - return nil, err - } - yOurs := new(big.Int).Exp(ka.g, ka.xOurs, ka.p) - ka.yOurs = yOurs - ka.yServer = new(big.Int).Set(yOurs) - - // http://tools.ietf.org/html/rfc5246#section-7.4.3 - pBytes := ka.p.Bytes() - gBytes := ka.g.Bytes() - yBytes := yOurs.Bytes() - serverDHParams := make([]byte, 0, 2+len(pBytes)+2+len(gBytes)+2+len(yBytes)) - serverDHParams = append(serverDHParams, byte(len(pBytes)>>8), byte(len(pBytes))) - serverDHParams = append(serverDHParams, pBytes...) - serverDHParams = append(serverDHParams, byte(len(gBytes)>>8), byte(len(gBytes))) - serverDHParams = append(serverDHParams, gBytes...) - serverDHParams = append(serverDHParams, byte(len(yBytes)>>8), byte(len(yBytes))) - serverDHParams = append(serverDHParams, yBytes...) - - return ka.auth.signParameters(config, cert, clientHello, hello, serverDHParams) -} - -func (ka *dheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg) ([]byte, error) { - if len(ckx.ciphertext) < 2 { - return nil, errClientKeyExchange - } - yLen := (int(ckx.ciphertext[0]) << 8) | int(ckx.ciphertext[1]) - if yLen != len(ckx.ciphertext)-2 { - return nil, errClientKeyExchange + return err } - yTheirs := new(big.Int).SetBytes(ckx.ciphertext[2:]) - ka.yClient = new(big.Int).Set(yTheirs) - if yTheirs.Sign() <= 0 || yTheirs.Cmp(ka.p) >= 0 { - return nil, errClientKeyExchange - } - return new(big.Int).Exp(yTheirs, ka.xOurs, ka.p).Bytes(), nil -} + ka.params = params -func (ka *dheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { - // Read dh_p - k := skx.key - if len(k) < 2 { + ka.preMasterSecret = params.SharedKey(publicKey) + if ka.preMasterSecret == nil { return errServerKeyExchange } - pLen := (int(k[0]) << 8) | int(k[1]) - k = k[2:] - if len(k) < pLen { - return errServerKeyExchange - } - ka.p = new(big.Int).SetBytes(k[:pLen]) - k = k[pLen:] - // Read dh_g - if len(k) < 2 { - return errServerKeyExchange - } - gLen := (int(k[0]) << 8) | int(k[1]) - k = k[2:] - if len(k) < gLen { - return errServerKeyExchange - } - ka.g = new(big.Int).SetBytes(k[:gLen]) - k = k[gLen:] + ourPublicKey := params.PublicKey() + ka.ckx = new(clientKeyExchangeMsg) + ka.ckx.ciphertext = make([]byte, 1+len(ourPublicKey)) + ka.ckx.ciphertext[0] = byte(len(ourPublicKey)) + copy(ka.ckx.ciphertext[1:], ourPublicKey) - // Read dh_Ys - if len(k) < 2 { - return errServerKeyExchange + var sigType uint8 + var sigHash crypto.Hash + if ka.version >= VersionTLS12 { + signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1]) + sig = sig[2:] + if len(sig) < 2 { + return errServerKeyExchange + } + + if !isSupportedSignatureAlgorithm(signatureAlgorithm, clientHello.supportedSignatureAlgorithms) { + return errors.New("tls: certificate used with invalid signature algorithm") + } + sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm) + if err != nil { + return err + } + } else { + sigType, sigHash, err = legacyTypeAndHashFromPublicKey(cert.PublicKey) + if err != nil { + return err + } } - yLen := (int(k[0]) << 8) | int(k[1]) - k = k[2:] - if len(k) < yLen { + if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA { return errServerKeyExchange } - ka.yTheirs = new(big.Int).SetBytes(k[:yLen]) - ka.yServer = new(big.Int).Set(ka.yTheirs) - k = k[yLen:] - if ka.yTheirs.Sign() <= 0 || ka.yTheirs.Cmp(ka.p) >= 0 { + + sigLen := int(sig[0])<<8 | int(sig[1]) + if sigLen+2 != len(sig) { return errServerKeyExchange } + sig = sig[2:] - sig := k - serverDHParams := skx.key[:len(skx.key)-len(sig)] - skx.digest, ka.verifyError = ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverDHParams, sig) - if config.InsecureSkipVerify { - return nil + signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams) + if err := verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil { + return errors.New("tls: invalid signature by the server certificate: " + err.Error()) } - return ka.verifyError + return nil } -func (ka *dheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { - if ka.p == nil || ka.g == nil || ka.yTheirs == nil { - return nil, nil, errors.New("missing ServerKeyExchange message") - } - - xOurs, err := rand.Int(config.rand(), ka.p) - if err != nil { - return nil, nil, err +func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { + if ka.ckx == nil { + return nil, nil, errors.New("tls: missing ServerKeyExchange message") } - preMasterSecret := new(big.Int).Exp(ka.yTheirs, xOurs, ka.p).Bytes() - yOurs := new(big.Int).Exp(ka.g, xOurs, ka.p) - ka.yOurs = yOurs - ka.xOurs = xOurs - ka.yClient = new(big.Int).Set(yOurs) - yBytes := yOurs.Bytes() - ckx := new(clientKeyExchangeMsg) - ckx.ciphertext = make([]byte, 2+len(yBytes)) - ckx.ciphertext[0] = byte(len(yBytes) >> 8) - ckx.ciphertext[1] = byte(len(yBytes)) - copy(ckx.ciphertext[2:], yBytes) - - return preMasterSecret, ckx, nil + return ka.preMasterSecret, ka.ckx, nil } diff --git a/tls/key_schedule.go b/tls/key_schedule.go new file mode 100644 index 00000000..31401697 --- /dev/null +++ b/tls/key_schedule.go @@ -0,0 +1,199 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto/elliptic" + "crypto/hmac" + "errors" + "hash" + "io" + "math/big" + + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/curve25519" + "golang.org/x/crypto/hkdf" +) + +// This file contains the functions necessary to compute the TLS 1.3 key +// schedule. See RFC 8446, Section 7. + +const ( + resumptionBinderLabel = "res binder" + clientHandshakeTrafficLabel = "c hs traffic" + serverHandshakeTrafficLabel = "s hs traffic" + clientApplicationTrafficLabel = "c ap traffic" + serverApplicationTrafficLabel = "s ap traffic" + exporterLabel = "exp master" + resumptionLabel = "res master" + trafficUpdateLabel = "traffic upd" +) + +// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. +func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []byte, length int) []byte { + var hkdfLabel cryptobyte.Builder + hkdfLabel.AddUint16(uint16(length)) + hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes([]byte("tls13 ")) + b.AddBytes([]byte(label)) + }) + hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(context) + }) + out := make([]byte, length) + n, err := hkdf.Expand(c.hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out) + if err != nil || n != length { + panic("tls: HKDF-Expand-Label invocation failed unexpectedly") + } + return out +} + +// deriveSecret implements Derive-Secret from RFC 8446, Section 7.1. +func (c *cipherSuiteTLS13) deriveSecret(secret []byte, label string, transcript hash.Hash) []byte { + if transcript == nil { + transcript = c.hash.New() + } + return c.expandLabel(secret, label, transcript.Sum(nil), c.hash.Size()) +} + +// extract implements HKDF-Extract with the cipher suite hash. +func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { + if newSecret == nil { + newSecret = make([]byte, c.hash.Size()) + } + return hkdf.Extract(c.hash.New, newSecret, currentSecret) +} + +// nextTrafficSecret generates the next traffic secret, given the current one, +// according to RFC 8446, Section 7.2. +func (c *cipherSuiteTLS13) nextTrafficSecret(trafficSecret []byte) []byte { + return c.expandLabel(trafficSecret, trafficUpdateLabel, nil, c.hash.Size()) +} + +// trafficKey generates traffic keys according to RFC 8446, Section 7.3. +func (c *cipherSuiteTLS13) trafficKey(trafficSecret []byte) (key, iv []byte) { + key = c.expandLabel(trafficSecret, "key", nil, c.keyLen) + iv = c.expandLabel(trafficSecret, "iv", nil, aeadNonceLength) + return +} + +// finishedHash generates the Finished verify_data or PskBinderEntry according +// to RFC 8446, Section 4.4.4. See sections 4.4 and 4.2.11.2 for the baseKey +// selection. +func (c *cipherSuiteTLS13) finishedHash(baseKey []byte, transcript hash.Hash) []byte { + finishedKey := c.expandLabel(baseKey, "finished", nil, c.hash.Size()) + verifyData := hmac.New(c.hash.New, finishedKey) + verifyData.Write(transcript.Sum(nil)) + return verifyData.Sum(nil) +} + +// exportKeyingMaterial implements RFC5705 exporters for TLS 1.3 according to +// RFC 8446, Section 7.5. +func (c *cipherSuiteTLS13) exportKeyingMaterial(masterSecret []byte, transcript hash.Hash) func(string, []byte, int) ([]byte, error) { + expMasterSecret := c.deriveSecret(masterSecret, exporterLabel, transcript) + return func(label string, context []byte, length int) ([]byte, error) { + secret := c.deriveSecret(expMasterSecret, label, nil) + h := c.hash.New() + h.Write(context) + return c.expandLabel(secret, "exporter", h.Sum(nil), length), nil + } +} + +// ecdheParameters implements Diffie-Hellman with either NIST curves or X25519, +// according to RFC 8446, Section 4.2.8.2. +type ecdheParameters interface { + CurveID() CurveID + PublicKey() []byte + SharedKey(peerPublicKey []byte) []byte +} + +func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) { + if curveID == X25519 { + privateKey := make([]byte, curve25519.ScalarSize) + if _, err := io.ReadFull(rand, privateKey); err != nil { + return nil, err + } + publicKey, err := curve25519.X25519(privateKey, curve25519.Basepoint) + if err != nil { + return nil, err + } + return &x25519Parameters{privateKey: privateKey, publicKey: publicKey}, nil + } + + curve, ok := curveForCurveID(curveID) + if !ok { + return nil, errors.New("tls: internal error: unsupported curve") + } + + p := &nistParameters{curveID: curveID} + var err error + p.privateKey, p.x, p.y, err = elliptic.GenerateKey(curve, rand) + if err != nil { + return nil, err + } + return p, nil +} + +func curveForCurveID(id CurveID) (elliptic.Curve, bool) { + switch id { + case CurveP256: + return elliptic.P256(), true + case CurveP384: + return elliptic.P384(), true + case CurveP521: + return elliptic.P521(), true + default: + return nil, false + } +} + +type nistParameters struct { + privateKey []byte + x, y *big.Int // public key + curveID CurveID +} + +func (p *nistParameters) CurveID() CurveID { + return p.curveID +} + +func (p *nistParameters) PublicKey() []byte { + curve, _ := curveForCurveID(p.curveID) + return elliptic.Marshal(curve, p.x, p.y) +} + +func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte { + curve, _ := curveForCurveID(p.curveID) + // Unmarshal also checks whether the given point is on the curve. + x, y := elliptic.Unmarshal(curve, peerPublicKey) + if x == nil { + return nil + } + + xShared, _ := curve.ScalarMult(x, y, p.privateKey) + sharedKey := make([]byte, (curve.Params().BitSize+7)/8) + return xShared.FillBytes(sharedKey) +} + +type x25519Parameters struct { + privateKey []byte + publicKey []byte +} + +func (p *x25519Parameters) CurveID() CurveID { + return X25519 +} + +func (p *x25519Parameters) PublicKey() []byte { + return p.publicKey[:] +} + +func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte { + sharedKey, err := curve25519.X25519(p.privateKey, peerPublicKey) + if err != nil { + return nil + } + return sharedKey +} diff --git a/tls/key_schedule_test.go b/tls/key_schedule_test.go new file mode 100644 index 00000000..79ff6a62 --- /dev/null +++ b/tls/key_schedule_test.go @@ -0,0 +1,175 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "encoding/hex" + "hash" + "strings" + "testing" + "unicode" +) + +// This file contains tests derived from draft-ietf-tls-tls13-vectors-07. + +func parseVector(v string) []byte { + v = strings.Map(func(c rune) rune { + if unicode.IsSpace(c) { + return -1 + } + return c + }, v) + parts := strings.Split(v, ":") + v = parts[len(parts)-1] + res, err := hex.DecodeString(v) + if err != nil { + panic(err) + } + return res +} + +func TestDeriveSecret(t *testing.T) { + chTranscript := cipherSuitesTLS13[0].hash.New() + chTranscript.Write(parseVector(` + payload (512 octets): 01 00 01 fc 03 03 1b c3 ce b6 bb e3 9c ff + 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49 d7 b4 bc 41 9d 78 76 + 48 7d 95 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 + 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 + 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 + 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d 96 c9 9d a2 66 98 34 + 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b 00 2a 00 + 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 + 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 + 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00 00 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9 00 + 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00 70 + ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3 a9 + 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f d6 + 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e e0 + 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f a5 + 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97 b5 + ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f 7d + e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 fa d6 aa + cb 00 21 20 3a dd 4f b2 d8 fd f8 22 a0 ca 3c f7 67 8e f5 e8 8d + ae 99 01 41 c5 92 4d 57 bb 6f a3 1b 9e 5f 9d`)) + + type args struct { + secret []byte + label string + transcript hash.Hash + } + tests := []struct { + name string + args args + want []byte + }{ + { + `derive secret for handshake "tls13 derived"`, + args{ + parseVector(`PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 + 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a`), + "derived", + nil, + }, + parseVector(`expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba + b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba`), + }, + { + `derive secret "tls13 c e traffic"`, + args{ + parseVector(`PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb + 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c`), + "c e traffic", + chTranscript, + }, + parseVector(`expanded (32 octets): 3f bb e6 a6 0d eb 66 c3 0a 32 79 5a ba 0e + ff 7e aa 10 10 55 86 e7 be 5c 09 67 8d 63 b6 ca ab 62`), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := cipherSuitesTLS13[0] + if got := c.deriveSecret(tt.args.secret, tt.args.label, tt.args.transcript); !bytes.Equal(got, tt.want) { + t.Errorf("cipherSuiteTLS13.deriveSecret() = % x, want % x", got, tt.want) + } + }) + } +} + +func TestTrafficKey(t *testing.T) { + trafficSecret := parseVector( + `PRK (32 octets): b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d 37 b4 + e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38`) + wantKey := parseVector( + `key expanded (16 octets): 3f ce 51 60 09 c2 17 27 d0 f2 e4 e8 6e + e4 03 bc`) + wantIV := parseVector( + `iv expanded (12 octets): 5d 31 3e b2 67 12 76 ee 13 00 0b 30`) + + c := cipherSuitesTLS13[0] + gotKey, gotIV := c.trafficKey(trafficSecret) + if !bytes.Equal(gotKey, wantKey) { + t.Errorf("cipherSuiteTLS13.trafficKey() gotKey = % x, want % x", gotKey, wantKey) + } + if !bytes.Equal(gotIV, wantIV) { + t.Errorf("cipherSuiteTLS13.trafficKey() gotIV = % x, want % x", gotIV, wantIV) + } +} + +func TestExtract(t *testing.T) { + type args struct { + newSecret []byte + currentSecret []byte + } + tests := []struct { + name string + args args + want []byte + }{ + { + `extract secret "early"`, + args{ + nil, + nil, + }, + parseVector(`secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c + e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a`), + }, + { + `extract secret "master"`, + args{ + nil, + parseVector(`salt (32 octets): 43 de 77 e0 c7 77 13 85 9a 94 4d b9 db 25 90 b5 + 31 90 a6 5b 3e e2 e4 f1 2d d7 a0 bb 7c e2 54 b4`), + }, + parseVector(`secret (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a + 47 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19`), + }, + { + `extract secret "handshake"`, + args{ + parseVector(`IKM (32 octets): 8b d4 05 4f b5 5b 9d 63 fd fb ac f9 f0 4b 9f 0d + 35 e6 d6 3f 53 75 63 ef d4 62 72 90 0f 89 49 2d`), + parseVector(`salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 + 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba`), + }, + parseVector(`secret (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b + 01 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac`), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := cipherSuitesTLS13[0] + if got := c.extract(tt.args.newSecret, tt.args.currentSecret); !bytes.Equal(got, tt.want) { + t.Errorf("cipherSuiteTLS13.extract() = % x, want % x", got, tt.want) + } + }) + } +} diff --git a/tls/link_test.go b/tls/link_test.go new file mode 100644 index 00000000..65712826 --- /dev/null +++ b/tls/link_test.go @@ -0,0 +1,108 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "os" + "os/exec" + "path/filepath" + "testing" + + "github.com/zmap/zcrypto/internal/testenv" +) + +// Tests that the linker is able to remove references to the Client or Server if unused. +func TestLinkerGC(t *testing.T) { + if testing.Short() { + t.Skip("skipping in short mode") + } + t.Parallel() + goBin := testenv.GoToolPath(t) + testenv.MustHaveGoBuild(t) + + tests := []struct { + name string + program string + want []string + bad []string + }{ + { + name: "empty_import", + program: `package main +import _ "crypto/tls" +func main() {} +`, + bad: []string{ + "tls.(*Conn)", + "type.crypto/tls.clientHandshakeState", + "type.crypto/tls.serverHandshakeState", + }, + }, + { + name: "client_and_server", + program: `package main +import "crypto/tls" +func main() { + tls.Dial("", "", nil) + tls.Server(nil, nil) +} +`, + want: []string{ + "crypto/tls.(*Conn).clientHandshake", + "crypto/tls.(*Conn).serverHandshake", + }, + }, + { + name: "only_client", + program: `package main +import "crypto/tls" +func main() { tls.Dial("", "", nil) } +`, + want: []string{ + "crypto/tls.(*Conn).clientHandshake", + }, + bad: []string{ + "crypto/tls.(*Conn).serverHandshake", + }, + }, + // TODO: add only_server like func main() { tls.Server(nil, nil) } + // That currently brings in the client via Conn.handleRenegotiation. + + } + tmpDir := t.TempDir() + goFile := filepath.Join(tmpDir, "x.go") + exeFile := filepath.Join(tmpDir, "x.exe") + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := os.WriteFile(goFile, []byte(tt.program), 0644); err != nil { + t.Fatal(err) + } + os.Remove(exeFile) + cmd := exec.Command(goBin, "build", "-o", "x.exe", "x.go") + cmd.Dir = tmpDir + if out, err := cmd.CombinedOutput(); err != nil { + t.Fatalf("compile: %v, %s", err, out) + } + + cmd = exec.Command(goBin, "tool", "nm", "x.exe") + cmd.Dir = tmpDir + nm, err := cmd.CombinedOutput() + if err != nil { + t.Fatalf("nm: %v, %s", err, nm) + } + for _, sym := range tt.want { + if !bytes.Contains(nm, []byte(sym)) { + t.Errorf("expected symbol %q not found", sym) + } + } + for _, sym := range tt.bad { + if bytes.Contains(nm, []byte(sym)) { + t.Errorf("unexpected symbol %q found", sym) + } + } + }) + } +} diff --git a/tls/poly1305.go b/tls/poly1305.go deleted file mode 100644 index 01de4acf..00000000 --- a/tls/poly1305.go +++ /dev/null @@ -1,1540 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -// Based on original, public domain implementation from NaCl by D. J. -// Bernstein. - -import ( - "crypto/subtle" - "math" -) - -const ( - alpham80 = 0.00000000558793544769287109375 - alpham48 = 24.0 - alpham16 = 103079215104.0 - alpha0 = 6755399441055744.0 - alpha18 = 1770887431076116955136.0 - alpha32 = 29014219670751100192948224.0 - alpha50 = 7605903601369376408980219232256.0 - alpha64 = 124615124604835863084731911901282304.0 - alpha82 = 32667107224410092492483962313449748299776.0 - alpha96 = 535217884764734955396857238543560676143529984.0 - alpha112 = 35076039295941670036888435985190792471742381031424.0 - alpha130 = 9194973245195333150150082162901855101712434733101613056.0 - scale = 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 - offset0 = 6755408030990331.0 - offset1 = 29014256564239239022116864.0 - offset2 = 124615283061160854719918951570079744.0 - offset3 = 535219245894202480694386063513315216128475136.0 -) - -// poly1305Verify returns true if mac is a valid authenticator for m with the -// given key. -func poly1305Verify(mac *[16]byte, m []byte, key *[32]byte) bool { - var tmp [16]byte - poly1305Sum(&tmp, m, key) - return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 -} - -// poly1305Sum generates an authenticator for m using a one-time key and puts -// the 16-byte result into out. Authenticating two different messages with the -// same key allows an attacker to forge messages at will. -func poly1305Sum(out *[16]byte, m []byte, key *[32]byte) { - r := key - s := key[16:] - var ( - y7 float64 - y6 float64 - y1 float64 - y0 float64 - y5 float64 - y4 float64 - x7 float64 - x6 float64 - x1 float64 - x0 float64 - y3 float64 - y2 float64 - x5 float64 - r3lowx0 float64 - x4 float64 - r0lowx6 float64 - x3 float64 - r3highx0 float64 - x2 float64 - r0highx6 float64 - r0lowx0 float64 - sr1lowx6 float64 - r0highx0 float64 - sr1highx6 float64 - sr3low float64 - r1lowx0 float64 - sr2lowx6 float64 - r1highx0 float64 - sr2highx6 float64 - r2lowx0 float64 - sr3lowx6 float64 - r2highx0 float64 - sr3highx6 float64 - r1highx4 float64 - r1lowx4 float64 - r0highx4 float64 - r0lowx4 float64 - sr3highx4 float64 - sr3lowx4 float64 - sr2highx4 float64 - sr2lowx4 float64 - r0lowx2 float64 - r0highx2 float64 - r1lowx2 float64 - r1highx2 float64 - r2lowx2 float64 - r2highx2 float64 - sr3lowx2 float64 - sr3highx2 float64 - z0 float64 - z1 float64 - z2 float64 - z3 float64 - m0 int64 - m1 int64 - m2 int64 - m3 int64 - m00 uint32 - m01 uint32 - m02 uint32 - m03 uint32 - m10 uint32 - m11 uint32 - m12 uint32 - m13 uint32 - m20 uint32 - m21 uint32 - m22 uint32 - m23 uint32 - m30 uint32 - m31 uint32 - m32 uint32 - m33 uint64 - lbelow2 int32 - lbelow3 int32 - lbelow4 int32 - lbelow5 int32 - lbelow6 int32 - lbelow7 int32 - lbelow8 int32 - lbelow9 int32 - lbelow10 int32 - lbelow11 int32 - lbelow12 int32 - lbelow13 int32 - lbelow14 int32 - lbelow15 int32 - s00 uint32 - s01 uint32 - s02 uint32 - s03 uint32 - s10 uint32 - s11 uint32 - s12 uint32 - s13 uint32 - s20 uint32 - s21 uint32 - s22 uint32 - s23 uint32 - s30 uint32 - s31 uint32 - s32 uint32 - s33 uint32 - bits32 uint64 - f uint64 - f0 uint64 - f1 uint64 - f2 uint64 - f3 uint64 - f4 uint64 - g uint64 - g0 uint64 - g1 uint64 - g2 uint64 - g3 uint64 - g4 uint64 - ) - - var p int32 - - l := int32(len(m)) - - r00 := uint32(r[0]) - - r01 := uint32(r[1]) - - r02 := uint32(r[2]) - r0 := int64(2151) - - r03 := uint32(r[3]) - r03 &= 15 - r0 <<= 51 - - r10 := uint32(r[4]) - r10 &= 252 - r01 <<= 8 - r0 += int64(r00) - - r11 := uint32(r[5]) - r02 <<= 16 - r0 += int64(r01) - - r12 := uint32(r[6]) - r03 <<= 24 - r0 += int64(r02) - - r13 := uint32(r[7]) - r13 &= 15 - r1 := int64(2215) - r0 += int64(r03) - - d0 := r0 - r1 <<= 51 - r2 := int64(2279) - - r20 := uint32(r[8]) - r20 &= 252 - r11 <<= 8 - r1 += int64(r10) - - r21 := uint32(r[9]) - r12 <<= 16 - r1 += int64(r11) - - r22 := uint32(r[10]) - r13 <<= 24 - r1 += int64(r12) - - r23 := uint32(r[11]) - r23 &= 15 - r2 <<= 51 - r1 += int64(r13) - - d1 := r1 - r21 <<= 8 - r2 += int64(r20) - - r30 := uint32(r[12]) - r30 &= 252 - r22 <<= 16 - r2 += int64(r21) - - r31 := uint32(r[13]) - r23 <<= 24 - r2 += int64(r22) - - r32 := uint32(r[14]) - r2 += int64(r23) - r3 := int64(2343) - - d2 := r2 - r3 <<= 51 - - r33 := uint32(r[15]) - r33 &= 15 - r31 <<= 8 - r3 += int64(r30) - - r32 <<= 16 - r3 += int64(r31) - - r33 <<= 24 - r3 += int64(r32) - - r3 += int64(r33) - h0 := alpha32 - alpha32 - - d3 := r3 - h1 := alpha32 - alpha32 - - h2 := alpha32 - alpha32 - - h3 := alpha32 - alpha32 - - h4 := alpha32 - alpha32 - - r0low := math.Float64frombits(uint64(d0)) - h5 := alpha32 - alpha32 - - r1low := math.Float64frombits(uint64(d1)) - h6 := alpha32 - alpha32 - - r2low := math.Float64frombits(uint64(d2)) - h7 := alpha32 - alpha32 - - r0low -= alpha0 - - r1low -= alpha32 - - r2low -= alpha64 - - r0high := r0low + alpha18 - - r3low := math.Float64frombits(uint64(d3)) - - r1high := r1low + alpha50 - sr1low := scale * r1low - - r2high := r2low + alpha82 - sr2low := scale * r2low - - r0high -= alpha18 - r0high_stack := r0high - - r3low -= alpha96 - - r1high -= alpha50 - r1high_stack := r1high - - sr1high := sr1low + alpham80 - - r0low -= r0high - - r2high -= alpha82 - sr3low = scale * r3low - - sr2high := sr2low + alpham48 - - r1low -= r1high - r1low_stack := r1low - - sr1high -= alpham80 - sr1high_stack := sr1high - - r2low -= r2high - r2low_stack := r2low - - sr2high -= alpham48 - sr2high_stack := sr2high - - r3high := r3low + alpha112 - r0low_stack := r0low - - sr1low -= sr1high - sr1low_stack := sr1low - - sr3high := sr3low + alpham16 - r2high_stack := r2high - - sr2low -= sr2high - sr2low_stack := sr2low - - r3high -= alpha112 - r3high_stack := r3high - - sr3high -= alpham16 - sr3high_stack := sr3high - - r3low -= r3high - r3low_stack := r3low - - sr3low -= sr3high - sr3low_stack := sr3low - - if l < 16 { - goto addatmost15bytes - } - - m00 = uint32(m[p+0]) - m0 = 2151 - - m0 <<= 51 - m1 = 2215 - m01 = uint32(m[p+1]) - - m1 <<= 51 - m2 = 2279 - m02 = uint32(m[p+2]) - - m2 <<= 51 - m3 = 2343 - m03 = uint32(m[p+3]) - - m10 = uint32(m[p+4]) - m01 <<= 8 - m0 += int64(m00) - - m11 = uint32(m[p+5]) - m02 <<= 16 - m0 += int64(m01) - - m12 = uint32(m[p+6]) - m03 <<= 24 - m0 += int64(m02) - - m13 = uint32(m[p+7]) - m3 <<= 51 - m0 += int64(m03) - - m20 = uint32(m[p+8]) - m11 <<= 8 - m1 += int64(m10) - - m21 = uint32(m[p+9]) - m12 <<= 16 - m1 += int64(m11) - - m22 = uint32(m[p+10]) - m13 <<= 24 - m1 += int64(m12) - - m23 = uint32(m[p+11]) - m1 += int64(m13) - - m30 = uint32(m[p+12]) - m21 <<= 8 - m2 += int64(m20) - - m31 = uint32(m[p+13]) - m22 <<= 16 - m2 += int64(m21) - - m32 = uint32(m[p+14]) - m23 <<= 24 - m2 += int64(m22) - - m33 = uint64(m[p+15]) - m2 += int64(m23) - - d0 = m0 - m31 <<= 8 - m3 += int64(m30) - - d1 = m1 - m32 <<= 16 - m3 += int64(m31) - - d2 = m2 - m33 += 256 - - m33 <<= 24 - m3 += int64(m32) - - m3 += int64(m33) - d3 = m3 - - p += 16 - l -= 16 - - z0 = math.Float64frombits(uint64(d0)) - - z1 = math.Float64frombits(uint64(d1)) - - z2 = math.Float64frombits(uint64(d2)) - - z3 = math.Float64frombits(uint64(d3)) - - z0 -= alpha0 - - z1 -= alpha32 - - z2 -= alpha64 - - z3 -= alpha96 - - h0 += z0 - - h1 += z1 - - h3 += z2 - - h5 += z3 - - if l < 16 { - goto multiplyaddatmost15bytes - } - -multiplyaddatleast16bytes: - - m2 = 2279 - m20 = uint32(m[p+8]) - y7 = h7 + alpha130 - - m2 <<= 51 - m3 = 2343 - m21 = uint32(m[p+9]) - y6 = h6 + alpha130 - - m3 <<= 51 - m0 = 2151 - m22 = uint32(m[p+10]) - y1 = h1 + alpha32 - - m0 <<= 51 - m1 = 2215 - m23 = uint32(m[p+11]) - y0 = h0 + alpha32 - - m1 <<= 51 - m30 = uint32(m[p+12]) - y7 -= alpha130 - - m21 <<= 8 - m2 += int64(m20) - m31 = uint32(m[p+13]) - y6 -= alpha130 - - m22 <<= 16 - m2 += int64(m21) - m32 = uint32(m[p+14]) - y1 -= alpha32 - - m23 <<= 24 - m2 += int64(m22) - m33 = uint64(m[p+15]) - y0 -= alpha32 - - m2 += int64(m23) - m00 = uint32(m[p+0]) - y5 = h5 + alpha96 - - m31 <<= 8 - m3 += int64(m30) - m01 = uint32(m[p+1]) - y4 = h4 + alpha96 - - m32 <<= 16 - m02 = uint32(m[p+2]) - x7 = h7 - y7 - y7 *= scale - - m33 += 256 - m03 = uint32(m[p+3]) - x6 = h6 - y6 - y6 *= scale - - m33 <<= 24 - m3 += int64(m31) - m10 = uint32(m[p+4]) - x1 = h1 - y1 - - m01 <<= 8 - m3 += int64(m32) - m11 = uint32(m[p+5]) - x0 = h0 - y0 - - m3 += int64(m33) - m0 += int64(m00) - m12 = uint32(m[p+6]) - y5 -= alpha96 - - m02 <<= 16 - m0 += int64(m01) - m13 = uint32(m[p+7]) - y4 -= alpha96 - - m03 <<= 24 - m0 += int64(m02) - d2 = m2 - x1 += y7 - - m0 += int64(m03) - d3 = m3 - x0 += y6 - - m11 <<= 8 - m1 += int64(m10) - d0 = m0 - x7 += y5 - - m12 <<= 16 - m1 += int64(m11) - x6 += y4 - - m13 <<= 24 - m1 += int64(m12) - y3 = h3 + alpha64 - - m1 += int64(m13) - d1 = m1 - y2 = h2 + alpha64 - - x0 += x1 - - x6 += x7 - - y3 -= alpha64 - r3low = r3low_stack - - y2 -= alpha64 - r0low = r0low_stack - - x5 = h5 - y5 - r3lowx0 = r3low * x0 - r3high = r3high_stack - - x4 = h4 - y4 - r0lowx6 = r0low * x6 - r0high = r0high_stack - - x3 = h3 - y3 - r3highx0 = r3high * x0 - sr1low = sr1low_stack - - x2 = h2 - y2 - r0highx6 = r0high * x6 - sr1high = sr1high_stack - - x5 += y3 - r0lowx0 = r0low * x0 - r1low = r1low_stack - - h6 = r3lowx0 + r0lowx6 - sr1lowx6 = sr1low * x6 - r1high = r1high_stack - - x4 += y2 - r0highx0 = r0high * x0 - sr2low = sr2low_stack - - h7 = r3highx0 + r0highx6 - sr1highx6 = sr1high * x6 - sr2high = sr2high_stack - - x3 += y1 - r1lowx0 = r1low * x0 - r2low = r2low_stack - - h0 = r0lowx0 + sr1lowx6 - sr2lowx6 = sr2low * x6 - r2high = r2high_stack - - x2 += y0 - r1highx0 = r1high * x0 - sr3low = sr3low_stack - - h1 = r0highx0 + sr1highx6 - sr2highx6 = sr2high * x6 - sr3high = sr3high_stack - - x4 += x5 - r2lowx0 = r2low * x0 - z2 = math.Float64frombits(uint64(d2)) - - h2 = r1lowx0 + sr2lowx6 - sr3lowx6 = sr3low * x6 - - x2 += x3 - r2highx0 = r2high * x0 - z3 = math.Float64frombits(uint64(d3)) - - h3 = r1highx0 + sr2highx6 - sr3highx6 = sr3high * x6 - - r1highx4 = r1high * x4 - z2 -= alpha64 - - h4 = r2lowx0 + sr3lowx6 - r1lowx4 = r1low * x4 - - r0highx4 = r0high * x4 - z3 -= alpha96 - - h5 = r2highx0 + sr3highx6 - r0lowx4 = r0low * x4 - - h7 += r1highx4 - sr3highx4 = sr3high * x4 - - h6 += r1lowx4 - sr3lowx4 = sr3low * x4 - - h5 += r0highx4 - sr2highx4 = sr2high * x4 - - h4 += r0lowx4 - sr2lowx4 = sr2low * x4 - - h3 += sr3highx4 - r0lowx2 = r0low * x2 - - h2 += sr3lowx4 - r0highx2 = r0high * x2 - - h1 += sr2highx4 - r1lowx2 = r1low * x2 - - h0 += sr2lowx4 - r1highx2 = r1high * x2 - - h2 += r0lowx2 - r2lowx2 = r2low * x2 - - h3 += r0highx2 - r2highx2 = r2high * x2 - - h4 += r1lowx2 - sr3lowx2 = sr3low * x2 - - h5 += r1highx2 - sr3highx2 = sr3high * x2 - - p += 16 - l -= 16 - h6 += r2lowx2 - - h7 += r2highx2 - - z1 = math.Float64frombits(uint64(d1)) - h0 += sr3lowx2 - - z0 = math.Float64frombits(uint64(d0)) - h1 += sr3highx2 - - z1 -= alpha32 - - z0 -= alpha0 - - h5 += z3 - - h3 += z2 - - h1 += z1 - - h0 += z0 - - if l >= 16 { - goto multiplyaddatleast16bytes - } - -multiplyaddatmost15bytes: - - y7 = h7 + alpha130 - - y6 = h6 + alpha130 - - y1 = h1 + alpha32 - - y0 = h0 + alpha32 - - y7 -= alpha130 - - y6 -= alpha130 - - y1 -= alpha32 - - y0 -= alpha32 - - y5 = h5 + alpha96 - - y4 = h4 + alpha96 - - x7 = h7 - y7 - y7 *= scale - - x6 = h6 - y6 - y6 *= scale - - x1 = h1 - y1 - - x0 = h0 - y0 - - y5 -= alpha96 - - y4 -= alpha96 - - x1 += y7 - - x0 += y6 - - x7 += y5 - - x6 += y4 - - y3 = h3 + alpha64 - - y2 = h2 + alpha64 - - x0 += x1 - - x6 += x7 - - y3 -= alpha64 - r3low = r3low_stack - - y2 -= alpha64 - r0low = r0low_stack - - x5 = h5 - y5 - r3lowx0 = r3low * x0 - r3high = r3high_stack - - x4 = h4 - y4 - r0lowx6 = r0low * x6 - r0high = r0high_stack - - x3 = h3 - y3 - r3highx0 = r3high * x0 - sr1low = sr1low_stack - - x2 = h2 - y2 - r0highx6 = r0high * x6 - sr1high = sr1high_stack - - x5 += y3 - r0lowx0 = r0low * x0 - r1low = r1low_stack - - h6 = r3lowx0 + r0lowx6 - sr1lowx6 = sr1low * x6 - r1high = r1high_stack - - x4 += y2 - r0highx0 = r0high * x0 - sr2low = sr2low_stack - - h7 = r3highx0 + r0highx6 - sr1highx6 = sr1high * x6 - sr2high = sr2high_stack - - x3 += y1 - r1lowx0 = r1low * x0 - r2low = r2low_stack - - h0 = r0lowx0 + sr1lowx6 - sr2lowx6 = sr2low * x6 - r2high = r2high_stack - - x2 += y0 - r1highx0 = r1high * x0 - sr3low = sr3low_stack - - h1 = r0highx0 + sr1highx6 - sr2highx6 = sr2high * x6 - sr3high = sr3high_stack - - x4 += x5 - r2lowx0 = r2low * x0 - - h2 = r1lowx0 + sr2lowx6 - sr3lowx6 = sr3low * x6 - - x2 += x3 - r2highx0 = r2high * x0 - - h3 = r1highx0 + sr2highx6 - sr3highx6 = sr3high * x6 - - r1highx4 = r1high * x4 - - h4 = r2lowx0 + sr3lowx6 - r1lowx4 = r1low * x4 - - r0highx4 = r0high * x4 - - h5 = r2highx0 + sr3highx6 - r0lowx4 = r0low * x4 - - h7 += r1highx4 - sr3highx4 = sr3high * x4 - - h6 += r1lowx4 - sr3lowx4 = sr3low * x4 - - h5 += r0highx4 - sr2highx4 = sr2high * x4 - - h4 += r0lowx4 - sr2lowx4 = sr2low * x4 - - h3 += sr3highx4 - r0lowx2 = r0low * x2 - - h2 += sr3lowx4 - r0highx2 = r0high * x2 - - h1 += sr2highx4 - r1lowx2 = r1low * x2 - - h0 += sr2lowx4 - r1highx2 = r1high * x2 - - h2 += r0lowx2 - r2lowx2 = r2low * x2 - - h3 += r0highx2 - r2highx2 = r2high * x2 - - h4 += r1lowx2 - sr3lowx2 = sr3low * x2 - - h5 += r1highx2 - sr3highx2 = sr3high * x2 - - h6 += r2lowx2 - - h7 += r2highx2 - - h0 += sr3lowx2 - - h1 += sr3highx2 - -addatmost15bytes: - - if l == 0 { - goto nomorebytes - } - - lbelow2 = l - 2 - - lbelow3 = l - 3 - - lbelow2 >>= 31 - lbelow4 = l - 4 - - m00 = uint32(m[p+0]) - lbelow3 >>= 31 - p += lbelow2 - - m01 = uint32(m[p+1]) - lbelow4 >>= 31 - p += lbelow3 - - m02 = uint32(m[p+2]) - p += lbelow4 - m0 = 2151 - - m03 = uint32(m[p+3]) - m0 <<= 51 - m1 = 2215 - - m0 += int64(m00) - m01 &^= uint32(lbelow2) - - m02 &^= uint32(lbelow3) - m01 -= uint32(lbelow2) - - m01 <<= 8 - m03 &^= uint32(lbelow4) - - m0 += int64(m01) - lbelow2 -= lbelow3 - - m02 += uint32(lbelow2) - lbelow3 -= lbelow4 - - m02 <<= 16 - m03 += uint32(lbelow3) - - m03 <<= 24 - m0 += int64(m02) - - m0 += int64(m03) - lbelow5 = l - 5 - - lbelow6 = l - 6 - lbelow7 = l - 7 - - lbelow5 >>= 31 - lbelow8 = l - 8 - - lbelow6 >>= 31 - p += lbelow5 - - m10 = uint32(m[p+4]) - lbelow7 >>= 31 - p += lbelow6 - - m11 = uint32(m[p+5]) - lbelow8 >>= 31 - p += lbelow7 - - m12 = uint32(m[p+6]) - m1 <<= 51 - p += lbelow8 - - m13 = uint32(m[p+7]) - m10 &^= uint32(lbelow5) - lbelow4 -= lbelow5 - - m10 += uint32(lbelow4) - lbelow5 -= lbelow6 - - m11 &^= uint32(lbelow6) - m11 += uint32(lbelow5) - - m11 <<= 8 - m1 += int64(m10) - - m1 += int64(m11) - m12 &^= uint32(lbelow7) - - lbelow6 -= lbelow7 - m13 &^= uint32(lbelow8) - - m12 += uint32(lbelow6) - lbelow7 -= lbelow8 - - m12 <<= 16 - m13 += uint32(lbelow7) - - m13 <<= 24 - m1 += int64(m12) - - m1 += int64(m13) - m2 = 2279 - - lbelow9 = l - 9 - m3 = 2343 - - lbelow10 = l - 10 - lbelow11 = l - 11 - - lbelow9 >>= 31 - lbelow12 = l - 12 - - lbelow10 >>= 31 - p += lbelow9 - - m20 = uint32(m[p+8]) - lbelow11 >>= 31 - p += lbelow10 - - m21 = uint32(m[p+9]) - lbelow12 >>= 31 - p += lbelow11 - - m22 = uint32(m[p+10]) - m2 <<= 51 - p += lbelow12 - - m23 = uint32(m[p+11]) - m20 &^= uint32(lbelow9) - lbelow8 -= lbelow9 - - m20 += uint32(lbelow8) - lbelow9 -= lbelow10 - - m21 &^= uint32(lbelow10) - m21 += uint32(lbelow9) - - m21 <<= 8 - m2 += int64(m20) - - m2 += int64(m21) - m22 &^= uint32(lbelow11) - - lbelow10 -= lbelow11 - m23 &^= uint32(lbelow12) - - m22 += uint32(lbelow10) - lbelow11 -= lbelow12 - - m22 <<= 16 - m23 += uint32(lbelow11) - - m23 <<= 24 - m2 += int64(m22) - - m3 <<= 51 - lbelow13 = l - 13 - - lbelow13 >>= 31 - lbelow14 = l - 14 - - lbelow14 >>= 31 - p += lbelow13 - lbelow15 = l - 15 - - m30 = uint32(m[p+12]) - lbelow15 >>= 31 - p += lbelow14 - - m31 = uint32(m[p+13]) - p += lbelow15 - m2 += int64(m23) - - m32 = uint32(m[p+14]) - m30 &^= uint32(lbelow13) - lbelow12 -= lbelow13 - - m30 += uint32(lbelow12) - lbelow13 -= lbelow14 - - m3 += int64(m30) - m31 &^= uint32(lbelow14) - - m31 += uint32(lbelow13) - m32 &^= uint32(lbelow15) - - m31 <<= 8 - lbelow14 -= lbelow15 - - m3 += int64(m31) - m32 += uint32(lbelow14) - d0 = m0 - - m32 <<= 16 - m33 = uint64(lbelow15 + 1) - d1 = m1 - - m33 <<= 24 - m3 += int64(m32) - d2 = m2 - - m3 += int64(m33) - d3 = m3 - - z3 = math.Float64frombits(uint64(d3)) - - z2 = math.Float64frombits(uint64(d2)) - - z1 = math.Float64frombits(uint64(d1)) - - z0 = math.Float64frombits(uint64(d0)) - - z3 -= alpha96 - - z2 -= alpha64 - - z1 -= alpha32 - - z0 -= alpha0 - - h5 += z3 - - h3 += z2 - - h1 += z1 - - h0 += z0 - - y7 = h7 + alpha130 - - y6 = h6 + alpha130 - - y1 = h1 + alpha32 - - y0 = h0 + alpha32 - - y7 -= alpha130 - - y6 -= alpha130 - - y1 -= alpha32 - - y0 -= alpha32 - - y5 = h5 + alpha96 - - y4 = h4 + alpha96 - - x7 = h7 - y7 - y7 *= scale - - x6 = h6 - y6 - y6 *= scale - - x1 = h1 - y1 - - x0 = h0 - y0 - - y5 -= alpha96 - - y4 -= alpha96 - - x1 += y7 - - x0 += y6 - - x7 += y5 - - x6 += y4 - - y3 = h3 + alpha64 - - y2 = h2 + alpha64 - - x0 += x1 - - x6 += x7 - - y3 -= alpha64 - r3low = r3low_stack - - y2 -= alpha64 - r0low = r0low_stack - - x5 = h5 - y5 - r3lowx0 = r3low * x0 - r3high = r3high_stack - - x4 = h4 - y4 - r0lowx6 = r0low * x6 - r0high = r0high_stack - - x3 = h3 - y3 - r3highx0 = r3high * x0 - sr1low = sr1low_stack - - x2 = h2 - y2 - r0highx6 = r0high * x6 - sr1high = sr1high_stack - - x5 += y3 - r0lowx0 = r0low * x0 - r1low = r1low_stack - - h6 = r3lowx0 + r0lowx6 - sr1lowx6 = sr1low * x6 - r1high = r1high_stack - - x4 += y2 - r0highx0 = r0high * x0 - sr2low = sr2low_stack - - h7 = r3highx0 + r0highx6 - sr1highx6 = sr1high * x6 - sr2high = sr2high_stack - - x3 += y1 - r1lowx0 = r1low * x0 - r2low = r2low_stack - - h0 = r0lowx0 + sr1lowx6 - sr2lowx6 = sr2low * x6 - r2high = r2high_stack - - x2 += y0 - r1highx0 = r1high * x0 - sr3low = sr3low_stack - - h1 = r0highx0 + sr1highx6 - sr2highx6 = sr2high * x6 - sr3high = sr3high_stack - - x4 += x5 - r2lowx0 = r2low * x0 - - h2 = r1lowx0 + sr2lowx6 - sr3lowx6 = sr3low * x6 - - x2 += x3 - r2highx0 = r2high * x0 - - h3 = r1highx0 + sr2highx6 - sr3highx6 = sr3high * x6 - - r1highx4 = r1high * x4 - - h4 = r2lowx0 + sr3lowx6 - r1lowx4 = r1low * x4 - - r0highx4 = r0high * x4 - - h5 = r2highx0 + sr3highx6 - r0lowx4 = r0low * x4 - - h7 += r1highx4 - sr3highx4 = sr3high * x4 - - h6 += r1lowx4 - sr3lowx4 = sr3low * x4 - - h5 += r0highx4 - sr2highx4 = sr2high * x4 - - h4 += r0lowx4 - sr2lowx4 = sr2low * x4 - - h3 += sr3highx4 - r0lowx2 = r0low * x2 - - h2 += sr3lowx4 - r0highx2 = r0high * x2 - - h1 += sr2highx4 - r1lowx2 = r1low * x2 - - h0 += sr2lowx4 - r1highx2 = r1high * x2 - - h2 += r0lowx2 - r2lowx2 = r2low * x2 - - h3 += r0highx2 - r2highx2 = r2high * x2 - - h4 += r1lowx2 - sr3lowx2 = sr3low * x2 - - h5 += r1highx2 - sr3highx2 = sr3high * x2 - - h6 += r2lowx2 - - h7 += r2highx2 - - h0 += sr3lowx2 - - h1 += sr3highx2 - -nomorebytes: - - y7 = h7 + alpha130 - - y0 = h0 + alpha32 - - y1 = h1 + alpha32 - - y2 = h2 + alpha64 - - y7 -= alpha130 - - y3 = h3 + alpha64 - - y4 = h4 + alpha96 - - y5 = h5 + alpha96 - - x7 = h7 - y7 - y7 *= scale - - y0 -= alpha32 - - y1 -= alpha32 - - y2 -= alpha64 - - h6 += x7 - - y3 -= alpha64 - - y4 -= alpha96 - - y5 -= alpha96 - - y6 = h6 + alpha130 - - x0 = h0 - y0 - - x1 = h1 - y1 - - x2 = h2 - y2 - - y6 -= alpha130 - - x0 += y7 - - x3 = h3 - y3 - - x4 = h4 - y4 - - x5 = h5 - y5 - - x6 = h6 - y6 - - y6 *= scale - - x2 += y0 - - x3 += y1 - - x4 += y2 - - x0 += y6 - - x5 += y3 - - x6 += y4 - - x2 += x3 - - x0 += x1 - - x4 += x5 - - x6 += y5 - - x2 += offset1 - d1 = int64(math.Float64bits(x2)) - - x0 += offset0 - d0 = int64(math.Float64bits(x0)) - - x4 += offset2 - d2 = int64(math.Float64bits(x4)) - - x6 += offset3 - d3 = int64(math.Float64bits(x6)) - - f0 = uint64(d0) - - f1 = uint64(d1) - bits32 = math.MaxUint64 - - f2 = uint64(d2) - bits32 >>= 32 - - f3 = uint64(d3) - f = f0 >> 32 - - f0 &= bits32 - f &= 255 - - f1 += f - g0 = f0 + 5 - - g = g0 >> 32 - g0 &= bits32 - - f = f1 >> 32 - f1 &= bits32 - - f &= 255 - g1 = f1 + g - - g = g1 >> 32 - f2 += f - - f = f2 >> 32 - g1 &= bits32 - - f2 &= bits32 - f &= 255 - - f3 += f - g2 = f2 + g - - g = g2 >> 32 - g2 &= bits32 - - f4 = f3 >> 32 - f3 &= bits32 - - f4 &= 255 - g3 = f3 + g - - g = g3 >> 32 - g3 &= bits32 - - g4 = f4 + g - - g4 = g4 - 4 - s00 = uint32(s[0]) - - f = uint64(int64(g4) >> 63) - s01 = uint32(s[1]) - - f0 &= f - g0 &^= f - s02 = uint32(s[2]) - - f1 &= f - f0 |= g0 - s03 = uint32(s[3]) - - g1 &^= f - f2 &= f - s10 = uint32(s[4]) - - f3 &= f - g2 &^= f - s11 = uint32(s[5]) - - g3 &^= f - f1 |= g1 - s12 = uint32(s[6]) - - f2 |= g2 - f3 |= g3 - s13 = uint32(s[7]) - - s01 <<= 8 - f0 += uint64(s00) - s20 = uint32(s[8]) - - s02 <<= 16 - f0 += uint64(s01) - s21 = uint32(s[9]) - - s03 <<= 24 - f0 += uint64(s02) - s22 = uint32(s[10]) - - s11 <<= 8 - f1 += uint64(s10) - s23 = uint32(s[11]) - - s12 <<= 16 - f1 += uint64(s11) - s30 = uint32(s[12]) - - s13 <<= 24 - f1 += uint64(s12) - s31 = uint32(s[13]) - - f0 += uint64(s03) - f1 += uint64(s13) - s32 = uint32(s[14]) - - s21 <<= 8 - f2 += uint64(s20) - s33 = uint32(s[15]) - - s22 <<= 16 - f2 += uint64(s21) - - s23 <<= 24 - f2 += uint64(s22) - - s31 <<= 8 - f3 += uint64(s30) - - s32 <<= 16 - f3 += uint64(s31) - - s33 <<= 24 - f3 += uint64(s32) - - f2 += uint64(s23) - f3 += uint64(s33) - - out[0] = byte(f0) - f0 >>= 8 - out[1] = byte(f0) - f0 >>= 8 - out[2] = byte(f0) - f0 >>= 8 - out[3] = byte(f0) - f0 >>= 8 - f1 += f0 - - out[4] = byte(f1) - f1 >>= 8 - out[5] = byte(f1) - f1 >>= 8 - out[6] = byte(f1) - f1 >>= 8 - out[7] = byte(f1) - f1 >>= 8 - f2 += f1 - - out[8] = byte(f2) - f2 >>= 8 - out[9] = byte(f2) - f2 >>= 8 - out[10] = byte(f2) - f2 >>= 8 - out[11] = byte(f2) - f2 >>= 8 - f3 += f2 - - out[12] = byte(f3) - f3 >>= 8 - out[13] = byte(f3) - f3 >>= 8 - out[14] = byte(f3) - f3 >>= 8 - out[15] = byte(f3) -} diff --git a/tls/prf.go b/tls/prf.go index 96efb49b..13bfa009 100644 --- a/tls/prf.go +++ b/tls/prf.go @@ -12,17 +12,18 @@ import ( "crypto/sha256" "crypto/sha512" "errors" + "fmt" "hash" ) -// Split a premaster secret in two as specified in RFC 4346, section 5. +// Split a premaster secret in two as specified in RFC 4346, Section 5. func splitPreMasterSecret(secret []byte) (s1, s2 []byte) { s1 = secret[0 : (len(secret)+1)/2] s2 = secret[len(secret)/2:] return } -// pHash implements the P_hash function, as defined in RFC 4346, section 5. +// pHash implements the P_hash function, as defined in RFC 4346, Section 5. func pHash(result, secret, seed []byte, hash func() hash.Hash) { h := hmac.New(hash, secret) h.Write(seed) @@ -34,12 +35,8 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { h.Write(a) h.Write(seed) b := h.Sum(nil) - todo := len(b) - if j+todo > len(result) { - todo = len(result) - j - } - copy(result[j:j+todo], b) - j += todo + copy(result[j:], b) + j += len(b) h.Reset() h.Write(a) @@ -47,7 +44,7 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { } } -// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5. +// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. func prf10(result, secret, label, seed []byte) { hashSHA1 := sha1.New hashMD5 := md5.New @@ -66,7 +63,7 @@ func prf10(result, secret, label, seed []byte) { } } -// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5. +// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { return func(result, secret, label, seed []byte) { labelAndSeed := make([]byte, len(label)+len(seed)) @@ -77,111 +74,58 @@ func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { } } -// prf30 implements the SSL 3.0 pseudo-random function, as defined in -// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 6. -func prf30(result, secret, label, seed []byte) { - hashSHA1 := sha1.New() - hashMD5 := md5.New() - - done := 0 - i := 0 - // RFC5246 section 6.3 says that the largest PRF output needed is 128 - // bytes. Since no more ciphersuites will be added to SSLv3, this will - // remain true. Each iteration gives us 16 bytes so 10 iterations will - // be sufficient. - var b [11]byte - for done < len(result) { - for j := 0; j <= i; j++ { - b[j] = 'A' + byte(i) - } - - hashSHA1.Reset() - hashSHA1.Write(b[:i+1]) - hashSHA1.Write(secret) - hashSHA1.Write(seed) - digest := hashSHA1.Sum(nil) - - hashMD5.Reset() - hashMD5.Write(secret) - hashMD5.Write(digest) - - done += copy(result[done:], hashMD5.Sum(nil)) - i++ - } -} - -func exportPRF30(result, secret, label, seed []byte) { - hash := md5.New() - hash.Write(secret) - hash.Write(seed) - copy(result, hash.Sum(nil)) -} - const ( - tlsRandomLength = 32 // Length of a random nonce in TLS 1.1. masterSecretLength = 48 // Length of a master secret in TLS 1.1. finishedVerifyLength = 12 // Length of verify_data in a Finished message. ) var masterSecretLabel = []byte("master secret") -var extendedMasterSecretLabel = []byte("extended master secret") var keyExpansionLabel = []byte("key expansion") var clientFinishedLabel = []byte("client finished") var serverFinishedLabel = []byte("server finished") -var clientFinalKeyLabel = []byte("client write key") -var serverFinalKeyLabel = []byte("server write key") -var finalIVLabel = []byte("IV block") -func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) { +func prfAndHashForVersion(version uint16, suite *cipherSuite) (func(result, secret, label, seed []byte), crypto.Hash) { switch version { - case VersionSSL30: - return prf30 case VersionTLS10, VersionTLS11: - return prf10 + return prf10, crypto.Hash(0) case VersionTLS12: if suite.flags&suiteSHA384 != 0 { - return prf12(sha512.New384) + return prf12(sha512.New384), crypto.SHA384 } - return prf12(sha256.New) + return prf12(sha256.New), crypto.SHA256 default: panic("unknown version") } } +func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) { + prf, _ := prfAndHashForVersion(version, suite) + return prf +} + // masterFromPreMasterSecret generates the master secret from the pre-master -// secret. See http://tools.ietf.org/html/rfc5246#section-8.1 +// secret. See RFC 5246, Section 8.1. func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte { - seed := make([]byte, len(clientRandom)+len(serverRandom)) - copy(seed[0:len(clientRandom)], clientRandom) - copy(seed[len(clientRandom):], serverRandom) - masterSecret := make([]byte, masterSecretLength) - prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed[0:]) - return masterSecret -} + seed := make([]byte, 0, len(clientRandom)+len(serverRandom)) + seed = append(seed, clientRandom...) + seed = append(seed, serverRandom...) -// extendedMasterFromPreMasterSecret generates the master secret from the -// pre-master secret when the Triple Handshake fix is in effect. See -// https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 -func extendedMasterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret []byte, h finishedHash) []byte { masterSecret := make([]byte, masterSecretLength) - prfForVersion(version, suite)(masterSecret, preMasterSecret, extendedMasterSecretLabel, h.Sum()) + prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed) return masterSecret } // keysFromMasterSecret generates the connection keys from the master // secret, given the lengths of the MAC key, cipher key and IV, as defined in -// RFC 2246, section 6.3. +// RFC 2246, Section 6.3. func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { - if suite.flags&suiteExport > 0 { - return exportKeysFromMasterSecret(version, suite, masterSecret, clientRandom, serverRandom, macLen, keyLen, ivLen) - } - var seed [tlsRandomLength * 2]byte - copy(seed[0:len(clientRandom)], serverRandom) - copy(seed[len(serverRandom):], clientRandom) + seed := make([]byte, 0, len(serverRandom)+len(clientRandom)) + seed = append(seed, serverRandom...) + seed = append(seed, clientRandom...) n := 2*macLen + 2*keyLen + 2*ivLen keyMaterial := make([]byte, n) - prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed[0:]) + prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed) clientMAC = keyMaterial[:macLen] keyMaterial = keyMaterial[macLen:] serverMAC = keyMaterial[:macLen] @@ -196,116 +140,18 @@ func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clie return } -// The crypto wars must have been the worst -func exportKeysFromMasterSecret30(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { - var seed [tlsRandomLength * 2]byte - copy(seed[0:len(clientRandom)], serverRandom) - copy(seed[len(serverRandom):], clientRandom) - n := 2*macLen + 2*keyLen - keyMaterial := make([]byte, n) - prf30(keyMaterial, masterSecret, keyExpansionLabel, seed[0:]) - clientMAC = keyMaterial[:macLen] - keyMaterial = keyMaterial[macLen:] - serverMAC = keyMaterial[:macLen] - keyMaterial = keyMaterial[macLen:] - clientKey = keyMaterial[:keyLen] - keyMaterial = keyMaterial[keyLen:] - serverKey = keyMaterial[:keyLen] - var exportSeed [tlsRandomLength * 2]byte - copy(exportSeed[0:len(serverRandom)], clientRandom) - copy(exportSeed[len(clientRandom):], serverRandom) - expandedKeyLen := suite.expandedKeyLen - finalKeyBlock := make([]byte, 2*expandedKeyLen) - exportPRF30(finalKeyBlock[:expandedKeyLen], clientKey, clientFinalKeyLabel, exportSeed[0:]) - clientKey = finalKeyBlock[:expandedKeyLen] - finalKeyBlock = finalKeyBlock[expandedKeyLen:] - exportPRF30(finalKeyBlock[:expandedKeyLen], serverKey, serverFinalKeyLabel, seed[0:]) - serverKey = finalKeyBlock[:expandedKeyLen] - ivBlock := make([]byte, 2*ivLen) - clientIV = ivBlock[:ivLen] - exportPRF30(clientIV, []byte{}, finalIVLabel, exportSeed[0:]) - ivBlock = ivBlock[ivLen:] - serverIV = ivBlock[:ivLen] - exportPRF30(serverIV, []byte{}, finalIVLabel, seed[0:]) - return -} - -// If a cryptographer kills me in the night, let it be known I was sorry -func exportKeysFromMasterSecretTLS(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { - var seed [tlsRandomLength * 2]byte - copy(seed[0:len(clientRandom)], serverRandom) - copy(seed[len(serverRandom):], clientRandom) - n := 2*macLen + 2*keyLen - keyMaterial := make([]byte, n) - prf := prfForVersion(version, suite) - prf(keyMaterial, masterSecret, keyExpansionLabel, seed[0:]) - clientMAC = keyMaterial[:macLen] - keyMaterial = keyMaterial[macLen:] - serverMAC = keyMaterial[:macLen] - keyMaterial = keyMaterial[macLen:] - clientKey = keyMaterial[:keyLen] - keyMaterial = keyMaterial[keyLen:] - serverKey = keyMaterial[:keyLen] - expandedKeyLen := suite.expandedKeyLen - finalKeyBlock := make([]byte, 2*expandedKeyLen) - var exportSeed [tlsRandomLength * 2]byte - copy(exportSeed[0:len(serverRandom)], clientRandom) - copy(exportSeed[len(clientRandom):], serverRandom) - prf(finalKeyBlock[:expandedKeyLen], clientKey, clientFinalKeyLabel, exportSeed[0:]) - clientKey = finalKeyBlock[:expandedKeyLen] - finalKeyBlock = finalKeyBlock[expandedKeyLen:] - prf(finalKeyBlock[:expandedKeyLen], serverKey, serverFinalKeyLabel, exportSeed[0:]) - serverKey = finalKeyBlock[:expandedKeyLen] - ivBlock := make([]byte, 2*ivLen) - prf(ivBlock, []byte{}, finalIVLabel, exportSeed[0:]) - clientIV = ivBlock[:ivLen] - ivBlock = ivBlock[ivLen:] - serverIV = ivBlock[:ivLen] - return -} - -func exportKeysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { - switch version { - case VersionSSL30: - return exportKeysFromMasterSecret30(version, suite, masterSecret, clientRandom, serverRandom, macLen, keyLen, ivLen) - case VersionTLS10, VersionTLS11, VersionTLS12: - return exportKeysFromMasterSecretTLS(version, suite, masterSecret, clientRandom, serverRandom, macLen, keyLen, ivLen) - default: - panic("unknown version") - } -} - -// lookupTLSHash looks up the corresponding crypto.Hash for a given -// TLS hash identifier. -func lookupTLSHash(hash uint8) (crypto.Hash, error) { - switch hash { - case hashMD5: - return crypto.MD5, nil - case hashSHA1: - return crypto.SHA1, nil - case hashSHA224: - return crypto.SHA224, nil - case hashSHA256: - return crypto.SHA256, nil - case hashSHA384: - return crypto.SHA384, nil - case hashSHA512: - return crypto.SHA512, nil - default: - return 0, errors.New("tls: unsupported hash algorithm") - } -} - func newFinishedHash(version uint16, cipherSuite *cipherSuite) finishedHash { + var buffer []byte if version >= VersionTLS12 { - newHash := sha256.New - if cipherSuite != nil && cipherSuite.flags&suiteSHA384 != 0 { - newHash = sha512.New384 - } + buffer = []byte{} + } - return finishedHash{newHash(), newHash(), nil, nil, []byte{}, version, prf12(newHash)} + prf, hash := prfAndHashForVersion(version, cipherSuite) + if hash != 0 { + return finishedHash{hash.New(), hash.New(), nil, nil, buffer, version, prf} } - return finishedHash{sha1.New(), sha1.New(), md5.New(), md5.New(), []byte{}, version, prf10} + + return finishedHash{sha1.New(), sha1.New(), md5.New(), md5.New(), buffer, version, prf} } // A finishedHash calculates the hash of a set of handshake messages suitable @@ -318,8 +164,7 @@ type finishedHash struct { clientMD5 hash.Hash serverMD5 hash.Hash - // In TLS 1.2 (and SSL 3 for implementation convenience), a - // full buffer is required. + // In TLS 1.2, a full buffer is sadly required. buffer []byte version uint16 @@ -352,48 +197,9 @@ func (h finishedHash) Sum() []byte { return h.client.Sum(out) } -// finishedSum30 calculates the contents of the verify_data member of a SSLv3 -// Finished message given the MD5 and SHA1 hashes of a set of handshake -// messages. -func finishedSum30(md5, sha1 hash.Hash, masterSecret []byte, magic []byte) []byte { - md5.Write(magic) - md5.Write(masterSecret) - md5.Write(ssl30Pad1[:]) - md5Digest := md5.Sum(nil) - - md5.Reset() - md5.Write(masterSecret) - md5.Write(ssl30Pad2[:]) - md5.Write(md5Digest) - md5Digest = md5.Sum(nil) - - sha1.Write(magic) - sha1.Write(masterSecret) - sha1.Write(ssl30Pad1[:40]) - sha1Digest := sha1.Sum(nil) - - sha1.Reset() - sha1.Write(masterSecret) - sha1.Write(ssl30Pad2[:40]) - sha1.Write(sha1Digest) - sha1Digest = sha1.Sum(nil) - - ret := make([]byte, len(md5Digest)+len(sha1Digest)) - copy(ret, md5Digest) - copy(ret[len(md5Digest):], sha1Digest) - return ret -} - -var ssl3ClientFinishedMagic = [4]byte{0x43, 0x4c, 0x4e, 0x54} -var ssl3ServerFinishedMagic = [4]byte{0x53, 0x52, 0x56, 0x52} - // clientSum returns the contents of the verify_data member of a client's // Finished message. func (h finishedHash) clientSum(masterSecret []byte) []byte { - if h.version == VersionSSL30 { - return finishedSum30(h.clientMD5, h.client, masterSecret, ssl3ClientFinishedMagic[:]) - } - out := make([]byte, finishedVerifyLength) h.prf(out, masterSecret, clientFinishedLabel, h.Sum()) return out @@ -402,57 +208,76 @@ func (h finishedHash) clientSum(masterSecret []byte) []byte { // serverSum returns the contents of the verify_data member of a server's // Finished message. func (h finishedHash) serverSum(masterSecret []byte) []byte { - if h.version == VersionSSL30 { - return finishedSum30(h.serverMD5, h.server, masterSecret, ssl3ServerFinishedMagic[:]) - } - out := make([]byte, finishedVerifyLength) h.prf(out, masterSecret, serverFinishedLabel, h.Sum()) return out } -// selectClientCertSignatureAlgorithm returns a SigAndHash to sign a -// client's CertificateVerify with, or an error if none can be found. -func (h finishedHash) selectClientCertSignatureAlgorithm(serverList, clientList []SigAndHash, sigType uint8) (SigAndHash, error) { - if h.version < VersionTLS12 { - // Nothing to negotiate before TLS 1.2. - return SigAndHash{Signature: sigType}, nil +// hashForClientCertificate returns the handshake messages so far, pre-hashed if +// necessary, suitable for signing by a TLS client certificate. +func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash, masterSecret []byte) []byte { + if (h.version >= VersionTLS12 || sigType == signatureEd25519) && h.buffer == nil { + panic("tls: handshake hash for a client certificate requested after discarding the handshake buffer") } - for _, v := range serverList { - if v.Signature == sigType && isSupportedSignatureAndHash(v, clientList) { - return v, nil - } + if sigType == signatureEd25519 { + return h.buffer } - return SigAndHash{}, errors.New("tls: no supported signature algorithm found for signing client certificate") -} - -// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash -// id suitable for signing by a TLS client certificate. -func (h finishedHash) hashForClientCertificate(signatureAndHash SigAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) { - if h.version == VersionSSL30 { - if signatureAndHash.Signature != signatureRSA { - return nil, 0, errors.New("tls: unsupported signature type for client certificate") - } - md5Hash := md5.New() - md5Hash.Write(h.buffer) - sha1Hash := sha1.New() - sha1Hash.Write(h.buffer) - return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil - } if h.version >= VersionTLS12 { - hashAlg, err := lookupTLSHash(signatureAndHash.Hash) - if err != nil { - return nil, 0, err - } hash := hashAlg.New() hash.Write(h.buffer) - return hash.Sum(nil), hashAlg, nil + return hash.Sum(nil) } - if signatureAndHash.Signature == signatureECDSA { - return h.server.Sum(nil), crypto.SHA1, nil + + if sigType == signatureECDSA { + return h.server.Sum(nil) } - return h.Sum(), crypto.MD5SHA1, nil + return h.Sum() +} + +// discardHandshakeBuffer is called when there is no more need to +// buffer the entirety of the handshake messages. +func (h *finishedHash) discardHandshakeBuffer() { + h.buffer = nil +} + +// noExportedKeyingMaterial is used as a value of +// ConnectionState.ekm when renegotiation is enabled and thus +// we wish to fail all key-material export requests. +func noExportedKeyingMaterial(label string, context []byte, length int) ([]byte, error) { + return nil, errors.New("crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled") +} + +// ekmFromMasterSecret generates exported keying material as defined in RFC 5705. +func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, error) { + return func(label string, context []byte, length int) ([]byte, error) { + switch label { + case "client finished", "server finished", "master secret", "key expansion": + // These values are reserved and may not be used. + return nil, fmt.Errorf("crypto/tls: reserved ExportKeyingMaterial label: %s", label) + } + + seedLen := len(serverRandom) + len(clientRandom) + if context != nil { + seedLen += 2 + len(context) + } + seed := make([]byte, 0, seedLen) + + seed = append(seed, clientRandom...) + seed = append(seed, serverRandom...) + + if context != nil { + if len(context) >= 1<<16 { + return nil, fmt.Errorf("crypto/tls: ExportKeyingMaterial context too long") + } + seed = append(seed, byte(len(context)>>8), byte(len(context))) + seed = append(seed, context...) + } + + keyMaterial := make([]byte, length) + prfForVersion(version, suite)(keyMaterial, masterSecret, []byte(label), seed) + return keyMaterial, nil + } } diff --git a/tls/prf_test.go b/tls/prf_test.go index b691c3c1..8233985a 100644 --- a/tls/prf_test.go +++ b/tls/prf_test.go @@ -34,13 +34,15 @@ func TestSplitPreMasterSecret(t *testing.T) { } type testKeysFromTest struct { - version uint16 - preMasterSecret string - clientRandom, serverRandom string - masterSecret string - clientMAC, serverMAC string - clientKey, serverKey string - macLen, keyLen int + version uint16 + suite *cipherSuite + preMasterSecret string + clientRandom, serverRandom string + masterSecret string + clientMAC, serverMAC string + clientKey, serverKey string + macLen, keyLen int + contextKeyingMaterial, noContextKeyingMaterial string } func TestKeysFromPreMasterSecret(t *testing.T) { @@ -49,15 +51,13 @@ func TestKeysFromPreMasterSecret(t *testing.T) { clientRandom, _ := hex.DecodeString(test.clientRandom) serverRandom, _ := hex.DecodeString(test.serverRandom) - suite := mutualCipherSuite([]uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, TLS_RSA_WITH_AES_128_CBC_SHA) - - masterSecret := masterFromPreMasterSecret(test.version, suite, in, clientRandom, serverRandom) + masterSecret := masterFromPreMasterSecret(test.version, test.suite, in, clientRandom, serverRandom) if s := hex.EncodeToString(masterSecret); s != test.masterSecret { t.Errorf("#%d: bad master secret %s, want %s", i, s, test.masterSecret) continue } - clientMAC, serverMAC, clientKey, serverKey, _, _ := keysFromMasterSecret(test.version, suite, masterSecret, clientRandom, serverRandom, test.macLen, test.keyLen, 0) + clientMAC, serverMAC, clientKey, serverKey, _, _ := keysFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom, test.macLen, test.keyLen, 0) clientMACString := hex.EncodeToString(clientMAC) serverMACString := hex.EncodeToString(serverMAC) clientKeyString := hex.EncodeToString(clientKey) @@ -68,6 +68,22 @@ func TestKeysFromPreMasterSecret(t *testing.T) { serverKeyString != test.serverKey { t.Errorf("#%d: got: (%s, %s, %s, %s) want: (%s, %s, %s, %s)", i, clientMACString, serverMACString, clientKeyString, serverKeyString, test.clientMAC, test.serverMAC, test.clientKey, test.serverKey) } + + ekm := ekmFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom) + contextKeyingMaterial, err := ekm("label", []byte("context"), 32) + if err != nil { + t.Fatalf("ekmFromMasterSecret failed: %v", err) + } + + noContextKeyingMaterial, err := ekm("label", nil, 32) + if err != nil { + t.Fatalf("ekmFromMasterSecret failed: %v", err) + } + + if hex.EncodeToString(contextKeyingMaterial) != test.contextKeyingMaterial || + hex.EncodeToString(noContextKeyingMaterial) != test.noContextKeyingMaterial { + t.Errorf("#%d: got keying material: (%s, %s) want: (%s, %s)", i, contextKeyingMaterial, noContextKeyingMaterial, test.contextKeyingMaterial, test.noContextKeyingMaterial) + } } } @@ -75,6 +91,7 @@ func TestKeysFromPreMasterSecret(t *testing.T) { var testKeysFromTests = []testKeysFromTest{ { VersionTLS10, + cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA), "0302cac83ad4b1db3b9ab49ad05957de2a504a634a386fc600889321e1a971f57479466830ac3e6f468e87f5385fa0c5", "4ae66303755184a3917fcb44880605fcc53baa01912b22ed94473fc69cebd558", "4ae663020ec16e6bb5130be918cfcafd4d765979a3136a5d50c593446e4e44db", @@ -85,9 +102,12 @@ var testKeysFromTests = []testKeysFromTest{ "e076e33206b30507a85c32855acd0919", 20, 16, + "4d1bb6fc278c37d27aa6e2a13c2e079095d143272c2aa939da33d88c1c0cec22", + "93fba89599b6321ae538e27c6548ceb8b46821864318f5190d64a375e5d69d41", }, { VersionTLS10, + cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA), "03023f7527316bc12cbcd69e4b9e8275d62c028f27e65c745cfcddc7ce01bd3570a111378b63848127f1c36e5f9e4890", "4ae66364b5ea56b20ce4e25555aed2d7e67f42788dd03f3fee4adae0459ab106", "4ae66363ab815cbf6a248b87d6b556184e945e9b97fbdf247858b0bdafacfa1c", @@ -98,9 +118,12 @@ var testKeysFromTests = []testKeysFromTest{ "df3f94f6e1eacc753b815fe16055cd43", 20, 16, + "2c9f8961a72b97cbe76553b5f954caf8294fc6360ef995ac1256fe9516d0ce7f", + "274f19c10291d188857ad8878e2119f5aa437d4da556601cf1337aff23154016", }, { VersionTLS10, + cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA), "832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1", "4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e", "4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e", @@ -111,18 +134,7 @@ var testKeysFromTests = []testKeysFromTest{ "ff07edde49682b45466bd2e39464b306", 20, 16, - }, - { - VersionSSL30, - "832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1", - "4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e", - "4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e", - "a614863e56299dcffeea2938f22c2ba023768dbe4b3f6877bc9c346c6ae529b51d9cb87ff9695ea4d01f2205584405b2", - "2c450d5b6f6e2013ac6bea6a0b32200d4e1ffb94", - "7a7a7438769536f2fb1ae49a61f0703b79b2dc53", - "f8f6b26c10f12855c9aafb1e0e839ccf", - "2b9d4b4a60cb7f396780ebff50650419", - 20, - 16, + "678b0d43f607de35241dc7e9d1a7388a52c35033a1a0336d4d740060a6638fe2", + "f3b4ac743f015ef21d79978297a53da3e579ee047133f38c234d829c0f907dab", }, } diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA index 00722cba..9de3f143 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 53 04 f1 03 46 |....Y...U..S...F| -00000010 0f 84 c4 cb 55 ef 85 f6 4f d7 0e e1 4b 10 d4 bb |....U...O...K...| -00000020 35 87 2d f3 d7 18 ec 4e 95 4b f4 20 28 82 94 d9 |5.-....N.K. (...| -00000030 df c4 fc ee 21 23 c1 e2 76 3e 7b 09 af 2c 39 23 |....!#..v>{..,9#| -00000040 f8 46 6c 31 88 42 f0 79 de 37 2b 00 c0 09 00 00 |.Fl1.B.y.7+.....| +00000000 16 03 01 00 59 02 00 00 55 03 01 94 1f ba 79 da |....Y...U.....y.| +00000010 4b 58 3e 08 2c c5 31 36 a4 7e 32 bf e1 a0 f7 71 |KX>.,.16.~2....q| +00000020 01 48 63 3c 5f cb 08 7a 25 80 c7 20 35 0c c0 8b |.Hc<_..z%.. 5...| +00000030 df 30 fc dc 3d f1 48 96 0d b6 ff a8 cd 35 29 57 |.0..=.H......5)W| +00000040 7d 3f c2 9d e2 32 b1 c2 4c 05 5e 3b c0 09 00 00 |}?...2..L.^;....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,21 +55,20 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 d5 0c 00 00 d1 03 00 17 41 04 4f |*............A.O| -00000280 47 16 72 98 9e 9f 2e 8e 78 e9 0f fe 95 83 7b aa |G.r.....x.....{.| -00000290 e5 3d c0 7d cf 83 bd 22 0b fd 48 f1 a7 49 a5 7d |.=.}..."..H..I.}| -000002a0 8e 0c 83 7f e1 2d 71 03 cc 90 09 ab f7 35 81 48 |.....-q......5.H| -000002b0 a4 1e 7d 87 21 23 12 58 2c 47 f3 af c7 6c 71 00 |..}.!#.X,G...lq.| -000002c0 8a 30 81 87 02 42 00 b4 03 38 60 43 d9 32 ef 64 |.0...B...8`C.2.d| -000002d0 5a 9c 91 95 0d 10 21 53 c7 78 f8 bf 50 ed 13 5d |Z.....!S.x..P..]| -000002e0 c3 e7 71 d6 11 04 f1 e4 9d ce 17 99 8d 1a 87 1f |..q.............| -000002f0 cb dd f8 1b ae cd bc 4a 77 ab 7c 50 bf 73 c3 ea |.......Jw.|P.s..| -00000300 d6 df 88 56 f6 b1 03 83 02 41 66 3d fb 4e 7e af |...V.....Af=.N~.| -00000310 4e c1 60 fe 09 fa 7e 74 99 66 7f de b4 b2 74 89 |N.`...~t.f....t.| -00000320 1c a4 cf 74 1a 55 a5 be 74 f9 36 21 3d ae c8 c3 |...t.U..t.6!=...| -00000330 24 8e ad db a3 26 67 8f 98 27 e3 93 ee d9 5c fb |$....&g..'....\.| -00000340 85 82 e2 13 c3 50 ab e9 f6 39 2b 16 03 01 00 0e |.....P...9+.....| -00000350 0d 00 00 06 03 01 02 40 00 00 0e 00 00 00 |.......@......| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 1a 74 |*............ .t| +00000280 c4 96 9e 65 45 9a 0a 01 7c ed 7b 51 01 d8 ba 5b |...eE...|.{Q...[| +00000290 3e 2f b1 4b 36 69 e8 47 75 7e 27 be b3 2f 00 8b |>/.K6i.Gu~'../..| +000002a0 30 81 88 02 42 01 cb 20 d9 1e ae 05 6f 1f 37 ce |0...B.. ....o.7.| +000002b0 dc 38 20 2f 8f 52 9a 92 f6 80 d6 f9 97 99 a5 8b |.8 /.R..........| +000002c0 6e 73 0b 95 a4 4e 82 67 bd 1a 34 d9 5c 4e b4 d7 |ns...N.g..4.\N..| +000002d0 35 e6 45 81 14 23 9c 4e 5a 4c 1b 93 fd 7f 43 18 |5.E..#.NZL....C.| +000002e0 db 54 4b e0 d1 d3 fa 02 42 00 ab 8e 34 d5 c2 04 |.TK.....B...4...| +000002f0 d0 a4 44 b1 b3 25 a0 af c8 80 b3 88 ae da b3 c6 |..D..%..........| +00000300 4f 57 ae 31 54 c6 d9 ee 4e 21 56 01 cc b9 6a e9 |OW.1T...N!V...j.| +00000310 e9 7e 62 2a 64 0e a4 a0 79 1e a3 64 52 70 b1 a5 |.~b*d...y..dRp..| +00000320 19 2c a4 6d 4b 3b a3 63 ed 56 2f 16 03 01 00 0a |.,.mK;.c.V/.....| +00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000340 00 00 00 |...| >>> Flow 3 (client to server) 00000000 16 03 01 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -96,34 +103,32 @@ 000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| 000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| -00000210 03 01 00 46 10 00 00 42 41 04 1e 18 37 ef 0d 19 |...F...BA...7...| -00000220 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 |Q.5uq..T[....g..| -00000230 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 |$ >.V...(^.+-O..| -00000240 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 |..lK[.V.2B.X..I.| -00000250 b5 68 1a 41 03 56 6b dc 5a 89 16 03 01 00 90 0f |.h.A.Vk.Z.......| -00000260 00 00 8c 00 8a 30 81 87 02 42 00 c6 85 8e 06 b7 |.....0...B......| -00000270 04 04 e9 cd 9e 3e cb 66 23 95 b4 42 9c 64 81 39 |.....>.f#..B.d.9| -00000280 05 3f b5 21 f8 28 af 60 6b 4d 3d ba a1 4b 5e 77 |.?.!.(.`kM=..K^w| -00000290 ef e7 59 28 fe 1d c1 27 a2 ff a8 de 33 48 b3 c1 |..Y(...'....3H..| -000002a0 85 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 02 41 4b 49 |.jB..~~1...f.AKI| -000002b0 c6 cd 02 e3 83 f7 03 50 18 6d b4 c9 51 02 c0 ab |.......P.m..Q...| -000002c0 87 bc e0 3e 4b 89 53 3a e2 65 89 97 02 c1 87 f1 |...>K.S:.e......| -000002d0 67 d0 f2 06 28 4e 51 4e fd f0 01 be 41 3c 52 42 |g...(NQN....AD$..w.wo...| -000002f0 03 01 00 01 01 16 03 01 00 30 a3 da 45 22 96 83 |.........0..E"..| -00000300 59 90 e9 6b ec 3b 77 50 05 89 e6 0c 61 d1 1d 2b |Y..k.;wP....a..+| -00000310 da d4 49 bf b9 c6 dd ad c3 9c 82 bd 53 62 e8 57 |..I.........Sb.W| -00000320 a4 6a e7 9f b1 d5 39 77 88 6d |.j....9w.m| +00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 90 0f 00 |...._X.;t.......| +00000240 00 8c 00 8a 30 81 87 02 42 01 89 0f 43 df a8 34 |....0...B...C..4| +00000250 dd d7 c9 d4 2b 8d ec 29 77 7b 64 d0 0e 8c e8 2b |....+..)w{d....+| +00000260 e3 25 1c ed 0a 1b 05 e0 66 42 37 c0 e6 fa 3e 81 |.%......fB7...>.| +00000270 ec e1 06 99 f4 62 3f ea 55 79 ae 68 56 9e e3 3c |.....b?.Uy.hV..<| +00000280 83 ba 9b 1c 65 b9 eb a6 e7 f7 4e 02 41 61 2c 52 |....e.....N.Aa,R| +00000290 4c 48 92 b0 93 d8 31 58 c3 90 b0 e3 7d 55 94 fc |LH....1X....}U..| +000002a0 70 bf 18 42 51 73 d0 45 17 2e 0e 00 b0 12 76 0d |p..BQs.E......v.| +000002b0 35 78 cb fd 34 60 36 ff ed 19 ef 0a 1e 21 cc 4c |5x..4`6......!.L| +000002c0 9a ff a0 f7 cf 72 03 cd 00 bb 73 0d 1d e5 14 03 |.....r....s.....| +000002d0 01 00 01 01 16 03 01 00 30 69 76 1f 5b 81 5f 62 |........0iv.[._b| +000002e0 cf d5 d9 2c 19 71 80 d0 2a 97 8a 89 21 7f 6d 02 |...,.q..*...!.m.| +000002f0 b6 01 a4 ed fe 18 9f 34 ae 95 f6 a1 29 0b 9a 1c |.......4....)...| +00000300 04 b6 ce c7 d1 0c 5a b5 3f |......Z.?| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 a4 45 dd 99 df |..........0.E...| -00000010 66 ae f5 c7 bd 1a eb 6a ff ac a6 38 14 81 b5 07 |f......j...8....| -00000020 86 24 80 f1 09 59 ad 33 3d 43 ed 9e 43 b1 1e 9f |.$...Y.3=C..C...| -00000030 bd 8c b3 e0 41 83 a1 34 91 c5 a1 |....A..4...| +00000000 14 03 01 00 01 01 16 03 01 00 30 7d 4b fc 73 20 |..........0}K.s | +00000010 e4 ac c4 39 15 79 e3 89 e1 24 ce 28 30 e5 f1 87 |...9.y...$.(0...| +00000020 cd c0 cc 39 a8 77 3b 06 a5 f9 b0 a1 3d 54 53 3b |...9.w;.....=TS;| +00000030 53 ec ac b2 ea 24 1b 2d 6a ef c3 |S....$.-j..| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 ae e3 ae 7f 2d e3 a2 f7 1b 4e 69 |.... ....-....Ni| -00000010 cb 18 c6 68 42 f8 de 61 92 4c fa d6 19 7c 8c 09 |...hB..a.L...|..| -00000020 82 e2 f2 32 19 17 03 01 00 20 2a 77 65 1f c1 fd |...2..... *we...| -00000030 5e 37 b7 15 f6 1f 4c 7f 5f 89 52 b4 32 27 4d 17 |^7....L._.R.2'M.| -00000040 33 c6 e8 50 ac 70 c8 b9 2d 0a 15 03 01 00 20 e0 |3..P.p..-..... .| -00000050 cb ce 07 80 55 a0 46 ca a7 25 4c 5f 9d 7c 73 37 |....U.F..%L_.|s7| -00000060 de 72 6d 36 a8 e4 be fd 2a e7 f8 8d 14 80 b7 |.rm6....*......| +00000000 17 03 01 00 20 9d 57 d2 4b 5b 7e 7d 7c 28 f7 8e |.... .W.K[~}|(..| +00000010 00 0a b6 1c 3c 6b df 4d 06 c0 f8 db 86 2e 8f 8e |....>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 51 02 00 00 4d 03 01 53 04 f1 02 ed |....Q...M..S....| -00000010 86 9c 56 84 5a d3 7d d7 f3 4e 6f 2c 69 0d f0 59 |..V.Z.}..No,i..Y| -00000020 a5 d1 de 2d 03 2f dd 63 c3 ab fa 20 30 d6 5a 24 |...-./.c... 0.Z$| -00000030 5c 31 67 36 8d 4c 43 e1 64 c4 8a 2c a5 fd 39 92 |\1g6.LC.d..,..9.| -00000040 c5 6f 58 47 a3 fe 63 14 98 92 11 90 00 05 00 00 |.oXG..c.........| -00000050 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 0e 0d 00 |n8P)l...........| -00000320 00 06 03 01 02 40 00 00 0e 00 00 00 |.....@......| +00000000 16 03 01 00 59 02 00 00 55 03 01 97 0c 7e fc 7f |....Y...U....~..| +00000010 96 47 02 21 a7 19 45 a5 79 5c 5e fc c2 15 b3 fa |.G.!..E.y\^.....| +00000020 84 98 7d 67 65 c8 48 58 a1 5d 67 20 ad 2a c6 b3 |..}ge.HX.]g .*..| +00000030 a4 17 82 12 4a c5 97 af 12 6b 7d f6 9e 49 f1 38 |....J....k}..I.8| +00000040 d0 56 76 bc 81 23 ad 3a 3e 7f bc 2d c0 13 00 00 |.Vv..#.:>..-....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 a4 24 f7 67 e3 da fa |........ .$.g...| +000002d0 10 33 95 b4 46 00 c0 3c cd 74 12 e4 a3 3b 01 70 |.3..F..<.t...;.p| +000002e0 fb 98 01 9a e9 2d d0 18 7b 00 80 ce c5 7b 4b 87 |.....-..{....{K.| +000002f0 cd bc 5d 63 09 7e d4 ce 09 53 7a 1b e5 b4 10 54 |..]c.~...Sz....T| +00000300 89 52 ac 82 9c 78 88 ed e8 1a 8c 3a 7a 2c 9a c5 |.R...x.....:z,..| +00000310 2b 97 1c 79 43 bd b1 ee 93 6f 4c 4d fc 3c 47 91 |+..yC....oLM.>> Flow 3 (client to server) 00000000 16 03 01 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -93,33 +107,32 @@ 000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| 000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| -00000210 03 01 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 3e |..........mQ...>| -00000220 fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c 8e |.u.A6..j.*.%.gL.| -00000230 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 1d |b/0......+.#....| -00000240 f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 0d |.;...'..$...[.f.| -00000250 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be c8 |j.....C.........| -00000260 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce e6 |.9L.....K.../...| -00000270 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 f1 |.w.o#......:..V.| -00000280 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 35 |.T^F..;3..(....5| -00000290 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 01 00 90 0f |..C.0oUN.p......| -000002a0 00 00 8c 00 8a 30 81 87 02 42 00 c6 85 8e 06 b7 |.....0...B......| -000002b0 04 04 e9 cd 9e 3e cb 66 23 95 b4 42 9c 64 81 39 |.....>.f#..B.d.9| -000002c0 05 3f b5 21 f8 28 af 60 6b 4d 3d ba a1 4b 5e 77 |.?.!.(.`kM=..K^w| -000002d0 ef e7 59 28 fe 1d c1 27 a2 ff a8 de 33 48 b3 c1 |..Y(...'....3H..| -000002e0 85 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 02 41 4b 49 |.jB..~~1...f.AKI| -000002f0 c6 cd 02 e3 83 f7 03 50 18 6d b4 c9 51 02 c0 ab |.......P.m..Q...| -00000300 87 bc e0 3e 4b 89 53 3a e2 65 89 97 02 c1 87 f1 |...>K.S:.e......| -00000310 67 d0 f2 06 28 4e 51 4e fd f0 01 47 e7 c9 d9 23 |g...(NQN...G...#| -00000320 21 6b 87 d2 55 e3 c9 f7 eb 86 d5 1e 50 df d5 14 |!k..U.......P...| -00000330 03 01 00 01 01 16 03 01 00 24 95 62 42 be 90 39 |.........$.bB..9| -00000340 68 ae f5 77 47 21 14 b9 ac ee 81 2d e3 9e c7 34 |h..wG!.....-...4| -00000350 3a 00 5c c9 12 1d c0 5a 7c e7 ef e0 cd fd |:.\....Z|.....| +00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| +00000240 00 8d 00 8b 30 81 88 02 42 01 71 f3 c4 3a 85 08 |....0...B.q..:..| +00000250 3b 18 26 48 5c 3f c3 8a 4f e9 d7 29 48 59 1a 35 |;.&H\?..O..)HY.5| +00000260 ee b3 0d 5e 29 03 1d 34 95 0e 40 73 85 13 14 d0 |...^)..4..@s....| +00000270 fb fb 96 77 21 fb d8 43 d7 e2 bf 2c 95 7b 75 5d |...w!..C...,.{u]| +00000280 59 15 81 71 d2 b6 82 96 d9 cc 78 02 42 01 d3 51 |Y..q......x.B..Q| +00000290 af 25 d0 f8 a4 e2 e7 8e 7e 46 56 53 8f d1 09 f6 |.%......~FVS....| +000002a0 76 88 5a 42 83 89 92 7b c7 e4 40 9c 3d 05 ac 43 |v.ZB...{..@.=..C| +000002b0 bf 6e 24 14 fe 36 f8 43 a6 90 8e a1 bd e2 92 84 |.n$..6.C........| +000002c0 60 e3 92 34 1c 7b 53 d5 57 6d 23 32 12 a8 23 14 |`..4.{S.Wm#2..#.| +000002d0 03 01 00 01 01 16 03 01 00 30 6f 06 c7 84 fa 7f |.........0o.....| +000002e0 c9 66 a9 6f 26 37 45 db 42 c8 8f 63 c3 5b 05 07 |.f.o&7E.B..c.[..| +000002f0 ef 07 41 be 71 60 35 d3 16 8f 92 f6 89 cb c7 dc |..A.q`5.........| +00000300 4e 45 61 99 31 45 66 40 36 86 |NEa.1Ef@6.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 24 ea 98 c0 fb 86 |..........$.....| -00000010 87 7a 2e e1 c7 68 61 3e 5b cc da 1f d6 7b ab 5a |.z...ha>[....{.Z| -00000020 a0 ae a2 cf d0 54 44 19 12 db 75 2b 8c 73 8c |.....TD...u+.s.| +00000000 14 03 01 00 01 01 16 03 01 00 30 d3 83 ac 08 7f |..........0.....| +00000010 a1 91 51 7c b7 99 6f 24 cd b1 cd 31 7b 12 20 47 |..Q|..o$...1{. G| +00000020 66 08 22 f6 28 ea 81 fe 92 b5 c8 40 60 bc 5b 19 |f.".(......@`.[.| +00000030 e0 2b d1 26 fd 4c 12 22 c5 13 9a |.+.&.L."...| >>> Flow 5 (client to server) -00000000 17 03 01 00 1a f3 28 77 31 33 4c b3 7c 4b 75 61 |......(w13L.|Kua| -00000010 38 69 6b ae c9 36 ab 2e 56 16 29 6a 9a 00 2f 15 |8ik..6..V.)j../.| -00000020 03 01 00 16 6b ed 68 18 ed ff 44 39 9b 4a e4 a2 |....k.h...D9.J..| -00000030 cd 79 ef 2a 3e 5a 4d b1 5d 56 |.y.*>ZM.]V| +00000000 17 03 01 00 20 79 06 89 7e e0 17 9a e3 dc 4c ee |.... y..~.....L.| +00000010 70 63 13 bc 27 f5 43 fa f8 90 49 d9 89 43 7a 15 |pc..'.C...I..Cz.| +00000020 d4 e2 a8 e6 3e 17 03 01 00 20 ea 84 0e 21 62 d5 |....>.... ...!b.| +00000030 ee 26 5e fc 3e 0c 83 3b 91 01 c4 a7 8e 9b c4 1a |.&^.>..;........| +00000040 86 f8 a0 44 21 44 2f 31 cf a1 15 03 01 00 20 c6 |...D!D/1...... .| +00000050 11 f1 65 ea f3 39 d1 d2 ac 95 1f 81 36 ae db b1 |..e..9......6...| +00000060 88 a8 42 25 86 ec 1b c1 7e 12 60 a9 6b 7f 66 |..B%....~.`.k.f| diff --git a/tls/testdata/Client-TLSv10-ClientCert-Ed25519 b/tls/testdata/Client-TLSv10-ClientCert-Ed25519 new file mode 100644 index 00000000..a14cef13 --- /dev/null +++ b/tls/testdata/Client-TLSv10-ClientCert-Ed25519 @@ -0,0 +1,110 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 08 05 08 06 04 01 04 |................| +000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 08 07 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 55 df 11 fe c6 |....Y...U..U....| +00000010 aa d4 85 4b 87 c2 35 4c ac a9 c3 15 a3 7f 6d 7e |...K..5L......m~| +00000020 15 d1 47 b2 d2 09 16 4d 08 1b dd 20 49 d9 51 42 |..G....M... I.QB| +00000030 97 cf 36 b3 74 3e 05 0a e5 c9 97 ef 01 9c 24 34 |..6.t>........$4| +00000040 31 17 e1 8a 6a ce 37 60 02 47 46 7f c0 13 00 00 |1...j.7`.GF.....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 17 27 58 d2 5f 59 a3 |........ .'X._Y.| +000002d0 62 62 d4 97 4a 49 c4 ff ec dc f7 d3 c9 ea f3 00 |bb..JI..........| +000002e0 61 1b d3 73 38 9e af 7d 17 00 80 59 7a 4e 55 97 |a..s8..}...YzNU.| +000002f0 5a 81 0e 2e 85 0b c2 61 f0 79 72 0e d1 d5 3b bf |Z......a.yr...;.| +00000300 6a 77 03 0a 9a 51 42 f5 98 2f 09 d5 7b 17 76 b8 |jw...QB../..{.v.| +00000310 2c a7 95 ee 61 65 d7 37 b3 1b 16 3c 48 7e 9d ed |,...ae.7...>> Flow 3 (client to server) +00000000 16 03 01 01 3c 0b 00 01 38 00 01 35 00 01 32 30 |....<...8..5..20| +00000010 82 01 2e 30 81 e1 a0 03 02 01 02 02 10 17 d1 81 |...0............| +00000020 93 be 2a 8c 21 20 10 25 15 e8 34 23 4f 30 05 06 |..*.! .%..4#O0..| +00000030 03 2b 65 70 30 12 31 10 30 0e 06 03 55 04 0a 13 |.+ep0.1.0...U...| +00000040 07 41 63 6d 65 20 43 6f 30 1e 17 0d 31 39 30 35 |.Acme Co0...1905| +00000050 31 36 32 31 35 34 32 36 5a 17 0d 32 30 30 35 31 |16215426Z..20051| +00000060 35 32 31 35 34 32 36 5a 30 12 31 10 30 0e 06 03 |5215426Z0.1.0...| +00000070 55 04 0a 13 07 41 63 6d 65 20 43 6f 30 2a 30 05 |U....Acme Co0*0.| +00000080 06 03 2b 65 70 03 21 00 0b e0 b5 60 b5 e2 79 30 |..+ep.!....`..y0| +00000090 3d be e3 1e e0 50 b1 04 c8 6d c7 78 6c 69 2f c5 |=....P...m.xli/.| +000000a0 14 ad 9a 63 6f 79 12 91 a3 4d 30 4b 30 0e 06 03 |...coy...M0K0...| +000000b0 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 |U...........0...| +000000c0 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 |U.%..0...+......| +000000d0 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 |.0...U.......0.0| +000000e0 16 06 03 55 1d 11 04 0f 30 0d 82 0b 65 78 61 6d |...U....0...exam| +000000f0 70 6c 65 2e 63 6f 6d 30 05 06 03 2b 65 70 03 41 |ple.com0...+ep.A| +00000100 00 fc 19 17 2a 94 a5 31 fa 29 c8 2e 7f 5b a0 5d |....*..1.)...[.]| +00000110 8a 4e 34 40 39 d6 b3 10 dc 19 fe a0 22 71 b3 f5 |.N4@9......."q..| +00000120 8f a1 58 0d cd f4 f1 85 24 bf e6 3d 14 df df ed |..X.....$..=....| +00000130 0e e1 17 d8 11 a2 60 d0 8a 37 23 2a c2 46 aa 3a |......`..7#*.F.:| +00000140 08 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 |.....%...! /.}.G| +00000150 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +00000160 c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 46 |......_X.;t....F| +00000170 0f 00 00 42 00 40 14 6a d7 c1 9c 3d 81 fa e9 da |...B.@.j...=....| +00000180 96 5c 3a 09 e2 fc 36 e2 30 39 e4 6e 0d ac aa 54 |.\:...6.09.n...T| +00000190 24 4d 8c f0 35 14 b0 0b e9 5b 57 52 31 02 9f 6c |$M..5....[WR1..l| +000001a0 6f 6c d7 e9 b5 7f cb 30 fe b9 ba b9 7a 46 67 e3 |ol.....0....zFg.| +000001b0 a7 50 ca ce e4 04 14 03 01 00 01 01 16 03 01 00 |.P..............| +000001c0 30 8d 0a ca d1 5e 2c 7e 92 d0 69 f4 d9 e8 5d 0a |0....^,~..i...].| +000001d0 11 72 67 20 3e 80 64 29 e5 79 f5 33 ad 06 78 07 |.rg >.d).y.3..x.| +000001e0 4c 03 fc 2e 16 35 70 b1 72 e7 35 a9 cc 49 b8 29 |L....5p.r.5..I.)| +000001f0 30 |0| +>>> Flow 4 (server to client) +00000000 15 03 01 00 02 02 50 |......P| diff --git a/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA index 3e6dbc27..641ab1bd 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA +++ b/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 53 04 f1 02 4f |....Y...U..S...O| -00000010 73 06 2d 72 41 36 a1 b2 d3 50 97 55 8c c5 f1 43 |s.-rA6...P.U...C| -00000020 37 1f 1a 2a fe 51 70 0b 2f 25 9e 20 50 61 86 80 |7..*.Qp./%. Pa..| -00000030 9a 9c 6d 6f c9 ea 5c ce 0c b7 7c ce e3 be d0 e5 |..mo..\...|.....| -00000040 be d0 c4 80 78 c3 c7 17 0c 2d 8e c8 c0 09 00 00 |....x....-......| +00000000 16 03 01 00 59 02 00 00 55 03 01 3b 4c b9 76 d2 |....Y...U..;L.v.| +00000010 c3 d1 ea 81 71 1a 10 e1 b1 69 5c 54 c2 df 17 0a |....q....i\T....| +00000020 de 41 cb d1 69 c3 9a da 90 fd 25 20 1e 02 11 16 |.A..i.....% ....| +00000030 ab 66 13 56 3d 94 00 a9 80 7c d8 57 12 99 1c 5f |.f.V=....|.W..._| +00000040 7a b2 02 8c 23 f3 76 b8 59 5e 16 dd c0 09 00 00 |z...#.v.Y^......| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,82 +55,79 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 d6 0c 00 00 d2 03 00 17 41 04 b1 |*............A..| -00000280 0f 0f 4a 18 ed 25 32 b3 a3 19 ed 4b 61 b6 eb e4 |..J..%2....Ka...| -00000290 d3 f7 77 13 ac 9f 60 c7 8d 6d cb f1 ee 99 1a 71 |..w...`..m.....q| -000002a0 68 aa d3 a7 70 7f 38 d0 f6 23 ab 9a f6 dd 19 4f |h...p.8..#.....O| -000002b0 ce 10 ef d5 cf 64 85 2f 75 f6 20 06 4b f0 b9 00 |.....d./u. .K...| -000002c0 8b 30 81 88 02 42 01 00 b9 6b 80 91 59 0a 48 3f |.0...B...k..Y.H?| -000002d0 72 16 96 8f 21 2c 28 e4 6d 03 74 66 35 16 7d ec |r...!,(.m.tf5.}.| -000002e0 c7 08 9b 52 b5 05 d9 38 d8 b7 51 42 a7 4a 9f 9b |...R...8..QB.J..| -000002f0 1a 37 14 de c5 f5 16 96 83 81 58 d3 a6 1e ce 8a |.7........X.....| -00000300 bc 19 47 30 fe c5 85 55 02 42 01 4f 61 59 68 85 |..G0...U.B.OaYh.| -00000310 c7 64 23 22 f6 83 53 cc 58 38 25 b5 ce 74 c1 68 |.d#"..S.X8%..t.h| -00000320 9f 32 72 33 ea c9 62 e0 26 63 92 e3 5f 34 10 0b |.2r3..b.&c.._4..| -00000330 3c d5 83 fe 9f 67 69 ef 33 6b 19 c1 ec d6 6c 35 |<....gi.3k....l5| -00000340 89 33 17 d3 9d 93 e2 e5 6e 89 9a a1 16 03 01 00 |.3......n.......| -00000350 0e 0d 00 00 06 03 01 02 40 00 00 0e 00 00 00 |........@......| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 16 64 |*............ .d| +00000280 ca 24 70 6f 61 2f 9e 2d 43 0a 73 ac 67 f0 7a e5 |.$poa/.-C.s.g.z.| +00000290 c7 4e c4 1f ad 13 0d eb df ff 0d ff a3 27 00 8b |.N...........'..| +000002a0 30 81 88 02 42 01 1a 33 8b 88 78 ed 5c c1 56 0d |0...B..3..x.\.V.| +000002b0 75 51 69 a0 e7 45 6d ae b0 67 55 3f be 23 3e 92 |uQi..Em..gU?.#>.| +000002c0 fe 26 68 a2 30 84 2f b3 33 66 f6 dd 71 67 99 5e |.&h.0./.3f..qg.^| +000002d0 1c 6f bf 87 ed 33 a0 87 69 f6 35 65 8d cb 3a 7e |.o...3..i.5e..:~| +000002e0 95 a7 a4 40 54 cb 97 02 42 00 a3 fe 50 34 68 9f |...@T...B...P4h.| +000002f0 f2 43 98 23 e4 24 ad 36 e9 d3 e0 75 2c 11 46 6c |.C.#.$.6...u,.Fl| +00000300 48 33 c5 bc 2d 04 ff cc bb ec 38 ec f4 b3 55 31 |H3..-.....8...U1| +00000310 8a 6e 38 a5 6d a0 9c fc f6 98 75 48 c6 79 53 de |.n8.m.....uH.yS.| +00000320 dd 91 49 f0 b6 32 83 45 61 89 4e 16 03 01 00 0a |..I..2.Ea.N.....| +00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000340 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 01 fb 0b 00 01 f7 00 01 f4 00 01 f1 30 |...............0| -00000010 82 01 ed 30 82 01 58 a0 03 02 01 02 02 01 00 30 |...0..X........0| -00000020 0b 06 09 2a 86 48 86 f7 0d 01 01 05 30 26 31 10 |...*.H......0&1.| -00000030 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -00000040 31 12 30 10 06 03 55 04 03 13 09 31 32 37 2e 30 |1.0...U....127.0| -00000050 2e 30 2e 31 30 1e 17 0d 31 31 31 32 30 38 30 37 |.0.10...11120807| -00000060 35 35 31 32 5a 17 0d 31 32 31 32 30 37 30 38 30 |5512Z..121207080| -00000070 30 31 32 5a 30 26 31 10 30 0e 06 03 55 04 0a 13 |012Z0&1.0...U...| -00000080 07 41 63 6d 65 20 43 6f 31 12 30 10 06 03 55 04 |.Acme Co1.0...U.| -00000090 03 13 09 31 32 37 2e 30 2e 30 2e 31 30 81 9c 30 |...127.0.0.10..0| -000000a0 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 8c 00 |...*.H..........| -000000b0 30 81 88 02 81 80 4e d0 7b 31 e3 82 64 d9 59 c0 |0.....N.{1..d.Y.| -000000c0 c2 87 a4 5e 1e 8b 73 33 c7 63 53 df 66 92 06 84 |...^..s3.cS.f...| -000000d0 f6 64 d5 8f e4 36 a7 1d 2b e8 b3 20 36 45 23 b5 |.d...6..+.. 6E#.| -000000e0 e3 95 ae ed e0 f5 20 9c 8d 95 df 7f 5a 12 ef 87 |...... .....Z...| -000000f0 e4 5b 68 e4 e9 0e 74 ec 04 8a 7f de 93 27 c4 01 |.[h...t......'..| -00000100 19 7a bd f2 dc 3d 14 ab d0 54 ca 21 0c d0 4d 6e |.z...=...T.!..Mn| -00000110 87 2e 5c c5 d2 bb 4d 4b 4f ce b6 2c f7 7e 88 ec |..\...MKO..,.~..| -00000120 7c d7 02 91 74 a6 1e 0c 1a da e3 4a 5a 2e de 13 ||...t......JZ...| -00000130 9c 4c 40 88 59 93 02 03 01 00 01 a3 32 30 30 30 |.L@.Y.......2000| -00000140 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 00 a0 30 |...U...........0| -00000150 0d 06 03 55 1d 0e 04 06 04 04 01 02 03 04 30 0f |...U..........0.| -00000160 06 03 55 1d 23 04 08 30 06 80 04 01 02 03 04 30 |..U.#..0.......0| -00000170 0b 06 09 2a 86 48 86 f7 0d 01 01 05 03 81 81 00 |...*.H..........| -00000180 36 1f b3 7a 0c 75 c9 6e 37 46 61 2b d5 bd c0 a7 |6..z.u.n7Fa+....| -00000190 4b cc 46 9a 81 58 7c 85 79 29 c8 c8 c6 67 dd 32 |K.F..X|.y)...g.2| -000001a0 56 45 2b 75 b6 e9 24 a9 50 9a be 1f 5a fa 1a 15 |VE+u..$.P...Z...| -000001b0 d9 cc 55 95 72 16 83 b9 c2 b6 8f fd 88 8c 38 84 |..U.r.........8.| -000001c0 1d ab 5d 92 31 13 4f fd 83 3b c6 9d f1 11 62 b6 |..].1.O..;....b.| -000001d0 8b ec ab 67 be c8 64 b0 11 50 46 58 17 6b 99 1c |...g..d..PFX.k..| -000001e0 d3 1d fc 06 f1 0e e5 96 a8 0c f9 78 20 b7 44 18 |...........x .D.| -000001f0 51 8d 10 7e 4f 94 67 df a3 4e 70 73 8e 90 91 85 |Q..~O.g..Nps....| -00000200 16 03 01 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000210 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000220 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000230 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000240 a6 b5 68 1a 41 03 56 6b dc 5a 89 16 03 01 00 86 |..h.A.Vk.Z......| -00000250 0f 00 00 82 00 80 20 2c 5a 08 3a 00 33 50 19 b2 |...... ,Z.:.3P..| -00000260 0f ba 6c 76 7f 5c 92 e2 78 55 3e 32 32 bb 33 bc |..lv.\..xU>22.3.| -00000270 ab a9 34 e0 83 cf 82 cd 9e 6b 3f 9d e6 49 61 29 |..4......k?..Ia)| -00000280 8b b4 ed e8 12 cd a9 52 86 11 48 64 08 61 72 8d |.......R..Hd.ar.| -00000290 d6 6a ac 42 cc e4 07 5f 08 56 9f 2f c5 35 d3 9b |.j.B..._.V./.5..| -000002a0 e9 0d 91 82 c0 e9 bb 9f a9 8f df 96 85 08 9a 69 |...............i| -000002b0 a4 93 b3 72 37 ba f9 b1 a4 0b b0 9f 43 6a 15 ec |...r7.......Cj..| -000002c0 79 b8 fd 9c 1f 5f 0d 2c 56 33 c7 15 d5 4a b7 82 |y...._.,V3...J..| -000002d0 ea 44 80 20 c5 80 14 03 01 00 01 01 16 03 01 00 |.D. ............| -000002e0 30 c9 c0 7c d7 57 d3 00 ab 87 eb 78 56 6b a1 69 |0..|.W.....xVk.i| -000002f0 1d fa ec ae 38 f3 ef 5d 49 19 0d 4b f0 73 63 af |....8..]I..K.sc.| -00000300 89 b6 cb 76 cf fb b9 c1 99 98 06 0a 54 67 a0 6e |...v........Tg.n| -00000310 e7 |.| +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 90 68 a8 2f 6f 2b 70 e4 25 |........h./o+p.%| +00000240 7d fb b7 85 db 44 ec 1a ad 6d 84 fb 95 21 fa 24 |}....D...m...!.$| +00000250 7b 31 6a 97 4f 06 ee 87 22 c3 7c 81 70 ed e3 2a |{1j.O...".|.p..*| +00000260 d5 2c d1 4e 6d f0 12 52 2f 98 05 08 af 41 fa 87 |.,.Nm..R/....A..| +00000270 d1 62 98 6c 06 47 ec 7a 44 e0 7d ae 7a 7d ef 1b |.b.l.G.zD.}.z}..| +00000280 d5 2c fa 1b 70 a3 fb 9a 5d 8c 60 b4 44 6a e5 b8 |.,..p...].`.Dj..| +00000290 80 4c 29 fc f1 2d f1 11 46 81 c4 01 e4 11 2e 05 |.L)..-..F.......| +000002a0 cb 2b ca d9 4a 14 39 06 93 77 19 db 80 03 82 38 |.+..J.9..w.....8| +000002b0 e5 c1 0f 11 17 47 a7 14 03 01 00 01 01 16 03 01 |.....G..........| +000002c0 00 30 a6 68 28 50 75 6d eb f4 32 c8 a3 57 3f b1 |.0.h(Pum..2..W?.| +000002d0 37 84 8e 7e 1d 1d 93 7d 9f ec ff ac 1c 8d bf 30 |7..~...}.......0| +000002e0 d2 b0 0f 3f 02 c3 ef ac a3 62 94 26 1c 8f 7e 8d |...?.....b.&..~.| +000002f0 74 99 |t.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 20 db fd ed ed |..........0 ....| -00000010 7c d5 bf 8f 06 3b 86 1b c1 60 7d a4 74 e9 a6 c9 ||....;...`}.t...| -00000020 f5 7c c7 f4 65 91 06 d5 53 88 d7 57 a4 22 b6 1f |.|..e...S..W."..| -00000030 f1 02 e9 79 36 e6 a1 22 51 3a 4c |...y6.."Q:L| +00000000 14 03 01 00 01 01 16 03 01 00 30 80 3e 0d 50 13 |..........0.>.P.| +00000010 5f 00 ba 2e 47 46 5d 63 1b 72 a8 02 24 1c 3e 1f |_...GF]c.r..$.>.| +00000020 ed e2 3a 45 d7 7d 3a f2 33 97 c3 ab 13 9b 0e 4a |..:E.}:.3......J| +00000030 04 f0 08 48 ab d3 46 0b 40 7d 5c |...H..F.@}\| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 00 66 51 6a 14 ca ea e2 21 48 74 |.... .fQj....!Ht| -00000010 c4 c1 6e b9 8b 23 af 7c 33 c9 00 f8 0b ec ab 35 |..n..#.|3......5| -00000020 e7 42 0a d1 ae 17 03 01 00 20 00 1c 6d 60 75 5d |.B....... ..m`u]| -00000030 b3 fb 40 2e e0 b7 0d 48 f4 87 ac d4 bf ea 01 0d |..@....H........| -00000040 fe 10 0d 05 04 43 6b 19 ed f2 15 03 01 00 20 f8 |.....Ck....... .| -00000050 03 ac 62 4b 1f db 2e d2 4e 00 c3 a4 57 3c 0a 62 |..bK....N...W<.b| -00000060 05 a0 ef bd 2b 9b 9a 63 27 72 d7 d8 f1 8d 84 |....+..c'r.....| +00000000 17 03 01 00 20 f7 32 e7 36 4f 77 2f 4a 05 fd 27 |.... .2.6Ow/J..'| +00000010 19 57 52 f7 8a 0c 7f fb 14 78 b2 06 bf ca 86 73 |.WR......x.....s| +00000020 32 13 33 04 91 17 03 01 00 20 7e e4 fe c5 6d f7 |2.3...... ~...m.| +00000030 d4 69 30 57 89 a0 76 70 40 a7 b5 17 74 2f 5d 16 |.i0W..vp@...t/].| +00000040 c1 19 30 73 f8 37 c4 10 5b b7 15 03 01 00 20 08 |..0s.7..[..... .| +00000050 41 5e 0b 9f 36 23 bd 9a 09 f7 58 9d a3 d7 26 3a |A^..6#....X...&:| +00000060 f4 5e 6b bf 9c d4 6f 0c d3 9e cd de cb 95 57 |.^k...o.......W| diff --git a/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA b/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA index 94e68600..c46a9670 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA +++ b/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA @@ -1,124 +1,137 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 51 02 00 00 4d 03 01 53 04 f1 02 73 |....Q...M..S...s| -00000010 ee 5f 70 a4 aa 0d be d7 46 a3 25 3f e3 5d ef 7b |._p.....F.%?.].{| -00000020 73 49 7c b6 82 4d 99 2f 31 fc 8b 20 2d a3 33 7c |sI|..M./1.. -.3|| -00000030 a5 c3 85 86 ba 61 4d 05 b0 5e d3 5e 88 6e c3 4b |.....aM..^.^.n.K| -00000040 95 d3 e9 67 f1 96 24 58 7a 6f e6 c5 00 05 00 00 |...g..$Xzo......| -00000050 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 0e 0d 00 |n8P)l...........| -00000320 00 06 03 01 02 40 00 00 0e 00 00 00 |.....@......| +00000000 16 03 01 00 59 02 00 00 55 03 01 97 fe 7f 92 37 |....Y...U......7| +00000010 67 99 e0 d8 62 a9 31 80 bd 1f 31 8e 7d 0b 08 0a |g...b.1...1.}...| +00000020 de a5 82 a2 f2 d0 c1 35 66 34 6e 20 39 46 b1 b0 |.......5f4n 9F..| +00000030 6e 2d 0e fe 8c 48 ea ab 1c c4 49 ee f4 21 cf cb |n-...H....I..!..| +00000040 2a 20 57 78 18 99 a1 b9 7f 88 4f 64 c0 13 00 00 |* Wx......Od....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 07 80 79 40 4b b1 0e |........ ..y@K..| +000002d0 05 ce e4 ca 9d f5 d7 ad a6 98 f2 40 f9 b9 66 a8 |...........@..f.| +000002e0 04 6e ae b5 da 99 67 09 69 00 80 01 4a f2 c1 c9 |.n....g.i...J...| +000002f0 2f 46 4f b8 9e 8b 2c c4 a1 32 44 3c dc 2c 5e b9 |/FO...,..2D<.,^.| +00000300 76 5f 41 20 23 1b 82 dd ec 37 b4 24 68 6d a7 39 |v_A #....7.$hm.9| +00000310 4f f2 e5 97 09 75 64 2a 64 16 b8 99 04 8a 74 77 |O....ud*d.....tw| +00000320 19 bb 12 5f 27 f6 41 09 f7 2e 1c 33 80 3b 01 57 |..._'.A....3.;.W| +00000330 5c f9 20 6e 0c 48 76 59 e1 8b 1f bb 2a 33 1a 28 |\. n.HvY....*3.(| +00000340 a0 5a 05 44 94 eb 35 62 5e ae 7f e4 01 76 b6 b4 |.Z.D..5b^....v..| +00000350 64 91 bf 25 09 ff 88 8a af 73 00 d0 7e ea 0f ca |d..%.....s..~...| +00000360 4a 2b d4 6f 02 26 98 28 5a ed 11 16 03 01 00 0a |J+.o.&.(Z.......| +00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000380 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 01 fb 0b 00 01 f7 00 01 f4 00 01 f1 30 |...............0| -00000010 82 01 ed 30 82 01 58 a0 03 02 01 02 02 01 00 30 |...0..X........0| -00000020 0b 06 09 2a 86 48 86 f7 0d 01 01 05 30 26 31 10 |...*.H......0&1.| -00000030 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -00000040 31 12 30 10 06 03 55 04 03 13 09 31 32 37 2e 30 |1.0...U....127.0| -00000050 2e 30 2e 31 30 1e 17 0d 31 31 31 32 30 38 30 37 |.0.10...11120807| -00000060 35 35 31 32 5a 17 0d 31 32 31 32 30 37 30 38 30 |5512Z..121207080| -00000070 30 31 32 5a 30 26 31 10 30 0e 06 03 55 04 0a 13 |012Z0&1.0...U...| -00000080 07 41 63 6d 65 20 43 6f 31 12 30 10 06 03 55 04 |.Acme Co1.0...U.| -00000090 03 13 09 31 32 37 2e 30 2e 30 2e 31 30 81 9c 30 |...127.0.0.10..0| -000000a0 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 8c 00 |...*.H..........| -000000b0 30 81 88 02 81 80 4e d0 7b 31 e3 82 64 d9 59 c0 |0.....N.{1..d.Y.| -000000c0 c2 87 a4 5e 1e 8b 73 33 c7 63 53 df 66 92 06 84 |...^..s3.cS.f...| -000000d0 f6 64 d5 8f e4 36 a7 1d 2b e8 b3 20 36 45 23 b5 |.d...6..+.. 6E#.| -000000e0 e3 95 ae ed e0 f5 20 9c 8d 95 df 7f 5a 12 ef 87 |...... .....Z...| -000000f0 e4 5b 68 e4 e9 0e 74 ec 04 8a 7f de 93 27 c4 01 |.[h...t......'..| -00000100 19 7a bd f2 dc 3d 14 ab d0 54 ca 21 0c d0 4d 6e |.z...=...T.!..Mn| -00000110 87 2e 5c c5 d2 bb 4d 4b 4f ce b6 2c f7 7e 88 ec |..\...MKO..,.~..| -00000120 7c d7 02 91 74 a6 1e 0c 1a da e3 4a 5a 2e de 13 ||...t......JZ...| -00000130 9c 4c 40 88 59 93 02 03 01 00 01 a3 32 30 30 30 |.L@.Y.......2000| -00000140 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 00 a0 30 |...U...........0| -00000150 0d 06 03 55 1d 0e 04 06 04 04 01 02 03 04 30 0f |...U..........0.| -00000160 06 03 55 1d 23 04 08 30 06 80 04 01 02 03 04 30 |..U.#..0.......0| -00000170 0b 06 09 2a 86 48 86 f7 0d 01 01 05 03 81 81 00 |...*.H..........| -00000180 36 1f b3 7a 0c 75 c9 6e 37 46 61 2b d5 bd c0 a7 |6..z.u.n7Fa+....| -00000190 4b cc 46 9a 81 58 7c 85 79 29 c8 c8 c6 67 dd 32 |K.F..X|.y)...g.2| -000001a0 56 45 2b 75 b6 e9 24 a9 50 9a be 1f 5a fa 1a 15 |VE+u..$.P...Z...| -000001b0 d9 cc 55 95 72 16 83 b9 c2 b6 8f fd 88 8c 38 84 |..U.r.........8.| -000001c0 1d ab 5d 92 31 13 4f fd 83 3b c6 9d f1 11 62 b6 |..].1.O..;....b.| -000001d0 8b ec ab 67 be c8 64 b0 11 50 46 58 17 6b 99 1c |...g..d..PFX.k..| -000001e0 d3 1d fc 06 f1 0e e5 96 a8 0c f9 78 20 b7 44 18 |...........x .D.| -000001f0 51 8d 10 7e 4f 94 67 df a3 4e 70 73 8e 90 91 85 |Q..~O.g..Nps....| -00000200 16 03 01 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 |...........mQ...| -00000210 3e fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c |>.u.A6..j.*.%.gL| -00000220 8e 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 |.b/0......+.#...| -00000230 1d f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 |..;...'..$...[.f| -00000240 0d 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be |.j.....C........| -00000250 c8 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce |..9L.....K.../..| -00000260 e6 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 |..w.o#......:..V| -00000270 f1 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 |..T^F..;3..(....| -00000280 35 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 01 00 86 |5..C.0oUN.p.....| -00000290 0f 00 00 82 00 80 0f 4c d2 b2 f0 94 6d 61 d1 2c |.......L....ma.,| -000002a0 db 6f 79 03 bd 40 b2 d2 1d 61 ef 83 1b 4a 0c 7b |.oy..@...a...J.{| -000002b0 c5 73 1e 1a 81 e7 67 0a d6 aa 2d 04 04 cc 0e 4b |.s....g...-....K| -000002c0 2e da 96 7f 15 6c 05 ee c4 53 7e 33 89 28 7d db |.....l...S~3.(}.| -000002d0 a1 77 43 ba a3 51 a9 1c b9 f5 ec 9a 8d eb 2c 46 |.wC..Q........,F| -000002e0 5c 33 59 6b 16 af de f4 9b 80 76 a3 22 30 5d bb |\3Yk......v."0].| -000002f0 02 b9 77 96 8a db 36 9f 54 95 00 d8 58 e1 aa 04 |..w...6.T...X...| -00000300 98 c9 0c 32 ae 62 81 12 0c f6 1b 76 c6 58 a7 8c |...2.b.....v.X..| -00000310 0e d8 b7 8e ed 0f 14 03 01 00 01 01 16 03 01 00 |................| -00000320 24 1d c0 20 02 2d da 69 54 29 8c ff af 5c 56 a8 |$.. .-.iT)...\V.| -00000330 eb d0 09 95 29 8f 52 8c e2 7b 9f 36 3e 47 a0 33 |....).R..{.6>G.3| -00000340 2e 63 a2 24 93 |.c.$.| +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 81 aa 68 1f a9 a4 de f1 4d |.........h.....M| +00000240 30 9a fe e6 a5 f6 f6 18 b6 3e d2 c7 f1 e6 77 e3 |0........>....w.| +00000250 6a cd 61 01 81 3a 02 31 a5 aa d6 db b6 02 9d 4b |j.a..:.1.......K| +00000260 f5 78 50 c3 95 fe 43 88 33 3a 95 32 bc e8 02 1a |.xP...C.3:.2....| +00000270 e6 f4 d5 54 b9 fc e0 4a 4e f0 92 21 35 4b de c8 |...T...JN..!5K..| +00000280 a4 b0 01 c3 ca 3a 87 ed cb 21 1c ce c2 14 7b 8d |.....:...!....{.| +00000290 90 68 b9 21 49 13 dd cd e7 68 83 41 7c 84 6a 75 |.h.!I....h.A|.ju| +000002a0 76 ee 19 8b fa d5 a6 57 3d a7 f1 f1 6f 11 ca 77 |v......W=...o..w| +000002b0 95 0e b5 c7 3d 99 d4 14 03 01 00 01 01 16 03 01 |....=...........| +000002c0 00 30 5e be 40 82 f8 db 05 20 23 45 a4 42 48 e8 |.0^.@.... #E.BH.| +000002d0 06 69 eb 4c ef 79 53 52 4a 5a 3a ba cc d6 99 59 |.i.L.ySRJZ:....Y| +000002e0 4d c2 b0 34 0f 14 68 03 93 8b a4 95 7e cf 26 f8 |M..4..h.....~.&.| +000002f0 5c 8a |\.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 24 99 e8 fb 65 f4 |..........$...e.| -00000010 95 ae 8b 71 cc 5d a4 95 a7 27 98 fd 16 3f 7a 1a |...q.]...'...?z.| -00000020 b6 bd bf 0a 58 72 77 97 1f 8e b1 dd 4b 12 12 |....Xrw.....K..| +00000000 14 03 01 00 01 01 16 03 01 00 30 ef 9b 5c da 0a |..........0..\..| +00000010 2e c4 79 fa ea 8a 9c 78 4a 1f 08 77 56 73 6e fa |..y....xJ..wVsn.| +00000020 3a 5b 3c cd cd e9 0c a8 bb 59 9e 22 ab 67 2c 03 |:[<......Y.".g,.| +00000030 de ad 7c e4 cb 85 d7 8f c1 1c e3 |..|........| >>> Flow 5 (client to server) -00000000 17 03 01 00 1a 42 70 c0 89 78 12 5c 91 7e 88 2d |.....Bp..x.\.~.-| -00000010 2f 8f be f2 f2 12 9d 81 ae 78 08 38 5e 6d 1b 15 |/........x.8^m..| -00000020 03 01 00 16 1a 64 b1 6f 8a ff d3 63 6a c7 b8 95 |.....d.o...cj...| -00000030 3d b0 87 bc 62 e9 88 5b 26 bd |=...b..[&.| +00000000 17 03 01 00 20 48 1a 1a 1c 6c 7d 6c 2a e0 b2 e3 |.... H...l}l*...| +00000010 b3 9f ec 39 a8 cd 9a f9 a2 3e 2d 46 3b cf 17 ed |...9.....>-F;...| +00000020 70 99 ce d7 3c 17 03 01 00 20 69 27 e9 89 78 e6 |p...<.... i'..x.| +00000030 64 c0 a9 40 4f 0d 97 53 b2 2e 15 f3 2b 54 3b 77 |d..@O..S....+T;w| +00000040 f2 24 2c 94 dc b3 8b f0 c4 ce 15 03 01 00 20 1b |.$,........... .| +00000050 50 55 83 d8 6b b4 04 b2 f0 2d 1c 9c 0d fa de 58 |PU..k....-.....X| +00000060 cd 0a 1d 55 d6 36 f4 a4 fb cc 55 c5 b1 f3 d3 |...U.6....U....| diff --git a/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES index 30c4c6b8..7d6683c0 100644 --- a/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES +++ b/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 53 04 f1 02 b2 |....Y...U..S....| -00000010 e0 f6 f6 b5 c9 5b 28 d0 5d 58 1b 6f 4e 2b 9d 05 |.....[(.]X.oN+..| -00000020 2a b9 b4 da 45 cf f3 10 b2 23 44 20 f8 4d 59 05 |*...E....#D .MY.| -00000030 ad 27 f2 a0 ee 7f ec cc 20 dc e7 a2 1b 07 b3 a5 |.'...... .......| -00000040 37 7e 61 3d d6 5c 03 cf cc f5 9b ca c0 09 00 00 |7~a=.\..........| +00000000 16 03 01 00 59 02 00 00 55 03 01 a7 ea 63 8c 7d |....Y...U....c.}| +00000010 54 70 04 d5 5e a2 2e 8b 75 4f 17 c8 a8 8c 3d bc |Tp..^...uO....=.| +00000020 08 aa 82 48 85 ed 1a ff 42 e1 54 20 3b 77 9d 32 |...H....B.T ;w.2| +00000030 4d 60 f2 81 f8 20 aa d2 b0 eb ea 7c 6a 39 52 20 |M`... .....|j9R | +00000040 94 4a 2a 88 05 8a fe 6c 50 5c 95 39 c0 09 00 00 |.J*....lP\.9....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,41 +55,37 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 d5 0c 00 00 d1 03 00 17 41 04 da |*............A..| -00000280 5a fd 09 e5 d6 c0 70 41 5e 3a 87 eb df 0c ad 90 |Z.....pA^:......| -00000290 22 8a 2f 90 81 0c 24 00 68 92 f3 d5 95 2f 93 43 |"./...$.h..../.C| -000002a0 e9 58 2d 18 28 62 ee 33 5b 21 2e 49 87 21 4d 32 |.X-.(b.3[!.I.!M2| -000002b0 32 19 b3 ba fe 2d 9a 85 12 0e a1 77 08 06 75 00 |2....-.....w..u.| -000002c0 8a 30 81 87 02 42 01 91 14 fc 68 74 95 10 4b d4 |.0...B....ht..K.| -000002d0 67 60 12 46 bb b0 f6 98 77 a3 41 b8 01 5c 49 54 |g`.F....w.A..\IT| -000002e0 9e 3e 81 e7 97 a3 b9 73 6e 15 74 67 be e5 d9 eb |.>.....sn.tg....| -000002f0 8b 87 c5 22 ab ab 58 28 4f d1 b6 80 94 1b f5 f7 |..."..X(O.......| -00000300 12 43 ef 0a c7 3e 1a 76 02 41 7a 00 49 cb 9f 3b |.C...>.v.Az.I..;| -00000310 91 6e 38 58 0a d3 d0 d1 ee 67 f0 b6 5d cd fa 23 |.n8X.....g..]..#| -00000320 b6 98 43 af 9c 71 90 1e 1d 50 a2 6e 61 5b f2 92 |..C..q...P.na[..| -00000330 b4 69 73 f2 3b 54 bf 1c 9d 05 19 97 e4 4e 41 9e |.is.;T.......NA.| -00000340 f2 9a 76 77 9a 86 43 1f 1f 30 a2 16 03 01 00 04 |..vw..C..0......| -00000350 0e 00 00 00 |....| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 3a 1f |*............ :.| +00000280 18 e9 f2 09 3e 79 4b a0 62 73 ef 87 0d ea 90 51 |....>yK.bs.....Q| +00000290 7f 9d d2 79 59 e4 11 7f 69 f7 a9 d7 78 7f 00 8b |...yY...i...x...| +000002a0 30 81 88 02 42 01 65 ac eb e6 b0 86 73 95 a4 27 |0...B.e.....s..'| +000002b0 e3 82 55 cf 88 16 80 c2 68 4b 39 77 2a b1 a9 d3 |..U.....hK9w*...| +000002c0 08 d5 ac 77 ce 5b 16 73 2c ad b5 57 2a 7a 75 34 |...w.[.s,..W*zu4| +000002d0 ec 99 23 bd df b2 27 36 5a 4b 40 e0 d3 b0 d2 31 |..#...'6ZK@....1| +000002e0 9b c7 9e 0a cb 5b 69 02 42 00 88 d7 5a 6a 9e 4c |.....[i.B...Zj.L| +000002f0 c5 7b 2c 8e 93 3b 75 27 b4 00 11 88 ba cf 99 8c |.{,..;u'........| +00000300 e5 f2 60 22 de f2 fe 86 a6 48 86 9c 40 31 08 75 |..`".....H..@1.u| +00000310 aa bc 5d 6d fa 2e a4 a9 a1 0d fc e1 d9 5a a1 60 |..]m.........Z.`| +00000320 93 b9 69 c7 c2 3e f5 a9 cb 31 41 16 03 01 00 04 |..i..>...1A.....| +00000330 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 01 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 01 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 01 00 30 88 60 65 b2 d7 51 1f ad 96 56 |.....0.`e..Q...V| -00000060 4e 0a 20 eb b5 b0 1a dd 4c f6 1a cf d4 5c 47 c4 |N. .....L....\G.| -00000070 9c 7c a0 36 dd d1 1b 96 91 99 c0 a7 2d 9a 7c 42 |.|.6........-.|B| -00000080 51 d1 de 87 2b a4 |Q...+.| +00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......| +00000030 16 03 01 00 30 30 25 15 82 a1 7f 11 32 13 52 17 |....00%.....2.R.| +00000040 b8 bd 5b b9 1e 69 88 0b b3 5f 12 40 e3 4b 03 cb |..[..i..._.@.K..| +00000050 cd 07 3c 43 4f ab f7 5d 2c 6a a3 02 a9 64 d0 77 |..>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 86 6c b5 94 69 |..........0.l..i| -00000010 2e e0 55 a2 4d a8 63 f2 5b 1f ae 34 21 c8 21 6a |..U.M.c.[..4!.!j| -00000020 00 b6 56 ed 4e 2a b0 ff 01 2f da ce a1 c0 41 03 |..V.N*.../....A.| -00000030 a9 1b 6e 2e e1 88 50 ba 62 14 88 |..n...P.b..| +00000000 14 03 01 00 01 01 16 03 01 00 30 b5 3e 18 97 a1 |..........0.>...| +00000010 ca 2e 7f 5f b9 72 cb aa d4 f6 85 86 d3 27 40 13 |..._.r.......'@.| +00000020 e3 99 35 13 67 a8 9e 6e bb 63 15 97 96 42 e4 b3 |..5.g..n.c...B..| +00000030 fc 15 ee b7 d8 cb a2 64 3d 55 b8 |.......d=U.| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 a6 63 0a 2f a5 dc e1 fb cb 7b 1f |.... .c./.....{.| -00000010 f2 da 74 c3 ff e9 f5 8b 9c 5f 0c d3 f7 1f 44 e6 |..t......_....D.| -00000020 90 13 5c 48 50 17 03 01 00 20 c7 75 b5 ff bc 09 |..\HP.... .u....| -00000030 34 f2 45 db 0d 22 08 8e f1 35 cd b6 0f b0 eb 2a |4.E.."...5.....*| -00000040 b7 1a d0 8e 14 a4 54 84 f9 dc 15 03 01 00 20 e0 |......T....... .| -00000050 36 3d aa b3 a9 b4 20 23 ca 9e 8c 5d fc a8 c8 b7 |6=.... #...]....| -00000060 f5 c2 b6 d0 5a e2 ce a5 7b 68 a0 48 86 95 6a |....Z...{h.H..j| +00000000 17 03 01 00 20 12 6c bf f2 39 2d e6 ad a8 38 d5 |.... .l..9-...8.| +00000010 1c ea 5b 79 e5 c7 4a 41 eb 58 70 f0 7d f7 60 e7 |..[y..JA.Xp.}.`.| +00000020 ee 77 98 75 f2 17 03 01 00 20 ac 5e 6d b0 81 0b |.w.u..... .^m...| +00000030 14 ca c2 70 53 d8 6d 55 49 63 da 8a 61 66 80 2d |...pS.mUIc..af.-| +00000040 e4 7c 2e 60 1f eb 3c f2 27 66 15 03 01 00 20 7a |.|.`..<.'f.... z| +00000050 2b 80 f8 00 0f 06 f5 6e fe b7 b7 6b 12 6c 8d 8e |+......n...k.l..| +00000060 c4 11 23 2b a2 bb 16 93 b4 e0 e0 fd 8c 42 db |..#+.........B.| diff --git a/tls/testdata/Client-TLSv10-ECDHE-RSA-AES b/tls/testdata/Client-TLSv10-ECDHE-RSA-AES index 868f0ceb..c0e842d1 100644 --- a/tls/testdata/Client-TLSv10-ECDHE-RSA-AES +++ b/tls/testdata/Client-TLSv10-ECDHE-RSA-AES @@ -1,97 +1,95 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 53 04 f1 02 21 |....Y...U..S...!| -00000010 67 b5 2b 34 fb 62 d7 36 4f cf 68 2e 29 39 d0 28 |g.+4.b.6O.h.)9.(| -00000020 3a 02 32 82 8f 95 de 62 d6 03 77 20 e6 98 56 cd |:.2....b..w ..V.| -00000030 96 24 d1 b9 4d eb 51 19 bb b7 71 f4 9c 29 32 d4 |.$..M.Q...q..)2.| -00000040 e5 c6 0a 54 e0 4a 20 29 3e bd 06 0d c0 13 00 00 |...T.J )>.......| +00000000 16 03 01 00 59 02 00 00 55 03 01 16 f4 24 01 94 |....Y...U....$..| +00000010 68 d2 0f 15 4d d6 65 54 84 73 ab 2c b2 11 c5 64 |h...M.eT.s.,...d| +00000020 d8 93 66 50 cd b0 f0 ab 11 5c 72 20 b1 13 c1 f5 |..fP.....\r ....| +00000030 63 ed 70 0b 21 52 85 36 84 99 1d b6 bb dc d3 1c |c.p.!R.6........| +00000040 b3 76 13 d9 ef 47 c4 c0 18 57 23 3b c0 13 00 00 |.v...G...W#;....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| -00000060 01 02 be 0b 00 02 ba 00 02 b7 00 02 b4 30 82 02 |.............0..| -00000070 b0 30 82 02 19 a0 03 02 01 02 02 09 00 85 b0 bb |.0..............| -00000080 a4 8a 7f b8 ca 30 0d 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| -00000090 01 05 05 00 30 45 31 0b 30 09 06 03 55 04 06 13 |....0E1.0...U...| -000000a0 02 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f |.AU1.0...U....So| -000000b0 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 |me-State1!0...U.| -000000c0 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 |...Internet Widg| -000000d0 69 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 |its Pty Ltd0...1| -000000e0 30 30 34 32 34 30 39 30 39 33 38 5a 17 0d 31 31 |00424090938Z..11| -000000f0 30 34 32 34 30 39 30 39 33 38 5a 30 45 31 0b 30 |0424090938Z0E1.0| -00000100 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| -00000110 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| -00000120 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| -00000130 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| -00000140 74 64 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 |td0..0...*.H....| -00000150 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 bb |........0.......| -00000160 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 2b 07 |y......F...i..+.| -00000170 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 65 4c |CZ..-.zC...R..eL| -00000180 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e 62 a5 |,x.#........;~b.| -00000190 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa 58 7b |,.3...\zV.....X{| -000001a0 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 9f 5a |&?......!.J..T.Z| -000001b0 bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d f1 04 |..Bq......~.}}..| -000001c0 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 01 cf |9....Q.|..L;2f..| -000001d0 af b1 1d b8 71 9a 1d db db 89 6b ae da 2d 79 02 |....q.....k..-y.| -000001e0 03 01 00 01 a3 81 a7 30 81 a4 30 1d 06 03 55 1d |.......0..0...U.| -000001f0 0e 04 16 04 14 b1 ad e2 85 5a cf cb 28 db 69 ce |.........Z..(.i.| -00000200 23 69 de d3 26 8e 18 88 39 30 75 06 03 55 1d 23 |#i..&...90u..U.#| -00000210 04 6e 30 6c 80 14 b1 ad e2 85 5a cf cb 28 db 69 |.n0l......Z..(.i| -00000220 ce 23 69 de d3 26 8e 18 88 39 a1 49 a4 47 30 45 |.#i..&...9.I.G0E| -00000230 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 |1.0...U....AU1.0| -00000240 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 |...U....Some-Sta| -00000250 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 |te1!0...U....Int| -00000260 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 |ernet Widgits Pt| -00000270 79 20 4c 74 64 82 09 00 85 b0 bb a4 8a 7f b8 ca |y Ltd...........| -00000280 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d |0...U....0....0.| -00000290 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 |..*.H...........| -000002a0 00 08 6c 45 24 c7 6b b1 59 ab 0c 52 cc f2 b0 14 |..lE$.k.Y..R....| -000002b0 d7 87 9d 7a 64 75 b5 5a 95 66 e4 c5 2b 8e ae 12 |...zdu.Z.f..+...| -000002c0 66 1f eb 4f 38 b3 6e 60 d3 92 fd f7 41 08 b5 25 |f..O8.n`....A..%| -000002d0 13 b1 18 7a 24 fb 30 1d ba ed 98 b9 17 ec e7 d7 |...z$.0.........| -000002e0 31 59 db 95 d3 1d 78 ea 50 56 5c d5 82 5a 2d 5a |1Y....x.PV\..Z-Z| -000002f0 5f 33 c4 b6 d8 c9 75 90 96 8c 0f 52 98 b5 cd 98 |_3....u....R....| -00000300 1f 89 20 5f f2 a0 1c a3 1b 96 94 dd a9 fd 57 e9 |.. _..........W.| -00000310 70 e8 26 6d 71 99 9b 26 6e 38 50 29 6c 90 a7 bd |p.&mq..&n8P)l...| -00000320 d9 16 03 01 00 cb 0c 00 00 c7 03 00 17 41 04 05 |.............A..| -00000330 45 33 f8 4b e9 96 0e 4a fd ec 54 76 21 9b 24 8a |E3.K...J..Tv!.$.| -00000340 75 0b 80 84 c7 30 2b 22 f0 85 57 a4 a9 79 d6 f6 |u....0+"..W..y..| -00000350 6d 80 b0 71 d9 66 c9 6c dd 76 fc 32 d0 c6 bc 52 |m..q.f.l.v.2...R| -00000360 2f f1 c9 62 17 53 76 ec be a6 1c 93 f2 b4 5d 00 |/..b.Sv.......].| -00000370 80 72 d9 20 52 70 7c 03 b1 33 fa 51 23 cd 05 97 |.r. Rp|..3.Q#...| -00000380 6f d6 89 2f 8d 2e 3a 17 32 eb f2 ff 6b 39 70 5e |o../..:.2...k9p^| -00000390 21 41 8d 69 02 c8 9a 17 19 e4 48 9b 51 c3 7f 9b |!A.i......H.Q...| -000003a0 8d 4a 83 97 07 0e 30 f1 8b 6b e9 92 12 01 d6 96 |.J....0..k......| -000003b0 f2 1a a2 10 7f 59 87 16 1a fb 55 67 68 fc 78 c6 |.....Y....Ugh.x.| -000003c0 57 ac 05 dd f3 6f 77 84 eb ae b0 33 2d 19 2c ba |W....ow....3-.,.| -000003d0 b8 ae 9f 95 69 85 95 45 5e 37 f4 17 17 9b 03 c1 |....i..E^7......| -000003e0 50 b1 36 42 bd 60 5c 8b d8 b6 f3 c8 34 c8 9d 9d |P.6B.`\.....4...| -000003f0 75 16 03 01 00 04 0e 00 00 00 |u.........| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 7e aa 30 94 7b fb 09 |........ ~.0.{..| +000002d0 b5 55 ce b3 e9 e0 5b 55 82 f4 e6 7c d0 e4 57 eb |.U....[U...|..W.| +000002e0 9b ec 82 48 d6 0e 2a bb 16 00 80 80 da c5 75 4f |...H..*.......uO| +000002f0 82 95 ee 47 28 af 09 08 d5 13 68 33 5d 91 dd 13 |...G(.....h3]...| +00000300 43 84 e9 54 d9 e7 39 7c 38 74 d5 92 8f 46 37 86 |C..T..9|8t...F7.| +00000310 44 68 ae c7 3a ad e1 33 5f cd d8 c6 a5 7c 5e 83 |Dh..:..3_....|^.| +00000320 44 ba b1 09 44 ec 42 7f 41 80 d6 b6 4c 6d ae 24 |D...D.B.A...Lm.$| +00000330 a9 3b 53 87 2f 3b 3a 1f da 87 2b 7d cf 9e ed a5 |.;S./;:...+}....| +00000340 04 54 ad c2 3c 7b 21 60 55 67 41 47 60 02 1e 62 |.T..<{!`UgAG`..b| +00000350 bb 9f ee 2c 6e 79 20 6e 65 e2 d0 ae 73 70 3e a7 |...,ny ne...sp>.| +00000360 3f 74 96 8e 2a 6e a6 7e 7a e0 e4 16 03 01 00 04 |?t..*n.~z.......| +00000370 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 01 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 01 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 01 00 30 ca d1 1b 08 27 9b 44 e7 e9 b4 |.....0....'.D...| -00000060 90 16 4d 30 4e 65 5c 0d 47 ba 46 86 cf c9 80 e7 |..M0Ne\.G.F.....| -00000070 64 31 f5 a1 9e dc 39 15 d3 be 16 4f c7 90 b6 62 |d1....9....O...b| -00000080 5d 6d 7f 41 4e 3e |]m.AN>| +00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......| +00000030 16 03 01 00 30 5a cb 36 c8 1c 43 a8 e1 88 db c9 |....0Z.6..C.....| +00000040 ae 78 b0 af 97 e4 c3 f6 25 51 8e 4d 57 94 ee ca |.x......%Q.MW...| +00000050 a4 8b 3f 4d 17 75 34 58 c3 fa a6 6f d4 e5 ae 3a |..?M.u4X...o...:| +00000060 cb 5a cb 11 ef |.Z...| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 98 81 24 8e cd |..........0..$..| -00000010 b6 48 2f 80 de 8e 24 3c cd 02 67 80 34 97 d7 92 |.H/...$<..g.4...| -00000020 78 c2 44 3d 5d 05 eb 88 76 79 46 7a c3 fa ca 73 |x.D=]...vyFz...s| -00000030 45 82 ad c1 81 00 ca 40 c1 2f 13 |E......@./.| +00000000 14 03 01 00 01 01 16 03 01 00 30 96 92 50 6f f0 |..........0..Po.| +00000010 d1 ff 7c 39 fb 75 0c 8b c9 d7 29 7d 9d 32 4c 19 |..|9.u....)}.2L.| +00000020 2e 93 ea 11 87 07 fc 5a 7d 3c 30 e1 bd 64 7f 90 |.......Z}<0..d..| +00000030 fd 70 1d 50 eb ec f2 d6 de 09 61 |.p.P......a| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 ee 19 59 67 67 a9 8b db 99 87 50 |.... ..Ygg.....P| -00000010 01 e2 02 c1 d5 6d 36 79 af aa ec 1b 80 0e b6 5e |.....m6y.......^| -00000020 5f fa 03 01 cc 17 03 01 00 20 ec e2 04 b7 3b a5 |_........ ....;.| -00000030 f2 e0 13 1f 17 48 e7 6e d3 eb f0 fa 36 ef 6e 2e |.....H.n....6.n.| -00000040 fb ea c8 39 c4 5f 4b 28 d4 50 15 03 01 00 20 c7 |...9._K(.P.... .| -00000050 45 ff fb c7 07 0c d8 0e 35 a3 c5 31 47 b7 03 0e |E.......5..1G...| -00000060 14 c8 29 fd 53 70 5f 15 ac d2 1c 4c 69 fb d6 |..).Sp_....Li..| +00000000 17 03 01 00 20 fd a4 ba f1 78 a9 a2 45 d3 d2 5a |.... ....x..E..Z| +00000010 1e 41 6b 89 8d bd a4 21 69 03 a1 7c b8 56 ff df |.Ak....!i..|.V..| +00000020 67 bc 85 5e 21 17 03 01 00 20 a7 6d 4c 11 d0 f3 |g..^!.... .mL...| +00000030 7d e2 f0 69 18 7c 42 71 78 e4 3b 71 7d 13 27 bb |}..i.|Bqx.;q}.'.| +00000040 79 fd d7 b2 d7 28 ca 92 83 f1 15 03 01 00 20 10 |y....(........ .| +00000050 b3 79 d4 1d 70 db b7 6c f2 15 05 3c 4d 65 ba ec |.y..p..l...>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 7a a4 22 4f 19 |....Y...U..z."O.| +00000010 54 37 47 cb e5 dd b4 54 86 9e 9e d6 3f f1 bd ca |T7G....T....?...| +00000020 9a 3e 16 3c 7e 1a 29 22 0d c8 95 20 ac 85 42 c1 |.>.<~.)"... ..B.| +00000030 e7 f3 38 62 38 24 a8 24 d2 67 bd 0d 06 44 74 cf |..8b8$.$.g...Dt.| +00000040 3d a4 37 17 bc 8c 5d 41 9f 5a 74 69 c0 13 00 00 |=.7...]A.Zti....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 71 52 12 72 a7 56 0b |........ qR.r.V.| +000002d0 51 81 af 9f e1 95 43 44 54 0e 9e 3d cc 6f 3c 4c |Q.....CDT..=.o| +00000360 cb 59 5d 81 da 58 07 83 e7 af 25 16 03 01 00 04 |.Y]..X....%.....| +00000370 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......| +00000030 16 03 01 00 30 c3 26 49 92 5a 8c d0 da 48 ba 60 |....0.&I.Z...H.`| +00000040 29 c0 5c d5 44 04 11 7a 25 b5 d6 9f a4 cf fe bf |).\.D..z%.......| +00000050 33 a7 ba c2 96 2b 4d c1 fb dc 4c ba b8 2b 6f 20 |3....+M...L..+o | +00000060 2d 2a 02 ee 17 |-*...| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 f4 4e 0a ea 58 |..........0.N..X| +00000010 18 c6 9d 5f aa 5d f0 03 d4 63 0d e7 83 cb a8 18 |..._.]...c......| +00000020 06 fa b6 82 da df 16 89 5c 8b 5d 92 87 b1 42 da |........\.]...B.| +00000030 cd 2a ee dc 43 08 f1 0d 1f 18 5c |.*..C.....\| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 e6 95 10 e0 98 07 9f 2b 42 06 b8 |.... .......+B..| +00000010 2a 6c 5d 4a 95 2a 2c 17 d5 cc 68 42 18 bd 72 58 |*l]J.*,...hB..rX| +00000020 c1 39 73 05 75 17 03 01 00 20 d4 ae 70 ee a0 ed |.9s.u.... ..p...| +00000030 3e dd f9 aa 93 03 ff f5 a4 f6 f3 0d e7 a6 59 a9 |>.............Y.| +00000040 40 b4 f6 ad a5 46 0b eb ee 0e 15 03 01 00 20 7c |@....F........ || +00000050 1a 29 f3 49 60 47 2e 52 ec 00 4a 62 44 30 93 5f |.).I`G.R..JbD0._| +00000060 df 73 2f 44 65 3f 77 c1 3d 04 32 c8 bb 86 ed |.s/De?w.=.2....| diff --git a/tls/testdata/Client-TLSv10-RSA-RC4 b/tls/testdata/Client-TLSv10-RSA-RC4 index 395d53bb..1fe13b9f 100644 --- a/tls/testdata/Client-TLSv10-RSA-RC4 +++ b/tls/testdata/Client-TLSv10-RSA-RC4 @@ -1,83 +1,84 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 51 02 00 00 4d 03 01 53 04 f1 02 76 |....Q...M..S...v| -00000010 e8 45 7f 57 f3 42 4b 33 0b 06 fa a6 fa c4 3d 84 |.E.W.BK3......=.| -00000020 5a 45 dc 93 41 a5 8d 79 6e 8f 11 20 e7 c6 29 2b |ZE..A..yn.. ..)+| -00000030 ff 4a 6e 63 67 a6 10 cb 49 19 46 1e 5e 0a d5 70 |.Jncg...I.F.^..p| -00000040 96 88 9a 32 48 ef c3 4a 45 4c 6d e0 00 05 00 00 |...2H..JELm.....| -00000050 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 04 0e 00 |n8P)l...........| -00000320 00 00 |..| +00000000 16 03 01 00 51 02 00 00 4d 03 01 5a 4f 78 41 d5 |....Q...M..ZOxA.| +00000010 86 2f d2 0a c6 05 bc c9 8e cc bd b2 39 ac a5 78 |./..........9..x| +00000020 e3 e5 31 b9 cb 01 af cb ca fc 88 20 c9 61 c6 91 |..1........ .a..| +00000030 b2 e5 70 df ca d0 41 a8 20 61 ab 08 f6 dc fe c0 |..p...A. a......| +00000040 cc ea 1e 80 89 02 6a 26 ea f0 c8 71 00 05 00 00 |......j&...q....| +00000050 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............| >>> Flow 3 (client to server) -00000000 16 03 01 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 |...........mQ...| -00000010 3e fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c |>.u.A6..j.*.%.gL| -00000020 8e 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 |.b/0......+.#...| -00000030 1d f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 |..;...'..$...[.f| -00000040 0d 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be |.j.....C........| -00000050 c8 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce |..9L.....K.../..| -00000060 e6 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 |..w.o#......:..V| -00000070 f1 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 |..T^F..;3..(....| -00000080 35 d4 1c 43 d1 30 6f 55 4e 0a 70 14 03 01 00 01 |5..C.0oUN.p.....| -00000090 01 16 03 01 00 24 cd c0 68 dc 2e 69 cc c7 5b c5 |.....$..h..i..[.| -000000a0 3f bd 40 cf a0 0f 41 34 ce 16 37 10 26 c8 3f d1 |?.@...A4..7.&.?.| -000000b0 46 3b ad 7b b0 31 f3 c5 36 e7 |F;.{.1..6.| +00000000 16 03 01 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 01 00 01 |.Y(.....ia5.....| +00000090 01 16 03 01 00 24 48 fd e6 fc 4a 94 33 82 22 ff |.....$H...J.3.".| +000000a0 af c3 44 98 d2 c6 4e 8a 39 43 dd 4b 2a 11 2b 4e |..D...N.9C.K*.+N| +000000b0 5b d9 a4 fc 6c 95 d7 69 05 f9 |[...l..i..| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 24 ea 77 6f 3c 42 |..........$.wo....]| +00000000 14 03 01 00 01 01 16 03 01 00 24 61 d2 68 5e 12 |..........$a.h^.| +00000010 91 6e 7f fe bf b7 42 58 e9 06 38 09 c1 16 34 e5 |.n....BX..8...4.| +00000020 a1 46 d6 cf 23 ca 48 c1 ed 76 f9 48 a1 9a 2a |.F..#.H..v.H..*| >>> Flow 5 (client to server) -00000000 17 03 01 00 1a 9e ae ca 55 df c4 d9 47 04 55 dd |........U...G.U.| -00000010 3b 33 e1 a6 16 6f a1 94 b1 9b 4d 0d cb 6c 3b 15 |;3...o....M..l;.| -00000020 03 01 00 16 92 5d 76 07 e9 b7 31 29 09 c5 b1 09 |.....]v...1)....| -00000030 2d 64 3d 85 8d f1 d1 40 54 b8 |-d=....@T.| +00000000 17 03 01 00 1a 3a e1 39 7c fe 25 50 dc 66 3f b6 |.....:.9|.%P.f?.| +00000010 6f fd 79 3b 12 83 af 89 b1 c5 f6 75 56 ad a1 15 |o.y;.......uV...| +00000020 03 01 00 16 07 d1 d3 7a 54 1c 71 0b c8 64 10 46 |.......zT.q..d.F| +00000030 30 d0 bf df 75 a6 dc 10 b1 d1 |0...u.....| diff --git a/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES index 9f941f8e..9d18cd62 100644 --- a/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES +++ b/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 02 00 59 02 00 00 55 03 02 53 04 f1 02 1c |....Y...U..S....| -00000010 d1 1c 6a 5f 7a 5c 26 69 92 cd ee c3 57 ed 96 90 |..j_z\&i....W...| -00000020 e3 c5 f1 ee 8b ee 99 5f 46 2c e6 20 c8 50 6a a4 |......._F,. .Pj.| -00000030 4b 93 e6 da ba 6d d4 87 f6 75 a8 9d 44 db b5 43 |K....m...u..D..C| -00000040 df 12 57 de a4 f1 bc fb b8 7a 3f 6a c0 09 00 00 |..W......z?j....| +00000000 16 03 02 00 59 02 00 00 55 03 02 23 a8 e7 14 3f |....Y...U..#...?| +00000010 64 61 3c ee 80 a2 94 84 ab b8 66 76 30 84 06 78 |da<.......fv0..x| +00000020 96 ba a7 d3 1e 81 1b 16 64 76 88 20 3d 21 21 b3 |........dv. =!!.| +00000030 45 dd fe cb 5b d7 9a 86 39 ee 4f f8 60 eb 95 ea |E...[...9.O.`...| +00000040 ab 64 48 14 74 16 fd e9 47 07 66 60 c0 09 00 00 |.dH.t...G.f`....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 02 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,43 +55,39 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 02 00 d4 0c 00 00 d0 03 00 17 41 04 7b |*............A.{| -00000280 c4 00 37 35 51 de c3 f2 a4 95 2c 19 21 3e a6 94 |..75Q.....,.!>..| -00000290 7b fd 04 d7 b7 1c 56 e6 af 3c ee 36 cb 55 e6 f0 |{.....V..<.6.U..| -000002a0 e6 24 34 6b 8a 02 66 71 f9 e2 f5 a6 c9 d7 6c dc |.$4k..fq......l.| -000002b0 65 59 ff 1c c9 ec a9 8b 07 d6 52 2c 01 3c c3 00 |eY........R,.<..| -000002c0 89 30 81 86 02 41 74 89 1a 31 72 e6 8b c0 4a ce |.0...At..1r...J.| -000002d0 8f 5a 49 a7 52 2d 6d b9 8b 50 17 62 2a 99 d6 3b |.ZI.R-m..P.b*..;| -000002e0 02 85 41 4d 34 53 b5 09 bd e3 ac 16 c1 9b e9 83 |..AM4S..........| -000002f0 cc 83 e3 9c 23 34 67 71 72 d4 05 a2 34 f7 08 29 |....#4gqr...4..)| -00000300 62 43 2e cc bc 08 01 02 41 59 de 5a d0 dd d7 6b |bC......AY.Z...k| -00000310 db 9c 35 29 79 f8 96 91 56 74 1f 18 7b ee 25 83 |..5)y...Vt..{.%.| -00000320 f2 37 0e 77 ab 38 fb 5e 04 0b 09 d9 b4 1f 3f be |.7.w.8.^......?.| -00000330 2e e3 60 e3 96 f3 29 c1 6d 8f 56 1b fd 62 14 48 |..`...).m.V..b.H| -00000340 e3 d9 2a ea 2f be 93 d0 8b 31 16 03 02 00 04 0e |..*./....1......| -00000350 00 00 00 |...| +00000270 2a 16 03 02 00 b4 0c 00 00 b0 03 00 1d 20 a7 a4 |*............ ..| +00000280 33 20 48 6a 74 8e 07 fc c0 b6 10 61 84 d6 67 d1 |3 Hjt......a..g.| +00000290 ae cf 65 36 4d d5 13 a1 07 fc 1f aa 77 44 00 8a |..e6M.......wD..| +000002a0 30 81 87 02 42 01 02 5b f9 4a af 8d 0a d5 a3 de |0...B..[.J......| +000002b0 11 62 d8 f1 db 49 7a 0c 34 3e 2d 61 f9 6f 6b c2 |.b...Iz.4>-a.ok.| +000002c0 1d 32 4b 88 93 9b 22 b0 3d 09 c3 93 9e 25 31 d6 |.2K...".=....%1.| +000002d0 5f 06 3a f0 4a 61 0b 06 03 5d 6c 0e b3 5e 48 5a |_.:.Ja...]l..^HZ| +000002e0 f0 5b 21 48 58 8f b2 02 41 1c 57 f1 51 04 d6 f8 |.[!HX...A.W.Q...| +000002f0 a2 51 e6 e6 3e e0 99 63 aa d2 1c 7b 92 be 44 ec |.Q..>..c...{..D.| +00000300 86 c3 31 fa e7 9b 98 1a 59 a5 93 3e a9 73 f0 ec |..1.....Y..>.s..| +00000310 03 22 37 19 db 78 30 27 ab bf 52 07 6c 3a 79 f5 |."7..x0'..R.l:y.| +00000320 ad 70 59 76 84 44 f0 47 e0 3d 16 03 02 00 04 0e |.pYv.D.G.=......| +00000330 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 02 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 02 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 |.....@..........| -00000060 00 00 00 00 00 00 b6 98 a2 a9 48 34 12 6b 0a 94 |..........H4.k..| -00000070 89 fc 38 04 63 5a 6f 63 36 3e d9 35 12 64 8c 28 |..8.cZoc6>.5.d.(| -00000080 99 a6 cf 2e 57 e3 14 6d 0a 8a ab f0 a6 58 37 7c |....W..m.....X7|| -00000090 96 04 d3 71 bc d4 |...q..| +00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......| +00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 ef 0f 92 ac 11 fe 97 1a 46 69 e4 |.............Fi.| +00000050 b3 26 8d d7 92 46 02 25 5b 2e 86 3e 96 3d 64 ed |.&...F.%[..>.=d.| +00000060 37 92 dd ae a5 a6 9f 03 f0 c2 42 78 9f b9 78 ac |7.........Bx..x.| +00000070 97 ab 82 25 e2 |...%.| >>> Flow 4 (server to client) -00000000 14 03 02 00 01 01 16 03 02 00 40 c5 01 c9 0a b0 |..........@.....| -00000010 d8 ca 5e c1 19 dc 37 6c 2e a0 b3 11 a8 87 65 5a |..^...7l......eZ| -00000020 09 41 b9 fe 53 c4 c9 76 97 6d 7f ac c0 be d2 07 |.A..S..v.m......| -00000030 84 e5 5b 78 37 34 ee da 3b cb 3e 82 52 79 91 44 |..[x74..;.>.Ry.D| -00000040 b4 e4 1c ec 3a c0 c0 9d cd ff 13 |....:......| +00000000 14 03 02 00 01 01 16 03 02 00 40 df a9 23 37 74 |..........@..#7t| +00000010 47 d8 98 87 53 b4 0a 4d b0 a5 fb cb d6 37 c8 7c |G...S..M.....7.|| +00000020 61 95 81 ef b3 63 78 2b 53 c2 86 fc 39 df c4 5f |a....cx+S...9.._| +00000030 e4 4b af 1d fe bc 4c fe 1b 6a 28 c3 46 6f 24 94 |.K....L..j(.Fo$.| +00000040 a8 bf ef ce e8 e8 ad 2c d9 10 32 |.......,..2| >>> Flow 5 (client to server) 00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 46 60 13 39 2b 2f 72 95 ed 0e aa |.....F`.9+/r....| -00000020 69 6e b4 64 3e 83 43 d0 f9 7f 37 7c 1d b9 ce 11 |in.d>.C...7|....| -00000030 d9 41 66 60 6d 15 03 02 00 30 00 00 00 00 00 00 |.Af`m....0......| -00000040 00 00 00 00 00 00 00 00 00 00 b1 26 d0 5d 08 98 |...........&.]..| -00000050 eb 28 42 74 31 58 42 95 c5 ad 1a 92 0a f5 5f ed |.(Bt1XB......._.| -00000060 45 98 e0 90 e5 a3 b6 8b 8d 18 |E.........| +00000010 00 00 00 00 00 34 50 ce 9c 7f f5 2d a2 c1 e4 5c |.....4P....-...\| +00000020 fa d1 a0 f4 38 e8 4f 51 54 36 07 da f1 af 6d ef |....8.OQT6....m.| +00000030 b8 b0 bc bc a6 15 03 02 00 30 00 00 00 00 00 00 |.........0......| +00000040 00 00 00 00 00 00 00 00 00 00 0b d4 8e e8 69 64 |..............id| +00000050 53 38 7c 72 d8 1d 9f d5 8a 83 74 a7 37 6b e2 c0 |S8|r......t.7k..| +00000060 8f 26 e7 5d 0e 06 ae e0 db fb |.&.]......| diff --git a/tls/testdata/Client-TLSv11-ECDHE-RSA-AES b/tls/testdata/Client-TLSv11-ECDHE-RSA-AES index fc723396..4cc9610f 100644 --- a/tls/testdata/Client-TLSv11-ECDHE-RSA-AES +++ b/tls/testdata/Client-TLSv11-ECDHE-RSA-AES @@ -1,99 +1,97 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 02 00 59 02 00 00 55 03 02 53 04 f1 02 fe |....Y...U..S....| -00000010 17 8b 79 ad 93 2e d3 89 66 9b 5d 9b b4 03 3e ba |..y.....f.]...>.| -00000020 65 2a f1 55 f9 3c 33 de 2c a7 47 20 fa 4f 82 11 |e*.U.<3.,.G .O..| -00000030 96 81 d0 70 2e 65 b3 68 2e 3a 6d d7 6c 74 22 33 |...p.e.h.:m.lt"3| -00000040 d4 ae 6c aa c8 f0 c7 20 8b 10 21 e7 c0 13 00 00 |..l.... ..!.....| +00000000 16 03 02 00 59 02 00 00 55 03 02 6e ff 3b 26 66 |....Y...U..n.;&f| +00000010 7c 32 3f 42 fd 92 7c 12 db 26 b2 45 6e 28 b9 49 ||2?B..|..&.En(.I| +00000020 86 6b 00 54 92 3b 65 a6 02 6d 94 20 ea 44 db 5c |.k.T.;e..m. .D.\| +00000030 d1 39 35 b2 ea 1c 6d 3e 94 bb 47 60 25 1e 9c 74 |.95...m>..G`%..t| +00000040 e7 bd 54 cc 2b 36 14 6a 12 54 5b 6c c0 13 00 00 |..T.+6.j.T[l....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| -00000060 02 02 be 0b 00 02 ba 00 02 b7 00 02 b4 30 82 02 |.............0..| -00000070 b0 30 82 02 19 a0 03 02 01 02 02 09 00 85 b0 bb |.0..............| -00000080 a4 8a 7f b8 ca 30 0d 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| -00000090 01 05 05 00 30 45 31 0b 30 09 06 03 55 04 06 13 |....0E1.0...U...| -000000a0 02 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f |.AU1.0...U....So| -000000b0 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 |me-State1!0...U.| -000000c0 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 |...Internet Widg| -000000d0 69 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 |its Pty Ltd0...1| -000000e0 30 30 34 32 34 30 39 30 39 33 38 5a 17 0d 31 31 |00424090938Z..11| -000000f0 30 34 32 34 30 39 30 39 33 38 5a 30 45 31 0b 30 |0424090938Z0E1.0| -00000100 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| -00000110 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| -00000120 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| -00000130 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| -00000140 74 64 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 |td0..0...*.H....| -00000150 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 bb |........0.......| -00000160 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 2b 07 |y......F...i..+.| -00000170 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 65 4c |CZ..-.zC...R..eL| -00000180 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e 62 a5 |,x.#........;~b.| -00000190 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa 58 7b |,.3...\zV.....X{| -000001a0 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 9f 5a |&?......!.J..T.Z| -000001b0 bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d f1 04 |..Bq......~.}}..| -000001c0 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 01 cf |9....Q.|..L;2f..| -000001d0 af b1 1d b8 71 9a 1d db db 89 6b ae da 2d 79 02 |....q.....k..-y.| -000001e0 03 01 00 01 a3 81 a7 30 81 a4 30 1d 06 03 55 1d |.......0..0...U.| -000001f0 0e 04 16 04 14 b1 ad e2 85 5a cf cb 28 db 69 ce |.........Z..(.i.| -00000200 23 69 de d3 26 8e 18 88 39 30 75 06 03 55 1d 23 |#i..&...90u..U.#| -00000210 04 6e 30 6c 80 14 b1 ad e2 85 5a cf cb 28 db 69 |.n0l......Z..(.i| -00000220 ce 23 69 de d3 26 8e 18 88 39 a1 49 a4 47 30 45 |.#i..&...9.I.G0E| -00000230 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 |1.0...U....AU1.0| -00000240 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 |...U....Some-Sta| -00000250 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 |te1!0...U....Int| -00000260 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 |ernet Widgits Pt| -00000270 79 20 4c 74 64 82 09 00 85 b0 bb a4 8a 7f b8 ca |y Ltd...........| -00000280 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d |0...U....0....0.| -00000290 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 |..*.H...........| -000002a0 00 08 6c 45 24 c7 6b b1 59 ab 0c 52 cc f2 b0 14 |..lE$.k.Y..R....| -000002b0 d7 87 9d 7a 64 75 b5 5a 95 66 e4 c5 2b 8e ae 12 |...zdu.Z.f..+...| -000002c0 66 1f eb 4f 38 b3 6e 60 d3 92 fd f7 41 08 b5 25 |f..O8.n`....A..%| -000002d0 13 b1 18 7a 24 fb 30 1d ba ed 98 b9 17 ec e7 d7 |...z$.0.........| -000002e0 31 59 db 95 d3 1d 78 ea 50 56 5c d5 82 5a 2d 5a |1Y....x.PV\..Z-Z| -000002f0 5f 33 c4 b6 d8 c9 75 90 96 8c 0f 52 98 b5 cd 98 |_3....u....R....| -00000300 1f 89 20 5f f2 a0 1c a3 1b 96 94 dd a9 fd 57 e9 |.. _..........W.| -00000310 70 e8 26 6d 71 99 9b 26 6e 38 50 29 6c 90 a7 bd |p.&mq..&n8P)l...| -00000320 d9 16 03 02 00 cb 0c 00 00 c7 03 00 17 41 04 26 |.............A.&| -00000330 56 18 02 e5 66 d4 aa 24 7e ae 39 e5 ca 78 6c c1 |V...f..$~.9..xl.| -00000340 90 02 c3 c4 ad 79 2c 47 a8 bf 54 e2 8a 22 b6 ef |.....y,G..T.."..| -00000350 99 d4 7a 7f 8f 78 6a 78 4e 14 2a 16 0d bb 54 38 |..z..xjxN.*...T8| -00000360 59 1f 7a 53 1b c7 73 10 89 4b de c3 66 39 7a 00 |Y.zS..s..K..f9z.| -00000370 80 3a 88 38 c8 15 07 ab 2f 0f 0d cb 19 07 84 ac |.:.8..../.......| -00000380 24 fd 8b d2 9d 05 45 c6 11 c3 d6 84 58 95 5a 08 |$.....E.....X.Z.| -00000390 b9 a4 2c c0 41 4e 34 e0 b2 24 98 94 b7 67 27 50 |..,.AN4..$...g'P| -000003a0 ba 82 35 28 a9 bf 16 ee e3 7b 49 9c 4c 81 80 69 |..5(.....{I.L..i| -000003b0 d7 aa ed 46 ea 9a 68 c4 97 b7 11 d4 35 91 74 5e |...F..h.....5.t^| -000003c0 54 10 34 83 cd c4 06 18 49 7d 7a 28 c9 53 06 73 |T.4.....I}z(.S.s| -000003d0 00 7b 04 b6 d8 36 a7 4b 67 7f 81 30 94 de 40 4d |.{...6.Kg..0..@M| -000003e0 18 f8 c4 b7 02 00 44 8e bc 72 06 24 53 15 74 72 |......D..r.$S.tr| -000003f0 8d 16 03 02 00 04 0e 00 00 00 |..........| +00000060 02 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 02 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 82 3b d2 56 dd cd d8 |........ .;.V...| +000002d0 e1 98 a7 90 d1 08 2d 37 dc e8 21 cd 29 af 29 a5 |......-7..!.).).| +000002e0 78 8e 59 9e 4c ac c9 d2 4b 00 80 25 20 91 4e 0d |x.Y.L...K..% .N.| +000002f0 74 12 9e 1c 98 fb 5f 4b ad fd c8 68 df 6b 82 98 |t....._K...h.k..| +00000300 a8 7c ee 17 44 47 91 2a 42 c1 82 d0 ce aa cd f8 |.|..DG.*B.......| +00000310 69 1e 85 79 27 fe ef 5a a2 e1 35 30 9a 2d c6 b0 |i..y'..Z..50.-..| +00000320 43 84 39 7f 8d 68 09 d6 6c 1a 84 0f c0 9a c0 9f |C.9..h..l.......| +00000330 64 56 cb fc 32 f2 4a a3 26 e8 c2 5f d7 16 3e 7c |dV..2.J.&.._..>|| +00000340 4e 8b 89 f8 7f f4 c2 26 fe 01 cd 48 b6 61 9c 93 |N......&...H.a..| +00000350 1a bc a1 d1 01 c5 bf ef 43 b4 ca 86 62 37 b4 99 |........C...b7..| +00000360 54 69 db 74 51 92 92 dd c1 b1 75 16 03 02 00 04 |Ti.tQ.....u.....| +00000370 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 02 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 02 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 |.....@..........| -00000060 00 00 00 00 00 00 8a 87 81 38 35 c0 4c bb f8 12 |.........85.L...| -00000070 fa 75 04 cd 1e 3a 61 96 93 c8 fb 07 d1 6d b4 55 |.u...:a......m.U| -00000080 0f b5 0f 07 35 0a 96 ce 5c 6f 24 62 d3 68 e4 b0 |....5...\o$b.h..| -00000090 5d be 81 37 c2 9c |]..7..| +00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......| +00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 c5 bf e6 b3 86 12 92 df 68 fa 75 |.............h.u| +00000050 79 5f ee fe 60 91 d1 fd 8a 48 3b 97 b4 da 7f 58 |y_..`....H;....X| +00000060 3e 7e 40 d7 93 1d 6b e2 0e 2a a4 45 20 e0 9d f9 |>~@...k..*.E ...| +00000070 b6 5e b1 f1 4f |.^..O| >>> Flow 4 (server to client) -00000000 14 03 02 00 01 01 16 03 02 00 40 66 36 8d f8 8c |..........@f6...| -00000010 7f db 38 e8 39 df f8 2f cb 88 9c 14 d9 89 10 b4 |..8.9../........| -00000020 be 59 88 d7 f3 73 62 af a3 42 66 6e 74 38 64 9f |.Y...sb..Bfnt8d.| -00000030 16 79 09 d7 14 7e 91 8a 70 73 63 28 30 58 fe cc |.y...~..psc(0X..| -00000040 42 45 d6 37 fb 9e 8c c1 01 af 34 |BE.7......4| +00000000 14 03 02 00 01 01 16 03 02 00 40 bf 58 92 80 02 |..........@.X...| +00000010 75 91 40 30 35 e0 16 76 f4 97 bd 77 46 a3 a3 4e |u.@05..v...wF..N| +00000020 f1 be 53 eb b8 56 45 b1 71 c9 f8 a9 bf c6 9a 00 |..S..VE.q.......| +00000030 83 46 91 88 d5 7b 72 95 27 33 80 43 3f 3e f6 60 |.F...{r.'3.C?>.`| +00000040 c6 55 90 6a 87 8e 7d 48 27 e2 40 |.U.j..}H'.@| >>> Flow 5 (client to server) 00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 31 0b e3 9d 2a 05 83 19 7d 10 36 |.....1...*...}.6| -00000020 23 dc da fe 00 ab d3 aa 8f ce 28 5f 08 fd b7 59 |#.........(_...Y| -00000030 1e 00 2e 25 5a 15 03 02 00 30 00 00 00 00 00 00 |...%Z....0......| -00000040 00 00 00 00 00 00 00 00 00 00 10 91 fd fa 59 07 |..............Y.| -00000050 df 2c 92 25 15 7b 7c 83 44 89 0d 4f 65 43 99 2e |.,.%.{|.D..OeC..| -00000060 41 5d 51 c9 09 89 ed 02 08 bc |A]Q.......| +00000010 00 00 00 00 00 f5 6b bc 6d 2c 70 b1 c0 f0 ab 78 |......k.m,p....x| +00000020 44 c9 97 f6 59 ef 15 e4 05 cf e0 55 ee a4 68 8c |D...Y......U..h.| +00000030 86 57 82 bd 84 15 03 02 00 30 00 00 00 00 00 00 |.W.......0......| +00000040 00 00 00 00 00 00 00 00 00 00 ef b2 a9 a5 bb a3 |................| +00000050 6e e5 d1 2b ef 83 1d 11 de 29 d2 30 2c fc 78 73 |n..+.....).0,.xs| +00000060 6b 6e 0a d2 55 67 5c d4 58 b3 |kn..Ug\.X.| diff --git a/tls/testdata/Client-TLSv11-Ed25519 b/tls/testdata/Client-TLSv11-Ed25519 new file mode 100644 index 00000000..e69de29b diff --git a/tls/testdata/Client-TLSv11-RSA-RC4 b/tls/testdata/Client-TLSv11-RSA-RC4 index f7be3f7e..9dae5dd6 100644 --- a/tls/testdata/Client-TLSv11-RSA-RC4 +++ b/tls/testdata/Client-TLSv11-RSA-RC4 @@ -1,83 +1,84 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 02 00 51 02 00 00 4d 03 02 53 04 f1 02 d4 |....Q...M..S....| -00000010 69 65 aa 96 3d 42 96 eb 9e 7d 8a 18 af 4c 7c 5d |ie..=B...}...L|]| -00000020 fb 97 5f da 94 62 13 69 1f 66 06 20 aa 52 e3 08 |.._..b.i.f. .R..| -00000030 35 0a 87 d5 ef 93 49 ab 1a 74 dd 90 bd 69 70 d1 |5.....I..t...ip.| -00000040 e9 f1 44 17 3a dc 33 98 f5 e5 ab 93 00 05 00 00 |..D.:.3.........| -00000050 05 ff 01 00 01 00 16 03 02 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 02 00 04 0e 00 |n8P)l...........| -00000320 00 00 |..| +00000000 16 03 02 00 51 02 00 00 4d 03 02 96 ca 2a e7 23 |....Q...M....*.#| +00000010 af 2e 45 62 15 fa 5a 84 bc aa 7c 79 03 1b 37 69 |..Eb..Z...|y..7i| +00000020 a0 77 ce 03 81 b7 e5 7d 31 34 6e 20 93 83 5d 7c |.w.....}14n ..]|| +00000030 e8 c7 48 f9 67 ec 97 b1 27 b6 de de 89 07 5a cf |..H.g...'.....Z.| +00000040 44 77 48 4b e9 62 43 e3 87 fd de 87 00 05 00 00 |DwHK.bC.........| +00000050 05 ff 01 00 01 00 16 03 02 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 02 00 04 0e 00 00 00 |;............| >>> Flow 3 (client to server) -00000000 16 03 02 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 |...........mQ...| -00000010 3e fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c |>.u.A6..j.*.%.gL| -00000020 8e 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 |.b/0......+.#...| -00000030 1d f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 |..;...'..$...[.f| -00000040 0d 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be |.j.....C........| -00000050 c8 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce |..9L.....K.../..| -00000060 e6 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 |..w.o#......:..V| -00000070 f1 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 |..T^F..;3..(....| -00000080 35 d4 1c 43 d1 30 6f 55 4e 0a 70 14 03 02 00 01 |5..C.0oUN.p.....| -00000090 01 16 03 02 00 24 07 9f dc df 2d c3 a6 88 06 28 |.....$....-....(| -000000a0 21 e0 e0 d3 31 99 fc 89 b8 82 6e 95 f4 4b 9e e2 |!...1.....n..K..| -000000b0 d9 36 5c 14 ce d7 db e2 78 4e |.6\.....xN| +00000000 16 03 02 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 02 00 01 |.Y(.....ia5.....| +00000090 01 16 03 02 00 24 33 5d 7f cb 6e 36 19 8b db 35 |.....$3]..n6...5| +000000a0 88 16 87 7a 9d 5a 51 27 51 13 17 64 0e 57 d5 e1 |...z.ZQ'Q..d.W..| +000000b0 6e 34 8d e6 99 a8 38 b2 e7 3a |n4....8..:| >>> Flow 4 (server to client) -00000000 14 03 02 00 01 01 16 03 02 00 24 81 72 75 80 d4 |..........$.ru..| -00000010 1b 1a 32 00 89 bf 9e 79 30 b9 6b 67 e0 8e c7 eb |..2....y0.kg....| -00000020 73 f2 e4 93 51 65 9b 5f 91 b1 b4 b1 f7 44 76 |s...Qe._.....Dv| +00000000 14 03 02 00 01 01 16 03 02 00 24 e0 8b 90 9b 83 |..........$.....| +00000010 f5 3d 00 e9 cf 7b 1d 75 cf c8 16 f2 29 8d de 0b |.=...{.u....)...| +00000020 75 82 b1 c4 6e 1c 1f ab e9 90 74 31 99 f2 ad |u...n.....t1...| >>> Flow 5 (client to server) -00000000 17 03 02 00 1a b2 91 39 63 c0 38 3c 4d 25 fd 14 |.......9c.8|+| +00000030 f9 3b 92 32 20 0b f4 16 39 18 |.;.2 ...9.| diff --git a/tls/testdata/Client-TLSv12-AES128-GCM-SHA256 b/tls/testdata/Client-TLSv12-AES128-GCM-SHA256 new file mode 100644 index 00000000..4412f53c --- /dev/null +++ b/tls/testdata/Client-TLSv12-AES128-GCM-SHA256 @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 1d be be 1e eb |....Q...M.......| +00000010 59 2c d5 07 b9 7a 64 47 95 84 ef cf d9 3e 82 4c |Y,...zdG.....>.L| +00000020 00 c0 0a 69 8a 01 2a b3 42 78 02 20 5e 32 5c 88 |...i..*.Bx. ^2\.| +00000030 50 ed d5 44 41 4f bf a9 4e 49 83 5d aa 7c 2e 5d |P..DAO..NI.].|.]| +00000040 85 e8 64 92 5e 49 5d 8a d0 0e 89 eb 00 9c 00 00 |..d.^I].........| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 69 38 |.....(........i8| +000000a0 97 84 2e 77 5c b8 58 82 b5 78 85 2e f3 7b 92 81 |...w\.X..x...{..| +000000b0 00 72 91 23 41 ae 59 6c 18 64 f0 62 f2 c9 |.r.#A.Yl.d.b..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 37 f7 98 2f 78 |..........(7../x| +00000010 54 85 5f 2e cb a9 b7 bf 4b 2d 62 06 e2 32 cd 18 |T._.....K-b..2..| +00000020 de f5 54 c8 e0 54 2d c5 b4 98 07 7e c7 b7 79 a0 |..T..T-....~..y.| +00000030 75 af 5c |u.\| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 78 c1 c0 |.............x..| +00000010 7d 1b a8 b2 80 0e a3 64 cf e0 fa 71 9d 37 5d 32 |}......d...q.7]2| +00000020 8d 36 38 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.68.............| +00000030 c2 f3 41 1a 2c a4 4f 48 fa 61 14 40 60 51 e5 99 |..A.,.OH.a.@`Q..| +00000040 c6 e5 |..| diff --git a/tls/testdata/Client-TLSv12-AES128-SHA256 b/tls/testdata/Client-TLSv12-AES128-SHA256 new file mode 100644 index 00000000..d7568843 --- /dev/null +++ b/tls/testdata/Client-TLSv12-AES128-SHA256 @@ -0,0 +1,95 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 c3 41 d7 9c 1b |....Q...M...A...| +00000010 9a ff f8 17 af 41 df 8d 96 70 bb b8 f6 9a 4c a2 |.....A...p....L.| +00000020 03 25 31 2c 58 fa 05 5b 12 85 6a 20 18 3c 34 d6 |.%1,X..[..j .<4.| +00000030 08 44 46 a5 5c b1 40 0d 38 33 c0 2d ea a6 46 53 |.DF.\.@.83.-..FS| +00000040 0e 09 39 6f 11 35 02 63 cf 21 74 c2 00 3c 00 00 |..9o.5.c.!t..<..| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 |.....P..........| +000000a0 00 00 00 00 00 00 88 20 99 51 5e fb 72 79 7f f8 |....... .Q^.ry..| +000000b0 b2 a9 56 96 a3 03 1d a0 e0 38 1a be 4c ea 80 f9 |..V......8..L...| +000000c0 c0 ef 45 81 91 7f b9 1b f7 91 3b 4e 05 87 d6 73 |..E.......;N...s| +000000d0 c0 27 94 50 4f 00 ee c1 02 af 5f 6f 4c a5 0e 5b |.'.PO....._oL..[| +000000e0 6c 76 87 28 b4 bf |lv.(..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 93 14 a5 13 16 |..........P.....| +00000010 d7 af 14 81 94 33 2d ae f7 7a b1 b1 a5 38 fb e8 |.....3-..z...8..| +00000020 c8 38 b3 ce f1 eb 70 e7 84 b6 fc 25 25 32 a9 09 |.8....p....%%2..| +00000030 d1 0d 2d 59 57 6d d0 42 e8 c1 81 92 d0 af fb 5a |..-YWm.B.......Z| +00000040 08 7e 0f 3d 10 e5 42 6d 27 cd 8c 32 b2 20 4b 0a |.~.=..Bm'..2. K.| +00000050 75 76 ed 08 54 fe 74 94 72 35 9e |uv..T.t.r5.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 53 91 38 34 33 20 94 0d 76 d7 72 |.....S.843 ..v.r| +00000020 48 f3 17 34 01 ae 0e 89 db 60 f1 4e 64 a5 cf 0c |H..4.....`.Nd...| +00000030 32 52 3f a0 18 f8 c5 57 ed 3a d1 41 19 81 cf 0a |2R?....W.:.A....| +00000040 f2 d8 90 4b ba 15 03 03 00 40 00 00 00 00 00 00 |...K.....@......| +00000050 00 00 00 00 00 00 00 00 00 00 05 2b 31 3c 1b a2 |...........+1<..| +00000060 11 87 5f 0f 49 72 bb 67 e6 75 18 9c b1 f4 6c ed |.._.Ir.g.u....l.| +00000070 4d 01 58 35 30 43 44 e8 ee 1d f2 81 9d 67 6d 77 |M.X50CD......gmw| +00000080 1e 36 61 7f f3 32 3d 60 73 6d |.6a..2=`sm| diff --git a/tls/testdata/Client-TLSv12-AES256-GCM-SHA384 b/tls/testdata/Client-TLSv12-AES256-GCM-SHA384 new file mode 100644 index 00000000..2f552cbb --- /dev/null +++ b/tls/testdata/Client-TLSv12-AES256-GCM-SHA384 @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 2b 59 94 f3 9e |....Q...M..+Y...| +00000010 23 ae d3 58 82 1f 2e be 38 1d 14 e4 4c a4 b8 ed |#..X....8...L...| +00000020 95 08 b9 44 60 02 4b 0b a9 6e ae 20 9b 43 e5 2a |...D`.K..n. .C.*| +00000030 0f 08 8e a4 c1 c0 15 79 9f af a5 ab a3 67 9d 09 |.......y.....g..| +00000040 23 0e 8e 96 a9 aa 7d 26 74 d8 0c 9a 00 9d 00 00 |#.....}&t.......| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 59 fc |.....(........Y.| +000000a0 aa b1 84 ab 09 82 00 88 8e e4 82 6e cd 24 9f b5 |...........n.$..| +000000b0 01 95 d3 c3 f4 a2 16 54 25 91 77 76 fc f0 |.......T%.wv..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 67 ac 20 d9 b6 |..........(g. ..| +00000010 a9 f0 ec f6 7b 34 31 3a 5e 06 20 0f 5b 32 86 1b |....{41:^. .[2..| +00000020 da 5a c5 54 47 d0 ad 4f 95 2c b5 1f 17 3f ec 17 |.Z.TG..O.,...?..| +00000030 a3 01 fc |...| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 6c 9c 0a |.............l..| +00000010 ae 0b 40 57 8b 24 6d 09 77 ae 2f 14 be 06 26 9e |..@W.$m.w./...&.| +00000020 0a bf 18 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................| +00000030 32 50 20 68 3d 05 68 ed 0c ac 7a db 24 21 7e e0 |2P h=.h...z.$!~.| +00000040 9e f0 |..| diff --git a/tls/testdata/Client-TLSv12-ALPN b/tls/testdata/Client-TLSv12-ALPN new file mode 100644 index 00000000..358b211f --- /dev/null +++ b/tls/testdata/Client-TLSv12-ALPN @@ -0,0 +1,93 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 0e 01 00 01 0a 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 8f 00 05 00 05 01 00 00 00 00 00 0a 00 |................| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 10 00 10 00 0e 06 70 72 6f 74 6f |...........proto| +000000d0 32 06 70 72 6f 74 6f 31 00 12 00 00 00 2b 00 09 |2.proto1.....+..| +000000e0 08 03 04 03 03 03 02 03 01 00 33 00 26 00 24 00 |..........3.&.$.| +000000f0 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f |.. /.}.G.bC.(.._| +00000100 bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 |.).0.........._X| +00000110 cb 3b 74 |.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 66 02 00 00 62 03 03 95 14 55 52 0b |....f...b....UR.| +00000010 e7 c1 15 6b dc 19 3b 17 9e bb 6a b7 61 82 dc 59 |...k..;...j.a..Y| +00000020 d3 a4 7c e1 c3 83 cc e2 e5 56 e0 20 3c 82 0d 54 |..|......V. <..T| +00000030 2b 78 fe 50 cb 4e c1 69 d7 6f b3 9f ac 2e 27 c8 |+x.P.N.i.o....'.| +00000040 c6 7a 70 27 1e 14 67 43 4c f1 7d d7 cc a8 00 00 |.zp'..gCL.}.....| +00000050 1a ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 10 |................| +00000060 00 09 00 07 06 70 72 6f 74 6f 31 16 03 03 02 59 |.....proto1....Y| +00000070 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.| +00000080 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b |.............?.[| +00000090 ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |..0...*.H.......| +000000a0 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |.0.1.0...U....Go| +000000b0 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f |1.0...U....Go Ro| +000000c0 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 |ot0...1601010000| +000000d0 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 |00Z..25010100000| +000000e0 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 |0Z0.1.0...U....G| +000000f0 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 |o1.0...U....Go0.| +00000100 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| +00000110 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e |....0.......F}..| +00000120 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e |.'.H..(!.~...]..| +00000130 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be |RE.z6G....B[....| +00000140 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 |.y.@.Om..+.....g| +00000150 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 |....."8.J.ts+.4.| +00000160 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 |.....t{.X.la<..A| +00000170 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 |..++$#w[.;.u]. T| +00000180 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 |..c...$....P....| +00000190 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 |C...ub...R......| +000001a0 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff |...0..0...U.....| +000001b0 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 |......0...U.%..0| +000001c0 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 |...+.........+..| +000001d0 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 |.....0...U......| +000001e0 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 |.0.0...U........| +000001f0 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b |..CC>I..m....`0.| +00000200 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 |..U.#..0...H.IM.| +00000210 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 |~.1......n{0...U| +00000220 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e |....0...example.| +00000230 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d |golang0...*.H...| +00000240 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 |..........0.@+[P| +00000250 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 |.a...SX...(.X..8| +00000260 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 |....1Z..f=C.-...| +00000270 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 |... d8.$:....}.@| +00000280 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c | ._...a..v......| +00000290 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c |\.....l..s..Cw..| +000002a0 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F| +000002b0 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.| +000002c0 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........| +000002d0 00 a8 03 00 1d 20 c3 e3 43 9c 5d 0f 09 61 ae 18 |..... ..C.]..a..| +000002e0 66 05 b1 7d c1 9f e5 26 9c a7 97 d6 1f 9a 7c ff |f..}...&......|.| +000002f0 8c 34 a1 32 a2 35 08 04 00 80 6c 50 a1 80 d9 20 |.4.2.5....lP... | +00000300 56 08 da d9 5b 77 4d ad 43 66 71 15 ec fe db 02 |V...[wM.Cfq.....| +00000310 fb 40 d8 8d 67 22 e2 1b ec 8d b9 4e ba 65 01 8b |.@..g".....N.e..| +00000320 70 e0 83 bc 06 1b 14 8f 07 cf a6 08 58 c3 77 94 |p...........X.w.| +00000330 0f 94 53 62 54 6c 1f 92 22 9d ae f8 5a ad d5 f3 |..SbTl.."...Z...| +00000340 8a f7 e6 93 8c 0e 48 1b 23 89 d8 bd e9 5c 50 cd |......H.#....\P.| +00000350 07 3d 7e 8e b0 d6 65 44 58 62 03 a1 d9 94 72 f0 |.=~...eDXb....r.| +00000360 25 a9 e0 c1 be ac 32 05 59 f7 7f 6e 13 23 70 5a |%.....2.Y..n.#pZ| +00000370 65 ba a2 d7 da 3c a2 9e 6b 13 16 03 03 00 04 0e |e....<..k.......| +00000380 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 5e 91 45 7d ab 7c b7 6f 57 a6 d0 |.... ^.E}.|.oW..| +00000040 17 83 cb 40 1b 76 6b 5e 80 39 03 2f 6d 2f 10 8e |...@.vk^.9./m/..| +00000050 74 33 12 54 8d |t3.T.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 f1 3c 7a 28 eb |.......... .>> Flow 5 (client to server) +00000000 17 03 03 00 16 dc f6 18 54 22 e0 9c 08 bf db a8 |........T"......| +00000010 62 2a 64 9e 06 43 0f 22 18 0e 34 15 03 03 00 12 |b*d..C."..4.....| +00000020 20 2f f4 76 cd dc 82 eb 30 f9 e0 42 6b 29 16 ed | /.v....0..Bk)..| +00000030 7c f0 ||.| diff --git a/tls/testdata/Client-TLSv12-ALPN-NoMatch b/tls/testdata/Client-TLSv12-ALPN-NoMatch new file mode 100644 index 00000000..62e7d11b --- /dev/null +++ b/tls/testdata/Client-TLSv12-ALPN-NoMatch @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 9c 01 00 00 98 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 28 c0 2f |.............(./| +00000030 c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 c0 09 c0 14 |.+.0.,.'...#....| +00000040 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 c0 12 00 0a |.......<./.5....| +00000050 00 05 c0 11 c0 07 01 00 00 47 33 74 00 00 00 05 |.........G3t....| +00000060 00 05 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 |................| +00000070 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 0c 04 |................| +00000080 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 01 00 |................| +00000090 00 10 00 09 00 07 06 70 72 6f 74 6f 33 00 12 00 |.......proto3...| +000000a0 00 |.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 36 0e 9f 51 42 |....Y...U..6..QB| +00000010 82 65 fa b5 17 7a 86 d6 40 33 a9 67 d3 3d aa 2f |.e...z..@3.g.=./| +00000020 89 a0 39 82 af 16 30 8e 64 80 d4 20 23 a6 d0 12 |..9...0.d.. #...| +00000030 ff 8c fc b4 b5 47 ec 10 fe ba 73 fb 0f ab e8 1c |.....G....s.....| +00000040 15 c1 fb 11 c1 b2 e1 8a f7 5d 5b ad c0 2f 00 00 |.........][../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 cd 0c 00 00 c9 03 00 17 41 04 11 b4 a9 10 7e 5c |........A.....~\| +000002d0 41 5e 39 12 15 a3 ed 5b 3e 5d 68 c8 ad 48 39 ef |A^9....[>]h..H9.| +000002e0 09 8b b1 a7 bf db 5f 54 49 cd d5 de 4d b3 47 4c |......_TI...M.GL| +000002f0 18 02 84 7c ec 75 4e d0 3e 8a d1 6c 80 83 98 64 |...|.uN.>..l...d| +00000300 4a 81 bc 8f 84 c7 e5 b4 2d fa 04 01 00 80 72 ee |J.......-.....r.| +00000310 41 38 f2 b8 a1 56 81 d8 04 78 75 05 f4 78 5f f2 |A8...V...xu..x_.| +00000320 2b 5d a2 46 23 9d 48 c8 63 a9 1d de a8 78 6e 99 |+].F#.H.c....xn.| +00000330 cd 59 6b 19 20 f5 b1 11 e1 f8 1c 5b 40 c3 b8 cd |.Yk. ......[@...| +00000340 66 a3 98 37 c5 c2 5c b7 d6 cc 61 b4 5e 97 fa dd |f..7..\...a.^...| +00000350 b7 85 5d b6 34 8c 39 4a 60 5a 03 20 47 7f e3 65 |..].4.9J`Z. G..e| +00000360 01 18 00 2c c3 eb be d4 aa 58 57 a9 5e 69 fb 3c |...,.....XW.^i.<| +00000370 fa c6 28 1a 5c f7 00 d5 21 e5 c1 30 db 84 38 c3 |..(.\...!..0..8.| +00000380 08 aa 08 5f c9 fd a0 b7 8e d0 66 77 bf 13 16 03 |..._......fw....| +00000390 03 00 04 0e 00 00 00 |.......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| +00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| +00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| +00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| +00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| +00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 4f 7e |.....(........O~| +00000060 9a 3a cc 74 a4 91 77 01 0b 0e 28 0a c5 bd 55 b7 |.:.t..w...(...U.| +00000070 9a 4c 40 4e e9 c9 46 d5 5f c5 e1 77 c3 f2 |.L@N..F._..w..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 62 4b 13 ef 22 |..........(bK.."| +00000010 f9 a8 8d ec 42 3a 36 80 5d a8 5b e9 60 d1 ba 65 |....B:6.].[.`..e| +00000020 2b d8 37 64 e5 12 b2 ef 84 75 87 0c 0f 3d 35 6e |+.7d.....u...=5n| +00000030 59 7c 51 |Y|Q| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 5f cd 4d |............._.M| +00000010 7b a7 c0 f9 6c 1f 80 93 cf 55 3b 12 c7 21 12 86 |{...l....U;..!..| +00000020 f6 b1 52 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..R.............| +00000030 fd 31 a4 4b d1 e9 f0 e0 18 b5 96 28 f7 b4 0c 29 |.1.K.......(...)| +00000040 8c 0c |..| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA index 20732703..e40999fb 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 53 04 f1 03 6f |....Y...U..S...o| -00000010 c6 4b 55 27 fe e8 fe 4d 7c 0e d4 20 98 b8 7c 81 |.KU'...M|.. ..|.| -00000020 3d 31 f8 35 66 2f 0a 0b f1 2c e3 20 86 4d 12 32 |=1.5f/...,. .M.2| -00000030 73 e3 ba be 25 50 a4 a2 a1 7b f1 9a 76 7a 75 fb |s...%P...{..vzu.| -00000040 e2 64 a2 12 ec f3 e7 9d 9a 24 6e 94 c0 09 00 00 |.d.......$n.....| +00000000 16 03 03 00 59 02 00 00 55 03 03 08 a4 b1 ad 21 |....Y...U......!| +00000010 3a 60 7a d3 3b 60 67 48 5d de da ff 3f a8 55 a9 |:`z.;`gH]...?.U.| +00000020 c4 72 69 32 12 c1 d1 4e d4 78 e1 20 6e 9f ed 1e |.ri2...N.x. n...| +00000030 50 9a 31 e2 ae e2 6a f4 01 cc 94 21 25 73 f3 a5 |P.1...j....!%s..| +00000040 f6 28 b3 c6 6b c1 b3 2d fc 0c d3 66 c0 09 00 00 |.(..k..-...f....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,24 +55,23 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 d7 0c 00 00 d3 03 00 17 41 04 a3 |*............A..| -00000280 03 8c de d2 b0 68 c8 25 0e 85 ea d7 ae 13 0d 79 |.....h.%.......y| -00000290 ec 59 0d b5 4d 51 96 d9 7f 64 36 fb 4c d5 6a 26 |.Y..MQ...d6.L.j&| -000002a0 ae 0e 48 61 df 5c 2b d4 ff 09 41 15 c4 14 8e 1b |..Ha.\+...A.....| -000002b0 84 a8 c8 cd ef 10 97 95 66 67 85 dd fd dc 2a 04 |........fg....*.| -000002c0 03 00 8a 30 81 87 02 41 11 75 5d bc bd 08 28 d4 |...0...A.u]...(.| -000002d0 5b 1b 45 7f 9c d3 8d 0b 91 fa f6 82 ba 59 bd 3e |[.E..........Y.>| -000002e0 96 01 c6 1d 38 db fe 08 e7 56 89 fc 10 b0 37 6a |....8....V....7j| -000002f0 3d d6 c9 50 16 53 f7 c2 a2 60 67 82 1f 74 b8 d5 |=..P.S...`g..t..| -00000300 bc 02 ec 96 db 82 18 8c 87 02 42 01 0d df f7 b7 |..........B.....| -00000310 05 3c 8c 56 f0 1d 33 18 cf c5 4c 80 7e 0b d9 f9 |.<.V..3...L.~...| -00000320 f0 51 69 fe 5d b8 0b 64 c0 c7 0d f4 75 65 ae 07 |.Qi.]..d....ue..| -00000330 9d cf f4 4b ad 52 f6 b8 10 26 18 bd d6 e2 0d a8 |...K.R...&......| -00000340 80 10 50 34 15 cd 72 0b 7d a9 94 de 4c 16 03 03 |..P4..r.}...L...| -00000350 00 30 0d 00 00 28 03 01 02 40 00 20 06 01 06 02 |.0...(...@. ....| -00000360 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000370 03 02 03 03 02 01 02 02 02 03 01 01 00 00 0e 00 |................| -00000380 00 00 |..| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 ec f3 |*............ ..| +00000280 2b 3b be 93 68 53 f2 ab 6c 97 5a fa 9b 8c bf eb |+;..hS..l.Z.....| +00000290 37 6f af d7 b8 02 f3 8c 0b f9 75 29 11 32 04 03 |7o........u).2..| +000002a0 00 8b 30 81 88 02 42 01 9d 90 aa b3 19 d2 9d cf |..0...B.........| +000002b0 92 c1 64 05 89 db d0 dd 80 f3 a4 7e 09 ec 36 22 |..d........~..6"| +000002c0 95 79 c4 36 0e 21 80 7d 4b 72 a5 38 a4 b0 a7 5f |.y.6.!.}Kr.8..._| +000002d0 fb ae f7 66 23 82 91 c2 f8 95 df 60 ce dc e8 1a |...f#......`....| +000002e0 3f 2b 2c fa 5e 58 67 98 78 02 42 00 fa 88 7f ae |?+,.^Xg.x.B.....| +000002f0 00 55 2c a1 c2 47 ed c8 11 74 64 e7 c6 30 63 fb |.U,..G...td..0c.| +00000300 bb 42 2a 02 9b 80 60 88 e7 3f af 17 a3 7f 1e f6 |.B*...`..?......| +00000310 31 9c 1f 8c 89 e5 a0 b1 01 2a 4e d8 d2 1e 9f 11 |1........*N.....| +00000320 f5 e3 35 38 3e b0 da 30 f1 fb ed e5 d1 16 03 03 |..58>..0........| +00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +00000370 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) 00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -99,36 +106,34 @@ 000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| 000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| -00000210 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d 19 |...F...BA...7...| -00000220 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 |Q.5uq..T[....g..| -00000230 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 |$ >.V...(^.+-O..| -00000240 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 |..lK[.V.2B.X..I.| -00000250 b5 68 1a 41 03 56 6b dc 5a 89 16 03 03 00 92 0f |.h.A.Vk.Z.......| -00000260 00 00 8e 04 03 00 8a 30 81 87 02 42 00 c6 85 8e |.......0...B....| -00000270 06 b7 04 04 e9 cd 9e 3e cb 66 23 95 b4 42 9c 64 |.......>.f#..B.d| -00000280 81 39 05 3f b5 21 f8 28 af 60 6b 4d 3d ba a1 4b |.9.?.!.(.`kM=..K| -00000290 5e 77 ef e7 59 28 fe 1d c1 27 a2 ff a8 de 33 48 |^w..Y(...'....3H| -000002a0 b3 c1 85 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 02 41 |...jB..~~1...f.A| -000002b0 4b 49 c6 cd 02 e3 83 f7 03 50 18 6d b4 c9 51 02 |KI.......P.m..Q.| -000002c0 c0 ab 87 bc e0 3e 4b 89 53 3a e2 65 89 97 02 c1 |.....>K.S:.e....| -000002d0 88 0d 64 db 8e 4f 73 4e ea 29 0b ed a0 f5 ce 3d |..d..OsN.).....=| -000002e0 5f cc 20 ef 0a 22 02 82 f2 14 2a b7 42 68 bd c7 |_. .."....*.Bh..| -000002f0 4d 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |M..........@....| -00000300 00 00 00 00 00 00 00 00 00 00 00 00 f0 cc 4f c7 |..............O.| -00000310 b6 0f c9 38 4d 4b 97 2c 4f be 53 08 4c d6 5b 4e |...8MK.,O.S.L.[N| -00000320 24 70 30 81 82 3a 7f 62 95 03 4d fc 54 78 ec 13 |$p0..:.b..M.Tx..| -00000330 b2 a1 00 85 2b 04 e4 1d 7b 6e 87 60 |....+...{n.`| +00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| +00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 e6 0a ff de |......0...B.....| +00000250 af a6 d2 7a 5f 4e f8 eb c8 19 74 53 5c e8 bc 2d |...z_N....tS\..-| +00000260 72 24 11 d2 11 ec ec cd a1 9c 3d 10 a2 de f8 8b |r$........=.....| +00000270 22 98 d3 33 c2 13 3b 93 89 ae ca a6 a8 94 70 fe |"..3..;.......p.| +00000280 76 2f 04 bc ac fb 66 79 3b 76 7f 6d 96 02 42 01 |v/....fy;v.m..B.| +00000290 df f6 30 14 7c 7e a1 0b f6 b8 8b d7 75 b8 bd 0e |..0.|~......u...| +000002a0 63 8a bd 8b ec 75 70 db d9 37 d7 53 f3 8b a2 ae |c....up..7.S....| +000002b0 60 96 69 74 eb bb 3d a6 9a 7d 46 51 73 ff 78 cf |`.it..=..}FQs.x.| +000002c0 7f 49 d9 27 5e 9f f9 d2 11 cc 0e e4 dc 04 fe d5 |.I.'^...........| +000002d0 d2 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |...........@....| +000002e0 00 00 00 00 00 00 00 00 00 00 00 00 7a db 34 e9 |............z.4.| +000002f0 98 f8 c1 f0 38 c3 33 22 5c c3 45 b0 a3 10 3c 77 |....8.3"\.E...>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 d5 2a 76 79 1c |..........@.*vy.| -00000010 e7 d5 b1 5c 65 6b d1 45 73 53 4c 05 3a 6c 5d 81 |...\ek.EsSL.:l].| -00000020 dd 2f f0 74 62 e4 8e f8 ed 21 99 c7 4f d6 28 40 |./.tb....!..O.(@| -00000030 63 d9 6d e5 b0 04 73 27 7a 1d 08 19 31 10 da ef |c.m...s'z...1...| -00000040 79 26 33 fb 45 23 be a4 7c 03 66 |y&3.E#..|.f| +00000000 14 03 03 00 01 01 16 03 03 00 40 18 c0 f3 96 7b |..........@....{| +00000010 45 91 6d 5b 1c 67 4f 37 74 b7 db 72 45 57 09 25 |E.m[.gO7t..rEW.%| +00000020 4a 14 68 4d 78 6c c7 15 6a b1 57 e6 ff 53 c4 58 |J.hMxl..j.W..S.X| +00000030 41 c5 6b 08 3c 5a 8c b9 04 d0 27 62 ee a6 e3 36 |A.k.>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 e2 53 bd c0 ef 9e e6 44 94 ea 5d |......S.....D..]| -00000020 f5 c5 a9 4b ed eb 1c 49 9f 79 44 f9 cd d7 de 02 |...K...I.yD.....| -00000030 51 10 ae 87 7d 15 03 03 00 30 00 00 00 00 00 00 |Q...}....0......| -00000040 00 00 00 00 00 00 00 00 00 00 d3 95 13 7f 5f 58 |.............._X| -00000050 ab d6 17 ea 01 2c 2a ea 5d 7c 44 61 4a 27 97 52 |.....,*.]|DaJ'.R| -00000060 cc 9b 86 f6 37 42 2b 94 01 49 |....7B+..I| +00000010 00 00 00 00 00 a6 c2 ef 07 bb 38 4a e4 8f 0c 12 |..........8J....| +00000020 19 1a 96 62 22 57 57 a2 b5 b3 06 70 95 28 a7 f7 |...b"WW....p.(..| +00000030 0d 42 69 37 7f 15 03 03 00 30 00 00 00 00 00 00 |.Bi7.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 04 ed 3e 68 40 eb |............>h@.| +00000050 a0 7e 57 da 27 e7 f5 e8 6c e5 6d 58 c8 a5 18 47 |.~W.'...l.mX...G| +00000060 92 5a 43 90 de 07 9e 9a 3b cc |.ZC.....;.| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA index c3b753a7..f5fae453 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA @@ -1,66 +1,81 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 51 02 00 00 4d 03 03 53 04 f1 03 b0 |....Q...M..S....| -00000010 43 00 97 24 a7 a8 ea b2 24 fe 96 24 a1 49 64 fd |C..$....$..$.Id.| -00000020 1c a3 30 35 2d 85 a7 40 42 86 6b 20 af 27 7f ac |..05-..@B.k .'..| -00000030 8b 16 89 6c 78 b7 f5 29 02 58 a6 8b 61 43 c2 b0 |...lx..).X..aC..| -00000040 e0 a8 96 c8 fa 2b 26 ad 9a 5f 2d d6 00 05 00 00 |.....+&.._-.....| -00000050 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 30 0d 00 |n8P)l........0..| -00000320 00 28 03 01 02 40 00 20 06 01 06 02 06 03 05 01 |.(...@. ........| -00000330 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| -00000340 02 01 02 02 02 03 01 01 00 00 0e 00 00 00 |..............| +00000000 16 03 03 00 59 02 00 00 55 03 03 be ba ac 2a 81 |....Y...U.....*.| +00000010 33 b1 6e 4d 8b 9b 29 f9 16 86 bc cd b2 03 50 72 |3.nM..).......Pr| +00000020 91 9a 93 f9 e1 d6 27 55 8b b8 6c 20 84 c2 21 9e |......'U..l ..!.| +00000030 60 aa b3 f0 ec 2f 66 0d 59 31 02 08 9e 68 68 c0 |`..../f.Y1...hh.| +00000040 58 9a 8e 6c 25 ce 4d e3 3f 9d dc 91 c0 2f 00 00 |X..l%.M.?..../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 82 89 54 65 64 97 8d |........ ..Ted..| +000002d0 e8 63 a2 5b 4f 16 56 7c cf 8b 0a 75 46 52 7e b6 |.c.[O.V|...uFR~.| +000002e0 99 2a e9 52 1f 11 46 85 36 08 04 00 80 cd a5 84 |.*.R..F.6.......| +000002f0 ff 9a 79 b5 04 85 88 fb 1e 1c d6 6b 78 e8 4d a5 |..y........kx.M.| +00000300 10 38 25 8e 8d de 71 51 b5 fd a6 2a f8 8b 5c 6d |.8%...qQ...*..\m| +00000310 1e 88 f7 d8 12 24 ff f7 7e dd 05 1c bf 71 7d 4f |.....$..~....q}O| +00000320 26 2f 2e 27 d8 e1 a8 8b d2 42 2b a6 d9 4e e6 60 |&/.'.....B+..N.`| +00000330 48 57 38 5d 3b f3 94 74 2c 8f ba e0 84 54 1c c0 |HW8];..t,....T..| +00000340 10 51 a0 31 1a d0 ec 72 01 f1 d3 65 73 c7 40 25 |.Q.1...r...es.@%| +00000350 af cd 10 18 29 2c 1a 52 e0 c9 a6 de 85 8c 96 e6 |....),.R........| +00000360 7d 85 0a 64 86 59 39 25 8f 8c 36 4c 37 16 03 03 |}..d.Y9%..6L7...| +00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +000003b0 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) 00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -95,33 +110,30 @@ 000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| 000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| -00000210 03 03 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 3e |..........mQ...>| -00000220 fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c 8e |.u.A6..j.*.%.gL.| -00000230 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 1d |b/0......+.#....| -00000240 f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 0d |.;...'..$...[.f.| -00000250 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be c8 |j.....C.........| -00000260 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce e6 |.9L.....K.../...| -00000270 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 f1 |.w.o#......:..V.| -00000280 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 35 |.T^F..;3..(....5| -00000290 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 03 00 92 0f |..C.0oUN.p......| -000002a0 00 00 8e 04 03 00 8a 30 81 87 02 42 00 c6 85 8e |.......0...B....| -000002b0 06 b7 04 04 e9 cd 9e 3e cb 66 23 95 b4 42 9c 64 |.......>.f#..B.d| -000002c0 81 39 05 3f b5 21 f8 28 af 60 6b 4d 3d ba a1 4b |.9.?.!.(.`kM=..K| -000002d0 5e 77 ef e7 59 28 fe 1d c1 27 a2 ff a8 de 33 48 |^w..Y(...'....3H| -000002e0 b3 c1 85 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 02 41 |...jB..~~1...f.A| -000002f0 4b 49 c6 cd 02 e3 83 f7 03 50 18 6d b4 c9 51 02 |KI.......P.m..Q.| -00000300 c0 ab 87 bc e0 3e 4b 89 53 3a e2 65 89 97 02 c1 |.....>K.S:.e....| -00000310 88 5a 97 82 3e 55 6b 7c d8 db b8 cc 1b 30 84 0a |.Z..>Uk|.....0..| -00000320 7a 97 71 e4 10 bb a4 39 8c 2a cf f5 88 c7 d1 95 |z.q....9.*......| -00000330 73 14 03 03 00 01 01 16 03 03 00 24 9f 1e f0 72 |s..........$...r| -00000340 92 ea dc f7 56 96 37 e4 69 db db 66 1d f6 94 c4 |....V.7.i..f....| -00000350 18 31 4f d0 5d c5 f4 53 21 aa 98 b1 dc 08 94 94 |.1O.]..S!.......| +00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| +00000240 00 8e 04 03 00 8a 30 81 87 02 41 72 16 75 7d 08 |......0...Ar.u}.| +00000250 42 7b 33 e7 59 51 ef 3c 54 e7 81 e4 10 31 ab 5d |B{3.YQ.>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 ee 68 c1 87 9f |..........$.h...| -00000010 d7 90 94 f1 3b 6d 26 0b 3d 89 7a 45 3b 52 5d 3c |....;m&.=.zE;R]<| -00000020 dd 7c c1 4e 57 3e a9 ee 91 be cf 2b a3 98 9d |.|.NW>.....+...| +00000000 14 03 03 00 01 01 16 03 03 00 28 b8 e9 dd 30 75 |..........(...0u| +00000010 40 7d 71 76 db 9a 95 92 81 02 3a 9e 36 d5 15 ca |@}qv......:.6...| +00000020 5d 63 a1 0f 8c 53 c9 1c 37 56 b2 0d 54 15 a2 dc |]c...S..7V..T...| +00000030 03 d6 2e |...| >>> Flow 5 (client to server) -00000000 17 03 03 00 1a 88 33 3e 2b 22 6b 92 d0 bb 8a 1e |......3>+"k.....| -00000010 9b f4 9e aa 91 8b 2b 95 ea 53 c8 03 0a 93 58 15 |......+..S....X.| -00000020 03 03 00 16 c4 67 79 ba ec cf 90 b1 f9 ac ec 64 |.....gy........d| -00000030 72 01 08 8f 3a 98 aa 66 25 00 |r...:..f%.| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 01 85 96 |................| +00000010 67 b2 4b d3 e3 27 80 9f 2d a8 f4 bf 47 91 58 6e |g.K..'..-...G.Xn| +00000020 47 d8 98 15 03 03 00 1a 00 00 00 00 00 00 00 02 |G...............| +00000030 36 54 82 d1 a2 0f 2a c3 53 f6 09 d0 5c 78 46 97 |6T....*.S...\xF.| +00000040 20 41 | A| diff --git a/tls/testdata/Client-TLSv12-ClientCert-Ed25519 b/tls/testdata/Client-TLSv12-ClientCert-Ed25519 new file mode 100644 index 00000000..e415b126 --- /dev/null +++ b/tls/testdata/Client-TLSv12-ClientCert-Ed25519 @@ -0,0 +1,119 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 1c 50 4e 50 35 |....Y...U...PNP5| +00000010 51 02 a9 62 ba 82 a5 d3 fa 40 4e f3 28 9b 50 a6 |Q..b.....@N.(.P.| +00000020 f0 75 30 e9 fe be a3 42 1d 1c f5 20 9e 88 46 57 |.u0....B... ..FW| +00000030 c5 b4 a3 a3 fc 88 bb e0 1c 5e ea 77 a0 75 93 5a |.........^.w.u.Z| +00000040 6d 4c c7 57 6f 3a 05 af 3f 3f ac 75 cc a8 00 00 |mL.Wo:..??.u....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 82 c1 f5 7b 68 eb 7a |........ ...{h.z| +000002d0 cf 02 c9 95 28 4b 31 76 a9 84 93 a9 1f 5b f4 2a |....(K1v.....[.*| +000002e0 5c a5 31 94 5f f0 e0 ed 2e 08 04 00 80 7a 99 38 |\.1._........z.8| +000002f0 7f d0 25 4b bf a9 e0 2b db ce 17 9d 30 4b 82 9e |..%K...+....0K..| +00000300 b1 50 84 fc dd b0 a8 5c 39 20 00 40 5b 92 dc 7c |.P.....\9 .@[..|| +00000310 25 3b 53 7d 5a 4b ad 05 6f 3a 4f e5 84 b6 3a e2 |%;S}ZK..o:O...:.| +00000320 fb bf cb c8 94 39 a5 28 ad c8 5f 94 53 90 0e 61 |.....9.(.._.S..a| +00000330 af f2 92 2c 3b ec 3c bf 1d d3 8b a5 65 58 5b bf |...,;.<.....eX[.| +00000340 5a 21 3d cd 40 7c 9e 1d e9 62 3c 67 71 7c ec b4 |Z!=.@|...b....| +00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +000003b0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 3c 0b 00 01 38 00 01 35 00 01 32 30 |....<...8..5..20| +00000010 82 01 2e 30 81 e1 a0 03 02 01 02 02 10 17 d1 81 |...0............| +00000020 93 be 2a 8c 21 20 10 25 15 e8 34 23 4f 30 05 06 |..*.! .%..4#O0..| +00000030 03 2b 65 70 30 12 31 10 30 0e 06 03 55 04 0a 13 |.+ep0.1.0...U...| +00000040 07 41 63 6d 65 20 43 6f 30 1e 17 0d 31 39 30 35 |.Acme Co0...1905| +00000050 31 36 32 31 35 34 32 36 5a 17 0d 32 30 30 35 31 |16215426Z..20051| +00000060 35 32 31 35 34 32 36 5a 30 12 31 10 30 0e 06 03 |5215426Z0.1.0...| +00000070 55 04 0a 13 07 41 63 6d 65 20 43 6f 30 2a 30 05 |U....Acme Co0*0.| +00000080 06 03 2b 65 70 03 21 00 0b e0 b5 60 b5 e2 79 30 |..+ep.!....`..y0| +00000090 3d be e3 1e e0 50 b1 04 c8 6d c7 78 6c 69 2f c5 |=....P...m.xli/.| +000000a0 14 ad 9a 63 6f 79 12 91 a3 4d 30 4b 30 0e 06 03 |...coy...M0K0...| +000000b0 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 |U...........0...| +000000c0 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 |U.%..0...+......| +000000d0 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 |.0...U.......0.0| +000000e0 16 06 03 55 1d 11 04 0f 30 0d 82 0b 65 78 61 6d |...U....0...exam| +000000f0 70 6c 65 2e 63 6f 6d 30 05 06 03 2b 65 70 03 41 |ple.com0...+ep.A| +00000100 00 fc 19 17 2a 94 a5 31 fa 29 c8 2e 7f 5b a0 5d |....*..1.)...[.]| +00000110 8a 4e 34 40 39 d6 b3 10 dc 19 fe a0 22 71 b3 f5 |.N4@9......."q..| +00000120 8f a1 58 0d cd f4 f1 85 24 bf e6 3d 14 df df ed |..X.....$..=....| +00000130 0e e1 17 d8 11 a2 60 d0 8a 37 23 2a c2 46 aa 3a |......`..7#*.F.:| +00000140 08 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 |.....%...! /.}.G| +00000150 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +00000160 c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 48 |......_X.;t....H| +00000170 0f 00 00 44 08 07 00 40 af a6 03 14 53 7a 4f 75 |...D...@....SzOu| +00000180 9d cc 2f e3 e7 2a 51 16 16 b0 1d 28 e0 2a 59 f0 |../..*Q....(.*Y.| +00000190 3c df cc 18 dd b8 ef d1 9f 9d 03 8e 59 00 27 d1 |<...........Y.'.| +000001a0 39 2f 3b 33 53 1f b2 f0 22 1d 06 f6 50 0b a7 98 |9/;3S..."...P...| +000001b0 cc fa 78 53 bf 8e ff 0b 14 03 03 00 01 01 16 03 |..xS............| +000001c0 03 00 20 e5 81 3e a3 34 29 52 14 19 49 cf 04 82 |.. ..>.4)R..I...| +000001d0 8b e7 83 aa 6c db 96 ec 97 29 b4 a3 db 87 21 2e |....l....)....!.| +000001e0 a5 c0 66 |..f| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 84 67 d4 ce cf |.......... .g...| +00000010 fb 54 2c dc f7 53 31 8a aa 03 60 37 3d 33 f2 79 |.T,..S1...`7=3.y| +00000020 d0 65 2e 3f 0e f9 1a d3 6e 6d 8e |.e.?....nm.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 e5 b7 4c 92 05 fc 81 cf 11 ef cd |.......L........| +00000010 0f 4b df ef a1 54 ae 26 4e ec aa 15 03 03 00 12 |.K...T.&N.......| +00000020 0a f3 5b 06 63 84 a6 eb d4 73 94 db fe d8 e0 ae |..[.c....s......| +00000030 d6 fc |..| diff --git a/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 new file mode 100644 index 00000000..3975b072 --- /dev/null +++ b/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 @@ -0,0 +1,137 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 d4 20 b3 4c 6a |....Y...U... .Lj| +00000010 69 44 3f f7 ab 15 35 85 ca 71 02 b0 70 18 8e d6 |iD?...5..q..p...| +00000020 61 d5 34 08 42 de cf a1 57 32 96 20 8c b4 72 dd |a.4.B...W2. ..r.| +00000030 63 93 e6 13 9d 4a ec 75 d9 a1 a6 9e 5e 02 f5 63 |c....J.u....^..c| +00000040 29 1a 78 9f 94 9f 6c 58 b5 91 ae 63 c0 30 00 00 |).x...lX...c.0..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 a2 bd 95 3e 0c 9f ad |........ ...>...| +000002d0 11 59 e0 6a c1 21 0c 6c 86 cc f1 ce bd a0 30 5d |.Y.j.!.l......0]| +000002e0 53 1e 75 f9 55 af 49 7b 31 08 04 00 80 d4 8b 11 |S.u.U.I{1.......| +000002f0 ca 22 14 79 a3 e8 b6 c7 d0 d6 1b 17 42 93 47 30 |.".y........B.G0| +00000300 ab 50 0e c9 0c 92 88 96 b4 63 4e 4e ac 7f dd c8 |.P.......cNN....| +00000310 8f 85 07 5b 95 c5 0a c0 4e 6d 4f 51 ba d8 d7 db |...[....NmOQ....| +00000320 14 70 80 4f 68 d9 b4 39 e7 48 27 21 76 4c 79 a4 |.p.Oh..9.H'!vLy.| +00000330 60 91 d7 2f 75 69 04 1a da 71 ff b8 4d 78 d8 e7 |`../ui...q..Mx..| +00000340 ca f2 f2 1e 71 21 b3 a0 44 a7 6c 99 16 a1 c9 f8 |....q!..D.l.....| +00000350 f0 de e8 99 12 7b 3d a2 e3 15 fa 63 62 e9 1b 72 |.....{=....cb..r| +00000360 c8 bb 27 38 4a 48 66 1d dd fb ef 6f d1 16 03 03 |..'8JHf....o....| +00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +000003b0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 08 04 00 80 2e bf 05 22 82 a7 d6 |............"...| +00000240 e9 08 ff 9b 10 d3 4a 6c c4 73 5c 78 88 05 0c 15 |......Jl.s\x....| +00000250 b7 8c 78 49 64 2d 58 67 ef 8f db c0 67 fa 32 6e |..xId-Xg....g.2n| +00000260 65 45 90 a0 69 5c fb ba e0 16 1c d4 81 1d 24 89 |eE..i\........$.| +00000270 35 27 14 15 19 0b 86 ee 6a f2 b4 a5 27 61 5f 1f |5'......j...'a_.| +00000280 cc 47 7c 01 ed a9 ff ed 61 45 3f 53 1c 82 c8 cd |.G|.....aE?S....| +00000290 48 e4 89 82 12 d7 d2 ff fa 32 b3 e6 9d ce 75 75 |H........2....uu| +000002a0 d1 cd b2 a8 56 a6 a6 63 da 8d ed 27 13 01 9a 56 |....V..c...'...V| +000002b0 a2 26 b4 6c af 27 f6 4f 1b 14 03 03 00 01 01 16 |.&.l.'.O........| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 f0 e8 32 33 |...(..........23| +000002d0 50 df 73 17 3c 58 f2 c9 30 2e 5d e9 00 4f 4b 33 |P.s..6.X| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 14 ce b1 86 0e |..........(.....| +00000010 9f ce 73 25 44 b7 3e a9 25 db a8 93 d9 39 33 75 |..s%D.>.%....93u| +00000020 2f a9 7f 97 6a 76 28 fe e2 84 5f 1e 84 66 b4 c8 |/...jv(..._..f..| +00000030 45 e7 64 |E.d| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 3b 17 73 |.............;.s| +00000010 78 d6 3a b4 6d 3a 61 52 f6 a5 8c dd 18 3e ff 04 |x.:.m:aR.....>..| +00000020 d9 3f 22 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.?".............| +00000030 32 8d 5d 07 14 a9 d2 1c dd 1e 2f 3d 89 a9 8f 1d |2.]......./=....| +00000040 08 0f |..| diff --git a/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA index 0037af61..2d608a78 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA +++ b/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 53 04 f1 02 fd |....Y...U..S....| -00000010 41 bd ef ee f3 da fc 1a 31 8c 77 f2 e9 66 54 a0 |A.......1.w..fT.| -00000020 f4 15 b1 1c 84 0d 6d 74 87 ac 7d 20 78 17 8b 08 |......mt..} x...| -00000030 10 20 c9 44 e4 8a 43 af 4a c7 b8 3d 99 f2 f7 af |. .D..C.J..=....| -00000040 bb a3 21 2f 40 cc ed b6 da a8 a1 d5 c0 09 00 00 |..!/@...........| +00000000 16 03 03 00 59 02 00 00 55 03 03 3c ba b1 d8 8d |....Y...U..<....| +00000010 f5 52 f4 a4 70 fc 12 54 20 85 eb 23 bc b8 0b e0 |.R..p..T ..#....| +00000020 80 b6 ab 9b c5 34 84 57 bc ae 95 20 e3 51 8d 40 |.....4.W... .Q.@| +00000030 93 cc 9f e4 fd 77 82 c8 12 54 6a 23 08 db ff e5 |.....w...Tj#....| +00000040 87 8d 72 41 60 51 6a 11 5f 0a 9a d2 c0 09 00 00 |..rA`Qj._.......| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,87 +55,84 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 d8 0c 00 00 d4 03 00 17 41 04 a9 |*............A..| -00000280 19 8b d9 9b 5c 7c 6a 7d 85 d2 70 4e 89 7e 0b 5b |....\|j}..pN.~.[| -00000290 dd 5e a1 63 8d 15 bc 0b 0c 47 3d 4d e8 a7 56 88 |.^.c.....G=M..V.| -000002a0 2e f6 7f e2 4d fc ed cc 03 ed a1 2d ac ae 81 a5 |....M......-....| -000002b0 e2 6d 7f 9f a3 93 e9 10 c1 0e 48 1b f3 f4 38 04 |.m........H...8.| -000002c0 03 00 8b 30 81 88 02 42 00 87 fe 7e 63 82 14 57 |...0...B...~c..W| -000002d0 dc 7d e2 0f cc 97 2d ba 3c a7 56 4a 17 a8 09 6a |.}....-.<.VJ...j| -000002e0 28 2e f2 66 1a 3f 2d 48 2b 6f 79 a1 60 cd 5e 10 |(..f.?-H+oy.`.^.| -000002f0 0b 0a 28 f2 5f e4 3f 4f f9 c9 91 34 d9 dc bc fc |..(._.?O...4....| -00000300 98 ea 77 0b 99 f8 a2 11 c4 bd 02 42 01 a0 b0 dc |..w........B....| -00000310 db 5b c2 09 99 bd ee a0 b9 aa 31 b9 10 84 22 be |.[........1...".| -00000320 5a 63 12 5a 43 00 8e c1 33 cc 91 bb c2 70 7a 63 |Zc.ZC...3....pzc| -00000330 19 82 c0 74 48 a1 c7 3d 1f f1 6f 4a 6f 6a 8c 3f |...tH..=..oJoj.?| -00000340 28 31 a8 0c 65 19 26 62 4b 7a 7c 4b ea 1a 16 03 |(1..e.&bKz|K....| -00000350 03 00 30 0d 00 00 28 03 01 02 40 00 20 06 01 06 |..0...(...@. ...| -00000360 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 |................| -00000370 01 03 02 03 03 02 01 02 02 02 03 01 01 00 00 0e |................| -00000380 00 00 00 |...| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 86 f3 |*............ ..| +00000280 1e c5 fb 1f 91 44 0e e5 e4 3e 0a cd 75 a2 fb 4c |.....D...>..u..L| +00000290 a2 b9 07 f7 33 ce cc cd 61 a5 8c ba 6a 35 04 03 |....3...a...j5..| +000002a0 00 8b 30 81 88 02 42 01 f4 8d 4f 3e c8 73 b5 b4 |..0...B...O>.s..| +000002b0 b5 2b ac 2a 27 68 56 a1 45 ce b6 1d c6 37 ce de |.+.*'hV.E....7..| +000002c0 bd 96 90 5e e2 1c c8 84 b2 84 57 25 81 d4 c3 7a |...^......W%...z| +000002d0 db b2 3d 24 2b 17 3a 4a 7e 92 1a bb 0c fb b6 05 |..=$+.:J~.......| +000002e0 cd 0e 85 4c 3d 4b 24 2a 2a 02 42 00 f6 91 d6 82 |...L=K$**.B.....| +000002f0 9e 81 98 5f 64 59 ce 16 85 fc 65 19 0c 50 ca ea |..._dY....e..P..| +00000300 8a ba 1e 61 a8 71 cf 2c eb 94 24 ac 34 75 6e 5c |...a.q.,..$.4un\| +00000310 dc 92 ba b8 bd 42 75 ef 6d 67 5f 06 5c e3 6c c2 |.....Bu.mg_.\.l.| +00000320 aa 5e 29 25 66 00 68 c8 5d 9c 6f bb e0 16 03 03 |.^)%f.h.].o.....| +00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +00000370 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) -00000000 16 03 03 01 fb 0b 00 01 f7 00 01 f4 00 01 f1 30 |...............0| -00000010 82 01 ed 30 82 01 58 a0 03 02 01 02 02 01 00 30 |...0..X........0| -00000020 0b 06 09 2a 86 48 86 f7 0d 01 01 05 30 26 31 10 |...*.H......0&1.| -00000030 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -00000040 31 12 30 10 06 03 55 04 03 13 09 31 32 37 2e 30 |1.0...U....127.0| -00000050 2e 30 2e 31 30 1e 17 0d 31 31 31 32 30 38 30 37 |.0.10...11120807| -00000060 35 35 31 32 5a 17 0d 31 32 31 32 30 37 30 38 30 |5512Z..121207080| -00000070 30 31 32 5a 30 26 31 10 30 0e 06 03 55 04 0a 13 |012Z0&1.0...U...| -00000080 07 41 63 6d 65 20 43 6f 31 12 30 10 06 03 55 04 |.Acme Co1.0...U.| -00000090 03 13 09 31 32 37 2e 30 2e 30 2e 31 30 81 9c 30 |...127.0.0.10..0| -000000a0 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 8c 00 |...*.H..........| -000000b0 30 81 88 02 81 80 4e d0 7b 31 e3 82 64 d9 59 c0 |0.....N.{1..d.Y.| -000000c0 c2 87 a4 5e 1e 8b 73 33 c7 63 53 df 66 92 06 84 |...^..s3.cS.f...| -000000d0 f6 64 d5 8f e4 36 a7 1d 2b e8 b3 20 36 45 23 b5 |.d...6..+.. 6E#.| -000000e0 e3 95 ae ed e0 f5 20 9c 8d 95 df 7f 5a 12 ef 87 |...... .....Z...| -000000f0 e4 5b 68 e4 e9 0e 74 ec 04 8a 7f de 93 27 c4 01 |.[h...t......'..| -00000100 19 7a bd f2 dc 3d 14 ab d0 54 ca 21 0c d0 4d 6e |.z...=...T.!..Mn| -00000110 87 2e 5c c5 d2 bb 4d 4b 4f ce b6 2c f7 7e 88 ec |..\...MKO..,.~..| -00000120 7c d7 02 91 74 a6 1e 0c 1a da e3 4a 5a 2e de 13 ||...t......JZ...| -00000130 9c 4c 40 88 59 93 02 03 01 00 01 a3 32 30 30 30 |.L@.Y.......2000| -00000140 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 00 a0 30 |...U...........0| -00000150 0d 06 03 55 1d 0e 04 06 04 04 01 02 03 04 30 0f |...U..........0.| -00000160 06 03 55 1d 23 04 08 30 06 80 04 01 02 03 04 30 |..U.#..0.......0| -00000170 0b 06 09 2a 86 48 86 f7 0d 01 01 05 03 81 81 00 |...*.H..........| -00000180 36 1f b3 7a 0c 75 c9 6e 37 46 61 2b d5 bd c0 a7 |6..z.u.n7Fa+....| -00000190 4b cc 46 9a 81 58 7c 85 79 29 c8 c8 c6 67 dd 32 |K.F..X|.y)...g.2| -000001a0 56 45 2b 75 b6 e9 24 a9 50 9a be 1f 5a fa 1a 15 |VE+u..$.P...Z...| -000001b0 d9 cc 55 95 72 16 83 b9 c2 b6 8f fd 88 8c 38 84 |..U.r.........8.| -000001c0 1d ab 5d 92 31 13 4f fd 83 3b c6 9d f1 11 62 b6 |..].1.O..;....b.| -000001d0 8b ec ab 67 be c8 64 b0 11 50 46 58 17 6b 99 1c |...g..d..PFX.k..| -000001e0 d3 1d fc 06 f1 0e e5 96 a8 0c f9 78 20 b7 44 18 |...........x .D.| -000001f0 51 8d 10 7e 4f 94 67 df a3 4e 70 73 8e 90 91 85 |Q..~O.g..Nps....| -00000200 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000210 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000220 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000230 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000240 a6 b5 68 1a 41 03 56 6b dc 5a 89 16 03 03 00 88 |..h.A.Vk.Z......| -00000250 0f 00 00 84 04 01 00 80 38 f2 16 e5 b5 86 16 62 |........8......b| -00000260 86 e1 7d 01 f1 a8 e1 f7 e7 85 b1 a0 17 ee 84 25 |..}............%| -00000270 cb 3c 46 61 1a 78 7b 1e ee 32 bc d9 6c fa 6b 76 |.....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 08 04 00 80 53 85 ea dc a6 86 2d |.........S.....-| +00000240 e7 8c 0b 68 f9 57 7f f5 77 d8 fe 35 28 91 e7 2f |...h.W..w..5(../| +00000250 8a 2c 36 cf d7 8c 9f 3d f2 e2 99 41 11 b2 3c a2 |.,6....=...A..<.| +00000260 5e f3 68 1f b5 d4 f8 90 8a e2 5e 02 48 00 2b eb |^.h.......^.H.+.| +00000270 f0 e6 8c 28 af 11 80 82 ea 35 06 fd 0a 5f d7 1a |...(.....5..._..| +00000280 e9 63 29 08 8c aa 18 1e 7c 08 81 21 c8 aa 86 b1 |.c).....|..!....| +00000290 cf 94 db f6 8d 15 dc cc ae cf 41 2c 32 b1 3f 0c |..........A,2.?.| +000002a0 96 0e 5c ed 82 74 cc fc 35 f4 38 80 29 00 c1 3a |..\..t..5.8.)..:| +000002b0 70 d4 07 07 9c 49 9e 7b 91 14 03 03 00 01 01 16 |p....I.{........| +000002c0 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 |...@............| +000002d0 00 00 00 00 f3 da dc d7 12 d6 f6 19 75 a8 02 68 |............u..h| +000002e0 57 0e e1 90 75 d1 fc b8 32 a3 34 16 d6 8d 2a f5 |W...u...2.4...*.| +000002f0 65 f2 a7 67 2c 2c a4 73 6a b6 f2 ad 2d 7f 8a ce |e..g,,.sj...-...| +00000300 a7 12 16 97 |....| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 ee a8 82 bc 3f |..........@....?| -00000010 bf ab a6 e4 30 e0 3d f1 2f 19 a2 ac 7a 81 57 f1 |....0.=./...z.W.| -00000020 ee 67 3f 55 2b 30 fa 72 b5 10 03 ec 8d 0a 8f bb |.g?U+0.r........| -00000030 24 f5 45 f5 4e 53 4b 93 a5 0d 42 6c 46 69 98 fb |$.E.NSK...BlFi..| -00000040 63 c5 9f 95 65 d1 b6 f0 a4 15 bd |c...e......| +00000000 14 03 03 00 01 01 16 03 03 00 40 dc 11 a1 a2 fb |..........@.....| +00000010 55 0c 9e e0 e2 55 1a ca cd 5b df 1f 39 9e 08 51 |U....U...[..9..Q| +00000020 bd 6b 72 40 93 f8 23 7a 32 9d 85 18 20 b7 39 b0 |.kr@..#z2... .9.| +00000030 03 d3 10 6a 8e 66 6d e6 d5 38 03 c6 e5 b8 dc d7 |...j.fm..8......| +00000040 3c 27 1d d2 a9 59 f9 18 7d 15 90 |<'...Y..}..| >>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 cb 4e bc d1 a9 58 ef c8 39 a9 36 |......N...X..9.6| -00000020 f4 35 05 96 8e a4 50 bc f4 15 06 f9 fd 41 6d 1e |.5....P......Am.| -00000030 5e 7c 82 63 94 15 03 03 00 30 00 00 00 00 00 00 |^|.c.....0......| -00000040 00 00 00 00 00 00 00 00 00 00 bd 77 87 a5 5a d4 |...........w..Z.| -00000050 b8 59 e6 6b 0f dd ea f9 ed 18 b2 9f a9 61 b4 3a |.Y.k.........a.:| -00000060 47 15 15 3b 83 ef e1 6d db a8 |G..;...m..| +00000010 00 00 00 00 00 c2 92 ee 96 31 60 90 d5 ee a6 1c |.........1`.....| +00000020 ed 3c 03 40 8c e7 0c db 7f b0 11 dc 7e 58 e1 aa |.<.@........~X..| +00000030 4c d7 68 2a 91 15 03 03 00 30 00 00 00 00 00 00 |L.h*.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 b6 61 51 ac 66 a5 |...........aQ.f.| +00000050 d1 ef d3 ee c8 d3 48 72 d5 e0 ef 7d ca 6a ec b2 |......Hr...}.j..| +00000060 77 ff 2d a8 32 6d be 6e a7 42 |w.-.2m.n.B| diff --git a/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA b/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA index df3eaa44..cdc71041 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA +++ b/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA @@ -1,126 +1,137 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 51 02 00 00 4d 03 03 53 04 f1 02 1d |....Q...M..S....| -00000010 0e dc 86 e5 a9 07 71 46 15 34 af 47 15 3f 03 9c |......qF.4.G.?..| -00000020 fc d6 fd 44 7c f4 f1 c7 8d 6f f8 20 28 ea 3c dc |...D|....o. (.<.| -00000030 b2 4c b7 ba 20 88 c4 db a5 73 ea 93 ab 3a 85 a6 |.L.. ....s...:..| -00000040 8f 59 49 d9 a9 31 14 d5 a6 2b 4f d1 00 05 00 00 |.YI..1...+O.....| -00000050 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 30 0d 00 |n8P)l........0..| -00000320 00 28 03 01 02 40 00 20 06 01 06 02 06 03 05 01 |.(...@. ........| -00000330 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| -00000340 02 01 02 02 02 03 01 01 00 00 0e 00 00 00 |..............| +00000000 16 03 03 00 59 02 00 00 55 03 03 f3 28 ca c9 ac |....Y...U...(...| +00000010 29 bb 15 80 56 d2 37 09 fa 7d 23 04 d4 79 e7 1d |)...V.7..}#..y..| +00000020 bb 4e c5 60 c8 44 39 02 6a e9 e0 20 b5 ae 39 87 |.N.`.D9.j.. ..9.| +00000030 4e 24 2f 33 02 fe 72 d6 2a 4d 0c 8c da 36 7b 28 |N$/3..r.*M...6{(| +00000040 3c 06 aa b2 60 68 91 7a ae d8 7b e2 c0 2f 00 00 |<...`h.z..{../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 d4 df 5d 10 ee ba a6 |........ ..]....| +000002d0 51 d7 1b fb bf ed bc d6 b9 34 44 e7 af 23 0e 9b |Q........4D..#..| +000002e0 45 af ba 7a 89 63 03 a9 4c 08 04 00 80 30 2c 0f |E..z.c..L....0,.| +000002f0 2e d9 e4 1d c2 90 01 1c cc cf d4 fe 06 6d c3 aa |.............m..| +00000300 59 d9 d9 bc 16 2f 2c b1 be 90 a3 93 a7 be bc 4d |Y..../,........M| +00000310 d8 f4 ac 21 36 59 a8 21 94 ef d3 c4 53 14 34 18 |...!6Y.!....S.4.| +00000320 c9 10 d5 77 fd 1e ad 15 0f 23 d7 73 90 7a c0 7b |...w.....#.s.z.{| +00000330 b3 b2 e2 df 15 42 35 ce 38 05 52 02 77 b7 b2 2b |.....B5.8.R.w..+| +00000340 6b 88 6a ce d4 20 99 9d e4 fe e8 38 1e 01 b7 78 |k.j.. .....8...x| +00000350 3c ea ac 8e ef 2f 7e e8 22 08 78 42 b7 db 84 80 |<..../~.".xB....| +00000360 8c 61 8a c5 cc d7 1f 6a 8d 5c 1d 2d 0d 16 03 03 |.a.....j.\.-....| +00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +000003b0 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) -00000000 16 03 03 01 fb 0b 00 01 f7 00 01 f4 00 01 f1 30 |...............0| -00000010 82 01 ed 30 82 01 58 a0 03 02 01 02 02 01 00 30 |...0..X........0| -00000020 0b 06 09 2a 86 48 86 f7 0d 01 01 05 30 26 31 10 |...*.H......0&1.| -00000030 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -00000040 31 12 30 10 06 03 55 04 03 13 09 31 32 37 2e 30 |1.0...U....127.0| -00000050 2e 30 2e 31 30 1e 17 0d 31 31 31 32 30 38 30 37 |.0.10...11120807| -00000060 35 35 31 32 5a 17 0d 31 32 31 32 30 37 30 38 30 |5512Z..121207080| -00000070 30 31 32 5a 30 26 31 10 30 0e 06 03 55 04 0a 13 |012Z0&1.0...U...| -00000080 07 41 63 6d 65 20 43 6f 31 12 30 10 06 03 55 04 |.Acme Co1.0...U.| -00000090 03 13 09 31 32 37 2e 30 2e 30 2e 31 30 81 9c 30 |...127.0.0.10..0| -000000a0 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 8c 00 |...*.H..........| -000000b0 30 81 88 02 81 80 4e d0 7b 31 e3 82 64 d9 59 c0 |0.....N.{1..d.Y.| -000000c0 c2 87 a4 5e 1e 8b 73 33 c7 63 53 df 66 92 06 84 |...^..s3.cS.f...| -000000d0 f6 64 d5 8f e4 36 a7 1d 2b e8 b3 20 36 45 23 b5 |.d...6..+.. 6E#.| -000000e0 e3 95 ae ed e0 f5 20 9c 8d 95 df 7f 5a 12 ef 87 |...... .....Z...| -000000f0 e4 5b 68 e4 e9 0e 74 ec 04 8a 7f de 93 27 c4 01 |.[h...t......'..| -00000100 19 7a bd f2 dc 3d 14 ab d0 54 ca 21 0c d0 4d 6e |.z...=...T.!..Mn| -00000110 87 2e 5c c5 d2 bb 4d 4b 4f ce b6 2c f7 7e 88 ec |..\...MKO..,.~..| -00000120 7c d7 02 91 74 a6 1e 0c 1a da e3 4a 5a 2e de 13 ||...t......JZ...| -00000130 9c 4c 40 88 59 93 02 03 01 00 01 a3 32 30 30 30 |.L@.Y.......2000| -00000140 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 00 a0 30 |...U...........0| -00000150 0d 06 03 55 1d 0e 04 06 04 04 01 02 03 04 30 0f |...U..........0.| -00000160 06 03 55 1d 23 04 08 30 06 80 04 01 02 03 04 30 |..U.#..0.......0| -00000170 0b 06 09 2a 86 48 86 f7 0d 01 01 05 03 81 81 00 |...*.H..........| -00000180 36 1f b3 7a 0c 75 c9 6e 37 46 61 2b d5 bd c0 a7 |6..z.u.n7Fa+....| -00000190 4b cc 46 9a 81 58 7c 85 79 29 c8 c8 c6 67 dd 32 |K.F..X|.y)...g.2| -000001a0 56 45 2b 75 b6 e9 24 a9 50 9a be 1f 5a fa 1a 15 |VE+u..$.P...Z...| -000001b0 d9 cc 55 95 72 16 83 b9 c2 b6 8f fd 88 8c 38 84 |..U.r.........8.| -000001c0 1d ab 5d 92 31 13 4f fd 83 3b c6 9d f1 11 62 b6 |..].1.O..;....b.| -000001d0 8b ec ab 67 be c8 64 b0 11 50 46 58 17 6b 99 1c |...g..d..PFX.k..| -000001e0 d3 1d fc 06 f1 0e e5 96 a8 0c f9 78 20 b7 44 18 |...........x .D.| -000001f0 51 8d 10 7e 4f 94 67 df a3 4e 70 73 8e 90 91 85 |Q..~O.g..Nps....| -00000200 16 03 03 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 |...........mQ...| -00000210 3e fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c |>.u.A6..j.*.%.gL| -00000220 8e 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 |.b/0......+.#...| -00000230 1d f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 |..;...'..$...[.f| -00000240 0d 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be |.j.....C........| -00000250 c8 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce |..9L.....K.../..| -00000260 e6 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 |..w.o#......:..V| -00000270 f1 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 |..T^F..;3..(....| -00000280 35 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 03 00 88 |5..C.0oUN.p.....| -00000290 0f 00 00 84 04 01 00 80 2a 1f ae 48 9f 86 16 dc |........*..H....| -000002a0 c2 55 1f 5f 95 81 ed 56 00 5d 35 46 e5 b6 57 d5 |.U._...V.]5F..W.| -000002b0 a6 3e 32 38 8b e2 c6 1c b9 b1 38 b2 da 66 45 ed |.>28......8..fE.| -000002c0 58 6a 7f 43 41 93 a5 09 da b9 04 ce 3f 13 8a 19 |Xj.CA.......?...| -000002d0 13 e9 2c 1f c5 e7 35 b4 2d ea 7c 81 90 33 c0 66 |..,...5.-.|..3.f| -000002e0 dc 41 8b 23 08 8f 69 d4 d6 a2 5f c1 bd 26 e6 2e |.A.#..i..._..&..| -000002f0 7f c8 7c a8 2d d4 08 95 ce 6e 58 54 04 a2 a6 63 |..|.-....nXT...c| -00000300 54 72 67 f2 7f 61 0a 6b 58 46 d4 88 95 38 37 f2 |Trg..a.kXF...87.| -00000310 93 95 48 56 14 a7 b9 7c 14 03 03 00 01 01 16 03 |..HV...|........| -00000320 03 00 24 64 bb 41 3a cb a2 2f 95 53 5c 2f f7 83 |..$d.A:../.S\/..| -00000330 a2 35 18 f6 d0 8d 6f e2 54 ed 2f 07 10 f4 36 e2 |.5....o.T./...6.| -00000340 3d e5 30 1d e3 63 01 |=.0..c.| +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 08 04 00 80 b8 96 b3 c8 66 a9 fb |.............f..| +00000240 da 1b 82 65 9d 57 e5 e5 e5 60 c9 43 df 6e 99 53 |...e.W...`.C.n.S| +00000250 45 95 b8 58 d1 19 05 50 e1 a7 3c e8 07 ad 57 09 |E..X...P..<...W.| +00000260 9c 95 13 ea 80 24 53 56 b1 13 2d 59 9d e9 60 0f |.....$SV..-Y..`.| +00000270 75 97 d3 4f 82 3a b5 41 3e 90 75 ea 28 97 00 e7 |u..O.:.A>.u.(...| +00000280 74 c9 04 1d d0 16 ba 40 75 9c ae a0 bd 00 b1 a9 |t......@u.......| +00000290 86 d5 1a f2 30 45 72 99 ea b2 eb 61 b1 63 72 c5 |....0Er....a.cr.| +000002a0 ad b1 60 a8 fa bd 95 95 17 03 4c 8e 87 4b 44 e5 |..`.......L..KD.| +000002b0 ec f3 e0 48 33 b8 a9 74 78 14 03 03 00 01 01 16 |...H3..tx.......| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 e6 a6 db ee |...(............| +000002d0 7d fb 48 9f 81 a6 78 6a db a1 9a bb c8 da 7b b2 |}.H...xj......{.| +000002e0 6a 01 66 fb 85 a7 2f 35 40 77 b6 b2 |j.f.../5@w..| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 0a 22 b6 bc da |..........$."...| -00000010 34 38 53 8e 80 e2 25 7b 31 2f 70 8e 3a db e8 a3 |48S...%{1/p.:...| -00000020 70 0e 88 22 b4 a8 be d4 a3 e3 cc 13 94 ef 47 |p.."..........G| +00000000 14 03 03 00 01 01 16 03 03 00 28 b3 9c 30 b6 a2 |..........(..0..| +00000010 cb cf 75 38 10 e7 80 39 0e 87 39 9c d9 da 2c 53 |..u8...9..9...,S| +00000020 1a 64 2d 33 ff 21 25 e9 3c f2 ec 6d a4 59 f4 30 |.d-3.!%.<..m.Y.0| +00000030 ea 41 24 |.A$| >>> Flow 5 (client to server) -00000000 17 03 03 00 1a b4 9c b1 57 ea 01 03 fe 01 e7 1e |........W.......| -00000010 c4 a7 0f 25 14 99 00 4f 88 51 c1 98 6e 99 01 15 |...%...O.Q..n...| -00000020 03 03 00 16 2e c4 11 8b 1a fc 37 81 18 33 e4 9f |..........7..3..| -00000030 48 a3 29 e3 ad 9b 9b ec 9f 99 |H.).......| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 65 72 8f |.............er.| +00000010 4a 5f 08 c1 f9 37 5d 30 bc c6 e6 5f a8 23 35 69 |J_...7]0..._.#5i| +00000020 d3 3c 7a 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 97 f2 cb de f1 |....Y...U.......| +00000010 bb cf 9a 6c 6d 7e e2 94 af 9d 0b ed 02 cf fc b2 |...lm~..........| +00000020 80 b2 7b 41 2c a6 83 e7 52 62 93 20 63 23 7f 48 |..{A,...Rb. c#.H| +00000030 be c1 7f d3 75 34 fe 3a ad 27 f5 99 b0 73 91 df |....u4.:.'...s..| +00000040 b3 e9 82 95 cd 1b f9 08 b6 3d 4f 9b c0 2f 00 00 |.........=O../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 f8 3a 6c 5b 6f 88 48 |........ .:l[o.H| +000002d0 19 c5 a2 e7 4a d9 6d 21 56 23 63 1b 1f 95 aa bc |....J.m!V#c.....| +000002e0 33 ac aa 3b bb f8 35 ba 1a 04 01 00 80 98 6d 7b |3..;..5.......m{| +000002f0 7d 40 13 81 6b 70 ec ac 60 ee 1d 3e 37 36 bc f4 |}@..kp..`..>76..| +00000300 c1 9f 3c 13 b7 06 3d 38 be 4f 8c 3e e2 2e f2 b5 |..<...=8.O.>....| +00000310 de 16 ec a0 5b 64 00 5c c3 50 cc 79 a2 f7 e0 8d |....[d.\.P.y....| +00000320 68 e6 6b 1b b8 57 a4 15 d0 2c d7 4a be 97 26 26 |h.k..W...,.J..&&| +00000330 8c 5c 4e 26 36 96 48 b5 0f 88 7b 37 43 e4 d1 24 |.\N&6.H...{7C..$| +00000340 01 3c 70 38 99 c6 e2 2f 66 e7 db 57 30 f2 72 d0 |.>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 04 01 00 80 a8 12 9d 84 c2 17 0a |................| +00000240 03 ae bd 87 9a b6 6f 65 2f 7a 04 1f 69 2a 41 f4 |......oe/z..i*A.| +00000250 d0 9a 4d a4 5b 6e d2 d3 42 c3 77 4f 04 28 ce e6 |..M.[n..B.wO.(..| +00000260 d4 25 c5 81 1b 78 91 e9 1e 93 90 57 b2 58 6f 26 |.%...x.....W.Xo&| +00000270 ed 20 15 62 ff e9 c6 c1 52 4a 9a 05 a6 cd 17 22 |. .b....RJ....."| +00000280 75 c8 81 da a4 96 af c6 83 b5 5c 81 93 59 44 26 |u.........\..YD&| +00000290 5b 03 59 9d ab 93 ee c7 37 61 74 e7 4a 22 1c ec |[.Y.....7at.J"..| +000002a0 96 fb a2 c9 ea 2d 4b 8d d3 a7 e4 60 57 10 be b7 |.....-K....`W...| +000002b0 60 80 4f ee 8e 21 6b a2 13 14 03 03 00 01 01 16 |`.O..!k.........| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 16 82 4a c0 |...(..........J.| +000002d0 98 7b 62 3e 9b da a9 ac 31 f2 32 a9 23 13 2f e3 |.{b>....1.2.#./.| +000002e0 77 c9 1e ca 39 9f 4c 8a 10 58 33 67 |w...9.L..X3g| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 8e 56 d0 9c 38 |..........(.V..8| +00000010 4f d9 df 12 9b dd 96 05 94 77 2f 6d 24 a8 cb 56 |O........w/m$..V| +00000020 91 f9 bc ec 00 b5 cc 71 c4 f4 36 42 be 68 37 78 |.......q..6B.h7x| +00000030 8f 6e 8c |.n.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 1c 19 9e |................| +00000010 a5 40 f6 d7 8b 80 23 8a 0b fa 14 65 08 6a 3c 66 |.@....#....e.j>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 29 bc e2 fe ae |....Y...U..)....| +00000010 0a db 37 e6 39 d5 48 24 3d 0f e5 d7 6b a3 69 dd |..7.9.H$=...k.i.| +00000020 ce 09 fd 28 03 c2 7e 38 db c9 ec 20 d2 5e 3f 94 |...(..~8... .^?.| +00000030 b0 2c 5e 4c 77 c2 94 c3 f2 a9 d0 91 4f 96 45 0e |.,^Lw.......O.E.| +00000040 d3 34 fc 9f e0 a5 e6 fc 1e 8a c1 00 c0 2f 00 00 |.4.........../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 66 0b 00 02 62 00 02 5f 00 02 5c 30 82 02 |..f...b.._..\0..| +00000070 58 30 82 01 8d a0 03 02 01 02 02 11 00 f2 99 26 |X0.............&| +00000080 eb 87 ea 8a 0d b9 fc c2 47 34 7c 11 b0 30 41 06 |........G4|..0A.| +00000090 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 0f 30 0d |.*.H......04..0.| +000000a0 06 09 60 86 48 01 65 03 04 02 01 05 00 a1 1c 30 |..`.H.e........0| +000000b0 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 0d 06 09 |...*.H......0...| +000000c0 60 86 48 01 65 03 04 02 01 05 00 a2 03 02 01 20 |`.H.e.......... | +000000d0 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 6d |0.1.0...U....Acm| +000000e0 65 20 43 6f 30 1e 17 0d 31 37 31 31 32 33 31 36 |e Co0...17112316| +000000f0 31 36 31 30 5a 17 0d 31 38 31 31 32 33 31 36 31 |1610Z..181123161| +00000100 36 31 30 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 |610Z0.1.0...U...| +00000110 07 41 63 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a |.Acme Co0..0...*| +00000120 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 |.H............0.| +00000130 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc 06 |......F}...'.H..| +00000140 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 47 |(!.~...]..RE.z6G| +00000150 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb 4f |....B[.....y.@.O| +00000160 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 22 |m..+.....g....."| +00000170 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 74 |8.J.ts+.4......t| +00000180 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 23 |{.X.la<..A..++$#| +00000190 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d 1e |w[.;.u]. T..c...| +000001a0 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 62 |$....P....C...ub| +000001b0 f4 14 c8 52 d7 02 03 01 00 01 a3 46 30 44 30 0e |...R.......F0D0.| +000001c0 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 |..U...........0.| +000001d0 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 |..U.%..0...+....| +000001e0 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 |...0...U.......0| +000001f0 00 30 0f 06 03 55 1d 11 04 08 30 06 87 04 7f 00 |.0...U....0.....| +00000200 00 01 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 |..0A..*.H......0| +00000210 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 |4..0...`.H.e....| +00000220 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 |....0...*.H.....| +00000230 08 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 |.0...`.H.e......| +00000240 a2 03 02 01 20 03 81 81 00 cd ac 4e f2 ce 5f 8d |.... ......N.._.| +00000250 79 88 10 42 70 7f 7c bf 1b 5a 8a 00 ef 19 15 4b |y..Bp.|..Z.....K| +00000260 40 15 17 71 00 6c d4 16 26 e5 49 6d 56 da 0c 1a |@..q.l..&.ImV...| +00000270 13 9f d8 46 95 59 3c b6 7f 87 76 5e 18 aa 03 ea |...F.Y<...v^....| +00000280 06 75 22 dd 78 d2 a5 89 b8 c9 23 64 e1 28 38 ce |.u".x.....#d.(8.| +00000290 34 6c 6e 06 7b 51 f1 a7 e6 f4 b3 7f fa b1 3f 14 |4ln.{Q........?.| +000002a0 11 89 66 79 d1 8e 88 0e 0b a0 9e 30 2a c0 67 ef |..fy.......0*.g.| +000002b0 ca 46 02 88 e9 53 81 22 69 22 97 ad 80 93 d4 f7 |.F...S."i"......| +000002c0 dd 70 14 24 d7 70 0a 46 a1 16 03 03 00 ac 0c 00 |.p.$.p.F........| +000002d0 00 a8 03 00 1d 20 9e e4 39 3a b3 d5 f9 51 16 d4 |..... ..9:...Q..| +000002e0 a8 e1 0a 6d ad 3c ca 01 97 d6 a1 ce 03 2a 67 4a |...m.<.......*gJ| +000002f0 49 06 eb ed c6 24 08 04 00 80 b3 b7 9e fd 97 9b |I....$..........| +00000300 b0 d6 35 89 21 53 ff a8 4b 59 59 26 37 ac 2f 36 |..5.!S..KYY&7./6| +00000310 27 3d 5a 04 3f 50 ed 36 e0 5f 1a d7 1b 36 47 94 |'=Z.?P.6._...6G.| +00000320 45 ec 8c 0b 8f 0f fc df ec 3c 56 f0 d0 28 45 94 |E........>> Flow 3 (client to server) +00000000 16 03 03 02 66 0b 00 02 62 00 02 5f 00 02 5c 30 |....f...b.._..\0| +00000010 82 02 58 30 82 01 8d a0 03 02 01 02 02 11 00 f2 |..X0............| +00000020 99 26 eb 87 ea 8a 0d b9 fc c2 47 34 7c 11 b0 30 |.&........G4|..0| +00000030 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 0f |A..*.H......04..| +00000040 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 a1 |0...`.H.e.......| +00000050 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 0d |.0...*.H......0.| +00000060 06 09 60 86 48 01 65 03 04 02 01 05 00 a2 03 02 |..`.H.e.........| +00000070 01 20 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 |. 0.1.0...U....A| +00000080 63 6d 65 20 43 6f 30 1e 17 0d 31 37 31 31 32 33 |cme Co0...171123| +00000090 31 36 31 36 31 30 5a 17 0d 31 38 31 31 32 33 31 |161610Z..1811231| +000000a0 36 31 36 31 30 5a 30 12 31 10 30 0e 06 03 55 04 |61610Z0.1.0...U.| +000000b0 0a 13 07 41 63 6d 65 20 43 6f 30 81 9f 30 0d 06 |...Acme Co0..0..| +000000c0 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| +000000d0 30 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 |0.......F}...'.H| +000000e0 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a |..(!.~...]..RE.z| +000000f0 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 |6G....B[.....y.@| +00000100 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e |.Om..+.....g....| +00000110 d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 |."8.J.ts+.4.....| +00000120 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b |.t{.X.la<..A..++| +00000130 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 |$#w[.;.u]. T..c.| +00000140 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 |..$....P....C...| +00000150 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 46 30 44 |ub...R.......F0D| +00000160 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 |0...U...........| +00000170 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 |0...U.%..0...+..| +00000180 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 |.....0...U......| +00000190 02 30 00 30 0f 06 03 55 1d 11 04 08 30 06 87 04 |.0.0...U....0...| +000001a0 7f 00 00 01 30 41 06 09 2a 86 48 86 f7 0d 01 01 |....0A..*.H.....| +000001b0 0a 30 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 |.04..0...`.H.e..| +000001c0 02 01 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d |......0...*.H...| +000001d0 01 01 08 30 0d 06 09 60 86 48 01 65 03 04 02 01 |...0...`.H.e....| +000001e0 05 00 a2 03 02 01 20 03 81 81 00 cd ac 4e f2 ce |...... ......N..| +000001f0 5f 8d 79 88 10 42 70 7f 7c bf 1b 5a 8a 00 ef 19 |_.y..Bp.|..Z....| +00000200 15 4b 40 15 17 71 00 6c d4 16 26 e5 49 6d 56 da |.K@..q.l..&.ImV.| +00000210 0c 1a 13 9f d8 46 95 59 3c b6 7f 87 76 5e 18 aa |.....F.Y<...v^..| +00000220 03 ea 06 75 22 dd 78 d2 a5 89 b8 c9 23 64 e1 28 |...u".x.....#d.(| +00000230 38 ce 34 6c 6e 06 7b 51 f1 a7 e6 f4 b3 7f fa b1 |8.4ln.{Q........| +00000240 3f 14 11 89 66 79 d1 8e 88 0e 0b a0 9e 30 2a c0 |?...fy.......0*.| +00000250 67 ef ca 46 02 88 e9 53 81 22 69 22 97 ad 80 93 |g..F...S."i"....| +00000260 d4 f7 dd 70 14 24 d7 70 0a 46 a1 16 03 03 00 25 |...p.$.p.F.....%| +00000270 10 00 00 21 20 2f e5 7d a3 47 cd 62 43 15 28 da |...! /.}.G.bC.(.| +00000280 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........| +00000290 5f 58 cb 3b 74 16 03 03 00 88 0f 00 00 84 08 04 |_X.;t...........| +000002a0 00 80 a6 6b 99 15 5e 97 33 4f a8 0e 59 af 15 22 |...k..^.3O..Y.."| +000002b0 f3 6e be 02 6e e4 20 d5 81 c0 b4 74 5a e2 20 32 |.n..n. ....tZ. 2| +000002c0 2b 7f 9c e6 94 32 4d 30 bf 93 86 9b 75 4d f1 9f |+....2M0....uM..| +000002d0 e4 48 28 00 27 fa 7c 45 2e fe d7 0b dc 03 c4 6b |.H(.'.|E.......k| +000002e0 42 ad a2 32 d7 9d ea d6 52 05 3f ed 87 fd b9 9d |B..2....R.?.....| +000002f0 58 fd d6 9f 28 6d 45 07 de 5b 4a 8e f4 4d 19 0b |X...(mE..[J..M..| +00000300 cf 4e 64 75 73 ae cd e9 ae f9 af 27 d0 b9 eb 4c |.Ndus......'...L| +00000310 98 ad 66 6d 4e bf 2c 39 87 f3 72 3e 4e bc a1 8f |..fmN.,9..r>N...| +00000320 a8 1e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 |............(...| +00000330 00 00 00 00 00 04 3c cc ae cd 19 52 6b 1e 0e cc |......<....Rk...| +00000340 dd a9 ac 2f 2a c6 94 4c 09 f3 ee 2f b5 5a 13 1e |.../*..L.../.Z..| +00000350 4f 54 a0 ae c2 |OT...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 6d 44 cb 35 8b |..........(mD.5.| +00000010 15 5c f9 f8 1e ae 4f 8c 8c d9 90 9e 6c cf 13 f6 |.\....O.....l...| +00000020 12 29 f5 f7 d6 ff da e2 48 7d 68 ec ad 1a 6c 39 |.)......H}h...l9| +00000030 c5 77 6c |.wl| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 2a ce da |.............*..| +00000010 11 1c 7d 49 0d aa 44 d4 d6 d4 7f 64 2b 49 47 20 |..}I..D....d+IG | +00000020 5a 21 bb 15 03 03 00 1a 00 00 00 00 00 00 00 02 |Z!..............| +00000030 fc 10 75 a7 22 f9 74 1c 3a d2 b2 a8 04 2d 37 5f |..u.".t.:....-7_| +00000040 c2 76 |.v| diff --git a/tls/testdata/Client-TLSv12-ClientFingerprint b/tls/testdata/Client-TLSv12-ClientFingerprint deleted file mode 100644 index 4de00c7e..00000000 --- a/tls/testdata/Client-TLSv12-ClientFingerprint +++ /dev/null @@ -1,106 +0,0 @@ ->>> Flow 1 (client to server) -00000000 16 03 01 00 a5 01 00 00 a1 03 03 00 00 00 00 00 |................| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1e c0 2b |...............+| -00000030 c0 2f cc a9 cc a8 c0 2c c0 30 c0 0a c0 09 c0 13 |./.....,.0......| -00000040 c0 14 00 33 00 39 00 2f 00 35 00 0a 01 00 00 5a |...3.9./.5.....Z| -00000050 00 17 00 00 ff 01 00 01 00 00 0a 00 08 00 06 00 |................| -00000060 17 00 18 00 19 00 0b 00 02 01 00 00 23 00 00 33 |............#..3| -00000070 74 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 |t.........h2.htt| -00000080 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00 0d |p/1.1...........| -00000090 00 18 00 16 04 01 05 01 06 01 02 01 04 03 05 03 |................| -000000a0 06 03 02 03 05 02 04 02 02 02 |..........| ->>> Flow 2 (server to client) -00000000 16 03 03 00 3d 02 00 00 39 03 03 8b 28 19 a4 d5 |....=...9...(...| -00000010 f2 25 35 04 10 17 2d 74 b8 80 23 c2 5c 4d 8d 58 |.%5...-t..#.\M.X| -00000020 3b 9d f8 f0 38 bd c3 bd 07 e3 a1 00 c0 2f 00 00 |;...8......../..| -00000030 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 23 |...............#| -00000040 00 00 16 03 03 02 be 0b 00 02 ba 00 02 b7 00 02 |................| -00000050 b4 30 82 02 b0 30 82 02 19 a0 03 02 01 02 02 09 |.0...0..........| -00000060 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 09 2a 86 48 |.........0...*.H| -00000070 86 f7 0d 01 01 05 05 00 30 45 31 0b 30 09 06 03 |........0E1.0...| -00000080 55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08 |U....AU1.0...U..| -00000090 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f |..Some-State1!0.| -000000a0 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 |..U....Internet | -000000b0 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 30 |Widgits Pty Ltd0| -000000c0 1e 17 0d 31 30 30 34 32 34 30 39 30 39 33 38 5a |...100424090938Z| -000000d0 17 0d 31 31 30 34 32 34 30 39 30 39 33 38 5a 30 |..110424090938Z0| -000000e0 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 |E1.0...U....AU1.| -000000f0 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 |0...U....Some-St| -00000100 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e |ate1!0...U....In| -00000110 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 |ternet Widgits P| -00000120 74 79 20 4c 74 64 30 81 9f 30 0d 06 09 2a 86 48 |ty Ltd0..0...*.H| -00000130 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 |............0...| -00000140 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 |....y......F...i| -00000150 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 |..+.CZ..-.zC...R| -00000160 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 |..eL,x.#........| -00000170 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 |;~b.,.3...\zV...| -00000180 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 |..X{&?......!.J.| -00000190 f4 54 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 |.T.Z..Bq......~.| -000001a0 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b |}}..9....Q.|..L;| -000001b0 32 66 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae |2f......q.....k.| -000001c0 da 2d 79 02 03 01 00 01 a3 81 a7 30 81 a4 30 1d |.-y........0..0.| -000001d0 06 03 55 1d 0e 04 16 04 14 b1 ad e2 85 5a cf cb |..U..........Z..| -000001e0 28 db 69 ce 23 69 de d3 26 8e 18 88 39 30 75 06 |(.i.#i..&...90u.| -000001f0 03 55 1d 23 04 6e 30 6c 80 14 b1 ad e2 85 5a cf |.U.#.n0l......Z.| -00000200 cb 28 db 69 ce 23 69 de d3 26 8e 18 88 39 a1 49 |.(.i.#i..&...9.I| -00000210 a4 47 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |.G0E1.0...U....A| -00000220 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| -00000230 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| -00000240 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| -00000250 73 20 50 74 79 20 4c 74 64 82 09 00 85 b0 bb a4 |s Pty Ltd.......| -00000260 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 05 30 03 01 |....0...U....0..| -00000270 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 |..0...*.H.......| -00000280 00 03 81 81 00 08 6c 45 24 c7 6b b1 59 ab 0c 52 |......lE$.k.Y..R| -00000290 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a 95 66 e4 c5 |.......zdu.Z.f..| -000002a0 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 d3 92 fd f7 |+...f..O8.n`....| -000002b0 41 08 b5 25 13 b1 18 7a 24 fb 30 1d ba ed 98 b9 |A..%...z$.0.....| -000002c0 17 ec e7 d7 31 59 db 95 d3 1d 78 ea 50 56 5c d5 |....1Y....x.PV\.| -000002d0 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 96 8c 0f 52 |.Z-Z_3....u....R| -000002e0 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 1b 96 94 dd |...... _........| -000002f0 a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 6e 38 50 29 |..W.p.&mq..&n8P)| -00000300 6c 90 a7 bd d9 16 03 03 00 cd 0c 00 00 c9 03 00 |l...............| -00000310 17 41 04 d3 c4 af de c3 4b ff 78 fa 5f 9a fc 67 |.A......K.x._..g| -00000320 8d 52 4e 31 d9 92 60 ce 67 5d fe b3 fa f0 26 49 |.RN1..`.g]....&I| -00000330 07 5c 4b ca cb 24 35 07 a8 08 74 cc 8d 91 23 03 |.\K..$5...t...#.| -00000340 3b 40 d2 ea 7f f2 9a fd fb cf 7d 7d 8c f0 0f 6a |;@........}}...j| -00000350 35 b8 55 04 01 00 80 73 45 c5 02 37 6d a3 16 cd |5.U....sE..7m...| -00000360 6f 5e f5 1a 9e 3c b8 a6 d0 24 c6 ea 01 08 05 52 |o^...<...$.....R| -00000370 37 0b 6e 47 80 89 9f 5e 36 8d 5d a2 6a 2d 74 bb |7.nG...^6.].j-t.| -00000380 58 dc de ce 4e 44 80 f5 f7 d3 19 22 79 9b 0c b8 |X...ND....."y...| -00000390 e1 9a 7f 3f 1b 43 92 1a 1e 99 e9 14 f9 66 a9 ee |...?.C.......f..| -000003a0 87 90 79 f7 34 9d dc 26 74 25 78 fb 76 54 f9 05 |..y.4..&t%x.vT..| -000003b0 4a b1 f2 cc 41 cb f5 7b 78 ea d7 ec 72 d8 55 fa |J...A..{x...r.U.| -000003c0 b0 f1 e3 49 dd ae 58 bf d6 94 93 24 3a a8 ec 15 |...I..X....$:...| -000003d0 32 76 a4 19 48 54 da 16 03 03 00 04 0e 00 00 00 |2v..HT..........| ->>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 f1 4d |.....(.........M| -00000060 79 8b da 18 73 ff 1b 3a 84 21 bf ce 1c d1 18 0d |y...s..:.!......| -00000070 30 64 32 cf f3 f4 c9 1b ff f8 38 64 50 26 |0d2.......8dP&| ->>> Flow 4 (server to client) -00000000 16 03 03 00 aa 04 00 00 a6 00 00 1c 20 00 a0 08 |............ ...| -00000010 5c 81 24 bf 70 db 80 27 4f 05 3a aa 6f f5 3d c8 |\.$.p..'O.:.o.=.| -00000020 8e 60 10 00 71 94 42 3e 2d ee 55 15 e7 75 50 f9 |.`..q.B>-.U..uP.| -00000030 70 e7 36 41 66 3f e9 45 b3 3b 8e c2 96 d4 bb 4b |p.6Af?.E.;.....K| -00000040 f1 a8 9c ae be 26 a0 05 f9 7f 0e 75 f9 d8 dc de |.....&.....u....| -00000050 65 cb 86 05 2f 6b 6e a6 99 3d d6 ac d0 c6 53 e8 |e.../kn..=....S.| -00000060 f4 8d 83 b5 f1 83 4e a9 fc 81 b7 82 c4 88 c9 1e |......N.........| -00000070 65 52 35 21 42 d4 e8 3d 77 8f 71 e0 80 05 3b c4 |eR5!B..=w.q...;.| -00000080 7d a8 40 2e b4 c5 0a f1 1e d4 9e ca 5b 35 eb ff |}.@.........[5..| -00000090 32 fa 20 6c d8 76 4a 8d d1 91 54 46 66 d7 8d eb |2. l.vJ...TFf...| -000000a0 55 dc 12 44 0b 61 45 08 c2 20 9a 87 cd 36 a8 14 |U..D.aE.. ...6..| -000000b0 03 03 00 01 01 16 03 03 00 28 96 96 bd 4f 90 1f |.........(...O..| -000000c0 ec c0 c9 57 f2 3f 3f 78 f9 ab 8d dd 98 bd f3 2a |...W.??x.......*| -000000d0 b4 d5 be 6e 30 60 a6 90 75 18 39 ac c2 65 1e 56 |...n0`..u.9..e.V| -000000e0 bc 81 |..| ->>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 ff c5 7b |...............{| -00000010 63 b3 48 38 71 25 6a 8f 09 e6 2a 9d 88 00 15 aa |c.H8q%j...*.....| -00000020 b9 cd 1d 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................| -00000030 68 d0 ea 7f 4c b7 c3 47 5c bc 37 f9 95 af 3a 02 |h...L..G\.7...:.| -00000040 26 04 |&.| diff --git a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES index 76445903..95781c68 100644 --- a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES +++ b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 53 04 f1 02 a0 |....Y...U..S....| -00000010 5f bd a4 8d 98 93 b8 da 08 86 9f b2 be 9a a4 91 |_...............| -00000020 2b 3c 1f 18 f0 75 7c a9 a8 a0 f7 20 4a 89 9a d2 |+<...u|.... J...| -00000030 34 3b d9 b1 c2 fd 61 bd 97 19 22 ce b9 d1 5b a7 |4;....a..."...[.| -00000040 83 80 9c 19 d0 f5 a0 aa 4c ac 06 20 c0 09 00 00 |........L.. ....| +00000000 16 03 03 00 59 02 00 00 55 03 03 eb a2 77 eb b6 |....Y...U....w..| +00000010 1e e4 5c 2c ed 5a dc 93 1b 7e 8a 75 a1 8c ac a6 |..\,.Z...~.u....| +00000020 69 13 f6 f6 a4 69 07 93 99 cf 12 20 37 d7 f8 26 |i....i..... 7..&| +00000030 46 ea 3a 21 03 d0 25 0f 22 84 8d 24 2f 98 3d 42 |F.:!..%."..$/.=B| +00000040 eb 47 1d de 0c 12 ab 95 7a 55 46 f7 c0 09 00 00 |.G......zUF.....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,43 +55,39 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 d7 0c 00 00 d3 03 00 17 41 04 3c |*............A.<| -00000280 8f 35 1e 47 5d 7b ad 13 0c e9 5c c0 97 c7 83 06 |.5.G]{....\.....| -00000290 49 0f 6c cf e5 4d 3b ed f7 1b c6 96 8d ba 54 35 |I.l..M;.......T5| -000002a0 7f df 35 e3 6e 28 e9 71 f2 24 b5 ab 17 2b 4b 2b |..5.n(.q.$...+K+| -000002b0 0c 8f 9f 48 89 73 8f 09 69 84 af 7f ec 43 7a 04 |...H.s..i....Cz.| -000002c0 03 00 8a 30 81 87 02 41 79 84 43 0c 78 fa 7e e2 |...0...Ay.C.x.~.| -000002d0 c5 51 c1 60 88 c4 4a 59 7d 02 fa dc 19 68 33 ed |.Q.`..JY}....h3.| -000002e0 19 ef a1 df ef 6b 21 a6 98 aa ba a9 13 70 91 0f |.....k!......p..| -000002f0 cc 6c 5c 1e 99 53 1b 42 51 6c 06 a7 3c c4 04 22 |.l\..S.BQl..<.."| -00000300 5d 0d c1 30 ab e3 ec b4 54 02 42 01 15 15 1a 6e |]..0....T.B....n| -00000310 6f f1 c6 b1 10 84 2c c8 04 de 2b 52 d5 b4 f7 c9 |o.....,...+R....| -00000320 4f 6d 0e 0e 26 45 1d 7a 28 59 2b 8b f6 92 3a 23 |Om..&E.z(Y+...:#| -00000330 7a 39 9c d5 4e cc 5d c5 45 92 9c d0 5f 33 12 e3 |z9..N.].E..._3..| -00000340 2b 29 39 52 bb 16 aa e1 72 9e b5 fe 99 16 03 03 |+)9R....r.......| -00000350 00 04 0e 00 00 00 |......| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 90 68 |*............ .h| +00000280 81 8b 1d 7f d5 69 36 d3 4e 63 40 fa 3a 21 ee a4 |.....i6.Nc@.:!..| +00000290 c7 b4 09 bc 34 51 89 df d5 d2 79 51 34 32 04 03 |....4Q....yQ42..| +000002a0 00 8b 30 81 88 02 42 01 b4 69 6b 1c e6 35 99 81 |..0...B..ik..5..| +000002b0 fb aa cb b4 2d e9 e0 48 6a 6c 5e 14 54 77 b7 9d |....-..Hjl^.Tw..| +000002c0 df a3 c2 1b 53 8c d2 46 6d 2e ae 83 3a db 7c 86 |....S..Fm...:.|.| +000002d0 4a 45 c7 51 cd 30 d6 8c f5 4f ea 37 cb 1e 27 18 |JE.Q.0...O.7..'.| +000002e0 ba df d5 5f 11 ae 0e af 75 02 42 01 2b 37 2e 6d |..._....u.B.+7.m| +000002f0 7c 11 57 b7 b7 8b 90 73 cd e0 c9 38 3c ee aa d5 ||.W....s...8<...| +00000300 f2 cd ff b9 66 6a be 62 70 74 ee a4 f4 e3 fb 4f |....fj.bpt.....O| +00000310 ed 2e d5 a7 b5 a4 53 c8 1b 17 9e e9 48 e1 dd a6 |......S.....H...| +00000320 e8 6a 05 cf 73 b2 85 11 13 37 be e0 26 16 03 03 |.j..s....7..&...| +00000330 00 04 0e 00 00 00 |......| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 |.....@..........| -00000060 00 00 00 00 00 00 20 a3 f8 5a e2 ea f3 09 19 3e |...... ..Z.....>| -00000070 4a 54 69 70 06 5b 17 35 0f ed e7 30 3b 6f eb a1 |JTip.[.5...0;o..| -00000080 cb 9c 35 81 10 2e 34 f7 12 a5 e4 63 20 b2 65 31 |..5...4....c .e1| -00000090 19 da 30 43 39 59 |..0C9Y| +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 7f 83 b7 cd 14 66 fb c3 2a f9 9f |..........f..*..| +00000050 79 ec 40 e5 dd 15 46 f3 25 8d dd b2 8e d5 78 97 |y.@...F.%.....x.| +00000060 e5 d6 4e 1a 2e 35 21 b2 aa ac 28 6f 2c 36 a6 6e |..N..5!...(o,6.n| +00000070 44 92 84 1b b9 |D....| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 8d 4d 31 07 df |..........@.M1..| -00000010 ab 41 f5 19 9c 1a 57 fc 33 ab 5f e6 bd 45 b9 fa |.A....W.3._..E..| -00000020 7f db c0 df 72 f2 3b ef aa d4 5e 34 e6 3d 44 7c |....r.;...^4.=D|| -00000030 12 05 c7 57 da 54 b1 e3 66 f0 0a ab cd 15 a5 bf |...W.T..f.......| -00000040 c5 c2 07 a9 d9 a7 2e 5e 29 da da |.......^)..| +00000000 14 03 03 00 01 01 16 03 03 00 40 db ee f8 c1 0e |..........@.....| +00000010 7f 23 b4 cb e6 db 03 2a fb 68 40 78 85 03 9e dc |.#.....*.h@x....| +00000020 ac f8 f0 b5 65 8d 7c 01 4a ce 86 29 a9 c5 c3 b2 |....e.|.J..)....| +00000030 12 8d d1 58 af e7 21 75 e4 be f3 c0 03 55 f8 bb |...X..!u.....U..| +00000040 71 bd 85 ee 46 87 a0 32 75 ee 4c |q...F..2u.L| >>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 dc 03 7b 29 2c 49 64 58 2d dc f7 |.......{),IdX-..| -00000020 26 a1 3b ec 2d e8 30 c4 6c a3 ff e2 bc b5 a4 a6 |&.;.-.0.l.......| -00000030 93 ce 14 bd da 15 03 03 00 30 00 00 00 00 00 00 |.........0......| -00000040 00 00 00 00 00 00 00 00 00 00 a6 77 10 30 15 eb |...........w.0..| -00000050 ed cf 73 5b 74 5d 09 52 4a 5b e2 f0 e4 67 f8 7a |..s[t].RJ[...g.z| -00000060 5e 5e fc ba 7f 80 0a d2 f4 fb |^^........| +00000010 00 00 00 00 00 48 95 f8 a1 0e a7 d0 50 dd cf 8f |.....H......P...| +00000020 c4 af ec 49 89 bf 5d 8b a0 d0 60 7b 38 5a 83 e4 |...I..]...`{8Z..| +00000030 72 47 7f 81 bd 15 03 03 00 30 00 00 00 00 00 00 |rG.......0......| +00000040 00 00 00 00 00 00 00 00 00 00 48 06 f1 30 61 dd |..........H..0a.| +00000050 e2 97 aa 9c 5f a7 07 bb 44 a4 fb d6 6a 7c aa f5 |...._...D...j|..| +00000060 16 ae 38 1a 98 e5 f5 28 c2 57 |..8....(.W| diff --git a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM index fb5af17f..7214747d 100644 --- a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM +++ b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM @@ -1,18 +1,26 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 53 04 f1 02 48 |....Y...U..S...H| -00000010 03 36 01 05 56 6f f0 54 d2 c3 d3 41 c2 e2 69 7b |.6..Vo.T...A..i{| -00000020 50 f8 03 ef 3f 5d 7c e6 9c cb fe 20 82 a0 81 fd |P...?]|.... ....| -00000030 72 4b b8 e6 29 76 3b 0f 1d 0a b7 82 9d 0b cf a0 |rK..)v;.........| -00000040 65 b1 56 53 c9 d5 58 7b f0 b6 2d cf c0 2b 00 00 |e.VS..X{..-..+..| +00000000 16 03 03 00 59 02 00 00 55 03 03 c9 a1 8b 70 59 |....Y...U.....pY| +00000010 8b 88 41 56 b7 bc 9a 1f 50 57 46 7d 79 d8 ef b2 |..AV....PWF}y...| +00000020 15 3f ad ad bb 48 09 ce e1 c2 2c 20 84 43 65 e7 |.?...H...., .Ce.| +00000030 3f 2f d8 13 9a 79 ac 54 ee b9 13 a1 7c a7 05 f7 |?/...y.T....|...| +00000040 c8 b4 fc bd 20 40 17 ca 15 cd 91 1e c0 2b 00 00 |.... @.......+..| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -47,38 +55,34 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 d7 0c 00 00 d3 03 00 17 41 04 86 |*............A..| -00000280 36 b4 78 76 87 70 ed ae 0d 34 70 3d 16 e5 a4 db |6.xv.p...4p=....| -00000290 ae 28 58 4c 01 5a 56 73 a7 0d 34 59 a7 04 75 69 |.(XL.ZVs..4Y..ui| -000002a0 f2 55 24 40 b0 33 c6 93 ff ae e0 14 f5 4b ce a8 |.U$@.3.......K..| -000002b0 e2 e6 9a 67 1d 66 fb 8f fd 56 59 e7 73 f2 2c 04 |...g.f...VY.s.,.| -000002c0 03 00 8a 30 81 87 02 41 73 ab a8 3c 64 17 69 9f |...0...As...:.ZE.\.| +00000290 9f 47 51 4b 93 89 33 11 e0 63 86 fd b2 3b 04 03 |.GQK..3..c...;..| +000002a0 00 8b 30 81 88 02 42 01 c2 fa 7b f8 ed 6b a5 0f |..0...B...{..k..| +000002b0 33 87 02 35 5b 8e 5d 31 5e 92 df c2 90 ae 58 24 |3..5[.]1^.....X$| +000002c0 43 0f ba e3 b8 77 12 7a 97 c3 77 15 62 d3 f2 cc |C....w.z..w.b...| +000002d0 10 cd a9 be b6 b2 37 93 b1 ce 8b b2 6c fa 93 74 |......7.....l..t| +000002e0 5e 14 8e ba 9e d7 66 48 b8 02 42 01 8e 9a 10 1d |^.....fH..B.....| +000002f0 7d e0 d3 cf 0d d0 3c bc 34 1c 16 20 85 50 03 3f |}.....<.4.. .P.?| +00000300 e1 6d a3 a0 d4 6e d8 fd 7e df b4 c1 84 29 c3 68 |.m...n..~....).h| +00000310 c2 01 dd 77 fc 2c a5 8f 3b 74 c6 e4 32 20 b7 a0 |...w.,..;t..2 ..| +00000320 8c 1b 2d 93 6a 9c 8a ed 21 b5 9a e0 cb 16 03 03 |..-.j...!.......| +00000330 00 04 0e 00 00 00 |......| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 87 7a |.....(.........z| -00000060 82 d7 46 25 1d a6 bb c2 a8 a8 4e a5 d1 f8 02 db |..F%......N.....| -00000070 33 33 ca 78 b6 d3 bd 77 8a 33 23 a7 95 fb |33.x...w.3#...| +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 c2 14 2d |....(..........-| +00000040 fc d7 a2 cb 18 b9 2a ae 38 70 b7 78 7c 88 97 d3 |......*.8p.x|...| +00000050 ff 7f df 12 23 96 ab 4d 6c 5c 67 72 c4 |....#..Ml\gr.| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 28 ce a1 9d 01 c0 |..........(.....| -00000010 31 e5 d5 57 16 e1 a6 b3 8b 25 58 0f fa 2a de 3e |1..W.....%X..*.>| -00000020 0c d9 06 11 a6 b0 d7 b0 33 ad 31 73 5b 26 b4 d2 |........3.1s[&..| -00000030 12 56 c8 |.V.| +00000000 14 03 03 00 01 01 16 03 03 00 28 2a dd b3 5b c6 |..........(*..[.| +00000010 76 e7 c0 ac 8c 70 77 d6 d8 4e 79 4a 04 3d 91 a9 |v....pw..NyJ.=..| +00000020 ad 79 ef c9 22 78 17 9e ef b0 03 c8 e6 85 b7 8c |.y.."x..........| +00000030 e5 74 95 |.t.| >>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 d5 04 4c |...............L| -00000010 7b 35 b4 d7 90 ae fe 00 d2 f2 4b 76 f1 36 5e 24 |{5........Kv.6^$| -00000020 4a aa 94 15 03 03 00 1a 00 00 00 00 00 00 00 02 |J...............| -00000030 d3 1c 41 37 ab f6 17 79 f0 01 a4 19 a5 75 7a 8e |..A7...y.....uz.| -00000040 a3 b2 |..| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 84 b5 0f |................| +00000010 1f ed f9 4c 0d a1 f3 7b 8e 23 87 65 b1 39 98 50 |...L...{.#.e.9.P| +00000020 3d ff 1b 15 03 03 00 1a 00 00 00 00 00 00 00 02 |=...............| +00000030 aa 34 cc f1 4a d3 de 4c 42 bc 2c 0f 3e 71 af 6b |.4..J..LB.,.>q.k| +00000040 3c fc |<.| diff --git a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 new file mode 100644 index 00000000..96f6218a --- /dev/null +++ b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 @@ -0,0 +1,97 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 87 87 6f ce 44 |....Y...U....o.D| +00000010 94 5f 2f cc 94 03 50 68 a7 4f 37 70 8a d4 cf e3 |._/...Ph.O7p....| +00000020 23 7f 11 f5 93 c7 3f 96 87 49 45 20 9c d4 96 b2 |#.....?..IE ....| +00000030 dc 8c 16 c5 fb cc 2f 8e 0e a5 ef a3 ea cf 57 d0 |....../.......W.| +00000040 09 70 bd 16 c4 d9 e4 1b a0 40 f7 f3 c0 23 00 00 |.p.......@...#..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 3f a6 |*............ ?.| +00000280 d1 0d ae 8d c0 06 14 ca da 2c 69 1c f1 84 c4 dd |.........,i.....| +00000290 14 f4 0e a6 ce b5 d6 37 9d 9f a5 ba 7b 74 04 03 |.......7....{t..| +000002a0 00 8a 30 81 87 02 42 00 b5 2b 9a 32 9d af b9 cc |..0...B..+.2....| +000002b0 0d b6 f1 9b 87 35 af d7 dc 04 0f 1b 04 d7 fa 62 |.....5.........b| +000002c0 20 bd 2c 31 41 17 e7 c0 ea 22 78 e4 de 37 14 a8 | .,1A...."x..7..| +000002d0 f9 f3 f1 3e 0c 55 59 b3 e3 0e 31 26 ce d0 c1 19 |...>.UY...1&....| +000002e0 b8 17 07 2a 23 98 7b 17 0f 02 41 41 d5 51 80 4d |...*#.{...AA.Q.M| +000002f0 8a 14 56 b1 39 7b 8b 37 24 ef e0 ec 43 44 5a cc |..V.9{.7$...CDZ.| +00000300 9b ab dc 63 e7 cc 7b 29 c0 66 ae 9c 23 c5 1b 98 |...c..{).f..#...| +00000310 6e 35 64 97 12 43 16 73 a6 6b c8 09 2c 26 7c f5 |n5d..C.s.k..,&|.| +00000320 b1 1f 9f 55 04 9e 53 33 c1 89 7a d0 16 03 03 00 |...U..S3..z.....| +00000330 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........| +00000040 00 00 00 00 00 d3 72 3f 9d 37 ba 97 55 83 b4 f0 |......r?.7..U...| +00000050 ad 0b f0 48 98 16 05 f1 b5 6e da a4 79 e4 d9 8e |...H.....n..y...| +00000060 62 af b9 a1 d1 a4 5c 04 d2 b1 86 32 af 64 ac 89 |b.....\....2.d..| +00000070 d3 47 5f 61 ae f4 21 5b 8d 4b ff 74 c1 b8 9c de |.G_a..![.K.t....| +00000080 fd 74 a0 99 c1 |.t...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 09 3b 3e 7e 2e |..........P.;>~.| +00000010 d8 46 04 ac b0 3d c9 7e ec 28 8c bd 6c 0f a8 b5 |.F...=.~.(..l...| +00000020 af 8c 86 ed 64 81 6c d4 98 9e 56 2a 48 0d 03 40 |....d.l...V*H..@| +00000030 64 3e 25 58 6f 03 6a 4e be a2 11 6f 6f e7 2f c2 |d>%Xo.jN...oo./.| +00000040 8f 78 c4 11 a1 07 21 91 9d 34 01 08 39 0d 07 d2 |.x....!..4..9...| +00000050 d4 a2 cc 2f 25 ea ee 8d 8b 91 f9 |.../%......| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 1d 76 4c fb 46 f8 02 9a bc 07 8d |......vL.F......| +00000020 b0 52 40 44 58 da ad be 3c a6 d7 44 0f 59 98 f3 |.R@DX...<..D.Y..| +00000030 ae 5c d2 04 bb 07 ee f6 99 9d 2c 14 44 3b 90 bc |.\........,.D;..| +00000040 2b e9 bc 37 59 15 03 03 00 40 00 00 00 00 00 00 |+..7Y....@......| +00000050 00 00 00 00 00 00 00 00 00 00 c4 ef 97 87 35 a2 |..............5.| +00000060 2f cc c2 6f 3d d5 f5 6f fd 74 56 50 37 f8 10 e8 |/..o=..o.tVP7...| +00000070 36 f5 fb 6f 7b 5d 20 07 0d 2f 72 46 a7 3a e0 de |6..o{] ../rF.:..| +00000080 39 b3 76 0e 4f c0 e7 85 4b bb |9.v.O...K.| diff --git a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 new file mode 100644 index 00000000..90a1639e --- /dev/null +++ b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 @@ -0,0 +1,88 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 b8 16 bd ae 15 |....Y...U.......| +00000010 a3 33 52 cc 60 dc 6c fe 7c f3 82 b9 1e 13 ab 87 |.3R.`.l.|.......| +00000020 22 d8 c3 38 dc 8a 76 bb a0 a3 fd 20 8a d1 92 d1 |"..8..v.... ....| +00000030 d6 f3 76 e0 e2 76 32 95 32 a0 eb 5b dc e4 42 81 |..v..v2.2..[..B.| +00000040 14 bb 58 ab b8 e8 9d ee fa 32 58 05 c0 2c 00 00 |..X......2X..,..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 5c 9b |*............ \.| +00000280 9b 29 5c 83 36 b8 20 47 2b 04 0d 1b ab f5 f7 81 |.)\.6. G+.......| +00000290 aa 89 b4 93 37 aa 28 4e 44 e1 22 26 b6 46 04 03 |....7.(ND."&.F..| +000002a0 00 8a 30 81 87 02 42 01 2c 87 df 1f 07 86 36 c8 |..0...B.,.....6.| +000002b0 f6 aa 41 c1 8e 99 6e 12 08 5f e2 62 4b 3a 9b ad |..A...n.._.bK:..| +000002c0 e8 26 1c 95 f9 62 c6 f6 c7 e4 f7 db 3b 23 e5 4f |.&...b......;#.O| +000002d0 03 a1 c6 89 74 cb bd 2a 4e 47 3f 0f bf 28 bb 6d |....t..*NG?..(.m| +000002e0 c0 c6 53 4c 02 0b 9a 30 2d 02 41 0c 6f 26 a5 4c |..SL...0-.A.o&.L| +000002f0 b6 6c 8c ab 82 32 19 a0 f0 1b 41 2d 9d 1d 12 1b |.l...2....A-....| +00000300 91 62 6a 3d 17 92 79 f6 59 45 21 2f 6b d0 cb 7b |.bj=..y.YE!/k..{| +00000310 22 b3 79 80 90 90 81 97 06 c8 59 fd 8b 40 f9 ec |".y.......Y..@..| +00000320 80 58 db fc 5e a2 67 9a 96 01 53 d4 16 03 03 00 |.X..^.g...S.....| +00000330 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 17 be e6 |....(...........| +00000040 ba 39 2d 82 38 6e 09 2c 1c ef d5 1f ad 8e e0 47 |.9-.8n.,.......G| +00000050 2d bc 74 f8 3b ed 86 89 9e e9 a5 01 40 |-.t.;.......@| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 42 3b b0 5e 66 |..........(B;.^f| +00000010 3e ef a5 3d 49 64 42 34 b1 21 d6 43 d3 f6 f5 84 |>..=IdB4.!.C....| +00000020 21 96 b4 7b ed 73 b5 23 b6 40 cf 86 ab 71 59 58 |!..{.s.#.@...qYX| +00000030 3a bf 79 |:.y| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 8d 3c f7 |..............<.| +00000010 9e da 91 15 35 10 5f a4 29 32 3f 6a 8c 1d bc 13 |....5._.)2?j....| +00000020 8a 35 2b 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.5+.............| +00000030 1f b3 e3 e3 24 ac 7a a6 ee 81 e7 cc 9e 70 34 2c |....$.z......p4,| +00000040 d2 28 |.(| diff --git a/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 new file mode 100644 index 00000000..1b3c37be --- /dev/null +++ b/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 @@ -0,0 +1,84 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 d0 01 00 00 cc 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 08 cc a9 |................| +00000050 13 01 13 03 13 02 01 00 00 7b 00 05 00 05 01 00 |.........{......| +00000060 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 |................| +00000070 19 00 0b 00 02 01 00 00 0d 00 1a 00 18 08 04 04 |................| +00000080 03 08 07 08 05 08 06 04 01 05 01 06 01 05 03 06 |................| +00000090 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b |...............+| +000000a0 00 09 08 03 04 03 03 03 02 03 01 00 33 00 26 00 |............3.&.| +000000b0 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da |$... /.}.G.bC.(.| +000000c0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........| +000000d0 5f 58 cb 3b 74 |_X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 ea 73 50 31 e4 |....Y...U...sP1.| +00000010 7a c7 e2 05 23 a0 22 e3 1a cd 6d b5 0f e7 f2 5e |z...#."...m....^| +00000020 d6 cb 6c 70 05 04 a9 63 4a a3 fc 20 a2 c5 68 f2 |..lp...cJ.. ..h.| +00000030 9b 56 6e 83 66 c1 7f 85 02 b6 6d 37 12 0f 12 5a |.Vn.f.....m7...Z| +00000040 41 7e c3 c9 44 85 3c 00 50 6f c7 f9 cc a9 00 00 |A~..D.<.Po......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 a4 6a |*............ .j| +00000280 0d ab f2 7c 1a 31 2a 7d 51 b7 fe 69 cd 59 f5 c1 |...|.1*}Q..i.Y..| +00000290 10 94 a0 b2 6f 6f c4 48 48 9b 20 1e 46 2a 04 03 |....oo.HH. .F*..| +000002a0 00 8b 30 81 88 02 42 00 84 2a 96 88 a4 7a 86 7f |..0...B..*...z..| +000002b0 cf 86 20 37 17 de 54 0c c2 89 5e 27 f4 3b a4 ec |.. 7..T...^'.;..| +000002c0 ce 25 34 4e c7 a8 7d f5 56 6d 96 2c d0 53 ae 42 |.%4N..}.Vm.,.S.B| +000002d0 b5 87 a9 20 9c 4f c9 67 7e ca f6 fc 2f 61 72 35 |... .O.g~.../ar5| +000002e0 78 fe 54 32 1e a1 90 88 c2 02 42 01 a6 7b 98 de |x.T2......B..{..| +000002f0 fd 01 4b 4a 8f 1a e8 18 dd 07 bb 0b 38 41 7f 22 |..KJ........8A."| +00000300 62 3b 7e 37 67 b7 18 46 a7 32 43 1b c9 a9 8a a6 |b;~7g..F.2C.....| +00000310 d7 8a 2f 7b c5 14 f3 33 96 fe 0a fc 22 d0 a5 02 |../{...3...."...| +00000320 37 a5 31 5f b9 6b d2 3b f6 d0 d1 7b a1 16 03 03 |7.1_.k.;...{....| +00000330 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 f5 a0 28 0a 7e d4 8b a2 b6 e1 af |.... ..(.~......| +00000040 83 e2 50 e8 fc 7e f0 59 21 ed 3d 0d a8 ef a9 b1 |..P..~.Y!.=.....| +00000050 5a 13 2a 1b 2c |Z.*.,| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 44 15 68 4d e0 |.......... D.hM.| +00000010 3b 34 c5 77 b2 25 f2 e9 35 75 08 f5 a9 53 c9 65 |;4.w.%..5u...S.e| +00000020 19 36 49 fe 43 e4 f5 48 ac 7c d7 |.6I.C..H.|.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 f7 fd 2a 83 90 01 f3 d2 82 dc bd |.......*........| +00000010 6c 33 31 a3 92 0f a4 f5 9c fa f4 15 03 03 00 12 |l31.............| +00000020 9e 60 18 02 f1 0d 2f f5 5f 68 69 ae 62 93 04 6a |.`..../._hi.b..j| +00000030 41 f0 |A.| diff --git a/tls/testdata/Client-TLSv12-ECDHE-RSA-AES b/tls/testdata/Client-TLSv12-ECDHE-RSA-AES index 5336bbba..eff5b979 100644 --- a/tls/testdata/Client-TLSv12-ECDHE-RSA-AES +++ b/tls/testdata/Client-TLSv12-ECDHE-RSA-AES @@ -1,99 +1,97 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 53 04 f1 02 41 |....Y...U..S...A| -00000010 95 cc 56 30 65 46 24 75 d5 9e 3c a7 5b 6c 99 fe |..V0eF$u..<.[l..| -00000020 86 35 23 42 3a 8f 4d 4c b9 98 7d 20 a7 46 43 72 |.5#B:.ML..} .FCr| -00000030 66 bb b6 ad ff ad cf 63 37 fe 6b b4 78 94 08 49 |f......c7.k.x..I| -00000040 54 06 ed f4 85 73 38 4a c6 fe b6 98 c0 13 00 00 |T....s8J........| +00000000 16 03 03 00 59 02 00 00 55 03 03 f1 07 97 47 f7 |....Y...U.....G.| +00000010 b8 42 f5 ce 2b b5 ec 5a d3 74 f1 fa 1f ea ec 6d |.B..+..Z.t.....m| +00000020 49 4e cf 2e 47 8b 2e 80 9b 8a ed 20 89 ca 35 4a |IN..G...... ..5J| +00000030 f4 35 5e b7 ed b2 96 ad e1 66 1d 43 9d 07 ba ed |.5^......f.C....| +00000040 ff 9d 47 65 c8 7d 91 32 4b 88 4d 83 c0 13 00 00 |..Ge.}.2K.M.....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| -00000060 03 02 be 0b 00 02 ba 00 02 b7 00 02 b4 30 82 02 |.............0..| -00000070 b0 30 82 02 19 a0 03 02 01 02 02 09 00 85 b0 bb |.0..............| -00000080 a4 8a 7f b8 ca 30 0d 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| -00000090 01 05 05 00 30 45 31 0b 30 09 06 03 55 04 06 13 |....0E1.0...U...| -000000a0 02 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f |.AU1.0...U....So| -000000b0 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 |me-State1!0...U.| -000000c0 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 |...Internet Widg| -000000d0 69 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 |its Pty Ltd0...1| -000000e0 30 30 34 32 34 30 39 30 39 33 38 5a 17 0d 31 31 |00424090938Z..11| -000000f0 30 34 32 34 30 39 30 39 33 38 5a 30 45 31 0b 30 |0424090938Z0E1.0| -00000100 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| -00000110 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| -00000120 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| -00000130 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| -00000140 74 64 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 |td0..0...*.H....| -00000150 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 bb |........0.......| -00000160 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 2b 07 |y......F...i..+.| -00000170 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 65 4c |CZ..-.zC...R..eL| -00000180 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e 62 a5 |,x.#........;~b.| -00000190 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa 58 7b |,.3...\zV.....X{| -000001a0 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 9f 5a |&?......!.J..T.Z| -000001b0 bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d f1 04 |..Bq......~.}}..| -000001c0 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 01 cf |9....Q.|..L;2f..| -000001d0 af b1 1d b8 71 9a 1d db db 89 6b ae da 2d 79 02 |....q.....k..-y.| -000001e0 03 01 00 01 a3 81 a7 30 81 a4 30 1d 06 03 55 1d |.......0..0...U.| -000001f0 0e 04 16 04 14 b1 ad e2 85 5a cf cb 28 db 69 ce |.........Z..(.i.| -00000200 23 69 de d3 26 8e 18 88 39 30 75 06 03 55 1d 23 |#i..&...90u..U.#| -00000210 04 6e 30 6c 80 14 b1 ad e2 85 5a cf cb 28 db 69 |.n0l......Z..(.i| -00000220 ce 23 69 de d3 26 8e 18 88 39 a1 49 a4 47 30 45 |.#i..&...9.I.G0E| -00000230 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 |1.0...U....AU1.0| -00000240 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 |...U....Some-Sta| -00000250 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 |te1!0...U....Int| -00000260 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 |ernet Widgits Pt| -00000270 79 20 4c 74 64 82 09 00 85 b0 bb a4 8a 7f b8 ca |y Ltd...........| -00000280 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d |0...U....0....0.| -00000290 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 |..*.H...........| -000002a0 00 08 6c 45 24 c7 6b b1 59 ab 0c 52 cc f2 b0 14 |..lE$.k.Y..R....| -000002b0 d7 87 9d 7a 64 75 b5 5a 95 66 e4 c5 2b 8e ae 12 |...zdu.Z.f..+...| -000002c0 66 1f eb 4f 38 b3 6e 60 d3 92 fd f7 41 08 b5 25 |f..O8.n`....A..%| -000002d0 13 b1 18 7a 24 fb 30 1d ba ed 98 b9 17 ec e7 d7 |...z$.0.........| -000002e0 31 59 db 95 d3 1d 78 ea 50 56 5c d5 82 5a 2d 5a |1Y....x.PV\..Z-Z| -000002f0 5f 33 c4 b6 d8 c9 75 90 96 8c 0f 52 98 b5 cd 98 |_3....u....R....| -00000300 1f 89 20 5f f2 a0 1c a3 1b 96 94 dd a9 fd 57 e9 |.. _..........W.| -00000310 70 e8 26 6d 71 99 9b 26 6e 38 50 29 6c 90 a7 bd |p.&mq..&n8P)l...| -00000320 d9 16 03 03 00 cd 0c 00 00 c9 03 00 17 41 04 48 |.............A.H| -00000330 68 d8 8a 10 b4 bf eb 8d d1 98 b0 a6 f4 47 5d 91 |h............G].| -00000340 61 da 50 d9 85 7b 5d 90 02 2c 38 c9 af 81 d3 55 |a.P..{]..,8....U| -00000350 07 62 b1 62 58 7f 39 94 d7 91 96 a8 1f 47 60 a5 |.b.bX.9......G`.| -00000360 c0 04 f2 fb cb 15 75 a6 16 3f 94 53 7c ff dd 04 |......u..?.S|...| -00000370 01 00 80 b9 82 fa 0b f8 8c 94 2c 6e 05 81 7d 80 |..........,n..}.| -00000380 5d 9a 77 78 af c8 33 5d 89 7e 2e 3c e5 72 66 a8 |].wx..3].~.<.rf.| -00000390 f1 5c 02 04 02 70 76 7b 45 ff 0d 29 a0 cb 0d db |.\...pv{E..)....| -000003a0 7a 4c c4 13 19 cd 47 b2 f1 c9 43 4f 95 d2 f1 c6 |zL....G...CO....| -000003b0 bc ae 31 4a 9d de 80 b2 a4 b7 b6 dd 8c 03 3e 2a |..1J..........>*| -000003c0 46 5e d1 e7 5b c5 9e 06 58 f3 55 b2 77 09 f3 98 |F^..[...X.U.w...| -000003d0 d5 7f 5a 74 64 7e 48 22 8f 7d a8 68 b6 1d 90 df |..Ztd~H".}.h....| -000003e0 2c 91 d7 c5 07 3d d1 6f e9 c1 91 03 3c 23 5a 56 |,....=.o....<#ZV| -000003f0 3b b2 c2 16 03 03 00 04 0e 00 00 00 |;...........| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 78 22 92 20 a9 be 78 |........ x". ..x| +000002d0 12 0f e6 83 13 3d 13 91 16 11 ca 26 9f b7 37 d5 |.....=.....&..7.| +000002e0 f0 97 f9 f2 01 fd 08 4f 42 08 04 00 80 2c f1 4e |.......OB....,.N| +000002f0 79 63 f2 d9 54 1c 0c 56 fd 56 4d e0 37 ee 5d bb |yc..T..V.VM.7.].| +00000300 22 90 fd ee d9 0f e6 d9 85 41 b9 8d d6 76 5f 05 |"........A...v_.| +00000310 1b 8c d7 4e c5 e8 4e 69 b9 5d de 73 c0 ed 4f 3e |...N..Ni.].s..O>| +00000320 09 9d b0 10 d6 61 87 d8 f9 c2 5b 48 f9 ef dd 65 |.....a....[H...e| +00000330 e6 f8 b0 d2 71 f6 e9 ae b1 c0 ea 90 dc 33 c6 72 |....q........3.r| +00000340 3e 9f 31 d4 ae 78 23 54 7a 4f 02 69 72 c1 06 2f |>.1..x#TzO.ir../| +00000350 3f 3c 7b f2 d8 17 40 a6 95 6d 46 62 6b 54 f1 cf |?<{...@..mFbkT..| +00000360 60 08 63 89 f7 a5 2a 52 3b 0e 0c d6 34 16 03 03 |`.c...*R;...4...| +00000370 00 04 0e 00 00 00 |......| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| -00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| -00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| -00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| -00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| -00000050 01 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 |.....@..........| -00000060 00 00 00 00 00 00 59 e6 92 05 27 ec 09 2c b0 a5 |......Y...'..,..| -00000070 2a fb 7e f1 03 53 16 63 68 a1 86 13 bb da 98 27 |*.~..S.ch......'| -00000080 6d 42 08 35 6a ec 58 61 2a 4d 44 ec ae c5 b9 d2 |mB.5j.Xa*MD.....| -00000090 76 57 1f 75 9f 8d |vW.u..| +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 96 55 d3 bd a1 b6 de 93 68 19 ed |......U......h..| +00000050 4a 3a cc 42 7c c4 41 1e b5 37 65 d5 84 10 60 3d |J:.B|.A..7e...`=| +00000060 e9 57 29 28 79 54 da 6c 1b 36 6b b1 75 f4 bb 32 |.W)(yT.l.6k.u..2| +00000070 47 8d de c8 7d |G...}| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 6e 03 d0 e6 98 |..........@n....| -00000010 1f f5 39 7b 06 9f 95 f0 7a 88 35 7c 55 db c3 2f |..9{....z.5|U../| -00000020 00 ef 5b d3 62 87 a2 94 da 2f f6 4a 89 c9 a8 3d |..[.b..../.J...=| -00000030 3a 92 db 77 35 92 01 4b f5 c5 6b 95 09 9f cd 79 |:..w5..K..k....y| -00000040 3c af 37 5b 27 bf 93 3e 04 55 71 |<.7['..>.Uq| +00000000 14 03 03 00 01 01 16 03 03 00 40 db ed ec 54 4a |..........@...TJ| +00000010 20 d8 a7 ee 12 04 e2 e4 95 b4 a4 a7 e1 80 c8 40 | ..............@| +00000020 81 00 6d 3e 58 26 7c d4 26 84 86 ee b4 fc c5 50 |..m>X&|.&......P| +00000030 46 31 e7 4c 1e fd ed 10 7e 72 45 18 43 db 4c 0d |F1.L....~rE.C.L.| +00000040 b5 49 6c 31 04 f0 85 a7 f8 02 e1 |.Il1.......| >>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 bc c9 d0 8e 80 14 de 32 18 49 e8 |............2.I.| -00000020 20 dc 5e 6c e4 6d 14 00 df 51 71 fb 86 95 16 4c | .^l.m...Qq....L| -00000030 04 8e 71 e1 48 15 03 03 00 30 00 00 00 00 00 00 |..q.H....0......| -00000040 00 00 00 00 00 00 00 00 00 00 b7 6d 30 72 61 53 |...........m0raS| -00000050 d8 0a d4 1d ae e5 d4 22 46 c9 d5 4e 4a 86 f5 ac |......."F..NJ...| -00000060 72 98 c6 db 38 29 97 2c 84 0b |r...8).,..| +00000010 00 00 00 00 00 90 f7 06 a7 05 8d de 51 21 88 95 |............Q!..| +00000020 47 61 fb 8d a9 c9 6d 59 ca 92 8d 07 8b 9d 82 4e |Ga....mY.......N| +00000030 fd e9 ae 3d b0 15 03 03 00 30 00 00 00 00 00 00 |...=.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 12 77 0c 5f 12 4b |...........w._.K| +00000050 96 ab 64 58 6e f5 82 09 6c 18 ae 1f a2 fb 0a 3b |..dXn...l......;| +00000060 71 17 25 8b c8 72 d0 13 fb e8 |q.%..r....| diff --git a/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 new file mode 100644 index 00000000..4f8f49eb --- /dev/null +++ b/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 @@ -0,0 +1,101 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 9e d4 c1 3e c6 |....Y...U.....>.| +00000010 3d 44 eb a7 b8 c5 c8 e0 ab 16 06 83 67 5e b2 d6 |=D..........g^..| +00000020 67 50 4b f3 24 17 97 19 76 7e 71 20 5a 2b dc 15 |gPK.$...v~q Z+..| +00000030 87 37 be bb c7 9c 38 cd 3e 55 4e 33 32 a0 01 1b |.7....8.>UN32...| +00000040 79 13 87 6a 19 09 42 4c fb 59 97 a8 c0 27 00 00 |y..j..BL.Y...'..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 57 62 97 e9 c8 c6 17 |........ Wb.....| +000002d0 73 d2 9e 31 a6 f8 be 03 65 86 af 6b e2 64 bf 7c |s..1....e..k.d.|| +000002e0 4a f1 b9 fb 84 21 10 76 66 08 04 00 80 2d 08 24 |J....!.vf....-.$| +000002f0 06 2a a3 c5 28 c4 22 5b fe 79 4f 91 56 9e 40 6f |.*..(."[.yO.V.@o| +00000300 e6 0c e8 70 e0 35 9e 55 91 51 86 ec ad ff 6b 3f |...p.5.U.Q....k?| +00000310 a7 19 fa 6f 74 47 8a 86 04 b5 8a f0 0a d5 e5 5f |...otG........._| +00000320 ea 30 cc 79 77 3d ac 99 da 41 7f 25 3b da cd da |.0.yw=...A.%;...| +00000330 aa 4e 2a 54 b5 d3 13 4f e4 e9 cb 76 86 fb 0b b5 |.N*T...O...v....| +00000340 0d a3 be ab d2 e6 6e f6 77 7c 60 a7 50 56 43 60 |......n.w|`.PVC`| +00000350 95 ba 95 c4 b5 1a 8d 6a f7 a5 9f 03 27 93 9f 23 |.......j....'..#| +00000360 44 27 88 f0 d5 51 0f ba 43 84 5c 02 14 16 03 03 |D'...Q..C.\.....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........| +00000040 00 00 00 00 00 02 19 fd 3e 06 0d 12 0d 03 42 da |........>.....B.| +00000050 76 6f e2 e3 96 eb 42 d9 96 b7 0b ae d6 a0 06 fa |vo....B.........| +00000060 57 4e ff 62 85 dd 3f ab 63 f9 73 87 8d 71 6a c6 |WN.b..?.c.s..qj.| +00000070 f4 ef ce f5 55 5b d2 1f b5 33 fd 12 32 bd 5e 1e |....U[...3..2.^.| +00000080 d5 32 91 9a ae |.2...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 77 80 95 42 a3 |..........Pw..B.| +00000010 2b 1c 16 0f 3b f4 78 2a bd ab 6e d1 33 1e 0e a5 |+...;.x*..n.3...| +00000020 c7 f4 e9 92 82 00 da 44 0f b6 4e f9 1f ef 67 3b |.......D..N...g;| +00000030 de 5c dc 93 07 68 99 1a 70 7f 92 a7 d7 da f3 60 |.\...h..p......`| +00000040 cf d5 f1 f0 5e 75 68 a1 0b 32 eb d2 96 de e6 34 |....^uh..2.....4| +00000050 c3 e3 26 43 1f a2 8d e7 1b fc 76 |..&C......v| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 f8 35 11 b8 23 cf d9 ec a7 d3 b9 |......5..#......| +00000020 60 1e 34 01 20 49 73 ec 72 78 58 24 3b fc a8 42 |`.4. Is.rxX$;..B| +00000030 b2 a9 69 69 40 65 5a c2 8b 9f 0b 0e 70 ab ac 22 |..ii@eZ.....p.."| +00000040 1a ac d6 04 06 15 03 03 00 40 00 00 00 00 00 00 |.........@......| +00000050 00 00 00 00 00 00 00 00 00 00 fe ed 19 a0 84 06 |................| +00000060 8b f0 e8 4e 30 7a 3c 89 a0 a8 59 74 a5 92 73 f3 |...N0z<...Yt..s.| +00000070 df 1b f0 c6 5a 95 d5 1c b6 57 4a 1b 8f 24 59 87 |....Z....WJ..$Y.| +00000080 b4 2b 7f 6f 89 03 e8 6d e5 d9 |.+.o...m..| diff --git a/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 new file mode 100644 index 00000000..38fb4a0b --- /dev/null +++ b/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 @@ -0,0 +1,88 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 d0 01 00 00 cc 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 08 cc a8 |................| +00000050 13 01 13 03 13 02 01 00 00 7b 00 05 00 05 01 00 |.........{......| +00000060 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 |................| +00000070 19 00 0b 00 02 01 00 00 0d 00 1a 00 18 08 04 04 |................| +00000080 03 08 07 08 05 08 06 04 01 05 01 06 01 05 03 06 |................| +00000090 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b |...............+| +000000a0 00 09 08 03 04 03 03 03 02 03 01 00 33 00 26 00 |............3.&.| +000000b0 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da |$... /.}.G.bC.(.| +000000c0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........| +000000d0 5f 58 cb 3b 74 |_X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 4e fb dc 04 6f |....Y...U..N...o| +00000010 5a 52 37 a3 55 58 26 e5 cd a0 67 4c 0f 87 1a 3a |ZR7.UX&...gL...:| +00000020 f6 84 33 2f 2e 52 d0 48 7c 5b 64 20 6e d0 bc ca |..3/.R.H|[d n...| +00000030 c9 a5 87 8d 99 c5 ec 85 84 89 f0 22 ab 63 55 f4 |...........".cU.| +00000040 70 d7 02 93 b5 fe d7 38 fb c1 b2 da cc a8 00 00 |p......8........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 fc 4b 92 ab d2 cb 4f |........ .K....O| +000002d0 61 aa 86 12 1a 1d 75 be 31 dd b8 ee 6c a6 db bd |a.....u.1...l...| +000002e0 0b ea b2 d5 27 49 42 eb 5a 08 04 00 80 02 ad 71 |....'IB.Z......q| +000002f0 e2 e8 f6 44 3c a6 18 6f 76 ee 9a eb 0e d9 ff cb |...D<..ov.......| +00000300 6d 1e 64 dd 29 1d 8c c8 f6 14 40 c0 12 46 74 4c |m.d.).....@..FtL| +00000310 41 2d 71 5f 9c b7 86 0b fc 66 1e 14 cb 26 d0 d7 |A-q_.....f...&..| +00000320 21 b4 bd c2 04 38 77 90 6a f0 01 18 bd 1c 17 45 |!....8w.j......E| +00000330 7e 38 46 4c 2e 97 ba 11 01 1f 20 cc df f2 6b 5b |~8FL...... ...k[| +00000340 a7 29 c0 52 52 9c 2f 23 bd 1c 72 c2 f2 99 d1 dc |.).RR./#..r.....| +00000350 6a 6c ac 8e 87 8a 00 74 47 2e 99 8d 3f 79 04 60 |jl.....tG...?y.`| +00000360 5e dc ba 86 1c f4 f9 03 22 38 96 a7 b3 16 03 03 |^......."8......| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 0a 17 ee 70 8c 50 24 7c 00 b9 6f |.... ...p.P$|..o| +00000040 82 71 ed 2b 8c 0b 4b ff bb 38 bc 12 7e 0c a5 3e |.q.+..K..8..~..>| +00000050 71 a2 ad f8 52 |q...R| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 e9 87 55 12 a8 |.......... ..U..| +00000010 ad 68 42 0c 60 12 be 2f 2c e5 00 2d 01 cf 86 a2 |.hB.`../,..-....| +00000020 1b 06 b3 86 bf 88 48 73 7a d3 cc |......Hsz..| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 96 75 4c c6 ba b1 ad ae 2f 44 9d |......uL...../D.| +00000010 10 c3 ef e5 dc fb 0a 3e af 6b 6a 15 03 03 00 12 |.......>.kj.....| +00000020 30 13 8f e5 a1 0f 38 67 b9 53 4e 6a 66 ec ee 45 |0.....8g.SNjf..E| +00000030 c2 b2 |..| diff --git a/tls/testdata/Client-TLSv12-Ed25519 b/tls/testdata/Client-TLSv12-Ed25519 new file mode 100644 index 00000000..35513adb --- /dev/null +++ b/tls/testdata/Client-TLSv12-Ed25519 @@ -0,0 +1,68 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 66 49 2a a6 a4 |....Y...U..fI*..| +00000010 75 60 58 bb 5f 5e 82 cd e5 c0 9f 6d a4 fd 39 3b |u`X._^.....m..9;| +00000020 d9 17 80 14 89 ea 51 c1 b0 43 d6 20 b2 6b 72 81 |......Q..C. .kr.| +00000030 f6 63 20 22 e2 b6 d2 61 aa 87 b6 67 ae 56 78 44 |.c "...a...g.VxD| +00000040 5d 10 8c cf ea 32 cf 9e 92 e5 59 70 cc a9 00 00 |]....2....Yp....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 01 3c 0b 00 01 38 00 01 35 00 01 32 30 82 01 |..<...8..5..20..| +00000070 2e 30 81 e1 a0 03 02 01 02 02 10 0f 43 1c 42 57 |.0..........C.BW| +00000080 93 94 1d e9 87 e4 f1 ad 15 00 5d 30 05 06 03 2b |..........]0...+| +00000090 65 70 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 |ep0.1.0...U....A| +000000a0 63 6d 65 20 43 6f 30 1e 17 0d 31 39 30 35 31 36 |cme Co0...190516| +000000b0 32 31 33 38 30 31 5a 17 0d 32 30 30 35 31 35 32 |213801Z..2005152| +000000c0 31 33 38 30 31 5a 30 12 31 10 30 0e 06 03 55 04 |13801Z0.1.0...U.| +000000d0 0a 13 07 41 63 6d 65 20 43 6f 30 2a 30 05 06 03 |...Acme Co0*0...| +000000e0 2b 65 70 03 21 00 3f e2 15 2e e6 e3 ef 3f 4e 85 |+ep.!.?......?N.| +000000f0 4a 75 77 a3 64 9e ed e0 bf 84 2c cc 92 26 8f fa |Juw.d.....,..&..| +00000100 6f 34 83 aa ec 8f a3 4d 30 4b 30 0e 06 03 55 1d |o4.....M0K0...U.| +00000110 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d |..........0...U.| +00000120 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 |%..0...+.......0| +00000130 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 16 06 |...U.......0.0..| +00000140 03 55 1d 11 04 0f 30 0d 82 0b 65 78 61 6d 70 6c |.U....0...exampl| +00000150 65 2e 63 6f 6d 30 05 06 03 2b 65 70 03 41 00 63 |e.com0...+ep.A.c| +00000160 44 ed 9c c4 be 53 24 53 9f d2 10 8d 9f e8 21 08 |D....S$S......!.| +00000170 90 95 39 e5 0d c1 55 ff 2c 16 b7 1d fc ab 7d 4d |..9...U.,.....}M| +00000180 d4 e0 93 13 d0 a9 42 e0 b6 6b fe 5d 67 48 d7 9f |......B..k.]gH..| +00000190 50 bc 6c cd 4b 03 83 7c f2 08 58 cd ac cf 0c 16 |P.l.K..|..X.....| +000001a0 03 03 00 6c 0c 00 00 68 03 00 1d 20 c4 8c b8 a2 |...l...h... ....| +000001b0 32 92 b8 22 1f 4c f1 96 00 64 35 47 4e f8 3d 08 |2..".L...d5GN.=.| +000001c0 83 12 fe 95 a8 e4 8e c9 30 27 5c 39 08 07 00 40 |........0'\9...@| +000001d0 7f 90 cf e0 87 69 e3 50 e6 fa 5e 28 a1 0f 79 0a |.....i.P..^(..y.| +000001e0 6e cf f4 87 e8 2f 55 b2 dd cb 5e 8f 9a 14 bd c2 |n..../U...^.....| +000001f0 2b 2b 2d ed 72 40 23 5d 6d f4 89 3a ff 09 82 ec |++-.r@#]m..:....| +00000200 b6 4b 27 9a 08 ea e9 73 94 b4 31 1f e1 39 86 0e |.K'....s..1..9..| +00000210 16 03 03 00 04 0e 00 00 00 |.........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 8f 97 36 bd 59 ef 8e 2f 11 28 b0 |.... ..6.Y../.(.| +00000040 d7 20 79 bf 04 07 45 f9 89 de b0 c7 55 1a ad 80 |. y...E.....U...| +00000050 0f 8c ef 1d c6 |.....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 47 6c 1f 86 47 |.......... Gl..G| +00000010 72 03 94 e0 43 f8 e5 ca 03 7d f5 d5 dd 70 05 f5 |r...C....}...p..| +00000020 98 5d 51 b4 11 49 71 7a fd 37 9a |.]Q..Iqz.7.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 b7 a2 f5 8e 7c d3 7d 61 af 29 1c |.........|.}a.).| +00000010 77 0c 8d b4 5b d3 be 77 a6 a5 99 15 03 03 00 12 |w...[..w........| +00000020 d8 23 dc a8 99 fe 1c 6e f2 2f 41 8e df 40 11 4f |.#.....n./A..@.O| +00000030 6b 92 |k.| diff --git a/tls/testdata/Client-TLSv12-ExportKeyingMaterial b/tls/testdata/Client-TLSv12-ExportKeyingMaterial new file mode 100644 index 00000000..c900aa6d --- /dev/null +++ b/tls/testdata/Client-TLSv12-ExportKeyingMaterial @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 7c c1 7b 30 03 |....Y...U..|.{0.| +00000010 3c d7 63 5f 47 1c b1 13 56 56 b4 fd 55 e2 27 3e |<.c_G...VV..U.'>| +00000020 39 bb ce 9b 5b 2c 1e 17 33 e1 da 20 65 8b 26 42 |9...[,..3.. e.&B| +00000030 a4 38 29 c7 9a 25 13 fc 1d 69 cb 10 63 c6 26 fc |.8)..%...i..c.&.| +00000040 f4 46 64 31 28 06 b3 a5 a4 c2 f6 5a cc a8 00 00 |.Fd1(......Z....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 f7 a2 97 2f 50 e4 e2 |........ .../P..| +000002d0 fa ef 80 67 78 1c aa 6c 03 aa 05 3b 6f 98 97 11 |...gx..l...;o...| +000002e0 7e 55 3d 50 f3 a9 9b 21 65 08 04 00 80 34 4a 4b |~U=P...!e....4JK| +000002f0 4b 6e 86 01 1b 6b 8e 3e 84 01 75 b8 05 c3 b2 52 |Kn...k.>..u....R| +00000300 16 ee ac 61 83 dd 09 32 d5 55 6a 5d d6 6b 4a 1a |...a...2.Uj].kJ.| +00000310 2b f7 09 33 6f 3d 4f c1 e3 aa 03 27 fe af cd 6d |+..3o=O....'...m| +00000320 b8 76 00 02 42 98 e6 f6 b7 ed fb 35 35 29 23 b1 |.v..B......55)#.| +00000330 4d 48 0a ba a1 1b e3 8e a2 cb 80 11 ec 92 20 df |MH............ .| +00000340 1f a4 5e 5d 70 85 8e 5d 85 62 81 1f b3 3a 0d 8d |..^]p..].b...:..| +00000350 9a 07 d3 99 a5 3c 6c c2 52 08 f0 be 50 ed d2 4d |.....>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 30 8b ea ef 6c 35 97 5b 26 5f ef |.... 0...l5.[&_.| +00000040 bc 28 fd e9 23 73 bb b3 ae 41 0c be 5f 83 a5 f7 |.(..#s...A.._...| +00000050 96 07 8d 81 67 |....g| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 29 fa a8 de f2 |.......... )....| +00000010 8f 94 16 fc be 84 93 e9 34 98 c2 44 08 9b 2e 37 |........4..D...7| +00000020 1f 41 61 53 fa 9c 23 ff d8 6d c3 |.AaS..#..m.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 ab 6d 32 1c 16 cc 29 b1 21 4c b1 |......m2...).!L.| +00000010 74 4c 50 e3 1f c5 f1 05 6a 8a 92 15 03 03 00 12 |tLP.....j.......| +00000020 18 88 3d 23 81 d7 ba c5 1e 9a c4 3a 1b c8 cd 5b |..=#.......:...[| +00000030 c5 fa |..| diff --git a/tls/testdata/Client-TLSv12-P256-ECDHE b/tls/testdata/Client-TLSv12-P256-ECDHE new file mode 100644 index 00000000..d75b670e --- /dev/null +++ b/tls/testdata/Client-TLSv12-P256-ECDHE @@ -0,0 +1,98 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 15 01 00 01 11 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 96 00 05 00 05 01 00 00 00 00 00 0a 00 |................| +00000090 04 00 02 00 17 00 0b 00 02 01 00 00 0d 00 1a 00 |................| +000000a0 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 06 |................| +000000b0 01 05 03 06 03 02 01 02 03 ff 01 00 01 00 00 12 |................| +000000c0 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 |...+............| +000000d0 33 00 47 00 45 00 17 00 41 04 1e 18 37 ef 0d 19 |3.G.E...A...7...| +000000e0 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 |Q.5uq..T[....g..| +000000f0 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 |$ >.V...(^.+-O..| +00000100 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 |..lK[.V.2B.X..I.| +00000110 b5 68 1a 41 03 56 6b dc 5a 89 |.h.A.Vk.Z.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 b8 7d f5 69 c3 |....Y...U...}.i.| +00000010 6a ca 8b df f3 30 2c 39 47 2e 74 2e 4f 89 4c 1e |j....0,9G.t.O.L.| +00000020 f0 eb 10 0e 06 1d 2c 4e de 2e 8f 20 6c a0 5b 66 |......,N... l.[f| +00000030 fc a6 05 df 29 6b ce 72 92 e7 d7 78 f5 46 38 f9 |....)k.r...x.F8.| +00000040 91 1c 9a 08 4c b1 9a 41 e5 0c d2 cd c0 2f 00 00 |....L..A...../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 cd 0c 00 00 c9 03 00 17 41 04 3e 87 67 8b 87 08 |........A.>.g...| +000002d0 fe 4e 4c c3 6b 42 4b 97 ad f4 1c 83 35 72 db 4f |.NL.kBK.....5r.O| +000002e0 39 83 ea 14 69 bb 8c 87 58 c5 a4 a8 8c d7 9d af |9...i...X.......| +000002f0 7a 5e 58 59 31 4d f2 01 4a 23 51 24 1b 04 0c e3 |z^XY1M..J#Q$....| +00000300 94 9e 1b 6c ad aa 83 fd 2d 36 08 04 00 80 ab e9 |...l....-6......| +00000310 ff 6d 7a cd 3b a7 da ff d5 bd 27 49 68 53 f5 45 |.mz.;.....'IhS.E| +00000320 c3 dd 5b a2 99 fb 8f 24 37 49 d3 08 87 d1 06 98 |..[....$7I......| +00000330 39 72 25 78 b3 05 fb a2 c9 ac f9 c8 f7 fc ea 8a |9r%x............| +00000340 98 ce 78 83 64 f6 e0 c7 44 62 af a7 d5 26 df f1 |..x.d...Db...&..| +00000350 2c cc ce 11 8b 03 4a e1 81 54 3f e1 6e 52 c9 1a |,.....J..T?.nR..| +00000360 d8 95 52 e0 3f a5 e3 c8 12 9a c7 57 5d 46 7a ce |..R.?......W]Fz.| +00000370 56 8a 90 0f 0d 1b ba 58 cf 1c a3 4b 39 5a 08 ee |V......X...K9Z..| +00000380 8a 61 bb 0f 7d f7 0e f2 1f 73 e0 c8 6f 54 16 03 |.a..}....s..oT..| +00000390 03 00 04 0e 00 00 00 |.......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| +00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| +00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| +00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| +00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| +00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 b8 16 |.....(..........| +00000060 ce 7d df 64 13 07 9e d8 37 bb 3f 9c 9e 2b 3c 0e |.}.d....7.?..+<.| +00000070 26 a7 9d 32 e5 44 b8 d6 66 bc 05 7b 27 7a |&..2.D..f..{'z| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 c0 73 5c 27 1b |..........(.s\'.| +00000010 19 d0 66 68 ea c5 ad 7d a8 03 37 d2 9a ff 00 c4 |..fh...}..7.....| +00000020 70 65 98 3b 88 59 c0 ca e3 c0 d6 32 0e 8d 15 3c |pe.;.Y.....2...<| +00000030 e2 c3 f3 |...| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 28 ef 47 |.............(.G| +00000010 ad 7f 40 4b 34 78 f3 1e 01 a7 f4 20 0a d5 c1 41 |..@K4x..... ...A| +00000020 f7 be 41 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..A.............| +00000030 fb fc eb 14 f2 a6 e7 2e 80 d6 93 31 25 01 e9 d2 |...........1%...| +00000040 c3 ae |..| diff --git a/tls/testdata/Client-TLSv12-RSA-RC4 b/tls/testdata/Client-TLSv12-RSA-RC4 index 0377f052..ab2c4eb1 100644 --- a/tls/testdata/Client-TLSv12-RSA-RC4 +++ b/tls/testdata/Client-TLSv12-RSA-RC4 @@ -1,83 +1,84 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 75 01 00 00 71 03 03 00 00 00 00 00 |....u...q.......| +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c0 2f |.............../| -00000030 c0 2b c0 11 c0 07 c0 13 c0 09 c0 14 c0 0a 00 05 |.+..............| -00000040 00 2f 00 35 c0 12 00 0a 01 00 00 2e 00 05 00 05 |./.5............| -00000050 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 18 00 |................| -00000060 19 00 0b 00 02 01 00 00 0d 00 0a 00 08 04 01 04 |................| -00000070 03 02 01 02 03 ff 01 00 01 00 |..........| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 51 02 00 00 4d 03 03 53 04 f1 02 9d |....Q...M..S....| -00000010 2e 4e d9 17 4a 35 fa 9d 94 f6 45 0a f6 6b 5d 1c |.N..J5....E..k].| -00000020 1e 15 19 8d 6d 94 cc 90 d9 39 94 20 8b 4b de 76 |....m....9. .K.v| -00000030 d5 64 5d b7 19 df e7 eb 7e a0 22 c4 09 38 a0 12 |.d].....~."..8..| -00000040 d5 59 10 c8 31 06 dc fc e4 9d d1 80 00 05 00 00 |.Y..1...........| -00000050 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000080 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000090 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000a0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000b0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000c0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000d0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000e0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000f0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -00000100 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000110 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000120 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000130 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000140 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000150 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000160 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000170 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000180 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000190 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -000001a0 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -000001b0 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001c0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001d0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001e0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001f0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -00000200 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -00000210 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000220 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000230 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000240 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000250 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000260 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000270 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000280 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000290 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -000002a0 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -000002b0 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002c0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002d0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002e0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002f0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -00000300 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -00000310 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........| -00000320 00 00 |..| +00000000 16 03 03 00 51 02 00 00 4d 03 03 34 50 1f 52 15 |....Q...M..4P.R.| +00000010 85 c7 85 2c 4d a9 b2 0c 49 e5 a3 ea 57 21 96 39 |...,M...I...W!.9| +00000020 db c9 97 b6 c4 d0 81 9a 39 a3 e8 20 59 f5 b9 db |........9.. Y...| +00000030 58 2e ef 1c b3 85 96 27 6a 23 71 3f 5c 72 ce cf |X......'j#q?\r..| +00000040 c5 b7 fe 05 00 f4 65 06 54 c1 2e 7c 00 05 00 00 |......e.T..|....| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 6d 51 f3 7f f9 |...........mQ...| -00000010 3e fb 75 82 41 36 83 e8 6a ee 2a 2e 25 90 67 4c |>.u.A6..j.*.%.gL| -00000020 8e 62 2f 30 81 17 e0 85 09 0c 2b b7 23 d7 b0 e2 |.b/0......+.#...| -00000030 1d f7 3b d7 f5 a1 27 b6 ee 24 b6 1b cc 5b ea 66 |..;...'..$...[.f| -00000040 0d 6a f4 e5 85 f9 da 43 b4 0e 86 85 e1 f5 aa be |.j.....C........| -00000050 c8 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce |..9L.....K.../..| -00000060 e6 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 |..w.o#......:..V| -00000070 f1 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 |..T^F..;3..(....| -00000080 35 d4 1c 43 d1 30 6f 55 4e 0a 70 14 03 03 00 01 |5..C.0oUN.p.....| -00000090 01 16 03 03 00 24 37 14 b2 97 7b b5 f0 9a 38 05 |.....$7...{...8.| -000000a0 22 35 69 9c 95 2f 86 4b 37 98 22 db 4e 9a 46 9c |"5i../.K7.".N.F.| -000000b0 b9 81 74 72 58 18 53 0c 5c 3c |..trX.S.\<| +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 24 ab 48 84 ae 77 f9 8b 82 44 52 |.....$.H..w...DR| +000000a0 3e 65 94 27 cc f2 08 a7 f2 e5 21 0c 02 d0 89 ac |>e.'......!.....| +000000b0 50 be 69 57 c9 7c a0 f2 7f 6d |P.iW.|...m| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 3c b3 e7 77 5a |..........$<..wZ| -00000010 7c 36 5a 74 74 26 8d 5b 5a 09 96 60 e8 24 45 2f ||6Ztt&.[Z..`.$E/| -00000020 c2 39 14 5e db 58 12 49 ad a8 b6 ea ef 58 16 |.9.^.X.I.....X.| +00000000 14 03 03 00 01 01 16 03 03 00 24 61 94 21 65 0f |..........$a.!e.| +00000010 10 ba 0c a6 d9 e3 08 54 86 ae f9 64 c7 e7 f4 4b |.......T...d...K| +00000020 aa f5 19 ca 2a 0d 50 88 85 42 32 14 04 29 d9 |....*.P..B2..).| >>> Flow 5 (client to server) -00000000 17 03 03 00 1a 6d 29 d7 ba 2f 85 02 b6 f0 82 64 |.....m)../.....d| -00000010 6c 55 ae ab f6 fd 14 ff b8 38 f0 f8 a6 ea cc 15 |lU.......8......| -00000020 03 03 00 16 10 c5 d9 41 7b e2 89 67 dc 29 8e f8 |.......A{..g.)..| -00000030 b5 ab 32 91 44 2c 27 84 49 f7 |..2.D,'.I.| +00000000 17 03 03 00 1a cb 1d 43 67 de 7a 20 c7 ed 46 99 |.......Cg.z ..F.| +00000010 86 1f b9 61 9f c6 34 9a 07 37 3c 94 45 b4 40 15 |...a..4..7<.E.@.| +00000020 03 03 00 16 4e ac d3 12 23 b4 33 bc 5b 03 91 7e |....N...#.3.[..~| +00000030 d9 d0 7f d7 48 3e 8c 16 16 ec |....H>....| diff --git a/tls/testdata/Client-TLSv12-RenegotiateOnce b/tls/testdata/Client-TLSv12-RenegotiateOnce new file mode 100644 index 00000000..48a99eda --- /dev/null +++ b/tls/testdata/Client-TLSv12-RenegotiateOnce @@ -0,0 +1,244 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 f1 d8 72 0c 79 |....Y...U....r.y| +00000010 e2 ca 92 11 1c 30 cc 45 00 9b ea 3d a3 ed 23 d5 |.....0.E...=..#.| +00000020 22 f0 da 9c 03 32 7b c3 13 d3 df 20 8f 7a 61 43 |"....2{.... .zaC| +00000030 cb 72 46 5e c1 39 78 42 32 97 cc 2b 90 2e 53 59 |.rF^.9xB2..+..SY| +00000040 31 38 ec 7b 2b 8a f3 80 e0 03 f0 0e cc a8 00 00 |18.{+...........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 96 cb 1d cd f6 2f ff |........ ...../.| +000002d0 fe 32 ef d6 18 a2 6b 57 66 cd 3d 50 42 56 dc a4 |.2....kWf.=PBV..| +000002e0 5f fe e4 91 ce d1 17 34 3c 08 04 00 80 b1 47 de |_......4<.....G.| +000002f0 b3 19 b0 fd 02 35 eb 3c a1 04 d3 6b 53 84 20 c7 |.....5.<...kS. .| +00000300 08 4b 96 12 23 ae bf ca a8 83 1d 90 16 ae d3 7c |.K..#..........|| +00000310 fa 1b b4 f0 bb bb 4e 3f 70 13 2f 40 6c d4 76 61 |......N?p./@l.va| +00000320 5b 23 85 3f e7 37 ef e1 55 47 8d 01 e1 24 22 7f |[#.?.7..UG...$".| +00000330 a4 2c 6f 97 47 5f d6 69 bf b4 db 4b b8 a1 ad 66 |.,o.G_.i...K...f| +00000340 5f d5 5d b6 06 ac 93 ed d7 06 cb b5 a4 d4 4b a7 |_.]...........K.| +00000350 7b de f7 73 60 af ad 23 f4 6a f1 bf 2a ee 5b 4e |{..s`..#.j..*.[N| +00000360 83 94 d7 95 3b e5 5e a5 3d 1a 0a 7a 9e 16 03 03 |....;.^.=..z....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 f2 6f 2e 79 5c db 90 b8 2e cf 59 |.... .o.y\.....Y| +00000040 0a 56 69 86 f1 71 0c ff a9 7c 0b a0 e7 c9 8d 17 |.Vi..q...|......| +00000050 65 ad a5 6c 82 |e..l.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 d5 90 08 84 71 |.......... ....q| +00000010 bc 09 48 be ad 59 11 76 c6 39 bb 94 8c 60 80 29 |..H..Y.v.9...`.)| +00000020 44 1a 0d fe 5c 00 4c bc 47 3c 1e |D...\.L.G<.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 42 cd 1c e5 91 35 b0 c1 4d df e4 |.....B....5..M..| +00000010 b0 ca f3 8a 7a 41 85 31 7a 7d 59 |....zA.1z}Y| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 3b 0f 40 64 9f ff 8f b9 85 18 af |.....;.@d.......| +00000010 b4 bc e7 33 8a 9b 03 de ed |...3.....| +>>> Flow 7 (client to server) +00000000 16 03 03 01 16 17 a7 61 5b 22 97 6e eb dd 43 84 |.......a[".n..C.| +00000010 b9 ac 15 c2 76 7d 1f c0 e3 46 11 af c0 59 7d cc |....v}...F...Y}.| +00000020 d4 5d 02 90 28 bb b3 7c 85 76 46 34 7c bf 2b bf |.]..(..|.vF4|.+.| +00000030 c4 e9 e1 46 b0 15 7e af c1 03 4a 17 b3 7a 03 cd |...F..~...J..z..| +00000040 e0 90 b1 1b 59 ac 1f 33 b0 41 c3 47 ee 58 af 5b |....Y..3.A.G.X.[| +00000050 5b c4 7a 92 02 e2 34 8d cd 70 20 c4 59 5e 25 f2 |[.z...4..p .Y^%.| +00000060 28 b1 f2 a5 e0 c4 f9 d0 ae cc 2b 1e ea d4 5a fe |(.........+...Z.| +00000070 62 97 bc d7 57 94 5c b8 ce 4c 62 1a e5 29 02 1e |b...W.\..Lb..)..| +00000080 0e 68 1d 8a 17 f9 47 55 ac 65 cf 13 88 d3 95 0d |.h....GU.e......| +00000090 d7 e0 d8 03 f8 f6 6f 9c 5b de 5c 80 c3 34 7e 82 |......o.[.\..4~.| +000000a0 5c 8b c4 a3 99 c8 1e f0 f2 e5 6e 73 40 62 31 8e |\.........ns@b1.| +000000b0 3b 08 62 ba a8 b9 18 c4 84 a0 b4 9f 68 81 2f ae |;.b.........h./.| +000000c0 8d 7c cc 54 ba 4a ec 26 a5 8a 9b a7 bd 36 17 2c |.|.T.J.&.....6.,| +000000d0 52 69 4c 57 81 64 e6 34 88 27 81 d2 32 eb d2 8d |RiLW.d.4.'..2...| +000000e0 4d 8d c1 8b 14 b3 07 19 63 f8 d6 4a 9a 7d 3f c1 |M.......c..J.}?.| +000000f0 af 18 72 f7 2d c8 7e 82 52 28 51 80 59 0c 9b 9f |..r.-.~.R(Q.Y...| +00000100 ac 40 69 25 0e 6d d7 4a 72 b5 18 f8 78 b9 52 c3 |.@i%.m.Jr...x.R.| +00000110 d6 32 6c 7d 29 70 a8 33 18 d0 4b |.2l})p.3..K| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 8b e2 a1 f5 15 55 13 f6 f2 fa 95 |..........U.....| +00000010 3b bb 0f 3d 3e 9b 3c b1 60 cb 69 7f 63 62 2d 9b |;..=>.<.`.i.cb-.| +00000020 20 47 3a 7d 5e d0 98 38 49 c3 94 f8 1d 56 1d 69 | G:}^..8I....V.i| +00000030 27 65 bc ca 63 22 65 61 60 67 49 35 f0 eb 83 1b |'e..c"ea`gI5....| +00000040 44 c4 f0 91 64 5a 81 b5 06 4b 3e 3a ef 3b 5c b0 |D...dZ...K>:.;\.| +00000050 81 b4 36 df f3 0d a3 0a 1c 40 03 fa 81 48 42 70 |..6......@...HBp| +00000060 bf 4c b3 6b 67 19 7b 83 05 a1 31 a3 1c 79 49 2c |.L.kg.{...1..yI,| +00000070 1f 58 bc 7d 98 4e 5b 64 44 3d 3c 43 fb 77 c7 7c |.X.}.N[dD=l.c[.| +000003c0 f0 c6 3a 58 e0 6c 6b 70 46 d0 be 6f 13 34 7a 30 |..:X.lkpF..o.4z0| +000003d0 e6 e4 b2 fd 39 ee 79 b1 7e 73 5e 9b 2d d9 3f 4f |....9.y.~s^.-.?O| +000003e0 61 d5 53 37 79 57 15 a3 3a 7c b7 02 cc 76 25 1d |a.S7yW..:|...v%.| +000003f0 96 8b dd 9e 32 8b 1a 9e 37 b1 1a b8 f2 4f ef 3c |....2...7....O.<| +00000400 78 e1 b9 07 16 03 03 00 14 bf da c1 d4 16 fd 48 |x..............H| +00000410 a9 ad 59 6d 8c dc e1 6c fd 73 ca 9c 1b |..Ym...l.s...| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 11 1e 53 9b b7 57 6d ea 89 bb 37 |....i..S..Wm...7| +00000010 1b c6 01 bd 27 db fa 17 cc 5d 20 be ee 5b a9 64 |....'....] ..[.d| +00000020 48 4e 4a 4c 82 65 8e 3d 42 d6 ce 5c a8 50 d4 fa |HNJL.e.=B..\.P..| +00000030 0f 02 b2 19 90 b5 4e ae 6c e9 d6 b7 b8 64 ca 0e |......N.l....d..| +00000040 09 2d a9 7b ab 0f b8 83 97 b6 e0 eb bf 03 5a 1c |.-.{..........Z.| +00000050 e7 16 31 67 30 46 60 26 df 19 cf 5f fa 40 36 43 |..1g0F`&..._.@6C| +00000060 91 d5 7c 2f 5f 29 74 03 e0 90 cd 55 25 e5 1e fe |..|/_)t....U%...| +00000070 6b 13 ec 58 29 b0 f4 a3 b2 8d ba 4e 3b f1 11 d8 |k..X)......N;...| +00000080 85 49 50 b9 e0 03 89 a1 0f da ce 57 83 aa 4a 8c |.IP........W..J.| +00000090 3b 15 d5 10 47 01 22 32 4f 78 87 69 4c bf a6 6e |;...G."2Ox.iL..n| +000000a0 d4 e6 a5 1e fa 5b ff b0 38 a5 fa 83 1d 45 c5 18 |.....[..8....E..| +000000b0 72 65 91 6c 41 d2 21 be 5b 1d e9 f5 19 eb d0 5a |re.lA.!.[......Z| +000000c0 7e 0d 81 c9 ca f0 97 9e cc 9b 5c 77 6b 9c 15 d3 |~.........\wk...| +000000d0 bd 43 4d 42 e5 f9 82 a9 d6 f2 44 93 ae 74 a3 fd |.CMB......D..t..| +000000e0 c5 1f 15 13 a0 ea d2 f3 4c 4c ea 2d fe 3b 6e 7b |........LL.-.;n{| +000000f0 f4 11 f7 2e 7d 45 26 a0 d9 29 4e 4d ec 90 e2 3e |....}E&..)NM...>| +00000100 51 52 dd 6e e1 b5 77 b1 a2 f5 17 b5 34 7f e8 8f |QR.n..w.....4...| +00000110 38 9c d6 1c b5 6c 2d 99 00 a1 41 95 15 c5 e5 bf |8....l-...A.....| +00000120 c1 67 fb ea 53 6c a8 85 8c c4 a6 74 e3 dc f7 90 |.g..Sl.....t....| +00000130 b8 cc 99 39 1a a1 c6 51 db 65 e9 b8 ad 2b 1f 35 |...9...Q.e...+.5| +00000140 b5 90 ae f7 af c2 d0 a9 92 eb 63 21 24 4f 5e 62 |..........c!$O^b| +00000150 ba 69 ce 1a c8 41 79 db c0 6c ef bc cf 19 4a 2c |.i...Ay..l....J,| +00000160 e0 66 6e 72 97 2d 75 e5 ee 14 82 e8 26 98 fe c4 |.fnr.-u.....&...| +00000170 8a 17 c4 fb 48 2a d7 7e d9 3e 5b f9 d4 7d 0e da |....H*.~.>[..}..| +00000180 56 44 5e 33 9d 5f 97 ab d1 60 a8 ee 3d 16 6a 2a |VD^3._...`..=.j*| +00000190 33 b1 7d e2 e6 86 cd 88 ac e1 48 49 4e 19 a2 b0 |3.}.......HIN...| +000001a0 16 53 ec ff b8 a4 f7 35 2d a7 7a 04 86 66 42 52 |.S.....5-.z..fBR| +000001b0 51 3d 21 62 c5 35 9c e5 cb f9 bf 7b d1 12 b0 18 |Q=!b.5.....{....| +000001c0 7b 6f 88 d9 ef d2 1a 45 3e 51 ac 3e c8 87 8c 47 |{o.....E>Q.>...G| +000001d0 08 d0 90 b5 66 f6 4e c3 75 74 68 c8 7d 14 3a 2b |....f.N.uth.}.:+| +000001e0 83 7d 12 78 37 9e 11 02 3d 63 ba 78 b6 ba 6d 26 |.}.x7...=c.x..m&| +000001f0 30 b0 bf a9 23 1e 83 aa 3d a8 02 5b 77 5f 2a 95 |0...#...=..[w_*.| +00000200 d0 b9 c8 22 a3 a9 fe b0 32 99 8a 46 67 10 b3 d9 |..."....2..Fg...| +00000210 3e 84 02 ec a2 68 7e 69 db 51 99 37 ee 49 66 0b |>....h~i.Q.7.If.| +00000220 af e1 cd b0 25 74 dc ce 29 ed 70 1c 3a bb f2 99 |....%t..).p.:...| +00000230 03 86 6d af 3f 78 4a 86 70 b8 85 15 02 91 be f6 |..m.?xJ.p.......| +00000240 4f f2 73 98 00 c6 76 20 c2 19 c6 e9 6c d0 e5 09 |O.s...v ....l...| +00000250 5c 12 c8 1c a1 3d b7 41 18 26 cb ea d0 92 61 53 |\....=.A.&....aS| +00000260 06 7c f8 5e a8 27 de 76 4e 83 49 2a ab 82 16 03 |.|.^.'.vN.I*....| +00000270 03 00 35 4f b7 51 7c c8 51 25 a4 58 de 8b 4a e2 |..5O.Q|.Q%.X..J.| +00000280 97 cc 48 d0 4d be 9b 8a 44 3b 22 43 b9 82 a4 a5 |..H.M...D;"C....| +00000290 76 38 0b ae 91 d3 20 75 18 50 f3 1b eb 11 fd 86 |v8.... u.P......| +000002a0 4a 1a f1 e8 2a f8 e0 60 16 03 03 00 98 ae e6 1b |J...*..`........| +000002b0 b1 00 f9 14 93 55 be 63 ea 5b 5e d4 18 37 6b 14 |.....U.c.[^..7k.| +000002c0 5c 8e fb 82 51 e1 57 24 b7 4a 8b 55 74 79 70 55 |\...Q.W$.J.UtypU| +000002d0 de 33 82 14 0a 39 0d 91 92 9a 11 c0 4a dd 12 49 |.3...9......J..I| +000002e0 ea 1a 41 df fd f2 4a 79 c3 0a d5 93 5c ea 82 ff |..A...Jy....\...| +000002f0 16 4a 20 91 25 34 5d 72 9d ea 0e 40 dd 6d 86 fd |.J .%4]r...@.m..| +00000300 e9 d1 d9 db 61 e6 62 17 6b 09 47 c4 a7 32 1c 22 |....a.b.k.G..2."| +00000310 f6 e4 41 2a 3e 2b d0 c3 92 56 c5 b8 5f 6d 25 44 |..A*>+...V.._m%D| +00000320 81 e7 1a ed 70 6a a6 94 89 d1 ad 8d d1 c0 df a2 |....pj..........| +00000330 26 6f 20 0b 0e 51 15 dd 05 86 36 88 72 3f e1 5d |&o ..Q....6.r?.]| +00000340 da 9d d3 76 e4 14 03 03 00 11 52 70 cd 84 39 32 |...v......Rp..92| +00000350 7c c0 58 53 9b 32 00 96 14 b6 57 16 03 03 00 20 ||.XS.2....W.... | +00000360 98 94 aa 9f 77 71 42 3e 48 e8 74 8e 27 60 54 c2 |....wqB>H.t.'`T.| +00000370 55 ac 52 99 37 21 f3 1e 30 93 5f 71 06 19 e5 1c |U.R.7!..0._q....| +>>> Flow 10 (server to client) +00000000 14 03 03 00 11 45 8e f9 74 04 d0 44 c6 94 80 60 |.....E..t..D...`| +00000010 c1 50 7d b2 64 76 16 03 03 00 20 d5 65 8a b9 26 |.P}.dv.... .e..&| +00000020 54 70 26 de c6 8a 8f 61 a3 b1 9e 8b 49 40 f7 24 |Tp&....a....I@.$| +00000030 4f 75 e0 94 e6 e7 68 51 38 8a 37 17 03 03 00 19 |Ou....hQ8.7.....| +00000040 42 7e 5a e2 46 7b ba 7d 0d 07 20 2a c0 56 fe aa |B~Z.F{.}.. *.V..| +00000050 01 eb ca d2 29 1d ff 85 10 |....)....| +>>> Flow 11 (client to server) +00000000 15 03 03 00 12 1d 01 c7 d5 d5 d1 ce 8c 52 15 8f |.............R..| +00000010 75 1e 97 fa 38 5c 65 |u...8\e| diff --git a/tls/testdata/Client-TLSv12-RenegotiateTwice b/tls/testdata/Client-TLSv12-RenegotiateTwice new file mode 100644 index 00000000..006e2d7c --- /dev/null +++ b/tls/testdata/Client-TLSv12-RenegotiateTwice @@ -0,0 +1,343 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 47 d0 f5 d9 f0 |....Y...U..G....| +00000010 59 d1 bf 28 d0 39 36 c0 bc d1 25 fd 5a 63 18 06 |Y..(.96...%.Zc..| +00000020 1e 8a 5c a6 6f d0 f9 b4 02 23 e1 20 df a0 2a 74 |..\.o....#. ..*t| +00000030 1a 52 8b d9 90 01 c2 86 69 12 b8 13 58 aa 59 b0 |.R......i...X.Y.| +00000040 66 79 ff 01 9b 9a 72 1c a6 83 e6 91 cc a8 00 00 |fy....r.........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 20 97 bd 85 2f cb 85 |........ .../..| +000002d0 be a8 9c e3 ae 6b 23 a5 5b 18 65 5c f5 cc 24 2b |.....k#.[.e\..$+| +000002e0 34 2c 5f c8 4d e9 86 35 0b 08 04 00 80 d2 b6 ee |4,_.M..5........| +000002f0 86 76 aa 1d 9c 1c ee ef 0e 59 63 1d ec f1 cf a1 |.v.......Yc.....| +00000300 f3 5b 6d da 99 9c 40 07 bf 28 ad 72 cd 80 6c 9d |.[m...@..(.r..l.| +00000310 bf a2 20 33 2d d0 67 ef 90 28 88 2b d0 8e c6 9d |.. 3-.g..(.+....| +00000320 87 7a 18 8f 80 ce 25 92 13 8d ef 38 0a 14 f9 67 |.z....%....8...g| +00000330 88 94 ef af 97 d2 21 90 9e 24 2f af 1e bb fa 10 |......!..$/.....| +00000340 4c a7 9f f5 27 63 e6 d8 1a 86 53 c6 3c 15 a8 6c |L...'c....S.<..l| +00000350 b9 bc 8f c4 38 1a 4b 34 36 ec af b2 1e d0 bf 58 |....8.K46......X| +00000360 74 36 ad fb e4 f0 fd 9d 6d 01 cf 51 6c 16 03 03 |t6......m..Ql...| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 e8 d5 df da 49 9a 94 10 30 90 81 |.... ....I...0..| +00000040 c6 19 54 d4 0d e2 0d e0 d9 a3 c0 21 7f a6 d1 cc |..T........!....| +00000050 ea 75 2e 17 01 |.u...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 f3 92 03 fb 7b |.......... ....{| +00000010 0f 32 0b 5b dd 9e eb c3 26 2c 92 4d 58 35 a8 96 |.2.[....&,.MX5..| +00000020 74 d6 d8 0f 61 b2 7d b6 8d ec e6 |t...a.}....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 ab 69 44 d0 fe 95 93 ae f9 1b d7 |......iD........| +00000010 33 6c 59 a5 41 cc d2 1b ca 2c 63 |3lY.A....,c| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 99 96 92 c4 82 c8 27 77 a6 f4 ca |...........'w...| +00000010 e5 5b ff 78 bc 54 b6 d7 cd |.[.x.T...| +>>> Flow 7 (client to server) +00000000 16 03 03 01 16 d9 6a 26 33 e5 d8 df 32 d1 f5 84 |......j&3...2...| +00000010 1f 37 7f 07 6a ae be 20 84 20 dc 28 31 8e 46 32 |.7..j.. . .(1.F2| +00000020 0b 96 c8 22 28 fb 98 d9 8e 6f 6d 97 66 55 e2 1e |..."(....om.fU..| +00000030 b5 b8 e4 9b 52 25 28 c2 72 cb 9e 14 4c ba 58 6c |....R%(.r...L.Xl| +00000040 3b 33 da 56 db fe 14 d3 4c b4 ce a9 57 64 ae 4e |;3.V....L...Wd.N| +00000050 5f c5 a7 e6 f4 01 51 d7 81 f4 1d ca fa 3f 86 e7 |_.....Q......?..| +00000060 9f 64 28 6e 3f e4 ef 79 77 20 64 45 ed a2 16 e1 |.d(n?..yw dE....| +00000070 b4 63 99 9f 62 6d b7 6d f4 ad 1f fe d9 de 00 84 |.c..bm.m........| +00000080 4b bb 0c bc c8 82 a8 1d 8a ac f6 10 2d 5d d4 c7 |K...........-]..| +00000090 37 f8 fc 89 24 ea c4 b8 87 f4 f4 f0 4b cd db e2 |7...$.......K...| +000000a0 15 03 95 1e c1 10 7c e8 6d 99 6c e0 bc e1 0a a5 |......|.m.l.....| +000000b0 d8 36 eb 59 93 6d 1c 96 1c 61 1b 11 36 04 58 6b |.6.Y.m...a..6.Xk| +000000c0 c5 b0 fb 8e 9f 21 4a 25 a1 59 ee 5d 1b e3 e3 98 |.....!J%.Y.]....| +000000d0 71 0a d8 3f 18 f2 b2 1c 6f ec 6d 87 13 b9 d3 25 |q..?....o.m....%| +000000e0 53 c1 00 78 be 99 82 f6 27 05 24 01 10 1c 59 19 |S..x....'.$...Y.| +000000f0 94 6a af 7e e5 ae c5 03 14 04 e2 fe 5e 59 e8 e0 |.j.~........^Y..| +00000100 45 3d af c0 40 ea 84 0a 13 9c d3 0f d4 69 3f 3e |E=..@........i?>| +00000110 97 83 ac b5 b9 07 56 9a 19 44 ca |......V..D.| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 4b d8 09 ef 6a 5b a2 c2 e0 2c b3 |.....K...j[...,.| +00000010 fa e9 21 b3 64 c7 51 8d d4 14 14 ba 7b 2f f8 1a |..!.d.Q.....{/..| +00000020 e9 f8 7a 69 8b 0b b4 5f 26 c5 b6 2e dd c9 90 04 |..zi..._&.......| +00000030 7d af fd 56 f7 9a 0d 56 09 6c 74 48 49 74 90 71 |}..V...V.ltHIt.q| +00000040 e1 ee 66 4c 1a da 66 43 50 fa 94 2c 84 21 10 f0 |..fL..fCP..,.!..| +00000050 00 85 a7 c2 ea 73 19 52 b7 f2 2a e8 17 17 23 67 |.....s.R..*...#g| +00000060 b6 80 d6 3f e0 a1 ed 81 66 89 0a 0d 48 9f 7f dc |...?....f...H...| +00000070 79 c4 27 9b c0 b8 68 ef 2a 5b ab df 8f 82 d6 ff |y.'...h.*[......| +00000080 84 38 f8 a4 f2 98 16 03 03 02 69 1f c6 1c dc 85 |.8........i.....| +00000090 f1 66 8d 7f 7f aa 36 cd c6 d4 cc 38 c8 8d 98 75 |.f....6....8...u| +000000a0 92 d2 db b4 49 0c 09 cc af e6 5b 07 64 76 34 c8 |....I.....[.dv4.| +000000b0 41 49 85 5e b4 68 ac 35 04 72 00 70 33 f7 5f a7 |AI.^.h.5.r.p3._.| +000000c0 84 40 34 03 2f 89 25 06 a1 50 dc ea d7 c4 29 57 |.@4./.%..P....)W| +000000d0 f9 5b 57 63 14 02 1e 74 db 5d 02 cf c4 f1 89 f6 |.[Wc...t.]......| +000000e0 6a 77 ce 87 5c 3a 61 b8 7d 02 f0 0e 6e 85 2a 51 |jw..\:a.}...n.*Q| +000000f0 d8 ad 4a 9f 65 04 4c 00 d0 35 76 01 dc 03 cf ca |..J.e.L..5v.....| +00000100 6b 11 83 9e 70 33 82 f6 cb eb 4c da 44 76 89 ab |k...p3....L.Dv..| +00000110 d4 65 01 e6 08 7b 2a 3d 49 02 39 85 e8 ff 53 fd |.e...{*=I.9...S.| +00000120 d0 ce 2a f0 11 3c 02 8f bd b8 2f ea 81 a1 64 10 |..*..<..../...d.| +00000130 7b c2 8b 72 f3 32 7b 36 80 13 17 8b 83 dc ce 3a |{..r.2{6.......:| +00000140 29 44 06 66 c9 c3 83 cc 28 38 c5 02 7c 3d b6 30 |)D.f....(8..|=.0| +00000150 55 07 a0 08 bb b3 e1 1e a8 a5 74 60 51 be ee dd |U.........t`Q...| +00000160 aa 83 09 e9 f3 c7 a5 1e 20 fc 6d d5 82 af f5 b6 |........ .m.....| +00000170 5b 23 dd 81 ce 78 5a 3c 92 c3 96 e1 aa e5 ad 24 |[#...xZ<.......$| +00000180 da 89 41 44 8b 0b 42 df e5 28 11 8e 9a e0 06 51 |..AD..B..(.....Q| +00000190 80 93 15 31 ec 8c 3e 60 92 ab a5 ec 25 5c c5 10 |...1..>`....%\..| +000001a0 ac 0f 01 1b c4 36 d5 f0 52 c7 0b f7 9b 40 9b c0 |.....6..R....@..| +000001b0 18 ad 1c eb 49 ed 8e 27 b6 35 b4 20 e0 e6 df 04 |....I..'.5. ....| +000001c0 69 d6 b5 56 04 30 d4 3d b0 9f e6 21 66 e7 97 cb |i..V.0.=...!f...| +000001d0 2f bd b2 b2 c1 be 4b 4f 6e 88 60 a1 cb eb b4 86 |/.....KOn.`.....| +000001e0 92 07 da 3c fa 8b 1a de 1c e7 6b c0 53 70 e7 ee |...<......k.Sp..| +000001f0 2f 70 4f e0 2a a3 b4 dc af 64 4f 5a 44 f9 ff fc |/pO.*....dOZD...| +00000200 7f 2f 7e 22 13 47 ed f4 ec 0c fa 01 21 e3 c1 d6 |./~".G......!...| +00000210 c7 53 f4 de 6c 91 c5 85 bd 3c a7 f3 d6 e7 f3 31 |.S..l....<.....1| +00000220 13 59 b7 ee 0b f7 6a 88 76 94 ab 45 41 9e ab d7 |.Y....j.v..EA...| +00000230 71 59 7e 45 ed 4d a0 12 4a 81 6a 15 05 a9 21 94 |qY~E.M..J.j...!.| +00000240 40 f0 1d aa 7e b3 d4 6d a6 ff 46 94 e6 d0 16 46 |@...~..m..F....F| +00000250 60 ac c5 15 94 d5 f7 76 1e 8b 90 e6 17 ff 5c 21 |`......v......\!| +00000260 d0 f9 98 25 0f 98 8b 6c 0f 2c 2a 92 0a f0 90 3d |...%...l.,*....=| +00000270 ef 9a 40 67 21 83 f7 5c 95 24 97 f6 45 51 81 4c |..@g!..\.$..EQ.L| +00000280 4b e1 64 0a f5 dd 02 fd 8d 21 d1 ef f8 96 70 4b |K.d......!....pK| +00000290 58 aa 3c f9 b1 f1 e9 fd 31 ea fc 68 4b c9 fa 79 |X.<.....1..hK..y| +000002a0 6d 2e 54 d7 1c 9d 5d 62 fc 43 2f cb 6a 48 4d 2e |m.T...]b.C/.jHM.| +000002b0 07 71 7b f2 b3 e6 08 8b 13 ca f0 e9 c1 d2 cc 7a |.q{............z| +000002c0 9a 49 e9 7b aa e8 bb d2 cf 97 73 b8 9a 3f 8b 01 |.I.{......s..?..| +000002d0 b9 cf c6 81 fd 99 fc c9 43 08 35 2c a0 fb 38 32 |........C.5,..82| +000002e0 8b d8 5b d4 20 41 a0 57 e6 34 c1 d8 66 6e 16 e7 |..[. A.W.4..fn..| +000002f0 78 4f e8 58 16 03 03 00 bc d3 91 f3 88 2f ec 1c |xO.X........./..| +00000300 da 94 cb b0 69 70 a2 41 4c fd 40 0d a0 97 01 34 |....ip.AL.@....4| +00000310 35 83 e6 3f a8 b0 c9 26 8d f1 8a c1 f6 a6 ab a4 |5..?...&........| +00000320 63 65 5a 10 38 d2 87 a7 8d ae ca 9e c6 23 7e c6 |ceZ.8........#~.| +00000330 c8 45 37 e8 7c 4b 40 5a 5b 68 19 bb 36 83 81 41 |.E7.|K@Z[h..6..A| +00000340 b2 fe 7c 39 7e 9f 95 3a 45 2e 9f 96 35 26 81 73 |..|9~..:E...5&.s| +00000350 4d 0f c3 09 61 32 eb 64 4b 46 76 c1 0e ca cf 02 |M...a2.dKFv.....| +00000360 6a f3 75 f3 bf aa b0 f8 43 e3 6b d1 c4 27 3e fe |j.u.....C.k..'>.| +00000370 06 a2 49 e4 bb 56 c5 c0 5d 36 81 06 97 ed ff a2 |..I..V..]6......| +00000380 99 78 43 0a c5 20 df a3 ac b7 8f 61 a2 ff 48 66 |.xC.. .....a..Hf| +00000390 ea c1 b6 57 38 fc 36 7c dd 30 b5 ce 58 b1 18 82 |...W8.6|.0..X...| +000003a0 e5 2a 54 d8 4d da f1 fc 98 06 97 43 d5 dc d9 3e |.*T.M......C...>| +000003b0 d4 f8 a3 76 9c 16 03 03 00 4a 78 c0 f2 02 60 a4 |...v.....Jx...`.| +000003c0 8e 9a cd 31 30 e9 16 df ce 98 bb 95 50 a0 05 48 |...10.......P..H| +000003d0 6c c2 ce c5 e2 77 f2 4a d0 45 80 97 98 d4 38 d1 |l....w.J.E....8.| +000003e0 90 04 91 48 cb 52 40 d3 a4 cb 8d 68 dc 64 9c 07 |...H.R@....h.d..| +000003f0 cb 8c b9 3b f8 44 fe 47 69 67 fb 2d ab 44 db d0 |...;.D.Gig.-.D..| +00000400 58 55 83 81 16 03 03 00 14 51 82 e0 57 8e cb 4a |XU.......Q..W..J| +00000410 d4 59 6e 58 f7 6d 44 3f f5 83 64 52 51 |.YnX.mD?..dRQ| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 96 85 13 d5 b1 07 ec bb 1c c1 be |....i...........| +00000010 a3 42 10 c8 e0 ec f8 f1 67 29 d5 52 ef bb 32 e8 |.B......g).R..2.| +00000020 7b e5 a7 3f ab 71 2d 74 20 f7 8a a7 1f bf 7c 4b |{..?.q-t .....|K| +00000030 8b 95 db 07 3c ad 86 5e b3 98 32 e9 5a ce 96 08 |....<..^..2.Z...| +00000040 c5 64 44 27 fb bc 44 29 49 44 32 3f 64 e8 86 1b |.dD'..D)ID2?d...| +00000050 54 63 74 3d a1 99 4d 4a 3e 5a 76 71 39 81 de df |Tct=..MJ>Zvq9...| +00000060 90 e4 f6 ac 96 15 0b 70 ad 7e 8a 1d 69 86 65 6e |.......p.~..i.en| +00000070 63 bf fb f2 6f 21 d5 66 ad f1 b1 09 05 04 f9 09 |c...o!.f........| +00000080 0e 0c 12 74 c1 cd f1 5e fa f1 1b cd 3b 2b 13 8f |...t...^....;+..| +00000090 fb f6 fd b0 ca ea 73 1b 38 ad db 6b fd 29 34 db |......s.8..k.)4.| +000000a0 51 4a 44 97 a7 2f 2a 98 d6 cc d5 c4 b9 17 23 ab |QJD../*.......#.| +000000b0 09 27 15 a5 35 3b 2b 7e b2 3b fd 12 1b 11 90 4d |.'..5;+~.;.....M| +000000c0 81 1b 84 bb fd 72 09 31 5e 78 0e f6 b6 60 44 bb |.....r.1^x...`D.| +000000d0 6c 06 72 0b ba ba 60 f6 c1 cb 7e 45 a9 25 44 3d |l.r...`...~E.%D=| +000000e0 ba da 71 99 bb 79 b3 73 ef eb c2 cc 07 87 76 f5 |..q..y.s......v.| +000000f0 e9 7c d9 47 8c fc 7d b7 a0 70 72 04 1e 3d 9b 2f |.|.G..}..pr..=./| +00000100 85 9f c8 2f d9 20 4e 00 97 d6 dd dc ae a1 04 96 |.../. N.........| +00000110 83 e1 4f f3 0d ad 9c ce 5f e7 7b 88 7a b7 d2 ce |..O....._.{.z...| +00000120 0a 61 95 d2 78 e3 45 a8 10 5e d9 ae d2 e1 22 bf |.a..x.E..^....".| +00000130 59 9c 4a 2c 28 fb c1 b6 89 3b 65 8c 94 a9 f0 7c |Y.J,(....;e....|| +00000140 86 98 8f 22 c4 18 47 e4 f0 b9 42 dd 34 ab 2a 8e |..."..G...B.4.*.| +00000150 fc 8f ce 09 ec 6f 57 6b d1 ab 32 fd 84 e2 9f 7e |.....oWk..2....~| +00000160 f5 b7 5d 26 aa 37 da e9 f3 18 6f 56 74 03 ff 1e |..]&.7....oVt...| +00000170 87 95 fb 93 57 2e 32 fb b3 cf d2 0d 42 02 4f 6a |....W.2.....B.Oj| +00000180 9e de ee 6a e6 7e e5 d2 ba cb 00 5d ff b4 6d 7f |...j.~.....]..m.| +00000190 23 5e 93 be e9 3a c1 b4 78 30 53 90 07 e4 a7 af |#^...:..x0S.....| +000001a0 da e1 29 7d 50 a5 76 ec a8 5e 96 50 45 26 c4 9d |..)}P.v..^.PE&..| +000001b0 c1 99 98 c6 1a bf 93 c1 63 b3 0a 2d af c8 29 7d |........c..-..)}| +000001c0 ef b2 d3 8f aa 93 fb be 39 c0 a1 65 51 e8 6e c4 |........9..eQ.n.| +000001d0 45 cb 2a 52 b7 ec e0 48 c0 b2 cc c7 72 12 18 e0 |E.*R...H....r...| +000001e0 c7 9f fa 09 97 95 16 9f f4 5d 70 c5 d6 7f 23 d5 |.........]p...#.| +000001f0 53 98 d0 80 50 9b 52 46 11 d4 97 ea 47 26 f5 6f |S...P.RF....G&.o| +00000200 66 7b 8a cc f8 8d 70 c7 ec fa 72 de ba ac d4 b2 |f{....p...r.....| +00000210 be 7d d8 78 44 dd de 66 53 26 f4 c0 8a 67 61 cb |.}.xD..fS&...ga.| +00000220 46 34 3d 6f 9e 9b dc ee 4a b9 5c 67 2b d9 87 2a |F4=o....J.\g+..*| +00000230 35 42 1c 3e b8 08 c9 32 13 a6 6f fc 4d cc be dd |5B.>...2..o.M...| +00000240 ad 76 19 1c 2d b3 6e 04 a1 17 05 93 b9 69 27 42 |.v..-.n......i'B| +00000250 23 13 7b c0 f1 53 9c b5 1d 8e 5c f6 40 7e 5a e9 |#.{..S....\.@~Z.| +00000260 20 dd 18 7a 0c f2 7b 5a ec 3d 4e 3b 29 b2 16 03 | ..z..{Z.=N;)...| +00000270 03 00 35 15 15 54 38 4e 87 f1 c1 9a 90 b2 74 df |..5..T8N......t.| +00000280 72 34 aa 0b 41 f3 df b4 c5 fd 50 00 2a 36 a8 d5 |r4..A.....P.*6..| +00000290 c4 49 ac b8 58 3e 89 48 cb a9 4e b1 a9 0f ee 51 |.I..X>.H..N....Q| +000002a0 37 d3 60 ca 23 76 68 0b 16 03 03 00 98 53 3c 0e |7.`.#vh......S<.| +000002b0 d5 3b d3 78 9f 47 5d 9e 1b b6 04 5f d4 04 66 55 |.;.x.G]...._..fU| +000002c0 68 bd d7 ab 54 b7 e5 9a 12 9b 0c 1d 75 7b c7 35 |h...T.......u{.5| +000002d0 e3 9e 9d a0 8f 61 7a 32 d1 a7 23 2a b6 ba 48 7c |.....az2..#*..H|| +000002e0 1a 62 66 61 b4 3d e8 e3 a9 4e 85 7a 8d 5b f3 69 |.bfa.=...N.z.[.i| +000002f0 c8 bc 0a 8a c7 e4 df 78 9b a8 cf 1d 37 14 90 a5 |.......x....7...| +00000300 a8 ce f7 1f e7 a3 e5 d8 97 be 95 fd d3 c0 d0 81 |................| +00000310 bf a6 e1 b3 6b 29 ee c6 16 3c 4c 68 6e b4 42 72 |....k)...>> Flow 10 (server to client) +00000000 14 03 03 00 11 1b a8 a8 a9 c6 a8 85 60 bc 14 0d |............`...| +00000010 86 ce a5 0f 45 17 16 03 03 00 20 cb 3a 73 db 55 |....E..... .:s.U| +00000020 05 7e 3e 4b 6d d0 eb ca 68 39 bf 71 ba 6c e5 0c |.~>Km...h9.q.l..| +00000030 a7 90 d6 c1 b8 55 87 c6 20 40 35 17 03 03 00 19 |.....U.. @5.....| +00000040 28 50 71 7c f0 7c 1e 61 fb de 5d d1 bb 77 f6 c8 |(Pq|.|.a..]..w..| +00000050 a4 76 8d ab d4 c2 fe 27 96 16 03 03 00 14 e4 7e |.v.....'.......~| +00000060 51 bb 26 a8 9c 0c b0 25 7a 57 b9 98 c2 20 5a 50 |Q.&....%zW... ZP| +00000070 07 ca |..| +>>> Flow 11 (client to server) +00000000 16 03 03 01 16 66 3c 1a 62 c3 4a f9 e4 66 01 d4 |.....f<.b.J..f..| +00000010 f7 e8 5a fb 95 c4 40 33 d4 af 61 78 d6 54 91 2b |..Z...@3..ax.T.+| +00000020 62 72 d5 7b b8 2c 71 11 4e 0c 2d 79 6d 41 b1 9e |br.{.,q.N.-ymA..| +00000030 df 59 d8 e0 5c 72 98 b5 29 55 1e 9b 01 a5 af 2c |.Y..\r..)U.....,| +00000040 c3 87 4b f0 c8 ca 4d 56 fb 3a 7e 04 e5 b6 4f 6d |..K...MV.:~...Om| +00000050 1e 53 26 5d af fb 17 ee 97 87 45 2f df 1b 21 80 |.S&]......E/..!.| +00000060 21 81 2b 18 2d 2d e9 3c c4 01 32 91 b7 88 27 9e |!.+.--.<..2...'.| +00000070 26 40 e7 6a 27 c5 a0 b4 a3 ed 4d 4b a4 e3 0b c7 |&@.j'.....MK....| +00000080 49 42 ca ef e9 16 5c 98 8d ab fc 7d 00 83 03 89 |IB....\....}....| +00000090 a4 97 1e 3f 9e d8 ba c5 f5 2a 0b 0a ed a0 a5 59 |...?.....*.....Y| +000000a0 27 03 36 7e 94 d8 9a 3c fc f6 f6 52 b6 a7 fa 36 |'.6~...<...R...6| +000000b0 04 83 2f e7 99 e5 1c 56 27 48 13 a0 59 ca ca 3b |../....V'H..Y..;| +000000c0 36 2d 25 e8 6f 6a cb 07 74 f8 1b 7d ba 3e 6e e1 |6-%.oj..t..}.>n.| +000000d0 1d 3e 93 c6 23 f4 eb bf ad 62 21 1a da 53 e1 13 |.>..#....b!..S..| +000000e0 0a 3a 9c 57 48 d5 ee d3 72 af c3 74 fc 74 67 7d |.:.WH...r..t.tg}| +000000f0 b4 76 fc 21 55 67 49 92 fc 71 5d 42 69 d6 01 b5 |.v.!UgI..q]Bi...| +00000100 83 4e b8 cd f9 ed 28 41 ae 95 2f d6 69 b0 d3 b8 |.N....(A../.i...| +00000110 bd 06 d6 00 74 44 c9 47 aa 8e 1d |....tD.G...| +>>> Flow 12 (server to client) +00000000 16 03 03 00 81 d3 99 6f 14 2b a1 f4 d7 45 c9 94 |.......o.+...E..| +00000010 69 0b b3 72 f4 2c 2e 5c 80 96 09 20 2f 63 a1 e4 |i..r.,.\... /c..| +00000020 8b df d7 22 11 71 bd 17 db da 2d c6 78 e8 9a 95 |...".q....-.x...| +00000030 6b 39 34 a2 13 7f 39 77 8b e5 1b 6c 4b 20 79 40 |k94...9w...lK y@| +00000040 a1 d9 69 89 b1 e2 60 8a 75 88 ae 83 b9 4f 42 a4 |..i...`.u....OB.| +00000050 c9 c7 44 ac 0d 3f 1c ca 49 f9 a7 05 e2 c7 05 cd |..D..?..I.......| +00000060 30 30 d2 f9 c2 87 60 33 3b 25 d0 e0 5e c2 bd 98 |00....`3;%..^...| +00000070 9c 51 d8 38 c9 ef 04 f4 39 30 50 b6 35 53 f6 95 |.Q.8....90P.5S..| +00000080 eb 5d 67 05 62 9a 16 03 03 02 69 39 94 a1 8d 01 |.]g.b.....i9....| +00000090 37 64 c6 be bb 9c 22 9d 56 e8 68 ab 0f 7a 3a e7 |7d....".V.h..z:.| +000000a0 2d 26 b7 ba 3e 54 38 b3 32 9d 7b d7 43 c4 d2 b3 |-&..>T8.2.{.C...| +000000b0 9a 84 62 73 03 7a f2 68 ec 3e 41 d2 68 c9 22 1a |..bs.z.h.>A.h.".| +000000c0 e9 4d 9c e8 80 6a a9 9e 6a bd 67 5d 77 97 8b f7 |.M...j..j.g]w...| +000000d0 32 cb 3a cb c2 c0 a1 40 7e 63 81 5f 19 a5 71 20 |2.:....@~c._..q | +000000e0 c3 76 88 ae 5c d4 bd 54 08 e7 7e e7 77 7e 3d 91 |.v..\..T..~.w~=.| +000000f0 b5 40 f7 7e 95 d5 e3 f2 e5 4a 57 f6 d9 94 df 07 |.@.~.....JW.....| +00000100 56 45 09 c4 bc 65 05 04 57 f4 00 c5 91 4c dc 4d |VE...e..W....L.M| +00000110 a0 1e c6 e2 37 35 d0 5a e9 79 ce f5 91 6d 3e 39 |....75.Z.y...m>9| +00000120 c3 68 6a 76 6d f3 29 1d e0 ef b2 20 3e 2a ac 11 |.hjvm.).... >*..| +00000130 7e 11 2d a3 84 60 94 b5 8e 3a e6 4b 34 70 aa f8 |~.-..`...:.K4p..| +00000140 e3 f9 0f 2c a4 bf 5b 27 7e c9 5e 6f c0 11 b4 ff |...,..['~.^o....| +00000150 53 6b 98 ee 20 77 87 87 fc 8e 30 1b 8f 74 29 af |Sk.. w....0..t).| +00000160 a2 c7 e8 c1 da e5 d7 0f 70 ec 27 23 46 3f 16 b1 |........p.'#F?..| +00000170 59 bd 43 76 09 1d 8c f4 eb 17 10 a5 c1 1a e0 c6 |Y.Cv............| +00000180 45 e2 d2 dc 6d f4 9a 87 36 ef 71 18 5c 1d e7 7c |E...m...6.q.\..|| +00000190 40 d6 4c 16 ee 58 75 d7 56 9f 2e 17 80 1d 74 1c |@.L..Xu.V.....t.| +000001a0 fd 86 7c 2b 05 ac ef 07 18 a3 98 73 fa 9c 16 6c |..|+.......s...l| +000001b0 14 95 37 91 1e a2 c7 47 a8 87 11 35 30 d8 ed 60 |..7....G...50..`| +000001c0 ba 65 ee 66 2b 1f db 67 c2 d0 71 26 3d ae 17 94 |.e.f+..g..q&=...| +000001d0 f0 f6 65 01 bb 1d 85 7e b3 d8 2c f1 96 c5 d5 e0 |..e....~..,.....| +000001e0 97 a4 3e df 97 ff 8f 4b e3 72 49 c4 5b 87 4e 06 |..>....K.rI.[.N.| +000001f0 93 11 75 04 7b 80 9d 1c a7 85 a3 2c f1 16 8a b9 |..u.{......,....| +00000200 78 6b 27 1e 9a e3 86 eb f9 42 95 10 02 d5 b6 01 |xk'......B......| +00000210 b3 94 04 63 49 50 9e 11 71 07 aa a1 d6 9d d1 db |...cIP..q.......| +00000220 f4 ea 2e bb fa ca 1e 00 53 75 70 de 0a 72 eb 55 |........Sup..r.U| +00000230 ab b7 ff 30 ad 5e 7e 13 90 75 42 5d 07 07 21 0f |...0.^~..uB]..!.| +00000240 db a6 f4 61 9c bf 31 34 e4 98 bb c4 ac 41 2d 76 |...a..14.....A-v| +00000250 fb 6c 30 b0 e2 98 5f ed d9 a8 42 d7 75 a1 bc 36 |.l0..._...B.u..6| +00000260 f2 3e c5 ac 50 ae c7 2e 42 35 6c 1a 47 aa 1f 0a |.>..P...B5l.G...| +00000270 2f ff 6e 0a a5 c4 b5 a5 92 3f 54 d0 4e 62 6e 3e |/.n......?T.Nbn>| +00000280 cb 07 2d 4d 1a fb 94 5b f8 d0 5b 26 34 2b 1b 26 |..-M...[..[&4+.&| +00000290 8c dd 91 a7 66 21 89 d0 11 24 a5 5f 99 ae 62 84 |....f!...$._..b.| +000002a0 34 9c d2 45 71 74 8c 68 db 8b ad 6f df 08 35 38 |4..Eqt.h...o..58| +000002b0 ed 5c 3b 3e 55 a1 c3 16 b6 61 f4 4d 6d d0 2a 5d |.\;>U....a.Mm.*]| +000002c0 10 fb 64 c9 6f 87 6f 3d ff d1 a0 97 64 b4 12 f9 |..d.o.o=....d...| +000002d0 2a a8 46 59 1b e4 6b d8 c9 3e ac 14 00 4f 1a e6 |*.FY..k..>...O..| +000002e0 26 9b 86 32 a3 9b 37 eb c1 cf 9a 70 16 2e 4a b0 |&..2..7....p..J.| +000002f0 6e e5 fc c2 16 03 03 00 bc bf c4 ea e0 dc be fe |n...............| +00000300 33 7f ef 2b d9 50 f7 87 d5 30 2b 09 bb 63 1e 4c |3..+.P...0+..c.L| +00000310 9c 3c a9 10 4e 04 e1 85 29 44 f9 ea 32 61 12 6e |.<..N...)D..2a.n| +00000320 63 0f d9 e7 e9 c8 81 a0 eb 4e fe 90 bf f4 f4 af |c........N......| +00000330 22 66 21 86 dc 2c f6 ed b1 be eb b1 ac 14 f5 ce |"f!..,..........| +00000340 6c b9 a8 45 e4 3f 09 d1 b1 f3 69 f7 df c4 f0 6c |l..E.?....i....l| +00000350 48 f6 15 80 8a b8 b0 39 0e e9 22 9a 5c 72 f9 fa |H......9..".\r..| +00000360 95 01 9d ca e4 68 ef 72 e2 34 28 a5 04 5d d2 30 |.....h.r.4(..].0| +00000370 c6 33 80 a8 f1 8f fb 6c ec 15 c3 7c 68 7c a2 2e |.3.....l...|h|..| +00000380 4d ba 64 af fb f5 b8 f7 6b 6b 8c 5c 56 dc dd 69 |M.d.....kk.\V..i| +00000390 39 d8 73 75 e3 be 17 09 3f 80 ed cc 12 5b ca d9 |9.su....?....[..| +000003a0 e6 e2 50 88 41 0b 39 8e 84 6f fb 6a c3 8e 4f fc |..P.A.9..o.j..O.| +000003b0 dc 18 ca 02 18 16 03 03 00 14 5e ac 52 4d 0b 89 |..........^.RM..| +000003c0 33 7d fe 1c d9 b5 1d 1c 2b 6d d4 4f 12 33 |3}......+m.O.3| +>>> Flow 13 (client to server) +00000000 16 03 03 00 35 a4 b8 43 07 6e 71 c9 b4 fa e1 9c |....5..C.nq.....| +00000010 a7 9d 0b 47 d8 ea 8b bd ea c2 f5 bf 36 fa 88 95 |...G........6...| +00000020 3b 98 b3 7e 19 21 9b 0f 58 76 e8 de 5b 24 d3 b5 |;..~.!..Xv..[$..| +00000030 81 bd 11 ce 86 02 b0 d1 3b ac 14 03 03 00 11 3f |........;......?| +00000040 4e a4 96 06 71 44 5f 57 30 5e 1a bc 22 8d 42 97 |N...qD_W0^..".B.| +00000050 16 03 03 00 20 23 e7 90 a5 0a 32 b4 69 06 d7 77 |.... #....2.i..w| +00000060 df ef f6 2f b8 d8 22 39 08 4f 39 02 e0 7f 62 93 |.../.."9.O9...b.| +00000070 02 b9 8e a5 b6 |.....| +>>> Flow 14 (server to client) +00000000 14 03 03 00 11 0e 2d 1e 73 95 29 15 86 03 a2 da |......-.s.).....| +00000010 6c f4 d2 02 2c 57 16 03 03 00 20 cd a2 f5 b6 da |l...,W.... .....| +00000020 0c 35 45 96 54 c3 96 5d d8 e6 03 49 7b 5c d4 6f |.5E.T..]...I{\.o| +00000030 02 da 27 9e 2f a7 09 57 1b de 7b 17 03 03 00 19 |..'./..W..{.....| +00000040 18 06 7d aa 5c 93 a9 b3 d3 14 0b 76 78 a2 57 73 |..}.\......vx.Ws| +00000050 2f a3 4f 66 c4 b3 ee 21 95 |/.Of...!.| +>>> Flow 15 (client to server) +00000000 15 03 03 00 12 55 f7 2f b2 a2 e7 59 6c f6 a9 2d |.....U./...Yl..-| +00000010 d1 17 88 01 49 c6 f2 |....I..| diff --git a/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected b/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected new file mode 100644 index 00000000..441fa0fd --- /dev/null +++ b/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected @@ -0,0 +1,247 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 bb ec 39 c5 f2 |....Y...U....9..| +00000010 dd a8 26 56 80 09 60 f5 d8 0a 93 6d 08 c4 30 c2 |..&V..`....m..0.| +00000020 cf 0c 44 86 49 a3 19 84 20 38 98 20 0d 8b 81 b5 |..D.I... 8. ....| +00000030 a7 42 37 27 1b 9c be 36 8f 9b 49 31 4f 73 67 a7 |.B7'...6..I1Osg.| +00000040 78 9f 46 e5 9e 3b 45 ff e9 16 11 ca cc a8 00 00 |x.F..;E.........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 2f ad 87 a5 c9 9e c7 |........ /......| +000002d0 f6 f1 05 9a 44 97 57 34 6b 3a 30 54 4c 0e 47 5e |....D.W4k:0TL.G^| +000002e0 16 d3 c9 c2 25 a8 47 e5 63 08 04 00 80 9f 54 b4 |....%.G.c.....T.| +000002f0 c1 aa bb 15 07 5c b1 52 ef bd 26 fa ec ce 70 31 |.....\.R..&...p1| +00000300 90 fb f5 4d d2 26 0c 64 6f b3 9f 7f 27 c7 a5 b2 |...M.&.do...'...| +00000310 d1 6d cf 0e 9c 91 e3 c4 20 f7 e3 ae 95 ff 6d ce |.m...... .....m.| +00000320 80 b5 30 89 6c a2 dd 31 26 5b 24 19 7a 30 f7 43 |..0.l..1&[$.z0.C| +00000330 71 a8 e9 1a 27 ee 46 86 44 56 b1 f3 2e e1 bd d5 |q...'.F.DV......| +00000340 79 99 34 0c 9b 01 e6 bb 0f ad 96 4a 68 0f 10 79 |y.4........Jh..y| +00000350 e9 91 7f 06 e6 02 32 ba 8c b6 a2 0c 4b 6d 09 f6 |......2.....Km..| +00000360 28 8f 94 e8 10 e1 ca 48 6c de 56 c2 5c 16 03 03 |(......Hl.V.\...| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 d5 77 86 8e 32 60 6b 0f 0f 36 33 |.... .w..2`k..63| +00000040 89 fe 51 b8 69 3a 1f 37 b3 d1 eb 43 ab e0 f6 db |..Q.i:.7...C....| +00000050 8b 9d 3c 0d 9a |..<..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 ed 78 35 a3 71 |.......... .x5.q| +00000010 34 a9 40 b2 be 15 dc a9 10 86 e0 de 94 23 e9 51 |4.@..........#.Q| +00000020 2c 01 1e 34 19 07 53 20 59 ac f9 |,..4..S Y..| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 f3 a2 5f da 1c 09 70 76 af 14 83 |......._...pv...| +00000010 e5 7f 6f c9 9a 61 7f d9 e6 86 3c |..o..a....<| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 71 23 15 46 93 87 94 38 01 d0 1b |.....q#.F...8...| +00000010 1a 34 db 58 17 d0 ac 62 87 |.4.X...b.| +>>> Flow 7 (client to server) +00000000 16 03 03 01 16 46 70 b5 5f 98 fc af a8 cb d6 7c |.....Fp._......|| +00000010 8c 1e 60 c3 68 25 20 7b 95 9a 0c 04 b3 2c 52 b2 |..`.h% {.....,R.| +00000020 30 f9 db cf 64 48 0a 46 9b 7a 11 76 11 5c 22 0c |0...dH.F.z.v.\".| +00000030 ef fa e6 6e a1 90 29 b3 64 aa ff 4d cb 7d 4d 91 |...n..).d..M.}M.| +00000040 c0 05 99 a0 3d 25 b2 1e 7c c4 d2 94 6b bf f0 f7 |....=%..|...k...| +00000050 0f 6a 3b 4c 66 c7 8a 26 9e 4f 79 68 50 5c f9 92 |.j;Lf..&.OyhP\..| +00000060 97 e1 a5 86 aa f2 e9 d5 8a a1 96 a7 37 82 71 7d |............7.q}| +00000070 7d 7e b6 77 a3 3d 84 40 58 0d 66 cd 52 6c 9b 18 |}~.w.=.@X.f.Rl..| +00000080 e2 c4 f0 dc 3d 9e 0e b8 49 ca 64 f3 71 c5 24 34 |....=...I.d.q.$4| +00000090 e7 ca c3 87 f6 b9 2c 6a 95 12 4d 9d 4a 4d fe 8a |......,j..M.JM..| +000000a0 51 16 6e c9 00 64 c0 d1 da ae e6 14 66 d2 a8 80 |Q.n..d......f...| +000000b0 35 ae 86 f6 64 f8 56 87 8a 40 46 43 ae d1 d1 fb |5...d.V..@FC....| +000000c0 64 1d 00 a1 3d e9 d9 7a b5 fb 71 2a db 76 5a 74 |d...=..z..q*.vZt| +000000d0 03 c3 79 df e6 90 e9 7e de f9 0e 70 7a 65 3c 68 |..y....~...pze| +00000100 cc f9 8d a6 56 37 0d ff 92 8f 1b 36 b3 3d 0b f5 |....V7.....6.=..| +00000110 5b fb fb 1e 4d c8 cb 84 39 5b 87 |[...M...9[.| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 25 44 f6 91 ed d5 01 fa 88 d6 74 |.....%D........t| +00000010 f7 cd 6d ba 85 76 1d bd ef 7b 31 51 db b4 42 a3 |..m..v...{1Q..B.| +00000020 0a 89 3f 47 dc ca 18 39 84 5d 5a 4e d2 cd ba 75 |..?G...9.]ZN...u| +00000030 b9 75 53 28 8c 85 6e 84 02 39 0a d2 59 ee ac 2f |.uS(..n..9..Y../| +00000040 fe a3 e4 fb 8c a1 72 e3 9f 28 8b 13 92 a8 5b 70 |......r..(....[p| +00000050 24 f0 1b 6d 19 aa f1 b2 bf 8a 1f e2 3a 3e 3f e2 |$..m........:>?.| +00000060 57 16 12 9e e8 21 11 66 b9 96 71 36 46 e1 2e fc |W....!.f..q6F...| +00000070 1e 40 a2 e2 6a 4d 4b 91 7a 50 0b d0 87 d1 04 16 |.@..jMK.zP......| +00000080 2f 47 4d f2 c9 68 16 03 03 02 69 9a 28 7b f7 fc |/GM..h....i.({..| +00000090 8b e7 2b 40 88 1c 30 c1 5a f6 1d 51 a9 a8 5e 70 |..+@..0.Z..Q..^p| +000000a0 73 1c 43 a7 3c 11 7e d5 92 78 b1 4f fd 5d 55 c6 |s.C.<.~..x.O.]U.| +000000b0 5a ef 83 88 b2 e2 33 2a 27 cd 2e e8 d2 f4 2b d4 |Z.....3*'.....+.| +000000c0 d5 b0 35 54 f6 a1 9c 07 75 10 8b 5d b9 dc bb 83 |..5T....u..]....| +000000d0 76 43 f6 7e 70 2f 7c fe 8e 64 ca 00 65 df a4 e1 |vC.~p/|..d..e...| +000000e0 a9 ad 71 79 d6 83 21 f6 9c 1b 88 d4 bb 51 3c 8a |..qy..!......Q<.| +000000f0 8c e5 c2 13 30 bd 6b 60 29 01 3e a0 cc 19 69 54 |....0.k`).>...iT| +00000100 f0 2d dd a9 a1 24 a3 cc 13 9b 9a 8b f5 06 88 a9 |.-...$..........| +00000110 9d ec c1 6f 0c b2 dd b3 60 be 23 ee 67 26 2d 65 |...o....`.#.g&-e| +00000120 b1 99 9a 5b 92 c5 06 79 47 c6 4d 39 36 83 3b 4b |...[...yG.M96.;K| +00000130 96 f0 03 41 5c f9 fa 7c 3e d5 bf 67 1c a3 cf 6f |...A\..|>..g...o| +00000140 26 98 e0 2a 2d 64 60 c2 71 b1 b3 35 ba 8a 38 00 |&..*-d`.q..5..8.| +00000150 88 cf 5a a5 2b 89 83 f3 04 ad 24 97 fa 34 69 fd |..Z.+.....$..4i.| +00000160 d7 70 00 09 ce 0f 60 f7 84 7d e3 5e 19 a9 1b dd |.p....`..}.^....| +00000170 45 3f 34 ae d4 c5 5c 1f 32 81 69 ea 22 44 1d c6 |E?4...\.2.i."D..| +00000180 a3 ca 99 c5 44 09 76 cb e2 ed 2e fd 23 09 d4 ea |....D.v.....#...| +00000190 62 cf cb 93 88 02 ca 8c 90 05 c9 0e 8d ff 8f e1 |b...............| +000001a0 2d ef 52 1c ed 01 53 ef a6 ee 11 11 b7 2b c8 b4 |-.R...S......+..| +000001b0 6e 32 8c 54 7a 2b 19 e1 32 3e d0 92 87 81 76 04 |n2.Tz+..2>....v.| +000001c0 c0 fd 99 3b 04 00 fb 76 d7 ed b0 81 e3 81 8c 1f |...;...v........| +000001d0 2b a0 59 d6 41 cd 8d 7d b6 62 9d ab 60 33 24 f5 |+.Y.A..}.b..`3$.| +000001e0 ec 70 8b b2 46 60 8f 53 c8 a3 f1 47 df e0 e8 b0 |.p..F`.S...G....| +000001f0 9a cf 61 d4 d0 f5 0b b6 cd 85 47 1b b2 26 7d f2 |..a.......G..&}.| +00000200 0a 32 af 5c 25 2a cc d2 66 9a 36 a1 68 95 34 18 |.2.\%*..f.6.h.4.| +00000210 2d 9a 5a 62 a7 39 be 00 70 59 63 38 6a f9 53 b7 |-.Zb.9..pYc8j.S.| +00000220 6d dd d4 cd c4 d2 12 b0 67 06 b5 d3 28 06 e4 43 |m.......g...(..C| +00000230 98 b5 13 9f 1a d5 5e 07 70 f9 96 3c 66 a0 60 d6 |......^.p.....Z| +00000350 71 82 05 10 8e be 0b 83 39 44 28 45 c6 e1 4a 85 |q.......9D(E..J.| +00000360 c0 bf 3f 80 9b 61 97 82 d1 54 37 5f bc b2 f7 1f |..?..a...T7_....| +00000370 a1 ef 0f c5 be 74 96 3b e8 89 30 3f d7 06 18 77 |.....t.;..0?...w| +00000380 ed 3b aa 6e df 0c 15 e1 3e b1 36 ae 85 23 7d 9a |.;.n....>.6..#}.| +00000390 17 c3 f4 91 3a ac b1 64 03 a9 59 19 89 c2 d9 ad |....:..d..Y.....| +000003a0 82 d7 8e 85 36 cb 81 61 0d 3a 24 a1 84 55 37 bb |....6..a.:$..U7.| +000003b0 13 80 61 38 ef 16 03 03 00 4a 88 8d 13 b9 32 18 |..a8.....J....2.| +000003c0 3c e2 72 b5 5c 0b 81 87 a0 ef 87 53 89 b1 f4 8b |<.r.\......S....| +000003d0 6a 87 68 c4 7d 59 2c 44 46 bb b1 40 8e 0a 45 4e |j.h.}Y,DF..@..EN| +000003e0 b8 a1 ba 72 bb 71 f9 52 55 c7 44 cd b3 56 82 68 |...r.q.RU.D..V.h| +000003f0 8c 57 39 58 0b 40 12 4f 5d a2 91 3a ab 68 55 19 |.W9X.@.O]..:.hU.| +00000400 26 dc ed 30 16 03 03 00 14 52 f8 53 d9 fc a6 a3 |&..0.....R.S....| +00000410 89 c4 5a 2d 66 46 17 16 c3 bb f9 3c ca |..Z-fF.....<.| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 fe 0d 45 cb 57 12 fa 9e 10 d7 b3 |....i..E.W......| +00000010 a5 dd 33 0e 39 41 77 63 8e 99 e0 5b b9 5e 94 0a |..3.9Awc...[.^..| +00000020 48 b2 6b e9 61 ab f2 74 6b 5e a3 f9 3f 9c 29 0b |H.k.a..tk^..?.).| +00000030 6b 34 29 92 d8 c8 2c 61 84 f2 3b 0f c2 5c e5 19 |k4)...,a..;..\..| +00000040 6a f0 e2 03 e3 93 a6 1e 4e 87 79 6b 07 dc 18 d2 |j.......N.yk....| +00000050 9a 25 be f3 d6 ab 2a be f8 68 65 68 92 8a 80 04 |.%....*..heh....| +00000060 26 eb 62 ae 6b bc 81 27 82 76 25 e0 6b ac 04 e9 |&.b.k..'.v%.k...| +00000070 67 68 13 f6 7b 7e 24 c2 75 27 8a c9 3a 7a 2f aa |gh..{~$.u'..:z/.| +00000080 a2 37 d9 73 97 bc 4b 09 ba 1b 2c ba 08 85 c6 82 |.7.s..K...,.....| +00000090 50 a3 e0 00 6e a8 7c 14 ab 38 ae c4 82 ee 05 4b |P...n.|..8.....K| +000000a0 9a c0 19 62 1e de ef 7f 8c a4 a0 0e 29 0f b4 09 |...b........)...| +000000b0 f1 b9 39 ae 09 1b 6e 6f ee 3d 31 72 70 09 51 44 |..9...no.=1rp.QD| +000000c0 1c 33 64 6d ae 8d da a5 e0 7b a3 49 19 2c 3f dd |.3dm.....{.I.,?.| +000000d0 6b 1e d1 a7 bb 8a 13 8c e9 aa 5f b3 fd 88 89 5a |k........._....Z| +000000e0 4a 30 dd d0 1e 6a 8c 8a 0d 35 82 01 64 c1 42 ff |J0...j...5..d.B.| +000000f0 60 ac 3d 62 bf 31 3e ab 42 7e b0 da 4a cc 9c d8 |`.=b.1>.B~..J...| +00000100 0e 92 97 a2 40 48 48 ce 66 49 bd 1b 8a ee ed 46 |....@HH.fI.....F| +00000110 18 98 b9 43 b8 76 e8 93 07 3c 38 6e c2 cd 9c ce |...C.v...<8n....| +00000120 e2 38 f0 d7 ee ad c7 4a c4 ed 3b fd 2e f2 9b 43 |.8.....J..;....C| +00000130 6c fe 75 d7 4d 61 2a c5 16 e2 3d af 98 5b 76 f5 |l.u.Ma*...=..[v.| +00000140 3e 96 b9 81 b3 cb 0c 91 89 44 6e d6 66 c4 f2 dd |>........Dn.f...| +00000150 c9 21 09 91 95 f2 99 29 62 54 44 03 b0 fe 84 bb |.!.....)bTD.....| +00000160 96 86 c4 ca 6e 7f c9 f9 1a 80 38 42 7d 54 b3 6f |....n.....8B}T.o| +00000170 2a 2d c3 19 54 60 3f fb 00 95 65 6a 85 4b a2 8f |*-..T`?...ej.K..| +00000180 6a 3d 38 61 e9 36 c2 25 92 3b 53 f2 ea bb 60 42 |j=8a.6.%.;S...`B| +00000190 ab 83 83 c0 2e 95 6d 5a 19 61 9f b3 29 ee b2 52 |......mZ.a..)..R| +000001a0 5f 27 16 46 d9 ad 62 45 d5 81 9a 93 ef a1 4f e7 |_'.F..bE......O.| +000001b0 0e e0 71 bf cd 49 68 e7 13 f1 71 59 8c f5 2d 05 |..q..Ih...qY..-.| +000001c0 5d 65 c4 6e 2c 91 c5 d3 40 c4 2f df c8 f6 59 55 |]e.n,...@./...YU| +000001d0 05 6b c1 b7 59 15 8e b8 85 1b 75 dd 44 9e b7 f3 |.k..Y.....u.D...| +000001e0 00 73 bf c6 93 d4 43 27 bd 60 79 1a 28 93 2d 64 |.s....C'.`y.(.-d| +000001f0 fb 2f 77 a6 79 22 54 f3 c3 3c 3f cd 4d ea 79 3b |./w.y"T..>> Flow 10 (server to client) +00000000 14 03 03 00 11 00 e4 ef 62 c1 c0 72 f3 98 4d 5a |........b..r..MZ| +00000010 6a c8 7e 29 92 b8 16 03 03 00 20 ff 7e fc cb b5 |j.~)...... .~...| +00000020 07 5f ea 8a 89 2a 46 1b c6 33 41 fe f9 f4 1e 3a |._...*F..3A....:| +00000030 9d 8b 1d 8f 9b 7b 89 07 b4 e8 59 17 03 03 00 19 |.....{....Y.....| +00000040 a3 ba 0c 9b 54 cd 59 6a e1 db 33 80 38 a9 95 a1 |....T.Yj..3.8...| +00000050 95 5b a5 5f ad 3c d0 52 f7 16 03 03 00 14 e6 22 |.[._.<.R......."| +00000060 84 a7 02 10 1e ee 58 88 a5 b8 e8 bf 0a 9b 61 46 |......X.......aF| +00000070 0c ae |..| +>>> Flow 11 (client to server) +00000000 15 03 03 00 12 7f 90 91 7b 93 4e 24 25 5e cb 35 |........{.N$%^.5| +00000010 2c eb ee 29 6a b3 a3 15 03 03 00 12 3d b7 30 fe |,..)j.......=.0.| +00000020 63 90 c3 2d 17 a0 e1 ed 8d bb a4 f6 f6 17 |c..-..........| diff --git a/tls/testdata/Client-TLSv12-RenegotiationRejected b/tls/testdata/Client-TLSv12-RenegotiationRejected new file mode 100644 index 00000000..3502977e --- /dev/null +++ b/tls/testdata/Client-TLSv12-RenegotiationRejected @@ -0,0 +1,95 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 9c d0 eb d6 42 |....Y...U......B| +00000010 2e ff 6e 5a 19 33 6d 12 97 56 56 2b f5 1b 86 c8 |..nZ.3m..VV+....| +00000020 38 83 59 37 ac 17 46 ed 73 53 43 20 e4 94 9b 71 |8.Y7..F.sSC ...q| +00000030 f4 94 d9 d9 3a a1 e1 99 1e b4 a5 55 46 88 e0 0a |....:......UF...| +00000040 af 0a 0e ff 81 10 e2 e0 63 21 ae 2a cc a8 00 00 |........c!.*....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 9b 89 08 0d ea c2 d3 |........ .......| +000002d0 4f 73 77 a0 e3 0e 1a 68 13 2c 5c a5 ec 39 75 1b |Osw....h.,\..9u.| +000002e0 c2 95 fe b8 fe 58 f4 bb 16 08 04 00 80 d4 e8 d3 |.....X..........| +000002f0 d4 5b 1f ee ff 60 f5 86 b1 f4 06 c0 a8 ab 90 b0 |.[...`..........| +00000300 26 15 d5 4e 3f d6 a5 e2 a3 3a e0 0f 9a 92 bd 96 |&..N?....:......| +00000310 9d 98 15 f3 95 82 a9 5d 9f 1d 9b 4f 2e 77 58 40 |.......]...O.wX@| +00000320 58 3d fd 8f a6 09 1c fa 61 77 2e 87 df e7 76 8b |X=......aw....v.| +00000330 bf f1 dd 29 f8 70 c0 6d db e5 a0 55 92 77 44 75 |...).p.m...U.wDu| +00000340 d9 95 a6 17 67 93 47 8e 1f 61 50 65 31 94 d3 79 |....g.G..aPe1..y| +00000350 5f 25 a6 f0 3e 19 9a c8 ad b9 1a af 5b 50 2c 97 |_%..>.......[P,.| +00000360 78 1e 71 3a e0 fa 7c 44 1e d1 32 56 4e 16 03 03 |x.q:..|D..2VN...| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 88 fe 97 82 bd a7 99 c6 a6 2f c1 |.... ........./.| +00000040 1a a8 54 8c e5 c6 39 0a 6b 07 9b 1a 05 f4 fb e3 |..T...9.k.......| +00000050 67 f5 c8 6e 17 |g..n.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 3b 6d ac 1c 8b |.......... ;m...| +00000010 1b 46 3a 4e 03 75 51 9e 99 6e 5a a8 4f 07 91 a3 |.F:N.uQ..nZ.O...| +00000020 18 2c bf 88 92 17 e5 13 65 a3 6c |.,......e.l| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 c7 94 fc be 3d 73 fd ec ce b2 f6 |.........=s.....| +00000010 bf 17 bf 52 3e b4 98 39 43 c0 0a |...R>..9C..| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 cf 01 f5 e6 eb 60 e3 49 c4 fb 84 |..........`.I...| +00000010 e1 11 69 e1 91 c0 02 d2 e3 |..i......| +>>> Flow 7 (client to server) +00000000 15 03 03 00 12 4d 7f de 01 23 f7 3f 0d e6 1a f1 |.....M...#.?....| +00000010 19 a2 cd 58 1a 25 f5 15 03 03 00 12 95 78 52 00 |...X.%.......xR.| +00000020 65 aa 6d 77 5a 66 d5 95 c4 5a 9b 1b 05 b2 |e.mwZf...Z....| diff --git a/tls/testdata/Client-TLSv12-SCT b/tls/testdata/Client-TLSv12-SCT new file mode 100644 index 00000000..d12e263e --- /dev/null +++ b/tls/testdata/Client-TLSv12-SCT @@ -0,0 +1,113 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 01 c6 02 00 01 c2 03 03 d8 a9 75 cc 9a |.............u..| +00000010 81 df 5a a0 3b ba 51 74 52 50 72 08 35 02 35 77 |..Z.;.QtRPr.5.5w| +00000020 28 ff 44 e6 d9 c6 8b f8 54 67 b4 20 62 80 60 cc |(.D.....Tg. b.`.| +00000030 09 90 52 66 75 72 a2 c5 dc 8d 18 ce 9a d5 7e cd |..Rfur........~.| +00000040 a5 36 2a 2e 65 72 6f f0 dd b0 8c 14 cc a8 00 01 |.6*.ero.........| +00000050 7a 00 12 01 69 01 67 00 75 00 a4 b9 09 90 b4 18 |z...i.g.u.......| +00000060 58 14 87 bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b |X......gp.<5....| +00000070 df b8 e3 77 cd 0e c8 0d dc 10 00 00 01 47 97 99 |...w.........G..| +00000080 ee 16 00 00 04 03 00 46 30 44 02 20 1c 4b 82 5d |.......F0D. .K.]| +00000090 95 6e 67 5b db 04 95 4b f6 ce f4 32 3e 86 7a 7a |.ng[...K...2>.zz| +000000a0 32 ab 18 60 74 de 08 da 05 91 4c 2f 02 20 73 54 |2..`t.....L/. sT| +000000b0 1b 6e 7f a1 b0 7d 11 bc e6 f3 85 2f 97 66 1a f7 |.n...}...../.f..| +000000c0 8a e4 10 25 8f 12 f4 6f 39 0f d2 9e 18 f0 00 76 |...%...o9......v| +000000d0 00 68 f6 98 f8 1f 64 82 be 3a 8c ee b9 28 1d 4c |.h....d..:...(.L| +000000e0 fc 71 51 5d 67 93 d4 44 d1 0a 67 ac bb 4f 4f fb |.qQ]g..D..g..OO.| +000000f0 c4 00 00 01 47 97 e1 b5 70 00 00 04 03 00 47 30 |....G...p.....G0| +00000100 45 02 20 32 21 14 38 06 d8 72 2e 00 30 64 1a e2 |E. 2!.8..r..0d..| +00000110 e8 6d 4e 5a e1 d9 42 1e 82 4b 96 25 89 d5 26 13 |.mNZ..B..K.%..&.| +00000120 d3 9c fa 02 21 00 8f 12 28 64 51 4f 44 d5 8c 18 |....!...(dQOD...| +00000130 62 23 b2 43 93 33 05 f3 43 55 a1 d9 ee cd c5 71 |b#.C.3..CU.....q| +00000140 35 91 dd 49 d1 0b 00 76 00 ee 4b bd b7 75 ce 60 |5..I...v..K..u.`| +00000150 ba e1 42 69 1f ab e1 9e 66 a3 0f 7e 5f b0 72 d8 |..Bi....f..~_.r.| +00000160 83 00 c4 7b 89 7a a8 fd cb 00 00 01 48 5c 64 8a |...{.z......H\d.| +00000170 87 00 00 04 03 00 47 30 45 02 20 29 89 d6 b0 53 |......G0E. )...S| +00000180 d3 d2 e9 91 bc f1 b5 40 be 1e 2e e7 5c b4 74 27 |.......@....\.t'| +00000190 ed 8f 9b 02 e9 fa c2 4c ba a2 be 02 21 00 af 43 |.......L....!..C| +000001a0 64 52 71 15 29 58 40 91 c7 08 16 96 03 a8 73 a5 |dRq.)X@.......s.| +000001b0 65 a0 6c b8 48 56 5a b6 29 83 64 6d 2a 9d ff 01 |e.l.HVZ.).dm*...| +000001c0 00 01 00 00 0b 00 04 03 00 01 02 16 03 03 02 59 |...............Y| +000001d0 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.| +000001e0 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b |.............?.[| +000001f0 ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |..0...*.H.......| +00000200 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |.0.1.0...U....Go| +00000210 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f |1.0...U....Go Ro| +00000220 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 |ot0...1601010000| +00000230 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 |00Z..25010100000| +00000240 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 |0Z0.1.0...U....G| +00000250 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 |o1.0...U....Go0.| +00000260 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| +00000270 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e |....0.......F}..| +00000280 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e |.'.H..(!.~...]..| +00000290 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be |RE.z6G....B[....| +000002a0 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 |.y.@.Om..+.....g| +000002b0 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 |....."8.J.ts+.4.| +000002c0 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 |.....t{.X.la<..A| +000002d0 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 |..++$#w[.;.u]. T| +000002e0 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 |..c...$....P....| +000002f0 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 |C...ub...R......| +00000300 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff |...0..0...U.....| +00000310 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 |......0...U.%..0| +00000320 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 |...+.........+..| +00000330 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 |.....0...U......| +00000340 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 |.0.0...U........| +00000350 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b |..CC>I..m....`0.| +00000360 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 |..U.#..0...H.IM.| +00000370 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 |~.1......n{0...U| +00000380 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e |....0...example.| +00000390 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d |golang0...*.H...| +000003a0 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 |..........0.@+[P| +000003b0 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 |.a...SX...(.X..8| +000003c0 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 |....1Z..f=C.-...| +000003d0 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 |... d8.$:....}.@| +000003e0 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c | ._...a..v......| +000003f0 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c |\.....l..s..Cw..| +00000400 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F| +00000410 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.| +00000420 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........| +00000430 00 a8 03 00 1d 20 cd 2a 10 ee 97 4a 83 7b 0e 6d |..... .*...J.{.m| +00000440 e7 00 5a ce bc d8 1c 57 fa f6 ec 52 0d 0f be 6d |..Z....W...R...m| +00000450 c8 5d 27 3c 8c 1b 08 04 00 80 a9 4c bb 3a 0a d7 |.]'<.......L.:..| +00000460 db 72 3d 88 49 a6 0b f7 dc d5 e1 d0 07 e8 6c fa |.r=.I.........l.| +00000470 b0 5e 0b 13 27 29 6f 1f 1e b9 05 60 16 cc ea 7b |.^..')o....`...{| +00000480 46 d7 12 58 03 43 b0 fe 8e 7b 83 3b ee 11 78 8c |F..X.C...{.;..x.| +00000490 60 0f 9c 76 63 60 01 78 a0 9b 19 b9 32 99 a9 9d |`..vc`.x....2...| +000004a0 42 b8 1f f1 8b 87 07 32 fa 5e 74 d5 3e 5e ba 21 |B......2.^t.>^.!| +000004b0 ff 63 b7 c6 68 bc b3 f9 52 1a ea 23 c7 f2 ec ff |.c..h...R..#....| +000004c0 d4 10 0d f8 76 2f bc 0d e5 12 7f ee d3 8d 9e 6b |....v/.........k| +000004d0 5e 22 78 d6 fa 5e 6a 53 16 44 16 03 03 00 04 0e |^"x..^jS.D......| +000004e0 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 5c 1a 1b 0e 7e 83 4f 9b f6 8e 9f |.... \...~.O....| +00000040 ca 95 86 c3 7b 60 73 d3 8d 3c 6d 18 6a eb 70 a3 |....{`s..>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 1f a2 50 dd c5 |.......... ..P..| +00000010 ba 96 4a 63 e1 cc b6 45 77 09 c1 49 cb 5f eb 4b |..Jc...Ew..I._.K| +00000020 38 9b b1 40 1c af b1 a2 dc 7c ba |8..@.....|.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 e7 54 f6 bf 56 39 57 c4 b2 ac f2 |......T..V9W....| +00000010 b1 f4 b1 2f ad ae d7 87 21 ff 1c 15 03 03 00 12 |.../....!.......| +00000020 5d b6 56 77 55 99 b6 7b a4 0b d8 8e 8d 93 b6 35 |].VwU..{.......5| +00000030 ce 9a |..| diff --git a/tls/testdata/Client-TLSv12-X25519-ECDHE b/tls/testdata/Client-TLSv12-X25519-ECDHE new file mode 100644 index 00000000..d58a32f2 --- /dev/null +++ b/tls/testdata/Client-TLSv12-X25519-ECDHE @@ -0,0 +1,92 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f4 01 00 00 f0 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 75 00 05 00 05 01 00 00 00 00 00 0a 00 |...u............| +00000090 04 00 02 00 1d 00 0b 00 02 01 00 00 0d 00 1a 00 |................| +000000a0 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 06 |................| +000000b0 01 05 03 06 03 02 01 02 03 ff 01 00 01 00 00 12 |................| +000000c0 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 |...+............| +000000d0 33 00 26 00 24 00 1d 00 20 2f e5 7d a3 47 cd 62 |3.&.$... /.}.G.b| +000000e0 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +000000f0 c2 ed 90 99 5f 58 cb 3b 74 |...._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 e0 c7 ce be 3a |....Y...U......:| +00000010 a6 34 5f b7 c5 ec f1 f3 09 df 4d db 39 60 71 93 |.4_.......M.9`q.| +00000020 db 7c 30 e0 81 93 f0 19 57 6b 6b 20 9e 4b e2 1e |.|0.....Wkk .K..| +00000030 27 8d d3 f6 0c f3 3d bc 67 3e 79 33 fd c9 cc 55 |'.....=.g>y3...U| +00000040 36 55 a5 aa 89 94 fe b2 51 cf 24 56 c0 2f 00 00 |6U......Q.$V./..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 9b 73 58 2f 9a aa 8b |........ .sX/...| +000002d0 3e 80 1c b1 8e e5 d4 54 c2 d0 b1 94 16 86 e2 4b |>......T.......K| +000002e0 9c ab d7 ce 2c e5 26 20 04 08 04 00 80 d8 c0 18 |....,.& ........| +000002f0 90 8e 06 d8 d6 4c af a1 ae 5e ca 4b a1 18 bb 31 |.....L...^.K...1| +00000300 f5 3a 75 c3 d7 73 69 a7 e0 0f 8e f2 c5 92 0a bd |.:u..si.........| +00000310 7f 91 36 6c 01 c3 eb 08 9a 3b 25 2c bd 86 88 05 |..6l.....;%,....| +00000320 64 e0 38 5b 75 01 10 1f 1b d5 34 09 04 2e 34 6d |d.8[u.....4...4m| +00000330 71 d2 6c b6 f3 7a 1e ed a9 9d 28 60 13 fc 02 6f |q.l..z....(`...o| +00000340 f6 17 99 52 7b 19 60 e5 a6 11 d4 b3 4c 52 03 b5 |...R{.`.....LR..| +00000350 3e 28 91 c6 66 87 25 df 10 c6 cf b9 5f 92 0e d7 |>(..f.%....._...| +00000360 b6 19 f0 19 b9 f6 e9 e9 24 74 35 3b c6 16 03 03 |........$t5;....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 01 e4 5a |....(..........Z| +00000040 e9 dc dd 98 cd 5f d2 d2 eb 84 12 c9 96 ca 91 d7 |....._..........| +00000050 ae f4 db 44 a4 37 f3 a3 b2 8d db ed 3d |...D.7......=| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 c2 2d 32 ba 46 |..........(.-2.F| +00000010 27 8d 87 13 7f b9 49 04 64 2f 6e cc 32 81 f8 3c |'.....I.d/n.2..<| +00000020 7f 0f 19 13 5c 11 33 a1 05 5f 91 bc 97 30 64 84 |....\.3.._...0d.| +00000030 57 69 90 |Wi.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 fd 0f a5 |................| +00000010 74 98 c4 98 ee 67 74 d4 c1 d4 fe d3 c7 e2 1b 2c |t....gt........,| +00000020 e5 3c be 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.<..............| +00000030 f8 d4 60 41 13 6a 9c e3 0e 56 e2 ab 96 45 7e 06 |..`A.j...V...E~.| +00000040 87 63 |.c| diff --git a/tls/testdata/Client-TLSv13-AES128-SHA256 b/tls/testdata/Client-TLSv13-AES128-SHA256 new file mode 100644 index 00000000..4273484c --- /dev/null +++ b/tls/testdata/Client-TLSv13-AES128-SHA256 @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 f7 30 f3 d1 e7 |....z...v...0...| +00000010 eb 94 97 a2 c6 d5 be 74 e0 6c 08 80 2f ad 11 6b |.......t.l../..k| +00000020 b3 ce 22 59 06 a9 eb 41 9c 97 a8 20 00 00 00 00 |.."Y...A... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 c0 |..+.....3.$... .| +00000060 47 7e ad a1 41 53 e5 25 ec 74 46 bc 9e 80 08 3b |G~..AS.%.tF....;| +00000070 0b f5 7e fb 71 1f 00 d5 4b 27 51 22 4a 5e 5f 14 |..~.q...K'Q"J^_.| +00000080 03 03 00 01 01 17 03 03 00 17 e9 e8 56 00 26 9e |............V.&.| +00000090 92 60 84 6c 07 3d b1 ef e4 63 51 ba 48 ee d7 fe |.`.l.=...cQ.H...| +000000a0 57 17 03 03 02 6d 2e d4 bb bf a2 e8 3b 84 47 2e |W....m......;.G.| +000000b0 22 66 c1 98 ea 11 6b a3 4d 1b 64 c0 02 32 76 9b |"f....k.M.d..2v.| +000000c0 29 8a 4a 96 68 5b d1 fd a0 0f a6 9b 70 20 c7 08 |).J.h[......p ..| +000000d0 7b 25 07 d1 54 8c b1 bb 4e ba 32 65 2c 1e 16 29 |{%..T...N.2e,..)| +000000e0 e7 d2 df e3 84 60 e1 43 07 99 35 4d 95 7c 27 96 |.....`.C..5M.|'.| +000000f0 be f4 bf 0a e9 3b 9d 60 7a 6e 34 82 1f 03 ca 17 |.....;.`zn4.....| +00000100 ac d1 a1 b5 dc 3f 20 7b 42 f6 94 43 60 ff 3f 1b |.....? {B..C`.?.| +00000110 b1 2e 2d 71 55 07 fb 65 40 56 59 82 1e 31 83 c9 |..-qU..e@VY..1..| +00000120 35 6c 28 ad c1 bd 88 55 1b b6 1e 89 af 64 7f 11 |5l(....U.....d..| +00000130 53 80 3a 62 ef 34 a7 d0 ce 38 9b 19 d6 5f 78 0d |S.:b.4...8..._x.| +00000140 66 73 b2 bd b6 a6 f8 70 c8 40 f9 aa a2 86 f4 48 |fs.....p.@.....H| +00000150 0d 6c 54 67 c6 3c 91 97 ff 94 4d 9a 01 d5 e1 c9 |.lTg.<....M.....| +00000160 8f 27 d3 8d b3 72 cd 34 eb 7a 6d 48 84 f3 8b 84 |.'...r.4.zmH....| +00000170 34 d2 68 bd 26 bc 6d e5 46 41 cc 86 d4 7a b6 31 |4.h.&.m.FA...z.1| +00000180 05 b3 bc a4 fe e1 5c d4 eb 8b fe 64 0e be 89 c4 |......\....d....| +00000190 ce e0 49 a0 ba 7a 83 b6 fb 31 17 42 fd b4 e3 59 |..I..z...1.B...Y| +000001a0 48 df f6 a8 e4 5c d1 77 77 cb c2 31 85 8a 26 65 |H....\.ww..1..&e| +000001b0 20 fa 05 90 ae 66 95 7a 75 4b bc 93 15 dd a0 13 | ....f.zuK......| +000001c0 61 d5 99 fb b2 27 bd ec fd 10 b5 d2 c7 18 ac b9 |a....'..........| +000001d0 bd bc 35 72 d0 42 6c f7 5a e0 67 46 45 10 f7 50 |..5r.Bl.Z.gFE..P| +000001e0 e4 14 47 ac 39 5a 05 38 b9 25 4a 43 fa 57 b2 51 |..G.9Z.8.%JC.W.Q| +000001f0 b7 3e f7 ef d5 b5 de 2e 2f 5c d0 d7 00 23 ac 4b |.>....../\...#.K| +00000200 65 8d 6c f4 ab 6f ef 1e c2 66 c5 b2 cb 1a 51 4c |e.l..o...f....QL| +00000210 ef 96 8f 28 65 2f 50 9c 91 1f 73 87 fc 81 db 90 |...(e/P...s.....| +00000220 16 69 00 06 98 6b 00 33 41 e1 e6 12 89 cb c9 f3 |.i...k.3A.......| +00000230 23 2c 28 83 00 ca 4f 42 f5 26 bc 94 39 3b 18 31 |#,(...OB.&..9;.1| +00000240 41 a9 19 4a 60 e8 de 8f 1d d0 e8 96 77 c0 49 bd |A..J`.......w.I.| +00000250 a2 98 bd b1 0a 6f bd 27 79 1d c4 33 50 37 a8 eb |.....o.'y..3P7..| +00000260 a5 4e 59 87 58 cd f0 a0 34 4e 2b 9d ee 03 e4 8a |.NY.X...4N+.....| +00000270 24 94 86 11 e1 94 f0 2b 3e 27 9a 92 1c 17 d3 96 |$......+>'......| +00000280 c0 71 ab ee 75 5f 99 ca 0e 42 65 5d ed 48 0c 7a |.q..u_...Be].H.z| +00000290 95 8a d9 da f7 60 ee de 46 f2 f4 7a d6 ce 38 41 |.....`..F..z..8A| +000002a0 fa e8 1f 3e 77 be 02 53 0c 33 96 5b 0d 38 bb 08 |...>w..S.3.[.8..| +000002b0 5e 92 1a 81 f1 be c7 9a e2 02 80 09 3b b7 62 b0 |^...........;.b.| +000002c0 7c a7 85 3a d9 52 34 23 4f a3 04 e7 35 98 9e 18 ||..:.R4#O...5...| +000002d0 13 0b 71 12 6d a4 2e 11 bf 39 8c 94 ef 15 96 27 |..q.m....9.....'| +000002e0 9e be 81 d9 55 5a 8b 14 c5 49 dd 6e 6e 7b 6b c2 |....UZ...I.nn{k.| +000002f0 f3 7d ef 24 88 b9 eb a6 15 3e aa a8 3e eb 37 54 |.}.$.....>..>.7T| +00000300 fc 86 9f 51 30 5f 9c a5 fc 7a af f6 1b a5 a4 27 |...Q0_...z.....'| +00000310 51 78 f7 17 03 03 00 99 79 14 63 10 91 cd 73 f5 |Qx......y.c...s.| +00000320 a8 62 c3 92 a3 04 c2 3d 58 5e d3 6e 93 eb 9b b1 |.b.....=X^.n....| +00000330 11 f0 3c c6 96 9f c6 c8 9b de 2c d5 12 c2 bd d1 |..<.......,.....| +00000340 2a 68 89 4a 07 1e 23 d2 45 ca a1 0f 92 71 b7 f7 |*h.J..#.E....q..| +00000350 d0 2f 2a be d0 5e 0c 5d 13 8f b0 7f df b8 52 2e |./*..^.]......R.| +00000360 7a 5e c8 eb 84 06 46 81 d0 f7 09 18 52 fb ce fd |z^....F.....R...| +00000370 22 d8 74 71 e8 7d 41 5f 3a 5d e5 f9 bb e6 99 03 |".tq.}A_:]......| +00000380 32 d1 58 e8 5a 58 d8 b2 39 61 01 33 72 7d d2 11 |2.X.ZX..9a.3r}..| +00000390 8f f7 58 55 c8 f2 64 63 33 9b 78 36 bf 9b 8b 40 |..XU..dc3.x6...@| +000003a0 8c ec 7b a2 bb 51 ed b1 fe 74 c2 c9 1f b4 2b cb |..{..Q...t....+.| +000003b0 fd 17 03 03 00 35 75 46 88 74 06 9b 5e 88 c2 0d |.....5uF.t..^...| +000003c0 fc 7d 29 bd 6c 1c 23 2f 06 3f 14 b1 55 e4 98 b1 |.}).l.#/.?..U...| +000003d0 ed c3 9a ed ea be 29 60 15 ac 80 c7 a8 f7 9b ce |......)`........| +000003e0 f3 79 b3 be ad ff ab b4 a7 45 57 |.y.......EW| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 b5 22 19 23 49 |..........5.".#I| +00000010 48 33 a5 f3 b2 72 2b 31 ab 89 27 f9 eb 1b b7 b1 |H3...r+1..'.....| +00000020 bc 2b 99 9e 73 24 42 c4 2a 68 2c 76 e1 45 61 09 |.+..s$B.*h,v.Ea.| +00000030 18 c7 44 45 9a 05 86 4c 90 c1 41 c6 fd 6a c2 95 |..DE...L..A..j..| +00000040 17 03 03 00 17 ee 18 4e d9 94 15 50 a9 99 4a 82 |.......N...P..J.| +00000050 10 13 26 7b 74 10 db ef fe b8 96 f6 17 03 03 00 |..&{t...........| +00000060 13 2a 4c 52 8d c3 c5 af d0 cd 5a 7d 0d a5 59 90 |.*LR......Z}..Y.| +00000070 ce 59 3b af |.Y;.| diff --git a/tls/testdata/Client-TLSv13-AES256-SHA384 b/tls/testdata/Client-TLSv13-AES256-SHA384 new file mode 100644 index 00000000..7fecc79a --- /dev/null +++ b/tls/testdata/Client-TLSv13-AES256-SHA384 @@ -0,0 +1,92 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 dd df 8d 85 da |....z...v.......| +00000010 3c 99 a3 0c 01 90 5f ec b8 3d 28 ce e4 32 c0 e8 |<....._..=(..2..| +00000020 fe 77 03 ad 0f e1 33 1f dc 89 cb 20 00 00 00 00 |.w....3.... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 02 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 03 |..+.....3.$... .| +00000060 6b 91 90 36 f0 54 da 66 8e 47 9b 26 9f 9f ae 30 |k..6.T.f.G.&...0| +00000070 69 9e a2 6a 70 fb ef b2 f1 76 2b 32 90 0e 63 14 |i..jp....v+2..c.| +00000080 03 03 00 01 01 17 03 03 00 17 46 47 2e ae ea 9b |..........FG....| +00000090 78 7b 0c d4 74 e2 b5 bf 7b 64 da c3 d3 c9 55 7f |x{..t...{d....U.| +000000a0 e3 17 03 03 02 6d a8 c1 57 27 66 9d 16 f6 4f 1b |.....m..W'f...O.| +000000b0 17 b6 5d 8c 3c fe f5 d5 4a d3 c6 8d e2 a8 2d d0 |..].<...J.....-.| +000000c0 01 8d db 18 e8 c8 69 74 eb 81 9e 97 20 01 60 d5 |......it.... .`.| +000000d0 96 d1 8f 9c de 09 ff 1d e7 45 97 97 36 fa 89 77 |.........E..6..w| +000000e0 88 20 30 c6 5b 42 d6 0e 85 9a 11 43 60 a1 86 34 |. 0.[B.....C`..4| +000000f0 22 47 25 23 a5 35 87 a9 74 5d fe eb c9 70 32 44 |"G%#.5..t]...p2D| +00000100 17 60 55 99 7a 93 b5 92 8b 66 31 ce dc e0 39 f2 |.`U.z....f1...9.| +00000110 6a b3 db 43 5d 3f ba e5 12 12 1f 0e 3c 35 3b 72 |j..C]?......<5;r| +00000120 9f 9d 69 d5 d6 cb ac b5 9e f4 af f5 74 68 67 f4 |..i.........thg.| +00000130 e9 5f a4 4a d7 27 5b a5 2a 39 b7 30 49 4d 64 bb |._.J.'[.*9.0IMd.| +00000140 5d 89 10 ff a6 2c 42 a1 4a 2a 0c 28 c6 cd 4a e8 |]....,B.J*.(..J.| +00000150 7d 24 d0 75 ff 61 08 3f 3b 05 ec f3 d6 61 ed 43 |}$.u.a.?;....a.C| +00000160 08 5e 07 1c f2 15 96 22 2a c0 3c 5f 04 d1 17 82 |.^....."*.<_....| +00000170 ea ee ee c7 49 cc 3e e4 65 15 97 6e 6f 36 24 a9 |....I.>.e..no6$.| +00000180 27 34 3a 75 dc 07 1e 4c f1 29 d1 e3 22 31 7d 84 |'4:u...L.).."1}.| +00000190 a8 2a 7f 37 03 ab 13 ae 15 e2 74 50 bd 54 5b 32 |.*.7......tP.T[2| +000001a0 ea 75 10 ed 39 5c 69 90 f6 74 09 53 c1 ce 44 49 |.u..9\i..t.S..DI| +000001b0 64 fb f2 c6 bd 93 b2 07 06 96 94 04 a5 9e ed 67 |d..............g| +000001c0 10 cb 01 fc 85 45 d7 22 76 3c c6 2f 14 4c 31 e1 |.....E."v<./.L1.| +000001d0 73 81 7b 8b 6b 54 d6 34 15 d2 eb d0 03 10 c7 3d |s.{.kT.4.......=| +000001e0 f5 07 48 cc 72 9b e9 48 ee 13 9f 80 b5 13 86 77 |..H.r..H.......w| +000001f0 33 91 79 6f f2 13 17 68 ca 72 6b 0d 93 9a 20 30 |3.yo...h.rk... 0| +00000200 70 c3 30 ab 13 7e 14 39 97 4b ce c5 3d 8b 03 7f |p.0..~.9.K..=...| +00000210 cd 4b 67 c4 c5 79 0c bb cd ba 17 c5 d5 15 51 cb |.Kg..y........Q.| +00000220 ac b7 f7 19 43 ff f5 c4 09 8c 44 67 ca e6 a1 5f |....C.....Dg..._| +00000230 1d 27 29 63 f2 0d 75 6d b7 62 52 c9 1d 8e 0e 3b |.')c..um.bR....;| +00000240 6c cb 04 3e f7 13 74 bb 03 35 2e 4e 41 9a b7 72 |l..>..t..5.NA..r| +00000250 15 ed 02 79 c7 bc 38 b3 65 75 0a 8e 82 dc d4 79 |...y..8.eu.....y| +00000260 1c 10 3f 78 8c be 78 b0 73 18 cc 52 1d 3b 91 66 |..?x..x.s..R.;.f| +00000270 33 fe 63 b2 ec 19 92 44 8f 06 4e 20 85 94 5c b4 |3.c....D..N ..\.| +00000280 ad 22 16 a0 b3 76 03 dc 62 e9 0c ac 8c e1 67 c9 |."...v..b.....g.| +00000290 d8 6f 40 51 b5 39 9a 61 b6 63 e0 d5 60 6a 27 78 |.o@Q.9.a.c..`j'x| +000002a0 62 ec 94 1c 75 2c 38 f2 a6 f2 f0 c4 8f 98 ad cc |b...u,8.........| +000002b0 2e ce 7d 13 76 f4 4f 94 78 3f 85 cf ea 52 c4 6e |..}.v.O.x?...R.n| +000002c0 16 65 f9 48 5e f9 0b 07 bc 3e 38 91 06 e1 b0 76 |.e.H^....>8....v| +000002d0 82 60 25 03 36 9c 3e 5e 54 73 8d cf df 91 19 33 |.`%.6.>^Ts.....3| +000002e0 a7 18 96 d4 86 ea 7c 00 88 e6 a3 fe ea a1 14 db |......|.........| +000002f0 ae da 07 ef 1e 6f 16 bb ad fb c0 f4 60 2f 75 5c |.....o......`/u\| +00000300 a4 43 a0 fc 3c d6 5e 89 cf 6e 1a c6 de 61 65 34 |.C..<.^..n...ae4| +00000310 03 e5 cd 17 03 03 00 99 0a f3 a2 45 fe 53 22 37 |...........E.S"7| +00000320 cd 31 9d 67 31 56 f9 99 c2 d1 bc 6d 47 de 9a e7 |.1.g1V.....mG...| +00000330 67 c0 89 84 ac bf 27 b5 32 f0 e9 a5 9d f2 e0 ad |g.....'.2.......| +00000340 fd 12 6a a4 5d 50 4c b9 ed f1 f4 0e c0 c0 6c c4 |..j.]PL.......l.| +00000350 39 9b 10 02 fa 10 64 a6 8b af 9d 6e d9 40 6d 0c |9.....d....n.@m.| +00000360 b0 6c b8 8d d5 b0 14 f0 ed 85 d6 66 8f 6f 61 43 |.l.........f.oaC| +00000370 49 dd 95 08 94 2e a8 a6 19 b9 7b 6b 99 09 af 4c |I.........{k...L| +00000380 5f 41 48 da 10 b6 cf ee 68 b6 6e 03 d7 29 93 8e |_AH.....h.n..)..| +00000390 1a ab d1 ad d4 bf 33 2a 53 87 92 05 d1 1a de c0 |......3*S.......| +000003a0 aa ef b9 9c 4d 2d f6 b1 72 60 22 80 bb 46 24 75 |....M-..r`"..F$u| +000003b0 35 17 03 03 00 45 46 9e b3 7f d0 82 b6 ef 45 1f |5....EF.......E.| +000003c0 18 6d 3b b6 23 f5 c9 f4 54 e3 08 d0 8b 30 c7 31 |.m;.#...T....0.1| +000003d0 af 98 26 69 b7 6e 08 1d 1f be 1a 7e 5b 97 91 28 |..&i.n.....~[..(| +000003e0 fa b7 78 05 ee 3f a1 9e a0 79 fc 45 51 4c 96 fb |..x..?...y.EQL..| +000003f0 03 46 24 7d fe ec a4 40 51 d6 73 |.F$}...@Q.s| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 44 15 b9 ed d8 |..........ED....| +00000010 10 2c 88 80 79 f3 38 a4 bc 42 9b 22 09 44 d9 19 |.,..y.8..B.".D..| +00000020 e1 0a ec 15 aa d5 15 e9 19 6d b8 6b 71 63 86 ce |.........m.kqc..| +00000030 e7 16 0d 8e 3f 9a 3b 52 25 1e 96 f6 d9 d1 6c dd |....?.;R%.....l.| +00000040 e3 20 e9 97 f9 60 81 f5 4a b2 26 b5 d3 9e 84 46 |. ...`..J.&....F| +00000050 17 03 03 00 17 de 4a e9 44 21 88 ef ce 78 35 6d |......J.D!...x5m| +00000060 b2 e4 78 47 39 8d 1f fd 9b 2d a4 47 17 03 03 00 |..xG9....-.G....| +00000070 13 98 f9 1c 9c d4 b1 42 f7 e7 a1 9b 6d b1 b1 cb |.......B....m...| +00000080 86 e3 c2 27 |...'| diff --git a/tls/testdata/Client-TLSv13-ALPN b/tls/testdata/Client-TLSv13-ALPN new file mode 100644 index 00000000..0ac9b369 --- /dev/null +++ b/tls/testdata/Client-TLSv13-ALPN @@ -0,0 +1,93 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 0e 01 00 01 0a 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 8f 00 05 00 05 01 00 00 00 00 00 0a 00 |................| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 10 00 10 00 0e 06 70 72 6f 74 6f |...........proto| +000000d0 32 06 70 72 6f 74 6f 31 00 12 00 00 00 2b 00 09 |2.proto1.....+..| +000000e0 08 03 04 03 03 03 02 03 01 00 33 00 26 00 24 00 |..........3.&.$.| +000000f0 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f |.. /.}.G.bC.(.._| +00000100 bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 |.).0.........._X| +00000110 cb 3b 74 |.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 23 c5 c4 0c 4a |....z...v..#...J| +00000010 d2 5f 0b f6 ea 21 7a d1 a0 7d 21 26 b5 a3 94 ca |._...!z..}!&....| +00000020 91 6c 13 58 60 4f 39 cc 1a f7 c0 20 00 00 00 00 |.l.X`O9.... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 f9 |..+.....3.$... .| +00000060 64 7e 54 8f 64 ec 3d 7c 17 f1 96 3c 44 ca cd d7 |d~T.d.=|...>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 3e e7 50 e1 d1 |..........5>.P..| +00000010 4d 9f 84 fe ca 83 c4 3b a6 86 45 c2 7e e7 af 00 |M......;..E.~...| +00000020 db e6 23 3c 06 b8 a3 1e 36 2e ab 45 7e d8 07 8c |..#<....6..E~...| +00000030 66 bf 5a 0f ff e6 3f 09 a4 d3 cf 74 1c d6 cf c7 |f.Z...?....t....| +00000040 17 03 03 00 17 4c db af a7 f3 73 b3 84 b9 a7 d1 |.....L....s.....| +00000050 1c 2f cb 27 d8 ba 2c c6 84 48 88 18 17 03 03 00 |./.'..,..H......| +00000060 13 a3 41 6f fb da f5 5a 4d 85 0c e0 ff 3a fb 91 |..Ao...ZM....:..| +00000070 e2 5e ab 96 |.^..| diff --git a/tls/testdata/Client-TLSv13-CHACHA20-SHA256 b/tls/testdata/Client-TLSv13-CHACHA20-SHA256 new file mode 100644 index 00000000..6d7b508f --- /dev/null +++ b/tls/testdata/Client-TLSv13-CHACHA20-SHA256 @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 43 b1 e8 d9 c3 |....z...v..C....| +00000010 22 a0 a3 08 df 7f 37 34 7a fe 7a 47 98 ee ed 51 |".....74z.zG...Q| +00000020 c2 ae 5c c6 b1 43 3d ff f7 91 68 20 00 00 00 00 |..\..C=...h ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 03 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 63 |..+.....3.$... c| +00000060 0f 66 ec 2d fa 67 d4 eb 94 47 8d 88 0b eb ed ec |.f.-.g...G......| +00000070 5b ac 22 f7 46 85 c5 1c 2b 5e e8 57 e2 d3 6f 14 |[.".F...+^.W..o.| +00000080 03 03 00 01 01 17 03 03 00 17 d0 f8 1f 06 59 8d |..............Y.| +00000090 a0 40 21 8f 3e 36 3b 1d 6a 6e f7 77 44 fb b3 8e |.@!.>6;.jn.wD...| +000000a0 e2 17 03 03 02 6d 22 6b 63 ae 47 fd 66 f9 95 f6 |.....m"kc.G.f...| +000000b0 63 ea e8 16 61 a3 64 82 39 82 76 1c 2c 04 9b 29 |c...a.d.9.v.,..)| +000000c0 0f 8a ff 77 9b e6 2c ce 04 09 5f 91 f3 b6 2e 8d |...w..,..._.....| +000000d0 be 42 94 7e 5a 28 4b 9f e9 7b 38 0a 3c de 90 77 |.B.~Z(K..{8.<..w| +000000e0 c1 bf 97 bf 35 6c 77 98 4b 38 b4 8d 7f 1f 4b c0 |....5lw.K8....K.| +000000f0 23 c5 73 08 90 fa 21 5c cd cb 84 5b 0e 89 86 ce |#.s...!\...[....| +00000100 83 78 d5 1c 2b b9 b1 24 45 ad ab 9c 68 9f c2 28 |.x..+..$E...h..(| +00000110 40 d6 c2 ac a2 0c 86 cd 75 92 43 d5 22 3f 61 9d |@.......u.C."?a.| +00000120 e8 56 b8 7c 71 db 25 cc 2e 74 52 74 da 6b d4 a1 |.V.|q.%..tRt.k..| +00000130 2c 32 d2 d8 9c 74 41 9d 78 98 94 3b 87 99 8e 17 |,2...tA.x..;....| +00000140 df df d6 c3 6d ef 58 13 5c 1e 20 2d ed 77 bd 5c |....m.X.\. -.w.\| +00000150 d6 5c 9a 6d 0f 19 77 e1 4f 79 b0 ed 9d 0b f5 e8 |.\.m..w.Oy......| +00000160 42 d0 f4 90 88 97 a9 84 af 92 3c 41 fe fd 67 6e |B.........R...| +000002d0 fc ba 9c f0 82 13 ba 25 11 c7 5d 38 00 cf 83 14 |.......%..]8....| +000002e0 30 a9 72 48 d1 e8 4e 1b ed 04 ed cf b7 5b 2e 72 |0.rH..N......[.r| +000002f0 1c a2 03 ae 60 54 d6 cf 2f fb 11 a3 b1 8d d6 47 |....`T../......G| +00000300 e8 9f 96 08 90 ae 3c 3c c0 8c d8 c4 ef 30 18 ea |......<<.....0..| +00000310 2a 1a 15 17 03 03 00 99 85 b3 e4 18 6f 8d 34 c7 |*...........o.4.| +00000320 3d 66 49 b8 f6 f5 aa 7a e1 ca ba cb 48 53 15 bb |=fI....z....HS..| +00000330 e9 ec 74 91 c3 b5 d3 6b bc 84 81 d8 e1 a4 31 62 |..t....k......1b| +00000340 d5 19 6d 2f 15 4c f3 8a 3b ec 41 12 89 be d3 cc |..m/.L..;.A.....| +00000350 ab 08 59 a7 79 5d 77 14 ce b1 98 b4 ce 71 7b ad |..Y.y]w......q{.| +00000360 ba 41 3a 7f 9a f8 23 5c c6 fb b5 7b cc eb 0e 7a |.A:...#\...{...z| +00000370 ee af 3d ff 4d 03 ba c2 2a af ac fd b5 e8 5b 43 |..=.M...*.....[C| +00000380 3e 37 ef 84 3d 66 af 3c 8e 1d 0d 36 bd df 25 dc |>7..=f.<...6..%.| +00000390 74 89 9c e6 da 18 c4 c8 b5 6c 3c 4c a6 ac 10 28 |t........l>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 55 88 37 f3 ee |..........5U.7..| +00000010 c5 1b 20 ac fe bc a3 f8 c9 59 3f 5f c0 81 40 8f |.. ......Y?_..@.| +00000020 1e a9 44 c8 10 16 69 8a 76 45 17 51 06 9e f0 55 |..D...i.vE.Q...U| +00000030 a2 f2 56 98 7d a1 4d 95 5a c3 1f 51 cf 31 20 ca |..V.}.M.Z..Q.1 .| +00000040 17 03 03 00 17 81 2a 8e 32 29 ec 9b 92 c3 fd 98 |......*.2)......| +00000050 64 aa 47 2a a5 0c d6 77 7f b1 8f 12 17 03 03 00 |d.G*...w........| +00000060 13 60 8c fb 98 e1 03 b6 20 c8 45 4e d9 4b a8 17 |.`...... .EN.K..| +00000070 10 79 5f b6 |.y_.| diff --git a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA new file mode 100644 index 00000000..c8e95c85 --- /dev/null +++ b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA @@ -0,0 +1,139 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 98 9a 92 3f c6 |....z...v.....?.| +00000010 67 f5 96 5b 2f 5e 70 89 2d f6 1e ce 6f 6a e5 91 |g..[/^p.-...oj..| +00000020 4b 4b 6f 98 cc f7 78 4a b1 54 4a 20 00 00 00 00 |KKo...xJ.TJ ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 58 |..+.....3.$... X| +00000060 96 37 c3 41 35 73 13 21 fc 31 e3 09 33 48 15 be |.7.A5s.!.1..3H..| +00000070 31 fb 57 61 b2 c9 60 31 2d 68 83 d5 7c d1 3a 14 |1.Wa..`1-h..|.:.| +00000080 03 03 00 01 01 17 03 03 00 17 1d ce 7d b7 ca e3 |............}...| +00000090 10 82 cb f6 1d 52 61 41 29 57 e3 7e e5 88 5c 47 |.....RaA)W.~..\G| +000000a0 16 17 03 03 00 42 1b 49 e1 4a d7 73 57 cd e9 b7 |.....B.I.J.sW...| +000000b0 e2 47 d3 74 21 6a 14 1d 1b 8d f5 aa 4c 1b f8 61 |.G.t!j......L..a| +000000c0 8c 3a e4 2e 9d ff 3f 7d b2 4d 79 6e 1d 02 05 ce |.:....?}.Myn....| +000000d0 c3 ad e6 f9 2b 2b dd 75 3b 6f 3e 0b 29 07 09 74 |....++.u;o>.)..t| +000000e0 d1 37 68 9b 8a b6 8d 2b 17 03 03 02 6d d1 1b 9f |.7h....+....m...| +000000f0 75 ba cf 2d 10 4b f0 4e 09 58 fa ff 06 e8 c9 d5 |u..-.K.N.X......| +00000100 a0 51 c8 d4 6f b2 c5 c1 d5 f3 ff 12 1f 43 d8 74 |.Q..o........C.t| +00000110 33 d9 9b e5 f3 34 26 0e 89 dc 00 54 67 17 d2 f3 |3....4&....Tg...| +00000120 c9 9e be f8 4c 77 8a 63 b1 64 5a b4 d7 57 d2 89 |....Lw.c.dZ..W..| +00000130 ce 68 d1 f7 93 01 6c 36 b7 c9 4d 50 d0 4b df 5e |.h....l6..MP.K.^| +00000140 8a bb 6c d9 54 57 9b b9 c9 ec d8 49 c7 51 3c e5 |..l.TW.....I.Q<.| +00000150 7b fb 48 0f fd 1b dd 0f 57 d3 a8 ee f6 51 ba 78 |{.H.....W....Q.x| +00000160 c0 60 f1 d9 c1 d2 65 b4 a7 98 99 fb 64 83 4c 2c |.`....e.....d.L,| +00000170 a6 e9 19 ef 0e 88 68 f8 21 a4 2b bd 95 e9 52 d5 |......h.!.+...R.| +00000180 fb 12 d3 36 06 a2 13 f9 e2 35 6a 06 dd 49 d9 42 |...6.....5j..I.B| +00000190 89 d9 f0 24 5c 36 b8 6d 95 35 21 b3 9c 3b ee 08 |...$\6.m.5!..;..| +000001a0 06 06 4d aa 74 eb fc 1b c1 fd cf 07 24 74 44 2d |..M.t.......$tD-| +000001b0 54 d5 c5 d3 4e c4 eb 09 6e 90 8f 3d c0 c5 1c 21 |T...N...n..=...!| +000001c0 7c 32 1b bc 4b 85 2b f0 b0 f5 cd 61 3d dd 31 03 ||2..K.+....a=.1.| +000001d0 5e e0 5e 06 1a 37 61 1a 58 fa ed e8 cf 0c 4f da |^.^..7a.X.....O.| +000001e0 73 69 42 3a f4 ed dc ad e5 e7 9b fd 54 16 77 85 |siB:........T.w.| +000001f0 ae 84 41 10 be 84 ad 28 ef e6 13 2a e9 9f 9f 2f |..A....(...*.../| +00000200 c5 d0 65 c6 f5 58 b3 39 9b 5e 07 ba 95 be 5e 75 |..e..X.9.^....^u| +00000210 68 17 ba 9d 2a 69 6d b8 ed d4 4b 6a ce 30 b1 82 |h...*im...Kj.0..| +00000220 ae ec 68 9a 26 13 6b 05 38 0f 38 c9 94 01 d0 0b |..h.&.k.8.8.....| +00000230 7b bb ca 70 86 6c e4 f1 eb 81 05 25 33 c0 3e e3 |{..p.l.....%3.>.| +00000240 2a 25 8e 32 eb d5 03 c7 c4 d8 22 22 ef 99 5a a3 |*%.2......""..Z.| +00000250 01 6a b5 65 9a 55 6e fb 84 83 aa 43 ae 4a 3e da |.j.e.Un....C.J>.| +00000260 40 7e 09 e1 3b 15 ad 33 66 5a 3d 30 62 72 86 54 |@~..;..3fZ=0br.T| +00000270 cd a2 6a bf 82 61 17 87 84 c5 3f f3 1e 86 a2 b1 |..j..a....?.....| +00000280 2c 1a f9 ba 8c a2 21 5b 93 b2 16 b4 81 ae 7d 98 |,.....![......}.| +00000290 d6 db 0a 56 14 c9 f7 48 c1 c7 3c 7e 63 8e bc 50 |...V...H..<~c..P| +000002a0 6a 64 e1 1d 04 ba d3 cc 6a 61 60 4b d2 97 d5 ba |jd......ja`K....| +000002b0 23 1a 69 76 86 db 96 39 04 f6 ec e9 96 79 6a 25 |#.iv...9.....yj%| +000002c0 ff 39 dd 19 08 34 4d c3 f6 7c 91 f2 6b 3a e1 0f |.9...4M..|..k:..| +000002d0 66 6d 14 5d 82 21 0b e3 e0 c3 f1 a1 70 e1 2c bc |fm.].!......p.,.| +000002e0 fb 54 aa 85 3c a0 7c 9a 35 00 e2 a1 4f 83 3e f1 |.T..<.|.5...O.>.| +000002f0 64 83 ab c5 e6 31 c7 00 eb 36 f1 bc 41 f3 eb d4 |d....1...6..A...| +00000300 97 30 4d 7f d2 d1 e7 1a 9e a2 53 31 35 6a 16 d1 |.0M.......S15j..| +00000310 65 be d7 d3 93 2a be d2 27 dc 1b 8c 09 16 30 d4 |e....*..'.....0.| +00000320 cb eb e0 bb 42 50 ff 59 c3 81 81 36 88 09 c2 23 |....BP.Y...6...#| +00000330 dc dd 80 63 bb 78 19 6b 6a 70 4b b5 17 bf ed 6c |...c.x.kjpK....l| +00000340 58 f1 15 a9 16 66 c8 45 f5 5f 99 05 b1 3b be e6 |X....f.E._...;..| +00000350 66 d7 45 df 19 16 9d c7 dd 4d 17 03 03 00 99 38 |f.E......M.....8| +00000360 70 9e 16 94 07 67 7c ce 90 67 99 46 5e d9 61 b5 |p....g|..g.F^.a.| +00000370 9b b8 31 fc cc 80 a3 07 30 c9 f5 f9 90 fb e2 0d |..1.....0.......| +00000380 dc 93 ab de 38 25 83 f8 77 0c 94 53 75 68 c7 71 |....8%..w..Suh.q| +00000390 72 6f 61 77 a7 d7 c7 ed 5c d3 08 18 9f 64 f4 6e |roaw....\....d.n| +000003a0 30 dc 05 b1 65 11 79 08 66 34 8c 06 99 a9 00 26 |0...e.y.f4.....&| +000003b0 86 2c e4 b5 6d cf db b1 03 f0 d0 c5 c0 f5 50 04 |.,..m.........P.| +000003c0 f7 27 97 3e 31 19 aa a8 58 c4 78 43 a9 e3 76 0d |.'.>1...X.xC..v.| +000003d0 98 88 20 07 11 4c d6 8a 66 31 72 2e ed 47 66 71 |.. ..L..f1r..Gfq| +000003e0 9a 3e 9c 0d 1c 17 df ab 6a 52 b4 43 a6 c2 64 30 |.>......jR.C..d0| +000003f0 45 08 b8 de 59 be 3a f9 17 03 03 00 35 94 9b 02 |E...Y.:.....5...| +00000400 47 a6 e3 55 9f 95 8a 8d 35 3b bb 56 ec 10 ab dd |G..U....5;.V....| +00000410 a3 ca fe ad bf 25 90 76 c4 15 a0 c0 73 d5 96 96 |.....%.v....s...| +00000420 44 bc ba e9 09 f5 8e e7 e7 7d db f2 e7 9f 99 d2 |D........}......| +00000430 dc e7 |..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 1e 64 ba 97 ba 8d |...........d....| +00000010 3f 1b d5 5b c5 2e e5 b9 10 01 37 c9 5c e5 ed 39 |?..[......7.\..9| +00000020 7f 9c 8b f8 ef 50 64 5e 30 05 16 ac 80 51 96 78 |.....Pd^0....Q.x| +00000030 2a 50 0f 1e d8 76 ab fd bd 7f 3b 17 7e 1d e9 f5 |*P...v....;.~...| +00000040 03 76 1b 66 3d 15 dc f3 65 a2 aa a9 23 89 09 e9 |.v.f=...e...#...| +00000050 dc de a6 27 fc 21 d9 97 d4 08 05 9a 1c 49 8c ee |...'.!.......I..| +00000060 fc bd f1 9f e2 4e 3a e3 ee 07 39 d0 34 05 cb 18 |.....N:...9.4...| +00000070 83 2b 68 45 df 84 4b b2 c3 79 42 73 b9 f1 1c f2 |.+hE..K..yBs....| +00000080 5f d9 5c f5 7c 4e 86 5e 97 78 ea 0a fa e7 60 68 |_.\.|N.^.x....`h| +00000090 80 c3 17 5f e7 92 9d 6e 9a 92 37 84 92 4b 83 9c |..._...n..7..K..| +000000a0 fa 4c 2a 82 23 eb 67 d0 b2 cc 9e 59 8f 2c e7 bc |.L*.#.g....Y.,..| +000000b0 b3 4f 2a 0c 93 bf 17 b8 48 70 5e 0a 85 92 6d 2a |.O*.....Hp^...m*| +000000c0 ac 81 9e cd 2c 59 fc a7 e3 5b 82 d5 e3 f5 cd c2 |....,Y...[......| +000000d0 8a 68 b8 e9 36 e2 08 0b f7 09 9c 17 95 a3 5e 3d |.h..6.........^=| +000000e0 ef 7c c6 5c fe 32 9e 9d 31 c9 b7 76 5a 71 c3 d7 |.|.\.2..1..vZq..| +000000f0 cd e3 c6 70 e5 2f 07 df 1d b4 34 56 0b ed 52 13 |...p./....4V..R.| +00000100 bc b2 ac 66 0c 84 b0 2e 32 93 08 f2 04 91 8e e3 |...f....2.......| +00000110 7b 7f 22 2a a9 04 50 5c 78 f1 06 c5 fd 2c 4c 77 |{."*..P\x....,Lw| +00000120 a9 17 b5 a8 42 6d f2 0e 87 32 d3 7f be 9e 1d 09 |....Bm...2......| +00000130 50 10 25 9d f1 a5 25 c3 c2 be 0d 8d 8e 96 5e 1c |P.%...%.......^.| +00000140 83 06 45 bc f0 5b 6f b5 0a 02 2a cc ce ac 7e 62 |..E..[o...*...~b| +00000150 f0 b1 89 25 30 bc 12 d2 da f9 1d d0 46 55 97 4c |...%0.......FU.L| +00000160 09 39 e1 a5 1f 4d e1 aa bd 6f 1f 0d 79 4a aa 49 |.9...M...o..yJ.I| +00000170 73 25 dc a5 bd f7 2b 64 3c 84 ed b0 ef 13 c5 6c |s%....+d<......l| +00000180 16 8b 27 bf a5 3d 15 f2 4a 3b 53 ad ba e9 9e 2a |..'..=..J;S....*| +00000190 6d f2 44 5c 66 69 04 94 27 99 08 8e c2 7e c6 69 |m.D\fi..'....~.i| +000001a0 f7 65 1d 0b a5 8c 35 52 0b f1 bd 59 ca d1 bf 44 |.e....5R...Y...D| +000001b0 47 b0 7b f8 3b a0 84 55 73 c2 83 bb 9d e0 bc ed |G.{.;..Us.......| +000001c0 60 07 32 ce 71 b3 60 12 ef ca 28 bb 6c fb bb c7 |`.2.q.`...(.l...| +000001d0 3e eb 05 65 a5 26 1a 6c 40 c8 b4 4e 31 12 a0 96 |>..e.&.l@..N1...| +000001e0 19 66 86 f5 1e f8 bd 6d f4 2e 98 60 fe ff 22 1e |.f.....m...`..".| +000001f0 a9 27 49 87 77 7d b4 5d ea f8 bc 3a 10 15 84 8c |.'I.w}.]...:....| +00000200 cd aa 2c e8 94 93 a5 ee db 7a d8 96 e9 d5 68 e9 |..,......z....h.| +00000210 34 68 40 5b dd 18 dc f0 ef b7 17 72 fd 06 70 d1 |4h@[.......r..p.| +00000220 b6 89 ae 66 40 40 f7 61 0b 17 03 03 00 a4 26 c1 |...f@@.a......&.| +00000230 3c d9 6c 83 52 e3 5e 64 46 7f 12 1d 3d c7 7d 0f |<.l.R.^dF...=.}.| +00000240 a9 8f d3 45 f5 81 46 16 24 c6 c3 7e 5f e4 25 be |...E..F.$..~_.%.| +00000250 00 33 7a 1c 35 d4 5c 64 54 56 08 66 4d 2f 68 15 |.3z.5.\dTV.fM/h.| +00000260 1b 71 d9 aa c9 9e e0 cc d2 73 a9 99 41 9b 08 1f |.q.......s..A...| +00000270 d4 41 de e5 4f 1f 30 65 61 02 8e 6f 79 d7 47 86 |.A..O.0ea..oy.G.| +00000280 2f e6 0e 65 9e 06 e8 98 d1 fe bc 89 b4 bc f4 9b |/..e............| +00000290 70 02 06 e4 9d 37 dd 1b 63 b6 06 62 1a c7 45 30 |p....7..c..b..E0| +000002a0 9d 08 64 35 8b 96 88 9a 1e 58 2f d0 ef 44 39 04 |..d5.....X/..D9.| +000002b0 3c bf e2 e6 c4 73 de f9 b0 10 ed 56 eb 04 bd 4e |<....s.....V...N| +000002c0 89 38 50 3b e7 e5 12 7c 8e 74 b2 a5 79 2d 88 7b |.8P;...|.t..y-.{| +000002d0 e5 1b 17 03 03 00 35 42 b2 61 24 4c 38 b5 d1 42 |......5B.a$L8..B| +000002e0 93 12 66 c5 be 3c f0 b1 b2 6b 86 07 99 7d f3 e4 |..f..<...k...}..| +000002f0 74 2b 43 98 38 df 70 7a e5 f7 67 cf c3 08 23 19 |t+C.8.pz..g...#.| +00000300 4a cf 06 26 fe 56 4a 97 4a 82 70 09 17 03 03 00 |J..&.VJ.J.p.....| +00000310 17 9b 3f bb 09 7d 4f c9 05 42 f7 d1 a7 59 0c a7 |..?..}O..B...Y..| +00000320 c6 9b 36 e1 46 ad 9b 89 17 03 03 00 13 ae a5 51 |..6.F..........Q| +00000330 76 d8 3a 77 a8 a0 38 70 bf be c8 fb ff fe 53 09 |v.:w..8p......S.| diff --git a/tls/testdata/Client-TLSv13-ClientCert-Ed25519 b/tls/testdata/Client-TLSv13-ClientCert-Ed25519 new file mode 100644 index 00000000..26f76bc1 --- /dev/null +++ b/tls/testdata/Client-TLSv13-ClientCert-Ed25519 @@ -0,0 +1,122 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 a5 5b a0 2c f5 |....z...v...[.,.| +00000010 57 cc 49 88 64 7d ea 7c ee 61 cf fc 94 9f d4 5c |W.I.d}.|.a.....\| +00000020 bb 83 80 5a f5 7c a3 fc 0a c8 61 20 00 00 00 00 |...Z.|....a ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 fe |..+.....3.$... .| +00000060 e1 43 bd 10 b3 f6 3b 4d 7c 46 8f a3 bc 7d 08 08 |.C....;M|F...}..| +00000070 22 ed aa 9b 7b 89 f3 87 13 7e fe 6c b0 db 3f 14 |"...{....~.l..?.| +00000080 03 03 00 01 01 17 03 03 00 17 2b ce 52 22 34 c5 |..........+.R"4.| +00000090 d9 2c ae d0 23 4d 0c 6e b4 f0 c8 58 11 22 54 bb |.,..#M.n...X."T.| +000000a0 15 17 03 03 00 42 96 b4 72 be f0 6b d3 b0 82 7c |.....B..r..k...|| +000000b0 dc d2 67 69 2c d4 40 a1 7a 3d 9a 39 a5 29 ca 64 |..gi,.@.z=.9.).d| +000000c0 c5 0b d2 ba 7c c3 73 e2 93 0d 44 e3 64 ce ec b2 |....|.s...D.d...| +000000d0 90 ae e2 df 18 f8 f5 93 5f 91 80 c2 b4 00 e7 de |........_.......| +000000e0 f5 3f 4d c8 de 4c 5f f0 17 03 03 02 6d c6 df 33 |.?M..L_.....m..3| +000000f0 1e 12 40 02 7f 46 67 d8 4b 98 d7 5e f7 0a bf dc |..@..Fg.K..^....| +00000100 fe 3c 7f 00 2d 74 31 cb 10 35 e2 eb 16 11 d1 2f |.<..-t1..5...../| +00000110 10 bf 8c 4d 37 c7 1b f6 23 a3 3e 68 87 1a 50 53 |...M7...#.>h..PS| +00000120 64 7c 0d fd 0d 06 32 93 17 85 da e0 d4 86 2c 5f |d|....2.......,_| +00000130 0a 91 9a fd 00 87 f1 f4 fc 18 22 a1 2e 21 44 7d |.........."..!D}| +00000140 6c ca 2c 0d f2 38 15 d1 9d 86 9b 67 b6 b4 06 6d |l.,..8.....g...m| +00000150 30 07 a8 b1 b8 7a 5d 1d 17 d0 c5 1a 40 a3 42 b5 |0....z].....@.B.| +00000160 dc 56 c8 ec c3 c3 4e ff 5f 7c ce 27 fa a6 82 2a |.V....N._|.'...*| +00000170 b9 85 47 4e 0b d1 84 17 92 a6 42 86 9a 65 1c a9 |..GN......B..e..| +00000180 45 be af a7 95 03 0b db 84 fa 5d 1b 7e 57 72 40 |E.........].~Wr@| +00000190 ab a3 9e 46 50 3f c7 03 94 9a 4a 02 bd 9a 90 1c |...FP?....J.....| +000001a0 42 c9 98 e9 81 cd e8 73 a6 82 42 20 24 89 d5 8d |B......s..B $...| +000001b0 48 20 df d4 f4 d2 15 e4 c0 28 ee d8 2a 1b ad b8 |H .......(..*...| +000001c0 1d a4 86 e1 b4 89 97 e8 36 63 aa 9c f4 7e 65 c6 |........6c...~e.| +000001d0 12 86 41 54 b3 4a 79 9f 48 33 fc fc 0d f5 14 47 |..AT.Jy.H3.....G| +000001e0 ba ae d3 20 64 37 f1 cd 9e 1b cc b2 27 68 e6 f2 |... d7......'h..| +000001f0 95 0c 29 59 f2 15 2e 97 60 f3 8d 1b b1 65 cd 4f |..)Y....`....e.O| +00000200 0d a5 0a 34 59 63 20 f0 71 e6 d5 13 f2 4e dc 73 |...4Yc .q....N.s| +00000210 5b 1a 36 d7 6a aa b0 30 f4 ff 68 ad f5 5e f0 12 |[.6.j..0..h..^..| +00000220 0c 34 a8 4d 91 03 8e 4a 30 07 23 49 41 7a fe 19 |.4.M...J0.#IAz..| +00000230 62 5b 6a a0 4d d5 54 a1 1f 45 91 86 b3 a1 c3 32 |b[j.M.T..E.....2| +00000240 62 79 a8 93 b3 d4 43 0c a8 12 10 4f f5 53 c3 3b |by....C....O.S.;| +00000250 d9 73 ef 42 be 1d f5 70 fd 9f ca 54 20 3a 33 c9 |.s.B...p...T :3.| +00000260 f6 e8 55 13 b3 ab 45 c8 bb 5c 6b b9 39 a9 04 ac |..U...E..\k.9...| +00000270 1c 3c 5a aa b7 91 2c 0c f6 74 ea 6b 2d e2 9a 3c |..$.......| +00000360 1b f5 7a dc 63 8d 5e 75 de 72 cf 41 ca 75 ab d9 |..z.c.^u.r.A.u..| +00000370 55 b0 b5 81 a9 6c a9 f6 1d ea 66 dd dd 86 f5 03 |U....l....f.....| +00000380 12 08 9d b4 07 48 eb 8b 45 f1 35 b1 31 bd 5d f3 |.....H..E.5.1.].| +00000390 e2 34 73 9a e5 87 b7 8b 0b 8b ab 7e 05 db 56 db |.4s........~..V.| +000003a0 4f 4c 52 1a 3b 5d 4c 53 b1 49 40 81 5e 73 af 26 |OLR.;]LS.I@.^s.&| +000003b0 21 e6 e3 5c 4a a6 f6 07 56 de f5 76 5c 67 d8 d5 |!..\J...V..v\g..| +000003c0 eb f3 6a fb 6d b7 00 bc 6b 28 c9 63 4d 58 76 97 |..j.m...k(.cMXv.| +000003d0 aa 51 2b f3 03 9c 70 3b 3e b2 a4 16 a0 a0 e0 43 |.Q+...p;>......C| +000003e0 77 da 88 2d 48 3b 07 e2 8d a6 e2 80 85 68 ac dc |w..-H;.......h..| +000003f0 ce 66 2f 97 20 9e 4e 33 17 03 03 00 35 f6 ce 98 |.f/. .N3....5...| +00000400 8b 01 f5 75 8e 98 42 02 b1 b8 90 f3 08 96 e8 5a |...u..B........Z| +00000410 d4 7c ef d1 62 1e b3 36 39 d9 b2 59 1f 1f cc 74 |.|..b..69..Y...t| +00000420 f2 a8 62 11 00 28 31 fa d9 5a 27 10 7b 93 ff de |..b..(1..Z'.{...| +00000430 a0 ec |..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 01 50 57 2a 94 d7 c1 |..........PW*...| +00000010 40 42 d3 aa e3 d8 b3 e4 13 ff 51 ee 8a 52 9d 9c |@B........Q..R..| +00000020 c4 a4 40 91 72 0f c9 4e fe 56 22 89 ea fb 6d 05 |..@.r..N.V"...m.| +00000030 a2 96 97 4b fa ef ec 13 b6 13 3b 69 6c 65 c0 74 |...K......;ile.t| +00000040 e5 54 df a4 97 50 f7 85 a1 c7 fb 52 84 56 98 16 |.T...P.....R.V..| +00000050 52 b6 eb 5a d0 72 6e 65 98 81 bb f5 2a 4c ed 1a |R..Z.rne....*L..| +00000060 90 e1 01 a6 2b eb e0 1d 06 ba 8a d4 47 45 90 f0 |....+.......GE..| +00000070 91 bd c4 d7 54 ba 44 30 78 42 15 42 74 59 1c c7 |....T.D0xB.BtY..| +00000080 56 34 39 64 8e f8 0a 0f 2b 35 0f 06 97 34 3e 5e |V49d....+5...4>^| +00000090 00 00 5a f0 07 0a f5 66 46 86 94 8c 0b 62 1c fd |..Z....fF....b..| +000000a0 cc cf fd 5d 06 96 1e 21 9e 20 d5 07 5f 5a 00 9f |...]...!. .._Z..| +000000b0 6f 80 36 5e aa 56 d0 07 00 20 08 55 48 fe 6c a1 |o.6^.V... .UH.l.| +000000c0 b1 22 f3 94 54 7e 7e d5 e9 f0 71 69 01 fc bd 14 |."..T~~...qi....| +000000d0 a1 de 38 e4 b4 02 88 3e 66 77 3b f7 aa cd 57 a3 |..8....>fw;...W.| +000000e0 cf 6a 40 7d 93 75 79 3b 95 07 33 69 b2 8d 2a 37 |.j@}.uy;..3i..*7| +000000f0 94 d3 8d d5 b5 8a f0 94 8d 1e b4 9e 02 4f 7d 83 |.............O}.| +00000100 05 c6 c7 c8 a0 74 f1 88 f7 68 bf 4b e4 18 3b 6f |.....t...h.K..;o| +00000110 0c 6c a6 e7 75 50 b9 f6 68 2e 05 67 a3 47 df 22 |.l..uP..h..g.G."| +00000120 fa ae c1 4f a8 3d f3 bb dc 66 c3 b6 98 b7 8c 5b |...O.=...f.....[| +00000130 48 51 57 d7 43 b2 13 25 9e d5 82 6c 70 5c 42 53 |HQW.C..%...lp\BS| +00000140 a9 e8 8a 12 26 cd 3a f8 f8 e5 97 84 55 89 09 d4 |....&.:.....U...| +00000150 d4 20 40 d7 2d 6f 66 36 63 f6 53 17 03 03 00 59 |. @.-of6c.S....Y| +00000160 2f f6 22 ce f3 86 f8 ee b1 f6 49 de c8 bf 91 9c |/.".......I.....| +00000170 bc 2f fa 75 af 51 bc ee b7 a5 a9 82 35 3b 83 9d |./.u.Q......5;..| +00000180 3d 9f 57 10 07 4b af 01 66 f0 39 dd f0 4a a7 90 |=.W..K..f.9..J..| +00000190 f3 6c 28 97 80 0d a5 74 2d 22 a3 81 cd 64 2b 1a |.l(....t-"...d+.| +000001a0 d1 4e 2d 9e 8e 69 38 f8 11 9c 17 1f e6 c9 01 4e |.N-..i8........N| +000001b0 48 1f 80 43 26 d4 5a 82 30 17 03 03 00 35 e9 25 |H..C&.Z.0....5.%| +000001c0 b9 01 8e 0d 51 be 9d d1 b4 2b 0a ee 36 69 85 1a |....Q....+..6i..| +000001d0 10 a8 ff 36 e7 21 b7 f2 54 75 ca 07 52 88 48 d0 |...6.!..Tu..R.H.| +000001e0 ad 67 0b 92 52 70 fa 14 bc 7e 1d 43 f0 a2 7b df |.g..Rp...~.C..{.| +000001f0 ac 0c 19 17 03 03 00 17 98 76 d7 52 06 90 ef 00 |.........v.R....| +00000200 21 5e ec ed 0e 35 77 ef 5c f1 32 58 33 0f 06 17 |!^...5w.\.2X3...| +00000210 03 03 00 13 05 fb b3 c3 4d b5 a4 9c 52 ea bc d2 |........M...R...| +00000220 86 08 26 b8 df 5c 4c |..&..\L| diff --git a/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA b/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA new file mode 100644 index 00000000..09de5cca --- /dev/null +++ b/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA @@ -0,0 +1,134 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 cc a2 2d 09 42 |....z...v....-.B| +00000010 f0 11 87 04 64 83 e4 d8 80 a5 0f 88 69 ae f1 d2 |....d.......i...| +00000020 12 05 d2 08 75 15 86 b7 d8 69 e7 20 00 00 00 00 |....u....i. ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 c9 |..+.....3.$... .| +00000060 b4 93 8b 5b b0 ae 93 4a 01 26 0c fb db 3f 53 0b |...[...J.&...?S.| +00000070 04 ca 65 63 3f d7 d9 f9 fc ca ea 4c f2 08 3c 14 |..ec?......L..<.| +00000080 03 03 00 01 01 17 03 03 00 17 85 f6 ff f8 58 7f |..............X.| +00000090 2a d9 e0 12 82 d6 31 64 29 70 05 24 0f 17 1e 9f |*.....1d)p.$....| +000000a0 dc 17 03 03 00 42 16 7b d5 fa a6 30 94 8e a0 a7 |.....B.{...0....| +000000b0 24 59 b9 3d 85 b0 2f d9 25 c6 5a b5 7f 51 ca 54 |$Y.=../.%.Z..Q.T| +000000c0 4a f7 f0 72 bb dd 5e 70 14 6d 46 3f b3 86 6f c1 |J..r..^p.mF?..o.| +000000d0 a4 5f 6d ba 97 f3 38 c0 24 4a 9f de 7b b9 49 12 |._m...8.$J..{.I.| +000000e0 71 02 f8 bc bc 65 5a ea 17 03 03 02 22 f9 92 7e |q....eZ....."..~| +000000f0 34 eb b3 a4 03 8e ec 48 30 a0 9b ac a6 7b b3 a5 |4......H0....{..| +00000100 d0 4a 89 2c 92 6a c6 04 de b2 86 72 0a f1 97 61 |.J.,.j.....r...a| +00000110 da 70 ef 25 5a a3 f1 b3 3d 78 f1 ec 2b 8f 34 2b |.p.%Z...=x..+.4+| +00000120 c9 94 e7 d2 9e 2f 09 5d 7a e3 2e fc 6e e1 ef 80 |...../.]z...n...| +00000130 e6 0c e9 3e 07 bb b7 0e 74 0c e8 19 fe 7f d8 d0 |...>....t.......| +00000140 fa 70 03 c1 31 c2 76 51 c3 d0 ed a6 a1 0d 20 74 |.p..1.vQ...... t| +00000150 86 15 99 51 71 f8 3d 8e 1c 8c a8 19 0a 9c ac 4a |...Qq.=........J| +00000160 ab 0e e6 cc 52 a0 a8 ca d9 71 54 aa 2c 8b 6f 5b |....R....qT.,.o[| +00000170 f9 46 07 0d 86 40 d9 54 33 8e de 54 a5 c2 6e 36 |.F...@.T3..T..n6| +00000180 14 0e e3 52 78 05 56 90 98 2c e1 ec 26 f6 bd 6a |...Rx.V..,..&..j| +00000190 e5 0b 31 e1 a4 2a 2a 96 1b d6 57 87 ac a8 07 71 |..1..**...W....q| +000001a0 83 d9 70 1e 5e 63 9b d1 01 83 e7 c9 c8 1c 5a 34 |..p.^c........Z4| +000001b0 05 c0 7b da 1c ca 5f 99 49 9a 04 da c9 1c 9b ed |..{..._.I.......| +000001c0 b4 af 9d ff 36 71 1b 3a 00 e8 6a c4 6e 47 d9 4a |....6q.:..j.nG.J| +000001d0 64 f5 c1 07 ab 19 c8 65 a3 33 26 99 be 53 c3 86 |d......e.3&..S..| +000001e0 97 10 ef c1 54 8e 69 6c b1 29 aa 7d c1 63 67 ba |....T.il.).}.cg.| +000001f0 d7 72 7c 74 83 58 bd 5a a8 a8 5f 49 38 ee 1e 34 |.r|t.X.Z.._I8..4| +00000200 c8 98 19 73 97 2d 76 e6 d7 0d 15 75 a0 98 1f 15 |...s.-v....u....| +00000210 c9 b8 3d 3f cb 92 a1 39 4b 91 ca e0 d2 0e 38 c2 |..=?...9K.....8.| +00000220 20 eb f2 b5 04 64 fa d8 e2 d7 2f ba 88 7e f4 37 | ....d..../..~.7| +00000230 c1 68 c4 2f c9 54 a1 21 5d 4b e7 67 3b 2e 6a 06 |.h./.T.!]K.g;.j.| +00000240 55 ba d4 8d fe 0e b1 b7 2d cf c2 82 ed 27 3d 5b |U.......-....'=[| +00000250 9b 3b 28 a9 d4 c4 3c a0 45 b1 77 37 8b f8 7e f0 |.;(...<.E.w7..~.| +00000260 51 90 fe 7a 74 14 ac f7 59 8b ed be 79 b0 4b 89 |Q..zt...Y...y.K.| +00000270 d9 0c 39 fe 45 9d 15 0c a6 96 26 0d b2 29 b0 a4 |..9.E.....&..)..| +00000280 29 62 df 4b c0 a0 05 f1 e8 8b 16 af ea 42 8b 58 |)b.K.........B.X| +00000290 5a ae f6 28 d8 40 09 d1 1e 21 b3 c7 a8 e2 30 4a |Z..(.@...!....0J| +000002a0 27 e6 c4 ba ff 62 91 7b ab 64 18 65 02 e2 10 68 |'....b.{.d.e...h| +000002b0 87 35 c2 09 5b 23 a4 eb 96 19 a7 1e 75 85 6e 17 |.5..[#......u.n.| +000002c0 0e bc 11 1a f5 49 05 92 f7 0e e4 c7 85 da 4e 26 |.....I........N&| +000002d0 5b de f2 dc 36 fb dc dd c6 42 23 0c a7 de 8d ad |[...6....B#.....| +000002e0 f5 2a 8b ff b4 5d c6 ca ec e3 83 a4 1e 23 3a 2d |.*...].......#:-| +000002f0 1a 52 51 11 f5 3b 93 47 89 c8 fc 21 b0 a3 4f b3 |.RQ..;.G...!..O.| +00000300 6e d2 83 ca 20 75 fc 43 43 e5 1d 5d 57 c9 7c 17 |n... u.CC..]W.|.| +00000310 03 03 00 a4 dc 79 73 47 d4 f5 72 c9 12 46 ed 3c |.....ysG..r..F.<| +00000320 d0 61 20 81 a9 ad 64 f3 f1 77 7f f1 74 09 67 80 |.a ...d..w..t.g.| +00000330 c1 08 07 9c 50 b8 7d f5 70 f5 c6 a1 5f ba 37 78 |....P.}.p..._.7x| +00000340 58 37 e3 f4 3f 03 1d 69 6f af 2f 2b 8b 10 95 5a |X7..?..io./+...Z| +00000350 be a1 5c b8 42 61 65 5a 27 35 f6 b4 57 3d 3a 6b |..\.BaeZ'5..W=:k| +00000360 f4 e9 90 88 7b e3 7c bf be 51 19 0e 51 53 cd 10 |....{.|..Q..QS..| +00000370 2c 70 76 9e d1 32 28 8f c4 6c 01 2c 46 8f 4d 14 |,pv..2(..l.,F.M.| +00000380 21 a2 63 39 44 b3 03 0d a3 9d a0 c8 f4 cf 5d 7e |!.c9D.........]~| +00000390 d2 17 05 ee 9c 5c 1a 2e 43 dc 3f 6d d9 f2 54 5d |.....\..C.?m..T]| +000003a0 64 ff d2 1c 21 73 66 b1 2c 21 9d 3f bf fe f8 a5 |d...!sf.,!.?....| +000003b0 79 54 fe 8a d5 3d 5f f6 17 03 03 00 35 0f 01 eb |yT...=_.....5...| +000003c0 f8 46 f8 07 7a 06 69 45 e2 47 4d b0 eb 9c 82 8b |.F..z.iE.GM.....| +000003d0 5d d0 59 66 d1 b5 a2 7b b2 f0 72 6f 34 8b 2c 05 |].Yf...{..ro4.,.| +000003e0 84 53 1c 7b 24 d8 f0 cd a3 46 d1 ed 08 22 bb e6 |.S.{$....F..."..| +000003f0 38 98 |8.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 11 ce 65 5f 9d 1a |............e_..| +00000010 c6 5f 48 ea da 02 77 1d 79 b2 82 1a da c4 75 aa |._H...w.y.....u.| +00000020 11 af ae 1f e4 7e d7 6f ed 75 48 56 de c8 36 05 |.....~.o.uHV..6.| +00000030 6a 97 5e 49 49 55 25 6f ef 3e ed 40 3f 91 9a ae |j.^IIU%o.>.@?...| +00000040 f4 a1 d3 02 d3 15 60 23 1b 7a 80 ef ef 60 bb 62 |......`#.z...`.b| +00000050 a3 8d 6b 24 1a 11 7d 8e 00 76 54 69 f1 b5 df 77 |..k$..}..vTi...w| +00000060 c0 3a a3 8d 9d a3 56 e7 4d 2d 68 fe 38 49 6d 42 |.:....V.M-h.8ImB| +00000070 3d 2c 69 fd 8c 53 44 af 13 8b 1d cb dc 04 16 6e |=,i..SD........n| +00000080 5a ab 0a 00 19 cf a0 8a ee bd 71 24 68 ee 18 2a |Z.........q$h..*| +00000090 ec 04 fe 0f 12 15 8e 09 e0 87 de 4e c4 2a a1 a5 |...........N.*..| +000000a0 6d be 79 6e 25 15 11 64 8c 35 71 97 fa a4 43 e2 |m.yn%..d.5q...C.| +000000b0 dd cd a1 da b3 75 5d d5 36 fb b4 6b 12 30 a7 f6 |.....u].6..k.0..| +000000c0 d7 7c 72 e1 f8 6a 8b 3e 38 13 9c da ee 07 3d 6a |.|r..j.>8.....=j| +000000d0 f5 1b 26 73 ff 24 03 1f ea dc f3 ed 6b c2 0d fe |..&s.$......k...| +000000e0 3e 03 c4 22 93 c9 9b fe 22 5c 1e fb 07 2b 1b 7f |>.."...."\...+..| +000000f0 34 ff c6 1b 24 32 4b b1 ee 4c 0b 08 b6 3b 1e aa |4...$2K..L...;..| +00000100 49 f3 04 b7 9a 42 e5 42 5a df a2 92 d3 2f 62 54 |I....B.BZ..../bT| +00000110 e1 21 08 ee ce 64 80 48 d3 6a 15 67 8c 5e d1 ac |.!...d.H.j.g.^..| +00000120 a2 64 f9 10 67 2c 27 7e 10 11 d7 09 13 2f 61 a7 |.d..g,'~...../a.| +00000130 d7 9d 2a 18 0f a8 93 c6 fc 75 5c 31 68 42 22 e6 |..*......u\1hB".| +00000140 5c e8 4d 7d 82 73 ba 97 5c d7 6a a2 14 37 85 93 |\.M}.s..\.j..7..| +00000150 48 a7 50 9c fc 66 7b 82 a8 b6 99 0f 8c 9e 40 b5 |H.P..f{.......@.| +00000160 e4 4f 98 01 db 56 03 44 f9 9f 52 a3 33 ac 77 2a |.O...V.D..R.3.w*| +00000170 b6 0a de d5 68 a5 df 67 41 8d 4c 53 9d c4 8d b7 |....h..gA.LS....| +00000180 2e 3d 1f 93 1c 23 e3 81 76 5a 99 7c 90 60 d8 4d |.=...#..vZ.|.`.M| +00000190 e4 a5 00 7d f9 2c c5 19 bc 3c a3 73 c3 83 ff 31 |...}.,...<.s...1| +000001a0 6a 67 88 32 d3 90 7f ab 20 19 1f 55 72 e4 08 bc |jg.2.... ..Ur...| +000001b0 c4 d6 24 e6 00 2d 85 be d4 9b 2c e5 7b ee 26 6b |..$..-....,.{.&k| +000001c0 49 ed 94 3d d6 ee fd 9d da 39 be 02 23 aa b9 78 |I..=.....9..#..x| +000001d0 f2 41 97 0a d9 66 15 1e e1 a2 49 f3 09 f0 25 91 |.A...f....I...%.| +000001e0 8a ea f5 38 87 ea 66 ae dc d2 04 d1 02 92 ab 6c |...8..f........l| +000001f0 a4 1a cc 1b ba 48 d5 8e 27 c4 c5 34 08 8f c2 c8 |.....H..'..4....| +00000200 e1 e6 a8 98 48 9c 43 6c f1 34 ba c0 ff 8e 22 14 |....H.Cl.4....".| +00000210 f7 f9 93 38 96 1e 73 57 28 5b 25 3e 17 03 03 00 |...8..sW([%>....| +00000220 99 c7 8d 1d 62 23 f3 c1 31 3d 45 bc d5 59 ff 47 |....b#..1=E..Y.G| +00000230 8e 34 3d 1d 06 cc e0 05 ea 38 87 f0 fd c3 84 53 |.4=......8.....S| +00000240 47 6b fb 7b 9b c2 a4 f2 1f e0 61 ab 17 32 d0 57 |Gk.{......a..2.W| +00000250 34 dd fb 42 9b ad 4c d7 20 ff b1 58 34 e0 0c b1 |4..B..L. ..X4...| +00000260 44 0c cf d3 05 be 3b 8e a2 d5 39 44 c8 22 64 ad |D.....;...9D."d.| +00000270 61 80 df 5d fd 40 0e c0 c2 41 4f a7 e5 4f b3 7f |a..].@...AO..O..| +00000280 0b db d6 ac fe ba c0 8b 24 8e e8 b2 d6 93 3d 12 |........$.....=.| +00000290 75 41 85 1d b5 4a e2 e0 f8 a1 23 8f 13 24 c6 b6 |uA...J....#..$..| +000002a0 e5 db 06 3f d8 d5 2f b5 e5 24 59 76 53 dd aa 0a |...?../..$YvS...| +000002b0 26 ba 72 23 63 ac 4d 5c 92 13 17 03 03 00 35 47 |&.r#c.M\......5G| +000002c0 59 18 68 11 0a 9a 0b 66 d3 c0 26 72 da 51 0e 00 |Y.h....f..&r.Q..| +000002d0 b0 78 8b 6a ef df 75 94 94 b0 aa 9b 77 e3 9c d8 |.x.j..u.....w...| +000002e0 23 9d 74 ce 85 55 c0 30 4c 96 5b 59 7a f6 03 2e |#.t..U.0L.[Yz...| +000002f0 d8 9c 0e 11 17 03 03 00 17 74 ed 13 0b 6a 15 18 |.........t...j..| +00000300 5e d4 5e 8a c6 e6 5c 0b 3c d0 1b 3d 68 86 2a 07 |^.^...\.<..=h.*.| +00000310 17 03 03 00 13 6f e2 fe a0 b8 95 d4 aa fd 11 2b |.....o.........+| +00000320 e8 6d 42 28 d1 ca 1c 5e |.mB(...^| diff --git a/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS b/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS new file mode 100644 index 00000000..9488dd6b --- /dev/null +++ b/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS @@ -0,0 +1,143 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 6d 36 ae 02 a9 |....z...v..m6...| +00000010 74 ad e5 4d 55 b6 4a 70 c6 f5 cf d5 68 d9 2a 5f |t..MU.Jp....h.*_| +00000020 9b 4b 23 ce 38 9b f3 da 44 72 7d 20 00 00 00 00 |.K#.8...Dr} ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 ba |..+.....3.$... .| +00000060 2a 76 cb fb 6c 6b bb 30 fb ef 87 6f e5 06 5c 6f |*v..lk.0...o..\o| +00000070 78 a7 44 41 93 c0 33 89 be 32 8c 0f fa 5c 43 14 |x.DA..3..2...\C.| +00000080 03 03 00 01 01 17 03 03 00 17 ac 3e 8a 31 22 16 |...........>.1".| +00000090 d3 69 bf 1d b5 2e 18 23 b3 21 00 17 23 a4 3f 9a |.i.....#.!..#.?.| +000000a0 0b 17 03 03 00 20 aa f0 51 64 b5 44 f0 28 ab 56 |..... ..Qd.D.(.V| +000000b0 da 34 2d 62 77 4d 88 07 b6 82 ad 64 df e6 59 c9 |.4-bwM.....d..Y.| +000000c0 91 e5 f8 f2 67 88 17 03 03 02 7a cf 2d 71 db 3f |....g.....z.-q.?| +000000d0 05 45 b8 68 18 1c b9 66 b6 00 f8 dc 9d ae e5 d2 |.E.h...f........| +000000e0 a3 a8 02 5f ac e4 95 a6 fc 96 78 7b fd 0a 21 62 |..._......x{..!b| +000000f0 ff 7c 15 2c fb f1 21 15 1e 8d 9e f9 71 62 43 e4 |.|.,..!.....qbC.| +00000100 c9 69 e4 fe 87 f0 9d 9e aa a4 5c d8 4e ae 3c 38 |.i........\.N.<8| +00000110 e5 76 21 7b 03 a8 70 6f e8 96 39 34 e7 3c b9 51 |.v!{..po..94.<.Q| +00000120 b4 ef ce 7d 0b 1e 57 7d 62 de 47 6a 0a b0 97 6d |...}..W}b.Gj...m| +00000130 49 fe ae 6f c9 d6 e4 4a 54 60 3d 55 53 06 aa 28 |I..o...JT`=US..(| +00000140 7a 3e 7b e0 d1 8a 60 45 87 81 bf fc 98 13 1e de |z>{...`E........| +00000150 7a 90 73 81 13 91 3a c4 da 71 74 e0 1d d5 30 55 |z.s...:..qt...0U| +00000160 46 6a 48 c2 0c 18 91 a3 79 8e c2 b9 5b 24 88 76 |FjH.....y...[$.v| +00000170 5f e6 8f 24 91 95 5b 0d 38 39 5b a4 f6 0e 1a b8 |_..$..[.89[.....| +00000180 e8 2b 0d ac a8 56 10 23 54 a5 78 c9 2a cb ed 24 |.+...V.#T.x.*..$| +00000190 58 16 1a 2f 1c b7 72 fc da ab 56 f6 27 d1 98 39 |X../..r...V.'..9| +000001a0 1f f9 dd e0 1f 1f 23 1a ff 6b af e1 17 9d ec 35 |......#..k.....5| +000001b0 de 0b 4d a4 46 5a fd 07 56 ce 72 19 76 dc 0c 06 |..M.FZ..V.r.v...| +000001c0 99 38 ce 58 3b 9f 13 9a d5 b7 d6 08 a6 05 4d e1 |.8.X;.........M.| +000001d0 75 da 59 4d ab d9 28 e8 af c4 50 f0 b1 49 f8 fd |u.YM..(...P..I..| +000001e0 c9 11 b8 01 70 bb 49 e2 0f 26 1b cb ee c2 7b bd |....p.I..&....{.| +000001f0 2f 72 78 be a1 67 1d 0c d0 bb 4e e7 40 b3 bd 8c |/rx..g....N.@...| +00000200 e2 f4 4f b2 c5 4c 82 49 51 00 44 17 c6 82 72 f5 |..O..L.IQ.D...r.| +00000210 cd 55 c1 43 28 52 85 2b 5d 91 33 9c 15 34 6e ae |.U.C(R.+].3..4n.| +00000220 77 4e 08 0c 9c d2 ae 7f e8 83 af 60 96 10 ae dc |wN.........`....| +00000230 58 6a 3b ae 15 e5 9c a8 25 f3 69 71 f7 94 9c 75 |Xj;.....%.iq...u| +00000240 e0 b5 05 16 ae ce f4 23 20 30 aa 74 a3 63 68 76 |.......# 0.t.chv| +00000250 f6 ec 64 e1 3d f6 0e b6 c4 7d a8 08 44 a9 96 1d |..d.=....}..D...| +00000260 7d c8 22 a8 df 04 2c ad 65 f1 4c 99 7d a1 cb bd |}."...,.e.L.}...| +00000270 b7 d4 d7 b5 ee 88 bd 15 2e 75 76 e2 72 bb 7d e6 |.........uv.r.}.| +00000280 5b eb fc f7 96 96 f0 3c aa b6 a8 58 92 e9 29 f6 |[......<...X..).| +00000290 40 bf 8e 14 23 7c 45 da e9 17 4b 32 16 11 ec 74 |@...#|E...K2...t| +000002a0 78 d5 8c 5a 06 46 e4 dc 90 b9 44 8e d6 8a 4e 43 |x..Z.F....D...NC| +000002b0 7f f9 60 9e a1 46 fa 16 88 ab 3c f1 1e d0 2e 00 |..`..F....<.....| +000002c0 5d 01 e6 a7 b1 27 f7 40 26 17 f3 da fb cd 06 d1 |]....'.@&.......| +000002d0 4e 27 75 9a 6f 0b 63 82 9c 40 07 4c 6e 0d d8 4b |N'u.o.c..@.Ln..K| +000002e0 f1 e6 d5 1c 41 55 72 b5 43 24 53 1e 0e a4 08 d7 |....AUr.C$S.....| +000002f0 44 93 00 c9 8b 49 ba 7a 32 0c d8 e6 46 87 5d 62 |D....I.z2...F.]b| +00000300 9d 4a 11 04 67 21 19 42 50 ad ad ab dd 62 0f f7 |.J..g!.BP....b..| +00000310 0f 57 78 82 71 f6 09 9f 41 bc 8e 34 24 7c b5 d2 |.Wx.q...A..4$|..| +00000320 5d 0c 18 fb d8 f6 62 dc 57 6a 78 2c 21 35 d8 eb |].....b.Wjx,!5..| +00000330 bb f8 7e 01 63 50 c1 98 88 a4 b5 63 1e c0 68 3c |..~.cP.....c..h<| +00000340 41 3c b8 6e 48 17 03 03 00 99 b6 09 37 a6 c2 d9 |A<.nH.......7...| +00000350 5f 39 69 e1 0b ca 40 d8 31 5b 4b 4f c1 33 bf 1f |_9i...@.1[KO.3..| +00000360 db c2 8c 9c d2 14 26 96 4e aa b2 63 30 40 fa 49 |......&.N..c0@.I| +00000370 fb 2d 66 59 70 cb c7 f8 fe 59 19 8b eb d5 5c 6c |.-fYp....Y....\l| +00000380 5c a0 c9 ba e6 4d d9 c3 e0 fe 00 c4 fb ab 8a f1 |\....M..........| +00000390 2b ab 53 86 a7 86 57 01 b8 ae c4 a6 12 6b 7d f8 |+.S...W......k}.| +000003a0 ea 2d df 37 04 01 eb 14 f4 9a d0 e7 67 46 ec 9f |.-.7........gF..| +000003b0 35 f8 d4 2e c6 95 91 10 0e dc 01 60 9a d6 f8 d8 |5..........`....| +000003c0 9e c1 fd f8 2e e2 51 8a e9 2f c3 4a 4f 01 31 52 |......Q../.JO.1R| +000003d0 af cb 4b 52 96 4c 90 57 83 1f 11 97 d6 d6 16 74 |..KR.L.W.......t| +000003e0 77 f8 c4 17 03 03 00 35 b0 61 57 8f 52 7e 93 b1 |w......5.aW.R~..| +000003f0 f0 90 a1 23 09 6e 11 ff a5 6c 38 f3 31 11 be 03 |...#.n...l8.1...| +00000400 ad 59 65 57 1b 60 2b fc 41 98 e0 79 6d 14 26 c8 |.YeW.`+.A..ym.&.| +00000410 fb d6 5f 00 e0 cc 70 46 a3 81 e4 3c ff |.._...pF...<.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 7a 22 a3 3d 18 f8 |..........z".=..| +00000010 a2 c7 8e 62 c3 07 99 b4 e6 bd 94 79 12 82 e9 e0 |...b.......y....| +00000020 96 ff 5f c3 ec 34 02 2f 8d 95 2f 40 80 99 19 a3 |.._..4./../@....| +00000030 bd 64 fd e4 0e b3 81 ad 4c 2e d9 72 d2 a3 bd 00 |.d......L..r....| +00000040 81 42 78 5d f3 70 c3 78 0b fa cd b8 96 17 5e e7 |.Bx].p.x......^.| +00000050 6e 03 b8 c6 ab 2b 2e 63 45 c7 b1 c9 98 71 c9 1d |n....+.cE....q..| +00000060 bb 7b 6e 6d c7 d5 90 b8 b2 4e 62 1a 8f cf 7d 99 |.{nm.....Nb...}.| +00000070 52 3d 70 40 0f 0f 96 1c ee a7 ff 29 2a 53 de d4 |R=p@.......)*S..| +00000080 34 f9 d9 b2 33 2c 69 5e 2d f2 a7 62 dd ec 77 b1 |4...3,i^-..b..w.| +00000090 6c 0f 61 86 8a bc 11 1f 91 ad f4 94 de 96 dd ef |l.a.............| +000000a0 d8 be 5e 45 50 fe af 1a 03 54 20 f6 05 8e a3 b0 |..^EP....T .....| +000000b0 f7 31 93 f3 78 59 4d 54 50 99 a5 a1 53 81 1b 5d |.1..xYMTP...S..]| +000000c0 6d ea 32 e9 52 ab 83 d6 18 3f 2f 43 cd 64 ac 3f |m.2.R....?/C.d.?| +000000d0 11 6c 91 0d fa 86 f8 a5 12 eb 41 ac 24 2d 79 5b |.l........A.$-y[| +000000e0 ee 8e 02 46 f0 37 0a b1 19 c7 97 ed 97 d1 11 18 |...F.7..........| +000000f0 df 80 8f f3 d7 61 a4 fe 6c ec b0 80 4e bc e4 52 |.....a..l...N..R| +00000100 10 2f b1 6f 3f d4 39 08 81 f6 01 4b b4 d4 d5 20 |./.o?.9....K... | +00000110 6b a1 be e6 cf c7 0e 95 e9 d7 00 07 63 25 1b 64 |k...........c%.d| +00000120 4b b7 c4 79 29 84 45 45 5d 0d fe 72 2a 7e c6 bf |K..y).EE]..r*~..| +00000130 5a 98 ec e2 16 26 82 57 eb a6 dc ff 73 b6 e8 4c |Z....&.W....s..L| +00000140 87 52 e5 0a c1 6a 6f 02 69 17 17 ea e0 1c c1 07 |.R...jo.i.......| +00000150 b4 f4 78 a7 99 39 8b 63 61 c2 7e 99 f4 64 16 d6 |..x..9.ca.~..d..| +00000160 0a 84 9a 0f d4 f4 bd 4d d4 4f 16 ec 19 30 a7 34 |.......M.O...0.4| +00000170 f9 b9 60 10 39 25 ee 9d bd 99 37 52 e6 32 a1 c9 |..`.9%....7R.2..| +00000180 68 9b a2 4e 16 91 0e 54 54 d5 c5 77 bb 01 ba af |h..N...TT..w....| +00000190 97 be ea 09 85 91 69 84 4f 2c 04 f0 38 50 93 49 |......i.O,..8P.I| +000001a0 e7 41 cb c1 d6 b6 77 59 09 7c 1e 0a 58 93 1e b4 |.A....wY.|..X...| +000001b0 cf ed 32 85 b0 cd 6f 86 c7 94 8c 30 9d 83 a2 a0 |..2...o....0....| +000001c0 4a de ad 8c b9 d8 58 d3 8c 34 6b 12 54 f1 28 66 |J.....X..4k.T.(f| +000001d0 ea 55 d9 95 d0 b6 b3 aa 68 c3 31 e1 8f 1b f8 43 |.U......h.1....C| +000001e0 51 b9 06 fc 53 69 9b 1c e6 2c f8 b7 f0 47 4a 5a |Q...Si...,...GJZ| +000001f0 82 ca 27 df 0f 3d f8 79 90 8d c2 bd 27 85 74 6b |..'..=.y....'.tk| +00000200 9e 8b eb 74 a8 28 ba 6a 25 16 01 2c 56 3b c0 fa |...t.(.j%..,V;..| +00000210 91 ac af a7 c5 39 8d 2c b1 f3 a2 c9 a5 72 c6 ff |.....9.,.....r..| +00000220 49 a0 78 14 5c 8c d2 71 de b9 4f 55 3a ca b6 a5 |I.x.\..q..OU:...| +00000230 df ce bb f7 c2 d5 af 2c c0 97 08 82 cc b4 02 26 |.......,.......&| +00000240 c3 0c 99 39 4a df 6c d6 59 14 c4 d6 04 9d a4 92 |...9J.l.Y.......| +00000250 d2 53 42 16 56 99 5f c2 82 a0 a8 5a 92 53 e6 b1 |.SB.V._....Z.S..| +00000260 cd fc bc 9a b9 55 0b ae 2c 50 ce a3 bf d2 7d d2 |.....U..,P....}.| +00000270 2b 58 ba 87 65 33 09 cf 74 51 0f 4b 4f a9 53 0d |+X..e3..tQ.KO.S.| +00000280 fa 60 1e ba e6 17 03 03 00 99 aa 43 d9 e2 e4 91 |.`.........C....| +00000290 cf 65 fa 35 0e b0 21 51 9d c4 33 f5 7c 09 ff e5 |.e.5..!Q..3.|...| +000002a0 db fd 6e 96 6d 13 7c 4c ec 90 72 bd 54 6a 3f d8 |..n.m.|L..r.Tj?.| +000002b0 1a a3 e2 a2 01 6b d6 50 a0 b1 d5 67 34 44 42 30 |.....k.P...g4DB0| +000002c0 97 2e 82 07 46 04 56 0a 43 4b 9d 8c 81 64 bb 0b |....F.V.CK...d..| +000002d0 21 62 ea 23 0b 1c a0 c4 b2 cc 2f 51 b5 a2 9a a3 |!b.#....../Q....| +000002e0 37 d3 0c 57 80 85 77 3b 8d 17 f1 a9 d5 ae 72 f9 |7..W..w;......r.| +000002f0 cd 8c c4 2c fb c7 e0 f0 3a 5c d5 6a f7 8f 7e 53 |...,....:\.j..~S| +00000300 c1 d0 7a b0 8d c9 b3 17 7c 99 df 54 d6 43 13 d5 |..z.....|..T.C..| +00000310 78 9c 34 7e c9 11 4e e7 1c 8c f4 0f 82 89 94 61 |x.4~..N........a| +00000320 80 d2 49 17 03 03 00 35 aa cd 97 5a a2 d3 27 78 |..I....5...Z..'x| +00000330 d4 79 28 a7 57 dc 4f b1 2d b8 bd 3c ae ec e6 be |.y(.W.O.-..<....| +00000340 33 be b9 20 3b 69 22 03 31 34 7a 8d 68 39 c7 d5 |3.. ;i".14z.h9..| +00000350 a1 a0 aa 46 15 94 93 d7 54 41 5b 6b 20 17 03 03 |...F....TA[k ...| +00000360 00 17 f2 60 ff 91 c2 85 55 ed ab 39 6f 5d 0f 22 |...`....U..9o]."| +00000370 45 3e 61 07 14 a3 05 f4 94 17 03 03 00 13 01 ea |E>a.............| +00000380 95 52 29 1c 63 71 3a 2d 73 a7 29 31 2c d0 ce 9f |.R).cq:-s.)1,...| +00000390 2b |+| diff --git a/tls/testdata/Client-TLSv13-ECDSA b/tls/testdata/Client-TLSv13-ECDSA new file mode 100644 index 00000000..098f3ab3 --- /dev/null +++ b/tls/testdata/Client-TLSv13-ECDSA @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 e8 ec ee 61 3e |....z...v.....a>| +00000010 c1 43 87 6d f1 61 ed d2 41 1f 7d d7 b7 c0 92 fd |.C.m.a..A.}.....| +00000020 34 17 85 7b c7 ff c4 56 dd 90 bd 20 00 00 00 00 |4..{...V... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 3f |..+.....3.$... ?| +00000060 be 50 e7 f1 b0 30 60 dc 92 50 b8 01 4a d1 3e ff |.P...0`..P..J.>.| +00000070 6e f0 bd e1 17 44 d8 19 1b c6 63 43 e5 c1 58 14 |n....D....cC..X.| +00000080 03 03 00 01 01 17 03 03 00 17 c0 b7 da 01 3e 64 |..............>d| +00000090 6b 57 ba 21 12 79 42 8c 63 1f 45 d1 f2 10 fe 98 |kW.!.yB.c.E.....| +000000a0 b6 17 03 03 02 22 90 87 e6 c3 ba 92 41 a2 96 00 |....."......A...| +000000b0 c7 92 97 ab 4b 80 02 bb 02 83 19 f3 f6 36 d5 23 |....K........6.#| +000000c0 3c c7 bd fb 97 67 86 cb 70 4c 60 9e 6c d4 7a f3 |<....g..pL`.l.z.| +000000d0 03 a5 f1 09 d5 7e 07 74 f3 c8 e4 b8 da 44 a3 94 |.....~.t.....D..| +000000e0 ee 4e 4a 7b ab 4e 92 03 49 04 4e cf 1b b3 0d 91 |.NJ{.N..I.N.....| +000000f0 0f 98 51 5c 56 4d d3 a8 75 4b e0 96 d9 9e dd c8 |..Q\VM..uK......| +00000100 81 c4 37 a0 c6 c9 ec 0f e0 f1 ed 29 ff 5a a2 d4 |..7........).Z..| +00000110 af 61 f7 b1 d5 ee e7 1d 7a e1 7f 33 8d 75 e6 9d |.a......z..3.u..| +00000120 bc 78 56 eb c5 89 d3 19 86 81 09 e1 ee 10 03 7c |.xV............|| +00000130 a4 1b 78 17 51 a3 53 b4 67 5d 29 49 21 b2 51 7b |..x.Q.S.g])I!.Q{| +00000140 f5 dc fd 60 11 ee 8f 50 ea 28 b5 db 57 04 7e 3b |...`...P.(..W.~;| +00000150 ad 6f 29 d4 22 f3 a1 4b 52 ac b8 2b 30 0c 67 16 |.o)."..KR..+0.g.| +00000160 e3 e0 7d a3 03 66 c4 39 70 8e c7 06 cf d2 6f 98 |..}..f.9p.....o.| +00000170 c1 c9 f6 a9 6a 89 b4 3e 38 97 ae e4 f2 97 a4 6f |....j..>8......o| +00000180 e2 05 f8 e9 53 c9 ae f7 87 c3 0f 68 75 9e 07 e9 |....S......hu...| +00000190 45 e9 0d 03 7e c8 79 56 30 77 e3 ea db 92 a2 f8 |E...~.yV0w......| +000001a0 5e 5b ab 77 0d 9b bc 5f 51 40 6c 1b 0d ef b4 cf |^[.w..._Q@l.....| +000001b0 4a 3d a6 8c b6 ab ce 4f 6c 08 0e 23 f0 2a 56 07 |J=.....Ol..#.*V.| +000001c0 f5 88 68 c3 0c fd 63 9b e4 56 12 a6 f5 0a ed 54 |..h...c..V.....T| +000001d0 40 30 ee 36 72 5d ca bb 5a 52 d3 84 14 c1 7e e4 |@0.6r]..ZR....~.| +000001e0 f8 fb e9 c8 10 16 54 16 1f 72 99 8c 7a 69 87 ca |......T..r..zi..| +000001f0 62 53 dc cb a4 26 73 90 fb 11 3c 3c 9f 94 65 cb |bS...&s...<<..e.| +00000200 28 94 65 ca 56 45 a8 c1 ec 08 31 dd eb bc 17 71 |(.e.VE....1....q| +00000210 cd 65 04 95 2e e7 e0 fb 73 fe 70 db 70 31 93 90 |.e......s.p.p1..| +00000220 cf 47 07 ec 92 98 c1 da fc 13 f8 8a 28 4e e8 80 |.G..........(N..| +00000230 a8 96 c2 e2 a6 cd df d4 7f 46 4a 3b e9 dd cf a5 |.........FJ;....| +00000240 75 d5 cc 67 35 81 d5 2e e4 68 c4 56 1a 46 33 5a |u..g5....h.V.F3Z| +00000250 f2 79 32 6b 4e a0 6b 76 53 53 04 73 86 fd bd e2 |.y2kN.kvSS.s....| +00000260 f7 f8 14 0f 0a a8 10 6d a1 bf f8 d0 27 8d cb e8 |.......m....'...| +00000270 a5 51 16 4b 11 a2 8a 6f 22 c5 7c bc c5 7a 0b df |.Q.K...o".|..z..| +00000280 70 1d c4 93 ec 87 78 12 77 e3 85 5a 3c 29 d8 f7 |p.....x.w..Z<)..| +00000290 ab a4 c6 10 50 ed d5 2a 3f b1 84 73 1e 7f 99 eb |....P..*?..s....| +000002a0 31 9c 2c d2 6a 80 4a 5e 7c aa 64 e7 83 df a9 17 |1.,.j.J^|.d.....| +000002b0 c3 4c 13 c8 c1 d7 1b f5 be c9 00 cf ec 7e a5 ab |.L...........~..| +000002c0 89 9c b0 72 fd f0 cb 54 17 03 03 00 a4 28 34 92 |...r...T.....(4.| +000002d0 a7 52 92 5d a0 99 6b e6 22 c5 f6 76 86 1b 0b d6 |.R.]..k."..v....| +000002e0 b7 a8 67 c1 04 b8 1c ac 7b 02 f5 0a 20 41 dd 43 |..g.....{... A.C| +000002f0 25 cc 01 f9 dc 6e c7 f7 4f 67 dd b3 54 81 80 d5 |%....n..Og..T...| +00000300 6d 45 00 42 d0 49 23 d5 12 33 e4 5f fd 58 79 81 |mE.B.I#..3._.Xy.| +00000310 e3 df 67 6d 03 44 58 0f 76 38 c3 de ed 26 90 29 |..gm.DX.v8...&.)| +00000320 45 92 ce 3b fa ea 98 da ea a2 d2 cc c6 0e a8 38 |E..;...........8| +00000330 c1 2d 92 8c 48 79 58 25 75 fd 2d 6d ef 06 32 1a |.-..HyX%u.-m..2.| +00000340 bb 09 fa 66 bc 06 9d c5 fb 46 94 5e b1 73 8d 05 |...f.....F.^.s..| +00000350 e1 90 24 c3 eb 72 7f a8 b7 12 a3 3c 11 29 ea 80 |..$..r.....<.)..| +00000360 10 4e 19 40 25 0b c9 34 70 99 e9 1a 60 17 bb 5b |.N.@%..4p...`..[| +00000370 1a 17 03 03 00 35 91 4b 45 15 d5 2e 33 a7 ba 9b |.....5.KE...3...| +00000380 64 20 bb 72 28 06 27 37 2f ac c9 c0 9e b9 d8 f3 |d .r(.'7/.......| +00000390 86 36 d2 7d df c2 4d 95 a5 a4 4b 64 5f 1a 83 67 |.6.}..M...Kd_..g| +000003a0 f6 6a 21 ff d0 b4 1c 65 23 62 ac |.j!....e#b.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 10 bd 5d 23 36 |..........5..]#6| +00000010 58 43 f4 bb 5e 4e ee 43 fd 0e a1 d9 de 81 99 54 |XC..^N.C.......T| +00000020 de 6e 82 33 71 8a 45 a7 35 f1 cd fb 5f bf 46 20 |.n.3q.E.5..._.F | +00000030 a5 79 d6 87 aa f4 29 51 02 f5 4e 69 ef a5 d7 d6 |.y....)Q..Ni....| +00000040 17 03 03 00 17 21 1f 90 0b 01 63 89 6a af 53 72 |.....!....c.j.Sr| +00000050 51 c0 11 01 7b 09 dd 40 82 dd e1 32 17 03 03 00 |Q...{..@...2....| +00000060 13 93 5d c1 19 16 5c 17 1a 7b 92 a0 9b f5 14 57 |..]...\..{.....W| +00000070 85 39 4a ac |.9J.| diff --git a/tls/testdata/Client-TLSv13-Ed25519 b/tls/testdata/Client-TLSv13-Ed25519 new file mode 100644 index 00000000..0b4a17af --- /dev/null +++ b/tls/testdata/Client-TLSv13-Ed25519 @@ -0,0 +1,68 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 a8 21 4e 51 6a |....z...v...!NQj| +00000010 ce ba 17 cc 2d 25 b3 31 59 6a 3f 81 eb e6 ac a0 |....-%.1Yj?.....| +00000020 91 d9 ef 76 a1 5f bb 63 ab 2c 6b 20 00 00 00 00 |...v._.c.,k ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 81 |..+.....3.$... .| +00000060 4c a8 07 aa 6b 4a f9 44 77 78 a9 57 d0 07 55 07 |L...kJ.Dwx.W..U.| +00000070 9a c2 8e 33 bf c4 09 ee 49 51 5c fe f1 7b 30 14 |...3....IQ\..{0.| +00000080 03 03 00 01 01 17 03 03 00 17 5a 22 a1 07 01 ea |..........Z"....| +00000090 97 bd 5a 59 3a 21 de 9c 45 0c 41 ff 34 45 35 ab |..ZY:!..E.A.4E5.| +000000a0 25 17 03 03 01 50 a1 8c 19 e7 0c 69 d3 e0 f6 53 |%....P.....i...S| +000000b0 95 15 13 4c e3 c3 3f 35 d9 73 c9 fe 24 b0 14 5f |...L..?5.s..$.._| +000000c0 b6 9e 94 20 cf 80 f7 88 7c 0f be 4c 70 16 00 2a |... ....|..Lp..*| +000000d0 55 02 aa a9 4b 7f a7 a5 b8 46 09 9e 18 78 78 66 |U...K....F...xxf| +000000e0 22 c2 31 19 12 f7 e4 7e f3 26 39 7d cd 5e 74 24 |".1....~.&9}.^t$| +000000f0 fb 75 7d b7 2c b5 fb e0 49 bd da 96 e1 c3 63 8f |.u}.,...I.....c.| +00000100 e3 28 43 bb 32 a7 fd 9c ab 54 ba ce 07 4a 23 35 |.(C.2....T...J#5| +00000110 a4 3a ff 43 40 19 ef 38 07 02 ba d6 c4 f0 bf 63 |.:.C@..8.......c| +00000120 aa b3 ea 55 d0 e1 a9 f3 cb 04 6b 1b 8d 35 3a f8 |...U......k..5:.| +00000130 0b 1c 40 99 fe b0 04 5f d1 5b 3f 4b be fe b5 96 |..@...._.[?K....| +00000140 f0 49 3d bf a5 92 f3 bd a6 4c 47 24 f8 b5 7c 45 |.I=......LG$..|E| +00000150 47 85 9b 08 a1 da 51 7a ce 3f 32 66 de 89 c0 c3 |G.....Qz.?2f....| +00000160 ac da 73 0d 15 14 18 e6 a0 7d 07 26 44 df 55 b7 |..s......}.&D.U.| +00000170 6e 4e fa c0 f5 5e 42 3a d9 29 d3 1d e6 cf 3c 8c |nN...^B:.)....<.| +00000180 6d c1 d9 f9 04 f0 57 dc 47 4e d1 e2 a1 f1 a1 c9 |m.....W.GN......| +00000190 2e da 97 4d 65 65 04 54 e7 80 f1 88 b2 34 26 61 |...Mee.T.....4&a| +000001a0 77 8a 1f bb 82 7f 4b ce b3 5a 55 60 e1 3a ef 95 |w.....K..ZU`.:..| +000001b0 bd 34 fc ef 2b 18 4b bb 8a cf ba 3a 69 43 f4 59 |.4..+.K....:iC.Y| +000001c0 98 a1 95 a3 22 f6 b5 1a 84 83 cf cb 90 eb 28 29 |....".........()| +000001d0 b3 84 e1 0d 37 9e 98 96 91 73 f1 7f d7 9b 71 38 |....7....s....q8| +000001e0 6e bc 2e 60 2d 27 0c 18 fd 2a b8 76 01 33 2f 95 |n..`-'...*.v.3/.| +000001f0 6e 0b bf 2b 26 5e 17 03 03 00 59 ed 43 2f e8 df |n..+&^....Y.C/..| +00000200 f3 2f 91 f3 dc 1b aa ff d3 3b 28 1f 78 21 fb e2 |./.......;(.x!..| +00000210 7d 6e 03 09 98 c1 23 09 d7 45 da b8 e0 5a e5 27 |}n....#..E...Z.'| +00000220 38 9a 2f da 9b d3 04 35 f5 b9 31 b0 c0 1f 8a 1e |8./....5..1.....| +00000230 d8 8a 19 f1 38 af a6 74 ac e5 b4 0d 45 83 b4 59 |....8..t....E..Y| +00000240 83 42 97 14 23 55 71 ef 66 8c 35 69 3f 2c 88 63 |.B..#Uq.f.5i?,.c| +00000250 8d 3b 05 fe 17 03 03 00 35 47 82 ec 22 f4 86 6a |.;......5G.."..j| +00000260 b7 c1 d8 64 3b 42 f4 ca 5c 3d ba a3 6a ea 77 6a |...d;B..\=..j.wj| +00000270 d6 52 e3 b0 42 fb c2 f1 2c b1 ef 44 ed 11 29 6d |.R..B...,..D..)m| +00000280 2b 6f 13 0f 42 48 a0 2e 5b ba a1 93 6b de |+o..BH..[...k.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 11 45 8f b2 e0 |..........5.E...| +00000010 87 3d 09 94 93 16 19 04 3d 84 6c e5 14 5e c6 8b |.=......=.l..^..| +00000020 73 1a 53 4c d0 f4 11 27 0c 0d 05 c7 9d ba d0 04 |s.SL...'........| +00000030 37 ed 8b 8a 65 34 54 b1 07 36 92 8c 8c a8 30 b7 |7...e4T..6....0.| +00000040 17 03 03 00 17 ea fc b8 84 8d f0 9d 8e 1c 2c 65 |..............,e| +00000050 10 a8 69 7f dd 3c a4 80 45 5d c3 38 17 03 03 00 |..i..<..E].8....| +00000060 13 15 4b b7 23 2f 55 b0 ae d3 3f f6 68 c9 b2 ef |..K.#/U...?.h...| +00000070 d7 e2 18 49 |...I| diff --git a/tls/testdata/Client-TLSv13-ExportKeyingMaterial b/tls/testdata/Client-TLSv13-ExportKeyingMaterial new file mode 100644 index 00000000..b3064113 --- /dev/null +++ b/tls/testdata/Client-TLSv13-ExportKeyingMaterial @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 6d fb 70 07 b4 |....z...v..m.p..| +00000010 2d 14 d1 d1 88 17 6a a3 b1 c1 e7 23 4b 06 c4 fa |-.....j....#K...| +00000020 4a 0e e1 2c ce 5a d5 c7 8c ab f2 20 00 00 00 00 |J..,.Z..... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 4e |..+.....3.$... N| +00000060 fe 87 d7 81 71 25 ba 33 de 10 df 19 38 d8 af 43 |....q%.3....8..C| +00000070 58 3f 41 2e b9 b8 cb 1c 65 a7 cd 8d 00 b1 0e 14 |X?A.....e.......| +00000080 03 03 00 01 01 17 03 03 00 17 b3 63 09 54 ad 41 |...........c.T.A| +00000090 24 fe 2c 81 49 c8 86 88 c2 ad ba cd 45 77 51 c0 |$.,.I.......EwQ.| +000000a0 d5 17 03 03 02 6d 74 7d de 53 70 5c 11 d0 a7 68 |.....mt}.Sp\...h| +000000b0 8e 10 c9 cb cd 0c 25 ac 88 e7 17 54 8b 32 2c ee |......%....T.2,.| +000000c0 97 9c 3d f6 ce d1 83 70 ee c0 85 0c fc 61 ba db |..=....p.....a..| +000000d0 6d e0 04 26 6f b7 4e 44 4d 1c 5c 16 9a 57 4f e6 |m..&o.NDM.\..WO.| +000000e0 52 89 27 53 88 f8 93 91 ed b2 42 b4 4c f0 58 a3 |R.'S......B.L.X.| +000000f0 50 a7 af 2c 47 ac ad 8b 14 a0 9f d4 28 2e 7b 28 |P..,G.......(.{(| +00000100 8e ec d1 bb 7d d9 78 fb 24 82 9f 2a ac 4e 85 83 |....}.x.$..*.N..| +00000110 35 25 75 8f 9e 6d 4c 8a dd 6f 9f 9a 34 93 a2 9d |5%u..mL..o..4...| +00000120 d0 26 4c 7b a8 72 a3 12 b9 ef 6b c8 d0 4f 44 5b |.&L{.r....k..OD[| +00000130 dd f1 72 3a b4 5c 7e a8 8d d4 68 bc 6d 54 2c ee |..r:.\~...h.mT,.| +00000140 c1 f7 78 f1 15 cd 57 b5 54 89 08 f0 d8 56 ef 8d |..x...W.T....V..| +00000150 14 d1 e8 fd 83 bd ab 64 c1 99 36 4e af 81 27 52 |.......d..6N..'R| +00000160 0f 5e 31 5e c0 70 21 fb 05 40 d4 d2 71 df 0c 09 |.^1^.p!..@..q...| +00000170 31 83 b0 71 82 84 d9 90 6b 25 5a 67 03 30 c4 80 |1..q....k%Zg.0..| +00000180 2c 99 41 3f fa 51 ce a8 b4 b8 98 2a bc e9 cc ce |,.A?.Q.....*....| +00000190 f7 0c 69 a3 c3 02 dc b9 4f 00 ac 4f 29 d5 e5 df |..i.....O..O)...| +000001a0 df 67 3b ed 94 8e 80 3f aa 6e a8 b7 e0 7f 4d fd |.g;....?.n....M.| +000001b0 95 80 54 89 57 ff d7 73 86 bd e8 98 11 d5 09 c6 |..T.W..s........| +000001c0 ab af 1a a4 a0 cc 30 40 bc 63 dc d0 db 92 41 f5 |......0@.c....A.| +000001d0 5c 1e f1 92 03 5b 3f 27 23 1f 9c 8e f8 8b 4f 69 |\....[?'#.....Oi| +000001e0 0c 3d 09 e5 95 d8 ba 8c 90 cd ac 53 ed 77 8d 75 |.=.........S.w.u| +000001f0 3a 56 b4 f3 21 a5 4e c2 6e 1f 87 74 56 69 32 95 |:V..!.N.n..tVi2.| +00000200 29 56 07 2c 0d b3 74 47 28 6d 8f ef 56 f6 68 7f |)V.,..tG(m..V.h.| +00000210 25 e4 76 06 7c 82 40 11 f8 eb 3c ec 62 fa be 60 |%.v.|.@...<.b..`| +00000220 d3 11 98 e2 d4 b1 d0 72 3d e6 4a da f0 d6 c0 42 |.......r=.J....B| +00000230 8e a6 63 cc a1 41 e3 18 21 00 ac cc 98 f8 8d 78 |..c..A..!......x| +00000240 ab 9b 39 16 ad 4c fd 11 15 79 0c fd 0e 87 45 d6 |..9..L...y....E.| +00000250 81 30 bb 3a 72 89 92 c1 fa e8 ad 59 3b 8b b0 38 |.0.:r......Y;..8| +00000260 2d c3 6e 87 a8 b8 1f 7d a0 b3 e6 91 83 97 78 94 |-.n....}......x.| +00000270 f0 01 66 a2 c8 89 45 8e 2e a0 7e 89 4d 7f 49 ee |..f...E...~.M.I.| +00000280 2a 69 c0 ec 77 db 85 df 01 d9 02 36 df 94 81 01 |*i..w......6....| +00000290 aa 43 a2 3d 76 8c c3 21 bf 05 c3 b2 c4 28 85 65 |.C.=v..!.....(.e| +000002a0 7b 4a ac e3 45 40 77 1d a9 ee 1e e9 97 7c 2f 45 |{J..E@w......|/E| +000002b0 45 18 58 47 ab 51 0f 26 eb d5 bb ac c2 8b a9 ae |E.XG.Q.&........| +000002c0 65 6a 91 9b 13 93 69 c6 9d bc 61 23 20 d2 ad a0 |ej....i...a# ...| +000002d0 d3 f9 2d 32 79 e3 4b 07 90 32 9e e1 f3 13 18 b0 |..-2y.K..2......| +000002e0 65 6e 89 a5 45 c6 a1 9b f0 f6 d1 66 d3 e7 49 1a |en..E......f..I.| +000002f0 b8 e2 17 cd d0 13 9c e6 e1 77 87 a4 8b 6a d3 74 |.........w...j.t| +00000300 0e 85 b1 2c f3 c8 a8 f3 65 b3 71 c2 bb f5 95 d7 |...,....e.q.....| +00000310 81 78 45 17 03 03 00 99 1e 53 96 f9 b9 97 ec 53 |.xE......S.....S| +00000320 4e 97 a9 8c 01 06 ee 6b 31 47 93 4b ac f7 b6 4a |N......k1G.K...J| +00000330 15 bb 28 d7 87 73 7c 1d 3b d3 6b 9d 48 77 df 09 |..(..s|.;.k.Hw..| +00000340 c9 97 98 b6 d6 20 94 8a ed 71 08 2d 56 af b2 b8 |..... ...q.-V...| +00000350 20 fc d7 81 e4 53 eb 57 6a bd 9b 1c 11 4f 2e fb | ....S.Wj....O..| +00000360 9a 0e 65 08 69 df 28 70 a7 50 21 62 9f 63 39 db |..e.i.(p.P!b.c9.| +00000370 9e 73 40 5d 73 77 a7 1d 2e 79 61 fa b9 50 f0 70 |.s@]sw...ya..P.p| +00000380 1e 71 d1 9e c6 2f 8c 4c 5f e0 b1 37 d7 c9 ab fc |.q.../.L_..7....| +00000390 5f 6a ca a9 9e 27 38 42 78 ba fb e6 8e c2 3f a6 |_j...'8Bx.....?.| +000003a0 a0 c6 04 b6 d8 b7 3a 68 83 15 3b 70 f9 0a 27 4a |......:h..;p..'J| +000003b0 0a 17 03 03 00 35 d0 88 b7 b8 cf 81 4e 97 76 96 |.....5......N.v.| +000003c0 c2 ed e8 15 e4 01 54 2b 1f 0e 34 08 52 6c a8 6a |......T+..4.Rl.j| +000003d0 cf 04 29 7b 27 fb e9 1e d1 6c d2 28 15 03 2a 58 |..){'....l.(..*X| +000003e0 d4 eb 67 18 83 3f d4 2a ab 9f aa |..g..?.*...| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 02 ed 34 8f 83 |..........5..4..| +00000010 44 27 8b 71 af c1 06 33 0b 25 aa 22 85 96 41 75 |D'.q...3.%."..Au| +00000020 4f fe 46 82 ba 95 91 4c cc a9 99 60 5c f7 72 7f |O.F....L...`\.r.| +00000030 e4 1f e4 99 6a c2 25 db d0 11 5d fc d6 28 8f 56 |....j.%...]..(.V| +00000040 17 03 03 00 17 fe e8 cf ed a0 7a ce 77 57 e6 aa |..........z.wW..| +00000050 f0 ce 6d 2f 5c e5 1f 7d 37 c8 91 cf 17 03 03 00 |..m/\..}7.......| +00000060 13 a4 a9 4c b5 33 38 4a 1e b7 65 9d 72 85 1b 79 |...L.38J..e.r..y| +00000070 79 87 e3 bf |y...| diff --git a/tls/testdata/Client-TLSv13-HelloRetryRequest b/tls/testdata/Client-TLSv13-HelloRetryRequest new file mode 100644 index 00000000..10e13ec3 --- /dev/null +++ b/tls/testdata/Client-TLSv13-HelloRetryRequest @@ -0,0 +1,119 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f6 01 00 00 f2 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 77 00 05 00 05 01 00 00 00 00 00 0a 00 |...w............| +00000090 06 00 04 00 1d 00 17 00 0b 00 02 01 00 00 0d 00 |................| +000000a0 1a 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 |................| +000000b0 01 06 01 05 03 06 03 02 01 02 03 ff 01 00 01 00 |................| +000000c0 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 |.....+..........| +000000d0 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d a3 47 |..3.&.$... /.}.G| +000000e0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +000000f0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 |......_X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.| +00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z| +00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 00 00 00 00 |..^......3. ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......| +00000060 00 01 01 |...| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 16 03 03 01 17 01 00 01 13 03 |................| +00000010 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000030 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |. ..............| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000050 00 00 00 32 cc a8 cc a9 c0 2f c0 2b c0 30 c0 2c |...2...../.+.0.,| +00000060 c0 27 c0 13 c0 23 c0 09 c0 14 c0 0a 00 9c 00 9d |.'...#..........| +00000070 00 3c 00 2f 00 35 c0 12 00 0a 00 05 c0 11 c0 07 |.<./.5..........| +00000080 13 01 13 03 13 02 01 00 00 98 00 05 00 05 01 00 |................| +00000090 00 00 00 00 0a 00 06 00 04 00 1d 00 17 00 0b 00 |................| +000000a0 02 01 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 |................| +000000b0 05 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 |................| +000000c0 03 ff 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 |...........+....| +000000d0 04 03 03 03 02 03 01 00 33 00 47 00 45 00 17 00 |........3.G.E...| +000000e0 41 04 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 |A...7...Q.5uq..T| +000000f0 5b 12 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 |[....g..$ >.V...| +00000100 28 5e f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 |(^.+-O....lK[.V.| +00000110 32 42 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc |2B.X..I..h.A.Vk.| +00000120 5a 89 |Z.| +>>> Flow 4 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 b5 7c 4a c4 82 |............|J..| +00000010 67 2c 0d e4 cf 12 5a 8c fc 44 10 da 7e ef ec ae |g,....Z..D..~...| +00000020 bc 59 6c 7d 62 b1 d8 95 5d 9d 3b 20 00 00 00 00 |.Yl}b...].; ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 51 c8 a4 d2 63 ec a1 b7 72 7e 42 30 8e d2 eb b0 |Q...c...r~B0....| +00000070 3c e0 06 d0 69 39 b7 55 ee 47 c3 b3 b6 56 2d df |<...i9.U.G...V-.| +00000080 3e 0c 1c 92 cf f6 c4 52 13 90 fa e6 52 13 e6 6d |>......R....R..m| +00000090 35 46 de 60 05 a1 85 a9 ec 86 dc da 19 4d 21 67 |5F.`.........M!g| +000000a0 17 03 03 00 17 d7 59 69 75 49 13 ac 27 ad 1c a9 |......YiuI..'...| +000000b0 17 68 46 77 a2 22 0a f5 6f ce 70 67 17 03 03 02 |.hFw."..o.pg....| +000000c0 6d ee 92 51 b3 07 0f 46 be 24 a1 12 02 7e d1 d4 |m..Q...F.$...~..| +000000d0 b1 2e f5 87 f5 96 ed 00 77 f1 ad 1b 8e cd 1d 01 |........w.......| +000000e0 41 78 6a ff 68 9f 6d ac fe 92 8a c5 43 d2 c9 1d |Axj.h.m.....C...| +000000f0 a8 d8 0f 00 7e c1 06 a9 16 ba 13 94 e7 d9 cd e1 |....~...........| +00000100 01 fd 52 12 be b0 04 14 85 d3 06 a2 63 d7 16 7a |..R.........c..z| +00000110 06 5f 1f c2 31 ea 27 1a a5 1d f6 39 d2 b1 99 8c |._..1.'....9....| +00000120 e0 71 32 3b ef 4e d3 1c 21 3f 30 59 5b 3e 1f 64 |.q2;.N..!?0Y[>.d| +00000130 3c 27 35 0f ee f4 75 5c 53 38 f8 43 87 55 88 28 |<'5...u\S8.C.U.(| +00000140 17 8f 4c 2d 73 d0 bd db 43 25 2f da fb f3 f7 b4 |..L-s...C%/.....| +00000150 63 90 08 24 c6 b3 ae 91 00 2d 4f bd af bc 22 82 |c..$.....-O...".| +00000160 08 ef 29 c9 49 d2 73 97 ce 6c 8d 1e a2 cb 53 ff |..).I.s..l....S.| +00000170 fe 9c b1 14 58 6f 45 bf ee 93 c0 9b 96 86 54 1a |....XoE.......T.| +00000180 fc fe 84 c3 88 13 92 d4 d7 de 00 07 d4 f7 ef 8e |................| +00000190 5e 5f b0 12 c9 6a 81 df 05 e6 c3 a1 f6 8a bc 06 |^_...j..........| +000001a0 bc 45 47 06 d4 45 70 78 f9 16 0f d2 f4 ae b5 94 |.EG..Epx........| +000001b0 e6 ac b5 bf e3 40 d1 fe 20 07 23 f8 65 fe 57 b2 |.....@.. .#.e.W.| +000001c0 63 a0 db 7b fa 12 25 2b 1f 1c df 66 ee c4 84 80 |c..{..%+...f....| +000001d0 4a 95 64 3d 9f c2 e9 eb 7c 59 72 1c 52 68 fa 5a |J.d=....|Yr.Rh.Z| +000001e0 b3 d6 9e dc 51 d6 ac 0b 34 f1 66 42 4b 99 1d cb |....Q...4.fBK...| +000001f0 94 f4 08 c6 57 f9 97 87 54 9c 3b ba 4e 21 c7 b3 |....W...T.;.N!..| +00000200 a0 d9 41 33 22 c4 3f a4 29 e4 7a 3c a1 86 e0 65 |..A3".?.).z<...e| +00000210 f4 ff 67 c5 32 ae 16 01 67 8e 16 d7 28 5e b3 19 |..g.2...g...(^..| +00000220 c6 18 c7 27 0d 01 8e 04 87 fb 6b f9 72 ee 00 ff |...'......k.r...| +00000230 25 f9 c5 dd bc 30 45 63 2d 4d 2d 9d ea 7f 54 aa |%....0Ec-M-...T.| +00000240 ac 9e d8 a2 ae c2 e3 64 b7 3d 54 56 67 39 e8 96 |.......d.=TVg9..| +00000250 a5 5d fd 1e 01 2a 0c 7d ee f1 4e fc 1b 19 f9 ef |.]...*.}..N.....| +00000260 60 dd e1 b2 94 f3 5f 54 d4 05 f7 86 83 6f 97 43 |`....._T.....o.C| +00000270 4e 30 c1 49 cc 5e 98 10 5c 4e 32 84 97 70 c8 b9 |N0.I.^..\N2..p..| +00000280 6d 0b c2 23 ab f9 e8 85 6f 0a 2a 99 e7 12 33 e8 |m..#....o.*...3.| +00000290 f2 62 6f 65 0c 3d ff 9f e6 15 eb 1d 24 0e e9 8a |.boe.=......$...| +000002a0 28 e0 09 31 23 a4 5c 2c 25 49 b4 0c 5f 18 e1 12 |(..1#.\,%I.._...| +000002b0 82 16 6e 79 68 21 fb 5a 68 73 dd f7 2f aa e2 f9 |..nyh!.Zhs../...| +000002c0 85 8d af c6 84 50 af 84 95 12 c8 32 a6 eb f0 93 |.....P.....2....| +000002d0 a2 bd 97 d3 ba 76 a8 2e a2 44 2f 98 23 ca 78 cd |.....v...D/.#.x.| +000002e0 7a 5f bf ab 19 00 72 b5 b3 e0 a7 b5 da 47 05 c8 |z_....r......G..| +000002f0 44 0b 6c 7f 0b 4c 99 79 3c 47 7e e9 25 bd a8 4d |D.l..L.yOh.'.%..| +00000390 1f 89 9e 21 34 97 b9 7e 6e 2a c2 df 47 22 7d a6 |...!4..~n*..G"}.| +000003a0 aa 7a 4a fd 11 b0 73 10 f5 16 8b 2c 3a af a6 7a |.zJ...s....,:..z| +000003b0 cc 3d 4b f0 36 43 60 db 53 2a 4e 2c 1b 2c 0a 54 |.=K.6C`.S*N,.,.T| +000003c0 01 ff ad 7e 93 a8 d0 76 da 5a 88 88 17 03 03 00 |...~...v.Z......| +000003d0 35 d0 36 70 7c 4c 6a 10 bd 43 50 2c 47 74 f9 ed |5.6p|Lj..CP,Gt..| +000003e0 9f 0b d7 33 82 74 2f fd 81 4d 08 d6 cf f4 13 4e |...3.t/..M.....N| +000003f0 de ec 84 bf 79 35 ee 72 8a a3 d0 61 29 94 ad 79 |....y5.r...a)..y| +00000400 04 42 0f 2b 65 a1 |.B.+e.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 35 4b f7 dd b6 64 32 61 42 e7 b2 93 |....5K...d2aB...| +00000010 b8 4b dd 7c 25 c6 57 5b 68 d5 f2 d9 27 85 ee cf |.K.|%.W[h...'...| +00000020 09 44 79 8d 8e 14 0f 84 44 e5 16 a9 bf d9 14 bb |.Dy.....D.......| +00000030 22 73 c7 a9 24 c1 dd 38 1e 63 17 03 03 00 17 63 |"s..$..8.c.....c| +00000040 56 45 91 62 9c 00 4b d6 ae f4 dc 17 a2 89 55 0d |VE.b..K.......U.| +00000050 c3 d4 f3 12 8b bf 17 03 03 00 13 1f ac ed f8 80 |................| +00000060 31 7f 75 9f 6c a1 48 6e 20 89 b8 45 08 33 |1.u.l.Hn ..E.3| diff --git a/tls/testdata/Client-TLSv13-KeyUpdate b/tls/testdata/Client-TLSv13-KeyUpdate new file mode 100644 index 00000000..d1efba92 --- /dev/null +++ b/tls/testdata/Client-TLSv13-KeyUpdate @@ -0,0 +1,102 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 fa 01 00 00 f6 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 7b 00 05 00 05 01 00 00 00 00 00 0a 00 |...{............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 |................| +000000b0 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 ff |................| +000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......| +000000d0 03 03 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f |......3.&.$... /| +000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 a2 49 b5 61 fe |....z...v...I.a.| +00000010 e3 52 ca 87 58 57 0f ec bc 71 51 a9 50 7c ac 5e |.R..XW...qQ.P|.^| +00000020 af 4e 47 56 81 6c 92 d9 10 3d d0 20 00 00 00 00 |.NGV.l...=. ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 75 |..+.....3.$... u| +00000060 c4 ba b0 c4 9b a0 57 6a ca e4 9c c6 eb f8 66 5a |......Wj......fZ| +00000070 d4 64 36 34 71 9d 6d 0f 2f 34 b8 ad b7 4a 55 14 |.d64q.m./4...JU.| +00000080 03 03 00 01 01 17 03 03 00 17 ec 4c 36 aa 81 cf |...........L6...| +00000090 61 2c 2f 6c 35 e8 25 62 54 17 ae 9b 46 b0 96 f5 |a,/l5.%bT...F...| +000000a0 0f 17 03 03 02 6d 6f 6c 27 e5 53 42 db 32 b4 2c |.....mol'.SB.2.,| +000000b0 6a 70 56 a7 0d 3a 7f a3 d7 fe 04 4f 0a 3e 52 8c |jpV..:.....O.>R.| +000000c0 52 1e 3a 26 5d 47 b1 6b da 90 e2 74 50 0d 6e fa |R.:&]G.k...tP.n.| +000000d0 1b 3f 17 3b 21 f7 fa f7 c7 c3 e3 14 05 09 76 b2 |.?.;!.........v.| +000000e0 27 66 bc 42 7e 49 4b ff 3a f1 3f a3 1a d4 9e 03 |'f.B~IK.:.?.....| +000000f0 3f b6 a8 87 98 50 f3 d8 cb 8b a2 e9 2a ea ff bc |?....P......*...| +00000100 50 18 d0 57 58 c5 e9 c8 96 67 01 8b e2 a3 f4 77 |P..WX....g.....w| +00000110 5e 1d 93 89 b6 f6 57 7d 93 b6 62 86 0a 21 18 56 |^.....W}..b..!.V| +00000120 8c 14 25 df 47 1a b3 23 e6 99 d1 fc dc 07 0a 38 |..%.G..#.......8| +00000130 9a 05 c8 3f 23 5c c5 d3 c4 48 fb b2 fd 9f 83 37 |...?#\...H.....7| +00000140 1d 0c 85 9c 2b e6 ae 42 aa ad d4 5a 9e 49 89 b7 |....+..B...Z.I..| +00000150 b0 c2 c5 ec 42 89 88 87 6e 54 3d 73 b2 f1 5f 0f |....B...nT=s.._.| +00000160 4b 49 3f 6b a3 8f 5f 99 bf fe af e9 25 ac 27 b7 |KI?k.._.....%.'.| +00000170 e7 96 bb 4a c8 e8 9e f1 2c 23 c2 e7 96 ba b4 fe |...J....,#......| +00000180 d5 94 b5 72 82 bd 7f c2 e1 af b4 bd db c7 15 20 |...r........... | +00000190 85 60 bb 02 f6 4b ef 09 3e a1 4e b9 77 64 0a 4a |.`...K..>.N.wd.J| +000001a0 2c 05 82 96 91 be 23 44 50 c1 c5 6c 05 55 51 42 |,.....#DP..l.UQB| +000001b0 84 87 20 71 65 8d 09 86 66 fa 88 8b 54 21 44 34 |.. qe...f...T!D4| +000001c0 df 6f ce a3 e9 12 4a e0 90 76 bb 1a f5 00 79 cb |.o....J..v....y.| +000001d0 d8 82 3b 88 c8 6a 5b a1 49 49 a0 c0 f7 d9 8f 89 |..;..j[.II......| +000001e0 f2 04 59 2b 0c 6f e2 3f b8 a8 c9 aa bf 2e 18 74 |..Y+.o.?.......t| +000001f0 45 b5 35 34 9a bb fa 77 e8 46 b2 f8 6d 41 65 36 |E.54...w.F..mAe6| +00000200 d9 f8 64 81 a6 50 63 b4 73 3e fb f9 b3 3e 03 3d |..d..Pc.s>...>.=| +00000210 d1 f4 b5 c1 ac f8 3f 4d 73 b7 da 16 8a 37 c9 a7 |......?Ms....7..| +00000220 51 33 b1 68 69 19 0b 26 de a6 42 4d 22 a3 e8 c0 |Q3.hi..&..BM"...| +00000230 7b 1d 66 e7 70 26 44 f7 62 3f 3d 0d e2 02 50 61 |{.f.p&D.b?=...Pa| +00000240 db 9b 5e e4 49 e8 32 32 7a c0 03 37 a8 c6 85 80 |..^.I.22z..7....| +00000250 4a 7e 39 b5 ba 6c cb 6f 53 e5 90 d0 0d 9c 2e e5 |J~9..l.oS.......| +00000260 90 df 9b b1 c5 3f 16 98 a9 dd a1 b5 7a 48 04 0e |.....?......zH..| +00000270 15 f9 60 a7 35 0b 33 a1 93 4b 73 5f b3 46 a6 43 |..`.5.3..Ks_.F.C| +00000280 ea a3 6e 4c fa bb 24 44 cd 48 85 c1 9f ea c2 14 |..nL..$D.H......| +00000290 92 48 2e 35 43 30 dc e6 76 23 0b e4 2f 28 13 c1 |.H.5C0..v#../(..| +000002a0 e1 bb 2d 9f de cf 10 8f c3 8f 48 eb 64 eb 6d ef |..-.......H.d.m.| +000002b0 2a b3 c5 d6 85 db a2 05 b2 46 f8 77 aa 2c fb 14 |*........F.w.,..| +000002c0 be 09 e7 11 33 88 cb 71 1b ca 46 cb 79 c6 99 eb |....3..q..F.y...| +000002d0 43 bb 59 c6 91 3b 0f 1a 76 cb c7 3b ef 07 c9 cb |C.Y..;..v..;....| +000002e0 3a 75 ac 14 d9 53 08 ca 4d 45 48 24 4a af 4e 94 |:u...S..MEH$J.N.| +000002f0 0e 81 31 63 d1 f6 67 25 7d c0 dd 02 05 1b ce 38 |..1c..g%}......8| +00000300 69 cf e7 6a bb b5 02 85 00 82 71 a6 e3 c0 33 b8 |i..j......q...3.| +00000310 78 51 55 17 03 03 00 99 b3 5c cb a4 a3 6c e9 fa |xQU......\...l..| +00000320 33 25 04 21 28 66 e7 d4 22 02 8f d4 3e cc e1 20 |3%.!(f.."...>.. | +00000330 15 5b 5a 55 14 d3 2b a5 de 7b 95 48 3c 26 68 22 |.[ZU..+..{.H<&h"| +00000340 a3 0d c6 ac 7f ec d3 7b fa 4d 51 20 6f 32 97 bc |.......{.MQ o2..| +00000350 fa 0c d6 8e bf ee 13 ca b3 cf 00 c5 f5 87 f1 cb |................| +00000360 9b 63 22 e6 61 99 83 78 69 1d 03 f1 0b 66 c5 c4 |.c".a..xi....f..| +00000370 2e 6f d8 b5 59 93 f7 40 3c 40 4e 1a 58 af b5 37 |.o..Y..@<@N.X..7| +00000380 ce dd 83 dd b1 78 a8 ba a3 35 f8 9f 0c 47 1e fb |.....x...5...G..| +00000390 aa 9b b5 5f 11 4c b9 0c c1 a0 01 47 87 f9 e6 1f |..._.L.....G....| +000003a0 d5 e5 3f a7 15 4d c8 a5 79 9c e5 bc 62 6f cb cd |..?..M..y...bo..| +000003b0 86 17 03 03 00 35 e7 4d 67 3a 39 5b ac 13 89 cc |.....5.Mg:9[....| +000003c0 c4 dc 20 2b a4 b2 3c 5d 96 f1 45 17 52 12 ed 85 |.. +..<]..E.R...| +000003d0 00 f0 7e 73 3a 6d a2 46 b8 59 7f e8 6f 46 06 e1 |..~s:m.F.Y..oF..| +000003e0 43 c9 ca af a9 3e ca d6 42 4b 41 |C....>..BKA| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 4d ad c5 c7 cc |..........5M....| +00000010 5a 34 8a f8 5f 71 83 af fa 94 df 2a 94 a0 c4 8e |Z4.._q.....*....| +00000020 5e 00 f7 02 e1 30 62 a5 49 27 58 0b 1f fa 46 98 |^....0b.I'X...F.| +00000030 f0 b8 6f 42 e3 3a 7f 26 77 b6 46 8f ab c6 5d d6 |..oB.:.&w.F...].| +00000040 17 03 03 00 17 90 81 68 7a 48 8d 3b 59 9e 11 6f |.......hzH.;Y..o| +00000050 86 b5 24 e4 d9 e0 60 9f c2 4f 3d 33 |..$...`..O=3| +>>> Flow 4 (server to client) +00000000 17 03 03 00 16 94 83 fa cc 66 b4 60 c0 c7 6d b3 |.........f.`..m.| +00000010 6e 8c 84 9d 89 76 61 3d 69 fd 29 |n....va=i.)| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 60 cb 39 3d 7d 79 01 88 93 bd bf |.....`.9=}y.....| +00000010 23 3b d1 f3 a4 5e 78 ea cd 0f 5e |#;...^x...^| +>>> Flow 6 (server to client) +00000000 17 03 03 00 1a 88 13 b4 f1 5f cc 63 1e 99 9f 85 |........._.c....| +00000010 60 ff 0e 97 13 59 64 2a c3 0d 2b ac ca a2 25 |`....Yd*..+...%| +>>> Flow 7 (client to server) +00000000 17 03 03 00 1d 4f f2 48 ea b8 d6 75 8e 97 ab 54 |.....O.H...u...T| +00000010 29 57 50 5b 59 40 59 d3 7a 3c 01 43 6a 33 30 bb |)WP[Y@Y.z<.Cj30.| +00000020 d4 40 17 03 03 00 13 18 fc b7 ac eb e7 52 6d f0 |.@...........Rm.| +00000030 d4 d3 03 c6 5f 4e ea e3 7b 4e |...._N..{N| diff --git a/tls/testdata/Client-TLSv13-P256-ECDHE b/tls/testdata/Client-TLSv13-P256-ECDHE new file mode 100644 index 00000000..e6d81184 --- /dev/null +++ b/tls/testdata/Client-TLSv13-P256-ECDHE @@ -0,0 +1,94 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 15 01 00 01 11 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 96 00 05 00 05 01 00 00 00 00 00 0a 00 |................| +00000090 04 00 02 00 17 00 0b 00 02 01 00 00 0d 00 1a 00 |................| +000000a0 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 06 |................| +000000b0 01 05 03 06 03 02 01 02 03 ff 01 00 01 00 00 12 |................| +000000c0 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 |...+............| +000000d0 33 00 47 00 45 00 17 00 41 04 1e 18 37 ef 0d 19 |3.G.E...A...7...| +000000e0 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 |Q.5uq..T[....g..| +000000f0 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 |$ >.V...(^.+-O..| +00000100 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 |..lK[.V.2B.X..I.| +00000110 b5 68 1a 41 03 56 6b dc 5a 89 |.h.A.Vk.Z.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 b5 3c c8 fe 64 |............<..d| +00000010 f6 04 7d 28 a4 25 7c 1b f5 0b e6 6d 0b f5 2f ec |..}(.%|....m../.| +00000020 78 c1 bd 5a cf c8 19 d9 5c 54 72 20 00 00 00 00 |x..Z....\Tr ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 d7 63 55 0e 0d 7b fb 09 a9 61 92 70 2b 52 9c 38 |.cU..{...a.p+R.8| +00000070 2d e8 2a 68 27 b7 15 3e 4a 1e 92 c8 08 7b 5c c9 |-.*h'..>J....{\.| +00000080 8d d4 aa 97 63 42 a5 3e 4b e8 7d 37 98 d9 8c a6 |....cB.>K.}7....| +00000090 e7 c7 45 9f 73 48 bd c3 14 82 67 5b bb 19 bd a5 |..E.sH....g[....| +000000a0 14 03 03 00 01 01 17 03 03 00 17 67 d9 cb 2b d1 |...........g..+.| +000000b0 d2 30 7d b3 3f c1 77 5a 6c 87 41 2c 29 83 36 19 |.0}.?.wZl.A,).6.| +000000c0 74 38 17 03 03 02 6d ac 0c 4f fe b5 93 6a fa 9f |t8....m..O...j..| +000000d0 e9 76 a7 c3 8a bb 4a 64 7a 04 35 58 e6 a2 d8 7a |.v....Jdz.5X...z| +000000e0 cf 99 1c 60 13 1a ca c6 e6 10 11 7a f1 f4 be ec |...`.......z....| +000000f0 1d 2d db b1 a5 3a dd 7e 10 2b 65 ca 40 b2 5f fc |.-...:.~.+e.@._.| +00000100 3f c9 df 7d 26 c1 fc b7 2d 67 a1 2d a2 22 b3 40 |?..}&...-g.-.".@| +00000110 79 d4 c8 b6 73 f7 93 8a 97 4f b7 ab b6 0c ca 14 |y...s....O......| +00000120 3c 1e 6c 27 c0 be 01 d7 98 ef 93 78 f5 14 15 21 |<.l'.......x...!| +00000130 4c f8 8e a6 f7 72 b2 b7 bc c2 3e 9b b7 e4 0d 15 |L....r....>.....| +00000140 b5 69 75 e9 61 10 e4 d5 8e 60 44 88 bf 5f df f9 |.iu.a....`D.._..| +00000150 8d 70 54 4e f6 0f 37 70 ff b8 6b c0 4f fb 61 c1 |.pTN..7p..k.O.a.| +00000160 48 00 96 9b da 05 0f 78 7a 87 f5 b1 69 f6 4f 8e |H......xz...i.O.| +00000170 80 74 7b e0 e5 b7 0f ba 7d 9d 4c ff c9 d7 7c b9 |.t{.....}.L...|.| +00000180 f0 bd dd 34 8e 77 5f 3b 48 10 10 6f ed c7 84 15 |...4.w_;H..o....| +00000190 7a 0c 26 3e 5d 9d 58 07 02 8c e3 fa f0 6b 86 df |z.&>].X......k..| +000001a0 76 af 3c 13 c4 93 28 7a 17 04 98 91 26 72 5f aa |v.<...(z....&r_.| +000001b0 cf b2 9e 37 a9 93 12 bd 1d 92 64 b8 82 60 b0 b5 |...7......d..`..| +000001c0 1d 2c 4e 18 24 11 3b 52 33 05 f0 3b f2 27 ed a6 |.,N.$.;R3..;.'..| +000001d0 f6 4a 82 b6 df 05 a0 07 a3 9d 73 0a 3c 7f 02 47 |.J........s.<..G| +000001e0 60 c8 aa 20 b4 9c cd 48 12 a3 82 fe 99 4e 0c bb |`.. ...H.....N..| +000001f0 ec 4f 10 75 26 99 a4 ed 5e 4a 34 51 38 88 2c 3c |.O.u&...^J4Q8.,<| +00000200 0b 8d f8 65 84 38 47 c8 31 30 82 71 3f 54 e3 3f |...e.8G.10.q?T.?| +00000210 f1 e6 2c ef a3 fe 02 34 16 58 21 55 6e 0f 95 d3 |..,....4.X!Un...| +00000220 3e 18 e5 c4 fa 95 65 07 d8 4b 31 4b fa a7 85 74 |>.....e..K1K...t| +00000230 6c 1c a3 7c 7b c6 20 e0 1f 28 33 6d 61 93 d0 7d |l..|{. ..(3ma..}| +00000240 e7 c4 5c 27 c9 d9 ca f9 fe 21 6f 7f 05 34 37 54 |..\'.....!o..47T| +00000250 30 59 68 e1 04 36 60 52 d7 fc 4f 8c 67 f6 42 88 |0Yh..6`R..O.g.B.| +00000260 bc 41 5f 8e 2c 05 dd 6a b0 49 6c d8 8e 9c 9e 06 |.A_.,..j.Il.....| +00000270 35 f9 f1 33 f2 54 b0 3f 9e bd 4f c7 48 aa a3 9e |5..3.T.?..O.H...| +00000280 fe 69 79 16 e0 5a ca 48 72 fe 52 4a f1 6f f1 e0 |.iy..Z.Hr.RJ.o..| +00000290 8c fe 16 15 ce c9 87 dc 9b 66 4d 3a bb 05 21 82 |.........fM:..!.| +000002a0 21 65 cb 7b da 06 1a 0b 53 ee 60 e4 79 0f bc 5d |!e.{....S.`.y..]| +000002b0 b6 52 fd 3b 33 28 97 6c 67 d7 ab 3d b0 da bb ac |.R.;3(.lg..=....| +000002c0 0d d9 06 81 a3 6c 1f ad b8 05 20 63 2b c7 cb 4b |.....l.... c+..K| +000002d0 e2 96 6e 3d f1 9c 0a 6a c6 01 3e 3a d0 54 c8 09 |..n=...j..>:.T..| +000002e0 9b 17 a0 cc d6 d0 82 d1 02 a8 eb 9d 91 7e 30 b9 |.............~0.| +000002f0 3d 5e 6d 43 fc 50 f8 9f 80 67 7a e3 33 30 cd b7 |=^mC.P...gz.30..| +00000300 00 b3 bc 17 50 82 6c 80 67 bd c4 12 11 b1 53 22 |....P.l.g.....S"| +00000310 96 67 07 90 d4 54 5c f1 5d ca cd f8 b5 35 94 e0 |.g...T\.]....5..| +00000320 21 e6 58 d7 b0 32 ca 24 90 11 30 f5 2b 1d ca 3d |!.X..2.$..0.+..=| +00000330 6a 6d 35 fa 17 03 03 00 99 ad ab 79 79 28 a0 a9 |jm5........yy(..| +00000340 9a cd 6d 8d 8c 92 2e 83 3d d4 be c7 50 61 f5 49 |..m.....=...Pa.I| +00000350 97 6c ab 92 d4 a7 1a 6f fc 5b dd 6e 73 0d bd d2 |.l.....o.[.ns...| +00000360 09 52 9f c9 de bb 8d 09 0a 4f e0 c5 9a 08 79 4c |.R.......O....yL| +00000370 fc 01 b3 94 45 f6 1d bd 8d 23 62 14 14 65 4c 2a |....E....#b..eL*| +00000380 d9 ad 8f 76 5a 5e 9d da 68 37 c7 b1 54 1e b4 bd |...vZ^..h7..T...| +00000390 d3 15 b8 89 94 87 8b 17 17 0f 4c dc db a8 3b 2f |..........L...;/| +000003a0 e5 e2 25 d6 ec f6 f4 bb ab d0 c5 7f 2a cb c6 57 |..%.........*..W| +000003b0 84 50 3a e7 62 8b 76 ae 6a 06 6b 85 1c 23 f1 d1 |.P:.b.v.j.k..#..| +000003c0 10 e2 6f 57 8c 20 7d da 2d f8 bc c5 df 4e 7c 22 |..oW. }.-....N|"| +000003d0 d8 36 17 03 03 00 35 62 fa d4 65 7f 9a 97 5b ec |.6....5b..e...[.| +000003e0 25 4a 3a 43 18 08 08 fb 7f 9d 3b 73 64 9e f3 7a |%J:C......;sd..z| +000003f0 28 f1 a0 0e 00 7a 51 74 0e 6b 90 c6 39 7a 09 98 |(....zQt.k..9z..| +00000400 6e d8 63 cc 1f f0 8f bc 37 66 27 a0 |n.c.....7f'.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 ba 59 57 3e a3 |..........5.YW>.| +00000010 cd 02 7f 7c c2 16 f5 6b ec 42 66 aa a2 7a 3d 47 |...|...k.Bf..z=G| +00000020 43 c9 02 4b a3 72 d0 4d fa f8 32 28 1a 19 16 6a |C..K.r.M..2(...j| +00000030 7c 0e 4a 75 80 94 34 fe 30 7b d0 52 15 48 10 30 ||.Ju..4.0{.R.H.0| +00000040 17 03 03 00 17 5d de 53 df 00 21 ca 6d 69 ff 45 |.....].S..!.mi.E| +00000050 2e 53 57 db 3f 8d d8 6c 5a e1 f8 cc 17 03 03 00 |.SW.?..lZ.......| +00000060 13 43 d9 94 95 41 af 1d 80 a7 f2 28 2a 44 50 8d |.C...A.....(*DP.| +00000070 41 8f 82 09 |A...| diff --git a/tls/testdata/Client-TLSv13-X25519-ECDHE b/tls/testdata/Client-TLSv13-X25519-ECDHE new file mode 100644 index 00000000..4e3eb760 --- /dev/null +++ b/tls/testdata/Client-TLSv13-X25519-ECDHE @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f4 01 00 00 f0 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 75 00 05 00 05 01 00 00 00 00 00 0a 00 |...u............| +00000090 04 00 02 00 1d 00 0b 00 02 01 00 00 0d 00 1a 00 |................| +000000a0 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 06 |................| +000000b0 01 05 03 06 03 02 01 02 03 ff 01 00 01 00 00 12 |................| +000000c0 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 |...+............| +000000d0 33 00 26 00 24 00 1d 00 20 2f e5 7d a3 47 cd 62 |3.&.$... /.}.G.b| +000000e0 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +000000f0 c2 ed 90 99 5f 58 cb 3b 74 |...._X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 5d 2e e6 ba 34 |....z...v..]...4| +00000010 6c 42 bb 48 58 fe c5 f0 95 f9 34 11 04 b5 2a f4 |lB.HX.....4...*.| +00000020 f1 16 41 db 14 a0 19 d8 43 7c 09 20 00 00 00 00 |..A.....C|. ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 82 |..+.....3.$... .| +00000060 de 1b d1 83 7a e1 46 cc c7 36 15 62 48 07 6b f6 |....z.F..6.bH.k.| +00000070 eb 0a 53 a3 34 cd 34 ee cc 0c d0 c9 02 d5 38 14 |..S.4.4.......8.| +00000080 03 03 00 01 01 17 03 03 00 17 3d 0c 61 12 1b 55 |..........=.a..U| +00000090 6e f4 13 59 c8 4a e7 12 63 5d bf be 34 9f d7 2a |n..Y.J..c]..4..*| +000000a0 c2 17 03 03 02 6d 82 e8 43 93 e4 80 4d a7 d2 cf |.....m..C...M...| +000000b0 43 9d 71 8d cc 78 e8 e9 58 7e 28 53 57 6d 95 1e |C.q..x..X~(SWm..| +000000c0 fb 98 05 ec 66 47 d9 a1 6a b5 f4 28 09 4a 6c 4c |....fG..j..(.JlL| +000000d0 ee a0 1a 86 e7 29 c0 0e d8 e0 ca 2d bb 50 e4 34 |.....).....-.P.4| +000000e0 8d 66 be 54 b5 df 94 fc 69 0e a6 9a 76 8b 8f f5 |.f.T....i...v...| +000000f0 a9 01 1a 1d 8d b0 ae a9 0c 10 58 13 f9 91 80 43 |..........X....C| +00000100 69 f8 3f 03 14 8e 73 1a ce 52 72 86 3d 60 8b 0f |i.?...s..Rr.=`..| +00000110 38 e7 4b 43 f0 b3 4b 12 3a a7 cd 4b ac ef 7d fb |8.KC..K.:..K..}.| +00000120 27 3a 38 36 ad a5 90 eb 57 80 47 99 bc c6 58 55 |':86....W.G...XU| +00000130 15 6f 53 f7 83 ca 2b 89 ae be 23 9a 83 3c 6b b1 |.oS...+...#..>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 7d 5e 95 38 a2 |..........5}^.8.| +00000010 d3 f4 04 59 57 2a 1a 86 ac 12 8e 17 88 fb 52 25 |...YW*........R%| +00000020 1d 19 2c c5 ac 57 c9 bf af 07 e7 c1 4d f3 dd f0 |..,..W......M...| +00000030 13 ad a1 73 07 32 a4 c5 7c 9e ad 5a 88 59 57 4b |...s.2..|..Z.YWK| +00000040 17 03 03 00 17 e2 65 4f bd 1f bb 00 a1 6b ae a4 |......eO.....k..| +00000050 9d d3 d2 6e 7b 62 b5 09 19 d6 8f 1b 17 03 03 00 |...n{b..........| +00000060 13 96 de 94 2b a7 bb c5 4b 7e 02 b2 27 07 4d 49 |....+...K~..'.MI| +00000070 32 2b 83 48 |2+.H| diff --git a/tls/testdata/Server-SSLv3-RSA-3DES b/tls/testdata/Server-SSLv3-RSA-3DES deleted file mode 100644 index a6c7a419..00000000 --- a/tls/testdata/Server-SSLv3-RSA-3DES +++ /dev/null @@ -1,83 +0,0 @@ ->>> Flow 1 (client to server) -00000000 16 03 00 00 2f 01 00 00 2b 03 00 52 cc 57 59 d8 |..../...+..R.WY.| -00000010 86 d6 07 ae e0 8d 63 b7 1e cb aa c6 67 32 c8 dd |......c.....g2..| -00000020 68 03 d8 3d 37 18 72 c3 c0 f1 9d 00 00 04 00 0a |h..=7.r.........| -00000030 00 ff 01 00 |....| ->>> Flow 2 (server to client) -00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 00 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 00 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| ->>> Flow 3 (client to server) -00000000 16 03 00 00 84 10 00 00 80 75 e0 c9 76 d6 e9 34 |.........u..v..4| -00000010 1d e3 31 9e db 3b 03 41 93 e8 db 73 7c e9 3f 6a |..1..;.A...s|.?j| -00000020 d8 2a 7b 25 83 4f 45 de 3f 78 3f b6 53 a7 b4 6c |.*{%.OE.?x?.S..l| -00000030 e3 87 c4 c3 70 55 71 79 55 dc 74 98 84 21 19 13 |....pUqyU.t..!..| -00000040 be d5 8e 0a ff 2f 9f 7a 6b d4 6c ef 78 d1 cb 65 |...../.zk.l.x..e| -00000050 32 4c 0c c5 29 b9 60 94 c6 79 56 a2 aa 2d d9 ad |2L..).`..yV..-..| -00000060 51 2c 54 1b 28 23 33 54 cd 48 cb 80 13 45 3d 4a |Q,T.(#3T.H...E=J| -00000070 8e 2f f2 da bd 68 3e 1b eb 73 f9 2d 35 6b b1 40 |./...h>..s.-5k.@| -00000080 2e 6d 9d 1c e9 c1 02 80 37 14 03 00 00 01 01 16 |.m......7.......| -00000090 03 00 00 40 f7 c3 dd a4 64 3d 81 24 de a2 81 7d |...@....d=.$...}| -000000a0 e4 df 78 46 e7 ba 93 6c 36 43 05 96 fc 75 ef ec |..xF...l6C...u..| -000000b0 a5 46 6d 47 a5 be 74 ad 15 93 d9 87 4f 1d e2 b3 |.FmG..t.....O...| -000000c0 03 ff 2e 89 6e 50 f4 d6 a6 e2 b3 54 cb 74 07 f7 |....nP.....T.t..| -000000d0 ca 1b 8c 0a |....| ->>> Flow 4 (server to client) -00000000 14 03 00 00 01 01 16 03 00 00 40 6d 3d d8 d5 cf |..........@m=...| -00000010 05 7d 98 8c 28 28 e2 43 ab ad 4a fa ae bf ec c3 |.}..((.C..J.....| -00000020 9c 0a 13 4d 28 a4 45 c4 b9 f2 bc c5 12 a2 68 91 |...M(.E.......h.| -00000030 77 fa 72 f8 9e 4e b7 1f b4 02 02 e3 5d 57 b0 8b |w.r..N......]W..| -00000040 d8 90 0c 9d e6 df 5b 90 92 a1 0d 17 03 00 00 18 |......[.........| -00000050 91 48 8a e1 d6 bf 79 1c d5 0a 70 d5 94 20 25 78 |.H....y...p.. %x| -00000060 d8 84 c8 6e 54 f0 99 01 17 03 00 00 28 74 19 90 |...nT.......(t..| -00000070 41 44 53 27 bb fb 1f fd 71 34 20 61 a0 eb a4 7c |ADS'....q4 a...|| -00000080 fe 36 f8 4b d7 b0 27 d3 b9 36 e1 67 af 2d 0e 23 |.6.K..'..6.g.-.#| -00000090 2b 76 a7 2f c3 15 03 00 00 18 db fc e9 fd 87 5f |+v./..........._| -000000a0 92 a8 3d 4b 35 f5 c6 48 2c b4 42 50 c3 81 28 f0 |..=K5..H,.BP..(.| -000000b0 2b 41 |+A| diff --git a/tls/testdata/Server-SSLv3-RSA-AES b/tls/testdata/Server-SSLv3-RSA-AES deleted file mode 100644 index 4885b267..00000000 --- a/tls/testdata/Server-SSLv3-RSA-AES +++ /dev/null @@ -1,84 +0,0 @@ ->>> Flow 1 (client to server) -00000000 16 03 00 00 2f 01 00 00 2b 03 00 52 cc 57 59 30 |..../...+..R.WY0| -00000010 e1 ee 8c 60 5b 40 dd 95 bd b4 84 87 2f 01 15 e7 |...`[@....../...| -00000020 50 88 4c 82 6b 6d 93 8a 57 d0 27 00 00 04 00 2f |P.L.km..W.'..../| -00000030 00 ff 01 00 |....| ->>> Flow 2 (server to client) -00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| -00000030 05 ff 01 00 01 00 16 03 00 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 00 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| ->>> Flow 3 (client to server) -00000000 16 03 00 00 84 10 00 00 80 74 50 05 6f f5 83 c9 |.........tP.o...| -00000010 f5 0c 5a 65 c7 4e c6 f3 87 96 d7 5d 3e 88 27 32 |..Ze.N.....]>.'2| -00000020 89 12 ba ec db ef c0 85 70 84 ed b6 83 03 8f 44 |........p......D| -00000030 f5 6f fa fa d0 1f 95 30 d1 ae a7 71 cf ee e9 b1 |.o.....0...q....| -00000040 80 7b 34 a9 ea 1b 5e e5 71 40 3f e8 7d 30 d1 8b |.{4...^.q@?.}0..| -00000050 11 f1 68 1f c8 25 f0 77 c5 af b3 92 6e d9 81 cc |..h..%.w....n...| -00000060 f8 fd 82 95 cc 1f 4a b1 05 15 7a b3 a1 22 33 09 |......J...z.."3.| -00000070 e7 a5 c2 89 7f 03 e0 91 b6 61 a3 a0 4e 17 0d 7a |.........a..N..z| -00000080 13 01 c4 b6 50 c7 d9 81 15 14 03 00 00 01 01 16 |....P...........| -00000090 03 00 00 40 56 da 56 ab e6 26 98 58 53 1f 36 b5 |...@V.V..&.XS.6.| -000000a0 03 14 bd 42 29 ee 9c 7c e4 48 26 82 68 ae fd fe |...B)..|.H&.h...| -000000b0 5e a4 43 22 75 95 7b c8 77 88 fd d6 d4 9b c9 b5 |^.C"u.{.w.......| -000000c0 ee 3e a6 e8 c5 04 90 63 3f ac be 56 67 da 30 d4 |.>.....c?..Vg.0.| -000000d0 64 fb a8 a0 |d...| ->>> Flow 4 (server to client) -00000000 14 03 00 00 01 01 16 03 00 00 40 96 af fb 79 96 |..........@...y.| -00000010 92 97 2d d0 67 46 1e 08 b5 35 65 ef dc bc 8e 57 |..-.gF...5e....W| -00000020 53 b7 36 58 74 d7 88 b1 55 fc eb fa 2e f3 17 b7 |S.6Xt...U.......| -00000030 62 58 a0 9d 99 e1 85 d4 33 e0 b4 1f 1d 94 f2 88 |bX......3.......| -00000040 d5 9a 34 5b 74 cd d2 ff 87 bd 52 17 03 00 00 20 |..4[t.....R.... | -00000050 c6 61 c2 28 ac d2 0c 08 7f f1 c2 62 af 37 7e 78 |.a.(.......b.7~x| -00000060 e8 e2 a1 54 f2 3a 80 97 f8 47 64 f2 cd 94 dd 0b |...T.:...Gd.....| -00000070 17 03 00 00 30 b8 40 8f a3 18 ff 03 84 d4 1c 28 |....0.@........(| -00000080 82 ce d8 9a 81 3a dd 23 7c 65 d8 ca f7 f1 46 1b |.....:.#|e....F.| -00000090 70 f0 d7 d9 54 a7 71 e6 4d d4 25 61 5a e4 30 d3 |p...T.q.M.%aZ.0.| -000000a0 4a 42 ae 26 a5 15 03 00 00 20 c4 e8 ed 40 57 00 |JB.&..... ...@W.| -000000b0 dc a5 0e 82 90 47 92 08 dd 7e 50 6b 30 66 5e 90 |.....G...~Pk0f^.| -000000c0 73 7c 81 93 8d 24 b1 06 e7 39 |s|...$...9| diff --git a/tls/testdata/Server-SSLv3-RSA-RC4 b/tls/testdata/Server-SSLv3-RSA-RC4 deleted file mode 100644 index 1314b659..00000000 --- a/tls/testdata/Server-SSLv3-RSA-RC4 +++ /dev/null @@ -1,79 +0,0 @@ ->>> Flow 1 (client to server) -00000000 16 03 00 00 2f 01 00 00 2b 03 00 52 cc 57 59 79 |..../...+..R.WYy| -00000010 b9 3b ef df 53 fb 09 f6 01 e5 18 0a fc 3d 65 bb |.;..S........=e.| -00000020 cf 9c 4c 77 b1 e8 6b 4f 5f c7 94 00 00 04 00 05 |..Lw..kO_.......| -00000030 00 ff 01 00 |....| ->>> Flow 2 (server to client) -00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 00 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 00 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| ->>> Flow 3 (client to server) -00000000 16 03 00 00 84 10 00 00 80 4d 66 7a f3 f8 ab 86 |.........Mfz....| -00000010 43 4c 5f 7c 52 ca e7 3f ba 62 b3 82 88 16 7d ca |CL_|R..?.b....}.| -00000020 3a 66 15 c0 36 55 2c ab bf 30 6b cd 9c d8 b9 48 |:f..6U,..0k....H| -00000030 03 c9 d0 98 ab 0b a6 5b 39 c8 fe 82 8e bb f0 16 |.......[9.......| -00000040 6f 96 62 81 f2 dc 52 02 c9 de e4 47 73 21 6e 1e |o.b...R....Gs!n.| -00000050 3a 11 89 7a e2 6b 9e 04 64 72 15 ba 2d 10 a2 69 |:..z.k..dr..-..i| -00000060 07 e6 ba 17 cf 54 d6 4e 5f 99 e8 59 8b 54 ce 8e |.....T.N_..Y.T..| -00000070 6b 58 ba 83 68 46 4a 5f 43 3e 9b e1 32 a2 19 42 |kX..hFJ_C>..2..B| -00000080 46 0f e4 47 1a 3b 16 5f e1 14 03 00 00 01 01 16 |F..G.;._........| -00000090 03 00 00 3c 78 7e ee da 0d 38 0b 1a d6 d4 8e d5 |...>> Flow 4 (server to client) -00000000 14 03 00 00 01 01 16 03 00 00 3c 23 29 64 62 23 |..........<#)db#| -00000010 19 20 f8 2e 15 07 ee c8 f4 ab f0 3e 66 c3 ed 7b |. .........>f..{| -00000020 7c a7 c2 7e c3 25 3c 8f f3 04 dc 37 e8 fc 0a 1d ||..~.%<....7....| -00000030 fa 7a 09 d4 21 11 e3 24 21 4b 37 d1 85 cc 40 bf |.z..!..$!K7...@.| -00000040 bd bd f8 59 6b cd 73 17 03 00 00 21 47 1d ac 54 |...Yk.s....!G..T| -00000050 bd 58 a6 c0 04 e2 0c 6b 66 64 5a 85 09 0e 47 fc |.X.....kfdZ...G.| -00000060 0b 57 ee f1 24 b6 89 57 46 be 6b 0d f2 15 03 00 |.W..$..WF.k.....| -00000070 00 16 b4 f7 34 99 19 43 b6 b3 5a 8b c3 d2 67 2f |....4..C..Z...g/| -00000080 3b 19 1c 31 d4 f9 bd 96 |;..1....| diff --git a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES index 9b8cb4d9..1132b39f 100644 --- a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES @@ -1,84 +1,80 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 76 01 00 00 72 03 01 53 04 f0 f9 4b |....v...r..S...K| -00000010 30 a8 68 d0 79 13 14 69 ee 3b 5d 05 cb 71 63 43 |0.h.y..i.;]..qcC| -00000020 4a 55 6b 05 25 53 19 ba e0 2f b1 00 00 04 c0 0a |JUk.%S.../......| -00000030 00 ff 01 00 00 45 00 0b 00 04 03 00 01 02 00 0a |.....E..........| -00000040 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 |.4.2............| -00000050 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 |................| -00000060 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 |................| -00000070 00 0f 00 10 00 11 00 0f 00 01 01 |...........| +00000000 16 03 01 00 63 01 00 00 5f 03 01 38 de f5 d6 ae |....c..._..8....| +00000010 46 71 e8 02 f2 45 88 b8 64 fb 6e 68 67 d1 7f e8 |Fq...E..d.nhg...| +00000020 49 71 1e a9 ec 8e 54 06 bb 2b 16 00 00 04 c0 0a |Iq....T..+......| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) -00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 01 02 0e 0b 00 02 0a 00 |................| -00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...| -00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.| -00000060 3d 04 01 30 45 31 0b 30 09 06 03 55 04 06 13 02 |=..0E1.0...U....| -00000070 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000080 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000090 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -000000a0 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 32 |ts Pty Ltd0...12| -000000b0 31 31 32 32 31 35 30 36 33 32 5a 17 0d 32 32 31 |1122150632Z..221| -000000c0 31 32 30 31 35 30 36 33 32 5a 30 45 31 0b 30 09 |120150632Z0E1.0.| -000000d0 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| -000000e0 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| -000000f0 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| -00000100 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| -00000110 64 30 81 9b 30 10 06 07 2a 86 48 ce 3d 02 01 06 |d0..0...*.H.=...| -00000120 05 2b 81 04 00 23 03 81 86 00 04 00 c4 a1 ed be |.+...#..........| -00000130 98 f9 0b 48 73 36 7e c3 16 56 11 22 f2 3d 53 c3 |...Hs6~..V.".=S.| -00000140 3b 4d 21 3d cd 6b 75 e6 f6 b0 dc 9a df 26 c1 bc |;M!=.ku......&..| -00000150 b2 87 f0 72 32 7c b3 64 2f 1c 90 bc ea 68 23 10 |...r2|.d/....h#.| -00000160 7e fe e3 25 c0 48 3a 69 e0 28 6d d3 37 00 ef 04 |~..%.H:i.(m.7...| -00000170 62 dd 0d a0 9c 70 62 83 d8 81 d3 64 31 aa 9e 97 |b....pb....d1...| -00000180 31 bd 96 b0 68 c0 9b 23 de 76 64 3f 1a 5c 7f e9 |1...h..#.vd?.\..| -00000190 12 0e 58 58 b6 5f 70 dd 9b d8 ea d5 d7 f5 d5 cc |..XX._p.........| -000001a0 b9 b6 9f 30 66 5b 66 9a 20 e2 27 e5 bf fe 3b 30 |...0f[f. .'...;0| -000001b0 09 06 07 2a 86 48 ce 3d 04 01 03 81 8c 00 30 81 |...*.H.=......0.| -000001c0 88 02 42 01 88 a2 4f eb e2 45 c5 48 7d 1b ac f5 |..B...O..E.H}...| -000001d0 ed 98 9d ae 47 70 c0 5e 1b b6 2f bd f1 b6 4d b7 |....Gp.^../...M.| -000001e0 61 40 d3 11 a2 ce ee 0b 7e 92 7e ff 76 9d c3 3b |a@......~.~.v..;| -000001f0 7e a5 3f ce fa 10 e2 59 ec 47 2d 7c ac da 4e 97 |~.?....Y.G-|..N.| -00000200 0e 15 a0 6f d0 02 42 01 4d fc be 67 13 9c 2d 05 |...o..B.M..g..-.| -00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7| -00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.| -00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1| -00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 01 00 d6 0c 00 |{j.9....*.......| -00000250 00 d2 03 00 17 41 04 1e 18 37 ef 0d 19 51 88 35 |.....A...7...Q.5| -00000260 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 3e |uq..T[....g..$ >| -00000270 b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f 6c |.V...(^.+-O....l| -00000280 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 1a |K[.V.2B.X..I..h.| -00000290 41 03 56 6b dc 5a 89 00 8b 30 81 88 02 42 00 c6 |A.Vk.Z...0...B..| -000002a0 85 8e 06 b7 04 04 e9 cd 9e 3e cb 66 23 95 b4 42 |.........>.f#..B| -000002b0 9c 64 81 39 05 3f b5 21 f8 28 af 60 6b 4d 3d ba |.d.9.?.!.(.`kM=.| -000002c0 a1 4b 5e 77 ef e7 59 28 fe 1d c1 27 a2 ff a8 de |.K^w..Y(...'....| -000002d0 33 48 b3 c1 85 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 |3H...jB..~~1...f| -000002e0 02 42 00 ad 7d 06 35 ab ec 8d ac d4 ba 1b 49 5e |.B..}.5.......I^| -000002f0 05 5f f0 97 93 82 b8 2b 8d 91 98 63 8e b4 14 62 |._.....+...c...b| -00000300 db 1e c9 2b 30 f8 41 9b a6 e6 bc de 0e 68 30 21 |...+0.A......h0!| -00000310 d8 ef 2f 05 42 da f2 e0 2c 06 33 1d 0d 9a 1a 75 |../.B...,.3....u| -00000320 59 a7 3a bc 16 03 01 00 04 0e 00 00 00 |Y.:..........| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 c0 0a 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 01 02 |................| +00000040 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 00 30 |...........0...0| +00000050 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 30 09 |..b.....-G....0.| +00000060 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 09 06 |..*.H.=..0E1.0..| +00000070 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 |.U....AU1.0...U.| +00000080 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 |...Some-State1!0| +00000090 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 |...U....Internet| +000000a0 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 | Widgits Pty Ltd| +000000b0 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 33 32 |0...121122150632| +000000c0 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 32 5a |Z..221120150632Z| +000000d0 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 |0E1.0...U....AU1| +000000e0 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 |.0...U....Some-S| +000000f0 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 |tate1!0...U....I| +00000100 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 |nternet Widgits | +00000110 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 2a 86 |Pty Ltd0..0...*.| +00000120 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +00000130 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 16 56 |.........Hs6~..V| +00000140 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 f6 b0 |.".=S.;M!=.ku...| +00000150 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 2f 1c |...&.....r2|.d/.| +00000160 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 e0 28 |...h#.~..%.H:i.(| +00000170 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 d8 81 |m.7...b....pb...| +00000180 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 de 76 |.d1...1...h..#.v| +00000190 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd 9b d8 |d?.\....XX._p...| +000001a0 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a 20 e2 |.........0f[f. .| +000001b0 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d 04 01 |'...;0...*.H.=..| +000001c0 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb e2 45 |....0...B...O..E| +000001d0 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e 1b b6 |.H}.......Gp.^..| +000001e0 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b 7e 92 |/...M.a@......~.| +000001f0 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 ec 47 |~.v..;~.?....Y.G| +00000200 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 4d fc |-|..N....o..B.M.| +00000210 be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 13 83 |.g..-...?..%.3..| +00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| +00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| +00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| +00000250 03 01 00 b5 0c 00 00 b1 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 8b 30 81 |......._X.;t..0.| +00000280 88 02 42 01 ad 26 fd 16 9a 93 5f 87 ce 29 8c d2 |..B..&...._..)..| +00000290 56 a7 d2 59 56 bd d3 1f 90 54 bd af 91 81 25 ff |V..YV....T....%.| +000002a0 66 74 57 16 2f 31 f2 5a 48 97 03 b9 41 4c 8e bb |ftW./1.ZH...AL..| +000002b0 87 31 ed 71 84 37 63 78 9f 0a c7 9d 5e f3 5a 53 |.1.q.7cx....^.ZS| +000002c0 88 89 46 ba a7 02 42 00 92 74 15 1c 0e 1f 2f 95 |..F...B..t..../.| +000002d0 e5 79 d5 e9 90 ce d8 96 0d fd b8 42 55 00 94 08 |.y.........BU...| +000002e0 4e 47 a9 ea bd 67 0b 02 a6 9e 8b d3 09 e5 53 ea |NG...g........S.| +000002f0 03 22 2e 2d 78 2c 69 1d 28 ab 13 3d 0a 46 15 09 |.".-x,i.(..=.F..| +00000300 b6 0b 74 69 2d 5a 96 bf b6 16 03 01 00 04 0e 00 |..ti-Z..........| +00000310 00 00 |..| >>> Flow 3 (client to server) -00000000 16 03 01 00 46 10 00 00 42 41 04 08 28 cf bd 3c |....F...BA..(..<| -00000010 3c cc 98 9e 73 3f 92 a7 cb 22 83 3b c7 61 46 0e |<...s?...".;.aF.| -00000020 4d 7c 30 b5 06 85 2f 01 be b5 40 e2 64 1e 45 c1 |M|0.../...@.d.E.| -00000030 9d 73 95 d5 65 92 0b 9b e7 6f c6 91 ab b6 fa be |.s..e....o......| -00000040 61 83 a7 f2 eb f5 65 31 fe 24 7b 14 03 01 00 01 |a.....e1.${.....| -00000050 01 16 03 01 00 30 15 d1 c4 ca 0b 01 84 13 5a ba |.....0........Z.| -00000060 89 04 87 73 7c bb d8 89 7e 10 27 ba 6f 5d dc d3 |...s|...~.'.o]..| -00000070 b5 ef 32 86 58 cc fb eb 5c 32 9e 95 ef 01 1c ac |..2.X...\2......| -00000080 dc 8e df 7f fe 0a |......| +00000000 16 03 01 00 25 10 00 00 21 20 82 c0 dd 83 c2 45 |....%...! .....E| +00000010 a2 bc 3a 2a ec ab 60 8e 02 e0 db 7c 59 83 c1 62 |..:*..`....|Y..b| +00000020 c7 cc 61 1e de dc 40 e4 65 6c 14 03 01 00 01 01 |..a...@.el......| +00000030 16 03 01 00 30 3e 26 56 0b a2 10 47 00 55 27 21 |....0>&V...G.U'!| +00000040 63 33 f2 7d 4b ba 77 5f e7 a7 09 7a 1f 51 85 f2 |c3.}K.w_...z.Q..| +00000050 46 a5 af 80 79 1a c7 72 bb 3d f9 dd 1d 83 05 22 |F...y..r.=....."| +00000060 c9 6c dd 91 d9 |.l...| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 e8 48 86 81 3c |..........0.H..<| -00000010 f5 25 5c 94 a9 06 c4 5c 71 62 b1 43 76 ec 2c 44 |.%\....\qb.Cv.,D| -00000020 95 b5 8c 95 d2 ff 82 92 b6 fc 52 75 03 c6 a1 f0 |..........Ru....| -00000030 99 6d b1 ed ec 68 6c d7 9f 18 50 17 03 01 00 20 |.m...hl...P.... | -00000040 32 d9 26 8a 81 b8 9d a5 7b fd d5 4e 7a db 2e 29 |2.&.....{..Nz..)| -00000050 58 9a 4f 6a 27 18 bc dc c2 49 b8 65 cb 8e 16 5a |X.Oj'....I.e...Z| -00000060 17 03 01 00 30 c4 56 0a ad 9a 82 cb 3e 32 f1 7c |....0.V.....>2.|| -00000070 95 6e dd cd e9 4d f0 e5 2d c9 a3 f7 de bb d7 fd |.n...M..-.......| -00000080 84 bb df 34 8c 64 1f 03 58 64 19 4a 5b 7a a8 81 |...4.d..Xd.J[z..| -00000090 52 bb 51 0a 43 15 03 01 00 20 89 18 7a 40 ec 49 |R.Q.C.... ..z@.I| -000000a0 52 d5 d3 20 ac 07 eb e9 4a 78 23 cf e7 21 32 74 |R.. ....Jx#..!2t| -000000b0 ec 40 8d a8 f4 33 1c ae 93 cf |.@...3....| +00000000 14 03 01 00 01 01 16 03 01 00 30 38 fa fd 42 8f |..........08..B.| +00000010 80 5a 7c 33 d4 6c 72 f7 4e 2f 00 ab c2 86 58 9d |.Z|3.lr.N/....X.| +00000020 fc a5 43 fa ea 5b a1 ee a9 df df 9d 90 4c c0 e3 |..C..[.......L..| +00000030 10 09 c4 23 21 f9 e9 69 f5 f8 fa 17 03 01 00 20 |...#!..i....... | +00000040 1e 57 17 e4 96 06 32 d4 00 a3 98 ed bd 1c 61 78 |.W....2.......ax| +00000050 e7 0d 89 ec 84 c3 56 fa 75 73 87 6f 47 35 80 3f |......V.us.oG5.?| +00000060 17 03 01 00 30 4d 51 0a dd 70 6d b0 c2 d1 46 5c |....0MQ..pm...F\| +00000070 b5 03 87 de e6 65 d3 e2 83 e0 33 f8 a2 0a 29 7f |.....e....3...).| +00000080 6c 24 2b 1f 7b 2b 53 19 21 e9 62 6c 31 75 9c be |l$+.{+S.!.bl1u..| +00000090 5b b0 3d 5b 1a 15 03 01 00 20 19 51 64 4b 5a 9b |[.=[..... .QdKZ.| +000000a0 c8 2a 1c e7 9e 29 d9 df ad 1d 08 09 82 a3 b1 1d |.*...)..........| +000000b0 60 99 00 25 30 51 a1 72 b6 27 |`..%0Q.r.'| diff --git a/tls/testdata/Server-TLSv10-ExportKeyingMaterial b/tls/testdata/Server-TLSv10-ExportKeyingMaterial new file mode 100644 index 00000000..a5d9ee4c --- /dev/null +++ b/tls/testdata/Server-TLSv10-ExportKeyingMaterial @@ -0,0 +1,93 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 63 01 00 00 5f 03 01 7a df fa af 20 |....c..._..z... | +00000010 74 5a 83 3b 91 95 b4 9b 57 d8 6b f2 88 2a 68 e8 |tZ.;....W.k..*h.| +00000020 b8 9e e7 88 a6 c5 e7 59 08 ff 9b 00 00 12 c0 0a |.......Y........| +00000030 c0 14 00 39 c0 09 c0 13 00 33 00 35 00 2f 00 ff |...9.....3.5./..| +00000040 01 00 00 24 00 0b 00 04 03 00 01 02 00 0a 00 0c |...$............| +00000050 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 |.............#..| +00000060 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 16 03 01 00 3b 02 00 00 37 03 01 00 00 00 00 00 |....;...7.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 c0 14 00 00 |...DOWNGRD......| +00000030 0f 00 23 00 00 ff 01 00 01 00 00 0b 00 02 01 00 |..#.............| +00000040 16 03 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 |....Y...U..R..O0| +00000050 82 02 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 |..K0............| +00000060 f0 9d 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 |..?.[..0...*.H..| +00000070 0d 01 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 |......0.1.0...U.| +00000080 0a 13 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 |...Go1.0...U....| +00000090 47 6f 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 |Go Root0...16010| +000000a0 31 30 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 |1000000Z..250101| +000000b0 30 30 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 |000000Z0.1.0...U| +000000c0 04 0a 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 |....Go1.0...U...| +000000d0 02 47 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d |.Go0..0...*.H...| +000000e0 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 |.........0......| +000000f0 db 46 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 |.F}...'.H..(!.~.| +00000100 b6 a2 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 |..]..RE.z6G....B| +00000110 5b c2 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 |[.....y.@.Om..+.| +00000120 8b c2 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 |....g....."8.J.t| +00000130 73 2b c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c |s+.4......t{.X.l| +00000140 61 3c c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd |a<..A..++$#w[.;.| +00000150 75 5d ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a |u]. T..c...$....| +00000160 50 8b aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 |P....C...ub...R.| +00000170 02 03 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 |........0..0...U| +00000180 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 |...........0...U| +00000190 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +000001a0 06 08 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d |..+.......0...U.| +000001b0 13 01 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 |......0.0...U...| +000001c0 12 04 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 |.......CC>I..m..| +000001d0 d7 9f 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 |..`0...U.#..0...| +000001e0 48 13 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b |H.IM.~.1......n{| +000001f0 30 19 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 |0...U....0...exa| +00000200 6d 70 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a |mple.golang0...*| +00000210 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 |.H.............0| +00000220 cc 40 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 |.@+[P.a...SX...(| +00000230 a9 58 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 |.X..8....1Z..f=C| +00000240 d3 2d d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc |.-...... d8.$:..| +00000250 cf 9c 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd |..}.@ ._...a..v.| +00000260 13 c3 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb |.....\.....l..s.| +00000270 b3 43 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 |.Cw.......@.a.Lr| +00000280 2b 9d ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 |+...F..M...>...B| +00000290 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 |...=.`.\!.;.....| +000002a0 01 00 aa 0c 00 00 a6 03 00 1d 20 2f e5 7d a3 47 |.......... /.}.G| +000002b0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 80 bb 96 fe |......_X.;t.....| +000002d0 bf a0 81 24 bc 40 b4 e2 37 b1 c9 66 2d c3 c1 bb |...$.@..7..f-...| +000002e0 89 fb 28 23 60 76 b1 e6 2c c1 e9 06 d0 95 c5 10 |..(#`v..,.......| +000002f0 17 ce 79 36 c2 14 e0 1d 1d 0d 0e 49 3e b9 7f 00 |..y6.......I>...| +00000300 ad e3 1d 37 ab ce 2c 37 dc eb be aa 6c 28 33 05 |...7..,7....l(3.| +00000310 53 fd 06 17 b4 85 b9 b8 35 1c a7 3c bb 07 3f 4b |S.......5..<..?K| +00000320 53 98 00 4d 8e 49 bd 35 55 64 92 d0 a0 db 05 80 |S..M.I.5Ud......| +00000330 57 24 78 cd 10 ed ae f0 6a 83 bc b4 4d 77 79 ba |W$x.....j...Mwy.| +00000340 6e e7 2e 8f ac 9e 98 34 36 9d a9 27 f0 16 03 01 |n......46..'....| +00000350 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 01 00 25 10 00 00 21 20 00 ad c5 2b 21 7f |....%...! ...+!.| +00000010 8e 44 f2 f5 32 22 c8 c2 c6 de 2c 0b 7a a9 24 b6 |.D..2"....,.z.$.| +00000020 03 20 c0 cc 79 2e 11 2f d3 43 14 03 01 00 01 01 |. ..y../.C......| +00000030 16 03 01 00 30 78 5c 32 72 a1 c8 3b 9c 7b 77 0b |....0x\2r..;.{w.| +00000040 a0 28 52 55 17 16 d5 39 89 d0 43 bf 67 29 85 6f |.(RU...9..C.g).o| +00000050 b5 1e 83 fa 22 96 78 e3 5c 45 5a 3d fe 2b d5 b7 |....".x.\EZ=.+..| +00000060 3d 64 44 8c a8 |=dD..| +>>> Flow 4 (server to client) +00000000 16 03 01 00 8b 04 00 00 87 00 00 00 00 00 81 50 |...............P| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6d ec a4 83 51 ed 14 ef 68 ca 42 c5 4c 5f bb 3b |m...Q...h.B.L_.;| +00000040 9c c8 3c 7e 1c cf dc da e4 35 83 03 13 95 82 5f |..<~.....5....._| +00000050 32 77 8a cf dc e9 10 65 9b 97 d4 5d ff 43 57 14 |2w.....e...].CW.| +00000060 a3 25 e0 fa c8 26 0c ff 71 67 9b 32 2f 49 38 16 |.%...&..qg.2/I8.| +00000070 aa ea b9 fa 99 86 4c b9 db 7a ef bc 87 43 e8 db |......L..z...C..| +00000080 26 27 73 76 80 77 59 c4 fb 7d 56 e9 7e 23 03 75 |&'sv.wY..}V.~#.u| +00000090 14 03 01 00 01 01 16 03 01 00 30 80 8f 8e 11 b5 |..........0.....| +000000a0 f4 a0 8c 4a ae 3f 25 17 66 93 1c c5 a5 10 57 e3 |...J.?%.f.....W.| +000000b0 24 7a c1 a9 72 74 4f fd 20 5e 5b 58 4d bd 5d f0 |$z..rtO. ^[XM.].| +000000c0 05 8e 06 61 0a 98 19 a0 a8 73 02 17 03 01 00 20 |...a.....s..... | +000000d0 d9 dd 86 e6 55 55 df 2c 0d 1e 5f 0e 9e 1e 76 51 |....UU.,.._...vQ| +000000e0 98 e0 2b 09 f9 44 4d 4d 22 97 0d 1e 95 7b b9 41 |..+..DMM"....{.A| +000000f0 17 03 01 00 30 74 82 1c 35 9b 87 cd 5e 29 95 e1 |....0t..5...^)..| +00000100 18 e3 76 32 94 b5 1b d0 06 d2 ec 49 40 24 73 d3 |..v2.......I@$s.| +00000110 fc 5d 1a 26 59 5b 33 d8 5a 30 d5 92 30 bc 80 e0 |.].&Y[3.Z0..0...| +00000120 ed 85 e8 14 01 15 03 01 00 20 ec 69 2f 9d 29 4f |......... .i/.)O| +00000130 1f 8e e6 34 f0 87 66 40 e8 13 14 02 74 c4 1d aa |...4..f@....t...| +00000140 65 72 43 50 6e 71 9c 2e b6 3a |erCPnq...:| diff --git a/tls/testdata/Server-TLSv10-RSA-3DES b/tls/testdata/Server-TLSv10-RSA-3DES index c0e6241c..502fd284 100644 --- a/tls/testdata/Server-TLSv10-RSA-3DES +++ b/tls/testdata/Server-TLSv10-RSA-3DES @@ -1,79 +1,76 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 36 01 00 00 32 03 01 52 cc 57 59 13 |....6...2..R.WY.| -00000010 8b e6 5b a3 1d cb 94 ef 48 e4 59 7e 20 6d 07 67 |..[.....H.Y~ m.g| -00000020 1e 28 6d 31 a2 e7 96 b3 7d 32 cc 00 00 04 00 0a |.(m1....}2......| -00000030 00 ff 01 00 00 05 00 0f 00 01 01 |...........| +00000000 16 03 01 00 63 01 00 00 5f 03 01 25 03 63 bf 34 |....c..._..%.c.4| +00000010 89 c8 9e f6 e0 46 f8 30 5c e8 62 0a f7 db 68 c9 |.....F.0\.b...h.| +00000020 50 54 0e c2 15 f1 cb 07 66 06 3d 00 00 04 00 0a |PT......f.=.....| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) -00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 0a 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 01 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 00 86 10 00 00 82 00 80 2e af d2 61 f6 |..............a.| -00000010 e2 b8 24 da 28 17 55 99 fd 11 bd 7a ab 98 dd f2 |..$.(.U....z....| -00000020 f6 5f e0 11 6b 12 61 6f 86 48 b2 6e db f0 dd d5 |._..k.ao.H.n....| -00000030 07 88 e5 95 f4 2d 6b 0c d0 09 1a 5e 5f 50 1f dc |.....-k....^_P..| -00000040 f2 e7 02 7d 5e a0 70 29 80 ef 87 aa cc 95 3f 2e |...}^.p)......?.| -00000050 24 d1 40 b6 62 53 1d 25 31 87 1e 2f 77 d3 e1 1c |$.@.bS.%1../w...| -00000060 c4 99 89 bc 99 09 e9 ad 1f ce 09 e6 36 1c 3e 97 |............6.>.| -00000070 be 62 69 a0 4e 14 20 9c 82 2a 3e fc 7e 9b c4 7a |.bi.N. ..*>.~..z| -00000080 5a f7 ad 1a 03 17 2a f8 7a 5f 44 14 03 01 00 01 |Z.....*.z_D.....| -00000090 01 16 03 01 00 28 49 6b da 73 07 ad 85 9a 0e fb |.....(Ik.s......| -000000a0 dd e0 69 ef c9 22 2d 86 91 51 26 63 d0 24 7d 16 |..i.."-..Q&c.$}.| -000000b0 3c db 9b 00 c9 7e 64 e2 69 02 85 7d f7 47 |<....~d.i..}.G| +00000000 16 03 01 00 86 10 00 00 82 00 80 0f e9 83 ca 77 |...............w| +00000010 c8 26 16 24 00 b7 09 d2 73 aa c1 d9 77 f3 fc 38 |.&.$....s...w..8| +00000020 1c 2e c0 26 b4 a6 40 e1 1b 93 39 8f a2 1f f2 f9 |...&..@...9.....| +00000030 18 2a 7b 0e cd 9b 9b 9c 49 86 43 3d 48 fd 40 d7 |.*{.....I.C=H.@.| +00000040 af f9 2b 5e c6 cc c6 2d 8d 36 fe b1 75 c1 b5 a0 |..+^...-.6..u...| +00000050 57 97 0f 01 ee b4 6a af 0c fe f0 68 78 04 6a 3e |W.....j....hx.j>| +00000060 83 d0 72 34 80 d8 7d cd 8b 83 06 5b 36 50 10 8e |..r4..}....[6P..| +00000070 b4 27 3d 6a ae b7 7f 8b 2a b1 0b 51 49 05 b5 01 |.'=j....*..QI...| +00000080 3c 27 9a 59 e3 41 18 38 d6 8f 7a 14 03 01 00 01 |<'.Y.A.8..z.....| +00000090 01 16 03 01 00 28 c0 46 65 9f 7f d8 c3 c4 a7 33 |.....(.Fe......3| +000000a0 50 f9 07 41 95 12 a6 f3 ca 53 b9 96 f8 a8 a6 5f |P..A.....S....._| +000000b0 1e c8 20 e5 8b 87 4e 12 73 13 e0 e4 c6 89 |.. ...N.s.....| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 28 dc 60 83 43 6c |..........(.`.Cl| -00000010 37 79 ab 6e 92 1f 66 d0 b1 12 ce c1 64 9d 2b 68 |7y.n..f.....d.+h| -00000020 c7 1a e5 1f 8c 80 08 d2 86 3e a1 2c e3 7e f4 64 |.........>.,.~.d| -00000030 e7 96 b2 17 03 01 00 18 8d b5 7c 03 78 cf dc 09 |..........|.x...| -00000040 95 06 4b a6 82 f9 30 d2 6b 26 cb 0a 9a 9d 47 9f |..K...0.k&....G.| -00000050 17 03 01 00 28 30 a9 55 dd b9 4d 6a 76 00 39 96 |....(0.U..Mjv.9.| -00000060 a3 94 6a df e5 af 1e a2 eb bb e4 ac 95 2c f7 93 |..j..........,..| -00000070 ef d1 b5 13 d8 e2 06 1a ad 5c 00 dd 0c 15 03 01 |.........\......| -00000080 00 18 a5 62 e4 8b 51 1d 28 46 bc 8a c8 50 a3 32 |...b..Q.(F...P.2| -00000090 6b 7b f1 b6 19 43 63 1f 7d 38 |k{...Cc.}8| +00000000 14 03 01 00 01 01 16 03 01 00 28 e2 47 2b 57 fe |..........(.G+W.| +00000010 74 71 95 6a ee 68 2b f3 48 40 13 52 35 46 58 d4 |tq.j.h+.H@.R5FX.| +00000020 ee aa 4c a8 53 0f 3a 19 ed 18 37 2d e4 b9 1e e6 |..L.S.:...7-....| +00000030 28 42 a1 17 03 01 00 18 d8 7c 20 f2 03 6d a9 ed |(B.......| ..m..| +00000040 c9 73 50 d7 56 4f 0b d8 4b 44 f6 80 e4 c1 a9 f5 |.sP.VO..KD......| +00000050 17 03 01 00 28 f5 b2 11 6b a6 4b 22 30 42 3c cc |....(...k.K"0B<.| +00000060 07 0d ed 10 d0 c7 7b ec b3 60 0b 2b 3c fb ec 3a |......{..`.+<..:| +00000070 c0 be 44 e7 76 b6 9e db 17 36 92 df 88 15 03 01 |..D.v....6......| +00000080 00 18 7a d9 2f 46 2e 0f ec c5 ee 7b ef bd fb e5 |..z./F.....{....| +00000090 26 40 0a a2 4e eb 56 0e ca 03 |&@..N.V...| diff --git a/tls/testdata/Server-TLSv10-RSA-AES b/tls/testdata/Server-TLSv10-RSA-AES index 1670997b..74253765 100644 --- a/tls/testdata/Server-TLSv10-RSA-AES +++ b/tls/testdata/Server-TLSv10-RSA-AES @@ -1,82 +1,79 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 36 01 00 00 32 03 01 52 cc 57 59 5d |....6...2..R.WY]| -00000010 0d 77 24 3e b3 32 3d ba 0f b0 aa 1d e3 13 06 f6 |.w$>.2=.........| -00000020 0f be 3c 92 ba 93 bd a6 6d 69 53 00 00 04 00 2f |..<.....miS..../| -00000030 00 ff 01 00 00 05 00 0f 00 01 01 |...........| +00000000 16 03 01 00 63 01 00 00 5f 03 01 78 91 f6 ad 9e |....c..._..x....| +00000010 79 23 92 10 d9 c5 43 52 8f f6 f4 3f f4 eb ac 6b |y#....CR...?...k| +00000020 f3 ce a9 76 a2 bf c3 5b 9d bc 52 00 00 04 00 2f |...v...[..R..../| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) -00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| -00000030 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 01 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 00 86 10 00 00 82 00 80 20 e6 80 f7 48 |........... ...H| -00000010 7e 7d 08 08 54 e1 b4 e3 98 27 5f 90 9d 3b e3 c2 |~}..T....'_..;..| -00000020 c8 8b dc 9e ff 75 fa fc 60 e1 9e 67 7c c4 08 27 |.....u..`..g|..'| -00000030 cc 6f 15 6c bc 7c 96 de 83 8f 98 6d 4a c7 b7 20 |.o.l.|.....mJ.. | -00000040 8c 19 47 5a ff 76 92 0a df df 66 d2 b6 9d 2d 06 |..GZ.v....f...-.| -00000050 fb ac 07 cf 38 08 f1 fd 0d fe 07 d7 69 3e 8a 79 |....8.......i>.y| -00000060 dc 2d ab bb f7 18 3c 51 14 6e c6 70 95 a2 59 b1 |.-........0| -000000c0 ed c6 bc c2 38 b6 |....8.| +00000000 16 03 01 00 86 10 00 00 82 00 80 73 aa be d1 21 |...........s...!| +00000010 67 e9 9c 20 40 cf 0a 47 31 61 e9 2b ba 06 4f aa |g.. @..G1a.+..O.| +00000020 ce 15 6a b7 df 0d 0e b0 fe b5 f2 c0 26 81 39 6e |..j.........&.9n| +00000030 5b 96 3c 2f 42 4f 08 92 48 a3 95 c8 ad 0d 0e 8f |[....2.>....| +00000080 36 99 9f b7 53 ef 34 e8 d6 13 3b 14 03 01 00 01 |6...S.4...;.....| +00000090 01 16 03 01 00 30 c6 d2 a6 85 cf 2a e4 9e 9e e1 |.....0.....*....| +000000a0 d0 82 d0 2a f8 e5 bd f6 9a 67 0b c6 47 07 9c 14 |...*.....g..G...| +000000b0 7e 73 9e 4c 8b d2 55 4f b2 32 9a 16 16 a5 e8 25 |~s.L..UO.2.....%| +000000c0 62 e2 e9 88 b6 44 |b....D| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 5d 0c a2 18 13 |..........0]....| -00000010 40 a1 84 ce c5 d8 4e fc a4 8a 14 b5 94 18 b1 86 |@.....N.........| -00000020 da 6a 7d 26 08 d6 a0 f8 78 5b 42 7e f8 83 54 56 |.j}&....x[B~..TV| -00000030 36 a4 91 37 67 5a d7 68 37 c4 4f 17 03 01 00 20 |6..7gZ.h7.O.... | -00000040 fd aa 5e cf 4b 12 c5 be a4 a2 65 5d 6e 65 46 5f |..^.K.....e]neF_| -00000050 d2 fe 46 e7 77 2d 9c 1e 0b 39 40 48 c2 2f be 21 |..F.w-...9@H./.!| -00000060 17 03 01 00 30 03 af 9e 6b d6 76 ed 9e 1d 8b 8b |....0...k.v.....| -00000070 2e 2a 5d da c4 73 95 ac 0e 6f 69 cb 63 df 50 27 |.*]..s...oi.c.P'| -00000080 30 de 2e 55 86 85 ad 3e 33 22 49 72 f2 e2 9f 8f |0..U...>3"Ir....| -00000090 ba cf 4e 30 34 15 03 01 00 20 4c 4c 97 61 70 ea |..N04.... LL.ap.| -000000a0 ae fc a2 e9 c6 c2 b6 2e 4d 85 f6 ae 2b 56 46 82 |........M...+VF.| -000000b0 9d d8 a5 82 17 fa 3e 62 67 7e |......>bg~| +00000000 14 03 01 00 01 01 16 03 01 00 30 21 7a ee 62 6a |..........0!z.bj| +00000010 20 39 2a 39 d1 d3 f7 bd 53 05 4f 1a 36 71 3b b6 | 9*9....S.O.6q;.| +00000020 c5 5a b7 3b c3 0b 3f b9 2f ac 62 1c c2 2f fa 29 |.Z.;..?./.b../.)| +00000030 dd f3 bc ff 35 28 7f 86 b8 0f 33 17 03 01 00 20 |....5(....3.... | +00000040 3a 6c 47 23 37 5a 15 bd 03 c6 64 c5 59 2f 91 e8 |:lG#7Z....d.Y/..| +00000050 a6 1b d5 04 c2 a7 80 0e 94 6c 3c e4 70 2c ea 81 |.........l<.p,..| +00000060 17 03 01 00 30 60 14 bc 6b 84 16 9f 53 b6 ee c9 |....0`..k...S...| +00000070 43 cf f3 46 97 45 e1 2f 86 96 26 cc ef ea 09 72 |C..F.E./..&....r| +00000080 36 92 4e 9e 2a 8e a2 d7 9a cd 5f 38 a8 07 c4 54 |6.N.*....._8...T| +00000090 a1 4d 6e 7a 36 15 03 01 00 20 1e c2 df a3 3e 8e |.Mnz6.... ....>.| +000000a0 15 c4 c0 90 8f 7c 5a e0 68 d7 ea 86 76 8d d1 27 |.....|Z.h...v..'| +000000b0 c1 d9 32 55 f9 ce f5 92 e6 51 |..2U.....Q| diff --git a/tls/testdata/Server-TLSv10-RSA-RC4 b/tls/testdata/Server-TLSv10-RSA-RC4 index d653561f..8b1de03b 100644 --- a/tls/testdata/Server-TLSv10-RSA-RC4 +++ b/tls/testdata/Server-TLSv10-RSA-RC4 @@ -1,76 +1,73 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 36 01 00 00 32 03 01 52 cc 57 59 cf |....6...2..R.WY.| -00000010 00 a1 49 a4 37 69 74 d8 a7 93 ea 8d e7 50 b7 b3 |..I.7it......P..| -00000020 8c ec e5 56 fb dc 5f 1a 2e ab 18 00 00 04 00 05 |...V.._.........| -00000030 00 ff 01 00 00 05 00 0f 00 01 01 |...........| +00000000 16 03 01 00 63 01 00 00 5f 03 01 55 31 1a ed 02 |....c..._..U1...| +00000010 35 fe 3c ea 62 08 52 96 93 bc 2a 1b 82 fe b9 8f |5.<.b.R...*.....| +00000020 7a 47 0e 6a 9b e8 86 ca 89 a0 e6 00 00 04 00 05 |zG.j............| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) -00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 01 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 05 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 01 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 00 86 10 00 00 82 00 80 b1 96 7b 6f f5 |.............{o.| -00000010 a0 cb 0d 60 9b 64 d3 f5 17 76 47 7b bc a5 0e 96 |...`.d...vG{....| -00000020 53 af 68 0c 96 22 f7 28 0c 24 37 9c 51 69 ed b2 |S.h..".(.$7.Qi..| -00000030 47 14 ba 33 c5 79 6b 96 f2 ab 3c 02 5c 37 a4 97 |G..3.yk...<.\7..| -00000040 23 fc 7f d3 95 2d 85 99 1a 10 1b 38 e5 f1 83 55 |#....-.....8...U| -00000050 4a ab 60 f8 89 0a 6a c4 eb 45 f5 b0 f4 f8 09 31 |J.`...j..E.....1| -00000060 6e f0 25 30 fd 5e 68 61 bc cb 0d 9e 05 73 0a f4 |n.%0.^ha.....s..| -00000070 a5 2e d9 d5 4e 08 f6 3b 8d 2d 21 f5 79 b6 97 55 |....N..;.-!.y..U| -00000080 b9 99 03 49 ea 96 36 49 21 56 bf 14 03 01 00 01 |...I..6I!V......| -00000090 01 16 03 01 00 24 f0 4f 30 06 c3 25 01 93 34 ab |.....$.O0..%..4.| -000000a0 93 8f 59 26 83 6e 8a fd 5a a6 cf af ad b1 a2 83 |..Y&.n..Z.......| -000000b0 28 ff c2 66 5f ac e5 a5 a5 03 |(..f_.....| +00000000 16 03 01 00 86 10 00 00 82 00 80 75 7d be e3 5b |...........u}..[| +00000010 66 4b 58 09 f7 86 6a ca 93 8e ba 3c 18 11 47 5e |fKX...j....<..G^| +00000020 7e c2 b1 0c 5e a4 c1 07 ef 25 00 d7 bf c7 b0 03 |~...^....%......| +00000030 0d f6 ff a9 c2 73 a2 c0 dc 8d db f9 5a a9 18 7d |.....s......Z..}| +00000040 1f 8e 0b 9c 24 6c c8 49 99 e1 42 e0 86 d5 e1 e1 |....$l.I..B.....| +00000050 d1 ae fd d2 c4 ef 07 8c 28 95 b7 54 25 57 40 1c |........(..T%W@.| +00000060 c6 af 85 46 a0 31 d4 39 b8 47 43 88 a0 a6 5d d7 |...F.1.9.GC...].| +00000070 95 fb 88 64 ce 36 2b c5 56 85 56 40 f8 d4 d3 90 |...d.6+.V.V@....| +00000080 d1 25 53 06 d8 ab a0 f2 21 8f 88 14 03 01 00 01 |.%S.....!.......| +00000090 01 16 03 01 00 24 26 50 7a 2c ab 3f db 41 06 cf |.....$&Pz,.?.A..| +000000a0 8b 7b f8 46 ad a4 77 b6 06 f0 44 23 04 34 88 9d |.{.F..w...D#.4..| +000000b0 48 d7 5e cc 9e e6 46 a3 04 69 |H.^...F..i| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 24 9d b4 ea d8 be |..........$.....| -00000010 b5 9f 00 fd b5 99 04 12 6b 7a 3f b8 52 d7 52 a9 |........kz?.R.R.| -00000020 e9 bd 5b 63 ad b0 53 ac 46 80 be 48 6e dd ee 17 |..[c..S.F..Hn...| -00000030 03 01 00 21 07 ac c4 fb 21 e4 b8 6b 64 3b b5 27 |...!....!..kd;.'| -00000040 29 67 a1 10 2e d2 71 d5 59 5e fc 1d 84 31 15 6e |)g....q.Y^...1.n| -00000050 4d 4b dc a9 3a 15 03 01 00 16 25 22 a5 78 23 5a |MK..:.....%".x#Z| -00000060 69 6f 99 a1 b3 1c 8d bf f3 bd 1b c8 1c 57 15 75 |io...........W.u| +00000000 14 03 01 00 01 01 16 03 01 00 24 57 fc eb dd 40 |..........$W...@| +00000010 83 1d 9a 9a 80 a3 62 a0 08 23 c3 97 fd d5 fb d7 |......b..#......| +00000020 98 f8 14 ae 61 c7 21 fb 8a 18 1e c8 15 05 e7 17 |....a.!.........| +00000030 03 01 00 21 7c 2b 2d 72 2f 63 56 3a 09 51 4e ab |...!|+-r/cV:.QN.| +00000040 31 25 c8 7e 34 5b a4 ab 30 87 50 07 ed 32 3f 79 |1%.~4[..0.P..2?y| +00000050 f1 db c0 17 f3 15 03 01 00 16 fc ce c9 0c b6 0c |................| +00000060 c5 2d d9 3f 2a 9e 9a 83 40 e1 a3 b9 5f 89 aa 75 |.-.?*...@..._..u| diff --git a/tls/testdata/Server-TLSv11-FallbackSCSV b/tls/testdata/Server-TLSv11-FallbackSCSV new file mode 100644 index 00000000..7bd03410 --- /dev/null +++ b/tls/testdata/Server-TLSv11-FallbackSCSV @@ -0,0 +1,11 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 77 01 00 00 73 03 02 0a 6b c9 55 9d |....w...s...k.U.| +00000010 bf 4e 61 b2 0a c7 c6 96 9f eb 90 91 87 ca d3 d3 |.Na.............| +00000020 62 dc b6 b4 db ea 41 fe 43 3e a3 00 00 14 c0 0a |b.....A.C>......| +00000030 c0 14 00 39 c0 09 c0 13 00 33 00 35 00 2f 00 ff |...9.....3.5./..| +00000040 56 00 01 00 00 36 00 00 00 0e 00 0c 00 00 09 31 |V....6.........1| +00000050 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000060 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000070 00 23 00 00 00 16 00 00 00 17 00 00 |.#..........| +>>> Flow 2 (server to client) +00000000 15 03 02 00 02 02 56 |......V| diff --git a/tls/testdata/Server-TLSv11-RSA-RC4 b/tls/testdata/Server-TLSv11-RSA-RC4 index 9237db07..dc70edf9 100644 --- a/tls/testdata/Server-TLSv11-RSA-RC4 +++ b/tls/testdata/Server-TLSv11-RSA-RC4 @@ -1,76 +1,73 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 36 01 00 00 32 03 02 52 cc 57 59 bd |....6...2..R.WY.| -00000010 cd 9d 1e 17 38 43 a5 e3 e7 30 e4 2b 2a ef f7 5b |....8C...0.+*..[| -00000020 81 91 0c 0b 52 f8 2d 2c 61 d3 13 00 00 04 00 05 |....R.-,a.......| -00000030 00 ff 01 00 00 05 00 0f 00 01 01 |...........| +00000000 16 03 01 00 63 01 00 00 5f 03 02 2b b6 22 28 e3 |....c..._..+."(.| +00000010 1f 42 f4 2e d0 43 4b 9a ea 2b 36 44 ca 93 6c 71 |.B...CK..+6D..lq| +00000020 b9 4d 52 44 64 57 b2 05 9b 41 da 00 00 04 00 05 |.MRDdW...A......| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) -00000000 16 03 02 00 31 02 00 00 2d 03 02 00 00 00 00 00 |....1...-.......| +00000000 16 03 02 00 37 02 00 00 33 03 02 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 02 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 02 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 05 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 02 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 02 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 02 00 86 10 00 00 82 00 80 71 2b 19 25 86 |...........q+.%.| -00000010 a0 ff ba d5 1c a6 0c 8b 6b 0a b8 e9 42 93 2f 55 |........k...B./U| -00000020 a8 ee 62 fa ed bc 6d e2 9d e3 76 a6 73 d7 99 58 |..b...m...v.s..X| -00000030 cc 0b 14 42 96 7c b6 c7 8f 21 16 cf 71 9b 2b b9 |...B.|...!..q.+.| -00000040 e0 34 57 76 22 d5 87 8a ce 1f ea 26 6e 1e e6 ca |.4Wv"......&n...| -00000050 55 3b 20 cd cf 42 26 b1 51 3e 8c 1d a2 ae c4 63 |U; ..B&.Q>.....c| -00000060 f5 ce 27 3c 1e c3 e0 e3 b1 16 c1 8a 62 bd 21 7f |..'<........b.!.| -00000070 38 b5 b7 3a 3c bb 03 37 e1 a5 ff f1 29 e2 21 0a |8..:<..7....).!.| -00000080 8c 20 02 e0 c0 82 97 9d 18 6d f8 14 03 02 00 01 |. .......m......| -00000090 01 16 03 02 00 24 bc 19 16 6e fd 0b db 9e d5 1d |.....$...n......| -000000a0 65 b6 57 1c 58 b5 6a ac f7 4f f0 cd a1 a9 0c c0 |e.W.X.j..O......| -000000b0 df e6 eb d5 00 f7 fd 43 bb 27 |.......C.'| +00000000 16 03 02 00 86 10 00 00 82 00 80 3d 47 85 0a ef |...........=G...| +00000010 47 7c c5 93 bb 6f 7c 57 dc 2b 3f f4 e7 da 4e fc |G|...o|W.+?...N.| +00000020 04 52 36 71 c5 63 1f 6f e6 43 91 06 bc 5c 14 b0 |.R6q.c.o.C...\..| +00000030 ee 83 ed 3d 7a d2 4e 2c d2 2c bb f0 0c b5 82 d5 |...=z.N,.,......| +00000040 9d c2 5a 03 12 b6 70 20 3c 89 84 af 1b 2c 2f b7 |..Z...p <....,/.| +00000050 9b fe dd 71 06 ac 46 30 a7 b5 9f 0b aa 6e 58 50 |...q..F0.....nXP| +00000060 9d da 6b ba 00 51 e9 2a e9 d2 e9 0f 83 62 73 19 |..k..Q.*.....bs.| +00000070 91 a4 46 bd 53 42 f7 15 ab ab 6b 8f f3 6f d1 07 |..F.SB....k..o..| +00000080 44 41 97 4c 7d 89 4b 33 55 30 30 14 03 02 00 01 |DA.L}.K3U00.....| +00000090 01 16 03 02 00 24 54 fe a0 7c 16 47 de 0b 8f 7d |.....$T..|.G...}| +000000a0 51 68 05 da 1e 6d 96 c9 e1 94 68 fa 79 46 02 db |Qh...m....h.yF..| +000000b0 03 4e 2e 70 9f 7e 14 85 fd 1d |.N.p.~....| >>> Flow 4 (server to client) -00000000 14 03 02 00 01 01 16 03 02 00 24 cf 4f e4 27 b0 |..........$.O.'.| -00000010 3d 17 34 b1 3c 37 6e c5 2b 3d 4a c3 46 50 44 b4 |=.4.<7n.+=J.FPD.| -00000020 de 77 18 10 4f 60 b3 4e dc 06 fd 25 ec 05 15 17 |.w..O`.N...%....| -00000030 03 02 00 21 a5 c9 32 f2 21 fb 94 7e 0d 15 65 fd |...!..2.!..~..e.| -00000040 3e fe e4 c1 a5 e9 88 72 b2 f1 26 39 a6 48 59 97 |>......r..&9.HY.| -00000050 65 e3 f0 cb 46 15 03 02 00 16 4b 02 ec cd ca 30 |e...F.....K....0| -00000060 42 cf 3d a0 4a fa 8e 79 bb ed b0 59 40 9b 2c 1a |B.=.J..y...Y@.,.| +00000000 14 03 02 00 01 01 16 03 02 00 24 4b c5 cf 20 3f |..........$K.. ?| +00000010 0a 13 1f 55 25 26 9b 33 fd 14 61 0f 44 32 26 b3 |...U%&.3..a.D2&.| +00000020 ab 01 ee c2 1f d3 38 08 f0 af 76 6a 0d e1 b7 17 |......8...vj....| +00000030 03 02 00 21 97 16 df 99 06 81 f2 00 d3 fd b4 03 |...!............| +00000040 be 16 b6 aa 74 d4 c7 25 67 94 14 34 25 ec 0d 12 |....t..%g..4%...| +00000050 c7 43 2d a2 1d 15 03 02 00 16 94 58 af 6b 55 5f |.C-........X.kU_| +00000060 25 0c 80 28 99 2d 75 1a ce 24 cd 75 0d 7f b9 71 |%..(.-u..$.u...q| diff --git a/tls/testdata/Server-TLSv12-ALPN b/tls/testdata/Server-TLSv12-ALPN new file mode 100644 index 00000000..d7386621 --- /dev/null +++ b/tls/testdata/Server-TLSv12-ALPN @@ -0,0 +1,92 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 9d 01 00 00 99 03 03 53 49 69 68 95 |...........SIih.| +00000010 b9 7b 2a 84 d2 03 93 d4 33 e7 b7 7e bc b5 97 b0 |.{*.....3..~....| +00000020 4f 4f 6c d0 96 43 aa c8 6f da 90 00 00 04 cc a8 |OOl..C..o.......| +00000030 00 ff 01 00 00 6c 00 0b 00 04 03 00 01 02 00 0a |.....l..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000050 00 00 00 10 00 10 00 0e 06 70 72 6f 74 6f 32 06 |.........proto2.| +00000060 70 72 6f 74 6f 31 00 16 00 00 00 17 00 00 00 0d |proto1..........| +00000070 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000080 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000090 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +000000a0 06 02 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 48 02 00 00 44 03 03 00 00 00 00 00 |....H...D.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a8 00 00 |...DOWNGRD......| +00000030 1c 00 23 00 00 ff 01 00 01 00 00 10 00 09 00 07 |..#.............| +00000040 06 70 72 6f 74 6f 31 00 0b 00 02 01 00 16 03 03 |.proto1.........| +00000050 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b |.Y...U..R..O0..K| +00000060 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f |0..............?| +00000070 e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |.[..0...*.H.....| +00000080 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 |...0.1.0...U....| +00000090 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 |Go1.0...U....Go | +000000a0 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 |Root0...16010100| +000000b0 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 |0000Z..250101000| +000000c0 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 |000Z0.1.0...U...| +000000d0 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f |.Go1.0...U....Go| +000000e0 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 |0..0...*.H......| +000000f0 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d |......0.......F}| +00000100 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d |...'.H..(!.~...]| +00000110 fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 |..RE.z6G....B[..| +00000120 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 |...y.@.Om..+....| +00000130 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 |.g....."8.J.ts+.| +00000140 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 |4......t{.X.la<.| +00000150 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce |.A..++$#w[.;.u].| +00000160 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa | T..c...$....P..| +00000170 b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 |..C...ub...R....| +00000180 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 |.....0..0...U...| +00000190 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 |........0...U.%.| +000001a0 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b |.0...+.........+| +000001b0 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 |.......0...U....| +000001c0 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 |...0.0...U......| +000001d0 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 |....CC>I..m....`| +000001e0 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 |0...U.#..0...H.I| +000001f0 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 |M.~.1......n{0..| +00000200 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c |.U....0...exampl| +00000210 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 |e.golang0...*.H.| +00000220 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b |............0.@+| +00000230 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a |[P.a...SX...(.X.| +00000240 a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 |.8....1Z..f=C.-.| +00000250 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d |..... d8.$:....}| +00000260 b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc |.@ ._...a..v....| +00000270 e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 |..\.....l..s..Cw| +00000280 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae |.......@.a.Lr+..| +00000290 db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe |.F..M...>...B...| +000002a0 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac |=.`.\!.;........| +000002b0 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 |....... /.}.G.bC| +000002c0 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 |.(.._.).0.......| +000002d0 ed 90 99 5f 58 cb 3b 74 08 04 00 80 3b cd 7a 99 |..._X.;t....;.z.| +000002e0 3f bf 03 5a 26 21 90 db b4 8d 3b 69 14 82 1c ae |?..Z&!....;i....| +000002f0 7d 72 8f 4e eb ff c4 f0 13 fa 6f 69 48 e7 6d 3d |}r.N......oiH.m=| +00000300 fc b3 1c 54 60 54 cf 83 48 1d a3 50 55 28 3f 2c |...T`T..H..PU(?,| +00000310 db d3 dc c7 d9 58 74 de eb 5e 21 26 2f 32 c6 b2 |.....Xt..^!&/2..| +00000320 be 1b 08 fa d6 9f 3b b0 2b e8 c2 36 2f 9d c1 35 |......;.+..6/..5| +00000330 c1 54 4b 37 5f ff 99 4f c1 e4 ad 69 a0 c8 52 d3 |.TK7_..O...i..R.| +00000340 01 23 0d 57 17 08 7c 07 9a 3a 6d c8 87 5d 7e 09 |.#.W..|..:m..]~.| +00000350 7b 03 f9 5e de 83 4d 13 89 08 72 96 16 03 03 00 |{..^..M...r.....| +00000360 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 fb eb 44 09 0e 62 |....%...! ..D..b| +00000010 b0 ce d8 1f c5 f9 46 31 1e 1d e8 fb 02 5f 34 3b |......F1....._4;| +00000020 c1 6f 9a 38 6a 46 d2 cd a0 53 14 03 03 00 01 01 |.o.8jF...S......| +00000030 16 03 03 00 20 88 73 90 39 bc 9b 02 e4 c0 35 f0 |.... .s.9.....5.| +00000040 ef 40 b0 08 ca b9 bd 25 6b cd 03 7d ec 58 73 65 |.@.....%k..}.Xse| +00000050 d5 89 f2 f1 70 |....p| +>>> Flow 4 (server to client) +00000000 16 03 03 00 8b 04 00 00 87 00 00 00 00 00 81 50 |...............P| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f e0 18 83 51 ed 14 ef 68 ca 42 c5 4c cd 0b 21 |o...Q...h.B.L..!| +00000040 a5 29 ef 62 07 a5 11 b9 1f 4e 54 c3 66 4c 1e d3 |.).b.....NT.fL..| +00000050 1a 00 52 34 67 2b af 73 02 5f c9 6c 7c 6e ba f2 |..R4g+.s._.l|n..| +00000060 e6 38 bd 23 97 3f 80 6a 3b 8e bb 98 29 49 38 16 |.8.#.?.j;...)I8.| +00000070 77 74 2a a1 c7 36 80 de c9 91 cd b2 7d bc 6c 64 |wt*..6......}.ld| +00000080 6c 06 57 22 d1 f2 51 5f 84 ad 30 85 3a c0 4f e7 |l.W"..Q_..0.:.O.| +00000090 14 03 03 00 01 01 16 03 03 00 20 32 71 5a d3 94 |.......... 2qZ..| +000000a0 d5 17 e4 8c 3a 78 d1 48 4e 1b f5 83 36 f1 5a 38 |....:x.HN...6.Z8| +000000b0 e4 b5 6d ab 46 89 e0 24 74 87 80 17 03 03 00 1d |..m.F..$t.......| +000000c0 69 4c a6 24 67 79 18 59 92 4f 9a d0 2d 1d 57 e0 |iL.$gy.Y.O..-.W.| +000000d0 ec 0c 00 25 6f 2f 3a be 8a aa 80 94 ac 15 03 03 |...%o/:.........| +000000e0 00 12 ef 86 3e 93 42 bb 72 f1 1b 90 df 9a d3 ed |....>.B.r.......| +000000f0 d8 74 35 23 |.t5#| diff --git a/tls/testdata/Server-TLSv12-ALPN-NoMatch b/tls/testdata/Server-TLSv12-ALPN-NoMatch new file mode 100644 index 00000000..fdfb1754 --- /dev/null +++ b/tls/testdata/Server-TLSv12-ALPN-NoMatch @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 9d 01 00 00 99 03 03 7f fc 15 86 d1 |................| +00000010 83 09 78 47 8d cd 7b 88 b3 86 52 27 bc da bc 8d |..xG..{...R'....| +00000020 0e 5d 35 44 21 17 7b d9 67 b9 fb 00 00 04 cc a8 |.]5D!.{.g.......| +00000030 00 ff 01 00 00 6c 00 0b 00 04 03 00 01 02 00 0a |.....l..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000050 00 00 00 10 00 10 00 0e 06 70 72 6f 74 6f 32 06 |.........proto2.| +00000060 70 72 6f 74 6f 31 00 16 00 00 00 17 00 00 00 0d |proto1..........| +00000070 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000080 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000090 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +000000a0 06 02 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 3b 02 00 00 37 03 03 00 00 00 00 00 |....;...7.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a8 00 00 |...DOWNGRD......| +00000030 0f 00 23 00 00 ff 01 00 01 00 00 0b 00 02 01 00 |..#.............| +00000040 16 03 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 |....Y...U..R..O0| +00000050 82 02 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 |..K0............| +00000060 f0 9d 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 |..?.[..0...*.H..| +00000070 0d 01 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 |......0.1.0...U.| +00000080 0a 13 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 |...Go1.0...U....| +00000090 47 6f 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 |Go Root0...16010| +000000a0 31 30 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 |1000000Z..250101| +000000b0 30 30 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 |000000Z0.1.0...U| +000000c0 04 0a 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 |....Go1.0...U...| +000000d0 02 47 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d |.Go0..0...*.H...| +000000e0 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 |.........0......| +000000f0 db 46 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 |.F}...'.H..(!.~.| +00000100 b6 a2 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 |..]..RE.z6G....B| +00000110 5b c2 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 |[.....y.@.Om..+.| +00000120 8b c2 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 |....g....."8.J.t| +00000130 73 2b c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c |s+.4......t{.X.l| +00000140 61 3c c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd |a<..A..++$#w[.;.| +00000150 75 5d ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a |u]. T..c...$....| +00000160 50 8b aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 |P....C...ub...R.| +00000170 02 03 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 |........0..0...U| +00000180 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 |...........0...U| +00000190 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +000001a0 06 08 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d |..+.......0...U.| +000001b0 13 01 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 |......0.0...U...| +000001c0 12 04 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 |.......CC>I..m..| +000001d0 d7 9f 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 |..`0...U.#..0...| +000001e0 48 13 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b |H.IM.~.1......n{| +000001f0 30 19 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 |0...U....0...exa| +00000200 6d 70 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a |mple.golang0...*| +00000210 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 |.H.............0| +00000220 cc 40 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 |.@+[P.a...SX...(| +00000230 a9 58 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 |.X..8....1Z..f=C| +00000240 d3 2d d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc |.-...... d8.$:..| +00000250 cf 9c 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd |..}.@ ._...a..v.| +00000260 13 c3 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb |.....\.....l..s.| +00000270 b3 43 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 |.Cw.......@.a.Lr| +00000280 2b 9d ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 |+...F..M...>...B| +00000290 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 |...=.`.\!.;.....| +000002a0 03 00 ac 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 |.......... /.}.G| +000002b0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 08 04 00 80 b8 |......_X.;t.....| +000002d0 a8 88 ac 85 ea 59 ac f1 41 e8 2d a2 76 3c 3b 4f |.....Y..A.-.v<;O| +000002e0 58 90 b7 03 74 4b 7a a7 5a 65 ea 08 9c cf e9 4d |X...tKz.Ze.....M| +000002f0 b4 8a ef f3 e1 d8 0a 83 0f 50 29 0b 59 77 90 e9 |.........P).Yw..| +00000300 f3 e8 ca 6c b5 da e5 2b 95 47 e7 ed ff d6 3b 30 |...l...+.G....;0| +00000310 45 61 2c af 5c 8c 4c df bd c4 dc 28 dd d2 31 fa |Ea,.\.L....(..1.| +00000320 be 65 2b a4 cd 7c 41 29 4c 99 07 97 5c 2a 3c a7 |.e+..|A)L...\*<.| +00000330 4d 9c ed 72 eb a1 a4 9e db eb a0 cf c7 c2 b1 3b |M..r...........;| +00000340 5a d9 f8 f8 8e d5 07 81 f6 65 aa 0d 4f 4d 11 16 |Z........e..OM..| +00000350 03 03 00 04 0e 00 00 00 |........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 5f d2 13 b1 79 f6 |....%...! _...y.| +00000010 f3 2a 21 f5 89 a3 22 29 73 30 14 60 1d 1e 77 8a |.*!...")s0.`..w.| +00000020 f4 1a 92 3f b0 04 06 98 1a 1e 14 03 03 00 01 01 |...?............| +00000030 16 03 03 00 20 63 10 89 c0 c0 56 37 40 8c e8 5e |.... c....V7@..^| +00000040 7f f0 f0 e3 a0 8e d5 20 33 5f dd c3 16 e8 eb 6c |....... 3_.....l| +00000050 c3 a8 75 6d dc |..um.| +>>> Flow 4 (server to client) +00000000 16 03 03 00 8b 04 00 00 87 00 00 00 00 00 81 50 |...............P| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f e0 18 83 51 ed 14 ef 68 ca 42 c5 4c e3 f1 12 |o...Q...h.B.L...| +00000040 a1 17 a6 ee 99 af e8 06 65 d0 6d c1 4f ce 92 7c |........e.m.O..|| +00000050 40 df 41 c1 90 e3 e0 d8 a1 95 da 38 25 26 ea b5 |@.A........8%&..| +00000060 ca a9 42 5f 8c 55 d4 d2 73 a6 a2 b6 22 49 38 16 |..B_.U..s..."I8.| +00000070 ec 70 52 f9 c0 12 18 9e 9b 4d e3 6d 49 b7 3b c0 |.pR......M.mI.;.| +00000080 e9 53 9d 06 96 fc a9 06 8c 2a 7a c5 7d 48 47 ef |.S.......*z.}HG.| +00000090 14 03 03 00 01 01 16 03 03 00 20 19 27 38 37 bf |.......... .'87.| +000000a0 07 4e 2f 77 b9 73 4b dd c8 f8 4c c5 f1 35 86 2b |.N/w.sK...L..5.+| +000000b0 97 7e 0f 89 4b bf db 81 76 8a 41 17 03 03 00 1d |.~..K...v.A.....| +000000c0 6d b8 c3 eb b1 5a f3 06 97 04 61 fc 82 74 5d a0 |m....Z....a..t].| +000000d0 73 57 75 6e 66 53 3e 12 5e 0d 60 31 52 15 03 03 |sWunfS>.^.`1R...| +000000e0 00 12 e4 93 fb 7b cb ee d6 70 ac af 5f 8b 82 9b |.....{...p.._...| +000000f0 e5 0b 68 9c |..h.| diff --git a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA index 0ab8b8d7..63e0edb6 100644 --- a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA +++ b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA @@ -1,91 +1,88 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 ca 01 00 00 c6 03 03 53 04 f1 3f 5f |...........S..?_| -00000010 f4 ef 1f b3 41 0b 54 e4 4d 56 0a 31 22 b8 5c 73 |....A.T.MV.1".\s| -00000020 a3 cb b5 b2 9d 43 f1 83 bc d3 bd 00 00 32 c0 30 |.....C.......2.0| -00000030 c0 2c c0 28 c0 24 c0 14 c0 0a c0 22 c0 21 00 a3 |.,.(.$.....".!..| -00000040 00 9f 00 6b 00 6a 00 39 00 38 00 88 00 87 c0 32 |...k.j.9.8.....2| -00000050 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 |...*.&.......=.5| -00000060 01 00 00 6b 00 0b 00 04 03 00 01 02 00 0a 00 34 |...k...........4| -00000070 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 |.2..............| -00000080 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 |................| -00000090 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f |................| -000000a0 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 06 03 |.......". ......| -000000b0 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................| -000000c0 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 |...............| +00000000 16 03 01 00 cb 01 00 00 c7 03 03 3f 5d 09 25 4e |...........?].%N| +00000010 82 83 13 89 ba 89 43 d5 43 4f f1 c3 2f 08 77 39 |......C.CO../.w9| +00000020 bf eb c7 1d 4b d6 85 c8 17 2f 83 00 00 38 c0 2c |....K..../...8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| +00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| +000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| +000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| >>> Flow 2 (server to client) -00000000 16 03 03 00 2a 02 00 00 26 03 03 00 00 00 00 00 |....*...&.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 16 |................| -00000030 03 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 |..............0.| -00000040 02 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb |..0..b.....-G...| -00000050 f4 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b |.0...*.H.=..0E1.| -00000060 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000070 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000080 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -00000090 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000a0 4c 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 |Ltd0...121122150| -000000b0 36 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 |632Z..2211201506| -000000c0 33 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |32Z0E1.0...U....| -000000d0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000e0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -000000f0 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000100 74 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 |ts Pty Ltd0..0..| -00000110 07 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 |.*.H.=....+...#.| -00000120 81 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e |............Hs6~| -00000130 c3 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 |..V.".=S.;M!=.ku| -00000140 e6 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 |......&.....r2|.| -00000150 64 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a |d/....h#.~..%.H:| -00000160 69 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 |i.(m.7...b....pb| -00000170 83 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b |....d1...1...h..| -00000180 23 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 |#.vd?.\....XX._p| -00000190 dd 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 |............0f[f| -000001a0 9a 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce |. .'...;0...*.H.| -000001b0 3d 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f |=......0...B...O| -000001c0 eb e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 |..E.H}.......Gp.| -000001d0 5e 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee |^../...M.a@.....| -000001e0 0b 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 |.~.~.v..;~.?....| -000001f0 59 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 |Y.G-|..N....o..B| -00000200 01 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 |.M..g..-...?..%.| -00000210 33 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e |3.......7z..z...| -00000220 dd d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 |...i..|V..1x+..x| -00000230 0d ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 |.....N6$1{j.9...| -00000240 8f 2a 16 03 03 00 d8 0c 00 00 d4 03 00 17 41 04 |.*............A.| -00000250 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| -00000260 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| -00000270 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| -00000280 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| -00000290 04 03 00 8b 30 81 88 02 42 00 c6 85 8e 06 b7 04 |....0...B.......| -000002a0 04 e9 cd 9e 3e cb 66 23 95 b4 42 9c 64 81 39 05 |....>.f#..B.d.9.| -000002b0 3f b5 21 f8 28 af 60 6b 4d 3d ba a1 4b 5e 77 ef |?.!.(.`kM=..K^w.| -000002c0 e7 59 28 fe 1d c1 27 a2 ff a8 de 33 48 b3 c1 85 |.Y(...'....3H...| -000002d0 6a 42 9b f9 7e 7e 31 c2 e5 bd 66 02 42 00 ad 7d |jB..~~1...f.B..}| -000002e0 06 35 ab ec 8d ac d4 ba 1b 49 5e 05 5f f0 97 93 |.5.......I^._...| -000002f0 82 b8 2b 8d 91 98 63 8e b4 14 62 db 1e c9 2b 64 |..+...c...b...+d| -00000300 e9 e6 bf 15 5b 67 c2 40 90 c6 1f b7 92 db 4b f6 |....[g.@......K.| -00000310 f4 db ae 82 f1 4f 02 75 52 40 38 10 ff 35 f0 16 |.....O.uR@8..5..| -00000320 03 03 00 04 0e 00 00 00 |........| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 0a 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 00 30 |...........0...0| +00000050 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 30 09 |..b.....-G....0.| +00000060 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 09 06 |..*.H.=..0E1.0..| +00000070 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 |.U....AU1.0...U.| +00000080 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 |...Some-State1!0| +00000090 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 |...U....Internet| +000000a0 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 | Widgits Pty Ltd| +000000b0 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 33 32 |0...121122150632| +000000c0 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 32 5a |Z..221120150632Z| +000000d0 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 |0E1.0...U....AU1| +000000e0 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 |.0...U....Some-S| +000000f0 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 |tate1!0...U....I| +00000100 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 |nternet Widgits | +00000110 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 2a 86 |Pty Ltd0..0...*.| +00000120 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +00000130 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 16 56 |.........Hs6~..V| +00000140 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 f6 b0 |.".=S.;M!=.ku...| +00000150 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 2f 1c |...&.....r2|.d/.| +00000160 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 e0 28 |...h#.~..%.H:i.(| +00000170 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 d8 81 |m.7...b....pb...| +00000180 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 de 76 |.d1...1...h..#.v| +00000190 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd 9b d8 |d?.\....XX._p...| +000001a0 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a 20 e2 |.........0f[f. .| +000001b0 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d 04 01 |'...;0...*.H.=..| +000001c0 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb e2 45 |....0...B...O..E| +000001d0 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e 1b b6 |.H}.......Gp.^..| +000001e0 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b 7e 92 |/...M.a@......~.| +000001f0 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 ec 47 |~.v..;~.?....Y.G| +00000200 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 4d fc |-|..N....o..B.M.| +00000210 be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 13 83 |.g..-...?..%.3..| +00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| +00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| +00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| +00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| +00000280 30 81 88 02 42 01 5c 2a 30 4f 9f dc df a8 33 06 |0...B.\*0O....3.| +00000290 3b bc 35 46 6a 9c a3 a1 26 ec 42 29 bf 63 b3 9b |;.5Fj...&.B).c..| +000002a0 8c bf 7b 07 8d 28 eb 41 68 7a 8a 1b f3 de a9 dc |..{..(.Ahz......| +000002b0 1e d1 21 3c 4d 24 df 89 90 b6 f2 fb ad 60 d2 27 |..!V..F.| +000002e0 b4 e5 90 72 ed af 71 0d fb e6 39 2f d5 4b 73 ba |...r..q...9/.Ks.| +000002f0 85 d2 a4 bf 99 74 d7 81 eb 3e 69 4d f0 12 1e 3c |.....t...>iM...<| +00000300 53 ca f0 35 85 ef ff ed cc 0f f7 16 03 03 00 04 |S..5............| +00000310 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 d8 94 c4 05 26 |....F...BA.....&| -00000010 76 29 2d 0e ec 47 b6 50 d5 a3 da 2a ba 02 11 37 |v)-..G.P...*...7| -00000020 3d ef e6 2a db d0 47 47 a7 9a 5f 43 2d 98 78 26 |=..*..GG.._C-.x&| -00000030 81 e2 f1 ba fe f7 66 c6 61 cb c1 b7 60 62 34 a5 |......f.a...`b4.| -00000040 78 67 50 3d 9a 0e 4a 8c 8f d7 10 14 03 03 00 01 |xgP=..J.........| -00000050 01 16 03 03 00 40 5e 46 b0 5d 30 f6 da 8f 9e 67 |.....@^F.]0....g| -00000060 f5 3e bd fe c9 b8 53 b2 10 d5 7c 0e 34 e3 93 6d |.>....S...|.4..m| -00000070 0e 8e 8a 2b df fb 9a 0f a5 23 55 e7 0a 4b e2 d3 |...+.....#U..K..| -00000080 db 15 e8 52 74 26 78 b3 b0 56 65 63 ac ae 1e c0 |...Rt&x..Vec....| -00000090 0b f4 92 56 a9 04 |...V..| +00000000 16 03 03 00 25 10 00 00 21 20 b8 a6 ed 33 20 59 |....%...! ...3 Y| +00000010 76 0b 7c 87 53 f1 12 c1 46 d9 db 68 c0 6f d6 30 |v.|.S...F..h.o.0| +00000020 ea e0 64 04 54 7a 4c 95 03 41 14 03 03 00 01 01 |..d.TzL..A......| +00000030 16 03 03 00 40 c0 70 29 39 a0 8a bd 59 58 88 44 |....@.p)9...YX.D| +00000040 ea 10 b4 79 3e 0e 72 b7 2a 03 6d 4d 5a 24 f5 c0 |...y>.r.*.mMZ$..| +00000050 4e e5 19 f0 fb 66 ca 97 89 4b 67 dc bb 19 cd 0b |N....f...Kg.....| +00000060 6e 74 01 d3 a4 9a ab af 8e 44 10 99 ac ff 9e 9e |nt.......D......| +00000070 17 04 56 78 55 |..VxU| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 16 a9 63 0a 99 |.............c..| -00000020 21 8a fc 5c b3 ee 05 71 4e 75 c0 d9 40 54 0d 3e |!..\...qNu..@T.>| -00000030 4e 5d 44 b7 4b 5d a9 e7 5a 30 ed b6 d5 08 50 b1 |N]D.K]..Z0....P.| -00000040 e8 8c 54 eb 1b 39 7a f9 3b ac 2e 17 03 03 00 40 |..T..9z.;......@| +00000010 00 00 00 00 00 00 00 00 00 00 00 01 a0 6b 2c c5 |.............k,.| +00000020 7e 83 70 b5 2c 8c 43 b6 8b 2e 18 2a 1d be 11 6d |~.p.,.C....*...m| +00000030 13 f9 ba b5 de db 01 2a 64 d9 5b 24 c9 61 a1 4d |.......*d.[$.a.M| +00000040 11 bb fc b1 86 61 b0 04 a9 cd 1e 17 03 03 00 40 |.....a.........@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 96 03 20 2b 20 c4 c1 9a 76 7b f3 96 bd 33 ed e6 |.. + ...v{...3..| -00000070 38 48 ea 53 d5 e0 62 b5 7e 1a 36 a8 dd 9f 2d 4b |8H.S..b.~.6...-K| -00000080 06 0d ae f6 bc 99 14 b3 93 14 27 63 e2 a0 c8 76 |..........'c...v| +00000060 d8 98 85 b4 cb 61 39 69 2f b1 1f 24 c1 5a 4f e3 |.....a9i/..$.ZO.| +00000070 0b 20 5d 6c 3f 3f 82 3a a3 8a b3 cf e9 41 bb 60 |. ]l??.:.....A.`| +00000080 ed b6 67 a0 76 39 ab 93 a5 35 d0 42 b3 a7 4c 92 |..g.v9...5.B..L.| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 48 af e1 e4 11 e1 b7 03 19 b0 e3 |.....H..........| -000000b0 e6 a9 66 d8 ac af aa 03 f6 0d 51 df 9a 27 78 3a |..f.......Q..'x:| -000000c0 56 5a 03 1a 4c |VZ..L| +000000a0 00 00 00 00 00 c7 0d 06 b2 2b 73 ab ed 16 88 6f |.........+s....o| +000000b0 62 77 fb 48 e4 5e 6d 7e 24 02 b6 08 fa 46 c8 76 |bw.H.^m~$....F.v| +000000c0 18 fc f4 c4 08 |.....| diff --git a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA index 88abb15a..802aa1ac 100644 --- a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA +++ b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA @@ -1,101 +1,92 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 ca 01 00 00 c6 03 03 53 04 f1 3f cc |...........S..?.| -00000010 41 74 00 07 cb ae 3b 30 79 48 51 60 41 a3 8c ab |At....;0yHQ`A...| -00000020 dc 76 f9 74 52 1e c5 fb a9 69 c2 00 00 32 c0 30 |.v.tR....i...2.0| -00000030 c0 2c c0 28 c0 24 c0 14 c0 0a c0 22 c0 21 00 a3 |.,.(.$.....".!..| -00000040 00 9f 00 6b 00 6a 00 39 00 38 00 88 00 87 c0 32 |...k.j.9.8.....2| -00000050 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 |...*.&.......=.5| -00000060 01 00 00 6b 00 0b 00 04 03 00 01 02 00 0a 00 34 |...k...........4| -00000070 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 |.2..............| -00000080 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 |................| -00000090 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f |................| -000000a0 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 06 03 |.......". ......| -000000b0 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................| -000000c0 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 |...............| +00000000 16 03 01 00 cb 01 00 00 c7 03 03 27 8a e9 f3 58 |...........'...X| +00000010 5a 08 90 d6 d4 97 23 b6 a7 92 73 3a a3 3c c1 a1 |Z.....#...s:.<..| +00000020 ca 06 23 c8 ed 4a 19 26 73 c9 62 00 00 38 c0 2c |..#..J.&s.b..8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| +00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| +000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| +000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| >>> Flow 2 (server to client) -00000000 16 03 03 00 2a 02 00 00 26 03 03 00 00 00 00 00 |....*...&.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 16 |................| -00000030 03 03 02 be 0b 00 02 ba 00 02 b7 00 02 b4 30 82 |..............0.| -00000040 02 b0 30 82 02 19 a0 03 02 01 02 02 09 00 85 b0 |..0.............| -00000050 bb a4 8a 7f b8 ca 30 0d 06 09 2a 86 48 86 f7 0d |......0...*.H...| -00000060 01 01 05 05 00 30 45 31 0b 30 09 06 03 55 04 06 |.....0E1.0...U..| -00000070 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 |..AU1.0...U....S| -00000080 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 |ome-State1!0...U| -00000090 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 |....Internet Wid| -000000a0 67 69 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d |gits Pty Ltd0...| -000000b0 31 30 30 34 32 34 30 39 30 39 33 38 5a 17 0d 31 |100424090938Z..1| -000000c0 31 30 34 32 34 30 39 30 39 33 38 5a 30 45 31 0b |10424090938Z0E1.| -000000d0 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -000000e0 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -000000f0 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -00000100 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -00000110 4c 74 64 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d |Ltd0..0...*.H...| -00000120 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 |.........0......| -00000130 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 2b |.y......F...i..+| -00000140 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 65 |.CZ..-.zC...R..e| -00000150 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e 62 |L,x.#........;~b| -00000160 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa 58 |.,.3...\zV.....X| -00000170 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 9f |{&?......!.J..T.| -00000180 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d f1 |Z..Bq......~.}}.| -00000190 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 01 |.9....Q.|..L;2f.| -000001a0 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d 79 |.....q.....k..-y| -000001b0 02 03 01 00 01 a3 81 a7 30 81 a4 30 1d 06 03 55 |........0..0...U| -000001c0 1d 0e 04 16 04 14 b1 ad e2 85 5a cf cb 28 db 69 |..........Z..(.i| -000001d0 ce 23 69 de d3 26 8e 18 88 39 30 75 06 03 55 1d |.#i..&...90u..U.| -000001e0 23 04 6e 30 6c 80 14 b1 ad e2 85 5a cf cb 28 db |#.n0l......Z..(.| -000001f0 69 ce 23 69 de d3 26 8e 18 88 39 a1 49 a4 47 30 |i.#i..&...9.I.G0| -00000200 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 |E1.0...U....AU1.| -00000210 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 |0...U....Some-St| -00000220 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e |ate1!0...U....In| -00000230 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 |ternet Widgits P| -00000240 74 79 20 4c 74 64 82 09 00 85 b0 bb a4 8a 7f b8 |ty Ltd..........| -00000250 ca 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 |.0...U....0....0| -00000260 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 |...*.H..........| -00000270 81 00 08 6c 45 24 c7 6b b1 59 ab 0c 52 cc f2 b0 |...lE$.k.Y..R...| -00000280 14 d7 87 9d 7a 64 75 b5 5a 95 66 e4 c5 2b 8e ae |....zdu.Z.f..+..| -00000290 12 66 1f eb 4f 38 b3 6e 60 d3 92 fd f7 41 08 b5 |.f..O8.n`....A..| -000002a0 25 13 b1 18 7a 24 fb 30 1d ba ed 98 b9 17 ec e7 |%...z$.0........| -000002b0 d7 31 59 db 95 d3 1d 78 ea 50 56 5c d5 82 5a 2d |.1Y....x.PV\..Z-| -000002c0 5a 5f 33 c4 b6 d8 c9 75 90 96 8c 0f 52 98 b5 cd |Z_3....u....R...| -000002d0 98 1f 89 20 5f f2 a0 1c a3 1b 96 94 dd a9 fd 57 |... _..........W| -000002e0 e9 70 e8 26 6d 71 99 9b 26 6e 38 50 29 6c 90 a7 |.p.&mq..&n8P)l..| -000002f0 bd d9 16 03 03 00 cd 0c 00 00 c9 03 00 17 41 04 |..............A.| -00000300 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| -00000310 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| -00000320 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| -00000330 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| -00000340 04 01 00 80 9d 84 09 35 73 fb f6 ea 94 7b 49 fb |.......5s....{I.| -00000350 c2 70 b1 11 64 5b 93 9f d9 8c f5 56 98 f6 d3 66 |.p..d[.....V...f| -00000360 a6 1d 18 56 88 87 71 3f b0 38 9d 44 1f ad 2c 0d |...V..q?.8.D..,.| -00000370 3a a7 e8 d4 3e 33 3c 41 20 f3 3f 5c e5 fb e3 23 |:...>36as.d...mP| -000003b0 33 55 c7 e1 c5 a5 4c 32 5c 95 dc 07 43 60 49 11 |3U....L2\...C`I.| -000003c0 e9 98 cc ba 16 03 03 00 04 0e 00 00 00 |.............| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 14 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 42 86 d0 0a 5b |.._X.;t....B...[| +000002d0 d7 97 20 4d be 16 b8 eb 51 66 28 3b f9 45 35 f5 |.. M....Qf(;.E5.| +000002e0 de 1d 28 c9 36 63 5b 7b f6 a7 64 79 fb 39 20 c3 |..(.6c[{..dy.9 .| +000002f0 dd db 38 3e af 89 ce 91 f7 bd 51 b4 5e 01 d8 9b |..8>......Q.^...| +00000300 54 62 58 24 3b c2 43 59 a4 11 1a 2b 67 c5 5f 79 |TbX$;.CY...+g._y| +00000310 fe 68 9d c7 e6 8b 36 8b f9 cb 00 b0 b3 0f 52 fb |.h....6.......R.| +00000320 fe a5 e6 c6 26 9b d1 a2 17 4e e2 58 7f b2 80 78 |....&....N.X...x| +00000330 10 b4 0a 47 e1 18 92 d4 a5 5a 86 06 36 ca f7 b6 |...G.....Z..6...| +00000340 1c 83 81 0e eb 32 7d fe 06 c5 03 16 03 03 00 04 |.....2}.........| +00000350 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 28 02 84 d5 b4 |....F...BA.(....| -00000010 58 07 47 d5 a0 d6 0b 1d 37 91 e6 34 a4 ad 0b ad |X.G.....7..4....| -00000020 22 01 82 77 a7 32 86 78 83 3a da 75 2f e5 68 7a |"..w.2.x.:.u/.hz| -00000030 de e4 05 e0 02 47 40 4e 38 d2 2c c3 7b da 53 73 |.....G@N8.,.{.Ss| -00000040 19 cb 8b 73 34 72 4d 33 71 39 c8 14 03 03 00 01 |...s4rM3q9......| -00000050 01 16 03 03 00 40 10 63 43 76 83 bd 36 e4 1e 4d |.....@.cCv..6..M| -00000060 7e 13 b0 ac aa c8 ec 90 31 df 84 46 49 68 39 5a |~.......1..FIh9Z| -00000070 05 8b 73 32 86 15 3a 18 57 d8 e2 2c 2d 05 89 93 |..s2..:.W..,-...| -00000080 37 b8 dd 73 33 92 ff a7 b2 53 27 94 b7 25 56 64 |7..s3....S'..%Vd| -00000090 a1 d3 2c f7 6b 71 |..,.kq| +00000000 16 03 03 00 25 10 00 00 21 20 14 7f fb 7d 0c ef |....%...! ...}..| +00000010 48 c4 8f 75 24 19 5f ee 5f 51 08 35 74 cf c3 ea |H..u$._._Q.5t...| +00000020 67 20 c4 f9 49 b2 cf 69 5a 77 14 03 03 00 01 01 |g ..I..iZw......| +00000030 16 03 03 00 40 2b d2 f4 dc 36 98 ef 1d 43 f9 3e |....@+...6...C.>| +00000040 83 33 c0 71 a6 e3 ac f1 3c cc 94 e4 d0 fe 81 bc |.3.q....<.......| +00000050 94 56 15 eb 6a 7b 17 33 e1 a0 ef d5 7a 86 af ea |.V..j{.3....z...| +00000060 1f bb d5 8c 80 56 d5 e4 08 cd 68 bf c0 53 c2 56 |.....V....h..S.V| +00000070 aa b3 38 1e 4e |..8.N| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 21 5c 31 b1 4b |...........!\1.K| -00000020 96 96 30 8f 79 35 3a 3a 2d 26 67 d0 70 48 be 30 |..0.y5::-&g.pH.0| -00000030 f8 3e e8 c1 cb 1d d5 89 f6 9c 72 bb 1c f9 4d 90 |.>........r...M.| -00000040 9c d7 c6 fa 40 76 a5 61 46 61 24 17 03 03 00 40 |....@v.aFa$....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 45 07 c3 ba 8c |...........E....| +00000020 d8 9f b6 f1 6a 14 bb b1 4e 84 3f 25 6a 3d ef f6 |....j...N.?%j=..| +00000030 88 89 1a 91 22 ef e3 ed ba 2a a3 7c 5b db e0 1d |...."....*.|[...| +00000040 b5 8d 7a ed e7 ad e1 31 b2 12 f5 17 03 03 00 40 |..z....1.......@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 94 8a 14 04 06 b9 30 a0 67 fd b2 4c 84 f4 10 93 |......0.g..L....| -00000070 7d d4 2b 23 f0 e9 62 93 c2 20 a2 f2 7c 07 21 4b |}.+#..b.. ..|.!K| -00000080 94 ba 7b 7d cb 77 da 85 93 bd 53 ee ca db 9b 3e |..{}.w....S....>| +00000060 a6 f3 0b 33 f7 7a 7c fb fb b5 e6 eb 6e 0a 26 aa |...3.z|.....n.&.| +00000070 06 3b a6 bc 08 e5 3a b6 c9 a3 f3 77 28 93 45 08 |.;....:....w(.E.| +00000080 1d 54 5e a3 92 cd 89 a3 e6 34 ec 52 70 c0 97 3c |.T^......4.Rp..<| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 17 3f 53 8d b3 35 b4 84 ed bb 12 |......?S..5.....| -000000b0 cf 73 25 25 7c c3 d3 bb 1f 5a 6b 73 9a 8a b1 a2 |.s%%|....Zks....| -000000c0 ba 99 f8 0e 43 |....C| +000000a0 00 00 00 00 00 2d 0d 96 57 b8 6f 90 1e 84 4d 35 |.....-..W.o...M5| +000000b0 91 52 42 6b 8d a3 6b 21 22 60 1a c9 38 7f 5a ef |.RBk..k!"`..8.Z.| +000000c0 6e dd 84 06 79 |n...y| diff --git a/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven index 547f7983..3d1ceaf9 100644 --- a/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven +++ b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven @@ -1,62 +1,58 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 65 |....\...X..R.WYe| -00000010 ae b3 ec a4 7a 05 f7 ec 39 22 7d 8c 91 96 6b e0 |....z...9"}...k.| -00000020 69 81 ff 88 28 17 60 ac 94 19 ff 00 00 04 00 05 |i...(.`.........| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 6d 01 00 00 69 03 03 b0 00 44 aa 86 |....m...i....D..| +00000010 30 87 8e 3f f1 89 9a 4a f6 4c 3b 11 f3 4f e9 9f |0..?...J.L;..O..| +00000020 00 22 47 82 26 57 c7 d0 f9 59 6f 00 00 04 00 2f |."G.&W...Yo..../| +00000030 00 ff 01 00 00 3c 00 16 00 00 00 17 00 00 00 0d |.....<..........| +00000040 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000050 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000060 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +00000070 06 02 |..| >>> Flow 2 (server to client) 00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 0f 0d 00 |n8P)l...........| -00000300 00 0b 02 01 40 00 04 04 01 04 03 00 00 16 03 03 |....@...........| -00000310 00 04 0e 00 00 00 |......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@| +000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................| +000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................| +000002c0 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) 00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -91,32 +87,40 @@ 000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| 000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| -00000210 03 03 00 86 10 00 00 82 00 80 47 5a 2f b8 78 46 |..........GZ/.xF| -00000220 9f 3c fc ab 8b 35 c9 77 da c3 96 78 31 7c 2b 4f |.<...5.w...x1|+O| -00000230 56 be 0f 33 bd 17 bc 1c 86 5a ae b3 0f 8b 18 2f |V..3.....Z...../| -00000240 48 0d e0 0a 20 d3 53 96 88 d2 8a 7d b6 58 13 44 |H... .S....}.X.D| -00000250 a5 e8 19 6d 02 df a6 1b 79 c5 54 c2 ef 4d 41 4f |...m....y.T..MAO| -00000260 04 1c eb 37 55 b7 2b f4 7c 6d 37 9c f1 89 a0 2c |...7U.+.|m7....,| -00000270 0f ba 10 09 e4 a1 ee 0a 7e 9a fd 2c 32 63 1c 55 |........~..,2c.U| -00000280 85 38 de d0 7b 5f 46 03 1f cc 4d 69 51 97 d8 d7 |.8..{_F...MiQ...| -00000290 88 6f ba 43 04 b0 42 09 61 5e 16 03 03 00 92 0f |.o.C..B.a^......| -000002a0 00 00 8e 04 03 00 8a 30 81 87 02 41 14 3d 4c 71 |.......0...A.=Lq| -000002b0 c2 32 4a 20 ee b7 69 17 55 e8 99 55 11 76 51 7a |.2J ..i.U..U.vQz| -000002c0 74 55 e7 e8 c3 3b b3 70 db 1c 8e f6 8a d4 99 40 |tU...;.p.......@| -000002d0 6e da 04 fd 7a 47 41 d6 ae c0 63 ad fd 91 a8 58 |n...zGA...c....X| -000002e0 24 b9 ac 2f 7a 4c bf 5b 24 12 cb 3a f3 02 42 00 |$../zL.[$..:..B.| -000002f0 90 f9 48 97 0e d4 33 99 09 9f 1d a8 97 16 60 82 |..H...3.......`.| -00000300 85 cc 5a 5d 79 f7 2f 03 2a c0 b8 12 61 ac 9f 88 |..Z]y./.*...a...| -00000310 1d 0d 9e 0a ee 28 a8 5a e2 42 b7 94 e2 e6 0e 13 |.....(.Z.B......| -00000320 c8 64 dc 4e d3 6b 10 d6 83 41 9c dc d4 53 c3 08 |.d.N.k...A...S..| -00000330 19 14 03 03 00 01 01 16 03 03 00 24 ef bd e3 23 |...........$...#| -00000340 10 23 ae 6e b5 12 eb 9c 21 78 db 36 fd bf 7f ee |.#.n....!x.6....| -00000350 6f c8 00 2d b6 35 cc 2f 38 73 ae a4 34 cf 0d df |o..-.5./8s..4...| +00000210 03 03 00 86 10 00 00 82 00 80 10 ab 2f 0f b9 29 |............/..)| +00000220 9f 26 36 09 00 96 9a 3d 2a 01 50 03 f3 d6 ac fc |.&6....=*.P.....| +00000230 40 76 96 d0 e6 a6 67 89 24 b0 56 80 58 5e 6d 03 |@v....g.$.V.X^m.| +00000240 e3 0f dc 61 d1 de 25 95 8a 54 9f 5b 3e f2 31 dd |...a..%..T.[>.1.| +00000250 14 2a e2 de 7b 70 66 b5 ed 95 d9 cc 6f c0 b3 a1 |.*..{pf.....o...| +00000260 bb 41 b2 0f 7d e8 ce b5 11 eb 99 e2 ce c0 33 bc |.A..}.........3.| +00000270 6a 67 10 84 d2 dd ac 15 8f 8e aa 2b 1a 7b ca d3 |jg.........+.{..| +00000280 bb 4b 92 c4 b9 2b 08 c1 0d b2 cf 96 63 64 9d 12 |.K...+......cd..| +00000290 a6 93 cd 21 3b bc 8e 94 72 76 16 03 03 00 93 0f |...!;...rv......| +000002a0 00 00 8f 04 03 00 8b 30 81 88 02 42 00 d5 05 54 |.......0...B...T| +000002b0 b2 68 a5 04 d6 3c 7b 7d c1 be e3 d1 b4 25 42 d6 |.h...<{}.....%B.| +000002c0 2a 3a 2e ea 73 0d 57 ba 0f 96 78 66 c2 c5 d7 57 |*:..s.W...xf...W| +000002d0 79 9c 22 8b 76 e9 45 ff ef 92 e9 43 3e b8 8b b4 |y.".v.E....C>...| +000002e0 cf 3f 67 aa 70 d1 e8 a2 1c a8 3d 24 a2 78 02 42 |.?g.p.....=$.x.B| +000002f0 01 b2 17 64 66 2f 2e 0d 2d b9 1d 67 45 de 48 9e |...df/..-..gE.H.| +00000300 32 f2 1f 79 38 39 b8 bb 8b 7f 82 e9 46 fd 9b 1b |2..y89......F...| +00000310 b3 dd a4 9c 15 b2 a2 88 4c f7 42 a2 62 92 c0 d0 |........L.B.b...| +00000320 a1 78 aa 8b 2d 78 4f 02 5a f7 eb ca c7 34 fc b6 |.x..-xO.Z....4..| +00000330 6c 6e 14 03 03 00 01 01 16 03 03 00 40 bd 47 9b |ln..........@.G.| +00000340 ce 31 2c 09 d3 a8 2c bb 28 0c e8 bd 01 a9 54 34 |.1,...,.(.....T4| +00000350 a5 74 af e0 d2 38 f3 1b fa d0 2b a6 39 24 ae de |.t...8....+.9$..| +00000360 0a cf 4b c0 a2 3b bf 80 23 71 0a 60 ca 94 b7 23 |..K..;..#q.`...#| +00000370 80 e3 89 89 42 74 0b a1 c6 f6 d2 c0 79 |....Bt......y| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 a7 50 0f 50 b4 |..........$.P.P.| -00000010 1c c3 4d f3 7a 64 df 65 ac 35 22 13 46 cc ec 36 |..M.zd.e.5".F..6| -00000020 e6 d2 f3 67 94 6a 18 85 9f 4a 3c 44 a3 58 b0 17 |...g.j...J>> Flow 1 (client to server) +00000000 16 03 01 00 6d 01 00 00 69 03 03 aa ad c9 dc 56 |....m...i......V| +00000010 79 2e da 42 a6 b2 9e 0a 85 a6 1b e0 5e cd 4e f5 |y..B........^.N.| +00000020 93 93 0c d5 62 a8 53 17 10 f7 e6 00 00 04 00 2f |....b.S......../| +00000030 00 ff 01 00 00 3c 00 16 00 00 00 17 00 00 00 0d |.....<..........| +00000040 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000050 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000060 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +00000070 06 02 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@| +000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................| +000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................| +000002c0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 3c 0b 00 01 38 00 01 35 00 01 32 30 |....<...8..5..20| +00000010 82 01 2e 30 81 e1 a0 03 02 01 02 02 10 17 d1 81 |...0............| +00000020 93 be 2a 8c 21 20 10 25 15 e8 34 23 4f 30 05 06 |..*.! .%..4#O0..| +00000030 03 2b 65 70 30 12 31 10 30 0e 06 03 55 04 0a 13 |.+ep0.1.0...U...| +00000040 07 41 63 6d 65 20 43 6f 30 1e 17 0d 31 39 30 35 |.Acme Co0...1905| +00000050 31 36 32 31 35 34 32 36 5a 17 0d 32 30 30 35 31 |16215426Z..20051| +00000060 35 32 31 35 34 32 36 5a 30 12 31 10 30 0e 06 03 |5215426Z0.1.0...| +00000070 55 04 0a 13 07 41 63 6d 65 20 43 6f 30 2a 30 05 |U....Acme Co0*0.| +00000080 06 03 2b 65 70 03 21 00 0b e0 b5 60 b5 e2 79 30 |..+ep.!....`..y0| +00000090 3d be e3 1e e0 50 b1 04 c8 6d c7 78 6c 69 2f c5 |=....P...m.xli/.| +000000a0 14 ad 9a 63 6f 79 12 91 a3 4d 30 4b 30 0e 06 03 |...coy...M0K0...| +000000b0 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 |U...........0...| +000000c0 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 |U.%..0...+......| +000000d0 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 |.0...U.......0.0| +000000e0 16 06 03 55 1d 11 04 0f 30 0d 82 0b 65 78 61 6d |...U....0...exam| +000000f0 70 6c 65 2e 63 6f 6d 30 05 06 03 2b 65 70 03 41 |ple.com0...+ep.A| +00000100 00 fc 19 17 2a 94 a5 31 fa 29 c8 2e 7f 5b a0 5d |....*..1.)...[.]| +00000110 8a 4e 34 40 39 d6 b3 10 dc 19 fe a0 22 71 b3 f5 |.N4@9......."q..| +00000120 8f a1 58 0d cd f4 f1 85 24 bf e6 3d 14 df df ed |..X.....$..=....| +00000130 0e e1 17 d8 11 a2 60 d0 8a 37 23 2a c2 46 aa 3a |......`..7#*.F.:| +00000140 08 16 03 03 00 86 10 00 00 82 00 80 14 f2 ac 22 |..............."| +00000150 fb 0b f8 03 a7 cf 23 d5 ea 9f b0 f2 64 ae 41 fe |......#.....d.A.| +00000160 33 f7 54 69 f5 41 b7 c1 91 6d 2b 3e 14 2a f6 c8 |3.Ti.A...m+>.*..| +00000170 96 45 00 28 13 f5 2f de 35 f9 64 89 5c 99 3e 89 |.E.(../.5.d.\.>.| +00000180 06 ff 59 56 69 db 5f 6e 02 84 dd 1c 44 7b 86 e8 |..YVi._n....D{..| +00000190 e3 d9 03 f1 16 9e 06 23 00 43 91 ec a9 dd da a4 |.......#.C......| +000001a0 ac fe 5b f8 62 f9 76 19 38 83 54 b4 8c 0b 02 f0 |..[.b.v.8.T.....| +000001b0 fa 7a 8e 2e da 9d e1 4a c6 51 92 9b f6 4b a1 31 |.z.....J.Q...K.1| +000001c0 c9 64 b2 a6 9a 01 52 86 b3 7a 43 17 16 03 03 00 |.d....R..zC.....| +000001d0 48 0f 00 00 44 08 07 00 40 29 35 71 34 aa b1 f1 |H...D...@)5q4...| +000001e0 64 08 4e 06 43 db 00 f7 f5 98 8e b6 51 d7 c4 b5 |d.N.C.......Q...| +000001f0 2b fa 56 8b bd 7b 18 f2 81 e9 2f 81 82 d8 90 e7 |+.V..{..../.....| +00000200 5b bc 72 7e f7 97 43 df cd 07 bf 7b ae 60 08 8b |[.r~..C....{.`..| +00000210 0a 71 c5 bf f0 7a 3e cc 0b 14 03 03 00 01 01 16 |.q...z>.........| +00000220 03 03 00 40 85 4f e0 c0 f3 3e a4 51 68 d6 ec 1b |...@.O...>.Qh...| +00000230 f1 4b 3e 0e 13 84 87 e3 3c 9a 5f 67 75 3a ad 08 |.K>.....<._gu:..| +00000240 be 29 15 b0 1f 62 27 fd d8 dd 58 b1 65 e7 e2 db |.)...b'...X.e...| +00000250 fe 55 a5 2d 2e 71 59 07 ad 12 12 80 12 bb 26 36 |.U.-.qY.......&6| +00000260 93 fb ea b1 |....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 f4 ed 23 ce da |.............#..| +00000020 73 5f ef 6b a2 82 3d a5 c6 f1 fd 8f a0 47 4e 34 |s_.k..=......GN4| +00000030 f9 7c d0 67 49 00 11 c3 76 83 23 3f 99 41 d5 5c |.|.gI...v.#?.A.\| +00000040 aa 9f 97 66 b7 0a 59 ba f3 40 83 17 03 03 00 40 |...f..Y..@.....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 82 66 85 d7 47 a6 5a 19 4f 89 5c 56 43 cb 6a bd |.f..G.Z.O.\VC.j.| +00000070 1b ae 46 40 7d e8 a9 7b 57 04 91 8b d5 de 24 f1 |..F@}..{W.....$.| +00000080 c0 df 37 45 e9 af d7 c5 1c e7 ee 80 0d 61 2a 7f |..7E.........a*.| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 5a 97 f3 38 e5 3a f1 07 79 b7 eb |.....Z..8.:..y..| +000000b0 ed 85 57 3a 96 16 51 38 85 86 ec 1b 9b 48 82 9c |..W:..Q8.....H..| +000000c0 05 bf 4d e5 fb |..M..| diff --git a/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven index 04a5b117..3dec0dee 100644 --- a/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven +++ b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven @@ -1,121 +1,125 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 6b |....\...X..R.WYk| -00000010 11 07 04 39 77 20 c2 b4 3f cb 0a c9 53 fe 5b 3e |...9w ..?...S.[>| -00000020 5f 58 2c 7e 30 69 e1 8e 6c 9d c8 00 00 04 00 05 |_X,~0i..l.......| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 6d 01 00 00 69 03 03 e7 7e 1f 56 df |....m...i...~.V.| +00000010 f1 1b e5 92 47 3b fb 25 a6 57 7d 13 47 08 f0 0f |....G;.%.W}.G...| +00000020 5b 64 64 00 d3 25 33 e5 a5 5b e3 00 00 04 00 2f |[dd..%3..[...../| +00000030 00 ff 01 00 00 3c 00 16 00 00 00 17 00 00 00 0d |.....<..........| +00000040 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000050 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000060 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +00000070 06 02 |..| >>> Flow 2 (server to client) 00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 0f 0d 00 |n8P)l...........| -00000300 00 0b 02 01 40 00 04 04 01 04 03 00 00 16 03 03 |....@...........| -00000310 00 04 0e 00 00 00 |......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@| +000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................| +000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................| +000002c0 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) -00000000 16 03 03 01 fb 0b 00 01 f7 00 01 f4 00 01 f1 30 |...............0| -00000010 82 01 ed 30 82 01 58 a0 03 02 01 02 02 01 00 30 |...0..X........0| -00000020 0b 06 09 2a 86 48 86 f7 0d 01 01 05 30 26 31 10 |...*.H......0&1.| -00000030 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -00000040 31 12 30 10 06 03 55 04 03 13 09 31 32 37 2e 30 |1.0...U....127.0| -00000050 2e 30 2e 31 30 1e 17 0d 31 31 31 32 30 38 30 37 |.0.10...11120807| -00000060 35 35 31 32 5a 17 0d 31 32 31 32 30 37 30 38 30 |5512Z..121207080| -00000070 30 31 32 5a 30 26 31 10 30 0e 06 03 55 04 0a 13 |012Z0&1.0...U...| -00000080 07 41 63 6d 65 20 43 6f 31 12 30 10 06 03 55 04 |.Acme Co1.0...U.| -00000090 03 13 09 31 32 37 2e 30 2e 30 2e 31 30 81 9c 30 |...127.0.0.10..0| -000000a0 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 8c 00 |...*.H..........| -000000b0 30 81 88 02 81 80 4e d0 7b 31 e3 82 64 d9 59 c0 |0.....N.{1..d.Y.| -000000c0 c2 87 a4 5e 1e 8b 73 33 c7 63 53 df 66 92 06 84 |...^..s3.cS.f...| -000000d0 f6 64 d5 8f e4 36 a7 1d 2b e8 b3 20 36 45 23 b5 |.d...6..+.. 6E#.| -000000e0 e3 95 ae ed e0 f5 20 9c 8d 95 df 7f 5a 12 ef 87 |...... .....Z...| -000000f0 e4 5b 68 e4 e9 0e 74 ec 04 8a 7f de 93 27 c4 01 |.[h...t......'..| -00000100 19 7a bd f2 dc 3d 14 ab d0 54 ca 21 0c d0 4d 6e |.z...=...T.!..Mn| -00000110 87 2e 5c c5 d2 bb 4d 4b 4f ce b6 2c f7 7e 88 ec |..\...MKO..,.~..| -00000120 7c d7 02 91 74 a6 1e 0c 1a da e3 4a 5a 2e de 13 ||...t......JZ...| -00000130 9c 4c 40 88 59 93 02 03 01 00 01 a3 32 30 30 30 |.L@.Y.......2000| -00000140 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 00 a0 30 |...U...........0| -00000150 0d 06 03 55 1d 0e 04 06 04 04 01 02 03 04 30 0f |...U..........0.| -00000160 06 03 55 1d 23 04 08 30 06 80 04 01 02 03 04 30 |..U.#..0.......0| -00000170 0b 06 09 2a 86 48 86 f7 0d 01 01 05 03 81 81 00 |...*.H..........| -00000180 36 1f b3 7a 0c 75 c9 6e 37 46 61 2b d5 bd c0 a7 |6..z.u.n7Fa+....| -00000190 4b cc 46 9a 81 58 7c 85 79 29 c8 c8 c6 67 dd 32 |K.F..X|.y)...g.2| -000001a0 56 45 2b 75 b6 e9 24 a9 50 9a be 1f 5a fa 1a 15 |VE+u..$.P...Z...| -000001b0 d9 cc 55 95 72 16 83 b9 c2 b6 8f fd 88 8c 38 84 |..U.r.........8.| -000001c0 1d ab 5d 92 31 13 4f fd 83 3b c6 9d f1 11 62 b6 |..].1.O..;....b.| -000001d0 8b ec ab 67 be c8 64 b0 11 50 46 58 17 6b 99 1c |...g..d..PFX.k..| -000001e0 d3 1d fc 06 f1 0e e5 96 a8 0c f9 78 20 b7 44 18 |...........x .D.| -000001f0 51 8d 10 7e 4f 94 67 df a3 4e 70 73 8e 90 91 85 |Q..~O.g..Nps....| -00000200 16 03 03 00 86 10 00 00 82 00 80 44 89 7d aa 26 |...........D.}.&| -00000210 30 ce 6b db 25 70 b0 1e 16 fa 5b 3a dd 4a 4b bd |0.k.%p....[:.JK.| -00000220 ec ee 50 9d 21 ba 52 b5 51 4f a8 65 d8 2e 41 e2 |..P.!.R.QO.e..A.| -00000230 e1 dc f3 1a df 58 4f 87 7a d3 e1 e1 1c 13 b2 0b |.....XO.z.......| -00000240 b7 43 b7 92 f2 df 19 bb 79 71 e0 71 44 ab 19 2f |.C......yq.qD../| -00000250 37 11 ac 62 50 b6 f1 53 fe aa b4 bc 29 8e 0b 4c |7..bP..S....)..L| -00000260 0b 12 8d d5 84 a9 fa a9 ea 16 aa c3 0d da 32 c8 |..............2.| -00000270 e0 4c 9f 99 f8 69 cd a8 c3 b1 76 42 67 f3 ff 15 |.L...i....vBg...| -00000280 52 95 43 66 da 49 43 25 9d e5 eb 16 03 03 00 88 |R.Cf.IC%........| -00000290 0f 00 00 84 04 01 00 80 01 d5 0e 1c 75 97 89 52 |............u..R| -000002a0 1a f0 cc ef 93 6e 71 b2 b1 38 8c 50 11 f7 a3 02 |.....nq..8.P....| -000002b0 71 c4 d5 6f 8d 01 83 06 2e ea 5a 10 8a 0d d0 fc |q..o......Z.....| -000002c0 b6 a2 63 af 4f 99 b5 eb ab fd 01 c2 fb 26 fc fd |..c.O........&..| -000002d0 ad 2c b3 63 b3 87 a6 f5 14 ea 7d e7 fe a8 e7 7e |.,.c......}....~| -000002e0 20 ab b9 f6 c3 58 bd c0 f3 96 eb 83 dc 42 6c 0d | ....X.......Bl.| -000002f0 5e e8 09 55 c7 b8 24 05 dd e1 7c af 9f 2c 22 6c |^..U..$...|..,"l| -00000300 fa b8 94 13 3b f1 09 e1 38 59 fc a1 8c cb aa ca |....;...8Y......| -00000310 f8 e0 2a 9c 36 f9 c3 2b 14 03 03 00 01 01 16 03 |..*.6..+........| -00000320 03 00 24 d0 12 7c cc d2 3e 37 1f f4 7d b4 c0 fc |..$..|..>7..}...| -00000330 19 f6 c8 ea 62 12 e0 0d af 62 d4 69 f7 96 5a c0 |....b....b.i..Z.| -00000340 97 d3 bb b0 a3 f7 3f |......?| +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 7f 38 c9 |.5............8.| +00000210 56 ed de 7d a6 2c dc cc 24 61 ea d3 8a fc b8 18 |V..}.,..$a......| +00000220 b8 e5 50 3e c3 d1 ca cf f7 0c d9 9b 22 d8 6d 0f |..P>........".m.| +00000230 71 e7 dd 7c 24 84 c6 f1 6a ac a0 3d ea d7 65 24 |q..|$...j..=..e$| +00000240 d7 3a 17 d5 b7 ec f7 03 bc 58 3a 01 d5 08 27 25 |.:.......X:...'%| +00000250 b9 2f 3b 96 cb d5 7c 12 20 f4 f1 91 58 13 fb 50 |./;...|. ...X..P| +00000260 f8 d5 5c e4 43 85 e8 41 37 3e ff fa a6 64 92 4d |..\.C..A7>...d.M| +00000270 bd d4 96 59 bd 94 f1 95 21 ad 75 1e 0d a2 8d 30 |...Y....!.u....0| +00000280 a3 82 f4 56 0f ba 5d 40 32 7f 0c 5f 5a 16 03 03 |...V..]@2.._Z...| +00000290 00 88 0f 00 00 84 08 04 00 80 39 b4 f4 68 e9 96 |..........9..h..| +000002a0 01 53 95 31 26 fa 3c 70 46 9f ba 62 b4 37 ea a6 |.S.1&..Gy..^p| +000002f0 30 8c 11 3f 27 43 4f 5d 81 89 83 39 9d fe 0c c3 |0..?'CO]...9....| +00000300 af 40 8d 2a 41 bf 57 67 7a df b4 89 29 10 9a 84 |.@.*A.Wgz...)...| +00000310 ff 8c 2f 58 1a 0a b9 62 4e 8e 14 03 03 00 01 01 |../X...bN.......| +00000320 16 03 03 00 40 7c 7a 79 ae 84 60 b8 95 83 30 78 |....@|zy..`...0x| +00000330 e9 6e 02 36 52 85 5a 6a a7 b5 f5 6d 4d a9 09 9d |.n.6R.Zj...mM...| +00000340 43 9d 46 da d0 cf 75 25 49 e1 79 0b 23 2d 85 c2 |C.F...u%I.y.#-..| +00000350 fd 5d 90 08 f5 75 81 ab 01 a0 f4 93 12 87 fb e3 |.]...u..........| +00000360 9b 99 4d fa c5 |..M..| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 cd 20 85 1e 74 |..........$. ..t| -00000010 18 b2 71 48 d5 10 61 c6 b0 18 26 83 c2 7f f1 b1 |..qH..a...&.....| -00000020 2f b5 35 d0 47 a8 99 9a 9a a5 62 64 fb f9 29 17 |/.5.G.....bd..).| -00000030 03 03 00 21 22 7b ed 61 e3 9b 6d 98 b9 23 98 e3 |...!"{.a..m..#..| -00000040 55 11 b8 0f 7e 2b e1 c1 d4 f1 83 79 c3 f8 03 f0 |U...~+.....y....| -00000050 02 5c 61 24 d7 15 03 03 00 16 14 2b a3 5a 56 f0 |.\a$.......+.ZV.| -00000060 92 da d0 e6 32 91 d8 30 7a b4 d0 a2 93 f5 01 ea |....2..0z.......| +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 48 61 67 c0 1e |...........Hag..| +00000020 09 79 82 cc 55 60 fa e5 bd 1a 1d 14 d3 25 e6 4b |.y..U`.......%.K| +00000030 b7 a6 47 64 01 65 12 b3 37 42 1a 13 d9 90 12 7e |..Gd.e..7B.....~| +00000040 ea d8 30 39 e2 25 5e 9a 05 61 11 17 03 03 00 40 |..09.%^..a.....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 cf c5 73 08 e9 15 25 b6 d8 e3 fa 0c a1 25 33 75 |..s...%......%3u| +00000070 8a 2e 66 03 c2 2d 50 c7 e1 10 b4 2a 0c 88 87 90 |..f..-P....*....| +00000080 04 4a 80 26 85 4b fd 9a 4f 0e b1 2c f0 18 57 f5 |.J.&.K..O..,..W.| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 ce e0 a1 71 be 3d 1e b0 bd 06 4c |........q.=....L| +000000b0 1f 5b 10 8d 77 18 e0 c5 81 c9 4e 1b 3b 96 f6 6d |.[..w.....N.;..m| +000000c0 88 03 53 54 30 |..ST0| diff --git a/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given new file mode 100644 index 00000000..8efbc912 --- /dev/null +++ b/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given @@ -0,0 +1,125 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 6d 01 00 00 69 03 03 4c 65 99 ab e0 |....m...i..Le...| +00000010 4b 0a 08 f5 06 20 f9 3d 96 4f 05 e3 58 6f 41 50 |K.... .=.O..XoAP| +00000020 c1 5f e8 a8 0a 5f 8f f2 de 7f 16 00 00 04 00 2f |._..._........./| +00000030 00 ff 01 00 00 3c 00 16 00 00 00 17 00 00 00 0d |.....<..........| +00000040 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000050 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000060 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +00000070 06 02 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@| +000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................| +000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................| +000002c0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 41 62 b4 |.5...........Ab.| +00000210 fb 81 80 58 e3 0d c7 b2 c0 55 ee 5b 1a ba 2d 8f |...X.....U.[..-.| +00000220 9f 79 24 0a d5 be c7 2b 55 ec 51 6d b9 78 63 85 |.y$....+U.Qm.xc.| +00000230 82 d2 ea 02 0c 06 fe 05 fd ed 08 be 71 99 5f 53 |............q._S| +00000240 94 85 01 ff ba 2a ee 14 cb 99 0a df 1e 67 0d 95 |.....*.......g..| +00000250 63 8d 1f 96 41 75 f9 5d 1a 21 03 6c e3 eb 4f 5e |c...Au.].!.l..O^| +00000260 28 c3 4d bb 6d 29 33 bc 24 75 8c 3b f2 c4 6b f5 |(.M.m)3.$u.;..k.| +00000270 86 db 40 59 34 43 fb a9 1e ea 6f 3f 0e b4 35 39 |..@Y4C....o?..59| +00000280 52 d8 0f 85 ed 3b 52 b6 5b 7f b0 bf c3 16 03 03 |R....;R.[.......| +00000290 00 88 0f 00 00 84 04 01 00 80 52 85 ca 08 7d 07 |..........R...}.| +000002a0 bc d8 0c a4 b8 36 01 c0 b8 8a 18 ba d8 d4 a3 fa |.....6..........| +000002b0 fd 32 e2 00 72 e5 d2 c8 5a 59 6b 5e 6e df 35 da |.2..r...ZYk^n.5.| +000002c0 c7 1e ee af 87 4b d6 30 7e 27 1c 76 70 28 79 ac |.....K.0~'.vp(y.| +000002d0 7f 31 bc 44 55 3c 15 61 d2 0d 24 9c 48 43 9f 12 |.1.DU<.a..$.HC..| +000002e0 a6 74 5c 2f 5b 4e 96 4a 47 b4 6b 7c fa da 37 96 |.t\/[N.JG.k|..7.| +000002f0 ec 46 7d 05 be 24 8f cf 11 31 ab 4c 5b c7 3e 94 |.F}..$...1.L[.>.| +00000300 9a 2a 39 e8 fe aa aa ee e3 00 a3 a8 1e 75 4a 21 |.*9..........uJ!| +00000310 b4 ad 24 8f ee e8 30 85 b1 28 14 03 03 00 01 01 |..$...0..(......| +00000320 16 03 03 00 40 71 47 13 68 49 74 9c 2a 81 35 94 |....@qG.hIt.*.5.| +00000330 52 f6 44 44 67 3b 62 e1 ef 34 18 e7 8a 56 71 88 |R.DDg;b..4...Vq.| +00000340 83 7e 67 28 20 18 b1 c5 8a c8 8b 6a fe ee bf da |.~g( ......j....| +00000350 5f 6e cd fa a8 5c af 5c 3c 83 80 78 f3 fe 1b dc |_n...\.\<..x....| +00000360 95 fe 22 16 82 |.."..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 20 f7 51 8f 23 |........... .Q.#| +00000020 08 8d 67 5d 12 06 b0 48 81 2d 0c ba 88 03 88 31 |..g]...H.-.....1| +00000030 d0 ab 63 0d 9f 28 60 21 0a a3 58 47 c2 04 cc f1 |..c..(`!..XG....| +00000040 50 0d 88 b2 e5 54 50 26 e6 6e ed 17 03 03 00 40 |P....TP&.n.....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 fa 4d e5 00 14 2c 65 82 5d 1b bf 99 6a 54 16 98 |.M...,e.]...jT..| +00000070 ef 55 15 00 f9 c4 3e 61 88 83 63 fd 60 66 f1 87 |.U....>a..c.`f..| +00000080 fa c4 45 ae de b8 0a 36 75 f5 b2 b6 f5 d8 9b df |..E....6u.......| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 54 cc c0 15 e5 6d 62 4d 13 54 e8 |.....T....mbM.T.| +000000b0 fa cf 76 a6 de d6 48 f8 0d ef 30 b7 12 05 cf 75 |..v...H...0....u| +000000c0 8b 00 9e d5 63 |....c| diff --git a/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven index 562fe1aa..a81c1731 100644 --- a/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven +++ b/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven @@ -1,81 +1,85 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 1b |....\...X..R.WY.| -00000010 08 fe f7 8a bf 07 84 2b 60 a6 13 2d 15 13 f8 b6 |.......+`..-....| -00000020 d4 b6 3b f2 7a 98 ff 32 a0 68 7c 00 00 04 00 05 |..;.z..2.h|.....| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 6d 01 00 00 69 03 03 be a7 a4 6c f7 |....m...i.....l.| +00000010 f6 b4 f2 64 5d 0e 36 b6 05 f5 f1 c9 fe 3c c2 8e |...d].6......<..| +00000020 c4 b7 18 68 b9 0c 1d 51 50 2f 1e 00 00 04 00 2f |...h...QP/...../| +00000030 00 ff 01 00 00 3c 00 16 00 00 00 17 00 00 00 0d |.....<..........| +00000040 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 |.0..............| +00000050 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000060 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 |................| +00000070 06 02 |..| >>> Flow 2 (server to client) 00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 0f 0d 00 |n8P)l...........| -00000300 00 0b 02 01 40 00 04 04 01 04 03 00 00 16 03 03 |....@...........| -00000310 00 04 0e 00 00 00 |......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@| +000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................| +000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................| +000002c0 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) 00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................| -00000010 86 10 00 00 82 00 80 6b 51 48 d3 18 7d 30 e0 0c |.......kQH..}0..| -00000020 20 8d f3 e4 39 47 30 0e a5 85 79 f9 8b 11 50 9e | ...9G0...y...P.| -00000030 81 71 5c 26 c6 bb cb aa d5 00 d1 89 79 b1 77 2d |.q\&........y.w-| -00000040 eb 9b 86 7c 52 c6 f7 b7 10 b0 b6 94 22 51 b8 12 |...|R......."Q..| -00000050 3c 09 35 8e 1b cc f4 3b b7 b8 78 ab 89 59 41 49 |<.5....;..x..YAI| -00000060 21 31 eb f0 f8 94 63 3d e6 96 8f b6 63 95 05 dd |!1....c=....c...| -00000070 46 b3 00 8a d6 83 75 99 1b 5a 48 0a 23 b5 10 c1 |F.....u..ZH.#...| -00000080 95 b5 bc 15 72 b5 f5 a0 62 e2 1d c0 ff d2 87 a5 |....r...b.......| -00000090 97 5c 33 49 a7 26 35 14 03 03 00 01 01 16 03 03 |.\3I.&5.........| -000000a0 00 24 61 38 1f 9d fb d9 65 2e 02 07 fb be f9 85 |.$a8....e.......| -000000b0 8d 15 34 c0 d1 0e 4e 10 3c 25 60 2f ac 04 21 66 |..4...N.<%`/..!f| -000000c0 04 9d 9a 60 31 72 |...`1r| +00000010 86 10 00 00 82 00 80 a9 b6 12 e2 84 71 62 7a 20 |............qbz | +00000020 63 80 99 c6 ee f7 61 f9 74 d6 0b ab 31 74 69 ca |c.....a.t...1ti.| +00000030 94 20 9e 1b 0e 52 45 c4 f4 b3 cb fb a4 07 61 6f |. ...RE.......ao| +00000040 a1 5a 84 4c 4f f6 4a e4 bc c5 c2 b0 ee 8a 30 5b |.Z.LO.J.......0[| +00000050 10 e0 ed d3 4c b7 32 8c ed 3f 89 a7 a7 95 60 86 |....L.2..?....`.| +00000060 97 1a ae ab 2f 5c e6 6d 1b c3 35 bd f5 c1 f0 1a |..../\.m..5.....| +00000070 d4 70 e5 00 f2 d4 d1 20 6a 82 db e7 52 ca 88 e5 |.p..... j...R...| +00000080 2d cc 79 0c f6 09 84 65 f0 30 41 67 10 0a 48 d1 |-.y....e.0Ag..H.| +00000090 09 3e 56 7a aa 57 bc 14 03 03 00 01 01 16 03 03 |.>Vz.W..........| +000000a0 00 40 e6 0a 91 5f 30 f8 52 75 94 8e ab 82 ec 1d |.@..._0.Ru......| +000000b0 b7 a1 1c 18 1a aa 1c f8 73 93 0e 20 ad 68 a7 65 |........s.. .h.e| +000000c0 86 c9 f5 90 f9 b2 fd d1 32 94 52 6e 82 9b b9 45 |........2.Rn...E| +000000d0 97 52 4b 1e c2 31 a6 2e c8 b3 1a 62 22 83 8f df |.RK..1.....b"...| +000000e0 d7 06 |..| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 fe 0e 3e 84 af |..........$..>..| -00000010 e5 6b 10 ed 41 9c 2b e0 ba e0 2b 53 61 36 1b 40 |.k..A.+...+Sa6.@| -00000020 35 de 3a c7 c3 5c df 74 67 f7 05 74 84 f5 e1 17 |5.:..\.tg..t....| -00000030 03 03 00 21 d3 8d 81 85 b7 1f 30 bd 89 33 f9 81 |...!......0..3..| -00000040 89 f7 af d1 be b0 c1 46 e3 df 32 f6 dc 2f 4d 82 |.......F..2../M.| -00000050 0a 84 9f 5b 03 15 03 03 00 16 13 af 37 91 82 67 |...[........7..g| -00000060 b0 7c 5e 0e ec 8e cc 31 a0 ea a5 72 a4 2b 0b 73 |.|^....1...r.+.s| +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 b0 2c 61 79 87 |............,ay.| +00000020 59 d4 9e 4d e7 56 4a 34 ba 78 d5 06 98 a2 92 35 |Y..M.VJ4.x.....5| +00000030 a1 fc 57 5a 6e d3 0f 44 08 1c a1 7b 3c d3 f1 86 |..WZn..D...{<...| +00000040 a2 04 04 5e 1b 7c 00 4f 51 71 73 17 03 03 00 40 |...^.|.OQqs....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 aa 5c 1a 9a 70 bc b3 fb 70 07 0b 24 cb 95 84 61 |.\..p...p..$...a| +00000070 96 ed d8 97 2f d6 79 51 ed cd 67 44 e5 d4 a3 57 |..../.yQ..gD...W| +00000080 95 f6 c8 31 a8 95 c2 07 a4 ce 1c fc 4a dc 93 d9 |...1........J...| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 ae dd c4 f4 04 d3 b1 1a 8a 56 f7 |..............V.| +000000b0 73 c9 d5 aa 6c 59 d7 66 77 34 64 2d 19 79 13 80 |s...lY.fw4d-.y..| +000000c0 98 60 6d f4 d9 |.`m..| diff --git a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES index aacbb867..d7e61880 100644 --- a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES @@ -1,89 +1,85 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 9c 01 00 00 98 03 03 53 04 f0 f9 09 |...........S....| -00000010 13 56 01 37 84 b1 32 59 4c 73 b1 8e bb 02 1a 32 |.V.7..2YLs.....2| -00000020 db ab 8c e6 ed ad 7f 52 9a 59 39 00 00 04 c0 0a |.......R.Y9.....| -00000030 00 ff 01 00 00 6b 00 0b 00 04 03 00 01 02 00 0a |.....k..........| -00000040 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 |.4.2............| -00000050 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 |................| -00000060 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 |................| -00000070 00 0f 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 |.........". ....| -00000080 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000090 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -000000a0 01 |.| +00000000 16 03 01 00 97 01 00 00 93 03 03 86 3b 10 1e 5f |............;.._| +00000010 81 eb 21 bd 77 47 61 e9 3f 82 85 14 91 8c ab 7d |..!.wGa.?......}| +00000020 84 bd b1 f0 06 20 8a 7b 06 d6 78 00 00 04 c0 0a |..... .{..x.....| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 0e 0b 00 02 0a 00 |................| -00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...| -00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.| -00000060 3d 04 01 30 45 31 0b 30 09 06 03 55 04 06 13 02 |=..0E1.0...U....| -00000070 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -00000080 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000090 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -000000a0 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 32 |ts Pty Ltd0...12| -000000b0 31 31 32 32 31 35 30 36 33 32 5a 17 0d 32 32 31 |1122150632Z..221| -000000c0 31 32 30 31 35 30 36 33 32 5a 30 45 31 0b 30 09 |120150632Z0E1.0.| -000000d0 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| -000000e0 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| -000000f0 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| -00000100 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| -00000110 64 30 81 9b 30 10 06 07 2a 86 48 ce 3d 02 01 06 |d0..0...*.H.=...| -00000120 05 2b 81 04 00 23 03 81 86 00 04 00 c4 a1 ed be |.+...#..........| -00000130 98 f9 0b 48 73 36 7e c3 16 56 11 22 f2 3d 53 c3 |...Hs6~..V.".=S.| -00000140 3b 4d 21 3d cd 6b 75 e6 f6 b0 dc 9a df 26 c1 bc |;M!=.ku......&..| -00000150 b2 87 f0 72 32 7c b3 64 2f 1c 90 bc ea 68 23 10 |...r2|.d/....h#.| -00000160 7e fe e3 25 c0 48 3a 69 e0 28 6d d3 37 00 ef 04 |~..%.H:i.(m.7...| -00000170 62 dd 0d a0 9c 70 62 83 d8 81 d3 64 31 aa 9e 97 |b....pb....d1...| -00000180 31 bd 96 b0 68 c0 9b 23 de 76 64 3f 1a 5c 7f e9 |1...h..#.vd?.\..| -00000190 12 0e 58 58 b6 5f 70 dd 9b d8 ea d5 d7 f5 d5 cc |..XX._p.........| -000001a0 b9 b6 9f 30 66 5b 66 9a 20 e2 27 e5 bf fe 3b 30 |...0f[f. .'...;0| -000001b0 09 06 07 2a 86 48 ce 3d 04 01 03 81 8c 00 30 81 |...*.H.=......0.| -000001c0 88 02 42 01 88 a2 4f eb e2 45 c5 48 7d 1b ac f5 |..B...O..E.H}...| -000001d0 ed 98 9d ae 47 70 c0 5e 1b b6 2f bd f1 b6 4d b7 |....Gp.^../...M.| -000001e0 61 40 d3 11 a2 ce ee 0b 7e 92 7e ff 76 9d c3 3b |a@......~.~.v..;| -000001f0 7e a5 3f ce fa 10 e2 59 ec 47 2d 7c ac da 4e 97 |~.?....Y.G-|..N.| -00000200 0e 15 a0 6f d0 02 42 01 4d fc be 67 13 9c 2d 05 |...o..B.M..g..-.| -00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7| -00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.| -00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1| -00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 d8 0c 00 |{j.9....*.......| -00000250 00 d4 03 00 17 41 04 1e 18 37 ef 0d 19 51 88 35 |.....A...7...Q.5| -00000260 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 3e |uq..T[....g..$ >| -00000270 b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f 6c |.V...(^.+-O....l| -00000280 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 1a |K[.V.2B.X..I..h.| -00000290 41 03 56 6b dc 5a 89 04 03 00 8b 30 81 88 02 42 |A.Vk.Z.....0...B| -000002a0 00 c6 85 8e 06 b7 04 04 e9 cd 9e 3e cb 66 23 95 |...........>.f#.| -000002b0 b4 42 9c 64 81 39 05 3f b5 21 f8 28 af 60 6b 4d |.B.d.9.?.!.(.`kM| -000002c0 3d ba a1 4b 5e 77 ef e7 59 28 fe 1d c1 27 a2 ff |=..K^w..Y(...'..| -000002d0 a8 de 33 48 b3 c1 85 6a 42 9b f9 7e 7e 31 c2 e5 |..3H...jB..~~1..| -000002e0 bd 66 02 42 00 ad 7d 06 35 ab ec 8d ac d4 ba 1b |.f.B..}.5.......| -000002f0 49 5e 05 5f f0 97 93 82 b8 2b 8d 91 98 63 8e b4 |I^._.....+...c..| -00000300 14 62 db 1e c9 2c 13 ae b7 d3 17 38 23 2f f6 7f |.b...,.....8#/..| -00000310 0c 4d d3 33 d2 79 d1 77 ee cb b1 c2 fc 34 b8 69 |.M.3.y.w.....4.i| -00000320 f9 10 8b 61 89 85 16 03 03 00 04 0e 00 00 00 |...a...........| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 0a 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 00 30 |...........0...0| +00000050 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 30 09 |..b.....-G....0.| +00000060 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 09 06 |..*.H.=..0E1.0..| +00000070 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 |.U....AU1.0...U.| +00000080 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 |...Some-State1!0| +00000090 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 |...U....Internet| +000000a0 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 | Widgits Pty Ltd| +000000b0 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 33 32 |0...121122150632| +000000c0 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 32 5a |Z..221120150632Z| +000000d0 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 |0E1.0...U....AU1| +000000e0 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 |.0...U....Some-S| +000000f0 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 |tate1!0...U....I| +00000100 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 |nternet Widgits | +00000110 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 2a 86 |Pty Ltd0..0...*.| +00000120 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +00000130 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 16 56 |.........Hs6~..V| +00000140 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 f6 b0 |.".=S.;M!=.ku...| +00000150 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 2f 1c |...&.....r2|.d/.| +00000160 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 e0 28 |...h#.~..%.H:i.(| +00000170 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 d8 81 |m.7...b....pb...| +00000180 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 de 76 |.d1...1...h..#.v| +00000190 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd 9b d8 |d?.\....XX._p...| +000001a0 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a 20 e2 |.........0f[f. .| +000001b0 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d 04 01 |'...;0...*.H.=..| +000001c0 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb e2 45 |....0...B...O..E| +000001d0 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e 1b b6 |.H}.......Gp.^..| +000001e0 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b 7e 92 |/...M.a@......~.| +000001f0 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 ec 47 |~.v..;~.?....Y.G| +00000200 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 4d fc |-|..N....o..B.M.| +00000210 be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 13 83 |.g..-...?..%.3..| +00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| +00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| +00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| +00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| +00000280 30 81 88 02 42 01 c5 d1 36 97 5b 0e 5e a6 90 50 |0...B...6.[.^..P| +00000290 a0 2e 80 b5 df d7 5a f6 95 0d a4 c6 f0 da 2e e7 |......Z.........| +000002a0 91 79 9f 85 2e ef ca 66 3c f7 c4 7b bd 61 70 bb |.y.....f<..{.ap.| +000002b0 16 c5 aa 00 35 33 ae 58 00 b3 f1 fe 0f 77 52 23 |....53.X.....wR#| +000002c0 f4 40 ba 4b c7 e5 43 02 42 01 64 af ab 8a 87 38 |.@.K..C.B.d....8| +000002d0 a1 7f b8 ae 84 0e a4 ff ad 16 09 44 0b 65 67 70 |...........D.egp| +000002e0 12 7f 1a 37 9a 1d 5e b7 3b 63 df f9 6b f1 b9 ba |...7..^.;c..k...| +000002f0 6b 35 8f b3 03 da 3d 61 00 3d 4e 75 b4 d0 92 d5 |k5....=a.=Nu....| +00000300 ee 50 9d d7 f9 26 69 e6 ec cf 3b 16 03 03 00 04 |.P...&i...;.....| +00000310 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 dd 22 68 a1 4e |....F...BA.."h.N| -00000010 04 1b 47 f9 c5 7d 04 1d d8 fe 84 fa be 31 2e a7 |..G..}.......1..| -00000020 f8 e5 b8 14 92 44 99 11 0e 34 97 fc e5 b1 91 cf |.....D...4......| -00000030 a4 d1 3f b4 71 94 c6 06 16 f0 98 c0 3e 05 f9 2f |..?.q.......>../| -00000040 0a 97 78 3d ef dc fa a2 d7 ee 7d 14 03 03 00 01 |..x=......}.....| -00000050 01 16 03 03 00 40 90 bf 7f e9 c9 6e d1 80 f5 12 |.....@.....n....| -00000060 6d c5 b7 c5 15 4b 18 a5 d3 18 1e f8 8c 4d 7e 6d |m....K.......M~m| -00000070 03 60 29 7c 45 7c b2 ca 8c 07 71 70 aa 23 fa 6e |.`)|E|....qp.#.n| -00000080 d9 0b 0a 32 4c 9e e5 00 f9 19 9b b6 8d dc d3 67 |...2L..........g| -00000090 3d 0f bb b8 4b 9e |=...K.| +00000000 16 03 03 00 25 10 00 00 21 20 54 db 5b a1 4c e0 |....%...! T.[.L.| +00000010 0e 52 a2 45 e3 b4 ac 91 3d e1 de a9 3e eb 80 9e |.R.E....=...>...| +00000020 f5 04 7b fc 82 10 2f d9 d1 41 14 03 03 00 01 01 |..{.../..A......| +00000030 16 03 03 00 40 47 68 cc 5e 68 3f 05 d6 f8 5c 11 |....@Gh.^h?...\.| +00000040 08 a3 91 72 ae 4c 98 67 2f 45 ee 16 6b 8b 2d 28 |...r.L.g/E..k.-(| +00000050 15 34 43 47 f9 46 f2 96 c2 85 d5 cc 03 e0 84 de |.4CG.F..........| +00000060 9c 03 fe bf c9 73 23 15 d0 0f 85 3a 76 db 9f 5d |.....s#....:v..]| +00000070 95 b7 de 9c c2 |.....| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 a1 6e e5 d1 ca |............n...| -00000020 03 f4 77 dc ec ee 5d f0 22 5e 7f 55 1a 8d ad 45 |..w...]."^.U...E| -00000030 09 f1 3b b2 61 36 dc 3d 2a 1e 1f e5 a7 84 76 a9 |..;.a6.=*.....v.| -00000040 41 5b 86 03 ac 22 18 20 9b a9 29 17 03 03 00 40 |A[...". ..)....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 98 34 52 f3 44 |............4R.D| +00000020 18 69 23 61 ef 8f e9 c0 88 9c ad 1f cb e4 8d 55 |.i#a...........U| +00000030 bd bb 77 9c 65 9d 21 f0 54 4c 46 db 4f e6 e8 ab |..w.e.!.TLF.O...| +00000040 6b 1d 60 38 7f e0 2c 38 ef e7 43 17 03 03 00 40 |k.`8..,8..C....@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 f5 cb 28 1e b5 bc 82 7f 82 38 54 14 e8 b9 6d 3b |..(......8T...m;| -00000070 bc 99 d6 0e f9 00 96 99 a8 92 2e 86 9d 62 4e 90 |.............bN.| -00000080 27 52 58 45 20 93 90 a1 f3 a8 89 2b e7 21 24 16 |'RXE ......+.!$.| +00000060 44 68 90 07 1e 8c 7f db 3e 3f 8c 28 e1 d7 41 38 |Dh......>?.(..A8| +00000070 e2 78 04 e3 42 c2 a9 76 bb 0a ae b9 93 df 81 d7 |.x..B..v........| +00000080 9b 0f 1d 44 19 79 ff 7c 21 8f 75 ca e2 82 cc c4 |...D.y.|!.u.....| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 a8 2a ab 8f b0 ce 49 8b fd a5 c9 |......*....I....| -000000b0 11 b2 04 83 18 f3 1d 6c 82 34 1d df dd 2f 45 3b |.......l.4.../E;| -000000c0 27 8a 0f 16 69 |'...i| +000000a0 00 00 00 00 00 82 1f e6 2c 3f c7 55 19 01 0b 62 |........,?.U...b| +000000b0 1a 99 fc f8 d3 b0 38 21 41 92 1a d1 e0 43 96 da |......8!A....C..| +000000c0 80 4b 58 91 c8 |.KX..| diff --git a/tls/testdata/Server-TLSv12-Ed25519 b/tls/testdata/Server-TLSv12-Ed25519 new file mode 100644 index 00000000..dd345928 --- /dev/null +++ b/tls/testdata/Server-TLSv12-Ed25519 @@ -0,0 +1,58 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 85 01 00 00 81 03 03 f0 8d 1b 90 67 |...............g| +00000010 3b 23 46 ac f7 79 f2 f9 e8 90 98 b3 52 b2 55 2a |;#F..y......R.U*| +00000020 fb 0f 1e dd 4f b3 75 4b 9b 88 0e 00 00 04 cc a9 |....O.uK........| +00000030 00 ff 01 00 00 54 00 0b 00 04 03 00 01 02 00 0a |.....T..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 |.........0......| +00000060 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000070 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000080 03 02 02 02 04 02 05 02 06 02 |..........| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a9 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 01 |................| +00000040 3c 0b 00 01 38 00 01 35 00 01 32 30 82 01 2e 30 |<...8..5..20...0| +00000050 81 e1 a0 03 02 01 02 02 10 0f 43 1c 42 57 93 94 |..........C.BW..| +00000060 1d e9 87 e4 f1 ad 15 00 5d 30 05 06 03 2b 65 70 |........]0...+ep| +00000070 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 6d |0.1.0...U....Acm| +00000080 65 20 43 6f 30 1e 17 0d 31 39 30 35 31 36 32 31 |e Co0...19051621| +00000090 33 38 30 31 5a 17 0d 32 30 30 35 31 35 32 31 33 |3801Z..200515213| +000000a0 38 30 31 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 |801Z0.1.0...U...| +000000b0 07 41 63 6d 65 20 43 6f 30 2a 30 05 06 03 2b 65 |.Acme Co0*0...+e| +000000c0 70 03 21 00 3f e2 15 2e e6 e3 ef 3f 4e 85 4a 75 |p.!.?......?N.Ju| +000000d0 77 a3 64 9e ed e0 bf 84 2c cc 92 26 8f fa 6f 34 |w.d.....,..&..o4| +000000e0 83 aa ec 8f a3 4d 30 4b 30 0e 06 03 55 1d 0f 01 |.....M0K0...U...| +000000f0 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 |........0...U.%.| +00000100 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 |.0...+.......0..| +00000110 03 55 1d 13 01 01 ff 04 02 30 00 30 16 06 03 55 |.U.......0.0...U| +00000120 1d 11 04 0f 30 0d 82 0b 65 78 61 6d 70 6c 65 2e |....0...example.| +00000130 63 6f 6d 30 05 06 03 2b 65 70 03 41 00 63 44 ed |com0...+ep.A.cD.| +00000140 9c c4 be 53 24 53 9f d2 10 8d 9f e8 21 08 90 95 |...S$S......!...| +00000150 39 e5 0d c1 55 ff 2c 16 b7 1d fc ab 7d 4d d4 e0 |9...U.,.....}M..| +00000160 93 13 d0 a9 42 e0 b6 6b fe 5d 67 48 d7 9f 50 bc |....B..k.]gH..P.| +00000170 6c cd 4b 03 83 7c f2 08 58 cd ac cf 0c 16 03 03 |l.K..|..X.......| +00000180 00 6c 0c 00 00 68 03 00 1d 20 2f e5 7d a3 47 cd |.l...h... /.}.G.| +00000190 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +000001a0 cf c2 ed 90 99 5f 58 cb 3b 74 08 07 00 40 1f 56 |....._X.;t...@.V| +000001b0 21 8a 44 04 69 65 ee f8 93 52 4c f0 49 42 57 4c |!.D.ie...RL.IBWL| +000001c0 5b f5 1a ef 43 ad 39 93 03 a3 64 84 da e5 82 32 |[...C.9...d....2| +000001d0 fc 77 12 61 f3 f4 2c d8 61 9e 86 01 1f c0 a0 98 |.w.a..,.a.......| +000001e0 94 a3 7f 15 75 c8 e6 2f 20 bd af 7c be 0e 16 03 |....u../ ..|....| +000001f0 03 00 04 0e 00 00 00 |.......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 26 b0 6c 90 e7 71 |....%...! &.l..q| +00000010 23 78 4b a1 a1 32 7c 28 e9 df 7e 98 e9 78 be 8d |#xK..2|(..~..x..| +00000020 0d ec fc 30 82 99 16 f0 9f 20 14 03 03 00 01 01 |...0..... ......| +00000030 16 03 03 00 20 e9 81 b0 ea b3 f3 21 40 9a 3b 3e |.... ......!@.;>| +00000040 71 a7 13 f5 3a 8a cd 86 34 8b 7e 41 b5 2a 1b 03 |q...:...4.~A.*..| +00000050 29 77 b3 b2 da |)w...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 54 5a ff 09 7d |.......... TZ..}| +00000010 46 04 40 62 c5 63 71 85 c7 b4 6c 09 ee 15 71 6b |F.@b.cq...l...qk| +00000020 60 3b 00 3d 46 47 13 a5 f7 15 16 17 03 03 00 1d |`;.=FG..........| +00000030 13 8d 00 50 58 d0 2a 47 a8 d8 de 87 d4 3e ff ee |...PX.*G.....>..| +00000040 f1 4d 6b 25 94 6f 01 7b 70 ee 53 d9 be 15 03 03 |.Mk%.o.{p.S.....| +00000050 00 12 13 ea 17 69 00 0e 2b ae 21 a9 5e 0a 41 2d |.....i..+.!.^.A-| +00000060 1b 73 f0 2d |.s.-| diff --git a/tls/testdata/Server-TLSv12-ExportKeyingMaterial b/tls/testdata/Server-TLSv12-ExportKeyingMaterial new file mode 100644 index 00000000..e01c32c4 --- /dev/null +++ b/tls/testdata/Server-TLSv12-ExportKeyingMaterial @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 89 01 00 00 85 03 03 9a d9 fe da 40 |...............@| +00000010 cf 8b ed 11 09 8e 3f 29 4b 0d 46 ff fc f6 56 2c |......?)K.F...V,| +00000020 a8 e7 16 84 8a a4 e9 44 89 97 0b 00 00 04 cc a8 |.......D........| +00000030 00 ff 01 00 00 58 00 0b 00 04 03 00 01 02 00 0a |.....X..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000050 00 00 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000060 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000070 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +00000080 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 3b 02 00 00 37 03 03 00 00 00 00 00 |....;...7.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a8 00 00 |...DOWNGRD......| +00000030 0f 00 23 00 00 ff 01 00 01 00 00 0b 00 02 01 00 |..#.............| +00000040 16 03 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 |....Y...U..R..O0| +00000050 82 02 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 |..K0............| +00000060 f0 9d 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 |..?.[..0...*.H..| +00000070 0d 01 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 |......0.1.0...U.| +00000080 0a 13 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 |...Go1.0...U....| +00000090 47 6f 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 |Go Root0...16010| +000000a0 31 30 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 |1000000Z..250101| +000000b0 30 30 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 |000000Z0.1.0...U| +000000c0 04 0a 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 |....Go1.0...U...| +000000d0 02 47 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d |.Go0..0...*.H...| +000000e0 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 |.........0......| +000000f0 db 46 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 |.F}...'.H..(!.~.| +00000100 b6 a2 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 |..]..RE.z6G....B| +00000110 5b c2 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 |[.....y.@.Om..+.| +00000120 8b c2 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 |....g....."8.J.t| +00000130 73 2b c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c |s+.4......t{.X.l| +00000140 61 3c c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd |a<..A..++$#w[.;.| +00000150 75 5d ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a |u]. T..c...$....| +00000160 50 8b aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 |P....C...ub...R.| +00000170 02 03 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 |........0..0...U| +00000180 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 |...........0...U| +00000190 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +000001a0 06 08 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d |..+.......0...U.| +000001b0 13 01 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 |......0.0...U...| +000001c0 12 04 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 |.......CC>I..m..| +000001d0 d7 9f 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 |..`0...U.#..0...| +000001e0 48 13 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b |H.IM.~.1......n{| +000001f0 30 19 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 |0...U....0...exa| +00000200 6d 70 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a |mple.golang0...*| +00000210 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 |.H.............0| +00000220 cc 40 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 |.@+[P.a...SX...(| +00000230 a9 58 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 |.X..8....1Z..f=C| +00000240 d3 2d d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc |.-...... d8.$:..| +00000250 cf 9c 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd |..}.@ ._...a..v.| +00000260 13 c3 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb |.....\.....l..s.| +00000270 b3 43 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 |.Cw.......@.a.Lr| +00000280 2b 9d ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 |+...F..M...>...B| +00000290 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 |...=.`.\!.;.....| +000002a0 03 00 ac 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 |.......... /.}.G| +000002b0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....| +000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 08 04 00 80 89 |......_X.;t.....| +000002d0 f8 62 c5 1a ba 78 74 da 6f 96 76 00 0f 6b a9 fb |.b...xt.o.v..k..| +000002e0 83 d4 52 c0 80 0b 81 02 e3 b0 07 c2 9d ff b4 cc |..R.............| +000002f0 ea 2e c7 82 91 35 74 ef 1e 9a ba 78 3e 60 6c 86 |.....5t....x>`l.| +00000300 1d b0 14 52 84 84 70 ce 66 22 31 66 e2 53 04 bd |...R..p.f"1f.S..| +00000310 4d 2b 5e 86 8b 79 dc 17 7a 4f bc 62 5a 21 a1 f6 |M+^..y..zO.bZ!..| +00000320 46 1a 12 aa 7a 98 25 02 97 a8 9c 71 a4 4a 5b 28 |F...z.%....q.J[(| +00000330 c8 11 6a 5f f1 b3 13 a7 f2 26 12 59 02 fa 28 e2 |..j_.....&.Y..(.| +00000340 ba 8c c0 cd 50 c6 60 db 69 9a a1 92 12 26 23 16 |....P.`.i....&#.| +00000350 03 03 00 04 0e 00 00 00 |........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 ba 1b c8 ae 22 78 |....%...! ...."x| +00000010 84 ba d8 1c b3 87 52 f0 bf 13 76 2b a5 47 37 13 |......R...v+.G7.| +00000020 30 89 01 13 1a cb 63 ea b3 37 14 03 03 00 01 01 |0.....c..7......| +00000030 16 03 03 00 20 ac d7 79 45 e6 65 1d 20 1a 95 5e |.... ..yE.e. ..^| +00000040 68 f7 0f ee 8c 3f 3d 0b bc 58 31 aa 46 d7 e3 00 |h....?=..X1.F...| +00000050 7b 10 8c 01 5d |{...]| +>>> Flow 4 (server to client) +00000000 16 03 03 00 8b 04 00 00 87 00 00 00 00 00 81 50 |...............P| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f e0 18 83 51 ed 14 ef 68 ca 42 c5 4c f8 79 c6 |o...Q...h.B.L.y.| +00000040 80 85 74 9c 35 6f 4e 9d 60 0b a2 28 b0 45 b6 f6 |..t.5oN.`..(.E..| +00000050 71 a3 f6 a6 95 71 cd 1e 53 e9 58 9f 94 18 ac d6 |q....q..S.X.....| +00000060 6b 03 ba ac b4 4f c2 02 cc 1c 5b 88 84 49 38 16 |k....O....[..I8.| +00000070 d9 5e b8 11 ab c6 f8 a7 9d 5d 58 99 b1 b6 8a be |.^.......]X.....| +00000080 4e 9e 40 3d 00 22 11 25 c7 51 8e cb d2 10 d4 7d |N.@=.".%.Q.....}| +00000090 14 03 03 00 01 01 16 03 03 00 20 ff 4b 1e 87 3e |.......... .K..>| +000000a0 05 5c b4 3e e4 b9 5c 47 f0 a2 0b 67 47 89 c6 48 |.\.>..\G...gG..H| +000000b0 d5 e3 73 d2 00 44 56 e4 8d b6 fb 17 03 03 00 1d |..s..DV.........| +000000c0 58 28 94 02 c2 a9 99 3d b6 0b de 9c fd 52 61 bf |X(.....=.....Ra.| +000000d0 55 c0 12 7f be a8 52 98 d7 99 a5 d0 60 15 03 03 |U.....R.....`...| +000000e0 00 12 26 44 ad f0 a7 56 e5 23 6f 1b 7a 7e f8 e4 |..&D...V.#o.z~..| +000000f0 42 49 5d 1d |BI].| diff --git a/tls/testdata/Server-TLSv12-IssueTicket b/tls/testdata/Server-TLSv12-IssueTicket index e3e62f22..f70c7599 100644 --- a/tls/testdata/Server-TLSv12-IssueTicket +++ b/tls/testdata/Server-TLSv12-IssueTicket @@ -1,87 +1,91 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 60 01 00 00 5c 03 03 52 cc 57 59 7e |....`...\..R.WY~| -00000010 43 5c 3b fd 50 ab 61 3f 64 a4 f9 bd ba 8c 28 e1 |C\;.P.a?d.....(.| -00000020 f9 a1 45 7e 48 9e 62 af 25 de 0e 00 00 04 00 05 |..E~H.b.%.......| -00000030 00 ff 01 00 00 2f 00 23 00 00 00 0d 00 22 00 20 |...../.#.....". | -00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| -00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................| -00000060 00 0f 00 01 01 |.....| +00000000 16 03 01 00 71 01 00 00 6d 03 03 3d 21 91 3a 4e |....q...m..=!.:N| +00000010 8e cd 65 eb 0f 1c ae 2a 58 40 4c 38 22 c9 46 2c |..e....*X@L8".F,| +00000020 b8 cd dd 38 ad c6 4b a7 60 a9 56 00 00 04 00 2f |...8..K.`.V..../| +00000030 00 ff 01 00 00 40 00 23 00 00 00 16 00 00 00 17 |.....@.#........| +00000040 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 |.....0..........| +00000050 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 |................| +00000060 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02 02 |................| +00000070 04 02 05 02 06 02 |......| >>> Flow 2 (server to client) 00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 be 0b |..#.............| -00000040 00 02 ba 00 02 b7 00 02 b4 30 82 02 b0 30 82 02 |.........0...0..| -00000050 19 a0 03 02 01 02 02 09 00 85 b0 bb a4 8a 7f b8 |................| -00000060 ca 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 |.0...*.H........| -00000070 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 |0E1.0...U....AU1| -00000080 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 |.0...U....Some-S| -00000090 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 |tate1!0...U....I| -000000a0 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 |nternet Widgits | -000000b0 50 74 79 20 4c 74 64 30 1e 17 0d 31 30 30 34 32 |Pty Ltd0...10042| -000000c0 34 30 39 30 39 33 38 5a 17 0d 31 31 30 34 32 34 |4090938Z..110424| -000000d0 30 39 30 39 33 38 5a 30 45 31 0b 30 09 06 03 55 |090938Z0E1.0...U| -000000e0 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 |....AU1.0...U...| -000000f0 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 |.Some-State1!0..| -00000100 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 |.U....Internet W| -00000110 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 30 81 |idgits Pty Ltd0.| -00000120 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| -00000130 03 81 8d 00 30 81 89 02 81 81 00 bb 79 d6 f5 17 |....0.......y...| -00000140 b5 e5 bf 46 10 d0 dc 69 be e6 2b 07 43 5a d0 03 |...F...i..+.CZ..| -00000150 2d 8a 7a 43 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 |-.zC...R..eL,x.#| -00000160 8c b5 b4 82 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 |........;~b.,.3.| -00000170 fe 12 5c 7a 56 fc f5 06 bf fa 58 7b 26 3f b5 cd |..\zV.....X{&?..| -00000180 04 d3 d0 c9 21 96 4a c7 f4 54 9f 5a bf ef 42 71 |....!.J..T.Z..Bq| -00000190 00 fe 18 99 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e |......~.}}..9...| -000001a0 db 51 c9 7c e3 c0 4c 3b 32 66 01 cf af b1 1d b8 |.Q.|..L;2f......| -000001b0 71 9a 1d db db 89 6b ae da 2d 79 02 03 01 00 01 |q.....k..-y.....| -000001c0 a3 81 a7 30 81 a4 30 1d 06 03 55 1d 0e 04 16 04 |...0..0...U.....| -000001d0 14 b1 ad e2 85 5a cf cb 28 db 69 ce 23 69 de d3 |.....Z..(.i.#i..| -000001e0 26 8e 18 88 39 30 75 06 03 55 1d 23 04 6e 30 6c |&...90u..U.#.n0l| -000001f0 80 14 b1 ad e2 85 5a cf cb 28 db 69 ce 23 69 de |......Z..(.i.#i.| -00000200 d3 26 8e 18 88 39 a1 49 a4 47 30 45 31 0b 30 09 |.&...9.I.G0E1.0.| -00000210 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| -00000220 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| -00000230 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| -00000240 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| -00000250 64 82 09 00 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 |d...........0...| -00000260 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 |U....0....0...*.| -00000270 48 86 f7 0d 01 01 05 05 00 03 81 81 00 08 6c 45 |H.............lE| -00000280 24 c7 6b b1 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a |$.k.Y..R.......z| -00000290 64 75 b5 5a 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f |du.Z.f..+...f..O| -000002a0 38 b3 6e 60 d3 92 fd f7 41 08 b5 25 13 b1 18 7a |8.n`....A..%...z| -000002b0 24 fb 30 1d ba ed 98 b9 17 ec e7 d7 31 59 db 95 |$.0.........1Y..| -000002c0 d3 1d 78 ea 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 |..x.PV\..Z-Z_3..| -000002d0 d8 c9 75 90 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f |..u....R...... _| -000002e0 f2 a0 1c a3 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d |..........W.p.&m| -000002f0 71 99 9b 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 |q..&n8P)l.......| -00000300 00 04 0e 00 00 00 |......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.| +00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..| +00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.| +00000060 a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........| +00000070 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 |0.1.0...U....Go1| +00000080 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f 6f |.0...U....Go Roo| +00000090 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 30 |t0...16010100000| +000000a0 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 30 |0Z..250101000000| +000000b0 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |Z0.1.0...U....Go| +000000c0 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 9f |1.0...U....Go0..| +000000d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 |0...*.H.........| +000000e0 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e 12 |...0.......F}...| +000000f0 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 |'.H..(!.~...]..R| +00000100 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 |E.z6G....B[.....| +00000110 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 |y.@.Om..+.....g.| +00000120 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 |...."8.J.ts+.4..| +00000130 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 |....t{.X.la<..A.| +00000140 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf |.++$#w[.;.u]. T.| +00000150 a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 |.c...$....P....C| +00000160 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 |...ub...R.......| +00000170 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 |..0..0...U......| +00000180 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 |.....0...U.%..0.| +00000190 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 |..+.........+...| +000001a0 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 |....0...U.......| +000001b0 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 |0.0...U.........| +000001c0 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 |.CC>I..m....`0..| +000001d0 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 7e |.U.#..0...H.IM.~| +000001e0 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d |.1......n{0...U.| +000001f0 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 |...0...example.g| +00000200 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 |olang0...*.H....| +00000210 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 |.........0.@+[P.| +00000220 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 |a...SX...(.X..8.| +00000230 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 |...1Z..f=C.-....| +00000240 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 |.. d8.$:....}.@ | +00000250 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c |._...a..v......\| +00000260 ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c |.....l..s..Cw...| +00000270 f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 |....@.a.Lr+...F.| +00000280 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 |.M...>...B...=.`| +00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........| +000002a0 00 |.| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 6e 2e 79 82 3a |...........n.y.:| -00000010 c4 68 72 f5 a2 42 3d 71 f9 ec 22 8c 0b fa f0 82 |.hr..B=q..".....| -00000020 82 c0 cb fc 52 0a 51 03 04 8c eb 4a 4e 4f b6 49 |....R.Q....JNO.I| -00000030 ef 94 65 21 3c f7 9d 46 85 6e 35 d5 17 6b ff a3 |..e!<..F.n5..k..| -00000040 5e 4d c1 36 1a 2f 68 f5 06 d4 2d 73 4f 1c 3b 7b |^M.6./h...-sO.;{| -00000050 c1 fa 4e 7e 7c f9 6c 13 a6 f4 3a 43 e9 aa be 22 |..N~|.l...:C..."| -00000060 85 6f 2f 7c 5b b0 08 e2 86 b2 ae cb a9 12 d8 32 |.o/|[..........2| -00000070 80 1d e4 2e 5d c3 66 d1 19 e5 89 33 2a 88 24 40 |....].f....3*.$@| -00000080 2a 6d 6b b5 f1 92 4b 66 06 b8 49 14 03 03 00 01 |*mk...Kf..I.....| -00000090 01 16 03 03 00 24 16 49 e2 a0 67 31 cf 0d 72 cb |.....$.I..g1..r.| -000000a0 ac 16 2c 80 37 71 69 f7 5f c4 d3 00 19 b7 4b fb |..,.7qi._.....K.| -000000b0 e5 e9 74 8e 30 b3 1c c5 ae e6 |..t.0.....| +00000000 16 03 03 00 86 10 00 00 82 00 80 1d 1a 1a b8 f4 |................| +00000010 05 77 7a 96 2b 5f 50 7f 1e 69 14 be 40 ad 0c c9 |.wz.+_P..i..@...| +00000020 7e df 2f 1d aa 74 ee b4 a5 05 fa 05 e1 85 a4 87 |~./..t..........| +00000030 59 6a d1 e4 98 ce df e3 a5 82 98 77 c2 c4 fc 2f |Yj.........w.../| +00000040 ec 1d 2e 96 0c 27 12 0d 64 ba 58 90 ff 7d d1 27 |.....'..d.X..}.'| +00000050 9a b9 b5 fb 1d 76 6f 3e af f8 70 a3 cc 53 95 98 |.....vo>..p..S..| +00000060 2c 7e a9 42 25 e5 3a e2 55 3f 19 57 6b 83 43 6a |,~.B%.:.U?.Wk.Cj| +00000070 93 34 2c 6e cb 4e 9d 25 8b 4d 7d d7 cc e1 16 59 |.4,n.N.%.M}....Y| +00000080 2a 95 60 e4 31 0e df 7f cb 9d b7 14 03 03 00 01 |*.`.1...........| +00000090 01 16 03 03 00 40 28 33 df 69 4f 4c 48 b1 fb 8d |.....@(3.iOLH...| +000000a0 3f 3c d2 81 7c 33 cf 21 6a f7 d6 43 82 22 5b de |?<..|3.!j..C."[.| +000000b0 46 7f 7b e2 39 23 bd 39 fa 03 bd 11 9d a8 a2 84 |F.{.9#.9........| +000000c0 4a 90 1a ab e1 b4 23 9f 72 d0 97 9e 05 5c 47 2b |J.....#.r....\G+| +000000d0 7a 53 bb ec a0 07 |zS....| >>> Flow 4 (server to client) -00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e| -00000020 ea 4b d1 ef ba 06 38 1e e1 88 82 3a cd 03 ac 3b |.K....8....:...;| -00000030 39 0a e0 19 fd af 6c 57 30 df 31 6e f7 92 38 4b |9.....lW0.1n..8K| -00000040 5d 77 90 39 ff 32 51 f5 ed 12 d7 b0 7c 4d 6c c5 |]w.9.2Q.....|Ml.| -00000050 76 e4 72 48 3e 59 23 fe 0d 15 df f4 ba ea b9 67 |v.rH>Y#........g| -00000060 16 23 8f 7d 15 b6 11 f1 ab d7 d4 cd a3 21 82 92 |.#.}.........!..| -00000070 2a 12 cf 95 f3 60 b2 14 03 03 00 01 01 16 03 03 |*....`..........| -00000080 00 24 89 ad 87 04 4f 08 dc 2a 71 37 fb f1 95 d1 |.$....O..*q7....| -00000090 2e 3c c2 6e 0f 38 5d e4 0e c3 f7 27 d0 46 a3 c1 |.<.n.8]....'.F..| -000000a0 a8 3b 06 ed 96 ec 17 03 03 00 21 30 d4 9f 0b 49 |.;........!0...I| -000000b0 9f a2 a8 a1 2c 0a 79 93 56 2d 8a ee 85 ed 62 42 |....,.y.V-....bB| -000000c0 8c 18 fe 7a 09 3a 24 c4 5e ed 7d 2a 15 03 03 00 |...z.:$.^.}*....| -000000d0 16 a0 24 0a 8b 90 4c fc 99 ba 67 bb 04 1e 59 69 |..$...L...g...Yi| -000000e0 c2 98 49 b5 00 0b e0 |..I....| +00000000 16 03 03 00 8b 04 00 00 87 00 00 00 00 00 81 50 |...............P| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f 2c 9f 83 51 ed 14 ef 68 ca 42 c5 4c 75 5e a5 |o,..Q...h.B.Lu^.| +00000040 6f d2 49 61 e4 fb 83 46 7c 4c ab f9 c6 d1 3c 9e |o.Ia...F|L....<.| +00000050 5b 8d d8 bc c0 a5 2d 84 db 24 dd a0 16 60 1d 87 |[.....-..$...`..| +00000060 a0 52 88 25 6c c6 8e 5b 71 0f 74 c3 48 49 38 16 |.R.%l..[q.t.HI8.| +00000070 92 8c de 77 bd 8a 2b 45 4d 58 86 40 b1 d6 0f 99 |...w..+EMX.@....| +00000080 de 27 41 b2 41 27 aa fe 26 e9 24 91 2a 00 ff 08 |.'A.A'..&.$.*...| +00000090 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +000000a0 00 00 00 00 00 00 00 00 00 00 00 fc cd 6b 01 90 |.............k..| +000000b0 7b 0c 31 54 a0 3a 8b f7 ba 45 e7 e0 df 9a 59 6d |{.1T.:...E....Ym| +000000c0 83 b6 b2 c8 93 d8 d9 b6 fe 19 56 51 75 a3 ea 0e |..........VQu...| +000000d0 f4 4b 64 27 66 fc 19 7b 7e 13 e7 17 03 03 00 40 |.Kd'f..{~......@| +000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +000000f0 c2 1b 6f f1 1e 05 1b 8a 19 16 67 00 0f dc a8 a2 |..o.......g.....| +00000100 00 56 49 0a bb c5 df 7e 96 0c 5c db a0 f4 3e b4 |.VI....~..\...>.| +00000110 30 3e b6 f0 16 dd d4 ed c9 de 64 49 00 9b 51 dc |0>........dI..Q.| +00000120 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000130 00 00 00 00 00 e1 9d 08 1a 2e 9a 0f 84 6d 4e e5 |.............mN.| +00000140 2c 50 b9 28 5d 88 ea bb 48 4d af 26 7f 82 0b 56 |,P.(]...HM.&...V| +00000150 c5 87 71 2a e7 |..q*.| diff --git a/tls/testdata/Server-TLSv12-IssueTicketPreDisable b/tls/testdata/Server-TLSv12-IssueTicketPreDisable index 30f00268..8cb57f5e 100644 --- a/tls/testdata/Server-TLSv12-IssueTicketPreDisable +++ b/tls/testdata/Server-TLSv12-IssueTicketPreDisable @@ -1,87 +1,91 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 60 01 00 00 5c 03 03 54 23 54 02 17 |....`...\..T#T..| -00000010 f3 53 13 3d 48 88 c3 19 b9 d1 3d 33 7f f5 99 56 |.S.=H.....=3...V| -00000020 04 71 1b d9 d5 64 8a 0d 4a 54 00 00 00 04 00 05 |.q...d..JT......| -00000030 00 ff 01 00 00 2f 00 23 00 00 00 0d 00 22 00 20 |...../.#.....". | -00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| -00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................| -00000060 00 0f 00 01 01 |.....| +00000000 16 03 01 00 71 01 00 00 6d 03 03 e1 40 35 c8 5c |....q...m...@5.\| +00000010 71 63 3f 5a 00 42 e6 3e 64 62 b8 c4 e7 e7 ba 98 |qc?Z.B.>db......| +00000020 d8 fa 2c b5 65 f7 50 db 43 d9 70 00 00 04 00 2f |..,.e.P.C.p..../| +00000030 00 ff 01 00 00 40 00 23 00 00 00 16 00 00 00 17 |.....@.#........| +00000040 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 |.....0..........| +00000050 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 |................| +00000060 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02 02 |................| +00000070 04 02 05 02 06 02 |......| >>> Flow 2 (server to client) 00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 be 0b |..#.............| -00000040 00 02 ba 00 02 b7 00 02 b4 30 82 02 b0 30 82 02 |.........0...0..| -00000050 19 a0 03 02 01 02 02 09 00 85 b0 bb a4 8a 7f b8 |................| -00000060 ca 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 |.0...*.H........| -00000070 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 |0E1.0...U....AU1| -00000080 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 |.0...U....Some-S| -00000090 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18 49 |tate1!0...U....I| -000000a0 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73 20 |nternet Widgits | -000000b0 50 74 79 20 4c 74 64 30 1e 17 0d 31 30 30 34 32 |Pty Ltd0...10042| -000000c0 34 30 39 30 39 33 38 5a 17 0d 31 31 30 34 32 34 |4090938Z..110424| -000000d0 30 39 30 39 33 38 5a 30 45 31 0b 30 09 06 03 55 |090938Z0E1.0...U| -000000e0 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 |....AU1.0...U...| -000000f0 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 |.Some-State1!0..| -00000100 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 |.U....Internet W| -00000110 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 30 81 |idgits Pty Ltd0.| -00000120 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| -00000130 03 81 8d 00 30 81 89 02 81 81 00 bb 79 d6 f5 17 |....0.......y...| -00000140 b5 e5 bf 46 10 d0 dc 69 be e6 2b 07 43 5a d0 03 |...F...i..+.CZ..| -00000150 2d 8a 7a 43 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 |-.zC...R..eL,x.#| -00000160 8c b5 b4 82 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 |........;~b.,.3.| -00000170 fe 12 5c 7a 56 fc f5 06 bf fa 58 7b 26 3f b5 cd |..\zV.....X{&?..| -00000180 04 d3 d0 c9 21 96 4a c7 f4 54 9f 5a bf ef 42 71 |....!.J..T.Z..Bq| -00000190 00 fe 18 99 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e |......~.}}..9...| -000001a0 db 51 c9 7c e3 c0 4c 3b 32 66 01 cf af b1 1d b8 |.Q.|..L;2f......| -000001b0 71 9a 1d db db 89 6b ae da 2d 79 02 03 01 00 01 |q.....k..-y.....| -000001c0 a3 81 a7 30 81 a4 30 1d 06 03 55 1d 0e 04 16 04 |...0..0...U.....| -000001d0 14 b1 ad e2 85 5a cf cb 28 db 69 ce 23 69 de d3 |.....Z..(.i.#i..| -000001e0 26 8e 18 88 39 30 75 06 03 55 1d 23 04 6e 30 6c |&...90u..U.#.n0l| -000001f0 80 14 b1 ad e2 85 5a cf cb 28 db 69 ce 23 69 de |......Z..(.i.#i.| -00000200 d3 26 8e 18 88 39 a1 49 a4 47 30 45 31 0b 30 09 |.&...9.I.G0E1.0.| -00000210 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| -00000220 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| -00000230 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| -00000240 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| -00000250 64 82 09 00 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 |d...........0...| -00000260 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 |U....0....0...*.| -00000270 48 86 f7 0d 01 01 05 05 00 03 81 81 00 08 6c 45 |H.............lE| -00000280 24 c7 6b b1 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a |$.k.Y..R.......z| -00000290 64 75 b5 5a 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f |du.Z.f..+...f..O| -000002a0 38 b3 6e 60 d3 92 fd f7 41 08 b5 25 13 b1 18 7a |8.n`....A..%...z| -000002b0 24 fb 30 1d ba ed 98 b9 17 ec e7 d7 31 59 db 95 |$.0.........1Y..| -000002c0 d3 1d 78 ea 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 |..x.PV\..Z-Z_3..| -000002d0 d8 c9 75 90 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f |..u....R...... _| -000002e0 f2 a0 1c a3 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d |..........W.p.&m| -000002f0 71 99 9b 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 |q..&n8P)l.......| -00000300 00 04 0e 00 00 00 |......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.| +00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..| +00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.| +00000060 a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........| +00000070 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 |0.1.0...U....Go1| +00000080 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f 6f |.0...U....Go Roo| +00000090 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 30 |t0...16010100000| +000000a0 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 30 |0Z..250101000000| +000000b0 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |Z0.1.0...U....Go| +000000c0 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 9f |1.0...U....Go0..| +000000d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 |0...*.H.........| +000000e0 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e 12 |...0.......F}...| +000000f0 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 |'.H..(!.~...]..R| +00000100 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 |E.z6G....B[.....| +00000110 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 |y.@.Om..+.....g.| +00000120 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 |...."8.J.ts+.4..| +00000130 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 |....t{.X.la<..A.| +00000140 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf |.++$#w[.;.u]. T.| +00000150 a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 |.c...$....P....C| +00000160 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 |...ub...R.......| +00000170 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 |..0..0...U......| +00000180 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 |.....0...U.%..0.| +00000190 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 |..+.........+...| +000001a0 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 |....0...U.......| +000001b0 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 |0.0...U.........| +000001c0 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 |.CC>I..m....`0..| +000001d0 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 7e |.U.#..0...H.IM.~| +000001e0 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d |.1......n{0...U.| +000001f0 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 |...0...example.g| +00000200 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 |olang0...*.H....| +00000210 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 |.........0.@+[P.| +00000220 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 |a...SX...(.X..8.| +00000230 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 |...1Z..f=C.-....| +00000240 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 |.. d8.$:....}.@ | +00000250 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c |._...a..v......\| +00000260 ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c |.....l..s..Cw...| +00000270 f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 |....@.a.Lr+...F.| +00000280 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 |.M...>...B...=.`| +00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........| +000002a0 00 |.| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 27 e9 a4 f7 e7 |...........'....| -00000010 df 25 de 84 8c 1f d6 e6 c3 11 28 55 9a c1 91 37 |.%........(U...7| -00000020 84 f5 ba f8 80 0d ca 50 cb 1e 72 f7 97 6f c2 b2 |.......P..r..o..| -00000030 04 4d 13 7c e0 6e a0 1f 91 e1 38 1b a2 c0 55 16 |.M.|.n....8...U.| -00000040 7f 29 fc ed 1c 1a cf 72 14 c3 00 c1 dd 36 36 af |.).....r.....66.| -00000050 a6 e4 a8 be ba ec 13 d0 1e d0 1d fd e1 5b 27 fd |.............['.| -00000060 9a da 2e 12 c8 b0 b9 c2 b9 76 ec 7f 3c 98 b6 63 |.........v..<..c| -00000070 bc da f0 07 7a 3d e7 61 f4 2f 12 80 3b f9 3b cc |....z=.a./..;.;.| -00000080 05 c8 2f 7e 28 b2 73 bf 97 61 29 14 03 03 00 01 |../~(.s..a).....| -00000090 01 16 03 03 00 24 17 59 a9 45 53 46 33 96 50 dd |.....$.Y.ESF3.P.| -000000a0 3e 23 aa 91 38 f8 56 4a 2f 1a f2 b1 44 9b ce 17 |>#..8.VJ/...D...| -000000b0 6b 8a 89 76 bc 67 b8 8b ba 90 |k..v.g....| +00000000 16 03 03 00 86 10 00 00 82 00 80 4f ce 06 88 66 |...........O...f| +00000010 dd e1 0a 55 ef fb 1b 9e 70 62 8b 3b 0d e4 19 0f |...U....pb.;....| +00000020 4f 16 c9 79 92 9c 4d 16 21 ea 43 d7 58 7f 35 65 |O..y..M.!.C.X.5e| +00000030 a3 15 7a 8d b5 6e 9b f6 73 19 c2 0c 58 be 9d 8a |..z..n..s...X...| +00000040 5a a8 be f3 89 48 64 28 6a 7f be b7 4a 58 93 af |Z....Hd(j...JX..| +00000050 c0 ff 8a ae 01 34 1f cf 7b b0 7a 5e 69 19 43 fa |.....4..{.z^i.C.| +00000060 21 b8 dc ee 0e ab 3b 81 c9 b9 be b9 56 a0 dd 62 |!.....;.....V..b| +00000070 02 45 14 54 4d 05 5a cc 31 68 1f 17 91 a6 0e d7 |.E.TM.Z.1h......| +00000080 5a f3 ae bb 5e 90 1d c3 c9 56 2a 14 03 03 00 01 |Z...^....V*.....| +00000090 01 16 03 03 00 40 a1 34 07 ef 45 42 d2 88 bb 6e |.....@.4..EB...n| +000000a0 7f 3a 2a 39 67 3f 90 76 95 b7 cc 86 b6 1a 6c c6 |.:*9g?.v......l.| +000000b0 da 8f 26 f3 34 6c 1f 6f 05 11 39 40 00 46 00 be |..&.4l.o..9@.F..| +000000c0 8f 3a af 86 d6 6d 5d 00 f3 5d 22 1c 31 2c 24 ee |.:...m]..]".1,$.| +000000d0 e5 11 ba 94 5f b1 |...._.| >>> Flow 4 (server to client) -00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.| -00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e| -00000020 ea 4b d1 ef ba 2d db 0c ba 9a d4 20 76 57 c8 ec |.K...-..... vW..| -00000030 dc 2d 77 fb fb 3b 93 5f 53 e0 14 4f 90 fb d6 55 |.-w..;._S..O...U| -00000040 57 8c 8d 0d 25 ea 5d 0d f2 91 e5 12 22 12 ec 7b |W...%.]....."..{| -00000050 5f b6 6e fd 07 59 23 24 fc b1 97 ca ea 56 a5 c2 |_.n..Y#$.....V..| -00000060 a0 e4 9e 99 64 f2 64 d0 75 7a 46 63 e3 dc 21 ed |....d.d.uzFc..!.| -00000070 78 56 e9 e1 ab 66 80 14 03 03 00 01 01 16 03 03 |xV...f..........| -00000080 00 24 fc 14 68 07 17 1f df b7 84 cb fd c1 e0 e4 |.$..h...........| -00000090 f2 1a ea 34 b5 00 7f 70 be c8 1c 0a d6 55 e3 57 |...4...p.....U.W| -000000a0 50 4e 6d 7d 8a 5d 17 03 03 00 21 24 27 50 40 c1 |PNm}.]....!$'P@.| -000000b0 c5 bd c7 9f 95 d9 ba 2e 7b 0e db ea a7 31 81 05 |........{....1..| -000000c0 75 43 b1 63 cf b8 55 92 ef 76 98 a9 15 03 03 00 |uC.c..U..v......| -000000d0 16 d7 ea 3c 79 e7 a6 2f 61 39 ec 4e 95 86 48 5e |....| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f 2c 9f 83 51 ed 14 ef 68 ca 42 c5 4c 20 33 6c |o,..Q...h.B.L 3l| +00000040 01 97 a5 69 44 bf 8f ea db 83 05 fb ef cc 51 1f |...iD.........Q.| +00000050 0b 4d 44 77 89 11 cf c8 38 16 67 ea a2 3e 8b 2a |.MDw....8.g..>.*| +00000060 18 f2 f7 25 ce e0 d8 4c 93 31 b0 59 23 49 38 16 |...%...L.1.Y#I8.| +00000070 3a f9 63 9e 61 21 1b ab 67 09 6a 23 07 8e d0 4a |:.c.a!..g.j#...J| +00000080 19 78 9c 1e 60 40 a7 83 c5 9a 48 41 35 c4 e9 63 |.x..`@....HA5..c| +00000090 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +000000a0 00 00 00 00 00 00 00 00 00 00 00 b8 46 07 9e 14 |............F...| +000000b0 85 ba 6d e0 f1 f5 99 43 80 9a 54 6b 33 1e 4f c1 |..m....C..Tk3.O.| +000000c0 88 b7 3d 60 04 d4 e9 b0 b2 6d c4 1a ca 3b 9f 83 |..=`.....m...;..| +000000d0 28 5f ea b2 54 e4 11 78 69 de 1a 17 03 03 00 40 |(_..T..xi......@| +000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +000000f0 55 34 ad ae 9b 37 df cd 88 ae fc 6a ac c5 cf 16 |U4...7.....j....| +00000100 ec f1 bc 22 1e d2 c1 52 5e a2 e7 d2 6e 37 7a 29 |..."...R^...n7z)| +00000110 c8 b9 d4 7d 81 63 1a f0 53 d9 10 fd 4f 3d 1c dd |...}.c..S...O=..| +00000120 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000130 00 00 00 00 00 8f f2 11 0d 93 99 83 29 d4 10 a4 |............)...| +00000140 7c bb 26 7b 24 f1 15 3a 9b 81 0e cb 0a 51 4b 39 ||.&{$..:.....QK9| +00000150 69 1d e5 38 5e |i..8^| diff --git a/tls/testdata/Server-TLSv12-P256 b/tls/testdata/Server-TLSv12-P256 new file mode 100644 index 00000000..58b9bedc --- /dev/null +++ b/tls/testdata/Server-TLSv12-P256 @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 8f 01 00 00 8b 03 03 49 de 51 77 8e |...........I.Qw.| +00000010 58 03 e9 25 0b 9a 88 ef 35 2d 35 a8 30 29 22 61 |X..%....5-5.0)"a| +00000020 ae b4 af 8a a1 2c 45 59 40 5f aa 00 00 04 c0 2f |.....,EY@_...../| +00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 04 00 02 00 17 00 16 00 00 00 17 00 00 |................| +00000060 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............| +00000070 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +00000080 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................| +00000090 05 02 06 02 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 cd 0c |.`.\!.;.........| +000002a0 00 00 c9 03 00 17 41 04 1e 18 37 ef 0d 19 51 88 |......A...7...Q.| +000002b0 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ | +000002c0 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....| +000002d0 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h| +000002e0 1a 41 03 56 6b dc 5a 89 08 04 00 80 7b bd 89 a1 |.A.Vk.Z.....{...| +000002f0 d8 9d cf e4 75 ac 15 60 a9 49 0c c7 68 61 4e e4 |....u..`.I..haN.| +00000300 2b 51 37 5a 65 38 a4 52 6a d0 4f 8b 76 93 a4 7c |+Q7Ze8.Rj.O.v..|| +00000310 ac 30 6b 89 f1 c7 88 8f f3 5c c7 e9 d6 7c 33 94 |.0k......\...|3.| +00000320 f7 fc f8 69 35 f3 f7 e0 ea fc 51 5c b2 e2 dc 9e |...i5.....Q\....| +00000330 57 03 af e6 19 0d 0d e4 25 b6 52 19 12 ad 35 fc |W.......%.R...5.| +00000340 7f c3 6a 1f ed 06 82 34 81 13 d7 c1 67 a9 18 88 |..j....4....g...| +00000350 2f bb 00 54 5d d9 01 16 29 dd 03 3c 69 f7 46 52 |/..T]...)..>> Flow 3 (client to server) +00000000 16 03 03 00 46 10 00 00 42 41 04 a6 c3 8d d1 32 |....F...BA.....2| +00000010 8e b4 ac 27 75 4a 57 26 7f 6a 52 a7 82 ee c2 b1 |...'uJW&.jR.....| +00000020 a3 68 0a 8d 09 ff 82 61 57 f3 32 5e ec 1a 2f 20 |.h.....aW.2^../ | +00000030 8c c1 d4 cf 27 7b f0 1d f9 5d f6 24 80 6a 45 d2 |....'{...].$.jE.| +00000040 97 cf f1 5d a2 e3 b0 15 7d e6 a4 14 03 03 00 01 |...]....}.......| +00000050 01 16 03 03 00 28 21 36 fe 82 d2 4a b4 da f8 14 |.....(!6...J....| +00000060 d6 d6 8c be 56 1f ca 82 7f 20 bb 01 be fb 2a 0d |....V.... ....*.| +00000070 a8 31 ee 79 f7 8a 8b 4a 1b a7 66 3a 89 67 |.1.y...J..f:.g| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 00 0a 97 89 c3 74 09 63 25 2a fc e1 29 |........t.c%*..)| +00000020 18 b1 bc d6 75 2e 3b 2a fb 90 17 b9 b8 ea e2 c4 |....u.;*........| +00000030 29 94 16 17 03 03 00 25 00 00 00 00 00 00 00 01 |)......%........| +00000040 8c 30 76 b7 fd b1 96 0b 2a 8f f3 e1 b3 38 16 15 |.0v.....*....8..| +00000050 10 3d 32 ee 29 b5 12 cb cb cf 98 a3 c5 15 03 03 |.=2.)...........| +00000060 00 1a 00 00 00 00 00 00 00 02 9e 4a 55 8e 91 ff |...........JU...| +00000070 13 0b 56 be 3c 5d b8 26 42 f1 c8 28 |..V.<].&B..(| diff --git a/tls/testdata/Server-TLSv12-RSA-3DES b/tls/testdata/Server-TLSv12-RSA-3DES index 5995b331..17a5ad0a 100644 --- a/tls/testdata/Server-TLSv12-RSA-3DES +++ b/tls/testdata/Server-TLSv12-RSA-3DES @@ -1,83 +1,80 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 68 |....\...X..R.WYh| -00000010 11 72 a6 ec 6b 0a 47 1d 10 06 ec 75 af 07 38 a0 |.r..k.G....u..8.| -00000020 30 9e 91 12 e1 9b 19 46 0d d4 45 00 00 04 00 0a |0......F..E.....| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 97 01 00 00 93 03 03 e2 8f 43 82 4c |.............C.L| +00000010 13 33 88 d2 53 5d b6 02 d2 b6 b2 a1 11 f0 30 14 |.3..S]........0.| +00000020 41 1e 8c 79 85 38 75 cd e8 a6 a7 00 00 04 00 0a |A..y.8u.........| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 0a 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 7a c0 73 ec cb |...........z.s..| -00000010 cf c2 a8 86 c0 7e 03 63 57 a1 ce 42 37 6d 78 54 |.....~.cW..B7mxT| -00000020 29 f5 3e cc 57 c7 0d d9 69 e1 52 5c 3b 6b c4 c7 |).>.W...i.R\;k..| -00000030 20 6d 59 ee c0 07 81 74 74 9f 62 41 64 f0 4d c8 | mY....tt.bAd.M.| -00000040 9b aa 1a b9 da 56 07 f5 6c 1c 59 8c d3 f9 08 d9 |.....V..l.Y.....| -00000050 08 f4 16 93 5d 9a e5 6f fb 9f ba 3d 3c d6 81 ad |....]..o...=<...| -00000060 02 12 a7 28 b6 81 6a 77 c3 e9 d7 c7 54 d6 77 83 |...(..jw....T.w.| -00000070 77 de 71 fb b3 f3 2d c4 a5 b1 e5 de aa 0e 21 bd |w.q...-.......!.| -00000080 91 a2 dc 7f f7 6f 90 82 54 b1 e7 14 03 03 00 01 |.....o..T.......| -00000090 01 16 03 03 00 30 8f ee bf fb c8 5c 54 f5 29 23 |.....0.....\T.)#| -000000a0 d4 55 f6 98 a1 6e d5 43 e7 81 b2 36 f2 98 d8 1b |.U...n.C...6....| -000000b0 0d 76 cb 14 ba 32 d7 36 30 e6 ab 42 80 95 f6 8a |.v...2.60..B....| -000000c0 60 64 a0 6b 90 81 |`d.k..| +00000000 16 03 03 00 86 10 00 00 82 00 80 57 ce 41 c0 4d |...........W.A.M| +00000010 b1 69 27 6e cb 92 a5 71 52 85 e7 a8 69 b0 31 d1 |.i'n...qR...i.1.| +00000020 0a b0 3d a6 9d ab 04 e8 a2 4c d8 67 95 97 da 63 |..=......L.g...c| +00000030 f7 0b 6e 62 29 5b 8b cf 77 f1 80 a5 1f 67 08 71 |..nb)[..w....g.q| +00000040 50 c3 a9 90 ea b8 11 3d 5d c9 f5 1c 37 fa 67 b1 |P......=]...7.g.| +00000050 64 b0 04 3e c1 0d db 77 fe b9 a0 ea f2 0f 1d af |d..>...w........| +00000060 9a 77 b3 96 4f 3f 3c 52 a7 ed c4 3f 48 ef ff f8 |.w..O?>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 30 00 00 00 00 00 |..........0.....| -00000010 00 00 00 2c 21 52 34 63 ac e3 a3 66 45 00 41 0c |...,!R4c...fE.A.| -00000020 93 5d 6a 74 5a 25 dc 69 1d 76 73 0c f4 42 6a 18 |.]jtZ%.i.vs..Bj.| -00000030 5b 62 23 e7 fe 41 cf d4 9b 86 35 17 03 03 00 30 |[b#..A....5....0| -00000040 00 00 00 00 00 00 00 00 7d 5d ce 43 85 5c 6b 89 |........}].C.\k.| -00000050 c9 a5 0e 22 69 8e b9 4a 77 4c c0 4e cc 79 d9 7e |..."i..JwL.N.y.~| -00000060 a3 c8 d3 db 5c 53 f8 92 4d c4 5a 88 72 58 05 11 |....\S..M.Z.rX..| -00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 1d 63 8b |.... .........c.| -00000080 a7 74 fb 76 1d 47 31 93 1f ec 8c e2 18 8e 21 dd |.t.v.G1.......!.| -00000090 87 97 9f 1c ca |.....| +00000010 00 00 00 0d 0f 3c 6a 28 f0 97 90 1a c3 7e c8 63 |...........su.| +00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 5c 30 63 |.... ........\0c| +00000080 23 55 26 ee 8d 81 9a 2e b4 e7 38 6b 04 e7 42 43 |#U&.......8k..BC| +00000090 50 de 1e 40 2d |P..@-| diff --git a/tls/testdata/Server-TLSv12-RSA-AES b/tls/testdata/Server-TLSv12-RSA-AES index a152a96a..0196e216 100644 --- a/tls/testdata/Server-TLSv12-RSA-AES +++ b/tls/testdata/Server-TLSv12-RSA-AES @@ -1,87 +1,84 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 d0 |....\...X..R.WY.| -00000010 38 05 36 7e e3 1e 93 2a 5a bf dc c2 f8 0a 03 6f |8.6~...*Z......o| -00000020 1a fc 21 74 e5 8b 2a c3 9e 2c 26 00 00 04 00 2f |..!t..*..,&..../| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 97 01 00 00 93 03 03 dd 28 eb 68 4a |............(.hJ| +00000010 8a 71 d2 98 d0 2d 21 c7 e9 19 19 de c8 13 0b 67 |.q...-!........g| +00000020 f4 ff 4c d0 37 f5 72 9f 2d fb b3 00 00 04 00 2f |..L.7.r.-....../| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 4b b4 28 bc 78 |...........K.(.x| -00000010 41 34 f3 49 e8 74 07 74 42 ae 2e 55 9e 9a ce e5 |A4.I.t.tB..U....| -00000020 4a 1b e7 55 c7 64 c4 9c b3 dd 20 d6 f8 8e 67 b3 |J..U.d.... ...g.| -00000030 7a 5c 3b 34 e4 1a f6 bd 65 fc 21 cd 9a de 64 77 |z\;4....e.!...dw| -00000040 09 a5 92 e5 a4 f5 18 7b 23 5b 8b c1 95 23 97 6f |.......{#[...#.o| -00000050 76 55 04 34 22 7d 43 71 db cd eb f8 36 36 44 4b |vU.4"}Cq....66DK| -00000060 ae e3 cc ec 64 88 7b e1 ea d6 ab 49 35 94 a5 04 |....d.{....I5...| -00000070 1e 83 c5 cf 21 bb ca 33 5f d4 bf 1d d3 4d 07 59 |....!..3_....M.Y| -00000080 b4 39 b2 4b 7b 05 43 70 0d ba 7a 14 03 03 00 01 |.9.K{.Cp..z.....| -00000090 01 16 03 03 00 40 74 4b 7d b2 53 49 ea 86 90 c3 |.....@tK}.SI....| -000000a0 64 6b 64 31 1a 2a 3f 1a 37 1e 56 b8 dd 12 6d 56 |dkd1.*?.7.V...mV| -000000b0 2a 61 92 5b 39 e7 e1 be 71 70 4b 9b b3 f0 71 e7 |*a.[9...qpK...q.| -000000c0 47 2e 2e 17 c3 0a 66 9f 69 74 30 2d f0 a0 7f 84 |G.....f.it0-....| -000000d0 25 db c1 81 ee cf |%.....| +00000000 16 03 03 00 86 10 00 00 82 00 80 c0 37 ef f3 d9 |............7...| +00000010 6b 7b 3f c4 9f 46 d2 6b 8f 7f 8d ce 89 cf 8e 2b |k{?..F.k.......+| +00000020 1f 0d 86 f9 90 5a 23 28 6c d3 14 ce 2a 0b f1 0e |.....Z#(l...*...| +00000030 96 1c 11 7d c0 b8 fb 4b 2e cb 07 1c fe b9 e1 62 |...}...K.......b| +00000040 2c 38 1c 46 21 74 23 a9 f2 0b 15 36 ef 88 32 e8 |,8.F!t#....6..2.| +00000050 28 66 8e ab 14 be e9 02 04 9d 92 99 cc 6e 28 d0 |(f...........n(.| +00000060 f9 3d dc 61 7f f7 17 59 ab 1c 86 94 9a 28 7b 46 |.=.a...Y.....({F| +00000070 3c 36 ff d3 26 3c ad 2d 33 ef 99 83 09 a5 a8 2f |<6..&<.-3....../| +00000080 b3 a3 74 7f 49 a3 f1 47 7d 8c 12 14 03 03 00 01 |..t.I..G}.......| +00000090 01 16 03 03 00 40 32 68 cb ea 32 cb f2 7a 0e 4b |.....@2h..2..z.K| +000000a0 63 72 96 93 e8 2d 5b 22 a6 3a 05 9d 60 50 e5 d0 |cr...-[".:..`P..| +000000b0 f3 f8 14 ed 81 fe 17 a0 ee 3f 7b aa ca dc 06 bc |.........?{.....| +000000c0 28 90 73 33 84 0c 92 39 b7 cb da 06 08 05 0b 03 |(.s3...9........| +000000d0 86 be cc 70 0e c2 |...p..| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 f3 4d 5a fc 21 |............MZ.!| -00000020 30 b5 a1 86 9d e2 ea 38 ac 54 57 fa 5a 54 97 b8 |0......8.TW.ZT..| -00000030 bb 4d 64 09 ef ce a1 75 0c 50 8d ff 5c c2 e9 47 |.Md....u.P..\..G| -00000040 95 93 53 c0 bd dc c5 9c e0 59 17 17 03 03 00 40 |..S......Y.....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 10 a0 48 48 86 |.............HH.| +00000020 ac 1f f4 05 4d 12 9d 90 54 26 ec c8 1f 6d e7 d5 |....M...T&...m..| +00000030 0c 92 61 88 2f 43 77 75 0c 08 0f 33 ac c3 d3 b0 |..a./Cwu...3....| +00000040 94 68 e3 3f 9f c9 43 a5 8b ee ed 17 03 03 00 40 |.h.?..C........@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 69 c5 48 6e 45 cf 98 1b 2c 23 40 d1 ab a3 c2 e2 |i.HnE...,#@.....| -00000070 10 7b b1 c8 21 3c f0 eb 96 bd 4f 78 b2 4a 7b 18 |.{..!<....Ox.J{.| -00000080 4c b1 a6 67 bf 06 40 01 d0 8d 91 be 17 d8 0c 71 |L..g..@........q| +00000060 fd 7d d3 d6 3f a5 10 37 a1 93 20 ca c8 8c 9d c3 |.}..?..7.. .....| +00000070 90 df 2f 40 e6 83 af b6 be e4 3d 07 ff 0d 24 97 |../@......=...$.| +00000080 c2 ff af 81 eb b5 91 72 6b 6d 70 8c af 3f 9f 76 |.......rkmp..?.v| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 20 84 80 3d 70 fe ae ee d7 2f e9 |..... ..=p..../.| -000000b0 bf 65 30 bf 0b dd 98 ea bb ba 12 14 98 53 7f d5 |.e0..........S..| -000000c0 56 ce 06 3c d0 |V..<.| +000000a0 00 00 00 00 00 6b 80 aa 88 45 8c 39 a8 4c ca 33 |.....k...E.9.L.3| +000000b0 f2 33 85 a0 74 6a 64 a3 43 17 4c 5c 9b 50 e5 8d |.3..tjd.C.L\.P..| +000000c0 ff 26 03 e1 07 |.&...| diff --git a/tls/testdata/Server-TLSv12-RSA-AES-GCM b/tls/testdata/Server-TLSv12-RSA-AES-GCM index 0ddfe022..fa4b47b5 100644 --- a/tls/testdata/Server-TLSv12-RSA-AES-GCM +++ b/tls/testdata/Server-TLSv12-RSA-AES-GCM @@ -1,93 +1,82 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 9c 01 00 00 98 03 03 53 04 f1 30 73 |...........S..0s| -00000010 a1 ea 8c d2 90 1c c6 d6 0d 3c af 58 21 65 90 25 |.........<.X!e.%| -00000020 5e fa f4 27 22 65 c9 68 90 b9 04 00 00 04 c0 2f |^..'"e.h......./| -00000030 00 ff 01 00 00 6b 00 0b 00 04 03 00 01 02 00 0a |.....k..........| -00000040 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 |.4.2............| -00000050 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 |................| -00000060 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 |................| -00000070 00 0f 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 |.........". ....| -00000080 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000090 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -000000a0 01 |.| +00000000 16 03 01 00 97 01 00 00 93 03 03 8a ca f1 8f ad |................| +00000010 fe 0b a3 e1 b8 08 10 1a 40 57 b6 f7 f7 e3 72 c4 |........@W....r.| +00000020 57 4a 71 f8 30 cd 62 62 c7 0f 2d 00 00 04 c0 2f |WJq.0.bb..-..../| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 cd 0c 00 |n8P)l...........| -00000300 00 c9 03 00 17 41 04 1e 18 37 ef 0d 19 51 88 35 |.....A...7...Q.5| -00000310 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 3e |uq..T[....g..$ >| -00000320 b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f 6c |.V...(^.+-O....l| -00000330 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 1a |K[.V.2B.X..I..h.| -00000340 41 03 56 6b dc 5a 89 04 01 00 80 a2 54 61 84 29 |A.Vk.Z......Ta.)| -00000350 3e 97 4b 97 9a 9f 5c c0 49 6d 86 d2 79 8e 95 a1 |>.K...\.Im..y...| -00000360 0a 5a 36 73 34 bb 05 73 35 47 e1 2b 5d f3 ef 36 |.Z6s4..s5G.+]..6| -00000370 a8 32 e2 7e ef aa 3f 1f b3 64 60 d4 06 2e 98 e3 |.2.~..?..d`.....| -00000380 11 e2 60 3c d6 20 17 63 b2 6f a0 cd 21 01 2b 4e |..`<. .c.o..!.+N| -00000390 b2 a8 55 04 39 37 5c 6c 71 66 4d a3 eb 1b 83 67 |..U.97\lqfM....g| -000003a0 6b 15 a0 56 9a f1 a2 79 92 29 ce 58 3c 10 4d 65 |k..V...y.).X<.Me| -000003b0 1f 22 e3 ea d8 74 aa 01 7e ca f3 89 23 41 4d bd |."...t..~...#AM.| -000003c0 df 77 4e 59 54 97 74 ad 07 ea c0 16 03 03 00 04 |.wNYT.t.........| -000003d0 0e 00 00 00 |....| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 50 0b d9 1c 03 |.._X.;t....P....| +000002d0 6f 08 05 a6 39 cc 9f 7e 3d f1 fb af 8e 0b 9a ef |o...9..~=.......| +000002e0 39 d3 b6 e3 71 9c 5a 37 a1 86 f2 f0 59 01 fc b2 |9...q.Z7....Y...| +000002f0 51 1c 0e 22 42 24 3e c6 db fb a1 39 9d 75 f4 79 |Q.."B$>....9.u.y| +00000300 55 dd e5 99 0b 22 5b ed c7 19 ac db ed d3 ee 23 |U...."[........#| +00000310 b9 37 2b 51 ea 7f 39 4d 8b 0a bc a2 2e f2 ef 9e |.7+Q..9M........| +00000320 a5 8c 99 77 ff d2 fb 46 e4 10 4e a9 b2 a9 ce b6 |...w...F..N.....| +00000330 50 d4 0a 28 a5 3f 0e 2c 60 cd 0f 07 9c 7e 60 c3 |P..(.?.,`....~`.| +00000340 79 a5 cf f3 cd 77 5a 16 8d fc 14 16 03 03 00 04 |y....wZ.........| +00000350 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 46 10 00 00 42 41 04 45 65 ce f7 b9 |....F...BA.Ee...| -00000010 52 e3 fb 13 db 91 f2 65 43 84 57 f5 1a 19 a0 e6 |R......eC.W.....| -00000020 89 2d bb 2c 83 6b 62 f6 6f 1f 26 ae 59 67 bd dc |.-.,.kb.o.&.Yg..| -00000030 c4 9e 0b dc 7d 6e f8 6b 95 8c 61 47 3d cd d1 df |....}n.k..aG=...| -00000040 82 45 30 81 c3 a3 49 5d 85 59 70 14 03 03 00 01 |.E0...I].Yp.....| -00000050 01 16 03 03 00 28 3f aa 85 33 f9 c6 95 a0 56 ff |.....(?..3....V.| -00000060 1c f1 5a ba 6e 41 50 0c ab 92 e1 e2 8e 89 1c f1 |..Z.nAP.........| -00000070 fa 54 1b f1 f5 00 01 12 6d c4 96 78 b6 87 |.T......m..x..| +00000000 16 03 03 00 25 10 00 00 21 20 ef 3b b1 d2 a3 f6 |....%...! .;....| +00000010 be f2 fc 2e b5 ed d3 ec 6a fb 2f 0d 5a 04 98 61 |........j./.Z..a| +00000020 92 26 59 ba 17 26 1b 60 27 2b 14 03 03 00 01 01 |.&Y..&.`'+......| +00000030 16 03 03 00 28 e2 94 22 bb 71 70 c8 a6 63 e5 6f |....(..".qp..c.o| +00000040 2e 00 0f b9 bf 6b 54 34 dc ce b0 12 0b 16 e5 ac |.....kT4........| +00000050 8f 6b 1e 96 a1 e3 86 b7 6f 8c 76 09 da |.k......o.v..| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| -00000010 00 00 00 94 5c be 46 05 d6 d0 b0 3a 56 dc 2c 10 |....\.F....:V.,.| -00000020 0f 6f 5d 33 33 7f a5 4e 74 84 bf 63 87 c4 f4 49 |.o]33..Nt..c...I| -00000030 bc 6b ab 17 03 03 00 25 00 00 00 00 00 00 00 01 |.k.....%........| -00000040 7e 4f f9 ae ae fe 6b a0 4a f8 0f 0b b4 b6 65 b6 |~O....k.J.....e.| -00000050 be 24 5f 94 6d d1 db 54 11 07 b9 ce 01 15 03 03 |.$_.m..T........| -00000060 00 1a 00 00 00 00 00 00 00 02 a8 1c d6 62 ac fd |.............b..| -00000070 77 ba 23 92 5d 34 f1 17 c7 e1 1c 99 |w.#.]4......| +00000010 00 00 00 f5 dc 00 28 06 03 50 9b b2 db 4d 89 25 |......(..P...M.%| +00000020 3a 94 04 85 5b 7a 3f 16 fb 55 8f e0 c3 a3 33 21 |:...[z?..U....3!| +00000030 65 84 c5 17 03 03 00 25 00 00 00 00 00 00 00 01 |e......%........| +00000040 a9 35 62 24 4b 63 6e 62 1c 8f 99 e4 e0 3e f0 a2 |.5b$Kcnb.....>..| +00000050 e3 02 34 6f 10 71 9c 6b b3 4a 2d 7f 71 15 03 03 |..4o.q.k.J-.q...| +00000060 00 1a 00 00 00 00 00 00 00 02 91 43 07 98 b1 ba |...........C....| +00000070 06 1b dd 21 46 82 63 67 8b bb 1f b5 |...!F.cg....| diff --git a/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 b/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 new file mode 100644 index 00000000..2cc2c28f --- /dev/null +++ b/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 @@ -0,0 +1,82 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 97 01 00 00 93 03 03 0f 13 d8 49 94 |..............I.| +00000010 b9 cc 41 1d d4 3d bb d2 c9 a3 2c 74 11 ca 01 e8 |..A..=....,t....| +00000020 5b b0 2e 57 60 b5 30 37 2d b9 f0 00 00 04 c0 30 |[..W`.07-......0| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 40 f3 67 86 41 |.._X.;t....@.g.A| +000002d0 93 17 f7 db b2 80 ca 73 f9 f8 45 24 cc 46 57 47 |.......s..E$.FWG| +000002e0 28 83 19 df e8 63 e7 19 c4 a2 04 85 25 7d ec 55 |(....c......%}.U| +000002f0 91 d4 df eb 77 53 c2 3b d5 71 1a f7 39 d2 ee b4 |....wS.;.q..9...| +00000300 06 4b e4 07 b7 fa 8a 8e fa 64 22 83 dd 22 8b b8 |.K.......d".."..| +00000310 4d a5 1a f5 e3 81 01 81 6a a1 6e 62 54 3a 3a 09 |M.......j.nbT::.| +00000320 ed 76 f2 5a d3 4e 4b 74 be 46 50 0d 51 77 34 f6 |.v.Z.NKt.FP.Qw4.| +00000330 02 ef 57 39 29 bf d9 64 ad 65 06 ae a6 8d 94 86 |..W9)..d.e......| +00000340 84 76 cf 2c 36 98 04 5b a1 59 6c 16 03 03 00 04 |.v.,6..[.Yl.....| +00000350 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 d5 2b 0e 3c e9 3e |....%...! .+.<.>| +00000010 e9 b0 3d 86 a9 85 b5 68 af cf 27 cf 4b d4 49 2e |..=....h..'.K.I.| +00000020 68 f2 9e 3c 32 7c cb fb dc 57 14 03 03 00 01 01 |h..<2|...W......| +00000030 16 03 03 00 28 5a cc f4 77 38 94 46 7b 39 5d 81 |....(Z..w8.F{9].| +00000040 be 77 a5 4a 76 c9 46 62 17 0b 2b ea 89 c2 29 bd |.w.Jv.Fb..+...).| +00000050 4b b0 dd 51 1e b8 7b a9 55 f5 fb b3 6a |K..Q..{.U...j| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 b9 9b c0 b1 2b 71 af 0b 44 4e 4a cd e8 |.......+q..DNJ..| +00000020 c6 68 b8 2a d9 67 6f 7f 18 12 22 5c 4b 5c ca 43 |.h.*.go..."\K\.C| +00000030 ff c1 9d 17 03 03 00 25 00 00 00 00 00 00 00 01 |.......%........| +00000040 3c ae 33 dd 69 6c 01 a0 d2 a7 91 52 43 f3 78 38 |<.3.il.....RC.x8| +00000050 94 f4 24 0b 3d c9 bb 5f 02 27 89 bb 9b 15 03 03 |..$.=.._.'......| +00000060 00 1a 00 00 00 00 00 00 00 02 68 8d d7 d8 2f 95 |..........h.../.| +00000070 61 09 59 52 0d b8 12 fc 6a 07 28 37 |a.YR....j.(7| diff --git a/tls/testdata/Server-TLSv12-RSA-RC4 b/tls/testdata/Server-TLSv12-RSA-RC4 index b703a8f7..47a4ef2d 100644 --- a/tls/testdata/Server-TLSv12-RSA-RC4 +++ b/tls/testdata/Server-TLSv12-RSA-RC4 @@ -1,79 +1,76 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 5c 01 00 00 58 03 03 52 cc 57 59 c9 |....\...X..R.WY.| -00000010 c3 13 fc 18 8a ee c2 0e 88 ff fb 4a 16 f2 eb eb |...........J....| -00000020 d4 f8 b3 5b cd bb 25 0e 0b cb 48 00 00 04 00 05 |...[..%...H.....| -00000030 00 ff 01 00 00 2b 00 0d 00 22 00 20 06 01 06 02 |.....+...". ....| -00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| -00000050 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 |................| -00000060 01 |.| +00000000 16 03 01 00 97 01 00 00 93 03 03 2c 3c 18 04 94 |...........,<...| +00000010 e0 bb 10 99 7c 0c cd 0e e7 72 bc 83 4d f0 cf d7 |....|....r..M...| +00000020 4b 8e 2c 8b 52 bf ed 86 65 d2 a3 00 00 04 00 05 |K.,.R...e.......| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 05 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 35 b3 60 ba 14 |...........5.`..| -00000010 5f 19 24 a0 24 de 4e 85 a9 64 78 3a 51 24 64 70 |_.$.$.N..dx:Q$dp| -00000020 88 55 6d c3 11 b8 d3 9f bc 7a 33 f8 3c 48 93 2f |.Um......z3..|.| -00000070 44 82 f4 24 03 22 40 00 64 27 53 15 41 8c 01 e9 |D..$."@.d'S.A...| -00000080 39 32 fa 8e 2d f9 b4 89 34 15 d6 14 03 03 00 01 |92..-...4.......| -00000090 01 16 03 03 00 24 f5 61 8b 24 bf b4 82 3a cf 49 |.....$.a.$...:.I| -000000a0 99 a0 b1 1b a7 a7 a3 92 7c 84 85 e0 64 a3 3d bd |........|...d.=.| -000000b0 38 98 7d 97 a8 b9 2a 35 a9 09 |8.}...*5..| +00000000 16 03 03 00 86 10 00 00 82 00 80 a2 43 45 e6 1e |............CE..| +00000010 08 d3 29 62 0b 40 75 98 a3 f6 68 d7 78 31 b0 c9 |..)b.@u...h.x1..| +00000020 f4 f8 a6 98 dc d8 72 c1 2a 68 80 26 54 1c 16 af |......r.*h.&T...| +00000030 9f 67 cf ee 74 de 9e 29 b6 cd 0d eb df aa ea 44 |.g..t..).......D| +00000040 72 c9 aa fc ff c9 2d 9d bf bc f0 9b c1 7b 0d 5c |r.....-......{.\| +00000050 69 0c 75 d8 23 09 29 97 f6 38 9c f9 4f 1b 4a d5 |i.u.#.)..8..O.J.| +00000060 bd 04 d4 15 b3 a6 80 02 a4 11 32 d7 c0 cf 89 1f |..........2.....| +00000070 93 80 2b 48 49 51 44 b7 77 3c bf b1 a6 87 a3 ff |..+HIQD.w<......| +00000080 39 37 4a 42 49 92 93 25 0a 51 9a 14 03 03 00 01 |97JBI..%.Q......| +00000090 01 16 03 03 00 24 b5 c9 d6 9c ec 77 38 d2 30 79 |.....$.....w8.0y| +000000a0 f1 00 77 31 78 9b e6 ab ed 46 7c c6 e5 26 0b 44 |..w1x....F|..&.D| +000000b0 fd 30 b0 fe 0c 84 6f 9a cf 57 |.0....o..W| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 c9 0b 84 e6 39 |..........$....9| -00000010 f2 e0 f3 ac 9f 0f 17 92 5f 6d de 94 18 c4 60 d9 |........_m....`.| -00000020 66 c3 0d 1a ae c2 8f 46 8f 7f f0 58 0e 4a 9b 17 |f......F...X.J..| -00000030 03 03 00 21 8b 73 a1 6a 7e d9 7e 4f 1d cc b2 7d |...!.s.j~.~O...}| -00000040 3c 83 3f 52 f8 08 77 01 4c 65 11 6d 50 25 9a cc |<.?R..w.Le.mP%..| -00000050 e3 54 27 72 59 15 03 03 00 16 3d c8 ab 14 51 fa |.T'rY.....=...Q.| -00000060 97 f1 ef 5f b4 4f 44 58 d4 93 3b ae e5 61 1f a3 |..._.ODX..;..a..| +00000000 14 03 03 00 01 01 16 03 03 00 24 58 cc 9f 3f ac |..........$X..?.| +00000010 2e 20 73 c9 5e 13 d3 12 3a 63 1e a9 ee 13 3d 0d |. s.^...:c....=.| +00000020 51 e9 15 5b 7b 33 92 85 6c fa d6 8a 15 16 dc 17 |Q..[{3..l.......| +00000030 03 03 00 21 bc af 01 72 48 0c 16 c9 7a c0 3c 27 |...!...rH...z.<'| +00000040 63 0a f8 34 e4 54 6a 39 39 61 02 bc c2 a0 07 03 |c..4.Tj99a......| +00000050 fb 2c d0 1b 6a 15 03 03 00 16 98 71 13 a6 5d f5 |.,..j......q..].| +00000060 7d aa 6d 05 2d a2 dc c0 7b 41 88 36 a2 49 a4 8b |}.m.-...{A.6.I..| diff --git a/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 b/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 new file mode 100644 index 00000000..b193771e --- /dev/null +++ b/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 @@ -0,0 +1,77 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 59 01 00 00 55 03 03 60 c3 e9 6a 99 |....Y...U..`..j.| +00000010 72 7a 1c b9 1e 10 4b 9a 82 d5 ea b9 b0 6f 1e 05 |rz....K......o..| +00000020 74 a4 35 bb 71 c7 d2 56 87 b8 69 00 00 04 cc a8 |t.5.q..V..i.....| +00000030 00 ff 01 00 00 28 00 0b 00 04 03 00 01 02 00 0a |.....(..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 00 0d 00 04 00 02 04 01 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a8 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 4e c9 fd 39 89 |.._X.;t....N..9.| +000002d0 52 c1 6b ba 3b c9 02 35 89 e8 e3 f8 41 15 ee 6d |R.k.;..5....A..m| +000002e0 f6 08 6d 1a 47 aa 3b 5c 1d 9b 42 9b 50 85 af 56 |..m.G.;\..B.P..V| +000002f0 a3 99 78 84 7f 06 91 97 e9 33 0d 1d 9b 17 ce 3b |..x......3.....;| +00000300 30 f2 d0 10 1c b6 e2 7d fd b3 e1 bc 14 7a 1a 96 |0......}.....z..| +00000310 be b9 dc 0d 29 33 84 5f d1 77 91 0a a1 f2 2b cc |....)3._.w....+.| +00000320 dc 5e 9b f9 8b e3 34 d2 bd f3 46 b4 0d 97 de 44 |.^....4...F....D| +00000330 aa 83 10 82 bd ca 83 27 d0 40 a7 b1 64 15 dd 84 |.......'.@..d...| +00000340 5f 3c d9 62 42 0d 8f a6 19 0f b1 16 03 03 00 04 |_<.bB...........| +00000350 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 82 3a 50 41 f7 b1 |....%...! .:PA..| +00000010 0f 97 ba 38 04 db f3 a6 ec 8b d1 db 06 c1 84 89 |...8............| +00000020 a0 53 84 92 27 a2 53 e8 5d 21 14 03 03 00 01 01 |.S..'.S.]!......| +00000030 16 03 03 00 20 7d 80 6d 7f a9 28 d6 0d 50 d6 b4 |.... }.m..(..P..| +00000040 24 d3 92 f8 0b 8e 6b d8 7c 64 9e 6c 87 a9 8e 37 |$.....k.|d.l...7| +00000050 9e 1b 0b 2d a5 |...-.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 e4 58 cf fb 81 |.......... .X...| +00000010 be dd 5b 98 97 bd bd 6a f0 76 92 b6 bb 2c 8f a3 |..[....j.v...,..| +00000020 e5 52 5b 1d f4 17 7b 2a a8 40 26 17 03 03 00 1d |.R[...{*.@&.....| +00000030 58 ef 4f 1d 98 0f 3d 59 88 df 6e ac c9 37 43 d5 |X.O...=Y..n..7C.| +00000040 f5 58 b3 7a 62 a3 7d 26 a2 a2 80 23 ef 15 03 03 |.X.zb.}&...#....| +00000050 00 12 05 b8 57 6a 80 71 b6 a4 58 94 15 f4 2f 0c |....Wj.q..X.../.| +00000060 8e 76 b2 aa |.v..| diff --git a/tls/testdata/Server-TLSv12-RSA-RSAPSS b/tls/testdata/Server-TLSv12-RSA-RSAPSS new file mode 100644 index 00000000..af4c069f --- /dev/null +++ b/tls/testdata/Server-TLSv12-RSA-RSAPSS @@ -0,0 +1,77 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5b 01 00 00 57 03 03 e0 83 fd ef f8 |....[...W.......| +00000010 cb 41 23 14 36 21 07 eb 4e 01 7d 80 63 e4 b9 45 |.A#.6!..N.}.c..E| +00000020 f0 84 72 71 9b ac 60 49 6c 70 74 00 00 04 cc a8 |..rq..`Ilpt.....| +00000030 00 ff 01 00 00 2a 00 0b 00 04 03 00 01 02 00 0a |.....*..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 00 0d 00 06 00 04 08 06 08 04 |................| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 cc a8 00 00 |...DOWNGRD......| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 58 d3 5f 28 bc |.._X.;t....X._(.| +000002d0 50 79 b9 3d f1 ac a1 af 52 cd d3 fd e7 75 47 c3 |Py.=....R....uG.| +000002e0 65 3a 6f 62 22 c2 b5 cc 2b 22 f3 5d 3f b5 b6 9e |e:ob"...+".]?...| +000002f0 57 bf c7 4e 08 bd fb 5a 17 13 09 1a e9 6c b6 ce |W..N...Z.....l..| +00000300 b2 0e 88 ae ba a3 a0 b5 2c ff 51 b5 87 95 14 09 |........,.Q.....| +00000310 6d 9c 73 3f f0 c7 40 6b 4c ca 40 96 d6 44 96 d0 |m.s?..@kL.@..D..| +00000320 6f b1 a0 1c 4f 66 cc 9b 4f 85 98 3c 03 68 e3 a8 |o...Of..O..<.h..| +00000330 5b 28 04 fb 1e be 9e 2a 66 c1 6e f1 2e a4 20 08 |[(.....*f.n... .| +00000340 7e 11 78 7b fc c4 43 af 2a b4 8b 16 03 03 00 04 |~.x{..C.*.......| +00000350 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 e2 54 7d 82 d2 8d |....%...! .T}...| +00000010 b8 d6 87 17 ec 2a 64 4e 15 6b b0 b3 01 66 b0 7d |.....*dN.k...f.}| +00000020 73 20 9f cb 30 9d 3c 27 ac 13 14 03 03 00 01 01 |s ..0.<'........| +00000030 16 03 03 00 20 fa a0 b7 eb ef 49 97 d5 da f0 9d |.... .....I.....| +00000040 85 a6 e6 67 f3 30 e8 f0 82 3a 7a c4 3f 76 f6 c5 |...g.0...:z.?v..| +00000050 8f d3 a5 65 f3 |...e.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 6b cf 58 e1 52 |.......... k.X.R| +00000010 e3 2c 05 e6 a3 05 c1 36 02 f0 90 63 bb 86 0f 54 |.,.....6...c...T| +00000020 61 d7 1a 31 7d bd 08 00 22 71 09 17 03 03 00 1d |a..1}..."q......| +00000030 4a 8e 05 28 e3 77 31 43 be ac 32 c6 af f2 7b 1c |J..(.w1C..2...{.| +00000040 ab 11 7f 32 5a 6a eb 76 ac c6 eb f1 dc 15 03 03 |...2Zj.v........| +00000050 00 12 3a f1 ee a3 6f bf 9b 9e 5e b8 20 76 84 bc |..:...o...^. v..| +00000060 1e 2e a0 87 |....| diff --git a/tls/testdata/Server-TLSv12-Resume b/tls/testdata/Server-TLSv12-Resume index c495d4ad..456fe2a1 100644 --- a/tls/testdata/Server-TLSv12-Resume +++ b/tls/testdata/Server-TLSv12-Resume @@ -1,36 +1,46 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 e8 01 00 00 e4 03 03 52 cc 57 59 c3 |...........R.WY.| -00000010 8b df 97 05 d8 5f 16 22 b4 b1 e7 cb 7d 2f 9b 58 |....._."....}/.X| -00000020 a3 f4 d7 2c a4 c1 9d 49 ed 4b ba 20 90 da 90 3e |...,...I.K. ...>| -00000030 36 19 7a db 56 43 26 f7 dc 42 57 33 22 ed 9d a4 |6.z.VC&..BW3"...| -00000040 9d 53 da f8 9d 4e 60 66 71 a0 2e 2e 00 04 00 05 |.S...N`fq.......| -00000050 00 ff 01 00 00 97 00 23 00 68 00 00 00 00 00 00 |.......#.h......| -00000060 00 00 00 00 00 00 00 00 00 00 65 ea 4b d1 ef ba |..........e.K...| -00000070 06 38 1e e1 88 82 3a cd 03 ac 3b 39 0a e0 19 fd |.8....:...;9....| -00000080 af 6c 57 30 df 31 6e f7 92 38 4b 5d 77 90 39 ff |.lW0.1n..8K]w.9.| -00000090 32 51 f5 ed 12 d7 b0 7c 4d 6c c5 76 e4 72 48 3e |2Q.....|Ml.v.rH>| -000000a0 59 23 fe 0d 15 df f4 ba ea b9 67 16 23 8f 7d 15 |Y#........g.#.}.| -000000b0 b6 11 f1 ab d7 d4 cd a3 21 82 92 2a 12 cf 95 f3 |........!..*....| -000000c0 60 b2 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 |`....". ........| -000000d0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| -000000e0 02 01 02 02 02 03 01 01 00 0f 00 01 01 |.............| +00000000 16 03 01 01 12 01 00 01 0e 03 03 90 27 78 df 71 |............'x.q| +00000010 d3 0e ce 1d de ec d2 1b 70 e0 89 da 98 a9 45 3e |........p.....E>| +00000020 9c ee 93 90 8f 61 d0 a3 b4 a4 5a 20 9d cd d4 81 |.....a....Z ....| +00000030 e2 c0 59 81 21 bc 9f 2a 84 3e 91 15 3e b9 c0 a1 |..Y.!..*.>..>...| +00000040 e0 6b 73 9c 45 53 03 ad b9 e6 c2 77 00 04 00 2f |.ks.ES.....w.../| +00000050 00 ff 01 00 00 c1 00 23 00 81 50 46 ad c1 db a8 |.......#..PF....| +00000060 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 00 |8.{+....B>......| +00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 51 |...........o,..Q| +00000080 ed 14 ef 68 ca 42 c5 4c 75 5e a5 6f d2 49 61 e4 |...h.B.Lu^.o.Ia.| +00000090 fb 83 46 7c 4c ab f9 c6 d1 3c 9e 5b 8d d8 bc c0 |..F|L....<.[....| +000000a0 a5 2d 84 db 24 dd a0 16 60 1d 87 a0 52 88 25 6c |.-..$...`...R.%l| +000000b0 c6 8e 5b 71 0f 74 c3 48 49 38 16 92 8c de 77 bd |..[q.t.HI8....w.| +000000c0 8a 2b 45 4d 58 86 40 b1 d6 0f 99 de 27 41 b2 41 |.+EMX.@.....'A.A| +000000d0 27 aa fe 26 e9 24 91 2a 00 ff 08 00 16 00 00 00 |'..&.$.*........| +000000e0 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 |......0.........| +000000f0 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 |................| +00000100 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02 |................| +00000110 02 04 02 05 02 06 02 |.......| >>> Flow 2 (server to client) 00000000 16 03 03 00 51 02 00 00 4d 03 03 00 00 00 00 00 |....Q...M.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 20 90 da 90 3e |........... ...>| -00000030 36 19 7a db 56 43 26 f7 dc 42 57 33 22 ed 9d a4 |6.z.VC&..BW3"...| -00000040 9d 53 da f8 9d 4e 60 66 71 a0 2e 2e 00 05 00 00 |.S...N`fq.......| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 20 9d cd d4 81 |...DOWNGRD. ....| +00000030 e2 c0 59 81 21 bc 9f 2a 84 3e 91 15 3e b9 c0 a1 |..Y.!..*.>..>...| +00000040 e0 6b 73 9c 45 53 03 ad b9 e6 c2 77 00 2f 00 00 |.ks.ES.....w./..| 00000050 05 ff 01 00 01 00 14 03 03 00 01 01 16 03 03 00 |................| -00000060 24 11 12 ff 28 10 14 4c e5 0e ad a7 fa f3 92 fb |$...(..L........| -00000070 13 7d ae f2 b2 4a 6b a1 9e 67 cf a8 f7 8c 6f a0 |.}...Jk..g....o.| -00000080 6c 30 0e 18 55 |l0..U| +00000060 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |@...............| +00000070 00 57 8e 5f 0a f6 3f 3b 43 f1 33 bc ef 5e c6 8d |.W._..?;C.3..^..| +00000080 86 92 58 58 71 51 e8 54 57 96 5f bd 36 3a 9f d3 |..XXqQ.TW._.6:..| +00000090 e9 27 01 bf fb 6a 05 57 de 2d db b2 79 38 72 95 |.'...j.W.-..y8r.| +000000a0 fd |.| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 16 03 03 00 24 0d 46 41 8b 24 |..........$.FA.$| -00000010 36 01 a9 fd 8b ec fc e6 b1 83 96 df 0d 3e 53 54 |6............>ST| -00000020 58 b8 43 f2 a6 25 5e 1a ae 19 9e d2 28 44 92 |X.C..%^.....(D.| +00000000 14 03 03 00 01 01 16 03 03 00 40 6d 3c 76 31 a4 |..........@m.5v...K.| +00000020 01 f8 a8 83 0c eb 58 f7 d6 93 c6 b6 40 0e c8 24 |......X.....@..$| +00000030 46 58 0c 79 4a c6 b4 15 65 1e 9c bd ff 51 4d d0 |FX.yJ...e....QM.| +00000040 44 66 fe c0 98 d5 26 11 98 cf 52 |Df....&...R| >>> Flow 4 (server to client) -00000000 17 03 03 00 21 c4 fb f6 53 bb 3e 04 cc 0b a0 03 |....!...S.>.....| -00000010 fa 49 96 da b5 8d b2 f2 e5 d8 f3 5c 27 57 4f 9c |.I.........\'WO.| -00000020 30 00 34 fc 52 92 15 03 03 00 16 a3 02 7a 50 d2 |0.4.R........zP.| -00000030 c6 b3 fc 69 8f e4 94 ae ab 22 ad 05 1d 15 69 b9 |...i....."....i.| -00000040 a5 |.| +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 4e 8e bd e5 c8 d4 1a 14 00 f1 ed |.....N..........| +00000020 c4 88 b3 5c 92 b9 ad 8a 68 d4 f3 85 1b 02 25 aa |...\....h.....%.| +00000030 a0 65 49 08 0d 2a b4 0a 64 eb ea ab 06 73 08 ca |.eI..*..d....s..| +00000040 62 c9 56 45 a9 15 03 03 00 30 00 00 00 00 00 00 |b.VE.....0......| +00000050 00 00 00 00 00 00 00 00 00 00 60 51 ae 81 79 6d |..........`Q..ym| +00000060 91 95 02 42 30 3f c4 3c 2b fc 74 47 a7 a9 17 22 |...B0?.<+.tG..."| +00000070 88 26 6d 18 b9 8f ad 43 e3 b0 |.&m....C..| diff --git a/tls/testdata/Server-TLSv12-ResumeDisabled b/tls/testdata/Server-TLSv12-ResumeDisabled index db833f65..339fd9a0 100644 --- a/tls/testdata/Server-TLSv12-ResumeDisabled +++ b/tls/testdata/Server-TLSv12-ResumeDisabled @@ -1,87 +1,91 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 e8 01 00 00 e4 03 03 54 23 54 02 a5 |...........T#T..| -00000010 10 11 0f 6d e5 2d 2f e8 bb 52 b1 38 3f 65 01 43 |...m.-/..R.8?e.C| -00000020 36 cc 48 f6 09 22 a1 85 20 28 3c 20 35 8b fe 7a |6.H..".. (< 5..z| -00000030 41 3b 59 3a 5d b9 b3 21 f0 62 e9 0d 7b af f5 5d |A;Y:]..!.b..{..]| -00000040 fa 65 1a 40 c8 ca cd 74 8c ef d2 fb 00 04 00 05 |.e.@...t........| -00000050 00 ff 01 00 00 97 00 23 00 68 00 00 00 00 00 00 |.......#.h......| -00000060 00 00 00 00 00 00 00 00 00 00 65 ea 4b d1 ef ba |..........e.K...| -00000070 2d db 0c ba 9a d4 20 76 57 c8 ec dc 2d 77 fb fb |-..... vW...-w..| -00000080 3b 93 5f 53 e0 14 4f 90 fb d6 55 57 8c 8d 0d 25 |;._S..O...UW...%| -00000090 ea 5d 0d f2 91 e5 12 22 12 ec 7b 5f b6 6e fd 07 |.]....."..{_.n..| -000000a0 59 23 24 fc b1 97 ca ea 56 a5 c2 a0 e4 9e 99 64 |Y#$.....V......d| -000000b0 f2 64 d0 75 7a 46 63 e3 dc 21 ed 78 56 e9 e1 ab |.d.uzFc..!.xV...| -000000c0 66 80 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 |f....". ........| -000000d0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| -000000e0 02 01 02 02 02 03 01 01 00 0f 00 01 01 |.............| +00000000 16 03 01 01 12 01 00 01 0e 03 03 b8 aa 9b e6 98 |................| +00000010 be 93 d6 03 f2 cd 62 23 76 dd 74 6c 48 ac 9a f6 |......b#v.tlH...| +00000020 f3 27 62 93 6e 99 b2 0d 54 af b7 20 2d 20 97 9a |.'b.n...T.. - ..| +00000030 c8 88 50 65 95 2a 02 8f 7b 47 77 6d 3c 49 ba a9 |..Pe.*..{Gwm......| +00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 51 |...........o,..Q| +00000080 ed 14 ef 68 ca 42 c5 4c 20 33 6c 01 97 a5 69 44 |...h.B.L 3l...iD| +00000090 bf 8f ea db 83 05 fb ef cc 51 1f 0b 4d 44 77 89 |.........Q..MDw.| +000000a0 11 cf c8 38 16 67 ea a2 3e 8b 2a 18 f2 f7 25 ce |...8.g..>.*...%.| +000000b0 e0 d8 4c 93 31 b0 59 23 49 38 16 3a f9 63 9e 61 |..L.1.Y#I8.:.c.a| +000000c0 21 1b ab 67 09 6a 23 07 8e d0 4a 19 78 9c 1e 60 |!..g.j#...J.x..`| +000000d0 40 a7 83 c5 9a 48 41 35 c4 e9 63 00 16 00 00 00 |@....HA5..c.....| +000000e0 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 |......0.........| +000000f0 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 |................| +00000100 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02 |................| +00000110 02 04 02 05 02 06 02 |.......| >>> Flow 2 (server to client) 00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| -00000030 05 ff 01 00 01 00 16 03 03 02 be 0b 00 02 ba 00 |................| -00000040 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| -00000050 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| -00000060 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 0b |.*.H........0E1.| -00000070 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 |0...U....AU1.0..| -00000080 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 |.U....Some-State| -00000090 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 |1!0...U....Inter| -000000a0 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty | -000000b0 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 30 |Ltd0...100424090| -000000c0 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 39 |938Z..1104240909| -000000d0 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 |38Z0E1.0...U....| -000000e0 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| -000000f0 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| -00000100 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| -00000110 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d 06 |ts Pty Ltd0..0..| -00000120 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| -00000130 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf 46 |0.......y......F| -00000140 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a 43 |...i..+.CZ..-.zC| -00000150 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 82 |...R..eL,x.#....| -00000160 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c 7a |....;~b.,.3...\z| -00000170 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 c9 |V.....X{&?......| -00000180 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 99 |!.J..T.Z..Bq....| -00000190 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 7c |..~.}}..9....Q.|| -000001a0 e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d db |..L;2f......q...| -000001b0 db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 30 |..k..-y........0| -000001c0 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad e2 |..0...U.........| -000001d0 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 88 |.Z..(.i.#i..&...| -000001e0 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 ad |90u..U.#.n0l....| -000001f0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..| -00000200 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 04 |.9.I.G0E1.0...U.| -00000210 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a |...AU1.0...U....| -00000220 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 |Some-State1!0...| -00000230 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 |U....Internet Wi| -00000240 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 00 |dgits Pty Ltd...| -00000250 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 04 |........0...U...| -00000260 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d |.0....0...*.H...| -00000270 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b b1 |..........lE$.k.| -00000280 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 5a |Y..R.......zdu.Z| -00000290 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e 60 |.f..+...f..O8.n`| -000002a0 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 1d |....A..%...z$.0.| -000002b0 ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 ea |........1Y....x.| -000002c0 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 90 |PV\..Z-Z_3....u.| -000002d0 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c a3 |...R...... _....| -000002e0 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b 26 |......W.p.&mq..&| -000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........| -00000300 00 00 |..| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 ae 02 dd 1f 1a |................| -00000010 86 83 f5 2f 82 46 4b 29 58 aa a1 b3 56 8b 4e 40 |.../.FK)X...V.N@| -00000020 ef 23 65 67 ad 48 e5 e1 fd ae dd bf 68 fd bd a6 |.#eg.H......h...| -00000030 13 a0 7e 05 ab f7 20 e1 6a 4e d1 37 93 08 1d c9 |..~... .jN.7....| -00000040 37 e0 b5 34 28 bf 20 45 45 da 0f 7e 51 a7 c6 ae |7..4(. EE..~Q...| -00000050 61 6c 07 1b 73 ef da 6e 25 c4 ed be e3 3f da ae |al..s..n%....?..| -00000060 cd 3c 17 9c 2e ee fb 47 9d b3 a1 b2 c3 5d e0 83 |.<.....G.....]..| -00000070 74 20 37 2d 72 d6 d0 4d 58 0e 26 1c 50 22 95 08 |t 7-r..MX.&.P"..| -00000080 7d e0 5f 86 99 9e 2c 2e a7 a0 7f 14 03 03 00 01 |}._...,.........| -00000090 01 16 03 03 00 24 a2 ab 41 25 a5 cf 04 18 1d 98 |.....$..A%......| -000000a0 88 6c 59 21 86 33 54 f4 35 b4 21 6e a5 29 d5 6e |.lY!.3T.5.!n.).n| -000000b0 3d 08 72 b0 af 46 b5 8f 6b 86 |=.r..F..k.| +00000000 16 03 03 00 86 10 00 00 82 00 80 1f e2 43 ee 88 |.............C..| +00000010 22 0d a0 66 18 ce 8a 04 d1 00 fc 2b 6b 93 d5 b6 |"..f.......+k...| +00000020 fd 13 48 fd ea 19 d8 5d 02 bf 8c d9 fb 64 e8 17 |..H....].....d..| +00000030 a3 49 dc 1d 4d b7 8c eb 7d 8b 1d 13 20 78 4e 02 |.I..M...}... xN.| +00000040 49 7e a5 bd dd 57 ac 45 47 e6 ea 2e 87 6f d2 ca |I~...W.EG....o..| +00000050 e6 ef a4 9e 2d 3a 02 22 2e 67 6f ff 2d 78 6c 7d |....-:.".go.-xl}| +00000060 33 a1 4c 5b ec d5 ae cb 4f db c0 7d 75 01 61 fa |3.L[....O..}u.a.| +00000070 c2 8a dc 75 77 51 60 90 5d 35 45 ca 13 bb 1a c4 |...uwQ`.]5E.....| +00000080 eb f3 74 ef 77 ec 23 ec 98 30 3c 14 03 03 00 01 |..t.w.#..0<.....| +00000090 01 16 03 03 00 40 7a 07 bc 74 d3 6f ef 93 22 69 |.....@z..t.o.."i| +000000a0 a8 05 df df db 5e 58 1e 4b 84 4f 20 7c f5 2c c3 |.....^X.K.O |.,.| +000000b0 0d 51 0a a8 d0 a8 f0 07 02 d5 ca ec f2 4b 3f ef |.Q...........K?.| +000000c0 c9 57 cb 9b 26 2e 62 e7 f2 84 6e ed b9 6e 1d 15 |.W..&.b...n..n..| +000000d0 32 8c d6 b8 0d 8a |2.....| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 24 59 20 4d c2 17 |..........$Y M..| -00000010 8b 3c 9b 33 d9 f9 ef fb 80 18 1f 67 a7 58 12 89 |.<.3.......g.X..| -00000020 4e 73 0f 2d 7b e6 c4 a6 79 73 01 da 22 e8 54 17 |Ns.-{...ys..".T.| -00000030 03 03 00 21 36 ca 64 0f 4a 12 a5 50 3d 97 bb 39 |...!6.d.J..P=..9| -00000040 02 fc ed d1 82 6a 9a 2e 21 79 f6 e1 b3 cc 32 db |.....j..!y....2.| -00000050 0f 5d b3 fb a5 15 03 03 00 16 51 f4 be 57 7a df |.]........Q..Wz.| -00000060 f1 f2 bd b5 51 5e 45 80 be 0b 9a 0c d1 19 3c 79 |....Q^E.......| +00000070 03 45 e3 d6 af a2 d8 d9 61 36 e5 95 83 75 66 fa |.E......a6...uf.| +00000080 90 c2 80 53 a2 d5 31 aa b1 2a da 45 a9 b3 aa 1f |...S..1..*.E....| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 c4 52 cf b9 f6 0f e2 30 ba 90 18 |......R.....0...| +000000b0 0c 76 c2 ee 4c 78 fb c2 cb 34 7f cb 35 15 5e b0 |.v..Lx...4..5.^.| +000000c0 17 70 cb 76 8a |.p.v.| diff --git a/tls/testdata/Server-TLSv12-SNI b/tls/testdata/Server-TLSv12-SNI index 61b17a11..0ea8375f 100644 --- a/tls/testdata/Server-TLSv12-SNI +++ b/tls/testdata/Server-TLSv12-SNI @@ -1,76 +1,84 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 70 01 00 00 6c 03 03 52 cc 57 59 2d |....p...l..R.WY-| -00000010 77 aa 75 35 fa ff 2a a2 bf 91 5e e3 7f 38 7d 7a |w.u5..*...^..8}z| -00000020 e3 93 d3 e8 8b 09 bb 06 c8 6d 91 00 00 04 00 2f |.........m...../| -00000030 00 ff 01 00 00 3f 00 00 00 10 00 0e 00 00 0b 73 |.....?.........s| -00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 22 00 20 |nitest.com...". | -00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| -00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................| -00000070 00 0f 00 01 01 |.....| +00000000 16 03 01 00 99 01 00 00 95 03 03 fb d6 71 b2 32 |.............q.2| +00000010 74 6c e1 56 19 42 e6 46 a2 0e 37 1f ad 96 4b af |tl.V.B.F..7...K.| +00000020 8b 4c aa 71 2a 53 d8 df 74 7d 39 00 00 04 00 2f |.L.q*S..t}9..../| +00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......| +00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| +00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| >>> Flow 2 (server to client) -00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| -00000030 05 ff 01 00 01 00 16 03 03 02 00 0b 00 01 fc 00 |................| -00000040 01 f9 00 01 f6 30 82 01 f2 30 82 01 5d a0 03 02 |.....0...0..]...| -00000050 01 02 02 01 00 30 0b 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| -00000060 01 05 30 28 31 10 30 0e 06 03 55 04 0a 13 07 41 |..0(1.0...U....A| -00000070 63 6d 65 20 43 6f 31 14 30 12 06 03 55 04 03 13 |cme Co1.0...U...| -00000080 0b 73 6e 69 74 65 73 74 2e 63 6f 6d 30 1e 17 0d |.snitest.com0...| -00000090 31 32 30 34 31 31 31 37 34 30 33 35 5a 17 0d 31 |120411174035Z..1| -000000a0 33 30 34 31 31 31 37 34 35 33 35 5a 30 28 31 10 |30411174535Z0(1.| -000000b0 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| -000000c0 31 14 30 12 06 03 55 04 03 13 0b 73 6e 69 74 65 |1.0...U....snite| -000000d0 73 74 2e 63 6f 6d 30 81 9d 30 0b 06 09 2a 86 48 |st.com0..0...*.H| -000000e0 86 f7 0d 01 01 01 03 81 8d 00 30 81 89 02 81 81 |..........0.....| -000000f0 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 |..y......F...i..| -00000100 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 |+.CZ..-.zC...R..| -00000110 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e |eL,x.#........;~| -00000120 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa |b.,.3...\zV.....| -00000130 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 |X{&?......!.J..T| -00000140 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d |.Z..Bq......~.}}| -00000150 f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 |..9....Q.|..L;2f| -00000160 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d |......q.....k..-| -00000170 79 02 03 01 00 01 a3 32 30 30 30 0e 06 03 55 1d |y......2000...U.| -00000180 0f 01 01 ff 04 04 03 02 00 a0 30 0d 06 03 55 1d |..........0...U.| -00000190 0e 04 06 04 04 01 02 03 04 30 0f 06 03 55 1d 23 |.........0...U.#| -000001a0 04 08 30 06 80 04 01 02 03 04 30 0b 06 09 2a 86 |..0.......0...*.| -000001b0 48 86 f7 0d 01 01 05 03 81 81 00 89 c6 45 5f 1c |H............E_.| -000001c0 1f 5e f8 eb 1a b1 74 ee 24 39 05 9f 5c 42 59 bb |.^....t.$9..\BY.| -000001d0 1a 8d 86 cd b1 d0 56 f5 6a 71 7d a4 0e 95 ab 90 |......V.jq}.....| -000001e0 f5 9e 8d ea f6 27 c1 57 99 50 94 db 08 02 26 6e |.....'.W.P....&n| -000001f0 b3 4f c6 84 2d ea 8a 4b 68 d9 c1 38 91 03 ab 84 |.O..-..Kh..8....| -00000200 fb 9e 1f 85 d9 b5 d2 3f f2 31 2c 86 70 fb b5 40 |.......?.1,.p..@| -00000210 14 82 45 a4 eb af e2 64 d9 0c 8a 4c f4 f8 5b 0f |..E....d...L..[.| -00000220 ac 12 ac 2f c4 a3 15 4b ad 52 46 28 68 af 96 c6 |.../...K.RF(h...| -00000230 2c 65 25 d6 52 b6 e3 18 45 bd cc 16 03 03 00 04 |,e%.R...E.......| -00000240 0e 00 00 00 |....| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 86 10 00 00 82 00 80 0d f2 bf 75 a9 |..............u.| -00000010 aa db f3 25 55 d4 20 59 63 54 d1 70 82 f9 61 c5 |...%U. YcT.p..a.| -00000020 b7 ae 3f 75 71 75 9d c5 01 a1 ed b1 07 66 9f 3f |..?uqu.......f.?| -00000030 cf c6 e6 ad 44 03 fd 18 6f 53 24 ce 76 01 bd fe |....D...oS$.v...| -00000040 e2 51 f7 df 8a 23 3a 21 c4 00 15 ff d0 e0 ff c8 |.Q...#:!........| -00000050 8b 89 33 c6 8e e0 ce 97 ef b4 c6 f9 b0 ea 38 89 |..3...........8.| -00000060 79 98 34 9e f7 bc c6 fd d2 5d 56 84 5c d2 9a ce |y.4......]V.\...| -00000070 ae de 09 bc 24 25 fc 09 0c bc 0e 91 0d 6b 36 ae |....$%.......k6.| -00000080 ce 6b cd 14 ec b6 3c fa d6 df fc 14 03 03 00 01 |.k....<.........| -00000090 01 16 03 03 00 40 ad 21 13 2b 33 7a 4a 0d fb 0f |.....@.!.+3zJ...| -000000a0 eb d2 b6 85 29 1f 59 79 ba 86 53 5c 68 b4 c7 e3 |....).Yy..S\h...| -000000b0 8a 6c 5c 18 04 4d e4 76 19 30 ba 92 b4 79 8c 64 |.l\..M.v.0...y.d| -000000c0 00 a0 2e 13 96 45 9f e7 a9 e4 23 9e 9f 89 23 26 |.....E....#...#&| -000000d0 36 20 82 fc 75 fe |6 ..u.| +00000000 16 03 03 00 86 10 00 00 82 00 80 a4 48 88 75 7b |............H.u{| +00000010 a2 04 19 14 69 30 12 d6 14 00 0c 44 e4 68 06 c6 |....i0.....D.h..| +00000020 11 56 53 0c e5 52 fb 84 e2 6e b7 c6 eb 0d 79 25 |.VS..R...n....y%| +00000030 19 f0 bf e4 51 73 85 d5 82 5a 07 53 b2 65 97 6a |....Qs...Z.S.e.j| +00000040 a1 1b 56 bb 23 35 15 83 0f 60 ee de 16 a2 ea 61 |..V.#5...`.....a| +00000050 23 10 e1 5e cf 73 fe 5d 5a 53 16 42 0c 29 a5 ff |#..^.s.]ZS.B.)..| +00000060 06 e5 c4 87 11 d6 24 91 25 e5 58 81 40 80 9e 71 |......$.%.X.@..q| +00000070 49 40 47 50 37 28 7b ed 76 cc 5a fb 04 ba 9c f8 |I@GP7({.v.Z.....| +00000080 be ce 87 07 75 d2 30 88 09 cf bc 14 03 03 00 01 |....u.0.........| +00000090 01 16 03 03 00 40 60 1c 31 95 7d c2 a9 9b 29 c2 |.....@`.1.}...).| +000000a0 ef 59 58 dd fb 26 34 81 60 dc 17 19 c1 23 8d 8f |.YX..&4.`....#..| +000000b0 a8 d2 62 31 96 3d d2 61 b9 c8 7e bf 47 4c 04 fd |..b1.=.a..~.GL..| +000000c0 7c 30 05 37 8e 03 df 13 a1 4d f1 81 05 d7 4c 49 ||0.7.....M....LI| +000000d0 88 d6 c0 21 52 e3 |...!R.| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 b7 87 61 10 03 |.............a..| -00000020 b8 a4 42 d4 8b 49 bc 40 80 70 92 c8 25 b0 c6 7f |..B..I.@.p..%...| -00000030 b3 87 76 50 5a 59 b3 3c d8 3e 23 24 aa 1a f3 36 |..vPZY.<.>#$...6| -00000040 c9 2c 87 c1 22 d2 94 f8 2c fd ef 17 03 03 00 40 |.,.."...,......@| +00000010 00 00 00 00 00 00 00 00 00 00 00 73 15 54 76 ad |...........s.Tv.| +00000020 c4 38 b0 40 45 32 a8 ca 05 19 bd ce 6e 39 77 6b |.8.@E2......n9wk| +00000030 46 a7 f8 45 a8 cd cd 98 8c aa cf 46 83 f0 20 93 |F..E.......F.. .| +00000040 0d 18 99 d4 2a f9 15 4a 2b f6 bf 17 03 03 00 40 |....*..J+......@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 e5 7f bd 3e ff 9f d4 1b 91 02 f8 69 6f 70 9d 51 |...>.......iop.Q| -00000070 a5 ec ef 5b 10 3f 4e 3f 44 e5 9a 39 68 7c 3a b9 |...[.?N?D..9h|:.| -00000080 69 38 31 ec 9c 45 bf 19 d1 5c 5e 2e 06 00 ca 19 |i81..E...\^.....| +00000060 79 8d 24 ef 72 b3 2c e2 10 a5 6d 3d 61 6c df c1 |y.$.r.,...m=al..| +00000070 26 bf 7e b5 cd b2 8e 87 b9 54 bf ee 35 07 bc 55 |&.~......T..5..U| +00000080 6c cd a2 d3 b4 bb 8c 63 fd ef b1 f0 2f 6d aa d9 |l......c..../m..| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 63 5e 79 2c f2 05 dc 2b d7 5b ac |.....c^y,...+.[.| -000000b0 9d fc 75 94 03 16 ca 1f b2 75 58 2d f1 2f f1 1e |..u......uX-./..| -000000c0 d2 f6 84 8f 2e |.....| +000000a0 00 00 00 00 00 7b f7 81 e6 5c f2 5c 9d 45 ec 1f |.....{...\.\.E..| +000000b0 7b 0d f8 62 19 d4 83 a8 e5 90 71 03 6e 6a 72 4b |{..b......q.njrK| +000000c0 7e 64 c4 c4 1a |~d...| diff --git a/tls/testdata/Server-TLSv12-SNI-GetCertificate b/tls/testdata/Server-TLSv12-SNI-GetCertificate new file mode 100644 index 00000000..199253f0 --- /dev/null +++ b/tls/testdata/Server-TLSv12-SNI-GetCertificate @@ -0,0 +1,84 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 99 01 00 00 95 03 03 cf 09 e7 0d ce |................| +00000010 ce d4 72 66 9d 30 e8 ee 39 b3 95 4c 3b 59 25 66 |..rf.0..9..L;Y%f| +00000020 d2 f5 d3 82 68 7d e7 26 2e 38 97 00 00 04 00 2f |....h}.&.8...../| +00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......| +00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| +00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 04 57 b2 56 f0 |............W.V.| +00000010 a5 fb c3 4d 4e 7d ba 29 18 04 ea 6e 66 d3 97 68 |...MN}.)...nf..h| +00000020 58 4e c1 47 fe 30 42 4d bf 5b 10 38 6a 01 83 98 |XN.G.0BM.[.8j...| +00000030 2b e3 3a ac c8 67 e5 41 0c 5c 3f 88 d5 15 a2 ab |+.:..g.A.\?.....| +00000040 6a 2b 70 24 d8 40 78 c1 d9 58 78 04 4d 90 03 eb |j+p$.@x..Xx.M...| +00000050 3c b1 61 da 26 62 db b3 41 ab dc 94 22 44 66 b8 |<.a.&b..A..."Df.| +00000060 49 2c fa 59 de c0 69 3c 20 f8 2f a5 e0 47 1d ec |I,.Y..i< ./..G..| +00000070 3c 49 2d 39 f6 41 09 06 79 5f 26 c4 12 3d 9c 8d |>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 5e ea d1 03 d7 |...........^....| +00000020 de 82 9a b4 07 52 46 16 fd 28 86 fe 17 2e 77 52 |.....RF..(....wR| +00000030 67 8f ec 64 93 1e 8e c9 fc fb 69 61 47 78 1a 1b |g..d......iaGx..| +00000040 97 8d fc 56 76 f6 53 8b 62 53 4f 17 03 03 00 40 |...Vv.S.bSO....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 f8 17 e8 ba c4 fb 0b 76 f5 a8 2d 3c 48 44 73 da |.......v..->> Flow 1 (client to server) +00000000 16 03 01 00 99 01 00 00 95 03 03 34 7d 89 eb 2a |...........4}..*| +00000010 19 64 32 17 5d 37 0e dd 51 2c 7e 08 56 47 f3 2c |.d2.]7..Q,~.VG.,| +00000020 ca d0 08 51 86 a6 a3 10 85 5a 41 00 00 04 00 2f |...Q.....ZA..../| +00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......| +00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| +00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e |.`.\!.;.........| +000002a0 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 38 86 92 3e 9a |...........8..>.| +00000010 54 2d 44 46 76 d1 7c 07 04 83 2f 19 6d 89 c6 95 |T-DFv.|.../.m...| +00000020 07 63 17 7d ac e5 f7 95 7f f7 f2 3a f6 eb 38 26 |.c.}.......:..8&| +00000030 e5 c9 32 b1 27 88 46 85 f8 f6 eb 27 a8 9e de 5b |..2.'.F....'...[| +00000040 92 f7 3f 03 be 73 f0 de 2e b4 44 a8 89 4a 5a 6f |..?..s....D..JZo| +00000050 dc e7 16 9c dc f7 9f ca 40 9e 34 4b c2 45 58 7a |........@.4K.EXz| +00000060 6d 5c 4c 58 6a 45 10 21 fb b5 2a 58 17 7d d9 c4 |m\LXjE.!..*X.}..| +00000070 c9 7d d1 3b df 39 1b 59 6a 49 18 e1 fd 02 a2 1d |.}.;.9.YjI......| +00000080 5a 2d 3d c5 ab e7 f6 60 0d aa 38 14 03 03 00 01 |Z-=....`..8.....| +00000090 01 16 03 03 00 40 0e 2a fd e7 cd d0 72 ce 06 5c |.....@.*....r..\| +000000a0 40 c1 81 ef eb 27 e9 77 a8 d4 cc 5c 1e 15 7c 62 |@....'.w...\..|b| +000000b0 87 bd c5 8e b4 e6 6a 3f be 37 9d c0 fe f7 65 8b |......j?.7....e.| +000000c0 b1 3a b8 b4 76 67 ca 58 1c f5 3f f1 10 7c 5b 57 |.:..vg.X..?..|[W| +000000d0 90 e6 43 de d6 25 |..C..%| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 8b 11 9a 67 af |..............g.| +00000020 5b 0e c9 01 dc 76 e8 48 2f 40 5c 76 13 ca 28 63 |[....v.H/@\v..(c| +00000030 a9 6d 3c 6b c1 d4 79 4d 39 17 55 a5 b9 0e b6 fd |.m.| +000000c0 b2 ea 47 71 1f |..Gq.| diff --git a/tls/testdata/Server-TLSv12-X25519 b/tls/testdata/Server-TLSv12-X25519 new file mode 100644 index 00000000..c196336d --- /dev/null +++ b/tls/testdata/Server-TLSv12-X25519 @@ -0,0 +1,82 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 8f 01 00 00 8b 03 03 5d ff d6 27 db |...........]..'.| +00000010 3b e5 2b 79 3a a6 cf 75 3d f7 c9 d9 0a d4 8c b2 |;.+y:..u=.......| +00000020 af 3c 29 84 65 a2 d6 98 52 e2 eb 00 00 04 c0 2f |.<).e...R....../| +00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 04 00 02 00 1d 00 16 00 00 00 17 00 00 |................| +00000060 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............| +00000070 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +00000080 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................| +00000090 05 02 06 02 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..| +00000030 0b ff 01 00 01 00 00 0b 00 02 01 00 16 03 03 02 |................| +00000040 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 |Y...U..R..O0..K0| +00000050 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 |..............?.| +00000060 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b |[..0...*.H......| +00000070 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 |..0.1.0...U....G| +00000080 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 |o1.0...U....Go R| +00000090 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 |oot0...160101000| +000000a0 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 |000Z..2501010000| +000000b0 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 |00Z0.1.0...U....| +000000c0 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 |Go1.0...U....Go0| +000000d0 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 |..0...*.H.......| +000000e0 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 |.....0.......F}.| +000000f0 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe |..'.H..(!.~...].| +00000100 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 |.RE.z6G....B[...| +00000110 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e |..y.@.Om..+.....| +00000120 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 |g....."8.J.ts+.4| +00000130 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 |......t{.X.la<..| +00000140 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 |A..++$#w[.;.u]. | +00000150 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 |T..c...$....P...| +00000160 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 |.C...ub...R.....| +00000170 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 |....0..0...U....| +00000180 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 |.......0...U.%..| +00000190 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 |0...+.........+.| +000001a0 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff |......0...U.....| +000001b0 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f |..0.0...U.......| +000001c0 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 |...CC>I..m....`0| +000001d0 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d |...U.#..0...H.IM| +000001e0 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 |.~.1......n{0...| +000001f0 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 |U....0...example| +00000200 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 |.golang0...*.H..| +00000210 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b |...........0.@+[| +00000220 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 |P.a...SX...(.X..| +00000230 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b |8....1Z..f=C.-..| +00000240 f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 |.... d8.$:....}.| +00000250 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 |@ ._...a..v.....| +00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.| +00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...| +00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=| +00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........| +000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.| +000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........| +000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 73 d6 a4 35 5f |.._X.;t....s..5_| +000002d0 3f 46 ad de 81 13 a8 d9 21 17 25 37 61 cb 62 0d |?F......!.%7a.b.| +000002e0 e2 bf 95 51 0e 9e e7 b1 ab bc be f6 ec 80 b1 f4 |...Q............| +000002f0 3e 9c 69 3f c8 1e a4 02 82 fd 57 01 e7 0c 18 be |>.i?......W.....| +00000300 c6 1b 01 68 cb ef dc d8 16 92 fb 1b 07 fd 98 f8 |...h............| +00000310 00 77 a9 8e 71 2a e0 6c 68 d5 83 f9 36 c3 3b 99 |.w..q*.lh...6.;.| +00000320 44 98 a0 96 00 1a 02 95 c5 7c ea ae 51 81 89 94 |D........|..Q...| +00000330 57 b6 37 c5 88 56 9f 49 bf 36 26 48 08 36 a1 69 |W.7..V.I.6&H.6.i| +00000340 48 a2 c4 b2 6f 0f 43 70 91 1e 8a 16 03 03 00 04 |H...o.Cp........| +00000350 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 0a 1b 78 c4 bb eb |....%...! ..x...| +00000010 a4 01 33 3b 69 95 c2 06 5d c9 3e b3 13 51 4b 93 |..3;i...].>..QK.| +00000020 5e 3c 3e a7 42 12 22 e8 7e 49 14 03 03 00 01 01 |^<>.B.".~I......| +00000030 16 03 03 00 28 fc c7 a1 45 50 e0 fe 27 fd ac a4 |....(...EP..'...| +00000040 d8 a2 c6 54 df e1 d3 6f e7 d8 45 a6 57 16 2f 1f |...T...o..E.W./.| +00000050 cf 89 26 c6 0a c3 4f 63 df ac bc c9 79 |..&...Oc....y| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 37 25 28 76 4e 31 dd 5e b0 5b 39 87 fc |...7%(vN1.^.[9..| +00000020 0f 10 3c bc 6d 12 9a dd 59 89 0b 09 bc f2 2c d8 |..<.m...Y.....,.| +00000030 05 a7 77 17 03 03 00 25 00 00 00 00 00 00 00 01 |..w....%........| +00000040 fe 79 9d dd d9 e3 bc 48 47 65 30 64 c7 74 82 0a |.y.....HGe0d.t..| +00000050 9f b7 45 a2 62 40 b5 dd 79 b9 ce 06 83 15 03 03 |..E.b@..y.......| +00000060 00 1a 00 00 00 00 00 00 00 02 58 ed 37 40 33 e4 |..........X.7@3.| +00000070 75 f0 a6 fa 14 f5 6b 93 9e 54 f2 a4 |u.....k..T..| diff --git a/tls/testdata/Server-TLSv13-AES128-SHA256 b/tls/testdata/Server-TLSv13-AES128-SHA256 new file mode 100644 index 00000000..a071f60c --- /dev/null +++ b/tls/testdata/Server-TLSv13-AES128-SHA256 @@ -0,0 +1,100 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 5f b5 79 18 5f |..........._.y._| +00000010 d2 f8 b0 fc da 39 90 af e1 ba 04 b5 70 86 c3 6b |.....9......p..k| +00000020 ba b4 87 e3 81 9a 86 02 9b 26 44 20 21 e3 5b 03 |.........&D !.[.| +00000030 0d 0a 6c 1f 71 ea b4 4c 56 aa b6 d1 e8 91 d6 7b |..l.q..LV......{| +00000040 59 12 63 af db d2 69 80 cd 5f 62 22 00 04 13 01 |Y.c...i.._b"....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 57 12 bc 06 e0 46 c7 75 43 b8 af f9 c1 f6 b8 | W....F.uC......| +000000d0 e4 1e 13 6b 02 07 23 d2 e6 89 ec 18 ab c0 9f ae |...k..#.........| +000000e0 69 |i| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 21 e3 5b 03 |........... !.[.| +00000030 0d 0a 6c 1f 71 ea b4 4c 56 aa b6 d1 e8 91 d6 7b |..l.q..LV......{| +00000040 59 12 63 af db d2 69 80 cd 5f 62 22 13 01 00 00 |Y.c...i.._b"....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 be 8f 95 d9 22 d7 |..............".| +00000090 f7 ff 75 78 b6 9c bc 93 23 2f 76 62 c6 cd c6 92 |..ux....#/vb....| +000000a0 fe 17 03 03 02 6d 31 54 c9 32 d0 38 53 8f f0 15 |.....m1T.2.8S...| +000000b0 03 42 16 39 71 61 f9 17 f2 da c5 2e 4c 19 c3 30 |.B.9qa......L..0| +000000c0 d5 c6 b8 ea 5d 3b 47 1b d9 20 31 64 ab 5c f3 00 |....];G.. 1d.\..| +000000d0 43 5b e7 3b 36 69 12 c9 3b 3d e7 4f 91 72 e4 29 |C[.;6i..;=.O.r.)| +000000e0 93 54 65 50 88 07 b9 e2 ed 5e 18 f7 00 0a 49 e5 |.TeP.....^....I.| +000000f0 19 cc d8 e5 b2 c5 f6 bd 34 7a 7f e2 f1 7c 9d a0 |........4z...|..| +00000100 d6 0c 50 4f 80 8a c5 a1 fe b8 2e 54 7c 0c ae 48 |..PO.......T|..H| +00000110 c5 ff 46 d9 45 e6 c0 df 61 74 fc d5 e8 ec e1 84 |..F.E...at......| +00000120 0b c8 df 73 77 e4 9f 13 e5 52 e5 0b d8 9f 65 b7 |...sw....R....e.| +00000130 89 d5 04 74 f8 8d a6 2a c7 a1 76 ff 27 85 6a bb |...t...*..v.'.j.| +00000140 ee 86 c9 38 5a 54 bc ac bc ad 79 85 7c 26 65 c3 |...8ZT....y.|&e.| +00000150 36 97 56 76 d2 4c 55 32 71 82 ec d1 81 22 46 9e |6.Vv.LU2q...."F.| +00000160 75 d8 55 a8 1e 61 10 c8 dc e8 c7 ad fe 96 0e 54 |u.U..a.........T| +00000170 1c 79 0c 41 b9 98 b0 44 f8 45 6e c7 b3 41 68 2d |.y.A...D.En..Ah-| +00000180 ea 73 be 55 99 fe 88 02 e3 5d 0f f3 d1 70 9a 5e |.s.U.....]...p.^| +00000190 be e7 80 96 6c 94 7f 9f ec 1c b6 24 28 ef 90 95 |....l......$(...| +000001a0 d5 5b d4 7b 1b b1 a4 9c 66 09 11 23 ad f5 87 ee |.[.{....f..#....| +000001b0 0b 1f e5 d2 0e 57 16 e9 14 ae 0f 98 9b a1 bc 9e |.....W..........| +000001c0 68 dc d0 fb 76 aa c8 f2 bc e5 d3 ff e2 85 df 01 |h...v...........| +000001d0 2f ad 72 78 85 0f f7 0a 64 a4 cd 61 2a e6 2b a3 |/.rx....d..a*.+.| +000001e0 d5 4a c9 08 00 af 5c 6c 9d 35 e4 1e 7c 32 1a d0 |.J....\l.5..|2..| +000001f0 f3 6d 73 16 9c c8 72 28 4b 67 cf d8 ff 2b 1e 33 |.ms...r(Kg...+.3| +00000200 18 c4 ed c9 31 5d 6a 0f c5 05 bf 08 eb 0b 44 05 |....1]j.......D.| +00000210 83 49 40 d2 1f 7f 5c 08 ef 98 1f 09 f1 09 33 02 |.I@...\.......3.| +00000220 56 04 66 53 69 93 ef 07 0d 8a e7 84 b5 03 b9 78 |V.fSi..........x| +00000230 bb 52 84 3f bb 4e d3 f9 c4 8a 2a d1 59 02 59 36 |.R.?.N....*.Y.Y6| +00000240 88 52 6a 9d 1f 7e c1 5b a6 8a a4 cc 42 f4 44 59 |.Rj..~.[....B.DY| +00000250 ca d2 fa 0e 09 5f 25 e5 cc 27 55 8b 16 b5 f1 62 |....._%..'U....b| +00000260 aa f7 a9 bc 7a 36 fa 16 34 b7 ce 2d b8 bd 67 f0 |....z6..4..-..g.| +00000270 75 15 17 c4 49 81 55 b1 5a e0 d2 b8 45 79 d0 16 |u...I.U.Z...Ey..| +00000280 71 21 01 57 ad 10 48 1f 0d bf 43 da b7 c9 a8 93 |q!.W..H...C.....| +00000290 88 af be 2d 65 a0 81 26 23 de fe e2 a3 9c f6 40 |...-e..&#......@| +000002a0 96 f9 a1 21 0b fe 31 7f 24 ec 75 ae cf b0 8c a7 |...!..1.$.u.....| +000002b0 fe f8 2f ee 60 65 72 5c 86 a6 45 22 11 55 62 29 |../.`er\..E".Ub)| +000002c0 02 8b b5 ff 4b f8 73 71 3d 8c c3 37 68 2d 2c 24 |....K.sq=..7h-,$| +000002d0 b7 dc be 5a 37 d8 25 3b b6 16 e6 2a e9 80 48 0b |...Z7.%;...*..H.| +000002e0 77 be 05 35 b2 86 97 51 49 31 ac de 85 eb a9 a8 |w..5...QI1......| +000002f0 74 1d 00 07 4c 1b 8c a5 ec 1b b5 7a 57 84 da 40 |t...L......zW..@| +00000300 10 6c c9 ed b3 43 06 81 11 e2 84 3c 4c ae 22 6b |.l...C.....Y.3| +00000420 76 f0 23 23 27 94 df 2f 21 6a c0 a9 5a 3d af 41 |v.##'../!j..Z=.A| +00000430 31 4d 9b d5 75 57 f1 a9 c5 57 2a 7a c7 1d b1 a7 |1M..uW...W*z....| +00000440 15 a5 80 ae 63 f8 85 92 46 13 d2 31 26 62 7d 83 |....c...F..1&b}.| +00000450 95 f9 97 9d e8 86 7d 09 f3 cc 30 b1 db 54 2a 8d |......}...0..T*.| +00000460 0f 04 da d9 cf 59 52 2a e3 7d 64 20 f3 26 4a 2e |.....YR*.}d .&J.| +00000470 74 07 c5 2f 98 a2 f7 e1 53 01 e0 c2 3b c7 42 1b |t../....S...;.B.| +00000480 a0 48 12 |.H.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 57 4a c4 5a c1 |..........5WJ.Z.| +00000010 3a b9 ae f0 1d e8 8f 31 38 0e 64 9e 61 13 e6 b2 |:......18.d.a...| +00000020 1b 02 aa b6 46 5a 50 97 07 93 86 13 dc 3d 76 6a |....FZP......=vj| +00000030 67 01 1b 18 9b 7e 21 b2 c1 d4 a5 25 22 4d 14 dc |g....~!....%"M..| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 61 63 5a 22 d2 e6 8e e8 8e 69 7d |.....acZ".....i}| +00000010 24 69 a5 b8 e3 59 98 ac 64 0b 34 6b 16 60 92 db |$i...Y..d.4k.`..| +00000020 6b 62 45 17 03 03 00 13 b7 12 c6 59 fe 23 f4 6c |kbE........Y.#.l| +00000030 a6 d3 8d 59 1b 40 60 72 d6 97 b4 |...Y.@`r...| diff --git a/tls/testdata/Server-TLSv13-AES256-SHA384 b/tls/testdata/Server-TLSv13-AES256-SHA384 new file mode 100644 index 00000000..60aa82df --- /dev/null +++ b/tls/testdata/Server-TLSv13-AES256-SHA384 @@ -0,0 +1,103 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 70 b7 07 12 16 |...........p....| +00000010 50 d7 b9 c9 5f 02 47 2d ff 93 a7 2f e8 51 dc a0 |P..._.G-.../.Q..| +00000020 8f 0d c8 80 38 c7 af 7e da bb ed 20 67 73 58 d7 |....8..~... gsX.| +00000030 11 8b c6 0d 72 86 e0 08 3e 2d d9 b9 16 9f 85 6e |....r...>-.....n| +00000040 3c 87 fd 87 c3 95 f6 4c 76 21 50 af 00 04 13 02 |<......Lv!P.....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 f4 08 51 f6 69 b7 d6 a9 3e 18 a7 ee c0 30 f3 | ..Q.i...>....0.| +000000d0 13 63 52 40 30 7c 79 6c 24 03 c9 89 25 bd a4 5f |.cR@0|yl$...%.._| +000000e0 64 |d| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 67 73 58 d7 |........... gsX.| +00000030 11 8b c6 0d 72 86 e0 08 3e 2d d9 b9 16 9f 85 6e |....r...>-.....n| +00000040 3c 87 fd 87 c3 95 f6 4c 76 21 50 af 13 02 00 00 |<......Lv!P.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 cc b9 e4 43 5e f6 |.............C^.| +00000090 9a 5a 62 14 02 39 fb 13 76 e8 10 db 26 1c 07 ec |.Zb..9..v...&...| +000000a0 06 17 03 03 02 6d 39 e9 a0 33 ee 39 36 54 62 f1 |.....m9..3.96Tb.| +000000b0 e9 1d 32 45 0f 5a ca 72 f7 7e 43 d8 89 97 00 3d |..2E.Z.r.~C....=| +000000c0 59 70 08 b4 d1 e1 84 24 7a b8 45 3c b8 32 93 b5 |Yp.....$z.E<.2..| +000000d0 51 a5 58 60 3f 60 52 aa c1 ff 85 fb fd 50 87 38 |Q.X`?`R......P.8| +000000e0 47 7a 88 c6 d1 e6 3c b3 16 14 5b cb 23 50 26 7a |Gz....<...[.#P&z| +000000f0 1d 28 d1 d2 29 5d b0 40 97 2f 3b 58 7c 8a 76 1f |.(..)].@./;X|.v.| +00000100 1c c1 d2 2b 63 9d 53 bc fb c2 42 cb 40 0d d0 7c |...+c.S...B.@..|| +00000110 73 6c dc 63 90 89 e3 66 67 2b a2 70 af e0 af fe |sl.c...fg+.p....| +00000120 0c c0 db 41 76 d0 16 37 2a 09 7a 79 31 03 c6 4a |...Av..7*.zy1..J| +00000130 f4 06 22 ac 96 b4 25 1f 54 11 24 c8 67 22 8f 2a |.."...%.T.$.g".*| +00000140 56 0c 24 fa 20 ed a8 37 66 f7 38 44 43 e2 e6 e3 |V.$. ..7f.8DC...| +00000150 96 b5 d5 dd a5 2c 23 e4 57 57 7d 7a 59 e2 4f 66 |.....,#.WW}zY.Of| +00000160 c4 29 d6 d1 32 a3 9c 4c dd 63 b2 a6 dc ff 6f 61 |.)..2..L.c....oa| +00000170 c2 db 88 80 23 c1 27 d4 be dd 4f b4 c9 b8 56 4c |....#.'...O...VL| +00000180 65 b6 f8 32 b2 60 7b af 5f 54 71 61 20 db 25 85 |e..2.`{._Tqa .%.| +00000190 34 b6 58 9b 71 01 dd 53 cd 13 65 2e 23 69 96 0e |4.X.q..S..e.#i..| +000001a0 89 94 75 09 64 60 76 d2 65 85 38 3d f1 0e cb 47 |..u.d`v.e.8=...G| +000001b0 c1 2c 52 f8 ce 7a a6 9f dd 7c 39 7e a7 f9 a6 1b |.,R..z...|9~....| +000001c0 c1 23 81 a6 7a b1 6c d4 3c 1c f3 71 ce 72 24 01 |.#..z.l.<..q.r$.| +000001d0 4a 8d e9 24 47 51 73 67 dc 7a 9f 0b 63 7d 29 e1 |J..$GQsg.z..c}).| +000001e0 3e 5e ac 72 d7 c8 d9 c2 13 de 92 dd 04 cb 09 21 |>^.r...........!| +000001f0 ad 41 69 27 77 48 eb 87 cb 3b 23 ba 06 a3 68 96 |.Ai'wH...;#...h.| +00000200 ad 24 35 f6 a6 03 87 a7 4d 9f d4 bf e5 8b 9f 56 |.$5.....M......V| +00000210 54 dd 0e 08 da 29 ff eb 9b e1 0a a5 25 b1 85 be |T....)......%...| +00000220 f8 ae 63 f4 49 64 cc 0a 41 0e 26 8a 8e bc 6f c9 |..c.Id..A.&...o.| +00000230 f5 41 55 80 0d bd 70 ad 85 b0 d4 8d 33 ac b6 40 |.AU...p.....3..@| +00000240 3e 76 fc fb 8f d2 7d 06 14 d4 45 24 6e 36 46 1c |>v....}...E$n6F.| +00000250 06 d3 f7 f3 4c 3a a5 83 4f 75 72 77 b4 5e 37 49 |....L:..Ourw.^7I| +00000260 41 f1 9f e6 d1 46 87 56 c8 64 28 fd 38 f0 0f 9c |A....F.V.d(.8...| +00000270 d0 39 ff 4b 46 56 73 0d 12 7d bf 63 b4 b8 0d 33 |.9.KFVs..}.c...3| +00000280 6b 4a 2b f8 39 67 f1 ec 2d a6 0b 5c 91 2d d8 3e |kJ+.9g..-..\.-.>| +00000290 91 81 1a 37 29 c7 14 d2 be db 31 61 dc 5d b1 e4 |...7).....1a.]..| +000002a0 64 af 14 9c 93 85 e7 5b 0e 42 63 c7 5e b5 cc 51 |d......[.Bc.^..Q| +000002b0 ca 83 ca fa 52 bd 44 a1 1c 76 20 bc 3d 9f 82 79 |....R.D..v .=..y| +000002c0 20 5c 01 14 e3 07 02 4c f6 87 f7 46 b8 de 47 23 | \.....L...F..G#| +000002d0 5d 5c b3 8f cd 96 49 51 32 3f d2 5d 92 32 19 b5 |]\....IQ2?.].2..| +000002e0 10 33 46 37 f0 b5 82 23 a5 91 1f 60 fb 21 2c 08 |.3F7...#...`.!,.| +000002f0 c3 6e 17 72 0b 5d c9 7b cc 77 97 6f 20 d9 a6 fa |.n.r.].{.w.o ...| +00000300 cc 4a bb c6 3b 0e b1 66 ae 57 f5 1b 16 46 36 b7 |.J..;..f.W...F6.| +00000310 a5 94 ae 17 03 03 00 99 d7 86 a0 5f c0 d2 33 3e |..........._..3>| +00000320 ce ce ea db cb a1 a5 11 b7 cc a1 48 b6 86 f5 11 |...........H....| +00000330 d6 32 8c f9 e8 bb e3 3e ea 6f 1a df 64 cd c8 7d |.2.....>.o..d..}| +00000340 e9 cb e4 19 fe cd 75 74 03 4a fe 91 1d 87 28 65 |......ut.J....(e| +00000350 25 79 3a 19 13 ba 67 16 aa 7e 8e c0 e6 53 4f bb |%y:...g..~...SO.| +00000360 98 ed cc 59 db 5e 73 23 d4 a9 a7 2a 6d 01 73 4a |...Y.^s#...*m.sJ| +00000370 e6 65 2e c0 34 49 c1 d8 70 2e 70 1b 10 97 74 23 |.e..4I..p.p...t#| +00000380 fe 6b 5d cd fa 71 c8 43 c3 5b 42 5c 7b e0 9e 3f |.k]..q.C.[B\{..?| +00000390 a8 3d a9 d1 97 17 87 80 af 7c 5d 8b 70 ba 87 06 |.=.......|].p...| +000003a0 67 dd 29 df f3 ca 9a f4 c8 93 e8 f8 ac c0 df 8e |g.).............| +000003b0 c5 17 03 03 00 45 40 a4 26 66 29 18 b8 d6 a7 87 |.....E@.&f).....| +000003c0 91 5f 6d 79 13 f8 7a 47 cf ac 93 7c 11 cb 4a b2 |._my..zG...|..J.| +000003d0 24 a6 40 fb d4 ed 71 ec 19 53 ba ae e0 bb e6 cf |$.@...q..S......| +000003e0 d6 8a a6 3c 6a 4e a3 6f 6c d7 2d e1 8a a4 6c da |.....q=....| +00000410 dc 2f 4a 62 c2 9f e2 e5 16 51 ff 35 a7 70 df 12 |./Jb.....Q.5.p..| +00000420 23 d6 f7 6c 96 91 7f 0f 6d d4 45 5f c6 8c c5 93 |#..l....m.E_....| +00000430 b1 b7 46 ef f0 f4 a3 68 35 ff 09 38 8d 6d c6 84 |..F....h5..8.m..| +00000440 d3 1c 4d 48 4e fc 4a c0 46 06 b1 a5 1c 74 a0 44 |..MHN.J.F....t.D| +00000450 69 68 20 33 df 70 60 69 57 c7 85 bd 3e ed 55 d0 |ih 3.p`iW...>.U.| +00000460 56 84 8f 19 03 5a 54 9a d5 3e 5d 37 98 40 4c f0 |V....ZT..>]7.@L.| +00000470 5e f1 26 e5 97 01 fc 0f 2a 09 e9 7a 51 69 c0 8e |^.&.....*..zQi..| +00000480 d4 25 80 f4 ca 91 f3 a7 5c 0c 96 ba ec a8 b5 ee |.%......\.......| +00000490 ab ec 05 cb 99 30 78 48 1b 78 bf 3d b9 f4 e8 33 |.....0xH.x.=...3| +000004a0 4d 45 d1 |ME.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 54 0e c1 aa 95 |..........ET....| +00000010 fd c5 d2 8b a0 ae 40 a1 9a b8 87 39 17 53 f7 10 |......@....9.S..| +00000020 62 6f 55 18 42 cf 75 cb 05 de 32 28 c4 a0 f1 17 |boU.B.u...2(....| +00000030 f1 55 ae 2c 97 9e dd d2 d0 a7 6b c6 51 51 c6 0c |.U.,......k.QQ..| +00000040 81 3f 04 db 94 e6 68 f0 a1 80 10 39 06 99 25 e2 |.?....h....9..%.| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e e4 4f d5 b0 e7 a0 e2 13 69 75 7c |......O......iu|| +00000010 b1 84 93 be 99 ea 27 20 dd 08 89 6c e2 5a c6 bc |......' ...l.Z..| +00000020 b8 41 3d 17 03 03 00 13 cf 64 ad ad d9 84 87 36 |.A=......d.....6| +00000030 b9 ea b8 76 97 93 c1 03 44 c5 de |...v....D..| diff --git a/tls/testdata/Server-TLSv13-ALPN b/tls/testdata/Server-TLSv13-ALPN new file mode 100644 index 00000000..df8dd450 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ALPN @@ -0,0 +1,100 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e2 01 00 00 de 03 03 8e d2 a1 8f ea |................| +00000010 e3 7d 5f 7c 70 74 c3 7e 5f 06 bb 21 35 28 38 7a |.}_|pt.~_..!5(8z| +00000020 7f 00 11 86 6e ac 19 38 7f d4 88 20 33 3a b2 14 |....n..8... 3:..| +00000030 c2 4e 6a 39 71 24 81 21 27 21 2d b7 3d bc 5e 97 |.Nj9q$.!'!-.=.^.| +00000040 f8 ed 55 83 be 9a d3 27 b5 e0 0e bd 00 04 13 03 |..U....'........| +00000050 00 ff 01 00 00 91 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 10 00 10 00 0e 06 70 72 6f 74 6f 32 06 |.........proto2.| +00000080 70 72 6f 74 6f 31 00 16 00 00 00 17 00 00 00 0d |proto1..........| +00000090 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 |................| +000000a0 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +000000b0 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 |.+......-.....3.| +000000c0 26 00 24 00 1d 00 20 89 4d b8 22 62 39 22 e6 5a |&.$... .M."b9".Z| +000000d0 b1 86 ea c9 d9 d1 77 c9 12 c3 62 e1 8e 17 cb ab |......w...b.....| +000000e0 91 83 d8 af 9b be 0a |.......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 33 3a b2 14 |........... 3:..| +00000030 c2 4e 6a 39 71 24 81 21 27 21 2d b7 3d bc 5e 97 |.Nj9q$.!'!-.=.^.| +00000040 f8 ed 55 83 be 9a d3 27 b5 e0 0e bd 13 03 00 00 |..U....'........| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 24 60 9e a3 43 47 75 |.........$`..CGu| +00000090 d2 38 11 fd 9d da a5 f6 65 de 3c 2a 3d a9 46 7e |.8......e.<*=.F~| +000000a0 50 c8 52 a1 7d e6 95 a7 4b 48 b7 35 e7 a7 17 03 |P.R.}...KH.5....| +000000b0 03 02 6d b8 30 43 88 03 d4 6c cf c6 45 80 b2 6c |..m.0C...l..E..l| +000000c0 52 d7 1e 08 de 0b 6e 7a 27 c8 2c 59 d4 03 41 24 |R.....nz'.,Y..A$| +000000d0 e3 4a e1 d3 85 68 de 23 f6 c4 3a bb 45 ae b1 ac |.J...h.#..:.E...| +000000e0 8b b3 22 7d e7 a6 7c e3 07 68 b1 9c 97 6a d3 e4 |.."}..|..h...j..| +000000f0 5d 0a 73 a3 16 ad e4 7f b9 d7 0a b7 7c 48 bb f2 |].s.........|H..| +00000100 ed 49 61 f7 cb 5e ea d2 d9 a3 73 ea a7 4f a3 10 |.Ia..^....s..O..| +00000110 f7 3e 8f ce b9 56 a0 88 54 52 59 1f f3 55 2b 15 |.>...V..TRY..U+.| +00000120 df fd fa 85 9e 20 ff 72 f3 26 6a 2c 1f 11 a8 3d |..... .r.&j,...=| +00000130 8e 66 75 aa 90 fc 9f 9f a7 67 8f ac 98 54 19 04 |.fu......g...T..| +00000140 c9 1f 48 f7 ed 8f 13 0a f9 6c 9b f8 e9 0a c5 a9 |..H......l......| +00000150 f2 ef 5b 65 a1 ad 40 e4 e7 ff c1 ff e9 d6 ab 5c |..[e..@........\| +00000160 f8 f1 7b 4d 39 33 1d 68 d3 38 20 10 c4 3b 7a 9f |..{M93.h.8 ..;z.| +00000170 fe 55 1d 83 5c 8f 67 d0 bb 5f 32 80 b2 91 38 0a |.U..\.g.._2...8.| +00000180 71 bb b4 3a 10 1c 98 f9 d4 19 7c 7d d5 f7 4b 0a |q..:......|}..K.| +00000190 02 2f bd 0b f9 ff 28 b2 2d ba dd 7f 0d 51 a2 4c |./....(.-....Q.L| +000001a0 51 92 1e e9 47 51 ae 1a d0 66 9c ef 0a 02 dc 69 |Q...GQ...f.....i| +000001b0 95 79 2b b0 8f 7b a2 3d 57 cf 5c 7e b4 0a 91 34 |.y+..{.=W.\~...4| +000001c0 e6 d0 0d 93 1b 6c 61 9e 58 12 47 5f 3a ec 67 19 |.....la.X.G_:.g.| +000001d0 d8 fb 44 43 4d cd 4e ad 1d bc f2 05 66 42 3f 3f |..DCM.N.....fB??| +000001e0 85 5d 93 56 8e ca 62 47 38 ee d2 0e 81 8b 71 7d |.].V..bG8.....q}| +000001f0 d8 cf 6e 4b 61 80 fe 28 34 f4 f1 58 06 36 2a 40 |..nKa..(4..X.6*@| +00000200 93 98 3d d0 9c 69 6f 6a 3a 40 b9 8c 2e 71 5d 52 |..=..ioj:@...q]R| +00000210 66 5d 55 45 e7 38 b7 ce 74 c2 1c ae 2e 4a 03 86 |f]UE.8..t....J..| +00000220 d4 15 c3 40 d9 58 b7 ba ed 84 fd 20 35 a4 1c c6 |...@.X..... 5...| +00000230 8a 50 7a 0c 87 53 d7 2d 4b 5b 7d 23 79 8f 66 f8 |.Pz..S.-K[}#y.f.| +00000240 72 05 72 7b 7d 7a 64 97 8d da c9 dd 23 6a 44 b6 |r.r{}zd.....#jD.| +00000250 e1 99 e4 45 76 a5 53 d8 1b 54 a0 b9 9e ec 0e d3 |...Ev.S..T......| +00000260 91 1b 5e c0 a7 c8 3a 34 22 f9 58 7d da 2b f4 fd |..^...:4".X}.+..| +00000270 2b 9a 9e 26 20 6f d3 9d e9 48 a1 62 70 fe 06 04 |+..& o...H.bp...| +00000280 c2 63 f7 c4 a2 b9 74 28 a8 b3 f9 f0 a1 2a 46 0c |.c....t(.....*F.| +00000290 f5 6b cc 7e b4 c0 47 eb 00 96 6a 3d 32 58 e0 0a |.k.~..G...j=2X..| +000002a0 59 01 3c 42 45 a7 76 6d 78 05 1f 2c db a4 08 5b |Y....c...f/| +00000470 24 2a 06 1b f3 91 a7 7c dd d9 b5 1f b3 9e 7f ce |$*.....|........| +00000480 db 96 cd 2e 36 69 f0 94 0c 5f e8 0b 15 6a 38 40 |....6i..._...j8@| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 32 39 09 c6 64 |..........529..d| +00000010 aa 86 b7 a7 37 6c fa ef 66 01 d4 de e6 35 8d 31 |....7l..f....5.1| +00000020 68 71 f3 27 56 fd 7f 7b cf c8 3c d1 44 ff e0 c7 |hq.'V..{..<.D...| +00000030 78 b7 6c c8 ac 01 0e ee e1 78 b9 dd 1a e1 a9 b6 |x.l......x......| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e da e7 79 04 f5 65 2e f6 c3 c3 b9 |.......y..e.....| +00000010 34 37 14 8f c2 32 cb 81 58 bc cf d0 3b 08 f0 61 |47...2..X...;..a| +00000020 b3 ae b4 17 03 03 00 13 e3 32 09 02 e0 29 5e 4a |.........2...)^J| +00000030 9b 36 a9 b0 65 e9 2c 1d fb ad 50 |.6..e.,...P| diff --git a/tls/testdata/Server-TLSv13-ALPN-NoMatch b/tls/testdata/Server-TLSv13-ALPN-NoMatch new file mode 100644 index 00000000..0b5dc9b1 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ALPN-NoMatch @@ -0,0 +1,100 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e2 01 00 00 de 03 03 ea ab 77 e1 48 |.............w.H| +00000010 64 70 23 5c af b3 a7 3d 60 93 a0 30 0a 8c 98 61 |dp#\...=`..0...a| +00000020 3a ab bc a9 11 c1 2f f5 ed d7 63 20 d4 29 26 9d |:...../...c .)&.| +00000030 64 37 72 d1 2c 7d 09 3b 94 67 f9 1c 19 c3 7e 17 |d7r.,}.;.g....~.| +00000040 ec 80 5f 09 38 c1 15 4d 59 45 5c c3 00 04 13 03 |.._.8..MYE\.....| +00000050 00 ff 01 00 00 91 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 10 00 10 00 0e 06 70 72 6f 74 6f 32 06 |.........proto2.| +00000080 70 72 6f 74 6f 31 00 16 00 00 00 17 00 00 00 0d |proto1..........| +00000090 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 |................| +000000a0 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +000000b0 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 |.+......-.....3.| +000000c0 26 00 24 00 1d 00 20 68 64 e8 c1 4a c5 d5 b8 91 |&.$... hd..J....| +000000d0 a0 20 c7 aa 8a 41 90 d6 d0 5e ed 6c ed e4 77 aa |. ...A...^.l..w.| +000000e0 ec 33 93 e3 d5 b7 55 |.3....U| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 d4 29 26 9d |........... .)&.| +00000030 64 37 72 d1 2c 7d 09 3b 94 67 f9 1c 19 c3 7e 17 |d7r.,}.;.g....~.| +00000040 ec 80 5f 09 38 c1 15 4d 59 45 5c c3 13 03 00 00 |.._.8..MYE\.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 c0 d3 a2 c3 42 b4 |..............B.| +00000090 39 f1 b6 f1 0a ac f3 76 dd 36 15 eb d7 3b 3f 63 |9......v.6...;?c| +000000a0 0b 17 03 03 02 6d f2 02 6d 15 de 46 b3 30 ef 57 |.....m..m..F.0.W| +000000b0 e5 a3 35 11 5c c3 b4 2e ad 74 ca db d2 90 eb b4 |..5.\....t......| +000000c0 ba 14 7e b0 65 68 e8 31 76 2a 28 e4 be bb d1 c3 |..~.eh.1v*(.....| +000000d0 45 cb ba 07 eb 27 d9 5e 4a 45 52 10 62 f0 8f b2 |E....'.^JER.b...| +000000e0 7c ad 0f 63 5c 39 f7 6e f2 68 3e bc fd ec fe fa ||..c\9.n.h>.....| +000000f0 9b ba 45 96 2b 94 27 34 2c 78 c8 5f 40 e3 f9 20 |..E.+.'4,x._@.. | +00000100 51 15 3d dc 70 d1 50 7c 26 6b 51 3f 47 61 0b e6 |Q.=.p.P|&kQ?Ga..| +00000110 04 ee 49 19 27 f0 91 c5 0f 15 0a 90 a6 0c 14 f2 |..I.'...........| +00000120 2f f1 42 28 be a0 7a ce 16 14 bf ff 34 34 a8 d8 |/.B(..z.....44..| +00000130 61 e6 26 6a 00 62 a0 82 53 c6 27 30 89 81 8d fb |a.&j.b..S.'0....| +00000140 9e 97 bc a0 ce 2f a1 e2 bf 9e fe d2 cc 11 4e 00 |...../........N.| +00000150 89 d1 e8 3b ab 58 e4 66 0a 87 00 b1 c1 a0 2d b0 |...;.X.f......-.| +00000160 96 b3 13 9b d3 c0 16 6b 87 e8 e3 9e 6c 30 1b 67 |.......k....l0.g| +00000170 c1 53 a5 4b 55 44 4e 27 6e ea 7c 7d 9f 44 b4 ca |.S.KUDN'n.|}.D..| +00000180 15 6f e5 d1 7f 18 e4 12 66 2d d5 a2 47 0c 73 26 |.o......f-..G.s&| +00000190 b0 bf 93 5b 46 9c 3f 78 69 05 a1 38 0f 61 ea d6 |...[F.?xi..8.a..| +000001a0 61 97 80 c5 72 be 6d be 2d e5 a2 9e d8 b3 bf 8d |a...r.m.-.......| +000001b0 a4 53 ba 6d fe c8 8d ac c1 4a 6e 76 bf 72 1e 5a |.S.m.....Jnv.r.Z| +000001c0 0a 51 f3 c8 1f 11 91 36 f0 f5 ba 68 e8 69 c3 77 |.Q.....6...h.i.w| +000001d0 52 63 dc b3 93 80 0d fd 9a 7d 7f f8 47 f8 62 2a |Rc.......}..G.b*| +000001e0 3d 4f 1b 46 9f cb 07 b6 96 00 b1 08 e7 32 50 41 |=O.F.........2PA| +000001f0 83 da 20 c2 b0 c0 33 33 3f f2 f9 84 f0 64 9f 37 |.. ...33?....d.7| +00000200 4b b6 7b ab 2e e9 50 8b 6a 61 da 12 51 54 13 25 |K.{...P.ja..QT.%| +00000210 46 5d 90 06 ef 88 4e be 64 67 80 02 1f 25 9c 28 |F]....N.dg...%.(| +00000220 07 b3 24 2b 10 81 c1 72 7c 94 97 b3 5a 16 bc cf |..$+...r|...Z...| +00000230 52 44 41 2c d7 ba e9 9f 4c d7 28 e6 b7 bb b0 fd |RDA,....L.(.....| +00000240 17 b2 0b 83 33 ed 2f c7 2d 42 37 fd 0a d0 4b c7 |....3./.-B7...K.| +00000250 97 61 17 d6 cd cd 0f e0 0d dd ab 40 fb 00 4d 81 |.a.........@..M.| +00000260 da 7d 1d 0e 48 d9 a7 6c ba 2a 21 49 18 0f a4 7c |.}..H..l.*!I...|| +00000270 af 0d 1b ca 94 f1 6c 78 59 ad 50 e4 1c 7b 37 45 |......lxY.P..{7E| +00000280 e8 1b 73 ad 96 8d 98 d6 07 26 07 fd a8 e6 8c 39 |..s......&.....9| +00000290 f1 5a 10 ef 04 97 fe d3 be cb f2 c1 5b 27 e8 d0 |.Z..........['..| +000002a0 f9 b3 16 b9 82 6d e8 be 54 c7 cf 44 a4 8a fd 75 |.....m..T..D...u| +000002b0 96 2a f1 65 2b d3 8f f5 86 a3 bf 12 74 c1 e4 d8 |.*.e+.......t...| +000002c0 a9 db c9 43 05 07 b1 51 dc 20 29 d0 c0 9a 6d 10 |...C...Q. )...m.| +000002d0 83 5f 87 a6 ab 03 58 43 1f 35 1c af dd 37 10 1b |._....XC.5...7..| +000002e0 16 50 52 e5 3c f5 3c ae 4f 92 7e dc 47 2e b3 9c |.PR.<.<.O.~.G...| +000002f0 1f d2 a0 31 8b 32 21 35 52 af bd f1 0b 2c 4e 6f |...1.2!5R....,No| +00000300 59 32 d8 db d6 9f b8 bd bc a0 3b 77 41 43 46 fb |Y2........;wACF.| +00000310 2b 0e 82 17 03 03 00 99 0a 63 cd 1f fa 90 4d 95 |+........c....M.| +00000320 17 d8 81 36 5c 62 17 33 6c 8d 9d 9f 26 3e 3a 2f |...6\b.3l...&>:/| +00000330 65 84 23 56 46 25 f6 1c dd ea 6f 21 b4 05 d8 19 |e.#VF%....o!....| +00000340 a3 c9 4b b1 03 78 39 32 00 97 6c d5 6e e3 ff 45 |..K..x92..l.n..E| +00000350 ac 2a 10 71 21 ad d3 b9 73 b7 77 0e a8 79 fd 50 |.*.q!...s.w..y.P| +00000360 a9 f1 41 39 2d 05 3d 92 3c 69 0a d7 7d 11 da f0 |..A9-.=...&..K| +00000450 a6 ce 93 36 ea a1 fd d9 78 61 a3 0e 08 72 da 03 |...6....xa...r..| +00000460 5d 0c 27 48 75 61 25 ef 77 39 39 e5 8e 87 2e 86 |].'Hua%.w99.....| +00000470 d5 70 d3 3b f4 b4 75 b1 44 d1 5f fe 9c d8 18 7d |.p.;..u.D._....}| +00000480 f9 89 20 |.. | +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 a8 ab 13 71 ec |..........5...q.| +00000010 af a7 4a 48 65 6d 02 ea 8a 0f d1 4d 2a 97 b6 11 |..JHem.....M*...| +00000020 6d 53 5f be a4 b3 a7 20 d4 d3 aa 90 62 30 26 3f |mS_.... ....b0&?| +00000030 be c8 ed fc 6f 44 cc a5 3a 7f 4d 95 51 ed dc 80 |....oD..:.M.Q...| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 6a f5 e4 df 1b 2a 5a 87 68 b1 a7 |.....j....*Z.h..| +00000010 1d b8 ef 04 b4 ac b9 50 b3 95 1c 12 d7 44 ca 46 |.......P.....D.F| +00000020 ea 26 2a 17 03 03 00 13 a4 6b 4d 27 81 62 b0 3c |.&*......kM'.b.<| +00000030 d0 be d1 34 46 4c 7b 6c 71 24 d8 |...4FL{lq$.| diff --git a/tls/testdata/Server-TLSv13-CHACHA20-SHA256 b/tls/testdata/Server-TLSv13-CHACHA20-SHA256 new file mode 100644 index 00000000..760c5970 --- /dev/null +++ b/tls/testdata/Server-TLSv13-CHACHA20-SHA256 @@ -0,0 +1,100 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 7f d6 02 2f 2d |............../-| +00000010 ed b1 3c f2 c2 48 5e d5 f4 57 c9 8c ba 81 36 52 |..<..H^..W....6R| +00000020 85 3e 79 de 79 cc 36 6a f9 88 89 20 db e1 89 a5 |.>y.y.6j... ....| +00000030 26 4c 2a 2d 0f 33 e2 3f 57 05 cc 74 cd 4c 96 be |&L*-.3.?W..t.L..| +00000040 91 94 ef 54 1c 1f 01 ef d4 36 75 2f 00 04 13 03 |...T.....6u/....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 30 20 a8 d0 3d ea df 38 aa 65 6f dd c8 25 13 | 0 ..=..8.eo..%.| +000000d0 03 c4 a2 24 d4 a8 0d 1a a6 65 32 75 83 ef 71 70 |...$.....e2u..qp| +000000e0 30 |0| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 db e1 89 a5 |........... ....| +00000030 26 4c 2a 2d 0f 33 e2 3f 57 05 cc 74 cd 4c 96 be |&L*-.3.?W..t.L..| +00000040 91 94 ef 54 1c 1f 01 ef d4 36 75 2f 13 03 00 00 |...T.....6u/....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 f4 9a 6e ea 99 81 |............n...| +00000090 59 33 26 a6 6a 40 1d a9 59 67 31 35 09 b0 ed 15 |Y3&.j@..Yg15....| +000000a0 83 17 03 03 02 6d 56 59 69 c8 6d 45 c6 2f 58 3d |.....mVYi.mE./X=| +000000b0 db 87 dd 56 0f 2d d9 21 1b 97 94 77 f2 72 28 0d |...V.-.!...w.r(.| +000000c0 48 04 79 83 7e 2e a1 c9 30 56 d7 9c c8 0a 37 65 |H.y.~...0V....7e| +000000d0 b6 6b 31 ae 9a 5f ff 13 15 94 99 7c 92 e1 32 80 |.k1.._.....|..2.| +000000e0 28 3c ab b1 cc fe ba 92 3c 03 bb fd b8 55 f5 f2 |(<......<....U..| +000000f0 ba be 28 90 c5 7e 07 48 d5 45 b6 84 80 02 2d cd |..(..~.H.E....-.| +00000100 14 27 81 b6 4e b4 7f 5f 78 a3 26 c2 0c af 12 d6 |.'..N.._x.&.....| +00000110 e9 14 22 c8 ee 2e 5e fc c3 ca 8f 01 9b 37 6a b0 |.."...^......7j.| +00000120 f8 53 b2 8e 31 d7 1f 34 f6 35 ed 81 e0 f7 6f e1 |.S..1..4.5....o.| +00000130 90 cf 1a 4f 44 50 d5 cd 96 c3 4a 22 7a 54 28 bd |...ODP....J"zT(.| +00000140 88 56 5c 77 67 eb a6 78 5c 8b 82 39 03 13 55 c3 |.V\wg..x\..9..U.| +00000150 20 68 45 26 7a 96 fe 1c f9 33 14 1e 1d 8a 5f 51 | hE&z....3...._Q| +00000160 c3 2f 17 91 ba 37 63 49 e1 65 89 bf e8 a1 27 5f |./...7cI.e....'_| +00000170 fd 59 46 80 f7 9b 45 89 50 ab cd 9b aa b4 45 04 |.YF...E.P.....E.| +00000180 b5 1b 85 88 1c 59 ba b2 d6 50 0b fd 5c d9 59 83 |.....Y...P..\.Y.| +00000190 7a 6c 9b ad 27 33 a0 49 74 eb a6 cd a8 e8 4b d7 |zl..'3.It.....K.| +000001a0 71 ef 63 64 ff 24 a7 09 2e b7 f6 6f 9d 9f 75 84 |q.cd.$.....o..u.| +000001b0 97 0a 76 bf 72 ed ff e8 1a 49 ca 0b 0d f5 2c fb |..v.r....I....,.| +000001c0 69 c2 5c fe db 58 0a a1 9c d4 47 6a 8f a6 bd ec |i.\..X....Gj....| +000001d0 32 fb 40 6a 71 9d 19 37 e6 fd d4 3d fa 5b f3 53 |2.@jq..7...=.[.S| +000001e0 43 df d5 fa 53 29 40 70 77 a6 9e f7 03 7d 08 8b |C...S)@pw....}..| +000001f0 5a 71 73 e5 af 45 58 56 9f 56 ad 73 aa d2 b3 7c |Zqs..EXV.V.s...|| +00000200 92 99 c8 04 16 bf ca f2 81 2e 29 c3 79 21 f1 11 |..........).y!..| +00000210 92 f4 1d 34 24 73 e3 82 28 5a 31 70 45 da 8d 94 |...4$s..(Z1pE...| +00000220 38 75 31 bc f9 e5 2b 11 7e fd bc 19 fe 65 ad 53 |8u1...+.~....e.S| +00000230 e5 e6 17 b8 69 ea 54 fd 92 a9 41 7a 8c 7f da 4f |....i.T...Az...O| +00000240 ba f1 9f a2 e2 5b e7 7a 23 17 9e 29 95 7e 72 79 |.....[.z#..).~ry| +00000250 22 67 c5 68 0a 4d fb e9 64 61 3a 53 18 e7 dd 7d |"g.h.M..da:S...}| +00000260 5b 16 b9 fa 69 95 82 eb ee 1a 30 97 93 97 fc ee |[...i.....0.....| +00000270 9e 2b 22 64 08 7d 25 05 77 5e d7 bd 0e c3 9f a4 |.+"d.}%.w^......| +00000280 f4 bf 77 3d 56 84 c8 a1 10 1c e0 5b da 39 3d 2d |..w=V......[.9=-| +00000290 92 80 9a 07 b2 29 c5 ab e0 e1 1c ad ba 3e fa 4e |.....).......>.N| +000002a0 65 4f 31 63 de 33 6a 5c af e0 88 70 fc 6e 6a a2 |eO1c.3j\...p.nj.| +000002b0 ca da 2f 14 1d 4f 8c 7d 8d da 36 9b ea 7f 7e 79 |../..O.}..6...~y| +000002c0 9c dc 4a 3b 69 d9 50 31 bb f2 f8 8a 7f 6e 73 bc |..J;i.P1.....ns.| +000002d0 41 7c 3a 86 10 91 9b 3a 8e 3e c8 bc 6a c4 4d f2 |A|:....:.>..j.M.| +000002e0 45 87 49 49 d2 2f aa 4d d0 6f e9 1e a4 d6 06 63 |E.II./.M.o.....c| +000002f0 ac 90 ce 9a cb f7 97 55 2b e8 8c 8d 55 f6 32 26 |.......U+...U.2&| +00000300 55 d4 60 0e c0 0b da 0e ac c9 4c c3 95 03 54 d7 |U.`.......L...T.| +00000310 99 ec e1 17 03 03 00 99 c4 65 5e 67 e3 a1 98 d6 |.........e^g....| +00000320 f8 34 15 ed a9 55 80 c7 c0 e7 ca 67 f1 cb 58 e2 |.4...U.....g..X.| +00000330 6e 4d d4 9e 18 c3 37 c2 ff 72 bc cb 8e 6a 97 e2 |nM....7..r...j..| +00000340 b5 83 75 34 2a 75 9f 7f 8e 1e 47 e6 cd 53 85 c5 |..u4*u....G..S..| +00000350 69 b6 c0 46 9f 46 a8 09 6a 21 d5 af 36 d2 d0 ba |i..F.F..j!..6...| +00000360 65 0f da a5 af eb 3a 0c 8b 85 00 2a dd 11 71 28 |e.....:....*..q(| +00000370 5b 71 a9 df 69 20 8a d9 27 1e 4f 02 89 03 6f 27 |[q..i ..'.O...o'| +00000380 20 e1 37 17 69 c2 62 3e 46 39 43 2d 64 43 f3 cc | .7.i.b>F9C-dC..| +00000390 14 5f a0 73 06 bf 42 cb da 79 21 28 b1 a1 c4 de |._.s..B..y!(....| +000003a0 39 98 83 ad 3a d6 05 fd 58 b0 2c 97 bf 48 74 0e |9...:...X.,..Ht.| +000003b0 25 17 03 03 00 35 69 10 76 25 e3 9e 63 10 76 73 |%....5i.v%..c.vs| +000003c0 f5 fc 90 2c 95 e5 dc 29 79 a0 ed 0a 3a 72 58 38 |...,...)y...:rX8| +000003d0 bf b9 17 af 77 9f 05 92 af d4 a7 c7 d6 56 77 01 |....w........Vw.| +000003e0 da 94 31 d2 be be 95 e1 b1 95 75 17 03 03 00 93 |..1.......u.....| +000003f0 f9 fa a9 41 89 d3 e8 3b cb 11 63 76 56 fe 28 86 |...A...;..cvV.(.| +00000400 87 b0 0f d0 4d a8 fb 22 e9 89 f6 40 8a db 51 be |....M.."...@..Q.| +00000410 2c 9f 9c 39 f4 43 bc 1f b0 32 9b 9c 8e a6 6e e1 |,..9.C...2....n.| +00000420 f3 f7 f0 91 ed 56 6f 2d be 37 6b 3b ed f7 5b a6 |.....Vo-.7k;..[.| +00000430 d3 14 0a f9 58 b8 7b 37 fc 15 97 57 79 16 8c 0c |....X.{7...Wy...| +00000440 d2 93 7a 58 b8 48 51 f7 58 82 7d a0 4b e1 41 f6 |..zX.HQ.X.}.K.A.| +00000450 e1 44 12 1e ea 80 f3 b6 d0 72 ec 5c 84 01 6a b3 |.D.......r.\..j.| +00000460 f7 83 b5 47 22 0b e7 03 60 09 a7 23 23 20 5e 6b |...G"...`..## ^k| +00000470 f6 25 34 64 11 ad 46 90 db cb 13 f5 10 0a 75 e8 |.%4d..F.......u.| +00000480 3e c8 03 |>..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 27 f0 39 68 fc |..........5'.9h.| +00000010 9f 6c a4 fd a7 cf 1f 25 67 54 3c e6 9e 7c 99 5a |.l.....%gT<..|.Z| +00000020 e9 b7 3c 0c f2 dc b6 22 36 0d 43 a3 ee 76 4b a9 |..<...."6.C..vK.| +00000030 6a cb b8 f6 8a c8 58 91 79 19 95 7c 83 a0 87 57 |j.....X.y..|...W| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e d5 8a ef 04 f9 6c 27 62 0a f1 a4 |..........l'b...| +00000010 4b 7f e4 e4 ff 53 f3 61 20 b9 56 96 30 f9 06 c9 |K....S.a .V.0...| +00000020 cc 9c ed 17 03 03 00 13 4a 83 cd 86 98 97 20 45 |........J..... E| +00000030 ab 2f c5 72 15 f6 ed a8 8c 8c 0e |./.r.......| diff --git a/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven new file mode 100644 index 00000000..0b6eaf43 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven @@ -0,0 +1,179 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ca 01 00 00 c6 03 03 54 78 64 8e b6 |...........Txd..| +00000010 69 c6 1c 8a 69 eb 09 ef 32 59 f9 9f 63 ac 6e 66 |i...i...2Y..c.nf| +00000020 97 b4 bb b7 71 27 60 52 af c4 64 20 26 de 8d 3e |....q'`R..d &..>| +00000030 90 5b c8 96 b5 10 a3 e4 67 f3 39 fb f5 b7 df 50 |.[......g.9....P| +00000040 2b 8f 2d cb a5 c4 0a c9 28 1b c3 21 00 04 13 01 |+.-.....(..!....| +00000050 00 ff 01 00 00 79 00 0b 00 04 03 00 01 02 00 0a |.....y..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 65 |-.....3.&.$... e| +000000b0 42 a2 bd 1e e0 0a 52 2d 7a 1e f0 37 86 db 9e c6 |B.....R-z..7....| +000000c0 d6 cd ff 7b 71 f3 4c a3 23 44 2d 94 60 93 0b |...{q.L.#D-.`..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 26 de 8d 3e |........... &..>| +00000030 90 5b c8 96 b5 10 a3 e4 67 f3 39 fb f5 b7 df 50 |.[......g.9....P| +00000040 2b 8f 2d cb a5 c4 0a c9 28 1b c3 21 13 01 00 00 |+.-.....(..!....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 f1 7c 16 5a 86 b4 |...........|.Z..| +00000090 13 82 93 fa ba 07 35 24 03 f5 24 25 cc 2d c8 e5 |......5$..$%.-..| +000000a0 6c 17 03 03 00 3e cb 02 08 06 a3 75 03 c6 5d d9 |l....>.....u..].| +000000b0 9c 66 ad db 29 6d 93 a6 53 c6 38 7f 9c 56 1e b1 |.f..)m..S.8..V..| +000000c0 f5 a8 77 19 43 c3 93 5e 67 dc 80 db 1b c8 30 b2 |..w.C..^g.....0.| +000000d0 04 85 6e 5c 8f 3a 4a f2 d2 aa 17 c7 d3 ea 29 f2 |..n\.:J.......).| +000000e0 09 08 49 90 17 03 03 02 6d dd 26 0f f5 1b 6b 11 |..I.....m.&...k.| +000000f0 1c c7 e9 87 bf de 58 08 e4 bc a6 49 98 fd bf 87 |......X....I....| +00000100 31 35 59 c1 88 5a 8c 0d e7 42 47 b6 cb ec 3c 6f |15Y..Z...BG...| +00000160 16 e6 ff be 29 a3 60 13 f8 8c 82 6c 84 dd c1 c8 |....).`....l....| +00000170 8b a2 bf e5 70 03 c3 a4 92 3d 99 a8 fc 92 15 e4 |....p....=......| +00000180 1d 13 7d b5 1f d3 a6 76 1c 8c 9f 9f e7 87 b4 fb |..}....v........| +00000190 25 b8 cf 83 0a 3b bd c7 e8 30 d4 15 6f ae d5 b9 |%....;...0..o...| +000001a0 da 3b c6 3f 0c 06 7a 78 e6 ac ca 64 cb 34 cc 7b |.;.?..zx...d.4.{| +000001b0 46 78 ec e2 22 9e 31 39 63 a7 7b 1d d6 c2 4b 91 |Fx..".19c.{...K.| +000001c0 45 fa 95 54 ef 9b b3 2e 55 83 77 c8 cf 15 b5 34 |E..T....U.w....4| +000001d0 11 4c 92 36 22 54 3d 2f b0 cb 28 7f 2b 1e b1 3f |.L.6"T=/..(.+..?| +000001e0 38 4a 4a d6 e8 a1 e6 e0 4f 20 ab 04 6f 6b 00 5e |8JJ.....O ..ok.^| +000001f0 d4 16 42 ab a5 04 67 9b 89 45 78 8b ea 0e 7d c8 |..B...g..Ex...}.| +00000200 24 d5 fb 83 c7 13 25 b7 1b 6f 3f 2a 2e cf bb 71 |$.....%..o?*...q| +00000210 11 48 5d e6 98 5e ca dd f7 6d dc 93 b1 51 1e 99 |.H]..^...m...Q..| +00000220 b9 e0 4c 39 c8 82 d8 9f 8d 70 25 78 5b b1 85 1d |..L9.....p%x[...| +00000230 cb 75 31 61 c3 ad d5 c1 d5 1f 26 06 60 5f cd eb |.u1a......&.`_..| +00000240 ee 4c 99 43 02 b9 e5 f5 99 98 94 cf 14 1c ad 54 |.L.C...........T| +00000250 20 a9 d3 73 f2 3f bc a1 25 39 8b ff c4 e0 ee 8b | ..s.?..%9......| +00000260 ba ec fc b0 c2 42 4c 5a 30 9c 26 1b f0 f2 da 94 |.....BLZ0.&.....| +00000270 26 69 55 0e fb 84 a0 58 95 43 08 6c 87 82 93 02 |&iU....X.C.l....| +00000280 cf 27 99 94 a3 ae 9f 08 d0 6e f2 a8 e8 29 fc a8 |.'.......n...)..| +00000290 67 d3 20 37 83 5d 8a 12 0a 57 10 bf 30 5a e1 05 |g. 7.]...W..0Z..| +000002a0 30 e0 b7 7b 47 7e a6 07 cc 9a dd 6d e8 11 89 c7 |0..{G~.....m....| +000002b0 7d 98 c3 6d 83 9f 1b f4 ff ca 31 c8 39 7b c2 fb |}..m......1.9{..| +000002c0 69 dc ee eb ab e2 39 72 35 6b 22 e4 84 2f 1d 58 |i.....9r5k"../.X| +000002d0 07 b0 9e 3e 69 ca ff 17 44 d6 e4 a8 56 6a 24 35 |...>i...D...Vj$5| +000002e0 08 39 42 41 da 76 4b 4f 00 ce 41 58 4e 70 d5 b6 |.9BA.vKO..AXNp..| +000002f0 50 b4 88 91 47 4a 89 04 ef e8 14 2e cf e3 9d 36 |P...GJ.........6| +00000300 c0 b5 2b 8e 42 2f 4b 95 39 55 6f 5a 23 5b 5e 05 |..+.B/K.9UoZ#[^.| +00000310 f0 34 70 c0 f7 92 54 e2 5c 52 20 b0 c1 2a 9a cb |.4p...T.\R ..*..| +00000320 3a 32 0e 93 77 96 f2 6a d8 f7 bc 7c d8 40 4e 5e |:2..w..j...|.@N^| +00000330 37 1c 8b aa 75 89 94 51 da 19 72 80 86 c8 3d bd |7...u..Q..r...=.| +00000340 fd 7d 06 13 bb 54 a1 0b 46 58 07 e5 35 b3 f3 ff |.}...T..FX..5...| +00000350 8a 98 9d e6 e8 05 17 03 03 00 99 5a 63 3c ff cc |...........Zc<..| +00000360 a0 ec 5f 52 4d 28 96 80 22 f7 8c a7 ad b7 1f 4a |.._RM(.."......J| +00000370 8c 46 79 06 31 96 46 f9 f0 57 8c c4 5b f9 71 61 |.Fy.1.F..W..[.qa| +00000380 34 0d 3e 78 67 05 1c 93 a7 a2 cd ea ce e5 a2 6e |4.>xg..........n| +00000390 37 4f 16 a4 e4 4c 60 d5 5a 37 f1 2a bf ce 2f 80 |7O...L`.Z7.*../.| +000003a0 ea 65 e6 25 03 fc 2b 17 3f a4 71 3f 04 46 2b f7 |.e.%..+.?.q?.F+.| +000003b0 12 b0 a6 f3 fc 8d cf 5e 95 85 84 88 e4 db 46 a4 |.......^......F.| +000003c0 f2 3a a5 27 44 3d a2 03 b3 65 af 1f e3 44 aa 02 |.:.'D=...e...D..| +000003d0 0f 39 eb 3d 0e 2a ae 0c 1b ed 84 df 8d e3 a2 1d |.9.=.*..........| +000003e0 6d 55 bf d6 13 f6 00 da 93 a7 fc b1 50 79 2c a9 |mU..........Py,.| +000003f0 93 cb 7d 70 17 03 03 00 35 9e b7 c2 c6 29 a9 43 |..}p....5....).C| +00000400 3f df 06 80 31 ac d9 f7 3b cd 14 16 a0 85 ca e6 |?...1...;.......| +00000410 34 70 e3 fc af 1c 94 9b 87 b3 17 6c a4 83 64 2c |4p.........l..d,| +00000420 6e 26 4c e9 ab 79 a9 c8 1d d4 1c 96 2c f2 |n&L..y......,.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 1e 08 6d ee 1c 88 |............m...| +00000010 63 86 93 3e 73 8e 87 6f 51 8b d3 d2 91 c5 cb 55 |c..>s..oQ......U| +00000020 2d 7c 9f 32 d8 0a ab e5 53 95 4b 0c 22 12 23 56 |-|.2....S.K.".#V| +00000030 07 ce 1b e1 46 f7 46 84 cb 47 83 62 4a 16 39 44 |....F.F..G.bJ.9D| +00000040 bf 58 25 6e f1 22 d0 ea 06 d8 da 44 91 bb 27 41 |.X%n.".....D..'A| +00000050 1f 6e 46 89 88 93 a7 0a 60 8f 1a e5 31 19 5c 27 |.nF.....`...1.\'| +00000060 a3 f6 8c 1b ee 5b 2b 21 c4 64 c7 d9 92 7b e9 ca |.....[+!.d...{..| +00000070 e0 16 29 d0 64 32 95 a8 8f a8 24 cc 56 c6 3e 7d |..).d2....$.V.>}| +00000080 1b f6 06 a6 fa d6 dc 79 38 60 4f 6f b7 e1 10 ab |.......y8`Oo....| +00000090 21 14 8e e1 90 95 6d b6 f3 ca 86 1a dd 32 c5 33 |!.....m......2.3| +000000a0 e1 fc 8c da 77 02 54 88 73 f3 72 71 c6 58 ad 1a |....w.T.s.rq.X..| +000000b0 10 b8 15 c3 69 f1 cc 71 b6 ea 7e b7 81 4b de 7b |....i..q..~..K.{| +000000c0 77 87 24 e0 c0 39 5c 5b 17 ad 7c 59 53 43 cf 7e |w.$..9\[..|YSC.~| +000000d0 cb 70 4d 51 f1 7e 8c 2b 19 61 13 75 bf 25 df 80 |.pMQ.~.+.a.u.%..| +000000e0 f2 fa cd 70 8d db eb bc 38 ae 6a 0c ad ef d2 e2 |...p....8.j.....| +000000f0 f0 f1 02 97 ce 37 8b 8f 9e bd 4f 92 40 e7 8f 9f |.....7....O.@...| +00000100 26 b7 cd ef cf 57 28 2f 12 cc 69 e1 be f2 59 c6 |&....W(/..i...Y.| +00000110 be dc 51 9a 67 be 4a f1 97 f9 7a d9 01 05 1f d0 |..Q.g.J...z.....| +00000120 2b 96 5b b5 4d 1d c1 2e 99 7e eb e3 20 92 b0 f8 |+.[.M....~.. ...| +00000130 ac 9f c1 e3 10 cd b1 e9 05 46 15 3c c2 fb ce 27 |.........F.<...'| +00000140 5e f1 47 e7 d8 ca 89 0e 77 37 86 6c c9 d4 e3 ae |^.G.....w7.l....| +00000150 1e 6e 63 4f 5c 2d aa a0 88 7c 35 47 87 e8 40 22 |.ncO\-...|5G..@"| +00000160 f8 45 2f 57 b4 e8 e1 95 45 58 02 53 3c 19 b5 92 |.E/W....EX.S<...| +00000170 73 55 fd 49 31 ec db dc 4c 6f 6f a7 9a 90 89 83 |sU.I1...Loo.....| +00000180 08 97 53 5a c6 6c 23 75 cd 68 37 54 2c 00 d3 56 |..SZ.l#u.h7T,..V| +00000190 5e 24 87 7b 92 a9 61 73 1e 84 31 0e ff d7 f2 fb |^$.{..as..1.....| +000001a0 62 5e f9 27 35 18 bb ca b2 c2 d7 5c bf 7f 6d 36 |b^.'5......\..m6| +000001b0 fa e6 02 4a d0 fa bd b8 c0 d0 2f 0c 27 6b 49 92 |...J....../.'kI.| +000001c0 20 54 01 ea 3c d2 07 f1 2e d6 e3 a3 a3 bd 1d 33 | T..<..........3| +000001d0 90 ee 26 ad a6 5c ee c7 de 4d e8 fc d2 b5 5a b5 |..&..\...M....Z.| +000001e0 7c 6f c5 61 23 11 20 eb 0f 7c b7 0a cc 8c 65 b7 ||o.a#. ..|....e.| +000001f0 e2 87 16 10 b0 fd 40 75 78 d1 3c 70 54 66 b8 cb |......@ux.>> Flow 4 (server to client) +00000000 17 03 03 02 98 07 3b b6 4e c1 7e 84 44 a0 5d 3c |......;.N.~.D.]<| +00000010 b8 45 37 1e bf 0f 43 cf d6 11 c7 0d d9 a4 25 7b |.E7...C.......%{| +00000020 27 fa 6e e1 9c 24 5f e5 f9 12 e8 a1 33 2e cc 24 |'.n..$_.....3..$| +00000030 43 3b ac e3 bd f2 7b 1d 66 70 eb 31 21 7f 3e 5e |C;....{.fp.1!.>^| +00000040 09 7a 29 8f 43 43 cb c4 6d 70 a7 51 1c 0f dc 21 |.z).CC..mp.Q...!| +00000050 e9 4c f5 16 8f 35 e8 5b ae 7f e0 47 e7 d4 53 66 |.L...5.[...G..Sf| +00000060 b2 cc ef 44 b7 3e 34 2b 32 a9 e6 89 b9 c6 f6 56 |...D.>4+2......V| +00000070 97 b3 78 37 3c 89 2f 35 8e a5 c7 ae c4 92 91 69 |..x7<./5.......i| +00000080 50 ae ee c9 7b 7a 3a 10 ce 1c 68 fd 09 57 3d 92 |P...{z:...h..W=.| +00000090 52 42 0e 4e 91 12 b4 fd e4 59 d4 1e 5a c7 25 b3 |RB.N.....Y..Z.%.| +000000a0 dd a1 dd 7d 7d 92 08 52 ec 85 15 c7 b6 60 70 fb |...}}..R.....`p.| +000000b0 76 6b 42 da 84 8e e5 a9 cb a4 b1 76 89 51 93 55 |vkB........v.Q.U| +000000c0 f3 92 aa cc 04 3b 78 97 ed 10 88 d8 77 d1 32 35 |.....;x.....w.25| +000000d0 93 82 a4 1d ca 47 df c8 72 93 10 90 e0 75 2d 3f |.....G..r....u-?| +000000e0 b0 6a 3d 9e b6 20 1d 0a 2a 03 66 be 18 18 d3 25 |.j=.. ..*.f....%| +000000f0 47 a2 ab 67 08 44 24 cb 94 29 8a f7 8b 8e ca a0 |G..g.D$..)......| +00000100 20 71 d0 af 87 5b e1 d9 5d e0 0c 70 13 3d 82 42 | q...[..]..p.=.B| +00000110 b3 b8 fb 5e 1d f1 58 88 ea 11 67 28 49 11 d4 27 |...^..X...g(I..'| +00000120 05 87 e4 b1 21 15 d1 3a 6a df ee 6d 40 7c 3f 8c |....!..:j..m@|?.| +00000130 7e cd 7b 0c 0e ef fd 17 29 29 f8 03 98 8e 76 ac |~.{.....))....v.| +00000140 23 e2 81 30 8b c7 7b 9b 5a 78 f7 6a 53 32 5c bd |#..0..{.Zx.jS2\.| +00000150 d7 42 cb 77 f5 1d ea 03 74 9f ec 1d 1b 68 72 aa |.B.w....t....hr.| +00000160 9f e0 7d 58 2f 26 47 6b 2d e4 1f 78 f4 ab d3 ae |..}X/&Gk-..x....| +00000170 51 6c 2a 35 0a 6f 9a c8 2b 75 ff 69 3e 4b 61 bc |Ql*5.o..+u.i>Ka.| +00000180 03 29 60 04 8b 53 9f ae e4 00 7f 88 7a d4 70 b8 |.)`..S......z.p.| +00000190 65 83 87 96 5d ef f1 b2 e8 7e 0e af 0b 2c 07 dd |e...]....~...,..| +000001a0 a9 0e f8 c3 9b 59 aa cf 74 02 5e 46 8c cb 3d ee |.....Y..t.^F..=.| +000001b0 72 67 7c 46 37 29 78 d8 80 6e 42 16 b7 a8 59 35 |rg|F7)x..nB...Y5| +000001c0 cb 36 ce 73 50 80 d2 35 7a 69 b9 f3 14 73 04 e7 |.6.sP..5zi...s..| +000001d0 ec dd 92 80 b0 f6 b7 51 28 15 56 c4 bb 83 00 86 |.......Q(.V.....| +000001e0 9e 21 e7 bd 91 33 15 d4 aa da 8a 07 eb 2e d9 48 |.!...3.........H| +000001f0 c3 71 1a da be 6f 00 45 bd 08 a3 70 17 d5 c0 1a |.q...o.E...p....| +00000200 74 87 5a 95 60 aa 1d ce 0e e1 46 57 85 8c e0 ae |t.Z.`.....FW....| +00000210 98 1a f9 83 7f ec 04 bd 90 dc 51 4f 7e d2 52 28 |..........QO~.R(| +00000220 ca 33 f6 60 4a 0c e4 7d b3 93 4f 70 7a ce d3 3e |.3.`J..}..Opz..>| +00000230 0a dd 50 b0 17 0a 2e db 2c ad 3d 86 d3 e6 60 07 |..P.....,.=...`.| +00000240 43 61 9c a0 ff 45 37 9a 60 3d c5 f7 4d 27 fc b4 |Ca...E7.`=..M'..| +00000250 9a 05 1c 0a ae 08 9d d9 5c 15 09 c9 8e 24 bb e2 |........\....$..| +00000260 ec a1 a7 27 f0 42 97 a9 af ed 25 fd 5f f1 2a 4d |...'.B....%._.*M| +00000270 ac ab 9c a5 7d 28 6b c8 36 ec 0c 12 5b eb fa 64 |....}(k.6...[..d| +00000280 83 74 13 6e 44 5a 23 38 f0 a6 22 3e f9 88 f1 0d |.t.nDZ#8..">....| +00000290 2a 55 b8 bf aa 87 de a4 7f 8b ba 52 23 17 03 03 |*U.........R#...| +000002a0 00 1e fb 80 15 2b ff db 63 29 a7 77 ef 1e 82 28 |.....+..c).w...(| +000002b0 8d d5 f0 5b 5d 42 8e 34 f9 64 5c 47 eb c3 10 4c |...[]B.4.d\G...L| +000002c0 17 03 03 00 13 a1 8b 9e d8 57 0e 04 96 7c b4 83 |.........W...|..| +000002d0 70 a2 20 03 ee 28 23 c7 |p. ..(#.| diff --git a/tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given new file mode 100644 index 00000000..d80b76fc --- /dev/null +++ b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given @@ -0,0 +1,149 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ca 01 00 00 c6 03 03 3d 6d 5a b0 92 |...........=mZ..| +00000010 7b 62 6d 14 22 f5 08 70 77 4a 80 fa 69 1a 1c 92 |{bm."..pwJ..i...| +00000020 4c d3 e5 ca 3a d0 ee 33 40 c8 64 20 e5 a7 f1 57 |L...:..3@.d ...W| +00000030 39 32 e3 9f 7c 33 58 16 61 58 29 44 aa e4 50 b1 |92..|3X.aX)D..P.| +00000040 37 c5 59 27 f2 d5 b8 6e 01 24 c2 6b 00 04 13 01 |7.Y'...n.$.k....| +00000050 00 ff 01 00 00 79 00 0b 00 04 03 00 01 02 00 0a |.....y..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 cb |-.....3.&.$... .| +000000b0 da f4 03 da e7 6f e5 2b 25 c0 cb cf 52 0a fb af |.....o.+%...R...| +000000c0 8a 87 4c 2b 88 e4 1a b3 a0 34 30 fb 9d 4e 0e |..L+.....40..N.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 e5 a7 f1 57 |........... ...W| +00000030 39 32 e3 9f 7c 33 58 16 61 58 29 44 aa e4 50 b1 |92..|3X.aX)D..P.| +00000040 37 c5 59 27 f2 d5 b8 6e 01 24 c2 6b 13 01 00 00 |7.Y'...n.$.k....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 2d 8b 08 3c eb 5e |..........-..<.^| +00000090 e6 d7 8e 9a 11 d0 e1 a3 3f 88 cc 83 49 e3 af 50 |........?...I..P| +000000a0 66 17 03 03 00 3e 24 ba 0e 2f d7 51 a9 52 5d 51 |f....>$../.Q.R]Q| +000000b0 a4 7d b6 dc 5c 43 2e d8 58 5e 72 f1 86 98 15 b8 |.}..\C..X^r.....| +000000c0 db 0a 48 0a 06 c4 ad 36 41 84 f1 89 36 e9 24 da |..H....6A...6.$.| +000000d0 05 5a dc 82 02 a1 3d 39 ae 4c 7e d9 7b 43 1f 2c |.Z....=9.L~.{C.,| +000000e0 06 71 a0 2f 17 03 03 02 6d 48 44 6b d1 65 fb e1 |.q./....mHDk.e..| +000000f0 fb 96 00 e5 ad c6 60 e2 b5 f6 bf 7c b7 f4 6f 0e |......`....|..o.| +00000100 db a2 4b f7 cd d7 73 29 f8 af 23 5d d4 55 df 37 |..K...s)..#].U.7| +00000110 b7 62 38 d0 95 5c f1 48 32 5f cb fa 67 18 20 7f |.b8..\.H2_..g. .| +00000120 b7 0f ac fc 64 b7 b0 7b 4b 1f 65 1d 2a 94 8d 76 |....d..{K.e.*..v| +00000130 b4 30 3b ee 44 a5 f6 74 5b 7e bd a7 bb b2 d8 d6 |.0;.D..t[~......| +00000140 ac c6 1f b4 88 34 85 7e 89 2c 2e 0d bf 6c 16 0c |.....4.~.,...l..| +00000150 ce 35 57 13 29 55 60 20 86 21 20 c0 46 bc 9e dd |.5W.)U` .! .F...| +00000160 8a a0 41 60 b5 a9 16 cc 66 cb 4a ba 58 e0 70 d1 |..A`....f.J.X.p.| +00000170 a5 b4 eb ac 54 7e 95 11 00 f0 70 63 af 56 57 99 |....T~....pc.VW.| +00000180 68 57 b4 5b aa db f1 08 2e c0 fb df 93 b8 4a f8 |hW.[..........J.| +00000190 2e 04 b3 2c 2b f9 47 09 a1 5f a3 3e 97 eb d4 d5 |...,+.G.._.>....| +000001a0 df ec d1 9e 05 5e 10 b0 2b 7e 0e b4 c8 e1 e3 50 |.....^..+~.....P| +000001b0 29 19 8b 3c f7 d0 95 30 ae 4c e4 60 c8 13 09 15 |)..<...0.L.`....| +000001c0 b7 80 f3 ad a0 06 6b a7 b7 4a c4 6d 65 09 21 d3 |......k..J.me.!.| +000001d0 3b 56 dc ce f5 d3 fa 93 e9 03 8e 0c c9 47 21 89 |;V...........G!.| +000001e0 7f 39 23 f8 aa 68 f6 b4 82 50 1f b8 46 5d 26 dc |.9#..h...P..F]&.| +000001f0 b1 1f e5 e5 6b ad ad 0d d8 55 b7 8b 7a f8 5d fc |....k....U..z.].| +00000200 bd 74 a4 15 72 33 1b a7 3b 8c 09 55 d9 fd 21 bf |.t..r3..;..U..!.| +00000210 cd dd 67 d2 0c d0 bd 9b de 52 e3 5f 4d 54 c0 6c |..g......R._MT.l| +00000220 bd 93 ae 66 55 4b e9 75 6b db cd 6b 80 33 f4 b7 |...fUK.uk..k.3..| +00000230 61 9e e4 5d 75 b5 44 26 79 b5 da bf af 54 8c 40 |a..]u.D&y....T.@| +00000240 23 99 32 60 2a 76 b3 0a 46 37 c9 85 1c fe e9 a1 |#.2`*v..F7......| +00000250 a3 e8 61 67 04 eb 3e e8 2b d3 12 75 87 04 67 40 |..ag..>.+..u..g@| +00000260 19 63 c5 ef 75 d0 39 63 a0 c3 ae 3c b1 88 34 db |.c..u.9c...<..4.| +00000270 c7 29 0c 33 c8 40 c0 b0 e6 76 44 cc 99 4f 2b a6 |.).3.@...vD..O+.| +00000280 b3 e1 28 69 6c 41 74 55 53 a9 87 06 9a cb 14 5d |..(ilAtUS......]| +00000290 ec 74 77 e2 a0 ce 54 02 ba f8 04 2c 84 9a de 2b |.tw...T....,...+| +000002a0 dc 02 32 01 ad 96 5c a0 87 3c 55 dd ee 4d cb fd |..2...\..>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 01 50 d8 03 a6 37 13 |..........P...7.| +00000010 5f fb 65 9f 33 33 79 ae 89 c3 de ea 4b 55 e2 b3 |_.e.33y.....KU..| +00000020 13 07 0d 95 c6 f7 79 74 ad 8a 42 dd 78 55 a5 01 |......yt..B.xU..| +00000030 69 f2 11 cf 72 de 85 04 56 78 9c ba 21 77 b8 76 |i...r...Vx..!w.v| +00000040 e3 58 23 3d 2b 8a ee a4 5c 52 60 4b 50 0d c4 83 |.X#=+...\R`KP...| +00000050 a1 8d 06 82 68 99 34 65 7a 7b 55 8e 46 04 47 55 |....h.4ez{U.F.GU| +00000060 4d 42 02 41 b6 e4 dd a4 33 6a 04 97 e6 4a 80 3a |MB.A....3j...J.:| +00000070 e1 7e 0a a5 4f 0c f9 de 7a 91 96 4f 6a 6a 8a 4b |.~..O...z..Ojj.K| +00000080 fd 24 b9 bf e7 d5 5a 27 17 18 45 77 1d e2 c9 ea |.$....Z'..Ew....| +00000090 23 57 c4 e1 30 9e de d2 bd 0c 28 59 dc a1 12 d9 |#W..0.....(Y....| +000000a0 ee 2e 43 4b 83 fc d7 6c a4 e7 47 c4 14 c1 1f ee |..CK...l..G.....| +000000b0 79 60 26 86 73 5c ec c9 c0 ec f9 c9 38 98 2d ba |y`&.s\......8.-.| +000000c0 10 83 1b fe 8f cf 59 77 f0 60 fe c0 d0 7e 0f 2d |......Yw.`...~.-| +000000d0 69 04 dd 79 49 c5 b1 d9 9b 48 ad de 55 cf d3 47 |i..yI....H..U..G| +000000e0 9b eb 64 ae ed cb b0 48 78 a9 27 24 b8 8d 53 36 |..d....Hx.'$..S6| +000000f0 b7 0f 82 1c ee 11 4b 5a 98 1d 21 73 b4 f4 06 ce |......KZ..!s....| +00000100 50 bc 36 27 e1 87 70 04 68 1b 30 3a 86 68 b3 71 |P.6'..p.h.0:.h.q| +00000110 8c 57 69 60 d6 a8 bd fa 13 46 2b 52 00 dc 45 53 |.Wi`.....F+R..ES| +00000120 06 79 5b 96 78 69 d0 a8 cd 2d 39 8c 11 12 9f 65 |.y[.xi...-9....e| +00000130 72 01 5e b4 c5 df bc 9d a2 7f 00 a7 cc 95 3b 0b |r.^...........;.| +00000140 09 05 19 9f a5 b7 dd 48 3f ab f1 aa 36 da 70 96 |.......H?...6.p.| +00000150 0f f9 f3 bc 80 84 09 a3 76 92 56 17 03 03 00 59 |........v.V....Y| +00000160 4a ba a9 1c c7 f6 ef 77 8e cc 9a 8c 51 9f 43 1e |J......w....Q.C.| +00000170 ec 8f f3 33 93 eb 81 db 06 03 97 fd 3f b2 e0 e5 |...3........?...| +00000180 e7 73 b2 2c 2c f0 c0 a4 51 18 10 79 4e 30 96 3a |.s.,,...Q..yN0.:| +00000190 d8 26 b1 a0 f4 1b e6 12 fe 74 58 68 97 45 1e 85 |.&.......tXh.E..| +000001a0 3a db 04 a6 12 5d ba 19 e4 f6 b1 17 f3 04 75 f2 |:....]........u.| +000001b0 ea 04 db 6c d4 d8 d5 cc fb 17 03 03 00 35 1d c5 |...l.........5..| +000001c0 cd 92 9c 80 3a ec 3c 06 3e 12 ed 7a 82 23 ab 18 |....:.<.>..z.#..| +000001d0 67 4a 92 7d 30 e4 57 7b 25 34 a1 54 46 41 b7 60 |gJ.}0.W{%4.TFA.`| +000001e0 69 cf a2 61 7a 59 6f b3 78 6f 41 0f 7d 9b 4f 00 |i..azYo.xoA.}.O.| +000001f0 91 c7 93 |...| +>>> Flow 4 (server to client) +00000000 17 03 03 01 ca 52 99 bb 74 e8 8e ab 48 c6 03 1d |.....R..t...H...| +00000010 f9 9a a8 be e4 b1 dc b9 8d e5 a8 11 2b d6 54 63 |............+.Tc| +00000020 6f 0d dc 6e d7 55 c8 af 3c 88 c4 3e ab 30 ab b9 |o..n.U..<..>.0..| +00000030 69 94 75 60 0f 75 77 e1 b1 29 09 9f db c1 74 43 |i.u`.uw..)....tC| +00000040 92 2a 55 b9 ae 71 12 79 b9 4d ba 82 84 96 b1 01 |.*U..q.y.M......| +00000050 14 b5 9c 5d 0c fe eb cc a6 44 e5 0b 93 1c 8d 45 |...].....D.....E| +00000060 d8 aa 7c 1b d1 47 5a 36 46 f8 f5 82 c7 fe 2b f3 |..|..GZ6F.....+.| +00000070 46 17 9f 0c 03 df cd dd 0a 38 77 28 45 45 f2 3c |F........8w(EE.<| +00000080 06 1d 88 1b 55 d8 8f 70 9b a8 bb 37 a8 41 81 a6 |....U..p...7.A..| +00000090 a7 f4 28 c1 f1 d2 8b ba 98 0e 35 92 88 ac cb b6 |..(.......5.....| +000000a0 25 dd 5e 62 d5 e7 e9 da 4f 0e 55 b4 36 4d 09 20 |%.^b....O.U.6M. | +000000b0 73 ef b3 6c 4c 6d c6 6a e9 f3 f8 28 74 0d 50 b0 |s..lLm.j...(t.P.| +000000c0 ad 75 f7 c5 fb eb bc 06 6b 07 23 80 70 87 8e a8 |.u......k.#.p...| +000000d0 3e 66 87 07 53 8e 19 bb 3f 94 f1 9e 4b 05 f6 55 |>f..S...?...K..U| +000000e0 34 3b d0 14 36 32 66 6a 62 8a ec 22 a1 82 0a 95 |4;..62fjb.."....| +000000f0 95 b6 85 0c 2c c4 b4 3e 00 59 2a 1e c6 03 4b 2a |....,..>.Y*...K*| +00000100 e4 06 d5 29 e5 a1 e1 57 b0 a1 45 1b b7 0c 12 3f |...)...W..E....?| +00000110 0d 31 1a b2 ef 3d 90 73 3a 39 28 00 8a 0d e0 20 |.1...=.s:9(.... | +00000120 83 a7 32 b8 02 d0 9f 90 f3 b3 ca df 36 ae d4 f8 |..2.........6...| +00000130 c4 4b 82 06 13 04 66 e7 01 63 4e e8 80 b8 52 c0 |.K....f..cN...R.| +00000140 8c a4 5b 3f b9 85 48 ac 01 f0 b6 ee db 73 d0 62 |..[?..H......s.b| +00000150 e2 05 e7 71 7e 87 4b 7b cf d0 a1 77 eb 38 64 85 |...q~.K{...w.8d.| +00000160 5c 3d af fc e3 17 46 e7 c5 71 c9 63 bf 03 ae 35 |\=....F..q.c...5| +00000170 7b 60 61 5d 5a 7b 57 88 79 82 55 68 45 a1 59 bc |{`a]Z{W.y.UhE.Y.| +00000180 e5 3b 5a 31 32 5c 24 13 e3 fc b7 53 41 76 1d 24 |.;Z12\$....SAv.$| +00000190 7f 08 89 c6 f0 b9 57 3a 4d 91 66 66 e4 57 33 51 |......W:M.ff.W3Q| +000001a0 1d b9 1e c5 68 9a 6a 74 1e c3 16 de 15 92 e3 d0 |....h.jt........| +000001b0 0a 64 a4 64 e8 c4 a5 9c 55 30 a9 c3 b0 53 72 54 |.d.d....U0...SrT| +000001c0 75 d7 a0 7a 54 85 6e 9a 4d ff 9f 13 3c b9 42 17 |u..zT.n.M...<.B.| +000001d0 03 03 00 1e 6f 06 3f 1c da f6 55 50 05 de 38 9d |....o.?...UP..8.| +000001e0 07 00 bb 28 32 a5 3f 04 22 4c 6e f2 ea 3a e0 cc |...(2.?."Ln..:..| +000001f0 5d 5b 17 03 03 00 13 3b b8 7c df 14 b4 ba fa 6e |][.....;.|.....n| +00000200 2e 61 d6 6b bf b5 ad c2 35 73 |.a.k....5s| diff --git a/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven new file mode 100644 index 00000000..800f9991 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven @@ -0,0 +1,177 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ca 01 00 00 c6 03 03 c8 2f b4 54 5b |............/.T[| +00000010 11 8a 88 a9 a2 9b bf 66 f2 b4 e5 fb 32 af d6 dd |.......f....2...| +00000020 6c 6c 99 4f d6 48 cd eb 63 6e 1d 20 bb 0a 48 2e |ll.O.H..cn. ..H.| +00000030 45 4e 86 2d ae d6 fb 3e 0c 3e 9f a3 17 4a e3 39 |EN.-...>.>...J.9| +00000040 58 a7 92 92 cb 30 03 0d be b5 79 a5 00 04 13 01 |X....0....y.....| +00000050 00 ff 01 00 00 79 00 0b 00 04 03 00 01 02 00 0a |.....y..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 f0 |-.....3.&.$... .| +000000b0 8e 19 a6 04 b7 f1 b0 cd a1 28 bb 10 60 30 92 dc |.........(..`0..| +000000c0 bc 7a 1c fc a7 f4 dc 01 2e 88 f3 0e 80 82 71 |.z............q| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 bb 0a 48 2e |........... ..H.| +00000030 45 4e 86 2d ae d6 fb 3e 0c 3e 9f a3 17 4a e3 39 |EN.-...>.>...J.9| +00000040 58 a7 92 92 cb 30 03 0d be b5 79 a5 13 01 00 00 |X....0....y.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 1a 9d c2 a8 12 c1 |................| +00000090 c3 97 41 bd 1f 6e 48 98 36 4b 13 cd b9 9f 70 34 |..A..nH.6K....p4| +000000a0 60 17 03 03 00 3e f8 19 ab 88 f7 15 07 97 72 ec |`....>........r.| +000000b0 41 6c 0a 64 b3 26 4a 56 21 20 d7 9c a2 84 06 ab |Al.d.&JV! ......| +000000c0 cb e6 99 1b 45 ce ca e7 c6 57 04 c9 3a 76 84 97 |....E....W..:v..| +000000d0 fe a3 be 60 b2 2c 53 31 ab cd 49 d5 fc 59 80 69 |...`.,S1..I..Y.i| +000000e0 38 d3 66 32 17 03 03 02 6d 8f 8b 7a 7d 78 d3 4b |8.f2....m..z}x.K| +000000f0 98 1e 0b 05 38 60 58 d0 0a 7a f8 a7 70 53 67 ce |....8`X..z..pSg.| +00000100 ea ed 86 3e 79 9d 37 66 b2 61 be 34 bf 15 5a d8 |...>y.7f.a.4..Z.| +00000110 4e fb 52 62 8d e2 ae e9 58 b9 bc f9 e9 75 81 16 |N.Rb....X....u..| +00000120 af fa 92 c3 aa ac d2 2c 7b c2 21 2f b0 0d e9 53 |.......,{.!/...S| +00000130 d3 e3 ec d5 e7 95 23 83 d9 b1 ff 25 55 47 6a 1c |......#....%UGj.| +00000140 97 37 84 9a ce 67 15 63 0f ff 24 63 af 43 8a 7d |.7...g.c..$c.C.}| +00000150 46 63 bb 33 67 7a de 86 b4 6a 70 2d 6a 7f 82 c2 |Fc.3gz...jp-j...| +00000160 24 3c e1 0f a9 7f 93 76 d2 c9 e2 56 d3 cb b9 17 |$<.....v...V....| +00000170 97 2f 8a 25 40 dc 35 e4 00 3a 3f 2b 1e 09 1b f2 |./.%@.5..:?+....| +00000180 12 2a 76 c0 2e cd 17 06 32 a9 f8 08 70 3f 06 fa |.*v.....2...p?..| +00000190 c7 1b c4 50 4f b8 1e 0f 6f 6a 3a ba f6 28 1b d0 |...PO...oj:..(..| +000001a0 a7 34 a5 8c 02 fe 35 4f b4 97 45 96 48 bc b9 0d |.4....5O..E.H...| +000001b0 c9 2f df bd c1 8b 19 44 33 12 90 2c d2 99 09 36 |./.....D3..,...6| +000001c0 97 3f 29 56 30 77 15 df 15 c9 b1 26 9c f4 6a 59 |.?)V0w.....&..jY| +000001d0 00 3e d8 28 74 19 6c 38 6c 68 63 16 ab cb f0 3d |.>.(t.l8lhc....=| +000001e0 ce 30 f6 9c 06 00 06 cc 5a 8e 78 73 af 53 a4 e6 |.0......Z.xs.S..| +000001f0 49 10 5b 9d 4d f3 7d 48 f0 5d 87 27 d8 7e 58 a6 |I.[.M.}H.].'.~X.| +00000200 86 51 a0 d6 e8 82 20 6b d3 f9 99 4d 11 b7 49 ad |.Q.... k...M..I.| +00000210 f9 1a 1b f5 cd 81 81 bd 51 76 a4 5a 5f 35 7a 52 |........Qv.Z_5zR| +00000220 12 1b 73 f6 f3 1d cf 93 7a 8e a0 1d 4c f3 b2 f5 |..s.....z...L...| +00000230 16 00 57 21 2f c6 85 af 8c 8b f9 bd 2a f1 ee 15 |..W!/.......*...| +00000240 ec ee 80 b9 8b 0a 50 36 cb 53 fd ca 53 b4 0e 96 |......P6.S..S...| +00000250 7b db e6 93 f7 9e 8d e4 6a d5 ff e3 74 31 76 3a |{.......j...t1v:| +00000260 a8 de ce 06 97 3d 4e 91 c5 cd 85 06 c9 a6 02 91 |.....=N.........| +00000270 f9 36 33 8d 28 23 54 f5 c3 f0 b2 1a a1 6b b7 c6 |.63.(#T......k..| +00000280 d1 c3 31 ad d6 6f 0c 44 e4 34 d8 26 b6 ff 06 6f |..1..o.D.4.&...o| +00000290 f3 56 19 46 8d f3 75 c2 d9 69 4a 5b ff 3a b8 1d |.V.F..u..iJ[.:..| +000002a0 86 a9 6f 45 dc 3a e4 aa 9b 7d 3a 5a 50 ad c6 f6 |..oE.:...}:ZP...| +000002b0 8c e3 0e ca b6 7a 99 e7 4b 58 26 c2 18 95 14 a4 |.....z..KX&.....| +000002c0 f9 ae 79 4f f6 c0 f8 0e d4 52 fb 3c 5d a2 30 9c |..yO.....R.<].0.| +000002d0 ea d9 8d f4 27 4c 6f 7a 02 45 8f ca 8c b1 bc d2 |....'Loz.E......| +000002e0 c5 dc 8b 09 d7 c4 0f ea f6 51 be f7 cd 01 1e 78 |.........Q.....x| +000002f0 a1 37 4a 88 ae 5f c5 79 9c e2 4d c9 74 e7 2e 18 |.7J.._.y..M.t...| +00000300 86 e8 62 3f 6c 39 73 eb c2 e2 54 0c 13 ca f6 57 |..b?l9s...T....W| +00000310 20 92 6a 1d 03 28 d0 53 6f 6e cb 57 da 33 20 1a | .j..(.Son.W.3 .| +00000320 c8 3d 09 73 5f 28 14 6f 4c 16 8c 41 cd 44 ad df |.=.s_(.oL..A.D..| +00000330 77 08 0f f1 3c 4c 2b 37 03 60 9d 07 85 e7 66 f7 |w........55.BL...| +00000400 3e 26 15 0a f1 c3 a6 ab 94 a3 72 bd c7 04 22 bc |>&........r...".| +00000410 67 32 15 16 23 f5 50 97 bc 7f ab f8 ef f0 02 7d |g2..#.P........}| +00000420 2d 76 01 18 72 18 77 c1 f5 9b e9 e9 97 8d |-v..r.w.......| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 11 4b 29 10 c9 7b |...........K)..{| +00000010 98 9a fa ce 7a 17 a4 7d 15 5f 97 4f 40 67 37 f0 |....z..}._.O@g7.| +00000020 0b 2d ca 62 77 23 ab 78 d7 9f b6 1d 5c 64 fb 68 |.-.bw#.x....\d.h| +00000030 70 5f 21 df e1 55 3b e3 bb 8e 61 31 11 ba 2b eb |p_!..U;...a1..+.| +00000040 de 78 39 5c 31 62 a3 fb 9a 57 a4 50 34 43 76 55 |.x9\1b...W.P4CvU| +00000050 ae f9 36 b1 35 ee 2b 8d ab c2 70 52 b0 8c d6 1b |..6.5.+...pR....| +00000060 fe 0f fc 5e 79 c3 cf ab d3 9a 81 af 63 2c b3 f7 |...^y.......c,..| +00000070 a6 b7 13 c4 70 22 fa 56 6d 77 cb d1 bf a5 9e c8 |....p".Vmw......| +00000080 74 83 80 f9 9a 19 f3 a3 94 15 72 7c 55 0e 21 47 |t.........r|U.!G| +00000090 2b a2 d3 b8 74 e1 07 37 7f 12 f6 ad ba 71 e5 ca |+...t..7.....q..| +000000a0 17 42 2b 78 9e 90 7d 28 b1 f4 dd 7d b8 69 dd c6 |.B+x..}(...}.i..| +000000b0 eb 3d 93 45 06 ac 5d fe 02 18 b8 f3 8c e4 4e 97 |.=.E..].......N.| +000000c0 05 8b 36 94 cb 0f 66 64 ed a8 50 22 ba c8 a7 23 |..6...fd..P"...#| +000000d0 7d f9 d5 4f d5 27 83 f3 b6 09 3f 4f 69 92 6d be |}..O.'....?Oi.m.| +000000e0 4a 30 02 d2 d5 e6 14 d4 21 e2 c8 5b cb 08 1e 9a |J0......!..[....| +000000f0 28 f7 f4 13 8c 58 9b 69 2c 55 3d 78 f2 ce 93 89 |(....X.i,U=x....| +00000100 2f 62 56 ea a3 21 96 f6 e7 ee a4 3d d8 7d 86 4d |/bV..!.....=.}.M| +00000110 79 c9 3b c8 cf ea a0 6b 5f 29 8c ed c2 d6 73 27 |y.;....k_)....s'| +00000120 a0 35 bb 2b 8b 6c 4e 59 74 e5 84 c4 d2 1a f1 0d |.5.+.lNYt.......| +00000130 5c 36 33 f7 42 d6 08 c3 f8 5b ea 27 a1 cc b9 72 |\63.B....[.'...r| +00000140 d5 b9 4e 17 36 b3 05 29 50 da 52 bc 23 f7 82 82 |..N.6..)P.R.#...| +00000150 c0 67 2b 80 a2 7f e2 ec b9 12 bb dc b6 04 b6 4f |.g+............O| +00000160 87 15 16 13 de c4 1c 04 71 33 ba d7 a7 da f1 f5 |........q3......| +00000170 77 c6 4e 8e b2 65 a1 6c a8 c2 5b a1 f5 da 49 6c |w.N..e.l..[...Il| +00000180 85 ee 21 8d 10 6b 82 bf 0c 0f 7e 33 8b 5e 44 5b |..!..k....~3.^D[| +00000190 70 db bc 76 40 a0 5c 02 f6 8a 9b de aa a4 b2 94 |p..v@.\.........| +000001a0 d0 e0 b7 60 af df ad 3d e3 17 a9 60 e0 d9 a8 3e |...`...=...`...>| +000001b0 c6 06 9b ad 97 0b dc 21 16 9d 42 29 74 a1 f5 03 |.......!..B)t...| +000001c0 d4 15 0d ee fd fa 6b 85 12 2f 8c 26 fd 96 ce 85 |......k../.&....| +000001d0 a5 b7 ba bb ac 8a 6d 54 f5 fd e6 6c 32 24 a9 e7 |......mT...l2$..| +000001e0 1a 11 bf 4d cb f9 18 9a b8 1e a6 e4 1f 61 b1 ce |...M.........a..| +000001f0 1c ca 5d 81 e7 84 e0 a9 4e c7 f9 5d 71 72 76 4b |..].....N..]qrvK| +00000200 65 ca 3a a4 4d d8 ec 82 aa 33 80 bb 15 48 2d 7c |e.:.M....3...H-|| +00000210 4e 5e d2 ec 13 1a e7 03 d5 29 95 80 17 03 03 00 |N^.......)......| +00000220 99 60 a2 43 34 23 c0 a4 4c 0a 18 c5 27 96 2f 7c |.`.C4#..L...'./|| +00000230 af 2b 2c 36 f2 9b cf 93 e7 3e 79 3b 20 d4 3b 60 |.+,6.....>y; .;`| +00000240 a2 ef af 36 d5 45 d4 20 89 be 80 1d 1e ca f7 19 |...6.E. ........| +00000250 35 8f 26 3f be c0 a2 f6 c6 85 a3 88 76 cd 06 f9 |5.&?........v...| +00000260 4f ff 54 79 6c ac 33 71 31 90 70 36 eb 9c c1 b4 |O.Tyl.3q1.p6....| +00000270 4a c8 3a 52 85 2b be 4a 19 8a 24 fd 6f 08 47 19 |J.:R.+.J..$.o.G.| +00000280 84 88 a0 48 f6 17 80 f8 fe 9e 21 68 e1 75 17 14 |...H......!h.u..| +00000290 d4 e2 3a e2 de 9d 19 56 ad cc 33 13 f3 52 b2 1b |..:....V..3..R..| +000002a0 f4 65 04 05 79 9f 3e 14 fb 1f 9c d1 c4 53 c0 93 |.e..y.>......S..| +000002b0 49 ad 3c 2e de c1 b4 fe be b3 17 03 03 00 35 32 |I.<...........52| +000002c0 81 98 1a 6c 38 ca 67 64 c5 30 0b 81 7d fd a1 b9 |...l8.gd.0..}...| +000002d0 2e af 41 1d e9 b7 31 17 d8 08 ce d5 f6 12 4d da |..A...1.......M.| +000002e0 fc db fb e1 fa 5b cd 70 12 e7 bb 26 dd 53 9c 43 |.....[.p...&.S.C| +000002f0 02 06 1f 70 |...p| +>>> Flow 4 (server to client) +00000000 17 03 03 02 8b 8e b1 29 40 b6 53 bc 89 c7 87 69 |.......)@.S....i| +00000010 4c 6d 5b 61 d9 ba 5b 96 22 ac 57 71 58 f8 0e ea |Lm[a..[.".WqX...| +00000020 81 ea bf f9 34 6d a0 ce 1f d2 97 52 62 2b 9e f7 |....4m.....Rb+..| +00000030 03 28 96 56 c0 a1 0e 69 7c 98 13 e5 91 8c 48 5f |.(.V...i|.....H_| +00000040 4e 78 87 14 38 f8 fa 3c 17 97 f9 de 38 3b cf 0f |Nx..8..<....8;..| +00000050 d9 dd 41 0a bb 65 ca a7 0b fd a5 11 c2 c3 6a b8 |..A..e........j.| +00000060 5a e1 68 a1 8d f8 35 9d c6 e1 3e e1 03 a9 06 ee |Z.h...5...>.....| +00000070 1f 92 ca b5 f4 df 3e e5 69 63 9e a2 ea 5e b8 d9 |......>.ic...^..| +00000080 26 31 9e 25 de a8 ea 44 1a c0 86 0b 38 75 04 dc |&1.%...D....8u..| +00000090 2d 37 ad 40 e3 2f d1 b0 9e 9e 64 57 8b 31 20 d6 |-7.@./....dW.1 .| +000000a0 16 64 fd 1b c1 01 58 af 4b 88 49 23 7a f6 a2 15 |.d....X.K.I#z...| +000000b0 ca 02 4b d6 6d 7c f8 7a c9 c0 0d 32 6e 1d 83 ca |..K.m|.z...2n...| +000000c0 47 e5 6f 86 a0 f7 8b 50 1d 91 ec fa 2b 4a 72 f7 |G.o....P....+Jr.| +000000d0 a0 09 f1 65 fb 81 32 d2 a0 be 18 07 9f 5d 89 98 |...e..2......]..| +000000e0 08 09 a6 1d 9a 5a 10 67 81 58 82 00 9d 01 48 a8 |.....Z.g.X....H.| +000000f0 5b df 54 b3 cd 84 87 e0 41 e6 1e 47 46 33 56 0c |[.T.....A..GF3V.| +00000100 67 82 b9 bc 28 68 f3 5b 51 a8 c0 0e 43 14 62 bb |g...(h.[Q...C.b.| +00000110 8a bd 3f 4d d6 33 c4 76 4f c1 06 f8 9b bf 64 41 |..?M.3.vO.....dA| +00000120 6c e5 40 8d 93 4a 6b 6f fe 72 6b db ac 35 b4 fc |l.@..Jko.rk..5..| +00000130 84 13 fa 8a 7d 35 e3 73 12 eb 1a 5f a9 e2 28 53 |....}5.s..._..(S| +00000140 0c 6d 41 ec 4b 76 f5 d9 48 2a c2 85 2a 1f 7d 61 |.mA.Kv..H*..*.}a| +00000150 f6 1f 27 ef 47 c9 c7 b3 19 5c 07 d5 18 ec fd 3e |..'.G....\.....>| +00000160 78 41 cb a4 3a 47 22 cf 7e 7e 17 be 27 c4 90 ce |xA..:G".~~..'...| +00000170 2a cb cd ed 0f a3 bf 1e 4c 62 7a 80 ff 21 38 c5 |*.......Lbz..!8.| +00000180 c2 37 9f 62 4b d8 c0 9e df ae 3c 69 cd 25 f5 65 |.7.bK.....>> Flow 1 (client to server) +00000000 16 03 01 00 ca 01 00 00 c6 03 03 15 b6 db 09 24 |...............$| +00000010 50 ea d6 f7 ae d7 32 2f 72 25 23 db 11 ad 6f c1 |P.....2/r%#...o.| +00000020 5d 62 af e7 93 63 1a 8b f3 82 80 20 5f 15 2e 86 |]b...c..... _...| +00000030 86 2c 2e 2f 82 11 3c d2 9f 00 32 d4 3d 05 04 fa |.,./..<...2.=...| +00000040 36 41 8d dc 30 ce a6 2b 6e d4 3c 9c 00 04 13 01 |6A..0..+n.<.....| +00000050 00 ff 01 00 00 79 00 0b 00 04 03 00 01 02 00 0a |.....y..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 98 |-.....3.&.$... .| +000000b0 b7 40 03 d8 a3 4c 9e 16 82 77 16 9b c1 17 3a 2a |.@...L...w....:*| +000000c0 fc 25 73 5d 2d 5c dc 15 78 36 12 7a 28 f2 0e |.%s]-\..x6.z(..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 5f 15 2e 86 |........... _...| +00000030 86 2c 2e 2f 82 11 3c d2 9f 00 32 d4 3d 05 04 fa |.,./..<...2.=...| +00000040 36 41 8d dc 30 ce a6 2b 6e d4 3c 9c 13 01 00 00 |6A..0..+n.<.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 14 12 e8 30 75 5a |.............0uZ| +00000090 a4 27 7d 83 2e 51 0e 48 14 7b 53 0c 65 24 71 c5 |.'}..Q.H.{S.e$q.| +000000a0 44 17 03 03 00 3e 34 38 ac c0 b5 05 e1 03 e1 a3 |D....>48........| +000000b0 d3 42 ec e3 94 96 e7 a3 05 d8 44 ca 1d 89 b6 6f |.B........D....o| +000000c0 52 ce 3c 7d 61 f1 b4 a2 83 31 ab cf e7 ca 53 57 |R.<}a....1....SW| +000000d0 b8 eb f4 7a 8a 7c ce 31 fe a4 b6 c7 a5 ed f2 2d |...z.|.1.......-| +000000e0 da 36 d6 49 17 03 03 02 6d 2c b4 e1 f3 87 4e c7 |.6.I....m,....N.| +000000f0 ab db ea fa 0d 31 20 f2 1e 63 1d 10 bd 61 98 a2 |.....1 ..c...a..| +00000100 50 8d 12 0d c8 5c f8 e4 97 9c 5f f3 47 f4 60 a5 |P....\...._.G.`.| +00000110 59 16 a2 27 06 94 80 93 af 1e 9d c0 9a 23 20 bf |Y..'.........# .| +00000120 a4 5a 26 2c 37 86 d8 8a b7 e2 bd e2 4f ab 53 65 |.Z&,7.......O.Se| +00000130 bd 34 2c 1a 88 72 bf 8f 20 0c e2 51 0f ea 3f 47 |.4,..r.. ..Q..?G| +00000140 dc 0e cd 21 3c d0 cc 7d 38 b8 b9 1b 20 67 83 a9 |...!<..}8... g..| +00000150 af 4c f7 7b c0 d9 00 5c 66 e3 d7 2e 3b 6a b5 9c |.L.{...\f...;j..| +00000160 6e f6 ed 96 25 3c ce ea db fa 85 ba e2 d8 4c 95 |n...%<........L.| +00000170 92 06 0a 38 19 7f 52 30 2b ef fc 23 c6 b3 e5 d1 |...8..R0+..#....| +00000180 83 2e 56 65 d6 ef 06 3a 71 d6 39 e9 16 62 65 78 |..Ve...:q.9..bex| +00000190 59 c1 9f 7f 99 be c2 b9 0b 56 0a db 26 ec 16 15 |Y........V..&...| +000001a0 be 27 cb bb cf 4a 9c a1 fd 5c 7d 5d c6 df a2 ed |.'...J...\}]....| +000001b0 f1 70 74 03 40 7c 8f af ea 3c 6a c7 c6 30 98 4c |.pt.@|...>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 19 83 88 d2 c3 d4 |................| +00000010 a8 98 6c 8f fa 1b 52 a5 83 58 e3 62 89 3e 22 a3 |..l...R..X.b.>".| +00000020 37 b8 ee 13 17 03 03 00 35 b5 5f aa fd ca 85 74 |7.......5._....t| +00000030 ee c6 06 d9 2e d8 4f 7d 87 a2 b7 20 80 a5 3b 97 |......O}... ..;.| +00000040 41 bc 80 20 af b5 c4 66 26 2e 39 fd 81 e0 1a a0 |A.. ...f&.9.....| +00000050 6f c3 08 d0 23 c2 27 49 91 58 77 15 2d 49 |o...#.'I.Xw.-I| +>>> Flow 4 (server to client) +00000000 17 03 03 00 93 10 f4 e9 f1 51 30 25 9e f0 c4 d2 |.........Q0%....| +00000010 b8 f4 4b ad dd 89 ad ab 1a 39 88 44 98 a2 53 4e |..K......9.D..SN| +00000020 1c e9 bb 4a b7 c1 d8 cc bc 76 e6 a8 e6 41 b9 42 |...J.....v...A.B| +00000030 c8 7a 0a f4 35 73 cc 9f 9d 30 ff 4e e3 44 89 a5 |.z..5s...0.N.D..| +00000040 d0 2b 88 36 0a 87 72 b4 bf 48 6a 4e 2e 03 1a 96 |.+.6..r..HjN....| +00000050 1e 01 07 90 61 b0 f1 c5 58 e0 48 30 db d6 e9 5c |....a...X.H0...\| +00000060 88 05 0d 47 fc d1 33 6e 7e c4 fb 81 e3 80 ce 67 |...G..3n~......g| +00000070 93 59 5e 68 39 6c b2 c3 c3 56 09 61 e5 a1 d6 d9 |.Y^h9l...V.a....| +00000080 95 3a 70 6a 5c 4a 51 24 d9 e7 ed 88 7f 6c 32 0a |.:pj\JQ$.....l2.| +00000090 2d 5d 79 40 75 c9 b9 d4 17 03 03 00 1e 24 cc 07 |-]y@u........$..| +000000a0 53 2b 27 c1 36 47 88 b8 3c 91 9e 8b 13 da 9d 3c |S+'.6G..<......<| +000000b0 f9 65 9d 78 ed 92 36 11 41 fe 42 17 03 03 00 13 |.e.x..6.A.B.....| +000000c0 2b 52 80 d0 d5 39 77 77 38 ad e0 ad 78 f8 0a 59 |+R...9ww8...x..Y| +000000d0 96 18 7e |..~| diff --git a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES new file mode 100644 index 00000000..d2b02504 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES @@ -0,0 +1,96 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 90 bc cf 62 d0 |..............b.| +00000010 bc 89 6b 84 ad 18 87 f5 9c 96 0e 02 3f ae a5 4b |..k.........?..K| +00000020 80 70 f8 54 47 b1 78 03 48 4d 06 20 ae 9e 3c 17 |.p.TG.x.HM. ..<.| +00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| +00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 00 04 13 01 |.ea@.|....s.....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 ad 11 a7 07 20 9c cb 33 96 f4 0d 78 a1 89 55 | .... ..3...x..U| +000000d0 6c af 70 f4 ac d6 cb d9 0d 1b 13 fa 50 de 68 17 |l.p.........P.h.| +000000e0 1d |.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 ae 9e 3c 17 |........... ..<.| +00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| +00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 13 01 00 00 |.ea@.|....s.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 f1 16 14 8f 0a b5 |................| +00000090 92 fa 55 d7 fb 6c 33 04 ae c6 ed 3b 90 27 e9 ae |..U..l3....;.'..| +000000a0 e8 17 03 03 02 22 ca b1 97 19 9d da 2e 1d 12 f4 |....."..........| +000000b0 05 af 35 28 1e 85 9d 28 81 f0 5a 83 46 9c df f7 |..5(...(..Z.F...| +000000c0 58 2e 30 fa b9 07 00 cf fe 69 37 5e f2 75 a0 ef |X.0......i7^.u..| +000000d0 f3 ab 60 0b c5 09 72 bd b4 42 2f 45 24 3e 82 d0 |..`...r..B/E$>..| +000000e0 f1 a1 dd 3a de 6a b9 9d 85 2b 83 75 47 c9 d2 c3 |...:.j...+.uG...| +000000f0 25 91 85 c2 a1 97 6a 62 dd aa 19 11 94 e2 6b f9 |%.....jb......k.| +00000100 7d 5a bc 5e d4 64 bc 74 44 85 d1 7a eb 3a ef d5 |}Z.^.d.tD..z.:..| +00000110 96 f4 22 64 61 2b 79 77 ac 8b 61 69 cc eb ad fd |.."da+yw..ai....| +00000120 38 5e 61 74 d9 4f 70 82 06 3b 3e f8 a8 53 7c e8 |8^at.Op..;>..S|.| +00000130 9d 98 43 a1 af 86 ba d9 64 64 f0 e0 b0 8f 39 6b |..C.....dd....9k| +00000140 16 d6 92 09 8d 5b d0 34 f4 14 60 69 a0 28 73 3a |.....[.4..`i.(s:| +00000150 24 7f 81 4e 8b d1 50 49 1a c0 60 92 fd 02 47 6d |$..N..PI..`...Gm| +00000160 d8 97 62 b2 b4 57 8b d7 d1 b6 bf 19 40 cb 13 09 |..b..W......@...| +00000170 ef d6 55 66 39 88 29 e0 14 2d 06 98 d6 b6 bf a6 |..Uf9.)..-......| +00000180 04 10 47 d5 64 fe 38 69 db 33 a4 fc 12 de 83 5b |..G.d.8i.3.....[| +00000190 c9 8e 76 56 bc f7 dd ac 96 c6 a0 ed e5 43 0b 13 |..vV.........C..| +000001a0 1e 78 94 18 fd 57 50 79 08 91 18 aa 84 63 4e 46 |.x...WPy.....cNF| +000001b0 53 db e0 f3 9a 0b d6 13 20 36 aa 56 dd 7a 62 d9 |S....... 6.V.zb.| +000001c0 3f f6 bd 87 74 3c 86 d1 94 a1 04 79 a8 54 e4 8e |?...t<.....y.T..| +000001d0 11 d6 52 42 5c 4b 77 18 b9 d7 db f7 48 9a 69 e1 |..RB\Kw.....H.i.| +000001e0 2d b9 38 38 e4 e8 94 5e b1 7e 2c 81 96 6a a0 ed |-.88...^.~,..j..| +000001f0 bb 35 6a 8c 93 f2 6d 38 70 df 79 54 d9 45 c8 b8 |.5j...m8p.yT.E..| +00000200 b2 9c 0f 9f 70 34 8f ac b3 08 f5 3e b1 d2 5a d7 |....p4.....>..Z.| +00000210 7b ee f3 dc 9a d1 12 c3 77 24 76 9b bf 09 50 a7 |{.......w$v...P.| +00000220 3c ab 7f 1f 99 b5 02 8c ac 5e 85 cc 53 fd ca e0 |<........^..S...| +00000230 c7 e2 41 08 fd cb b0 79 0c 8b 02 4f 80 92 c2 cd |..A....y...O....| +00000240 6c a1 aa 75 d2 4c d1 25 40 7c 14 41 a7 15 20 a3 |l..u.L.%@|.A.. .| +00000250 a6 81 64 7c c0 c7 2d dd 82 84 ad 2a f4 06 f9 61 |..d|..-....*...a| +00000260 23 1c dd c6 ef 72 da 6b eb be 41 f0 b4 5f 9a 02 |#....r.k..A.._..| +00000270 ee a8 f3 bb 05 48 ec 50 a3 ff f3 94 bb d8 a9 6d |.....H.P.......m| +00000280 92 49 7c bf a1 eb 55 26 08 26 d3 80 d6 cb 05 ea |.I|...U&.&......| +00000290 d1 db bf 97 3d 10 ff 4e f6 05 33 23 68 95 31 42 |....=..N..3#h.1B| +000002a0 5a d5 30 61 79 c4 88 7f e1 be 28 ad 72 bb 78 36 |Z.0ay.....(.r.x6| +000002b0 ba bb 38 75 fb 97 33 b6 28 8c a2 f4 46 fe 37 d8 |..8u..3.(...F.7.| +000002c0 b0 67 63 97 c1 51 0c 61 17 03 03 00 a4 20 15 70 |.gc..Q.a..... .p| +000002d0 7a 69 b1 33 c2 e1 f5 9c 2b b2 06 1e 01 a6 7f 03 |zi.3....+.......| +000002e0 cd 00 13 02 3b 0c 2b 3f 85 d8 ed 6d 81 7e e9 b2 |....;.+?...m.~..| +000002f0 b6 be 7b 77 51 30 dd b5 fc 93 08 91 9e 46 e2 85 |..{wQ0.......F..| +00000300 74 3c 9a 04 26 86 b8 6c 98 99 57 7e 36 54 0d 90 |t<..&..l..W~6T..| +00000310 4c 55 65 77 69 59 b2 e5 5b a3 19 4a b0 72 3d 91 |LUewiY..[..J.r=.| +00000320 2e 5d 9b 8c 52 a1 e6 f5 22 c6 3c 0d 9b d8 9c b9 |.]..R...".<.....| +00000330 cb 90 51 bc 16 69 06 30 22 16 62 08 3b 3f 05 99 |..Q..i.0".b.;?..| +00000340 60 2a cc cf 29 f5 e1 b0 84 81 c8 63 00 d4 d4 13 |`*..)......c....| +00000350 b5 5d 4c 63 8a 60 3e 44 24 03 30 85 91 4c 3d f2 |.]Lc.`>D$.0..L=.| +00000360 2c c2 78 f2 c3 4c bb 90 60 0b 66 18 02 e7 5c 85 |,.x..L..`.f...\.| +00000370 19 17 03 03 00 35 49 76 5f ff 32 3a 09 7a 4b f2 |.....5Iv_.2:.zK.| +00000380 fe f3 38 b6 76 f4 12 f2 aa a3 ed b6 02 ab 0b b9 |..8.v...........| +00000390 3b 9d 00 51 f1 5c 96 23 6b 49 f8 32 9f 74 30 32 |;..Q.\.#kI.2.t02| +000003a0 4d af af ef d5 55 2c ff 2b a0 45 17 03 03 00 93 |M....U,.+.E.....| +000003b0 6e e0 6a f9 44 af c0 af 95 ab 1e ff fd 97 38 f5 |n.j.D.........8.| +000003c0 7b 24 70 da e2 4e 8b dc 9b 49 84 fe 73 0a b0 7e |{$p..N...I..s..~| +000003d0 cf 14 f7 8a 67 e7 74 bd ee 82 93 c6 27 a2 bd 1e |....g.t.....'...| +000003e0 cb 71 06 af 65 dd f0 d9 91 81 b0 f8 21 34 48 d1 |.q..e.......!4H.| +000003f0 c4 e0 e3 19 a8 b4 48 b7 3a be 52 e5 7c a8 a3 c2 |......H.:.R.|...| +00000400 08 6c ac 66 4d 36 cf a1 9d 1f 72 c5 09 20 db 05 |.l.fM6....r.. ..| +00000410 e5 0a 44 af 4a d8 32 38 19 7d 28 e3 05 23 99 66 |..D.J.28.}(..#.f| +00000420 f6 ad 77 02 7e 00 67 c1 71 58 b9 89 3c 93 15 95 |..w.~.g.qX..<...| +00000430 ee 38 e2 ea c0 73 fe da e4 75 6d 38 ca 54 0b bf |.8...s...um8.T..| +00000440 f0 af 86 |...| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 23 02 12 13 f1 |..........5#....| +00000010 db fa 70 c0 92 85 8a d3 fa 80 1b 5c a6 22 ff 20 |..p........\.". | +00000020 5d bf 1d 61 58 34 c0 48 6f e1 26 a6 bf bc 76 c7 |]..aX4.Ho.&...v.| +00000030 8b da ee 54 64 30 c4 5c b1 61 67 82 29 bb 3f 4b |...Td0.\.ag.).?K| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 95 c0 53 e2 37 94 09 83 1e 7e 23 |.......S.7....~#| +00000010 dc 9f 02 5e 91 19 b6 f9 72 0d 38 3f 25 ae b2 5f |...^....r.8?%.._| +00000020 4b f2 78 17 03 03 00 13 d2 ad 73 d6 f3 21 ab 7c |K.x.......s..!.|| +00000030 02 dd 63 ff cf d7 34 ca 71 3d 70 |..c...4.q=p| diff --git a/tls/testdata/Server-TLSv13-Ed25519 b/tls/testdata/Server-TLSv13-Ed25519 new file mode 100644 index 00000000..a94597ac --- /dev/null +++ b/tls/testdata/Server-TLSv13-Ed25519 @@ -0,0 +1,76 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ca 01 00 00 c6 03 03 a1 5b 14 56 ac |............[.V.| +00000010 3f 2b b0 8e e9 0b ae 7e f7 3b 3b 20 90 b6 e4 06 |?+.....~.;; ....| +00000020 c2 b9 71 88 e4 4c 01 28 41 b3 e8 20 49 01 f7 fc |..q..L.(A.. I...| +00000030 ce 52 3e f4 58 60 56 7d 36 21 ba 23 87 21 f7 36 |.R>.X`V}6!.#.!.6| +00000040 48 88 22 78 26 37 27 a4 fc 7a 8b ea 00 04 13 03 |H."x&7'..z......| +00000050 00 ff 01 00 00 79 00 0b 00 04 03 00 01 02 00 0a |.....y..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 f4 |-.....3.&.$... .| +000000b0 2c db e8 c0 9e 7d 52 f6 fa 33 fe f7 9a 66 ca 5f |,....}R..3...f._| +000000c0 a3 28 e9 80 21 28 b8 ef e9 9f 1e 26 9c cf 0f |.(..!(.....&...| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 49 01 f7 fc |........... I...| +00000030 ce 52 3e f4 58 60 56 7d 36 21 ba 23 87 21 f7 36 |.R>.X`V}6!.#.!.6| +00000040 48 88 22 78 26 37 27 a4 fc 7a 8b ea 13 03 00 00 |H."x&7'..z......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 f9 df 7b 4f f9 a1 |............{O..| +00000090 f7 78 eb 10 59 5c 4f ed 42 09 08 10 0f c7 a4 81 |.x..Y\O.B.......| +000000a0 8b 17 03 03 01 50 38 d7 96 35 05 7d 3d 3a 60 02 |.....P8..5.}=:`.| +000000b0 bf 93 37 f2 60 3e 64 cb 1a 6f 9c 69 af 06 ca 70 |..7.`>d..o.i...p| +000000c0 94 e2 d1 7f 4a 5d c7 57 0e 11 c7 4e 24 c6 ba 57 |....J].W...N$..W| +000000d0 9f d7 67 3a 0a 8b 93 08 d4 de c5 be 62 79 61 2a |..g:........bya*| +000000e0 3d 4e 57 f9 98 e5 4f 5e 5a 74 52 5b a4 d0 07 ae |=NW...O^ZtR[....| +000000f0 8c 2a cb 50 dd b3 76 ab 3a 61 5b 55 83 8e 37 8d |.*.P..v.:a[U..7.| +00000100 39 e5 4f 58 7e 7a bc 80 26 f6 0f 47 8f 11 55 77 |9.OX~z..&..G..Uw| +00000110 24 b1 a7 06 d8 d2 30 82 0d 99 39 04 5f 97 d8 1d |$.....0...9._...| +00000120 99 67 99 89 f0 ee 4f 18 8b 49 24 d3 6a d0 65 c9 |.g....O..I$.j.e.| +00000130 01 a2 48 54 8b d2 bb 56 d4 0a 73 62 88 fa 70 4e |..HT...V..sb..pN| +00000140 7f dd 59 5b 14 7b 28 02 07 75 01 4d 41 ab 1d 7e |..Y[.{(..u.MA..~| +00000150 ef 24 42 ee 85 7f fa 5f 9e f0 9f f2 7f 92 00 52 |.$B...._.......R| +00000160 ca 73 8a 73 c6 d7 13 f5 9d 31 6f 76 75 db e7 53 |.s.s.....1ovu..S| +00000170 4d 44 40 8f 47 be bd 0e 71 13 d0 f7 f2 72 67 3a |MD@.G...q....rg:| +00000180 de b8 da b0 1d 84 85 d0 c2 c4 8d 16 87 68 c7 98 |.............h..| +00000190 40 0a 92 c8 fb 8a 3a e4 7b 34 43 47 b7 4f 28 8e |@.....:.{4CG.O(.| +000001a0 11 01 98 88 b6 cd ca aa d4 dc 52 5d f9 cf 55 bb |..........R]..U.| +000001b0 f3 13 f2 ce dc 67 74 a7 4d 5e 65 6f 18 cd 82 4e |.....gt.M^eo...N| +000001c0 fc 80 2c 14 17 99 08 6d 59 b3 3f 38 00 52 a2 a3 |..,....mY.?8.R..| +000001d0 c1 98 84 15 91 82 3f e9 47 82 12 a0 94 dc 19 9e |......?.G.......| +000001e0 2e b7 25 79 30 b9 81 d6 9f 33 8e 49 80 7a 4c a2 |..%y0....3.I.zL.| +000001f0 b7 9a e6 17 2c 06 17 03 03 00 59 97 c7 4b ac c3 |....,.....Y..K..| +00000200 ed b3 bd 82 7a c2 45 a0 18 70 7b 88 fe 8b fd 6b |....z.E..p{....k| +00000210 83 f2 dd 77 15 74 9c f0 a6 27 22 bf ee 25 53 07 |...w.t...'"..%S.| +00000220 81 95 3c 91 b3 89 3c ca f9 5b c7 cf bb 32 55 f8 |..<...<..[...2U.| +00000230 3c 76 70 f6 11 ca 5d 92 aa 78 9e 8a 2f ab e0 6f |>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 19 fa 19 c0 ce |..........5.....| +00000010 09 87 c2 06 69 56 2a 0a a7 9c 79 76 03 1b 70 5e |....iV*...yv..p^| +00000020 56 2d d4 a1 09 e3 99 f7 a9 7a e5 ba 3e 17 8b b2 |V-.......z..>...| +00000030 fe da 70 81 d9 30 83 27 b1 da 2e df da 94 75 72 |..p..0.'......ur| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 83 53 ed 09 07 d3 87 ab 37 a2 08 |......S......7..| +00000010 a8 50 66 87 97 54 04 38 4b a6 25 f8 ab 75 ac 39 |.Pf..T.8K.%..u.9| +00000020 52 e2 8d 17 03 03 00 13 86 58 ef 44 c1 59 5e 2e |R........X.D.Y^.| +00000030 e4 2e df 93 6e 52 76 58 c1 9d 2a |....nRvX..*| diff --git a/tls/testdata/Server-TLSv13-ExportKeyingMaterial b/tls/testdata/Server-TLSv13-ExportKeyingMaterial new file mode 100644 index 00000000..8267ca0f --- /dev/null +++ b/tls/testdata/Server-TLSv13-ExportKeyingMaterial @@ -0,0 +1,99 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ce 01 00 00 ca 03 03 26 86 8d 61 97 |...........&..a.| +00000010 6c da 93 d7 43 5c b3 0c 06 5c c2 cb e0 89 46 9f |l...C\...\....F.| +00000020 cc b0 a3 cf 41 3d cf 7a 9e 02 bc 20 a6 33 fe 0b |....A=.z... .3..| +00000030 90 24 8b ed 69 48 86 9b d2 1a 5c 04 66 52 4f 5d |.$..iH....\.fRO]| +00000040 a4 24 6b d2 84 08 c0 48 a9 55 ef 0c 00 04 13 03 |.$k....H.U......| +00000050 00 ff 01 00 00 7d 00 0b 00 04 03 00 01 02 00 0a |.....}..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................| +00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..| +000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.| +000000b0 1d 00 20 b9 ab 39 93 6b 9f aa 46 0a 61 c6 f8 58 |.. ..9.k..F.a..X| +000000c0 45 26 16 6f b6 cb 42 52 e8 24 ab cc a4 2d b6 7a |E&.o..BR.$...-.z| +000000d0 a5 90 67 |..g| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 a6 33 fe 0b |........... .3..| +00000030 90 24 8b ed 69 48 86 9b d2 1a 5c 04 66 52 4f 5d |.$..iH....\.fRO]| +00000040 a4 24 6b d2 84 08 c0 48 a9 55 ef 0c 13 03 00 00 |.$k....H.U......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 e9 4c 8a ed 0c af |...........L....| +00000090 04 d2 18 14 38 48 c1 71 da 59 db 46 f4 00 0d 19 |....8H.q.Y.F....| +000000a0 1e 17 03 03 02 6d e0 d2 7b bf 0a 51 48 a9 67 46 |.....m..{..QH.gF| +000000b0 25 3b 07 e9 68 da 4d cf 47 31 0f 7d ad 4e 0d 6d |%;..h.M.G1.}.N.m| +000000c0 c3 ad 03 61 4a c0 ae 06 4d b7 84 29 1b 44 49 26 |...aJ...M..).DI&| +000000d0 f4 99 fc 58 1e 5b f0 15 ee be 19 c3 b3 23 20 f0 |...X.[.......# .| +000000e0 7a 10 e4 ab c8 00 f6 e4 93 d6 b3 2a fd 14 10 c9 |z..........*....| +000000f0 72 b2 21 ba 93 50 08 4e d2 1f 3f 64 68 73 3c c7 |r.!..P.N..?dhs<.| +00000100 11 3c f5 84 61 b0 2c 84 42 0c ef a9 03 a2 74 aa |.<..a.,.B.....t.| +00000110 3b 07 e0 d5 f5 c4 d1 a8 8e f5 64 0e 52 41 b1 4d |;.........d.RA.M| +00000120 aa 43 0d f3 6b 0c 19 36 66 fe 4c 73 cd 52 03 2f |.C..k..6f.Ls.R./| +00000130 61 f1 9d 23 12 e2 b9 69 d9 48 92 07 1b 5d 6f 28 |a..#...i.H...]o(| +00000140 e1 96 39 d8 59 19 9d 9c bf 99 3a af 03 68 bd 34 |..9.Y.....:..h.4| +00000150 38 04 9d 8c 9a bf 75 67 74 dd 9c eb 89 13 6d 55 |8.....ugt.....mU| +00000160 b4 c4 17 11 05 54 d7 f9 d7 5a ed ec d5 15 31 5e |.....T...Z....1^| +00000170 2f ed 69 fa 99 23 57 e3 62 98 35 27 17 34 e1 c4 |/.i..#W.b.5'.4..| +00000180 3c 95 3f 69 de 01 aa a9 66 55 4a 40 3a f1 4f 19 |<.?i....fUJ@:.O.| +00000190 02 2f df 51 0c 69 ec 48 7a 60 f7 72 5e f6 f0 4d |./.Q.i.Hz`.r^..M| +000001a0 a1 b2 7a 06 df 69 a1 19 42 29 56 5c 67 99 3d 0e |..z..i..B)V\g.=.| +000001b0 5d da df 7b 93 8e 9a 26 6e 2e 09 c4 30 40 ad a9 |]..{...&n...0@..| +000001c0 ee 4b bd 21 41 b6 cb fc 97 0f fc a2 cf 26 31 d6 |.K.!A........&1.| +000001d0 d6 77 96 4e c6 a2 fd 5a 0e cb d5 31 a6 21 e8 76 |.w.N...Z...1.!.v| +000001e0 a2 48 4d 43 d4 c9 18 b2 21 cc 13 13 84 f2 c2 cf |.HMC....!.......| +000001f0 60 8f 2e 36 39 8a a8 26 03 1d 51 24 b4 08 c5 5d |`..69..&..Q$...]| +00000200 96 b9 4a 46 02 41 1f 59 ea 47 a9 37 bc a0 c4 70 |..JF.A.Y.G.7...p| +00000210 26 d6 8c 11 62 45 1d 92 5d ea 39 cd af af 13 38 |&...bE..].9....8| +00000220 85 ca a8 74 1a 09 07 f2 7c d6 49 0d 2d ad 1c 9f |...t....|.I.-...| +00000230 db 8b 56 91 45 51 32 db ca 9c f4 d2 72 09 8a fe |..V.EQ2.....r...| +00000240 98 9e a8 b5 b2 49 9c 0b e9 3a 42 d0 53 e0 20 6c |.....I...:B.S. l| +00000250 e3 07 36 ef cc 85 56 fd b4 6e ff d2 7c 96 52 27 |..6...V..n..|.R'| +00000260 46 c9 3c b3 bf fb 16 0b 61 54 09 9c ac 3b 18 5f |F.<.....aT...;._| +00000270 5a 01 4b 25 67 22 ef 19 86 a3 3a 80 f0 12 f5 60 |Z.K%g"....:....`| +00000280 4c 77 cf bd a9 e8 a1 19 d4 8c e1 a8 b2 b8 19 b8 |Lw..............| +00000290 98 85 c3 da 1a b8 4d 6e 1f 35 73 28 32 3c a0 44 |......Mn.5s(2<.D| +000002a0 c9 77 46 b8 c6 54 4d 80 67 72 58 c4 e3 0b f3 6c |.wF..TM.grX....l| +000002b0 43 eb e2 89 f1 30 cc 90 b4 e9 b8 ec e2 5f c1 31 |C....0......._.1| +000002c0 a2 de 9d e9 fe 9c fe b0 83 b7 aa e9 2e 62 35 89 |.............b5.| +000002d0 90 0d 36 79 8f 23 bb 7a ae dc db db 1c c3 96 5d |..6y.#.z.......]| +000002e0 7c 06 e9 1c ee 82 58 46 7c 1b 90 9d cf 2d 31 54 ||.....XF|....-1T| +000002f0 96 94 58 dc 95 26 85 c7 f4 c9 9c 2b 8a 2f ae b3 |..X..&.....+./..| +00000300 70 10 bf f1 0e 66 ef f1 1c 66 da 6c 52 d8 6e aa |p....f...f.lR.n.| +00000310 3a 14 d8 17 03 03 00 99 69 45 ee c3 c9 b3 4d 9a |:.......iE....M.| +00000320 01 00 70 27 54 8c 12 bb 74 67 e8 88 07 ac 4e ab |..p'T...tg....N.| +00000330 b1 41 f4 65 ee 3b 06 87 79 5d 9b 1d 70 df 2f f7 |.A.e.;..y]..p./.| +00000340 e0 88 45 2b a1 b9 ca 67 88 65 65 33 51 41 c0 b2 |..E+...g.ee3QA..| +00000350 da 6a 7a 7c bf 42 58 8d ae 7b 24 d0 8a f7 47 c0 |.jz|.BX..{$...G.| +00000360 a9 45 da 24 82 03 a1 65 03 7c 3c 2a bf 48 e2 0d |.E.$...e.|<*.H..| +00000370 fa cc 3f 00 53 63 5d f9 b4 a1 00 d2 a7 3c 81 64 |..?.Sc]......<.d| +00000380 8a d5 90 4f b9 58 2b 1e 1d a7 7e ad 3e 8f d4 4a |...O.X+...~.>..J| +00000390 7b 66 b7 4e 68 04 ac 66 24 6e 76 ed f4 5c aa 52 |{f.Nh..f$nv..\.R| +000003a0 3d f8 f5 ea d0 0a 74 ba 39 da 21 e0 f1 03 80 cd |=.....t.9.!.....| +000003b0 5b 17 03 03 00 35 7b 1f 6e 37 6c 15 5b 1b f7 ea |[....5{.n7l.[...| +000003c0 bf 03 68 5f 15 1f e7 99 a8 64 f1 60 3d e0 b6 5e |..h_.....d.`=..^| +000003d0 c1 60 18 61 e5 ea dc ab b5 d3 5f 10 1b 5c 3a 1b |.`.a......_..\:.| +000003e0 c5 fe a6 d3 fc 45 6b db b1 27 60 17 03 03 00 93 |.....Ek..'`.....| +000003f0 e3 f1 5f f1 18 a6 ab 67 88 e4 5a f9 fd 71 77 4b |.._....g..Z..qwK| +00000400 6c 0d 98 ef 71 72 2a aa d2 0a 2d 72 ac 40 57 2d |l...qr*...-r.@W-| +00000410 73 ad 77 cd 01 19 19 be e7 49 d4 6a aa 97 f9 40 |s.w......I.j...@| +00000420 b1 85 cc bb 5c 57 1a 17 a8 48 65 d3 4d e9 a9 29 |....\W...He.M..)| +00000430 4b 08 6b b3 33 2c 97 d0 89 0a 50 e2 66 06 c6 63 |K.k.3,....P.f..c| +00000440 c3 6f 8d 5e ab a4 af 7a 6a 5e 25 8d 4a 17 ea aa |.o.^...zj^%.J...| +00000450 67 8a ad af c3 1e d6 47 db a5 b5 db 32 1b 83 f8 |g......G....2...| +00000460 2d f9 bc 99 28 07 0d d0 fe 34 bf 52 ae 59 27 40 |-...(....4.R.Y'@| +00000470 cd 0e 4d 4d 12 28 21 01 30 38 b1 c3 df 63 e9 9e |..MM.(!.08...c..| +00000480 34 91 84 |4..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 1d d8 d0 a8 ec |..........5.....| +00000010 04 45 13 43 a1 72 38 4e 54 85 7a a2 17 dc eb 39 |.E.C.r8NT.z....9| +00000020 36 7d 50 25 5f d3 0d 7f c3 a7 75 93 e9 1e 17 0a |6}P%_.....u.....| +00000030 a3 d7 a8 74 23 98 5e 3a 3a 4c 2c d3 78 b4 04 48 |...t#.^::L,.x..H| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 53 e2 0d f2 62 e8 be 84 e0 33 1a |.....S...b....3.| +00000010 56 bc 45 f9 0b 69 63 72 03 f3 34 c6 72 d8 f9 c4 |V.E..icr..4.r...| +00000020 ba 53 3d 17 03 03 00 13 11 b5 0d 7f d4 e7 51 90 |.S=...........Q.| +00000030 39 be 2b d8 d6 7c e8 12 ea 61 83 |9.+..|...a.| diff --git a/tls/testdata/Server-TLSv13-HelloRetryRequest b/tls/testdata/Server-TLSv13-HelloRetryRequest new file mode 100644 index 00000000..95eefd29 --- /dev/null +++ b/tls/testdata/Server-TLSv13-HelloRetryRequest @@ -0,0 +1,123 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 c4 01 00 00 c0 03 03 16 5e f5 e2 4e |............^..N| +00000010 27 ce 8e 88 0b e9 13 6d 12 a6 6d 27 c9 ab 95 47 |'......m..m'...G| +00000020 6f 9d 5d a0 92 64 35 c1 b6 70 90 20 ff 47 6f 67 |o.]..d5..p. .Gog| +00000030 69 49 88 2a 84 69 79 48 fe cc 92 db 6e 9e ab 47 |iI.*.iyH....n..G| +00000040 8e 47 10 58 db ad 22 8e da bb 86 e6 00 04 13 03 |.G.X..".........| +00000050 00 ff 01 00 00 73 00 0b 00 04 03 00 01 02 00 0a |.....s..........| +00000060 00 06 00 04 00 1d 00 17 00 16 00 00 00 17 00 00 |................| +00000070 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................| +00000080 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +00000090 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....| +000000a0 33 00 26 00 24 00 1d 00 20 7e a4 de 34 df 01 99 |3.&.$... ~..4...| +000000b0 37 77 f7 de 6a e2 79 e7 63 eb 86 6c 62 61 fd b0 |7w..j.y.c..lba..| +000000c0 c6 95 04 c8 63 29 cd 32 00 |....c).2.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.| +00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z| +00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 ff 47 6f 67 |..^......3. .Gog| +00000030 69 49 88 2a 84 69 79 48 fe cc 92 db 6e 9e ab 47 |iI.*.iyH....n..G| +00000040 8e 47 10 58 db ad 22 8e da bb 86 e6 13 03 00 00 |.G.X..".........| +00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......| +00000060 00 01 01 |...| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 16 03 03 00 e5 01 00 00 e1 03 |................| +00000010 03 16 5e f5 e2 4e 27 ce 8e 88 0b e9 13 6d 12 a6 |..^..N'......m..| +00000020 6d 27 c9 ab 95 47 6f 9d 5d a0 92 64 35 c1 b6 70 |m'...Go.]..d5..p| +00000030 90 20 ff 47 6f 67 69 49 88 2a 84 69 79 48 fe cc |. .GogiI.*.iyH..| +00000040 92 db 6e 9e ab 47 8e 47 10 58 db ad 22 8e da bb |..n..G.G.X.."...| +00000050 86 e6 00 04 13 03 00 ff 01 00 00 94 00 0b 00 04 |................| +00000060 03 00 01 02 00 0a 00 06 00 04 00 1d 00 17 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000080 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000090 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000a0 2d 00 02 01 01 00 33 00 47 00 45 00 17 00 41 04 |-.....3.G.E...A.| +000000b0 ca c3 69 88 b3 ed f4 ad 7f 9c 03 6c 7a 44 55 d6 |..i........lzDU.| +000000c0 68 1d a4 27 67 57 d7 27 08 27 e8 b9 c9 32 49 a2 |h..'gW.'.'...2I.| +000000d0 e4 f6 c2 f2 62 bd 74 67 77 f9 26 27 ee d7 a7 f0 |....b.tgw.&'....| +000000e0 9c 9a 41 cd 8b bf 76 25 df ff 5a 9f 4e f5 41 95 |..A...v%..Z.N.A.| +>>> Flow 4 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 ff 47 6f 67 |........... .Gog| +00000030 69 49 88 2a 84 69 79 48 fe cc 92 db 6e 9e ab 47 |iI.*.iyH....n..G| +00000040 8e 47 10 58 db ad 22 8e da bb 86 e6 13 03 00 00 |.G.X..".........| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| +00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| +00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| +00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| +000000a0 17 03 03 00 17 c0 07 64 56 b1 bb f8 bf 36 6b df |.......dV....6k.| +000000b0 e9 ee 72 cc 79 45 f5 8c b8 0c b3 5d 17 03 03 02 |..r.yE.....]....| +000000c0 6d 2e ab b5 84 4f d7 9e 4e 0d 6e a0 42 c1 f0 a6 |m....O..N.n.B...| +000000d0 62 a3 26 eb 9d 9a 42 a5 5d 1f 59 ad 37 a9 8a af |b.&...B.].Y.7...| +000000e0 0d 7b 8f 5a d1 d5 d8 bc 15 5b 0d 0e d2 a9 bb 14 |.{.Z.....[......| +000000f0 56 ed 30 4e 9b aa f9 5a 66 7d 4c 41 8e 6d 58 90 |V.0N...Zf}LA.mX.| +00000100 52 4a f2 78 72 59 34 aa 58 7e 0c 44 1e bc 84 d8 |RJ.xrY4.X~.D....| +00000110 50 17 bd aa 8c 4c d0 c5 e7 69 32 b8 c3 d6 e6 f9 |P....L...i2.....| +00000120 70 93 99 1c 75 1b 13 f2 85 e0 b5 07 1b d8 5a 31 |p...u.........Z1| +00000130 0a 1a 2e 97 86 ff 75 a1 db 45 b2 47 68 ed 88 d9 |......u..E.Gh...| +00000140 fe 31 c9 c0 5e 37 f2 62 37 f7 01 81 11 07 a7 0f |.1..^7.b7.......| +00000150 44 ec 17 3a 4a 38 b3 91 9f 77 6f f9 58 9e 9c 12 |D..:J8...wo.X...| +00000160 6e 54 4c de 43 58 46 a5 f6 c7 58 7e df 33 d7 91 |nTL.CXF...X~.3..| +00000170 e5 cb 9e 28 9d 7f a7 8a bd be 01 48 b7 b1 1e e2 |...(.......H....| +00000180 7a 80 aa f9 cd 3f 62 0d a0 a0 63 0c ca 4b 5f a8 |z....?b...c..K_.| +00000190 a9 5f 42 ac 44 57 67 b2 0f 5a b5 bb 59 a9 56 bd |._B.DWg..Z..Y.V.| +000001a0 28 3c fb 5e 43 33 61 43 7b 60 48 7d 27 67 6a 06 |(<.^C3aC{`H}'gj.| +000001b0 ac 0d db e4 d2 d4 b8 fa fb e8 32 f3 22 83 3a 63 |..........2.".:c| +000001c0 f6 73 02 62 e0 d5 8a d2 61 a5 bf e1 2d 10 59 93 |.s.b....a...-.Y.| +000001d0 55 60 be 32 ce 5c d5 5a f0 54 21 7d 8a 02 23 cf |U`.2.\.Z.T!}..#.| +000001e0 38 2b 2b 67 50 22 72 f7 f7 bf 20 c2 34 df ae 3a |8++gP"r... .4..:| +000001f0 44 b0 a6 2a 51 79 6f b1 7b ff d7 77 45 83 a9 fa |D..*Qyo.{..wE...| +00000200 bf 3c de 34 e8 6a 33 74 6c 24 0b 85 39 ea 7c 13 |.<.4.j3tl$..9.|.| +00000210 43 26 13 1b 61 56 85 0a 08 83 04 45 5f 5a 36 df |C&..aV.....E_Z6.| +00000220 17 c0 59 e9 92 d8 6b 78 66 1f 43 a0 99 f8 4b b1 |..Y...kxf.C...K.| +00000230 f0 8d 25 6f 0f 2e c7 f9 4d bb 79 74 b8 95 e6 b7 |..%o....M.yt....| +00000240 41 0c de 2a d3 7e fc 0f 18 87 2d 21 dd 8d 5f 20 |A..*.~....-!.._ | +00000250 4c 88 cb 63 f4 9c 07 64 14 02 0c 19 46 32 e5 1e |L..c...d....F2..| +00000260 85 84 4a 71 b8 a5 50 92 ca 72 fe f4 9c 69 05 d4 |..Jq..P..r...i..| +00000270 93 22 38 c1 09 e2 da 49 17 e8 e1 b3 f9 42 ee bf |."8....I.....B..| +00000280 ea 40 b2 00 af b9 a8 f9 97 8e ef de 41 de 01 87 |.@..........A...| +00000290 cc 13 23 64 8c a1 10 9a 91 38 9b cb fb 0b 04 66 |..#d.....8.....f| +000002a0 fb 4b e3 77 e7 da 7a 75 5c 66 20 7e dc 22 a9 e6 |.K.w..zu\f ~."..| +000002b0 6a 27 06 ed 3c fc 4c 30 ed f0 31 92 b2 eb a1 f3 |j'..<.L0..1.....| +000002c0 a4 fd 83 20 37 62 71 95 ff 7c 65 e8 88 aa e7 c7 |... 7bq..|e.....| +000002d0 3f 17 9c 94 6f 1a d9 c8 ac 00 8d ec 30 22 98 85 |?...o.......0"..| +000002e0 da cc 69 41 f4 3a 66 1b e6 4c 38 62 8d 37 dc a1 |..iA.:f..L8b.7..| +000002f0 08 cf 88 d4 26 7f 47 33 54 d8 aa d6 c5 02 fc 72 |....&.G3T......r| +00000300 ff 50 19 9f 4a 0e 8b c8 32 6d 8e 15 e4 f1 ed 2e |.P..J...2m......| +00000310 43 cb 9f 8c 7a 0e e1 a2 79 e2 f9 52 12 e4 2f a9 |C...z...y..R../.| +00000320 c1 c5 0b 1f c2 21 c5 2e 21 de 3e 76 29 db 17 03 |.....!..!.>v)...| +00000330 03 00 99 8a ee 54 88 93 d0 4b a0 31 18 ed 83 ff |.....T...K.1....| +00000340 2c 44 78 ab 88 ea 72 d2 2a 27 71 a9 a1 ba 26 a5 |,Dx...r.*'q...&.| +00000350 9a 9b 64 92 e8 c9 f8 02 47 b9 9f 53 95 a8 ad 5b |..d.....G..S...[| +00000360 bd 81 17 87 69 0c 77 c1 0e d7 cb 5b 9f 2d 36 86 |....i.w....[.-6.| +00000370 f5 fc 6d ba d8 f5 63 dd e4 f5 0a 61 8d b2 a9 bb |..m...c....a....| +00000380 a5 a5 d6 41 d4 aa db 46 79 56 02 51 f4 ac d3 57 |...A...FyV.Q...W| +00000390 57 b4 53 71 9f fe ea a6 76 f3 0f ca 39 93 f3 34 |W.Sq....v...9..4| +000003a0 c6 96 96 09 8e 12 04 cc 1e 82 9f 78 6b 1c a2 fc |...........xk...| +000003b0 0c 9d c6 00 3c 33 3a 92 c5 ce 96 15 50 1a 75 6d |....<3:.....P.um| +000003c0 85 ec b6 64 12 2b eb 3a 52 8f 6d 35 17 03 03 00 |...d.+.:R.m5....| +000003d0 35 7f 2b 30 fa e0 92 25 a2 1b 11 f8 cd 04 0d 57 |5.+0...%.......W| +000003e0 01 42 cf e9 0c 92 7f d1 fd fa 26 61 0d 85 d7 d5 |.B........&a....| +000003f0 3c fd cf 73 98 dc 88 a2 76 63 59 82 45 2d e3 bc |<..s....vcY.E-..| +00000400 a2 c0 0b 83 41 75 17 03 03 00 93 f3 17 09 b2 e8 |....Au..........| +00000410 53 11 9b 3e 3a 10 a0 e6 58 04 81 82 cb eb a5 19 |S..>:...X.......| +00000420 0f a3 25 e2 eb ab 7c 07 2b e6 22 19 30 aa fc a6 |..%...|.+.".0...| +00000430 bd c4 7d 69 33 38 2b 58 55 5b a7 27 29 86 af d5 |..}i38+XU[.')...| +00000440 f9 5a b4 85 ad a0 73 ab f7 61 3f 2e 66 53 f5 8f |.Z....s..a?.fS..| +00000450 c7 09 4b 01 99 d0 68 93 32 d1 2e 8f 89 e5 e1 ea |..K...h.2.......| +00000460 ba f2 fb 07 ee 58 7c 28 ff 59 1d d7 f7 b3 e2 56 |.....X|(.Y.....V| +00000470 98 56 cd 9d d1 4f 26 7e 77 0d a0 c1 92 c5 a0 83 |.V...O&~w.......| +00000480 c9 7c d8 7d a8 91 d3 ae 71 41 1d 06 33 68 b8 52 |.|.}....qA..3h.R| +00000490 ad 84 a7 21 80 8f e5 c6 37 11 da 6c 5a 3a |...!....7..lZ:| +>>> Flow 5 (client to server) +00000000 17 03 03 00 35 28 34 b9 16 07 9a c1 82 ad 9f b7 |....5(4.........| +00000010 78 fa 1a d0 1f 57 98 95 37 86 cf 1d 67 19 47 48 |x....W..7...g.GH| +00000020 e9 ab fe 0c ff 26 c6 78 88 1a ad 75 48 63 4b 6e |.....&.x...uHcKn| +00000030 72 4a 44 4f 27 b6 9d 56 b6 43 |rJDO'..V.C| +>>> Flow 6 (server to client) +00000000 17 03 03 00 1e d9 1f 35 86 22 7e 10 f1 8d e5 82 |.......5."~.....| +00000010 f2 f6 88 81 a3 66 da 6a 1e 2f 94 94 16 02 2a 52 |.....f.j./....*R| +00000020 69 8b bb 17 03 03 00 13 3c 87 88 8c c0 78 64 18 |i.......<....xd.| +00000030 9a 9e 07 fd ac d7 2d 5d ab bf a8 |......-]...| diff --git a/tls/testdata/Server-TLSv13-IssueTicket b/tls/testdata/Server-TLSv13-IssueTicket new file mode 100644 index 00000000..fa1f8018 --- /dev/null +++ b/tls/testdata/Server-TLSv13-IssueTicket @@ -0,0 +1,99 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ce 01 00 00 ca 03 03 bb e2 a4 a5 7e |...............~| +00000010 63 65 5c a5 7f 3f 13 a1 9d 5f 53 3c d2 b1 84 bd |ce\..?..._S<....| +00000020 51 0c 9a 14 e8 8a 5a 53 b8 27 88 20 e7 04 4d dc |Q.....ZS.'. ..M.| +00000030 76 f3 7f bd 00 ce 46 d2 a6 58 26 99 02 91 88 bf |v.....F..X&.....| +00000040 b5 6b 56 2b b6 bc 51 b2 e4 cd 82 8d 00 04 13 01 |.kV+..Q.........| +00000050 00 ff 01 00 00 7d 00 0b 00 04 03 00 01 02 00 0a |.....}..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................| +00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..| +000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.| +000000b0 1d 00 20 b2 99 9c bb d1 4c c7 61 5f aa bf 2f 06 |.. .....L.a_../.| +000000c0 a3 50 e7 49 7d 11 ae 68 9b b0 be be 82 6d 27 29 |.P.I}..h.....m')| +000000d0 89 4c 4a |.LJ| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 e7 04 4d dc |........... ..M.| +00000030 76 f3 7f bd 00 ce 46 d2 a6 58 26 99 02 91 88 bf |v.....F..X&.....| +00000040 b5 6b 56 2b b6 bc 51 b2 e4 cd 82 8d 13 01 00 00 |.kV+..Q.........| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 c6 67 93 be 69 04 |...........g..i.| +00000090 58 4f 1d 93 b6 5c 1c 10 8a 91 d0 c0 db 0b d1 0a |XO...\..........| +000000a0 d1 17 03 03 02 6d da d6 28 74 c7 60 d6 02 3e 28 |.....m..(t.`..>(| +000000b0 29 17 50 b9 01 4b 9b 93 07 9d 09 f0 17 05 e0 88 |).P..K..........| +000000c0 53 ec c3 28 f7 a6 4e 9b 80 a3 fd 20 db 97 51 6a |S..(..N.... ..Qj| +000000d0 b1 7a 6d 93 26 61 c8 9c 6d 37 65 94 b4 74 a0 60 |.zm.&a..m7e..t.`| +000000e0 b1 a1 38 4c eb 5e a9 c4 bd d4 29 ee e9 e3 ab 56 |..8L.^....)....V| +000000f0 68 67 57 da b3 3d 85 bd 26 67 e1 52 83 a6 69 14 |hgW..=..&g.R..i.| +00000100 3b 30 31 c7 71 83 fa 62 13 ea a3 a5 de 4b 32 3f |;01.q..b.....K2?| +00000110 c6 48 0b 96 cd 4b da 96 6d e2 31 88 ca 96 5f 63 |.H...K..m.1..._c| +00000120 cb 39 37 d8 fa 8f 1f b9 e2 c5 6b ae 60 05 5b ed |.97.......k.`.[.| +00000130 e0 5d 83 fa 2b 22 f4 e8 33 27 48 e7 c4 3d 54 22 |.]..+"..3'H..=T"| +00000140 5a 60 a9 7a 0d 9b 42 e2 50 28 0e 6c 13 16 a1 51 |Z`.z..B.P(.l...Q| +00000150 60 81 8f 80 e2 1b 53 24 62 78 b7 0a 4a 9b 2f a7 |`.....S$bx..J./.| +00000160 97 b3 ba e5 34 0d 76 a6 0e ea ec 91 f0 9c a9 6d |....4.v........m| +00000170 57 47 ef a3 c4 7a 62 a8 1f c0 1a d7 ea 31 90 20 |WG...zb......1. | +00000180 76 13 ae f1 24 9d 60 9f 30 9f 2b 2a 2f 0a 39 6c |v...$.`.0.+*/.9l| +00000190 7a 47 fe 11 1c 78 42 a1 1c ed c3 cd d2 6a cd 4f |zG...xB......j.O| +000001a0 66 1b 51 d4 43 4e 45 23 15 48 e4 84 3e 89 a3 55 |f.Q.CNE#.H..>..U| +000001b0 7e b0 a6 c2 1c cd eb cf 88 6b e7 d2 07 25 ef 37 |~........k...%.7| +000001c0 e1 8a a5 b9 03 7e 70 73 9c 23 1a 62 07 56 db ed |.....~ps.#.b.V..| +000001d0 93 e3 8a 91 8b 90 74 14 14 cc ff 9e ea e5 45 dd |......t.......E.| +000001e0 a6 2d dc e6 cb 8c 59 33 91 da e6 5c b4 73 4f 36 |.-....Y3...\.sO6| +000001f0 f1 3c d9 6e ba 2c c4 51 de 4f 8a 69 62 c4 db b1 |.<.n.,.Q.O.ib...| +00000200 9e 67 7a 5f 01 7b b7 b2 55 b1 14 c0 46 d1 43 16 |.gz_.{..U...F.C.| +00000210 a0 70 84 7e b8 a3 04 ce e3 e0 0e 5e 5f 3f 95 7a |.p.~.......^_?.z| +00000220 ef 79 8d 50 84 cd 02 f1 e0 e5 f9 26 cf 7a f9 da |.y.P.......&.z..| +00000230 a3 7d 22 31 4d 61 82 f6 ff fd 69 23 07 53 07 df |.}"1Ma....i#.S..| +00000240 5a eb 50 86 28 44 24 06 9b 21 ef ef 78 bc 67 13 |Z.P.(D$..!..x.g.| +00000250 c5 27 d8 18 db c7 fa d5 a6 0c 40 09 e3 e5 17 0c |.'........@.....| +00000260 61 ae bc 48 98 ab 7b 57 82 f7 87 a5 4b 96 25 77 |a..H..{W....K.%w| +00000270 e4 59 53 d1 d3 7b 55 08 e0 1a 5d 9b 0f 2e 6f cd |.YS..{U...]...o.| +00000280 96 9d 19 09 07 84 08 c1 cf bd 99 af 80 52 c0 f7 |.............R..| +00000290 0c 50 85 14 7c fd cb 61 01 05 ee 92 60 bb ac 4c |.P..|..a....`..L| +000002a0 b4 37 48 dc b1 34 9d 26 3a fd dc ae 21 2f d3 51 |.7H..4.&:...!/.Q| +000002b0 84 c3 0e 8f e1 b4 fb 0b 2e 3b 51 a9 e8 c2 d9 d9 |.........;Q.....| +000002c0 6b a5 af 90 30 97 a2 32 9a a3 9d 5d b3 75 c6 48 |k...0..2...].u.H| +000002d0 4b ee a3 23 85 98 a5 b5 00 fd c5 3a 27 65 9e d0 |K..#.......:'e..| +000002e0 19 a8 5a 8c 8b eb 49 c6 58 16 9a 88 67 54 82 a9 |..Z...I.X...gT..| +000002f0 29 0a 98 82 e4 f8 f0 c9 17 a6 81 91 1b c1 2a b7 |).............*.| +00000300 de c3 8b 2d a6 55 1f 61 89 90 84 15 c8 33 6e cb |...-.U.a.....3n.| +00000310 5c f4 e2 17 03 03 00 99 49 e0 38 43 34 61 b9 37 |\.......I.8C4a.7| +00000320 2c 3e d5 c7 8c d7 9b a6 6c 8e ef a6 28 13 3c 79 |,>......l...(..p[Nk..R...h.| +00000340 a0 07 ac c1 17 6e d1 11 76 1d d7 1e e2 26 3e 76 |.....n..v....&>v| +00000350 2b f9 a4 55 67 0b 9c cd db ab 71 1a 84 33 74 eb |+..Ug.....q..3t.| +00000360 b1 4b 26 d8 e8 1c 84 2b 62 c7 70 27 16 fb 16 ae |.K&....+b.p'....| +00000370 9d 72 3a 42 c1 cb cd c8 d0 dd 9c f0 51 2e 33 c1 |.r:B........Q.3.| +00000380 46 35 56 ad 3b ea be 6e 14 4d 05 d1 6d 85 93 86 |F5V.;..n.M..m...| +00000390 cc 6a 1c bf 03 cf 8f 92 c9 18 74 e0 66 0a b6 9a |.j........t.f...| +000003a0 38 ac 1a 73 f4 e0 70 ec 93 61 67 9f b8 12 6f 1f |8..s..p..ag...o.| +000003b0 17 17 03 03 00 35 59 6b 86 a8 cc 89 c6 fa 4f 95 |.....5Yk......O.| +000003c0 25 b6 90 08 ac bf 9f d5 c9 3c 6c e5 cd 0d 14 00 |%........>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 74 1e 4a 56 2c |..........5t.JV,| +00000010 fc 14 0b 66 ab 2f 56 5b fd 33 fe c2 a4 df 0b 62 |...f./V[.3.....b| +00000020 63 11 40 67 d2 11 1b 53 c5 b9 1e 0e 20 83 85 b0 |c.@g...S.... ...| +00000030 3a 81 79 bc a7 9f 49 ab 22 bd 10 8d 3e c9 95 79 |:.y...I."...>..y| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e a4 83 3b 61 a1 00 d5 56 84 4c 83 |.......;a...V.L.| +00000010 0a 8c 86 13 0c e7 95 71 aa 48 e0 d2 5f 11 5f 45 |.......q.H.._._E| +00000020 41 7a 10 17 03 03 00 13 ca 8b f5 38 e5 5f e0 8a |Az.........8._..| +00000030 e3 08 ba 7d 06 f6 b3 b4 6f e9 2b |...}....o.+| diff --git a/tls/testdata/Server-TLSv13-IssueTicketPreDisable b/tls/testdata/Server-TLSv13-IssueTicketPreDisable new file mode 100644 index 00000000..a939822e --- /dev/null +++ b/tls/testdata/Server-TLSv13-IssueTicketPreDisable @@ -0,0 +1,99 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 ce 01 00 00 ca 03 03 cd 51 e4 0b ee |............Q...| +00000010 9c 83 0f a1 bd 1a c8 b4 94 17 5e 17 fb 63 43 31 |..........^..cC1| +00000020 89 86 03 fa 82 d4 bb c5 ba 9d 60 20 a1 0b c7 9c |..........` ....| +00000030 b0 3f d9 7a 52 bd c0 3f cd c5 21 54 40 a5 60 73 |.?.zR..?..!T@.`s| +00000040 fd ff 07 99 75 59 0d f3 bd 57 f6 81 00 04 13 01 |....uY...W......| +00000050 00 ff 01 00 00 7d 00 0b 00 04 03 00 01 02 00 0a |.....}..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................| +00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..| +000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.| +000000b0 1d 00 20 04 16 08 0b 67 76 58 60 4a 32 c2 ea 1b |.. ....gvX`J2...| +000000c0 4a 54 fa 55 9b 39 d8 80 c4 eb 42 cc 1a 84 fe d7 |JT.U.9....B.....| +000000d0 0a 0d 43 |..C| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 a1 0b c7 9c |........... ....| +00000030 b0 3f d9 7a 52 bd c0 3f cd c5 21 54 40 a5 60 73 |.?.zR..?..!T@.`s| +00000040 fd ff 07 99 75 59 0d f3 bd 57 f6 81 13 01 00 00 |....uY...W......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 ec 4d 41 82 de 4f |...........MA..O| +00000090 c6 cf 1e 56 06 65 0e a4 e7 66 34 1d 89 59 b3 c2 |...V.e...f4..Y..| +000000a0 0a 17 03 03 02 6d 00 e1 17 f1 b3 5e a7 14 b3 f8 |.....m.....^....| +000000b0 3a ab 85 d4 80 75 69 01 6c 91 3f 79 ab 8f 51 e0 |:....ui.l.?y..Q.| +000000c0 f6 a5 65 ab 7e 72 e5 83 99 b2 cb cd f9 5f 27 db |..e.~r......._'.| +000000d0 90 70 9c c1 e5 6d 80 3e 59 7c 4d fa f1 23 8a a7 |.p...m.>Y|M..#..| +000000e0 f4 81 22 32 5b e2 4e d0 eb ab bd 96 05 42 05 5c |.."2[.N......B.\| +000000f0 20 5c 8a 3e ca fd b8 aa dd f2 c4 3e dc 7e a5 ab | \.>.......>.~..| +00000100 95 a4 20 03 0e 41 9b 14 55 91 1b 9c 3b 17 bc 2a |.. ..A..U...;..*| +00000110 60 c0 ee b1 78 e9 37 c4 65 ef 8c 29 ec d9 10 81 |`...x.7.e..)....| +00000120 a0 1d c9 ac cf e5 36 90 88 d3 70 6d 59 66 61 a8 |......6...pmYfa.| +00000130 18 79 ad d8 c7 3e 1f a5 db dc b5 21 83 b0 ae 16 |.y...>.....!....| +00000140 ce 8e 98 d4 8e 28 c1 d3 d2 ef 51 35 45 41 a7 b4 |.....(....Q5EA..| +00000150 e1 15 bb 32 10 aa b1 27 be 53 5e 96 ef 0b bd 2f |...2...'.S^..../| +00000160 81 66 18 f4 8b 9a cc be 67 c1 32 e3 c0 ea e5 c0 |.f......g.2.....| +00000170 76 2c 36 7f 91 11 13 c1 a4 04 7e 8e 7b 60 a5 3d |v,6.......~.{`.=| +00000180 fa 3c d8 68 9a 7e 4b 23 3d 18 1b a3 34 a9 81 a4 |.<.h.~K#=...4...| +00000190 00 09 cd 56 eb f2 29 9f 17 8d 48 4d 21 a2 4e ec |...V..)...HM!.N.| +000001a0 f0 a0 8d b1 ed d6 c7 01 d0 8e 2f 25 65 9f ac eb |........../%e...| +000001b0 44 09 f2 75 db 37 a3 94 cb 70 29 59 37 97 71 63 |D..u.7...p)Y7.qc| +000001c0 9b fa 0f 0f 33 75 0a 60 4f 78 97 9e 6a 2c 4b df |....3u.`Ox..j,K.| +000001d0 54 cc c0 ac 57 4c f3 3a e3 79 01 b9 c3 8c 37 d2 |T...WL.:.y....7.| +000001e0 8f d9 e7 cd 33 5a 0c bb 43 7e 39 5f 63 9f a5 11 |....3Z..C~9_c...| +000001f0 f5 6e e0 95 1f 09 03 56 0f ec b9 7d 08 31 c5 57 |.n.....V...}.1.W| +00000200 fa a6 57 15 6c 6b 91 d4 9f 5d c2 40 8b 3d 3a 57 |..W.lk...].@.=:W| +00000210 c2 64 55 bd 88 bb 5e 24 7f fe 79 0c 88 f3 a7 1c |.dU...^$..y.....| +00000220 f8 20 6f ba d6 ec fc b2 04 2a d7 b7 17 5e 4c 2e |. o......*...^L.| +00000230 24 cd 1b 8a 04 fe 21 e0 5b 90 ec f4 30 df bf fe |$.....!.[...0...| +00000240 a8 f9 2b 40 c1 23 15 f2 44 87 9a aa 30 80 70 27 |..+@.#..D...0.p'| +00000250 80 6f 90 08 b5 47 2e 01 ea 77 3a ba a4 4b 77 8a |.o...G...w:..Kw.| +00000260 12 b4 4e e1 a6 04 8a 01 31 60 27 35 bf 76 de 09 |..N.....1`'5.v..| +00000270 aa 8a c4 c4 21 31 9f eb c2 92 05 be a1 b5 24 eb |....!1........$.| +00000280 71 24 55 f9 aa 5c 62 59 49 bf 42 4c 69 01 4f f7 |q$U..\bYI.BLi.O.| +00000290 b6 27 14 d4 cc 40 80 13 9b 8b 30 55 1f 32 c1 ee |.'...@....0U.2..| +000002a0 51 bd 71 f7 63 3f c2 00 90 60 dc 13 0f 62 c3 06 |Q.q.c?...`...b..| +000002b0 80 f6 4f cc 44 71 d7 5c 2e 18 82 45 ca 80 b7 0e |..O.Dq.\...E....| +000002c0 0c 6f 75 1b 23 cb 86 c1 2d 1e 1b 02 2a 15 fa c7 |.ou.#...-...*...| +000002d0 b2 af 80 5c 48 c2 b7 12 59 a3 e4 3c ed df 26 d0 |...\H...Y..<..&.| +000002e0 85 9b 5a 2d 7b 66 e6 c4 b3 fe cd 4d 72 4d fb da |..Z-{f.....MrM..| +000002f0 1c 0d 5c fb 2f 8a e3 70 98 ee 95 9c 12 1a fa c7 |..\./..p........| +00000300 94 7a 8e ca 4d a4 bb 2f 70 3b 67 95 fb 23 fb 8f |.z..M../p;g..#..| +00000310 8c 77 4c 17 03 03 00 99 8a 72 14 c7 82 18 d7 ed |.wL......r......| +00000320 c7 5d 32 df 44 91 6b 40 3e 0b eb a1 74 da d9 3a |.]2.D.k@>...t..:| +00000330 3c 7a 2e 7a 73 3b 63 72 33 c4 c5 27 29 33 f5 30 |..~b`| +00000480 5d 0a 82 |]..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 35 fd 9a 7d 02 |..........55..}.| +00000010 fb b2 eb fa 51 27 3e 80 ab 60 f6 a1 54 31 13 2f |....Q'>..`..T1./| +00000020 02 b9 19 ac 68 be 25 69 b3 c4 48 87 42 75 b0 93 |....h.%i..H.Bu..| +00000030 66 3e 2e 0b 79 4f 0b 3a 59 ef 89 83 65 c9 10 9b |f>..yO.:Y...e...| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 58 0f 73 e3 ba ff d3 19 0d 89 c9 |.....X.s........| +00000010 94 8a fb 24 02 58 2a 2c eb 69 29 4e 57 d3 d2 5e |...$.X*,.i)NW..^| +00000020 ba b2 75 17 03 03 00 13 9c 5c 46 44 71 dc 68 b8 |..u......\FDq.h.| +00000030 39 cc e1 fd 2d 2a a1 a9 50 6c af |9...-*..Pl.| diff --git a/tls/testdata/Server-TLSv13-P256 b/tls/testdata/Server-TLSv13-P256 new file mode 100644 index 00000000..dd8e0f49 --- /dev/null +++ b/tls/testdata/Server-TLSv13-P256 @@ -0,0 +1,102 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e3 01 00 00 df 03 03 c8 5f 11 a2 29 |............_..)| +00000010 7b c3 b7 72 5e ba e1 c5 83 45 c8 87 e1 51 27 d9 |{..r^....E...Q'.| +00000020 33 0e 68 e0 71 76 9e 8f 4e f4 da 20 da fd c6 1d |3.h.qv..N.. ....| +00000030 46 55 42 89 0a 80 e0 d3 e4 dd db 7d b1 3a 76 a3 |FUB........}.:v.| +00000040 5b d9 2a c7 f1 1a 3b 0b 8c 24 dd 4d 00 04 13 03 |[.*...;..$.M....| +00000050 00 ff 01 00 00 92 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 04 00 02 00 17 00 16 00 00 00 17 00 00 00 0d |................| +00000070 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 |................| +00000080 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000090 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 |.+......-.....3.| +000000a0 47 00 45 00 17 00 41 04 04 48 71 9f a6 06 17 16 |G.E...A..Hq.....| +000000b0 04 d2 b4 e7 6b 5c cf d8 9f ca 64 a7 39 9e 1a 22 |....k\....d.9.."| +000000c0 aa fc b5 4c d9 d3 b3 37 e3 d4 e1 3b 5b 00 74 df |...L...7...;[.t.| +000000d0 df e5 29 8f 7c f7 6b 02 f0 e7 fb 9b 43 6a 41 fb |..).|.k.....CjA.| +000000e0 77 5b c2 6e 99 48 69 78 |w[.n.Hix| +>>> Flow 2 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 da fd c6 1d |........... ....| +00000030 46 55 42 89 0a 80 e0 d3 e4 dd db 7d b1 3a 76 a3 |FUB........}.:v.| +00000040 5b d9 2a c7 f1 1a 3b 0b 8c 24 dd 4d 13 03 00 00 |[.*...;..$.M....| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| +00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| +00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| +00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| +000000a0 14 03 03 00 01 01 17 03 03 00 17 81 b8 e3 25 04 |..............%.| +000000b0 6c d8 f6 7c 04 a1 2c 8b 1f 0d cb de 29 1b e1 a3 |l..|..,.....)...| +000000c0 6f 8c 17 03 03 02 6d 81 db bc b4 f8 02 f3 c5 4e |o.....m........N| +000000d0 9e f7 5f 55 54 3e 25 a9 2f 03 06 62 2f 1e 7e d4 |.._UT>%./..b/.~.| +000000e0 19 27 88 1e ac f2 44 87 29 84 08 69 2f 5d a3 ca |.'....D.)..i/]..| +000000f0 de 8f 98 ad 25 6b c5 94 62 34 44 95 bc 17 ed e6 |....%k..b4D.....| +00000100 fe 89 9c ef 46 c9 cb ee 16 d4 42 b6 d3 50 7b 3a |....F.....B..P{:| +00000110 51 d8 20 23 02 3e 69 a8 1a 80 eb bf 7c 82 2b 1f |Q. #.>i.....|.+.| +00000120 10 5a 30 85 dd bc ff 65 4d c6 4f 7b bc 3d 64 e2 |.Z0....eM.O{.=d.| +00000130 93 2a 05 a0 af de b1 41 48 85 db 98 c9 a9 96 5c |.*.....AH......\| +00000140 64 a4 70 2e f9 4e de 38 9f 48 f7 eb 6e 14 42 3f |d.p..N.8.H..n.B?| +00000150 9f 86 0f 2d 70 6a 30 96 1c dd c6 11 28 6f 86 b6 |...-pj0.....(o..| +00000160 da bb 5b 76 c8 56 18 4a 67 bf 59 db 56 46 f0 c7 |..[v.V.Jg.Y.VF..| +00000170 80 2b 0f 0c 8a 02 58 a1 13 aa 2e 5d 61 e2 d5 23 |.+....X....]a..#| +00000180 3c 1c 75 06 e4 e4 e1 39 eb 65 6a ff 38 21 28 c9 |<.u....9.ej.8!(.| +00000190 c5 8b a5 12 21 18 2a 59 e7 4e 66 53 be d3 49 97 |....!.*Y.NfS..I.| +000001a0 f9 b1 7d e2 75 44 37 38 36 35 af 78 27 f4 74 e0 |..}.uD7865.x'.t.| +000001b0 45 ca fd 79 3c 39 65 00 46 58 4b 8b db f9 6e c0 |E..y<9e.FXK...n.| +000001c0 69 ec 1e 25 87 66 e1 b8 d8 cc 16 5b 16 9e 90 2e |i..%.f.....[....| +000001d0 16 0c 8f 25 04 cf 40 c8 50 dd c4 63 19 8f f1 76 |...%..@.P..c...v| +000001e0 5e fa 24 1d 8a d2 c1 d4 98 49 48 f0 e6 fa f3 6e |^.$......IH....n| +000001f0 63 0b a5 7a 2f f2 f0 47 0b c0 89 9f 7b 9f ef 48 |c..z/..G....{..H| +00000200 df fd 38 5d a9 71 ce 0c 3c 6f 88 0b 1b d3 93 8c |..8].q....| +00000250 96 5a 3c 97 8e 7b 47 b8 f0 58 16 12 05 69 69 a1 |.Z<..{G..X...ii.| +00000260 36 7b ff dd 92 60 26 e2 f9 53 4c 3a 25 ac 88 dd |6{...`&..SL:%...| +00000270 9a 81 7c 1f 58 27 33 14 68 44 06 e2 01 14 94 99 |..|.X'3.hD......| +00000280 00 05 8f 64 47 ca 95 fa 92 57 a9 1a 53 d5 47 52 |...dG....W..S.GR| +00000290 e8 c4 aa eb 0a f5 1b a9 09 72 92 37 f5 8d 90 b8 |.........r.7....| +000002a0 4b 08 7f 55 19 2d a7 d8 7b d9 ba 7f 5e 56 bb 80 |K..U.-..{...^V..| +000002b0 c7 d0 49 99 ae ce 2f a4 f0 ab d1 bd ba f3 0f 85 |..I.../.........| +000002c0 f1 68 c1 9d 2a 37 ff de a4 0a 6f 58 27 1d 1d 2b |.h..*7....oX'..+| +000002d0 87 9d 52 d3 70 37 a6 03 cd 77 61 9b 56 64 49 62 |..R.p7...wa.VdIb| +000002e0 ef a1 ed fe 75 1a 61 4a 58 01 d6 80 2f ab ab fc |....u.aJX.../...| +000002f0 b2 49 1f 51 b7 51 29 c1 a1 39 fc f4 0a 9b 0d 76 |.I.Q.Q)..9.....v| +00000300 c6 d0 89 c9 8f 88 e9 ec 13 90 78 4f 0c f5 c9 7e |..........xO...~| +00000310 d5 b3 13 ad 35 6d 53 d0 88 50 e8 47 15 a0 ca fc |....5mS..P.G....| +00000320 5f 6e 98 23 46 6a 69 84 3c a9 3f eb d1 05 f5 97 |_n.#Fji.<.?.....| +00000330 11 39 7f 39 17 03 03 00 99 84 8e 37 a9 57 78 12 |.9.9.......7.Wx.| +00000340 8e 9a e7 8e 45 ee 55 61 66 24 ed 5a 36 19 e3 1c |....E.Uaf$.Z6...| +00000350 22 3b 8b c0 4b c9 cd 2c 4c 17 d2 a9 40 2c 02 40 |";..K..,L...@,.@| +00000360 74 ba 11 de a5 d4 01 11 ae 9d 71 76 4c f0 87 0f |t.........qvL...| +00000370 5e 75 c0 67 c0 33 e7 3e 9b d3 a4 21 e8 40 a6 9f |^u.g.3.>...!.@..| +00000380 d8 24 a7 d7 c1 99 cc 8d 33 10 91 0a 41 a6 05 1c |.$......3...A...| +00000390 85 4c c5 a8 c9 dd 74 d0 5c 67 2e 2a 50 4e 30 c7 |.L....t.\g.*PN0.| +000003a0 bb fa f8 65 ee 48 23 f5 c5 d3 a1 ec 4d 3f ac 4b |...e.H#.....M?.K| +000003b0 ef 1e 8d 84 07 b9 69 2a 34 51 73 ba fb b5 7d 64 |......i*4Qs...}d| +000003c0 1f fc 0e c8 33 d9 77 5e 41 00 65 25 ea 75 75 c9 |....3.w^A.e%.uu.| +000003d0 2b 03 17 03 03 00 35 54 c2 06 55 7c 6f 92 8a d2 |+.....5T..U|o...| +000003e0 d5 35 0c 4b 0d df cb d7 6e 5d 64 e1 2e cf 50 b8 |.5.K....n]d...P.| +000003f0 d8 04 9a f4 ce 69 d3 ac bb 47 cd 57 ac 07 aa 40 |.....i...G.W...@| +00000400 e3 fc 01 bc d6 a1 0e 16 4e 6b 04 cc 17 03 03 00 |........Nk......| +00000410 93 b2 c3 64 29 13 07 75 b4 c4 84 f7 0e 99 d9 9f |...d)..u........| +00000420 8d 5b fd 26 07 42 48 33 3a ab 6f 7d 07 8b f6 8a |.[.&.BH3:.o}....| +00000430 22 a4 ce 64 0f 69 ea 61 95 70 6d d3 f8 5f 8b ad |"..d.i.a.pm.._..| +00000440 02 43 94 41 51 f4 f8 0b 52 fc 58 c1 23 5e 22 a7 |.C.AQ...R.X.#^".| +00000450 74 49 a1 46 e8 29 ab d6 ae 02 a4 7b e4 23 f1 89 |tI.F.).....{.#..| +00000460 1c b1 74 86 92 1b 6a 7c 2f 55 2b 89 f6 01 fc e2 |..t...j|/U+.....| +00000470 d6 15 b9 b1 64 1c 4a af f8 fe 3e e0 76 0f cf 08 |....d.J...>.v...| +00000480 e1 2c db f6 1c 77 6f e4 a4 80 ad 13 74 3d 02 52 |.,...wo.....t=.R| +00000490 a1 ff 3e 85 1d d3 77 bc f2 48 73 1c 45 09 62 34 |..>...w..Hs.E.b4| +000004a0 80 09 21 41 |..!A| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 ab dd 69 66 c8 |..........5..if.| +00000010 f9 eb e6 e6 b0 a9 9b 10 1d fc ad 89 ad 4d f5 2b |.............M.+| +00000020 e4 d7 12 5b 1c 1e 81 12 df 24 ba ea 6b 3e 6f 82 |...[.....$..k>o.| +00000030 dd 2f 38 a1 65 07 55 6a 4f 8e 99 5d 4f 35 b8 5d |./8.e.UjO..]O5.]| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e e5 f4 e6 14 79 8c b9 a9 77 6b c9 |.........y...wk.| +00000010 ff ad 60 f3 03 cf 48 19 19 71 6c 85 da 92 cb 79 |..`...H..ql....y| +00000020 2b 20 41 17 03 03 00 13 69 de ca 08 9c cf 70 37 |+ A.....i.....p7| +00000030 5e fc 32 31 1c 93 d1 e4 01 f3 c6 |^.21.......| diff --git a/tls/testdata/Server-TLSv13-RSA-RSAPSS b/tls/testdata/Server-TLSv13-RSA-RSAPSS new file mode 100644 index 00000000..db53ebbc --- /dev/null +++ b/tls/testdata/Server-TLSv13-RSA-RSAPSS @@ -0,0 +1,97 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 b2 01 00 00 ae 03 03 4d a5 7b 2c da |...........M.{,.| +00000010 67 11 9d 4d a0 92 2a 96 6c 85 ef 8c 52 0a 31 cf |g..M..*.l...R.1.| +00000020 43 23 3e 8d 67 63 9b 7e 84 94 17 20 a2 a1 87 c6 |C#>.gc.~... ....| +00000030 5e 64 34 75 da ac ee ba d4 d8 8f 2a a6 55 9f 4f |^d4u.......*.U.O| +00000040 48 38 5a 29 61 a4 ef 7d 1d 74 a7 71 00 04 13 03 |H8Z)a..}.t.q....| +00000050 00 ff 01 00 00 61 00 0b 00 04 03 00 01 02 00 0a |.....a..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 06 00 04 08 06 08 04 |................| +00000080 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 |.+......-.....3.| +00000090 26 00 24 00 1d 00 20 16 5e 23 ca e7 24 31 81 c2 |&.$... .^#..$1..| +000000a0 78 21 3a ee 8a f3 61 8a 46 a0 56 ee a9 ed 82 3a |x!:...a.F.V....:| +000000b0 87 b7 4a 0a 03 fe 59 |..J...Y| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 a2 a1 87 c6 |........... ....| +00000030 5e 64 34 75 da ac ee ba d4 d8 8f 2a a6 55 9f 4f |^d4u.......*.U.O| +00000040 48 38 5a 29 61 a4 ef 7d 1d 74 a7 71 13 03 00 00 |H8Z)a..}.t.q....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 f8 7a 9c bc 58 8d |...........z..X.| +00000090 ce cd ff e6 ae 2d c2 e0 40 33 4e c4 ec f5 90 dd |.....-..@3N.....| +000000a0 ba 17 03 03 02 6d f3 65 a1 b4 fe ef 40 37 72 fa |.....m.e....@7r.| +000000b0 a5 b8 10 ad 32 e3 08 e1 ac bb 14 f2 34 bf 25 19 |....2.......4.%.| +000000c0 aa 2d 1a 78 cc 26 2f 5c 0b 7e 13 73 36 85 92 96 |.-.x.&/\.~.s6...| +000000d0 0a 7a 27 f5 35 86 f1 ea 1a 5f 5c 3a 90 28 63 6a |.z'.5...._\:.(cj| +000000e0 b3 7c e0 56 32 10 55 67 59 e0 65 d6 11 ef 7c 50 |.|.V2.UgY.e...|P| +000000f0 0b 9e 88 0a 61 96 93 cf 05 51 47 33 c3 5c e3 82 |....a....QG3.\..| +00000100 01 6d f1 f7 5c dc df b2 61 7c d7 9f de b4 3e c0 |.m..\...a|....>.| +00000110 6d b5 52 39 3b f6 33 c2 03 65 2b 66 39 ed d6 f0 |m.R9;.3..e+f9...| +00000120 83 46 61 db fc 27 a5 8a 68 d6 8a 85 5d 3f b1 46 |.Fa..'..h...]?.F| +00000130 a2 3a 32 37 1f e0 76 a6 79 7f eb b2 81 52 e7 e0 |.:27..v.y....R..| +00000140 4f b2 db 48 7d 20 61 52 d4 22 2a b7 81 2f da 5b |O..H} aR."*../.[| +00000150 f6 e8 0a a6 91 b5 d1 f5 6b 5e 2b ad fd 70 cd a1 |........k^+..p..| +00000160 f8 4d 73 31 3d 2a 49 d3 2e 6b b3 31 95 61 09 08 |.Ms1=*I..k.1.a..| +00000170 c5 f9 eb db 42 b0 e1 5d 47 00 3e 7e 80 31 c6 d2 |....B..]G.>~.1..| +00000180 37 dc 68 d7 36 05 ad 8a a4 05 87 7a 1c 12 f6 ab |7.h.6......z....| +00000190 0e e1 5b 29 b1 1c 16 20 29 75 5a b0 59 24 59 df |..[)... )uZ.Y$Y.| +000001a0 62 fe f2 26 ad ab bf 2b 25 d7 9e db 04 f6 26 96 |b..&...+%.....&.| +000001b0 f7 5f 2c ff 2e 6d 85 c7 58 c8 15 9c d0 7d dd 8e |._,..m..X....}..| +000001c0 1a 39 fc 3d 62 58 47 ce 83 7a ff fc 45 98 02 3d |.9.=bXG..z..E..=| +000001d0 aa 37 b7 5e a7 7b 8e fa f2 05 8b 61 7f 04 08 f5 |.7.^.{.....a....| +000001e0 af 1d 6e 55 18 d2 12 2e bd 8a 80 3d cb e6 0f cd |..nU.......=....| +000001f0 3c d8 a5 38 db ee 07 c6 3b 75 55 c2 ee 2e 6a a3 |<..8....;uU...j.| +00000200 fa 54 ce e3 45 92 c0 b9 8c 10 3d 2f 86 cb a5 c9 |.T..E.....=/....| +00000210 af 37 f7 f6 6c 3e 4b 15 04 bd 46 98 31 5a b9 8c |.7..l>K...F.1Z..| +00000220 ec 67 0d 97 9d 26 56 65 9c a7 74 bb 88 45 dc 4e |.g...&Ve..t..E.N| +00000230 ce 70 a1 fc ce fc a7 d4 e1 7d a7 43 82 a6 e2 30 |.p.......}.C...0| +00000240 e2 94 88 e5 1a 05 c5 28 06 14 7b 29 75 f9 4d 2c |.......(..{)u.M,| +00000250 bb 54 ee f5 17 4e 2a bf 04 e6 38 f2 cf ed ab a2 |.T...N*...8.....| +00000260 ef ae ac 3d 80 5e 03 71 74 70 0c 68 93 ca ea 93 |...=.^.qtp.h....| +00000270 e5 b1 d1 18 80 98 0e c6 e8 f5 65 87 e7 9a 33 1d |..........e...3.| +00000280 e6 3d e2 28 82 19 2a 9d 5f 1a a2 74 fa 27 8b d0 |.=.(..*._..t.'..| +00000290 09 9a ba 1b c5 a6 4c 3b c3 02 12 61 a1 8a 20 d3 |......L;...a.. .| +000002a0 a4 3c 3b aa f2 08 de e0 de 07 9f a0 13 b4 e8 23 |.<;............#| +000002b0 d3 a5 ff 12 74 55 29 3a 57 f5 14 b3 af e6 28 ed |....tU):W.....(.| +000002c0 b1 60 9c 6b 7d 55 a1 58 50 ab 42 71 5d 0e dc 76 |.`.k}U.XP.Bq]..v| +000002d0 87 cd a1 d3 e4 26 25 c4 c1 23 1e 3b 31 13 3d f8 |.....&%..#.;1.=.| +000002e0 b2 1b a8 07 f6 68 83 b4 7e 94 ca 84 95 55 38 d1 |.....h..~....U8.| +000002f0 eb af 19 83 90 4a ab 0a 8d f6 48 9a 25 fa 59 97 |.....J....H.%.Y.| +00000300 3c 5f 6a 2d 68 ec 29 d5 53 b4 9a 97 ea 59 fe 74 |<_j-h.).S....Y.t| +00000310 81 0e b9 17 03 03 00 99 12 25 df 91 85 91 ac c0 |.........%......| +00000320 60 4e 6e ed c4 b2 f0 f3 8b 66 53 75 11 07 29 d6 |`Nn......fSu..).| +00000330 1f 01 81 60 de 5f b7 6b 5e 39 c8 ea f1 f8 2a 94 |...`._.k^9....*.| +00000340 dd b6 c5 a9 31 be 87 a7 aa a9 64 03 16 40 df ef |....1.....d..@..| +00000350 37 ac 66 4c 19 f1 60 d5 b4 88 93 a7 42 ac e3 81 |7.fL..`.....B...| +00000360 c8 88 3f e2 30 a0 ff b7 d5 19 fc f2 72 a7 97 a8 |..?.0.......r...| +00000370 31 ce 20 be 90 bc f5 8a 24 31 b1 c6 2b 2a ad c5 |1. .....$1..+*..| +00000380 7a 34 69 eb a7 86 53 61 a1 88 4f 58 2a 65 a2 18 |z4i...Sa..OX*e..| +00000390 7a 93 81 c6 bd c7 bc 84 5b ff 85 aa ff fc 68 50 |z.......[.....hP| +000003a0 cb 57 37 54 a7 0f 2e 64 82 53 b7 dc ea c2 e3 49 |.W7T...d.S.....I| +000003b0 fd 17 03 03 00 35 da 2a 8c 37 83 a5 a0 d4 06 c4 |.....5.*.7......| +000003c0 ff f3 85 6f e4 11 1f 37 0f 06 35 45 e9 51 43 6f |...o...7..5E.QCo| +000003d0 d2 a4 cb b7 ad f0 66 1c 20 40 c3 14 32 c0 57 71 |......f. @..2.Wq| +000003e0 d3 8c 9c 7f 5b e6 50 a1 c2 e5 62 17 03 03 00 93 |....[.P...b.....| +000003f0 30 b8 ab dc 3b df 60 aa b1 d2 25 5a 60 da b6 c8 |0...;.`...%Z`...| +00000400 22 88 93 79 25 44 56 aa ec 93 e8 01 11 bf 69 ad |"..y%DV.......i.| +00000410 b2 c9 43 67 33 aa 6d ae 73 a3 95 2b f0 86 ed a2 |..Cg3.m.s..+....| +00000420 db df e3 dc 9b 16 1d 8d fc 2f a5 c4 41 d0 86 2f |........./..A../| +00000430 cc a1 a1 ce 9a e5 e6 c8 a2 d1 a8 b2 a4 15 9c 69 |...............i| +00000440 38 5a fa fd de d4 02 95 24 67 1b 61 76 1f c4 65 |8Z......$g.av..e| +00000450 01 fc 36 2d ef 2d 0f 8e f0 5a 6d 04 07 b8 26 18 |..6-.-...Zm...&.| +00000460 90 fc 82 1b 99 68 b0 13 7f 6e a1 9b c4 2a f3 b8 |.....h...n...*..| +00000470 0b 6a 44 cd 04 e8 20 96 6d f5 48 cb 71 8a 04 10 |.jD... .m.H.q...| +00000480 b8 8d 56 |..V| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 54 e5 3f f8 77 |..........5T.?.w| +00000010 59 e3 8b 02 0b 80 8d 59 12 22 23 09 cb d9 93 67 |Y......Y."#....g| +00000020 c7 35 b4 45 a0 54 49 fd 65 b5 ff e6 3e 3c b9 bf |.5.E.TI.e...><..| +00000030 26 ca df 86 db a4 66 b5 3e 1f 36 69 a5 99 2b ed |&.....f.>.6i..+.| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e e3 b4 3e 81 ff 1a 36 f8 11 53 64 |.......>...6..Sd| +00000010 b9 28 4e 68 de ee 9c b6 4d 71 21 fa 85 56 30 ad |.(Nh....Mq!..V0.| +00000020 e9 c2 27 17 03 03 00 13 3d b8 13 b0 5f df 5a 05 |..'.....=..._.Z.| +00000030 85 cf eb 48 86 fb c5 a0 67 f7 ee |...H....g..| diff --git a/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall b/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall new file mode 100644 index 00000000..6d27e907 --- /dev/null +++ b/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall @@ -0,0 +1,15 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 b0 01 00 00 ac 03 03 15 df ef fb ff |................| +00000010 00 89 4d bf 59 d2 30 f1 f3 e7 20 24 c6 06 ba a4 |..M.Y.0... $....| +00000020 28 b4 ba 3d 00 f2 18 9b 98 a3 f2 20 7e d9 d0 58 |(..=....... ~..X| +00000030 50 25 90 2d f0 af 72 66 fb f8 54 33 6e d4 2b f0 |P%.-..rf..T3n.+.| +00000040 0f 1a ea dc 9e 08 34 ed 68 a8 d8 bd 00 04 13 03 |......4.h.......| +00000050 00 ff 01 00 00 5f 00 0b 00 04 03 00 01 02 00 0a |....._..........| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000070 00 00 00 17 00 00 00 0d 00 04 00 02 08 06 00 2b |...............+| +00000080 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.| +00000090 24 00 1d 00 20 6e 42 98 d4 04 32 d1 21 0f 64 c9 |$... nB...2.!.d.| +000000a0 b7 f2 b2 52 6f 2b b7 b1 95 4b 57 85 7b 69 d9 63 |...Ro+...KW.{i.c| +000000b0 19 48 d2 1c 1e |.H...| +>>> Flow 2 (server to client) +00000000 15 03 03 00 02 02 28 |......(| diff --git a/tls/testdata/Server-TLSv13-Resume b/tls/testdata/Server-TLSv13-Resume new file mode 100644 index 00000000..091ffc33 --- /dev/null +++ b/tls/testdata/Server-TLSv13-Resume @@ -0,0 +1,60 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 6e 01 00 01 6a 03 03 b6 39 89 61 fd |....n...j...9.a.| +00000010 11 84 b3 4b a9 18 23 b2 35 3d 82 85 75 5c e2 f3 |...K..#.5=..u\..| +00000020 c9 f4 b0 2f 05 fb 5a 90 da 73 38 20 7f 06 81 e5 |.../..Z..s8 ....| +00000030 d0 10 08 d1 b0 3c 3c 4b 28 39 34 9a 56 ca 47 4a |.....<.....| +000000f0 00 00 00 00 00 00 00 00 00 00 00 94 68 2c a3 82 |............h,..| +00000100 51 ed 14 ef 68 ca 42 c5 5c ab 26 c2 91 a9 01 83 |Q...h.B.\.&.....| +00000110 13 26 8f 62 7c 89 c0 a2 b5 9b 6d 4f a4 c9 e2 49 |.&.b|.....mO...I| +00000120 34 03 2c b2 7d d9 af eb 1a 99 76 3c a5 ef 70 78 |4.,.}.....v<..px| +00000130 59 58 1c 45 80 c5 f1 b8 91 b2 54 71 3f bf 4f 2a |YX.E......Tq?.O*| +00000140 b2 9d 9d 6f 6f 1c f1 3c 6c e6 a2 73 00 00 00 00 |...oo..>> Flow 2 (server to client) +00000000 16 03 03 00 80 02 00 00 7c 03 03 00 00 00 00 00 |........|.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 7f 06 81 e5 |........... ....| +00000030 d0 10 08 d1 b0 3c 3c 4b 28 39 34 9a 56 ca 47 4a |.....<>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 69 08 b0 a0 71 |..........5i...q| +00000010 1f 95 45 c4 b2 11 43 a9 b5 da ba 11 0a 2b 24 49 |..E...C......+$I| +00000020 ac 3d 8e ec 32 c9 7f 3e cc 1b fc 9a 68 d0 22 cb |.=..2..>....h.".| +00000030 37 0e 8f fe 4f 75 1a 62 44 20 60 c2 64 de 48 6d |7...Ou.bD `.d.Hm| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e d5 71 aa 53 2d 55 b7 76 11 45 b0 |......q.S-U.v.E.| +00000010 f3 de f7 f1 78 0b 10 3f 49 7f ea 83 17 2e b9 50 |....x..?I......P| +00000020 ec d2 0f 17 03 03 00 13 0a 22 58 66 d8 f7 ad fc |........."Xf....| +00000030 9c f2 da d1 ae 02 f8 99 d2 26 63 |.........&c| diff --git a/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest b/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest new file mode 100644 index 00000000..d0aa66a5 --- /dev/null +++ b/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest @@ -0,0 +1,96 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 68 01 00 01 64 03 03 a0 27 b0 af b0 |....h...d...'...| +00000010 15 2c ed 88 b2 e8 c5 67 2e db 0d 29 13 64 bb 58 |.,.....g...).d.X| +00000020 3b 71 67 a9 47 65 8a 3c 09 44 29 20 46 fe 89 4b |;qg.Ge.<.D) F..K| +00000030 f3 1d ed 40 2d 5c 1b 23 26 f5 72 6f d1 b4 77 f5 |...@-\.#&.ro..w.| +00000040 1a 9f d1 98 34 46 fe 89 0b 2d c1 f9 00 04 13 01 |....4F...-......| +00000050 00 ff 01 00 01 17 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 06 00 04 00 1d 00 17 00 23 00 00 00 16 00 00 |.........#......| +00000070 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................| +00000080 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................| +00000090 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.| +000000a0 02 01 01 00 33 00 26 00 24 00 1d 00 20 8c 7b 61 |....3.&.$... .{a| +000000b0 71 c8 0b 1a 17 14 d9 eb 21 38 e6 2f c0 40 e9 2d |q.......!8./.@.-| +000000c0 3c 91 c5 4e 9d bb dd af 40 bc 91 38 74 00 29 00 |<..N....@..8t.).| +000000d0 9c 00 77 00 71 50 46 ad c1 db a8 38 86 7b 2b bb |..w.qPF....8.{+.| +000000e0 fd d0 c3 42 3e 00 00 00 00 00 00 00 00 00 00 00 |...B>...........| +000000f0 00 00 00 00 00 94 68 2c a3 82 51 ed 14 ef 68 ca |......h,..Q...h.| +00000100 42 c5 5c ab 26 c2 91 a9 01 83 13 26 8f 62 7c 89 |B.\.&......&.b|.| +00000110 c0 a2 b5 9b 6d 4f a4 c9 e2 49 34 03 2c b2 7d d9 |....mO...I4.,.}.| +00000120 af eb 1a 99 76 3c a5 ef 70 78 59 58 1c 45 80 c5 |....v<..pxYX.E..| +00000130 f1 b8 91 b2 54 71 3f bf 4f 2a b2 9d 9d 6f 6f 1c |....Tq?.O*...oo.| +00000140 f1 3c 6c e6 a2 73 00 00 00 00 00 21 20 7b 6e 44 |.>> Flow 2 (server to client) +00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.| +00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z| +00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 46 fe 89 4b |..^......3. F..K| +00000030 f3 1d ed 40 2d 5c 1b 23 26 f5 72 6f d1 b4 77 f5 |...@-\.#&.ro..w.| +00000040 1a 9f d1 98 34 46 fe 89 0b 2d c1 f9 13 01 00 00 |....4F...-......| +00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......| +00000060 00 01 01 |...| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 16 03 03 01 89 01 00 01 85 03 |................| +00000010 03 a0 27 b0 af b0 15 2c ed 88 b2 e8 c5 67 2e db |..'....,.....g..| +00000020 0d 29 13 64 bb 58 3b 71 67 a9 47 65 8a 3c 09 44 |.).d.X;qg.Ge.<.D| +00000030 29 20 46 fe 89 4b f3 1d ed 40 2d 5c 1b 23 26 f5 |) F..K...@-\.#&.| +00000040 72 6f d1 b4 77 f5 1a 9f d1 98 34 46 fe 89 0b 2d |ro..w.....4F...-| +00000050 c1 f9 00 04 13 01 00 ff 01 00 01 38 00 0b 00 04 |...........8....| +00000060 03 00 01 02 00 0a 00 06 00 04 00 1d 00 17 00 23 |...............#| +00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................| +00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..| +000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 47 00 45 00 |....-.....3.G.E.| +000000b0 17 00 41 04 6e 14 0d ac 3f 1a 2a 36 54 4f ec 9d |..A.n...?.*6TO..| +000000c0 da 5b 93 12 42 eb 58 11 1b 4c 5c 39 a2 32 b8 5b |.[..B.X..L\9.2.[| +000000d0 41 13 51 05 88 fe 45 d2 01 ef 8d 14 bc 96 de d3 |A.Q...E.........| +000000e0 1c e3 eb 0c a0 a7 a3 7c 1c b1 9e 38 c2 dc f6 35 |.......|...8...5| +000000f0 7b 5b 08 2e 00 29 00 9c 00 77 00 71 50 46 ad c1 |{[...)...w.qPF..| +00000100 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 |..8.{+....B>....| +00000110 00 00 00 00 00 00 00 00 00 00 00 00 94 68 2c a3 |.............h,.| +00000120 82 51 ed 14 ef 68 ca 42 c5 5c ab 26 c2 91 a9 01 |.Q...h.B.\.&....| +00000130 83 13 26 8f 62 7c 89 c0 a2 b5 9b 6d 4f a4 c9 e2 |..&.b|.....mO...| +00000140 49 34 03 2c b2 7d d9 af eb 1a 99 76 3c a5 ef 70 |I4.,.}.....v<..p| +00000150 78 59 58 1c 45 80 c5 f1 b8 91 b2 54 71 3f bf 4f |xYX.E......Tq?.O| +00000160 2a b2 9d 9d 6f 6f 1c f1 3c 6c e6 a2 73 00 00 00 |*...oo..>> Flow 4 (server to client) +00000000 16 03 03 00 a1 02 00 00 9d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 46 fe 89 4b |........... F..K| +00000030 f3 1d ed 40 2d 5c 1b 23 26 f5 72 6f d1 b4 77 f5 |...@-\.#&.ro..w.| +00000040 1a 9f d1 98 34 46 fe 89 0b 2d c1 f9 13 01 00 00 |....4F...-......| +00000050 55 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |U.+.....3.E...A.| +00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| +00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| +00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| +00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| +000000a0 00 29 00 02 00 00 17 03 03 00 17 ea 86 30 48 65 |.)...........0He| +000000b0 cf a6 d4 9d af f7 75 d4 d3 dd af 79 ce 3a 42 5b |......u....y.:B[| +000000c0 68 7a 17 03 03 00 35 ef d6 22 53 ec 3c 27 84 c7 |hz....5.."S.<'..| +000000d0 7f b2 81 8e 3e 70 51 25 95 b4 6a 79 01 15 60 c0 |....>pQ%..jy..`.| +000000e0 39 eb 5b 90 7b 50 f5 3b 50 64 d2 b2 d6 c7 72 cf |9.[.{P.;Pd....r.| +000000f0 35 f3 25 1c 86 4b 69 ab 6e 50 86 2e 17 03 03 00 |5.%..Ki.nP......| +00000100 93 66 5a c1 de c6 92 96 95 92 48 90 e7 0f e1 08 |.fZ.......H.....| +00000110 25 b2 72 a5 7f c5 17 6e 70 5d 6e 68 78 32 72 8d |%.r....np]nhx2r.| +00000120 3a fa 7a 66 76 26 10 9e f9 92 ca 3b a7 6c 6c fa |:.zfv&.....;.ll.| +00000130 72 d1 22 f4 b0 b9 2a 90 bd ce 58 e4 ff 1d 88 99 |r."...*...X.....| +00000140 a4 8d f9 10 af c8 35 cd c4 6f 99 cd 9e 6c 95 b1 |......5..o...l..| +00000150 b7 6e a4 48 9e 75 f1 d3 c0 b3 27 f1 61 83 ea 13 |.n.H.u....'.a...| +00000160 06 7f 37 38 f1 31 9e 71 5a 97 15 b5 46 63 44 e8 |..78.1.qZ...FcD.| +00000170 f4 a1 fc 81 5d f4 c7 65 be 76 da 79 bd fb e4 e6 |....]..e.v.y....| +00000180 68 de ce f3 32 6b 0c ee 19 18 75 33 77 f2 34 3d |h...2k....u3w.4=| +00000190 9e c3 da b7 |....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 35 59 51 fe aa 0a 69 ef d5 0e ee e3 |....5YQ...i.....| +00000010 0e 21 f7 e0 80 88 a0 da 23 7a 38 7f 73 e1 da e9 |.!......#z8.s...| +00000020 7c 02 73 5e f2 64 e5 60 0e c6 d5 9e 7a 45 c2 0b ||.s^.d.`....zE..| +00000030 6f 08 46 46 5b f1 5b 67 5d 42 |o.FF[.[g]B| +>>> Flow 6 (server to client) +00000000 17 03 03 00 1e 3c a5 86 73 ea 62 44 ee 3b 45 a2 |.....<..s.bD.;E.| +00000010 2a 57 ed 27 0e 65 40 48 23 10 7f ff 27 e5 4e d1 |*W.'.e@H#...'.N.| +00000020 99 9a e1 17 03 03 00 13 1e 78 1a 08 4b 24 1b fc |.........x..K$..| +00000030 78 e5 ab fd 8f bf 53 26 f9 b7 c0 |x.....S&...| diff --git a/tls/testdata/Server-TLSv13-ResumeDisabled b/tls/testdata/Server-TLSv13-ResumeDisabled new file mode 100644 index 00000000..9f14b602 --- /dev/null +++ b/tls/testdata/Server-TLSv13-ResumeDisabled @@ -0,0 +1,99 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 01 6e 01 00 01 6a 03 03 0f 31 f0 17 d6 |....n...j...1...| +00000010 3e ee f6 b9 14 05 57 cb 41 0b a4 6a 2f 70 9e 69 |>.....W.A..j/p.i| +00000020 09 2a eb ec 9a f4 47 61 09 43 09 20 d2 5d cf 57 |.*....Ga.C. .].W| +00000030 b8 81 3c a5 0a 77 50 0a c3 88 79 7a dc d0 2f 8a |..<..wP...yz../.| +00000040 08 ea 5f 53 54 a6 ff 43 d2 03 55 0e 00 04 13 01 |.._ST..C..U.....| +00000050 00 ff 01 00 01 1d 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#| +00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................| +00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..| +000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.| +000000b0 1d 00 20 b4 ef 07 d4 1b 0e a1 42 ee f1 f3 84 3e |.. .......B....>| +000000c0 9f fe bb a6 af 59 9d 04 96 03 1b 43 1a b8 f7 7f |.....Y.....C....| +000000d0 44 64 60 00 29 00 9c 00 77 00 71 50 46 ad c1 db |Dd`.)...w.qPF...| +000000e0 a8 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 |.8.{+....B>.....| +000000f0 00 00 00 00 00 00 00 00 00 00 00 94 68 2c a3 82 |............h,..| +00000100 51 ed 14 ef 68 ca 42 c5 5c 90 6b 88 83 a9 b3 63 |Q...h.B.\.k....c| +00000110 7c 1c 04 ce dd be 5a 26 ef 4e 37 52 ea 9a 45 6b ||.....Z&.N7R..Ek| +00000120 ea 89 a5 26 7d c3 ea 67 db 99 76 3c e5 52 89 d0 |...&}..g..v<.R..| +00000130 4b 46 41 2e 62 5c ce a8 2e 9a 67 e9 52 f0 40 d2 |KFA.b\....g.R.@.| +00000140 f1 0e ab 02 0f 54 c8 0b 5e 91 8f 8b 00 00 00 00 |.....T..^.......| +00000150 00 21 20 e0 71 35 06 a0 30 9f bf 5a 6e f3 14 fd |.! .q5..0..Zn...| +00000160 34 0b 6d d5 36 08 82 8f d0 79 cc f3 74 7c a9 a5 |4.m.6....y..t|..| +00000170 c3 81 27 |..'| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 d2 5d cf 57 |........... .].W| +00000030 b8 81 3c a5 0a 77 50 0a c3 88 79 7a dc d0 2f 8a |..<..wP...yz../.| +00000040 08 ea 5f 53 54 a6 ff 43 d2 03 55 0e 13 01 00 00 |.._ST..C..U.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 df 85 83 6b 9d e0 |.............k..| +00000090 8d b4 da b1 f2 c7 ff c1 13 33 d4 53 b8 92 bf 83 |.........3.S....| +000000a0 6c 17 03 03 02 6d 6b 0f f6 15 41 46 aa 92 06 af |l....mk...AF....| +000000b0 c9 a2 73 c5 31 64 c1 cd 3a e5 e6 9a d9 04 f4 01 |..s.1d..:.......| +000000c0 d5 0e d6 30 e2 7a 6d 0c 23 d5 4b b1 70 58 c8 ca |...0.zm.#.K.pX..| +000000d0 5d 1f c9 7c 76 f8 f9 90 b0 f6 05 f6 85 d2 10 b6 |]..|v...........| +000000e0 bb b1 49 07 8a ba 9b d8 1a f4 48 18 f5 c5 90 f1 |..I.......H.....| +000000f0 a7 24 cd 3b ab 2f 49 28 fa 3c 64 80 50 a6 38 d9 |.$.;./I(..H2..| +00000170 37 13 08 f2 cc cb bb f5 55 d5 7d 97 5e 6a df 11 |7.......U.}.^j..| +00000180 33 fd 34 65 99 c2 40 7b a3 7a 04 92 63 ad 19 9d |3.4e..@{.z..c...| +00000190 02 2a 6f d1 c8 f7 e1 d1 0f a1 c3 5b 81 70 b0 e5 |.*o........[.p..| +000001a0 97 a4 b2 76 c5 9b 55 f5 da 2d 53 d2 49 4b a7 6a |...v..U..-S.IK.j| +000001b0 0f 0f c8 d6 a5 00 83 52 fb 12 c6 6b 98 51 a3 4e |.......R...k.Q.N| +000001c0 86 39 ab 7e 76 1f 31 b5 5e 50 53 1b 21 af 7f a0 |.9.~v.1.^PS.!...| +000001d0 b9 3c cf 59 19 c7 c8 b6 ef d7 4f e5 ea 5e bc 67 |.<.Y......O..^.g| +000001e0 00 47 97 50 85 15 54 19 eb de b8 11 0e 39 9a b0 |.G.P..T......9..| +000001f0 be cd db d9 53 88 9c 78 e8 b9 5e 12 4b 30 63 d5 |....S..x..^.K0c.| +00000200 eb 48 d1 d4 95 94 58 61 9c 53 ad 97 bd 45 3a 09 |.H....Xa.S...E:.| +00000210 d0 83 a7 ba 8c 64 87 42 b7 e1 fa 1b 32 58 8b de |.....d.B....2X..| +00000220 70 34 34 6d fb 0f a0 27 c3 8b 69 61 43 30 24 b2 |p44m...'..iaC0$.| +00000230 32 4b ca 6c 0b ea f7 4b df e5 5f 3d 06 ea 0d 31 |2K.l...K.._=...1| +00000240 4a c6 19 44 61 a1 5b 45 ee 9b ea 69 42 8f 35 86 |J..Da.[E...iB.5.| +00000250 09 c7 83 51 32 e6 7b 45 bb fb 11 1f 4d 3f b8 10 |...Q2.{E....M?..| +00000260 6a 0c 52 4c fd 20 62 0f 75 26 8a 65 67 e9 7e 56 |j.RL. b.u&.eg.~V| +00000270 f4 ed 01 67 9e 27 0d 39 98 b4 97 44 50 f6 26 11 |...g.'.9...DP.&.| +00000280 3c e4 40 17 5c f1 eb 85 1f 13 f9 8d 22 66 2d 2e |<.@.\......."f-.| +00000290 3b f8 eb 08 7d df f6 ba 7b ec 15 34 04 e2 6d aa |;...}...{..4..m.| +000002a0 e2 1c 5a e6 e8 4f 00 0c 07 1b dd 6e 07 03 ed 6d |..Z..O.....n...m| +000002b0 df c0 7d ed 05 84 bb ad 0c 1f df 8b 8d 0a ad 33 |..}............3| +000002c0 90 38 44 db 8a 32 9f 9d b3 ae 2e 92 d6 ab d3 25 |.8D..2.........%| +000002d0 12 32 2d 6e a9 17 0d c9 f9 79 25 17 f0 62 1b 91 |.2-n.....y%..b..| +000002e0 ad d5 2d ec 0d ea cd c4 86 77 04 92 ab a8 8d ea |..-......w......| +000002f0 ce fc 13 7b a0 ca 32 96 50 49 99 dd 25 d7 73 93 |...{..2.PI..%.s.| +00000300 f2 00 72 ca 31 07 fd 7e 12 8a 8b 76 51 4e fe 30 |..r.1..~...vQN.0| +00000310 4d 5c 65 17 03 03 00 99 5b 19 25 c3 5a 4d f0 bd |M\e.....[.%.ZM..| +00000320 71 0e 48 63 61 bb 55 6b d3 26 81 25 cf ea 45 e6 |q.Hca.Uk.&.%..E.| +00000330 52 e4 4e c9 5a a8 c2 e2 72 97 51 8a 38 c6 8d 27 |R.N.Z...r.Q.8..'| +00000340 8d df 09 ce 37 87 a6 41 cb c4 bd 6d 19 ef 56 1a |....7..A...m..V.| +00000350 e8 79 df ad 76 9e a6 92 e3 da b3 a6 0d 9f 6f 6f |.y..v.........oo| +00000360 3f 76 0b 62 b4 cf 2c 5b 24 65 bd c1 90 bb 88 ec |?v.b..,[$e......| +00000370 8b 0c 7d 6b 42 38 26 78 62 5c b0 21 74 95 5f fe |..}kB8&xb\.!t._.| +00000380 68 7d 31 8c 5f f5 dc a4 f0 23 6b 75 be 70 ea b3 |h}1._....#ku.p..| +00000390 19 cc 83 9b 8a f6 cb cc 04 2e 66 b5 77 bb 11 68 |..........f.w..h| +000003a0 56 85 0c b1 b8 b1 4e ed ca bd ea 3c 91 38 8a 63 |V.....N....<.8.c| +000003b0 f3 17 03 03 00 35 06 2f 99 10 0c 41 cf 70 d2 aa |.....5./...A.p..| +000003c0 f9 74 e7 3a cb bb 77 1c e6 5c bf f9 3f 02 df af |.t.:..w..\..?...| +000003d0 ba 08 fa f7 42 60 ad de 65 62 2e 54 5f 35 90 4f |....B`..eb.T_5.O| +000003e0 9c b1 34 3d 5d f5 6e 04 d8 5a 50 |..4=].n..ZP| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 7e dc fc 3f 66 |..........5~..?f| +00000010 cb ed 57 e3 5c 83 19 22 31 18 cb eb d5 b8 d2 3c |..W.\.."1......<| +00000020 6c 10 1f be 5c 04 cf 88 6b ec 04 3d aa 0d 15 68 |l...\...k..=...h| +00000030 e4 42 bb c9 86 12 ef f7 90 c4 f5 41 39 56 62 d0 |.B.........A9Vb.| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e ee b9 1c 7b 56 61 76 91 40 90 11 |........{Vav.@..| +00000010 61 4a 0c 46 60 e2 c1 a7 dd 0c a1 0d da 65 98 3e |aJ.F`........e.>| +00000020 30 62 98 17 03 03 00 13 27 7a 29 e5 53 f1 9b 41 |0b......'z).S..A| +00000030 7a 19 ec cd 29 0e 04 57 90 59 7e |z...)..W.Y~| diff --git a/tls/testdata/Server-TLSv13-X25519 b/tls/testdata/Server-TLSv13-X25519 new file mode 100644 index 00000000..0160c5ae --- /dev/null +++ b/tls/testdata/Server-TLSv13-X25519 @@ -0,0 +1,98 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 c2 01 00 00 be 03 03 cb 53 78 a8 58 |............Sx.X| +00000010 de 5b 75 c2 c5 b3 ac fa c3 6e 85 a7 e5 a3 a4 ca |.[u......n......| +00000020 1f 82 95 38 fa 79 4c e2 c8 66 8a 20 be 7a 94 d6 |...8.yL..f. .z..| +00000030 f4 82 e2 2f 3b 2c e4 5f ae c2 8b be d1 2f b6 67 |.../;,._...../.g| +00000040 9e 78 7a 51 86 1f c1 d9 8f 43 2f 78 00 04 13 03 |.xzQ.....C/x....| +00000050 00 ff 01 00 00 71 00 0b 00 04 03 00 01 02 00 0a |.....q..........| +00000060 00 04 00 02 00 1d 00 16 00 00 00 17 00 00 00 0d |................| +00000070 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 |................| +00000080 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 |................| +00000090 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 |.+......-.....3.| +000000a0 26 00 24 00 1d 00 20 7f 3e a2 2e 2f 88 8a e1 f3 |&.$... .>../....| +000000b0 6a a4 47 d7 6d b7 3c 02 c4 bb f6 de 41 38 50 74 |j.G.m.<.....A8Pt| +000000c0 29 21 f5 fe 9f 0b 6f |)!....o| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 be 7a 94 d6 |........... .z..| +00000030 f4 82 e2 2f 3b 2c e4 5f ae c2 8b be d1 2f b6 67 |.../;,._...../.g| +00000040 9e 78 7a 51 86 1f c1 d9 8f 43 2f 78 13 03 00 00 |.xzQ.....C/x....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 fb 0e 8b 72 0d 35 |.............r.5| +00000090 97 db e2 2e b8 20 be 96 27 6b cd ab 6b 24 5b c4 |..... ..'k..k$[.| +000000a0 e9 17 03 03 02 6d 3a 21 03 ea 45 e9 4e f1 19 1e |.....m:!..E.N...| +000000b0 33 37 04 5b 3e db 54 f0 27 6f c7 96 78 50 01 46 |37.[>.T.'o..xP.F| +000000c0 d1 8b 8f 79 70 21 9d 62 97 b9 bf 6d 14 e5 82 f4 |...yp!.b...m....| +000000d0 ad 89 90 77 12 1f 61 8e 1d 94 d3 27 0f 0e eb 77 |...w..a....'...w| +000000e0 8d b2 2f fb 58 b4 ee 88 19 91 47 d1 3d 10 9e 4a |../.X.....G.=..J| +000000f0 1e 41 b9 c6 41 8f 59 11 7f e0 ac e7 b9 d5 be 40 |.A..A.Y........@| +00000100 cc aa bc ab 56 5a 2b a9 c9 cf df c0 dc 8f d2 9d |....VZ+.........| +00000110 59 a7 88 36 98 2e 87 c6 1d af 26 a1 e8 08 2d bd |Y..6......&...-.| +00000120 9b 5b 1c 4e 22 d2 a1 7c 4d 0b 0f af da 5d fe f7 |.[.N"..|M....]..| +00000130 83 4d f6 54 c1 fe 03 73 6d c9 17 02 6b 78 09 91 |.M.T...sm...kx..| +00000140 aa 61 9a 93 04 66 fa 6b e8 2e d7 18 d2 4d 6e 25 |.a...f.k.....Mn%| +00000150 c3 01 2f a5 0e 1b da a1 64 67 e5 a5 c0 5b ef ec |../.....dg...[..| +00000160 83 5a d3 0e 44 b7 d5 97 9c c7 c4 94 b4 4b 01 e6 |.Z..D........K..| +00000170 48 28 21 cb 04 10 be b0 3b 53 df 15 47 12 67 ea |H(!.....;S..G.g.| +00000180 24 65 a1 ce 0b af 05 5b c9 95 bf 28 2e 55 3c 21 |$e.....[...(.UT.,..?.......| +000002b0 71 6a d6 0f 53 5e ea 92 53 e3 dd 96 be 38 61 74 |qj..S^..S....8at| +000002c0 5d 74 ac c4 8c 72 c6 82 dc f4 22 fb 5c 64 0f 33 |]t...r....".\d.3| +000002d0 b3 31 a1 a9 e0 6d 96 14 0b e1 00 7d 42 44 45 02 |.1...m.....}BDE.| +000002e0 42 63 a1 15 14 73 b6 e4 18 a7 30 9e e0 df a9 ba |Bc...s....0.....| +000002f0 44 72 64 ea 06 a4 a1 46 58 07 b1 a8 48 dc ea 73 |Drd....FX...H..s| +00000300 35 d8 98 de 6c 13 93 bb 7a 64 fb df bf 93 cb 65 |5...l...zd.....e| +00000310 a4 1a 3a 17 03 03 00 99 41 8d 8b b5 97 ae 6a fb |..:.....A.....j.| +00000320 28 ae 10 17 a7 a7 bd a2 a2 54 61 33 ea 5c 3d 82 |(........Ta3.\=.| +00000330 6c 7d fe 3e 3b 6f 92 6b 6a 0a ee fe 85 90 67 59 |l}.>;o.kj.....gY| +00000340 df d9 fc c0 4a 9a 5b ae 57 29 5d fb ff 74 28 f1 |....J.[.W)]..t(.| +00000350 27 f4 ab ee f9 e8 04 cf 2b 62 4d a8 6a 4f ac 85 |'.......+bM.jO..| +00000360 ec a5 18 d7 88 74 9e 3e ea 79 8e 5d df f8 8a 1c |.....t.>.y.]....| +00000370 10 1b 1d d3 4a cf 2a 56 f2 ca 90 1f 37 2c cc b7 |....J.*V....7,..| +00000380 31 91 fb d7 7f bb 07 e2 ec 84 8a 6f 08 a1 7e 2e |1..........o..~.| +00000390 62 8a 5c b9 76 d3 68 e5 d0 b8 73 92 86 80 e5 af |b.\.v.h...s.....| +000003a0 b4 ef 13 ea 3c 09 2a 3f 7e be 16 72 1c 46 a0 29 |....<.*?~..r.F.)| +000003b0 0a 17 03 03 00 35 a7 10 63 c4 a1 7f 26 17 ba b7 |.....5..c...&...| +000003c0 e3 86 6e 52 36 00 8e 68 84 dc 51 8d a6 0c 21 ba |..nR6..h..Q...!.| +000003d0 c3 d9 84 49 ed 57 78 98 68 be 78 a6 d1 f0 67 ac |...I.Wx.h.x...g.| +000003e0 65 9e d2 d8 f3 b9 58 27 24 57 83 17 03 03 00 93 |e.....X'$W......| +000003f0 00 54 de 7f 11 18 1d 12 83 10 77 b2 e9 fd a7 a4 |.T........w.....| +00000400 46 c4 1c 15 0d 24 e0 94 f8 ff 84 19 45 ad 52 c8 |F....$......E.R.| +00000410 85 0b c5 4a a7 6d a1 b0 12 cb 13 58 f6 44 a3 e2 |...J.m.....X.D..| +00000420 b8 7a b5 8c 8f 8a 47 76 ef cb 2d 7b 6e 75 81 39 |.z....Gv..-{nu.9| +00000430 3e 12 e8 b5 c6 2d cb e0 fd ac af 58 5a 01 70 32 |>....-.....XZ.p2| +00000440 0e 12 32 95 10 70 94 28 ec 9b 50 e5 78 c4 b7 75 |..2..p.(..P.x..u| +00000450 97 4a 54 97 bb 30 e6 19 8a 86 87 d7 50 02 8f a8 |.JT..0......P...| +00000460 1b 97 d6 e7 bf 25 66 9a 5a cd 5c 84 33 42 f1 72 |.....%f.Z.\.3B.r| +00000470 d2 44 f1 64 e1 3d 38 b7 7a 32 e3 e8 9a 49 19 90 |.D.d.=8.z2...I..| +00000480 00 2b f6 |.+.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 9d c7 a1 4d 5f |..........5...M_| +00000010 7f 3a 04 b0 cf de 09 d5 84 c1 8f 9b 85 a6 a0 53 |.:.............S| +00000020 c3 aa 19 5e a0 b2 a2 f1 22 f2 51 e0 25 c5 49 57 |...^....".Q.%.IW| +00000030 52 de ad 75 ec e4 e3 36 84 78 22 c8 6c 80 88 8c |R..u...6.x".l...| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 3f 0d f6 84 47 21 4e 37 7b df eb |.....?...G!N7{..| +00000010 eb 38 af a5 ec b9 b6 20 24 f5 1a 1e 25 77 92 82 |.8..... $...%w..| +00000020 97 88 9f 17 03 03 00 13 e2 80 d8 e1 2a bf d5 e3 |............*...| +00000030 bc b7 82 2f 50 2c e5 b9 4b 8c d6 |.../P,..K..| diff --git a/tls/testdata/example-cert.pem b/tls/testdata/example-cert.pem new file mode 100644 index 00000000..e0bf7db5 --- /dev/null +++ b/tls/testdata/example-cert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw +DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow +EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d +7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B +5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr +BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 +NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l +Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc +6MF9+Yw1Yy0t +-----END CERTIFICATE----- diff --git a/tls/testdata/example-key.pem b/tls/testdata/example-key.pem new file mode 100644 index 00000000..104fb099 --- /dev/null +++ b/tls/testdata/example-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49 +AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q +EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA== +-----END EC PRIVATE KEY----- diff --git a/tls/ticket.go b/tls/ticket.go index 643fe1d0..6c1d20da 100644 --- a/tls/ticket.go +++ b/tls/ticket.go @@ -13,161 +13,160 @@ import ( "crypto/subtle" "errors" "io" + + "golang.org/x/crypto/cryptobyte" ) // sessionState contains the information that is serialized into a session // ticket in order to later resume a connection. type sessionState struct { - vers uint16 - cipherSuite uint16 - masterSecret []byte - certificates [][]byte - extendedMasterSecret bool + vers uint16 + cipherSuite uint16 + createdAt uint64 + masterSecret []byte // opaque master_secret<1..2^16-1>; + // struct { opaque certificate<1..2^24-1> } Certificate; + certificates [][]byte // Certificate certificate_list<0..2^24-1>; + + // usedOldKey is true if the ticket from which this session came from + // was encrypted with an older key and thus should be refreshed. + usedOldKey bool } -func (s *sessionState) equal(i interface{}) bool { - s1, ok := i.(*sessionState) - if !ok { - return false - } +func (m *sessionState) marshal() []byte { + var b cryptobyte.Builder + b.AddUint16(m.vers) + b.AddUint16(m.cipherSuite) + addUint64(&b, m.createdAt) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.masterSecret) + }) + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + for _, cert := range m.certificates { + b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(cert) + }) + } + }) + return b.BytesOrPanic() +} - if s.vers != s1.vers || - s.cipherSuite != s1.cipherSuite || - !bytes.Equal(s.masterSecret, s1.masterSecret) || - s.extendedMasterSecret != s1.extendedMasterSecret { +func (m *sessionState) unmarshal(data []byte) bool { + *m = sessionState{usedOldKey: m.usedOldKey} + s := cryptobyte.String(data) + if ok := s.ReadUint16(&m.vers) && + s.ReadUint16(&m.cipherSuite) && + readUint64(&s, &m.createdAt) && + readUint16LengthPrefixed(&s, &m.masterSecret) && + len(m.masterSecret) != 0; !ok { return false } - - if len(s.certificates) != len(s1.certificates) { + var certList cryptobyte.String + if !s.ReadUint24LengthPrefixed(&certList) { return false } - - for i := range s.certificates { - if !bytes.Equal(s.certificates[i], s1.certificates[i]) { + for !certList.Empty() { + var cert []byte + if !readUint24LengthPrefixed(&certList, &cert) { return false } + m.certificates = append(m.certificates, cert) } - - return true + return s.Empty() } -func (s *sessionState) marshal() []byte { - length := 2 + 2 + 2 + len(s.masterSecret) + 2 - for _, cert := range s.certificates { - length += 4 + len(cert) - } - - ret := make([]byte, length) - x := ret - x[0] = byte(s.vers >> 8) - x[1] = byte(s.vers) - x[2] = byte(s.cipherSuite >> 8) - x[3] = byte(s.cipherSuite) - x[4] = byte(len(s.masterSecret) >> 8) - x[5] = byte(len(s.masterSecret)) - x = x[6:] - copy(x, s.masterSecret) - x = x[len(s.masterSecret):] - - x[0] = byte(len(s.certificates) >> 8) - x[1] = byte(len(s.certificates)) - x = x[2:] - - for _, cert := range s.certificates { - x[0] = byte(len(cert) >> 24) - x[1] = byte(len(cert) >> 16) - x[2] = byte(len(cert) >> 8) - x[3] = byte(len(cert)) - copy(x[4:], cert) - x = x[4+len(cert):] - } - - if s.extendedMasterSecret { - x[0] = 1 - } - - return ret +// sessionStateTLS13 is the content of a TLS 1.3 session ticket. Its first +// version (revision = 0) doesn't carry any of the information needed for 0-RTT +// validation and the nonce is always empty. +type sessionStateTLS13 struct { + // uint8 version = 0x0304; + // uint8 revision = 0; + cipherSuite uint16 + createdAt uint64 + resumptionSecret []byte // opaque resumption_master_secret<1..2^8-1>; + certificate Certificate // CertificateEntry certificate_list<0..2^24-1>; } -func (s *sessionState) unmarshal(data []byte) bool { - if len(data) < 8 { - return false - } - - s.vers = uint16(data[0])<<8 | uint16(data[1]) - s.cipherSuite = uint16(data[2])<<8 | uint16(data[3]) - masterSecretLen := int(data[4])<<8 | int(data[5]) - data = data[6:] - if len(data) < masterSecretLen { - return false - } - - s.masterSecret = data[:masterSecretLen] - data = data[masterSecretLen:] - - if len(data) < 2 { - return false - } - - numCerts := int(data[0])<<8 | int(data[1]) - data = data[2:] +func (m *sessionStateTLS13) marshal() []byte { + var b cryptobyte.Builder + b.AddUint16(VersionTLS13) + b.AddUint8(0) // revision + b.AddUint16(m.cipherSuite) + addUint64(&b, m.createdAt) + b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(m.resumptionSecret) + }) + marshalCertificate(&b, m.certificate) + return b.BytesOrPanic() +} - s.certificates = make([][]byte, numCerts) - for i := range s.certificates { - if len(data) < 4 { - return false - } - certLen := int(data[0])<<24 | int(data[1])<<16 | int(data[2])<<8 | int(data[3]) - data = data[4:] - if certLen < 0 { - return false - } - if len(data) < certLen { - return false - } - s.certificates[i] = data[:certLen] - data = data[certLen:] - } +func (m *sessionStateTLS13) unmarshal(data []byte) bool { + *m = sessionStateTLS13{} + s := cryptobyte.String(data) + var version uint16 + var revision uint8 + return s.ReadUint16(&version) && + version == VersionTLS13 && + s.ReadUint8(&revision) && + revision == 0 && + s.ReadUint16(&m.cipherSuite) && + readUint64(&s, &m.createdAt) && + readUint8LengthPrefixed(&s, &m.resumptionSecret) && + len(m.resumptionSecret) != 0 && + unmarshalCertificate(&s, &m.certificate) && + s.Empty() +} - if len(data) > 0 { - return false +func (c *Conn) encryptTicket(state []byte) ([]byte, error) { + if len(c.ticketKeys) == 0 { + return nil, errors.New("tls: internal error: session ticket keys unavailable") } - return true -} - -func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) { - serialized := state.marshal() - encrypted := make([]byte, aes.BlockSize+len(serialized)+sha256.Size) - iv := encrypted[:aes.BlockSize] + encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(state)+sha256.Size) + keyName := encrypted[:ticketKeyNameLen] + iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize] macBytes := encrypted[len(encrypted)-sha256.Size:] if _, err := io.ReadFull(c.config.rand(), iv); err != nil { return nil, err } - block, err := aes.NewCipher(c.config.SessionTicketKey[:16]) + key := c.ticketKeys[0] + copy(keyName, key.keyName[:]) + block, err := aes.NewCipher(key.aesKey[:]) if err != nil { return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error()) } - cipher.NewCTR(block, iv).XORKeyStream(encrypted[aes.BlockSize:], serialized) + cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], state) - mac := hmac.New(sha256.New, c.config.SessionTicketKey[16:32]) + mac := hmac.New(sha256.New, key.hmacKey[:]) mac.Write(encrypted[:len(encrypted)-sha256.Size]) mac.Sum(macBytes[:0]) return encrypted, nil } -func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) { - if c.config.SessionTicketsDisabled || - len(encrypted) < aes.BlockSize+sha256.Size { +func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey bool) { + if len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size { return nil, false } - iv := encrypted[:aes.BlockSize] + keyName := encrypted[:ticketKeyNameLen] + iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize] macBytes := encrypted[len(encrypted)-sha256.Size:] + ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size] + + keyIndex := -1 + for i, candidateKey := range c.ticketKeys { + if bytes.Equal(keyName, candidateKey.keyName[:]) { + keyIndex = i + break + } + } + if keyIndex == -1 { + return nil, false + } + key := &c.ticketKeys[keyIndex] - mac := hmac.New(sha256.New, c.config.SessionTicketKey[16:32]) + mac := hmac.New(sha256.New, key.hmacKey[:]) mac.Write(encrypted[:len(encrypted)-sha256.Size]) expected := mac.Sum(nil) @@ -175,15 +174,12 @@ func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) { return nil, false } - block, err := aes.NewCipher(c.config.SessionTicketKey[:16]) + block, err := aes.NewCipher(key.aesKey[:]) if err != nil { return nil, false } - ciphertext := encrypted[aes.BlockSize : len(encrypted)-sha256.Size] - plaintext := ciphertext + plaintext = make([]byte, len(ciphertext)) cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext) - state := new(sessionState) - ok := state.unmarshal(plaintext) - return state, ok + return plaintext, keyIndex > 0 } diff --git a/tls/tls.go b/tls/tls.go index 925eee98..9dc6232a 100644 --- a/tls/tls.go +++ b/tls/tls.go @@ -2,17 +2,27 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package tls partially implements TLS 1.2, as specified in RFC 5246. +// Package tls partially implements TLS 1.2, as specified in RFC 5246, +// and TLS 1.3, as specified in RFC 8446. package tls +// BUG(agl): The crypto/tls package only implements some countermeasures +// against Lucky13 attacks on CBC-mode encryption, and only on SHA1 +// variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and +// https://www.imperialviolet.org/2013/02/04/luckythirteen.html. + import ( + "bytes" + "context" "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "encoding/pem" "errors" - "io/ioutil" + "fmt" "net" + "os" "strings" "time" @@ -21,10 +31,15 @@ import ( // Server returns a new TLS server side connection // using conn as the underlying transport. -// The configuration config must be non-nil and must have -// at least one certificate. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. func Server(conn net.Conn, config *Config) *Conn { - return &Conn{conn: conn, config: config} + c := &Conn{ + conn: conn, + config: config, + } + c.handshakeFn = c.serverHandshake + return c } // Client returns a new TLS client side connection @@ -32,7 +47,13 @@ func Server(conn net.Conn, config *Config) *Conn { // The config cannot be nil: users must set either ServerName or // InsecureSkipVerify in the config. func Client(conn net.Conn, config *Config) *Conn { - return &Conn{conn: conn, config: config, isClient: true} + c := &Conn{ + conn: conn, + config: config, + isClient: true, + } + c.handshakeFn = c.clientHandshake + return c } // A listener implements a network listener (net.Listener) for TLS connections. @@ -42,20 +63,19 @@ type listener struct { } // Accept waits for and returns the next incoming TLS connection. -// The returned connection c is a *tls.Conn. -func (l *listener) Accept() (c net.Conn, err error) { - c, err = l.Listener.Accept() +// The returned connection is of type *Conn. +func (l *listener) Accept() (net.Conn, error) { + c, err := l.Listener.Accept() if err != nil { - return + return nil, err } - c = Server(c, l.config) - return + return Server(c, l.config), nil } // NewListener creates a Listener which accepts connections from an inner // Listener and wraps each connection with Server. -// The configuration config must be non-nil and must have -// at least one certificate. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. func NewListener(inner net.Listener, config *Config) net.Listener { l := new(listener) l.Listener = inner @@ -65,11 +85,12 @@ func NewListener(inner net.Listener, config *Config) net.Listener { // Listen creates a TLS listener accepting connections on the // given network address using net.Listen. -// The configuration config must be non-nil and must have -// at least one certificate. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. func Listen(network, laddr string, config *Config) (net.Listener, error) { - if config == nil || len(config.Certificates) == 0 { - return nil, errors.New("tls.Listen: no certificates in configuration") + if config == nil || len(config.Certificates) == 0 && + config.GetCertificate == nil && config.GetConfigForClient == nil { + return nil, errors.New("tls: neither Certificates, GetCertificate, nor GetConfigForClient set in Config") } l, err := net.Listen(network, laddr) if err != nil { @@ -92,28 +113,35 @@ func (timeoutError) Temporary() bool { return true } // DialWithDialer interprets a nil configuration as equivalent to the zero // configuration; see the documentation of Config for the defaults. func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) { + return dial(context.Background(), dialer, network, addr, config) +} + +func dial(ctx context.Context, netDialer *net.Dialer, network, addr string, config *Config) (*Conn, error) { // We want the Timeout and Deadline values from dialer to cover the // whole process: TCP connection and TLS handshake. This means that we // also need to start our own timers now. - timeout := dialer.Timeout + timeout := netDialer.Timeout - if !dialer.Deadline.IsZero() { - deadlineTimeout := dialer.Deadline.Sub(time.Now()) + if !netDialer.Deadline.IsZero() { + deadlineTimeout := time.Until(netDialer.Deadline) if timeout == 0 || deadlineTimeout < timeout { timeout = deadlineTimeout } } - var errChannel chan error - + // hsErrCh is non-nil if we might not wait for Handshake to complete. + var hsErrCh chan error + if timeout != 0 || ctx.Done() != nil { + hsErrCh = make(chan error, 2) + } if timeout != 0 { - errChannel = make(chan error, 2) - time.AfterFunc(timeout, func() { - errChannel <- timeoutError{} + timer := time.AfterFunc(timeout, func() { + hsErrCh <- timeoutError{} }) + defer timer.Stop() } - rawConn, err := dialer.Dial(network, addr) + rawConn, err := netDialer.DialContext(ctx, network, addr) if err != nil { return nil, err } @@ -131,21 +159,33 @@ func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (* // from the hostname we're connecting to. if config.ServerName == "" { // Make a copy to avoid polluting argument or default. - c := *config + c := config.Clone() c.ServerName = hostname - config = &c + config = c } conn := Client(rawConn, config) - if timeout == 0 { + if hsErrCh == nil { err = conn.Handshake() } else { go func() { - errChannel <- conn.Handshake() + hsErrCh <- conn.Handshake() }() - err = <-errChannel + select { + case <-ctx.Done(): + err = ctx.Err() + case err = <-hsErrCh: + if err != nil { + // If the error was due to the context + // closing, prefer the context's error, rather + // than some random network teardown error. + if e := ctx.Err(); e != nil { + err = e + } + } + } } if err != nil { @@ -166,106 +206,175 @@ func Dial(network, addr string, config *Config) (*Conn, error) { return DialWithDialer(new(net.Dialer), network, addr, config) } -// LoadX509KeyPair reads and parses a public/private key pair from a pair of -// files. The files must contain PEM encoded data. -func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error) { - certPEMBlock, err := ioutil.ReadFile(certFile) +// Dialer dials TLS connections given a configuration and a Dialer for the +// underlying connection. +type Dialer struct { + // NetDialer is the optional dialer to use for the TLS connections' + // underlying TCP connections. + // A nil NetDialer is equivalent to the net.Dialer zero value. + NetDialer *net.Dialer + + // Config is the TLS configuration to use for new connections. + // A nil configuration is equivalent to the zero + // configuration; see the documentation of Config for the + // defaults. + Config *Config +} + +// Dial connects to the given network address and initiates a TLS +// handshake, returning the resulting TLS connection. +// +// The returned Conn, if any, will always be of type *Conn. +func (d *Dialer) Dial(network, addr string) (net.Conn, error) { + return d.DialContext(context.Background(), network, addr) +} + +func (d *Dialer) netDialer() *net.Dialer { + if d.NetDialer != nil { + return d.NetDialer + } + return new(net.Dialer) +} + +// DialContext connects to the given network address and initiates a TLS +// handshake, returning the resulting TLS connection. +// +// The provided Context must be non-nil. If the context expires before +// the connection is complete, an error is returned. Once successfully +// connected, any expiration of the context will not affect the +// connection. +// +// The returned Conn, if any, will always be of type *Conn. +func (d *Dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) { + c, err := dial(ctx, d.netDialer(), network, addr, d.Config) + if err != nil { + // Don't return c (a typed nil) in an interface. + return nil, err + } + return c, nil +} + +// LoadX509KeyPair reads and parses a public/private key pair from a pair +// of files. The files must contain PEM encoded data. The certificate file +// may contain intermediate certificates following the leaf certificate to +// form a certificate chain. On successful return, Certificate.Leaf will +// be nil because the parsed form of the certificate is not retained. +func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) { + certPEMBlock, err := os.ReadFile(certFile) if err != nil { - return + return Certificate{}, err } - keyPEMBlock, err := ioutil.ReadFile(keyFile) + keyPEMBlock, err := os.ReadFile(keyFile) if err != nil { - return + return Certificate{}, err } return X509KeyPair(certPEMBlock, keyPEMBlock) } // X509KeyPair parses a public/private key pair from a pair of -// PEM encoded data. -func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) { - var certDERBlock *pem.Block +// PEM encoded data. On successful return, Certificate.Leaf will be nil because +// the parsed form of the certificate is not retained. +func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) { + fail := func(err error) (Certificate, error) { return Certificate{}, err } + + var cert Certificate + var skippedBlockTypes []string for { + var certDERBlock *pem.Block certDERBlock, certPEMBlock = pem.Decode(certPEMBlock) if certDERBlock == nil { break } if certDERBlock.Type == "CERTIFICATE" { cert.Certificate = append(cert.Certificate, certDERBlock.Bytes) + } else { + skippedBlockTypes = append(skippedBlockTypes, certDERBlock.Type) } } if len(cert.Certificate) == 0 { - err = errors.New("crypto/tls: failed to parse certificate PEM data") - return + if len(skippedBlockTypes) == 0 { + return fail(errors.New("tls: failed to find any PEM data in certificate input")) + } + if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") { + return fail(errors.New("tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched")) + } + return fail(fmt.Errorf("tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) } + skippedBlockTypes = skippedBlockTypes[:0] var keyDERBlock *pem.Block for { keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock) if keyDERBlock == nil { - err = errors.New("crypto/tls: failed to parse key PEM data") - return + if len(skippedBlockTypes) == 0 { + return fail(errors.New("tls: failed to find any PEM data in key input")) + } + if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" { + return fail(errors.New("tls: found a certificate rather than a key in the PEM for the private key")) + } + return fail(fmt.Errorf("tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) } if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { break } - } - - cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) - if err != nil { - return + skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) } // We don't need to parse the public key for TLS, but we so do anyway // to check that it looks sane and matches the private key. x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) if err != nil { - return + return fail(err) + } + + cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) + if err != nil { + return fail(err) } switch pub := x509Cert.PublicKey.(type) { case *rsa.PublicKey: priv, ok := cert.PrivateKey.(*rsa.PrivateKey) if !ok { - err = errors.New("crypto/tls: private key type does not match public key type") - return + return fail(errors.New("tls: private key type does not match public key type")) } if pub.N.Cmp(priv.N) != 0 { - err = errors.New("crypto/tls: private key does not match public key") - return + return fail(errors.New("tls: private key does not match public key")) } case *x509.AugmentedECDSA: priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey) if !ok { - err = errors.New("crypto/tls: private key type does not match pub.Public key type") - return - + return fail(errors.New("tls: private key type does not match pub.Public key type")) } if pub.Pub.X.Cmp(priv.X) != 0 || pub.Pub.Y.Cmp(priv.Y) != 0 { - err = errors.New("crypto/tls: private key does not match pub.Public key") - return + return fail(errors.New("tls: private key does not match pub.Public key")) } case *ecdsa.PublicKey: priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey) if !ok { - err = errors.New("crypto/tls: private key type does not match public key type") - return - + return fail(errors.New("tls: private key type does not match public key type")) } if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 { - err = errors.New("crypto/tls: private key does not match public key") - return + return fail(errors.New("tls: private key does not match public key")) + } + case ed25519.PublicKey: + priv, ok := cert.PrivateKey.(ed25519.PrivateKey) + if !ok { + return fail(errors.New("tls: private key type does not match public key type")) + } + if !bytes.Equal(priv.Public().(ed25519.PublicKey), pub) { + return fail(errors.New("tls: private key does not match public key")) } default: - err = errors.New("crypto/tls: unknown public key algorithm") - return + return fail(errors.New("tls: unknown public key algorithm")) } - return + return cert, nil } // Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates -// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. +// PKCS #1 private keys by default, while OpenSSL 1.0.0 generates PKCS #8 keys. // OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three. func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { if key, err := x509.ParsePKCS1PrivateKey(der); err == nil { @@ -273,15 +382,15 @@ func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { } if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { switch key := key.(type) { - case *rsa.PrivateKey, *ecdsa.PrivateKey: + case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey: return key, nil default: - return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping") + return nil, errors.New("tls: found unknown private key type in PKCS#8 wrapping") } } if key, err := x509.ParseECPrivateKey(der); err == nil { return key, nil } - return nil, errors.New("crypto/tls: failed to parse private key") + return nil, errors.New("tls: failed to parse private key") } diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index e124a6ad..c6973f96 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -5,210 +5,14 @@ package tls import ( - "bytes" "encoding/hex" "encoding/json" - "errors" "fmt" "strings" - - jsonKeys "github.com/zmap/zcrypto/json" - "github.com/zmap/zcrypto/x509" - "github.com/zmap/zcrypto/x509/ct" ) -var ErrUnimplementedCipher error = errors.New("unimplemented cipher suite") -var ErrNoMutualCipher error = errors.New("no mutual cipher suite") - type TLSVersion uint16 -type CipherSuite uint16 - -type ClientHello struct { - Version TLSVersion `json:"version"` - Random []byte `json:"random"` - SessionID []byte `json:"session_id,omitempty"` - CipherSuites []CipherSuite `json:"cipher_suites"` - CompressionMethods []CompressionMethod `json:"compression_methods"` - OcspStapling bool `json:"ocsp_stapling"` - TicketSupported bool `json:"ticket"` - SecureRenegotiation bool `json:"secure_renegotiation"` - HeartbeatSupported bool `json:"heartbeat"` - ExtendedRandom []byte `json:"extended_random,omitempty"` - ExtendedMasterSecret bool `json:"extended_master_secret"` - NextProtoNeg bool `json:"next_protocol_negotiation"` - ServerName string `json:"server_name,omitempty"` - Scts bool `json:"scts"` - SupportedCurves []CurveID `json:"supported_curves,omitempty"` - SupportedPoints []PointFormat `json:"supported_point_formats,omitempty"` - SessionTicket *SessionTicket `json:"session_ticket,omitempty"` - SignatureAndHashes []SignatureAndHash `json:"signature_and_hashes,omitempty"` - SctEnabled bool `json:"sct_enabled"` - AlpnProtocols []string `json:"alpn_protocols,omitempty"` - UnknownExtensions [][]byte `json:"unknown_extensions,omitempty"` -} - -type ParsedAndRawSCT struct { - Raw []byte `json:"raw,omitempty"` - Parsed *ct.SignedCertificateTimestamp `json:"parsed,omitempty"` -} - -type ServerHello struct { - Version TLSVersion `json:"version"` - Random []byte `json:"random"` - SessionID []byte `json:"session_id"` - CipherSuite CipherSuite `json:"cipher_suite"` - // TODO FIXME: Why is this a raw uint8, not a CompressionMethod? - CompressionMethod uint8 `json:"compression_method"` - OcspStapling bool `json:"ocsp_stapling"` - TicketSupported bool `json:"ticket"` - SecureRenegotiation bool `json:"secure_renegotiation"` - HeartbeatSupported bool `json:"heartbeat"` - ExtendedRandom []byte `json:"extended_random,omitempty"` - ExtendedMasterSecret bool `json:"extended_master_secret"` - SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` -} - -// SimpleCertificate holds a *x509.Certificate and a []byte for the certificate -type SimpleCertificate struct { - Raw []byte `json:"raw,omitempty"` - Parsed *x509.Certificate `json:"parsed,omitempty"` -} - -// Certificates represents a TLS certificates message in a format friendly to the golang JSON library. -// ValidationError should be non-nil whenever Valid is false. -type Certificates struct { - Certificate SimpleCertificate `json:"certificate,omitempty"` - Chain []SimpleCertificate `json:"chain,omitempty"` - Validation *x509.Validation `json:"validation,omitempty"` -} - -// ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message -type ServerKeyExchange struct { - Raw []byte `json:"-"` - RSAParams *jsonKeys.RSAPublicKey `json:"rsa_params,omitempty"` - DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` - ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` - Digest []byte `json:"digest,omitempty"` - Signature *DigitalSignature `json:"signature,omitempty"` - SignatureError string `json:"signature_error,omitempty"` -} - -// ClientKeyExchange represents the raw key data sent by the client in TLS key exchange message -type ClientKeyExchange struct { - Raw []byte `json:"-"` - RSAParams *jsonKeys.RSAClientParams `json:"rsa_params,omitempty"` - DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` - ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` -} - -// Finished represents a TLS Finished message -type Finished struct { - VerifyData []byte `json:"verify_data"` -} - -// SessionTicket represents the new session ticket sent by the server to the -// client -type SessionTicket struct { - Value []uint8 `json:"value,omitempty"` - Length int `json:"length,omitempty"` - LifetimeHint uint32 `json:"lifetime_hint,omitempty"` -} - -type MasterSecret struct { - Value []byte `json:"value,omitempty"` - Length int `json:"length,omitempty"` -} - -type PreMasterSecret struct { - Value []byte `json:"value,omitempty"` - Length int `json:"length,omitempty"` -} - -// KeyMaterial explicitly represent the cryptographic values negotiated by -// the client and server -type KeyMaterial struct { - MasterSecret *MasterSecret `json:"master_secret,omitempty"` - PreMasterSecret *PreMasterSecret `json:"pre_master_secret,omitempty"` -} - -// ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. -// It implements zgrab.EventData interface -type ServerHandshake struct { - ClientHello *ClientHello `json:"client_hello,omitempty" zgrab:"debug"` - ServerHello *ServerHello `json:"server_hello,omitempty"` - ServerCertificates *Certificates `json:"server_certificates,omitempty"` - ServerKeyExchange *ServerKeyExchange `json:"server_key_exchange,omitempty"` - ClientKeyExchange *ClientKeyExchange `json:"client_key_exchange,omitempty"` - ClientFinished *Finished `json:"client_finished,omitempty"` - SessionTicket *SessionTicket `json:"session_ticket,omitempty"` - ServerFinished *Finished `json:"server_finished,omitempty"` - KeyMaterial *KeyMaterial `json:"key_material,omitempty"` -} - -// MarshalJSON implements the json.Marshler interface -func (v *TLSVersion) MarshalJSON() ([]byte, error) { - aux := struct { - Name string `json:"name"` - Value int `json:"value"` - }{ - Name: v.String(), - Value: int(*v), - } - return json.Marshal(&aux) -} - -// UnmarshalJSON implements the json.Unmarshaler interface -func (v *TLSVersion) UnmarshalJSON(b []byte) error { - aux := struct { - Name string `json:"name"` - Value int `json:"value"` - }{} - if err := json.Unmarshal(b, &aux); err != nil { - return err - } - *v = TLSVersion(aux.Value) - if expectedName := v.String(); expectedName != aux.Name { - return fmt.Errorf("mismatched tls version and name: version: %d, name: %s, expected name: %s", aux.Value, aux.Name, expectedName) - } - return nil -} - -// MarshalJSON implements the json.Marshler interface -func (cs *CipherSuite) MarshalJSON() ([]byte, error) { - buf := make([]byte, 2) - buf[0] = byte(*cs >> 8) - buf[1] = byte(*cs) - enc := strings.ToUpper(hex.EncodeToString(buf)) - aux := struct { - Hex string `json:"hex"` - Name string `json:"name"` - Value int `json:"value"` - }{ - Hex: fmt.Sprintf("0x%s", enc), - Name: cs.String(), - Value: int(*cs), - } - return json.Marshal(&aux) -} - -// UnmarshalJSON implements the json.Unmarshaler interface -func (cs *CipherSuite) UnmarshalJSON(b []byte) error { - aux := struct { - Hex string `json:"hex"` - Name string `json:"name"` - Value uint16 `json:"value"` - }{} - if err := json.Unmarshal(b, &aux); err != nil { - return err - } - if expectedName := nameForSuite(aux.Value); expectedName != aux.Name { - return fmt.Errorf("mismatched cipher suite and name, suite: %d, name: %s, expected name: %s", aux.Value, aux.Name, expectedName) - } - *cs = CipherSuite(aux.Value) - return nil -} - type CompressionMethod uint8 func (cm *CompressionMethod) MarshalJSON() ([]byte, error) { @@ -243,271 +47,3 @@ func (cm *CompressionMethod) UnmarshalJSON(b []byte) error { *cm = CompressionMethod(aux.Value) return nil } - -func (c *Conn) GetHandshakeLog() *ServerHandshake { - return c.handshakeLog -} - -func (c *Conn) InCipher() (cipher interface{}) { - return c.in.cipher -} - -func (c *Conn) InSeq() []byte { - return c.in.seq[:] -} - -func (c *Conn) OutCipher() (cipher interface{}) { - return c.out.cipher -} - -func (c *Conn) OutSeq() []byte { - return c.out.seq[:] -} - -func (m *clientHelloMsg) MakeLog() *ClientHello { - ch := new(ClientHello) - - ch.Version = TLSVersion(m.vers) - - ch.Random = make([]byte, len(m.random)) - copy(ch.Random, m.random) - - ch.SessionID = make([]byte, len(m.sessionId)) - copy(ch.SessionID, m.sessionId) - - ch.CipherSuites = make([]CipherSuite, len(m.cipherSuites)) - for i, aCipher := range m.cipherSuites { - ch.CipherSuites[i] = CipherSuite(aCipher) - } - - ch.CompressionMethods = make([]CompressionMethod, len(m.compressionMethods)) - for i, aCompressMethod := range m.compressionMethods { - ch.CompressionMethods[i] = CompressionMethod(aCompressMethod) - } - - ch.OcspStapling = m.ocspStapling - ch.TicketSupported = m.ticketSupported - ch.SecureRenegotiation = m.secureRenegotiation - ch.HeartbeatSupported = m.heartbeatEnabled - - if len(m.extendedRandom) > 0 { - ch.ExtendedRandom = make([]byte, len(m.extendedRandom)) - copy(ch.ExtendedRandom, m.extendedRandom) - } - - ch.NextProtoNeg = m.nextProtoNeg - ch.ServerName = m.serverName - ch.Scts = m.scts - - ch.SupportedCurves = make([]CurveID, len(m.supportedCurves)) - copy(ch.SupportedCurves, m.supportedCurves) - - ch.SupportedPoints = make([]PointFormat, len(m.supportedPoints)) - for i, aFormat := range m.supportedPoints { - ch.SupportedPoints[i] = PointFormat(aFormat) - } - - if len(m.sessionTicket) > 0 { - ch.SessionTicket = new(SessionTicket) - copy(ch.SessionTicket.Value, m.sessionTicket) - ch.SessionTicket.Length = len(m.sessionTicket) - ch.SessionTicket.LifetimeHint = 0 // Clients don't send - } - - ch.SignatureAndHashes = make([]SignatureAndHash, len(m.signatureAndHashes)) - for i, aGroup := range m.signatureAndHashes { - ch.SignatureAndHashes[i] = SignatureAndHash(aGroup) - } - - ch.SctEnabled = m.sctEnabled - - ch.AlpnProtocols = make([]string, len(m.alpnProtocols)) - copy(ch.AlpnProtocols, m.alpnProtocols) - - ch.UnknownExtensions = make([][]byte, len(m.unknownExtensions)) - for i, extBytes := range m.unknownExtensions { - tempBytes := make([]byte, len(extBytes)) - copy(tempBytes, extBytes) - ch.UnknownExtensions[i] = tempBytes - } - return ch -} - -func (m *serverHelloMsg) MakeLog() *ServerHello { - sh := new(ServerHello) - sh.Version = TLSVersion(m.vers) - sh.Random = make([]byte, len(m.random)) - copy(sh.Random, m.random) - sh.SessionID = make([]byte, len(m.sessionId)) - copy(sh.SessionID, m.sessionId) - sh.CipherSuite = CipherSuite(m.cipherSuite) - sh.CompressionMethod = m.compressionMethod - sh.OcspStapling = m.ocspStapling - sh.TicketSupported = m.ticketSupported - sh.SecureRenegotiation = m.secureRenegotiation - sh.HeartbeatSupported = m.heartbeatEnabled - if len(m.extendedRandom) > 0 { - sh.ExtendedRandom = make([]byte, len(m.extendedRandom)) - copy(sh.ExtendedRandom, m.extendedRandom) - } - if len(m.scts) > 0 { - for _, rawSCT := range m.scts { - var out ParsedAndRawSCT - out.Raw = make([]byte, len(rawSCT)) - copy(out.Raw, rawSCT) - sct, err := ct.DeserializeSCT(bytes.NewReader(rawSCT)) - if err == nil { - out.Parsed = sct - } - sh.SignedCertificateTimestamps = append(sh.SignedCertificateTimestamps, out) - } - } - sh.ExtendedMasterSecret = m.extendedMasterSecret - return sh -} - -func (m *certificateMsg) MakeLog() *Certificates { - sc := new(Certificates) - if len(m.certificates) >= 1 { - cert := m.certificates[0] - sc.Certificate.Raw = make([]byte, len(cert)) - copy(sc.Certificate.Raw, cert) - } - if len(m.certificates) >= 2 { - chain := m.certificates[1:] - sc.Chain = make([]SimpleCertificate, len(chain)) - for idx, cert := range chain { - sc.Chain[idx].Raw = make([]byte, len(cert)) - copy(sc.Chain[idx].Raw, cert) - } - } - return sc -} - -// addParsed sets the parsed certificates and the validation. It assumes the -// chain slice has already been allocated. -func (c *Certificates) addParsed(certs []*x509.Certificate, validation *x509.Validation) { - if len(certs) >= 1 { - c.Certificate.Parsed = certs[0] - } - if len(certs) >= 2 { - chain := certs[1:] - for idx, cert := range chain { - c.Chain[idx].Parsed = cert - } - } - c.Validation = validation -} - -func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange { - skx := new(ServerKeyExchange) - skx.Raw = make([]byte, len(m.key)) - var auth keyAgreementAuthentication - var errAuth error - copy(skx.Raw, m.key) - skx.Digest = append(make([]byte, 0), m.digest...) - - // Write out parameters - switch ka := ka.(type) { - case *rsaKeyAgreement: - skx.RSAParams = ka.RSAParams() - auth = ka.auth - errAuth = ka.verifyError - case *dheKeyAgreement: - skx.DHParams = ka.DHParams() - auth = ka.auth - errAuth = ka.verifyError - case *ecdheKeyAgreement: - skx.ECDHParams = ka.ECDHParams() - auth = ka.auth - errAuth = ka.verifyError - default: - break - } - - // Write out signature - switch auth := auth.(type) { - case *signedKeyAgreement: - skx.Signature = auth.Signature() - default: - break - } - - // Write the signature validation error - if errAuth != nil { - skx.SignatureError = errAuth.Error() - } - - return skx -} - -func (m *finishedMsg) MakeLog() *Finished { - sf := new(Finished) - sf.VerifyData = make([]byte, len(m.verifyData)) - copy(sf.VerifyData, m.verifyData) - return sf -} - -func (m *ClientSessionState) MakeLog() *SessionTicket { - st := new(SessionTicket) - st.Length = len(m.sessionTicket) - st.Value = make([]uint8, st.Length) - copy(st.Value, m.sessionTicket) - st.LifetimeHint = m.lifetimeHint - return st -} - -func (m *clientHandshakeState) MakeLog() *KeyMaterial { - keymat := new(KeyMaterial) - - keymat.MasterSecret = new(MasterSecret) - keymat.MasterSecret.Length = len(m.masterSecret) - keymat.MasterSecret.Value = make([]byte, len(m.masterSecret)) - copy(keymat.MasterSecret.Value, m.masterSecret) - - keymat.PreMasterSecret = new(PreMasterSecret) - keymat.PreMasterSecret.Length = len(m.preMasterSecret) - keymat.PreMasterSecret.Value = make([]byte, len(m.preMasterSecret)) - copy(keymat.PreMasterSecret.Value, m.preMasterSecret) - - return keymat -} - -func (m *serverHandshakeState) MakeLog() *KeyMaterial { - keymat := new(KeyMaterial) - - keymat.MasterSecret = new(MasterSecret) - keymat.MasterSecret.Length = len(m.masterSecret) - keymat.MasterSecret.Value = make([]byte, len(m.masterSecret)) - copy(keymat.MasterSecret.Value, m.masterSecret) - - keymat.PreMasterSecret = new(PreMasterSecret) - keymat.PreMasterSecret.Length = len(m.preMasterSecret) - keymat.PreMasterSecret.Value = make([]byte, len(m.preMasterSecret)) - copy(keymat.PreMasterSecret.Value, m.preMasterSecret) - - return keymat -} - -func (m *clientKeyExchangeMsg) MakeLog(ka keyAgreement) *ClientKeyExchange { - ckx := new(ClientKeyExchange) - ckx.Raw = make([]byte, len(m.raw)) - copy(ckx.Raw, m.raw) - - switch ka := ka.(type) { - case *rsaKeyAgreement: - ckx.RSAParams = new(jsonKeys.RSAClientParams) - ckx.RSAParams.Length = uint16(len(m.ciphertext) - 2) // First 2 bytes are length - ckx.RSAParams.EncryptedPMS = make([]byte, len(m.ciphertext)-2) - copy(ckx.RSAParams.EncryptedPMS, m.ciphertext[2:]) - // Premaster-Secret is available in KeyMaterial record - case *dheKeyAgreement: - ckx.DHParams = ka.ClientDHParams() - case *ecdheKeyAgreement: - ckx.ECDHParams = ka.ClientECDHParams() - default: - break - } - - return ckx -} diff --git a/tls/tls_handshake_test.go b/tls/tls_handshake_test.go deleted file mode 100644 index 4dd5f67a..00000000 --- a/tls/tls_handshake_test.go +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -import ( - "encoding/json" - "reflect" - "testing" -) - -type ZTLSHandshakeSuite struct{} - -func marshalAndUnmarshal(original interface{}, target interface{}) error { - var b []byte - var err error - if b, err = json.Marshal(original); err != nil { - return err - } - if err = json.Unmarshal(b, target); err != nil { - return err - } - return nil -} - -func marshalAndUnmarshalAndCheckEquality(original interface{}, target interface{}, t *testing.T) { - if err := marshalAndUnmarshal(original, target); err != nil { - t.Fatalf("unable to marshalAndUnmarshal: %s", err.Error()) - } - if eq := reflect.DeepEqual(original, target); eq != true { - t.Errorf("expected %+v to equal %+v", original, target) - } -} - -func TestTLSVersionEncodeDecode(t *testing.T) { - v := TLSVersion(VersionTLS12) - var dec TLSVersion - marshalAndUnmarshalAndCheckEquality(&v, &dec, t) -} - -func TestCipherSuiteEncodeDecode(t *testing.T) { - v := CipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) - var dec CipherSuite - marshalAndUnmarshalAndCheckEquality(&v, &dec, t) - expectedName := nameForSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) - if decodedName := dec.String(); decodedName != expectedName { - t.Errorf("decoded wrong name, got %s, expected %s", decodedName, expectedName) - } -} diff --git a/tls/tls_heartbeat.go b/tls/tls_heartbeat.go deleted file mode 100644 index 66e01f6c..00000000 --- a/tls/tls_heartbeat.go +++ /dev/null @@ -1,89 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -import ( - "errors" -) - -const ( - // Record Type - recordTypeHeartbeat recordType = 24 - - // Extension Number - extensionHeartbeat uint16 = 15 - - // Heartbeat Mode - heartbeatModePeerAllowed uint8 = 1 - heartbeatModePeerNotAllowed uint8 = 2 - - // Heartbeat Message Types - heartbeatTypeRequest uint8 = 1 - heartbeatTypeResponse uint8 = 2 -) - -var ( - HeartbleedError = errors.New("Error after Heartbleed") -) - -type Heartbleed struct { - HeartbeatEnabled bool `json:"heartbeat_enabled"` - Vulnerable bool `json:"heartbleed_vulnerable"` -} - -type heartbleedMessage struct { - raw []byte -} - -func (m *heartbleedMessage) marshal() []byte { - x := make([]byte, 3) - x[0] = 1 - x[1] = byte(0x00) - x[2] = byte(0x00) - m.raw = x - return x -} - -func (c *Conn) CheckHeartbleed(b []byte) (n int, err error) { - if err = c.Handshake(); err != nil { - return - } - if !c.heartbeat { - return - } - c.in.Lock() - defer c.in.Unlock() - - hb := heartbleedMessage{} - hb.marshal() - - if _, err = c.writeRecord(recordTypeHeartbeat, hb.raw); err != nil { - return 0, err - } - - if err = c.readRecord(recordTypeHeartbeat); err != nil { - return 0, HeartbleedError - } - if c.in.err != nil { - return 0, HeartbleedError - } - n, err = c.input.Read(b) - if c.input.off >= len(c.input.data) { - c.in.freeBlock(c.input) - c.input = nil - } - - if n != 0 { - return n, HeartbleedError - } - if err != nil { - return 0, HeartbleedError - } - return 0, HeartbleedError -} - -func (c *Conn) GetHeartbleedLog() *Heartbleed { - return c.heartbleedLog -} diff --git a/tls/tls_ka.go b/tls/tls_ka.go deleted file mode 100644 index e5b2a264..00000000 --- a/tls/tls_ka.go +++ /dev/null @@ -1,172 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -import ( - "encoding/json" - "math/big" - "regexp" - "strconv" - - jsonKeys "github.com/zmap/zcrypto/json" -) - -// SignatureAndHash is a SigAndHash that implements json.Marshaler and -// json.Unmarshaler -type SignatureAndHash SigAndHash - -type auxSignatureAndHash struct { - SignatureAlgorithm string `json:"signature_algorithm"` - HashAlgorithm string `json:"hash_algorithm"` -} - -// MarshalJSON implements the json.Marshaler interface -func (sh *SignatureAndHash) MarshalJSON() ([]byte, error) { - aux := auxSignatureAndHash{ - SignatureAlgorithm: nameForSignature(sh.Signature), - HashAlgorithm: nameForHash(sh.Hash), - } - return json.Marshal(&aux) -} - -var unknownAlgorithmRegex = regexp.MustCompile(`unknown\.(\d+)`) - -// UnmarshalJSON implements the json.Unmarshaler interface -func (sh *SignatureAndHash) UnmarshalJSON(b []byte) error { - aux := new(auxSignatureAndHash) - if err := json.Unmarshal(b, aux); err != nil { - return err - } - sh.Signature = signatureToName(aux.SignatureAlgorithm) - sh.Hash = hashToName(aux.HashAlgorithm) - return nil -} - -func (ka *rsaKeyAgreement) RSAParams() *jsonKeys.RSAPublicKey { - out := new(jsonKeys.RSAPublicKey) - out.PublicKey = ka.publicKey - return out -} - -func (ka *ecdheKeyAgreement) ECDHParams() *jsonKeys.ECDHParams { - out := new(jsonKeys.ECDHParams) - out.TLSCurveID = jsonKeys.TLSCurveID(ka.curveID) - out.ServerPublic = &jsonKeys.ECPoint{} - if ka.x != nil { - out.ServerPublic.X = new(big.Int) - out.ServerPublic.X.Set(ka.x) - } - if ka.y != nil { - out.ServerPublic.Y = new(big.Int) - out.ServerPublic.Y.Set(ka.y) - } - if len(ka.serverPrivKey) > 0 { - out.ServerPrivate = new(jsonKeys.ECDHPrivateParams) - out.ServerPrivate.Length = len(ka.serverPrivKey) - out.ServerPrivate.Value = make([]byte, len(ka.serverPrivKey)) - copy(out.ServerPrivate.Value, ka.serverPrivKey) - } - return out -} - -func (ka *ecdheKeyAgreement) ClientECDHParams() *jsonKeys.ECDHParams { - out := new(jsonKeys.ECDHParams) - out.TLSCurveID = jsonKeys.TLSCurveID(ka.curveID) - out.ClientPublic = &jsonKeys.ECPoint{} - if ka.clientX != nil { - out.ClientPublic.X = new(big.Int) - out.ClientPublic.X.Set(ka.clientX) - } - if ka.clientY != nil { - out.ClientPublic.Y = new(big.Int) - out.ClientPublic.Y.Set(ka.clientY) - } - - if len(ka.clientPrivKey) > 0 { - out.ClientPrivate = new(jsonKeys.ECDHPrivateParams) - out.ClientPrivate.Length = len(ka.clientPrivKey) - out.ClientPrivate.Value = make([]byte, len(ka.clientPrivKey)) - copy(out.ClientPrivate.Value, ka.clientPrivKey) - } - return out -} - -func (ka *dheKeyAgreement) DHParams() *jsonKeys.DHParams { - out := new(jsonKeys.DHParams) - if ka.p != nil { - out.Prime = new(big.Int).Set(ka.p) - } - if ka.g != nil { - out.Generator = new(big.Int).Set(ka.g) - } - if ka.yServer != nil { - out.ServerPublic = new(big.Int).Set(ka.yServer) - if ka.yOurs != nil && ka.xOurs != nil && ka.yServer.Cmp(ka.yOurs) == 0 { - out.ServerPrivate = new(big.Int).Set(ka.xOurs) - } - } - return out -} - -func (ka *dheKeyAgreement) ClientDHParams() *jsonKeys.DHParams { - out := new(jsonKeys.DHParams) - if ka.p != nil { - out.Prime = new(big.Int).Set(ka.p) - } - if ka.g != nil { - out.Generator = new(big.Int).Set(ka.g) - } - if ka.yClient != nil { - out.ClientPublic = new(big.Int).Set(ka.yClient) - if ka.yOurs != nil && ka.xOurs != nil && ka.yClient.Cmp(ka.yOurs) == 0 { - out.ClientPrivate = new(big.Int).Set(ka.xOurs) - } - } - return out -} - -// DigitalSignature represents a signature for a digitally-signed-struct in the -// TLS record protocol. It is dependent on the version of TLS in use. In TLS -// 1.2, the first two bytes of the signature specify the signature and hash -// algorithms. These are contained the TLSSignature.Raw field, but also parsed -// out into TLSSignature.SigHashExtension. In older versions of TLS, the -// signature and hash extension is not used, and so -// TLSSignature.SigHashExtension will be empty. The version string is stored in -// TLSSignature.TLSVersion. -type DigitalSignature struct { - Raw []byte `json:"raw"` - Type string `json:"type,omitempty"` - Valid bool `json:"valid"` - SigHashExtension *SignatureAndHash `json:"signature_and_hash_type,omitempty"` - Version TLSVersion `json:"tls_version"` -} - -func signatureTypeToName(sigType uint8) string { - switch sigType { - case signatureRSA: - return "rsa" - case signatureDSA: - return "dsa" - case signatureECDSA: - return "ecdsa" - default: - break - } - return "unknown." + strconv.Itoa(int(sigType)) -} - -func (ka *signedKeyAgreement) Signature() *DigitalSignature { - out := DigitalSignature{ - Raw: ka.raw, - Type: signatureTypeToName(ka.sigType), - Valid: ka.valid, - Version: TLSVersion(ka.version), - } - if ka.version >= VersionTLS12 { - out.SigHashExtension = new(SignatureAndHash) - *out.SigHashExtension = SignatureAndHash(ka.sh) - } - return &out -} diff --git a/tls/tls_names.go b/tls/tls_names.go index 60874d00..a97fdff4 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -505,15 +505,17 @@ func hashToName(n string) uint8 { } func nameForSuite(cs uint16) string { - cipher := CipherSuite(cs) + cipher := CipherSuiteID(cs) return cipher.String() } -func (cs CipherSuite) Bytes() []byte { +type CipherSuiteID uint16 + +func (cs CipherSuiteID) Bytes() []byte { return []byte{uint8(cs >> 8), uint8(cs)} } -func (cs CipherSuite) String() string { +func (cs CipherSuiteID) String() string { if name, ok := cipherSuiteNames[int(cs)]; ok { return name } @@ -527,12 +529,14 @@ func (cm CompressionMethod) String() string { return "unknown" } +/* func (curveID CurveID) String() string { if name, ok := curveNames[uint16(curveID)]; ok { return name } return "unknown" } +*/ func (pFormat PointFormat) String() string { if name, ok := pointFormatNames[uint8(pFormat)]; ok { @@ -580,12 +584,14 @@ func nameForSignatureScheme(scheme uint16) string { return sigScheme.String() } +/* func (sigScheme *SignatureScheme) String() string { if name, ok := signatureSchemeNames[uint16(*sigScheme)]; ok { return name } return "unknown" } +*/ func (sigScheme *SignatureScheme) Bytes() []byte { return []byte{byte(*sigScheme >> 8), byte(*sigScheme)} diff --git a/tls/tls_test.go b/tls/tls_test.go index f8c94ff3..2a3211bf 100644 --- a/tls/tls_test.go +++ b/tls/tls_test.go @@ -5,12 +5,23 @@ package tls import ( + "bytes" + "context" + "crypto" + "encoding/json" + "errors" "fmt" "io" + "math" "net" + "os" + "reflect" "strings" "testing" "time" + + "github.com/zmap/zcrypto/internal/testenv" + "github.com/zmap/zcrypto/x509" ) var rsaCertPEM = `-----BEGIN CERTIFICATE----- @@ -27,7 +38,7 @@ r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V -----END CERTIFICATE----- ` -var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY----- +var rsaKeyPEM = testingKey(`-----BEGIN RSA TESTING KEY----- MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N @@ -35,12 +46,12 @@ MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== ------END RSA PRIVATE KEY----- -` +-----END RSA TESTING KEY----- +`) // keyPEM is the same as rsaKeyPEM, but declares itself as just -// "PRIVATE KEY", not "RSA PRIVATE KEY". http://golang.org/issue/4477 -var keyPEM = `-----BEGIN PRIVATE KEY----- +// "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477 +var keyPEM = testingKey(`-----BEGIN TESTING KEY----- MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N @@ -48,8 +59,8 @@ MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== ------END PRIVATE KEY----- -` +-----END TESTING KEY----- +`) var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw @@ -66,17 +77,17 @@ H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1 -----END CERTIFICATE----- ` -var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS----- +var ecdsaKeyPEM = testingKey(`-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- +-----BEGIN EC TESTING KEY----- MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0 NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== ------END EC PRIVATE KEY----- -` +-----END EC TESTING KEY----- +`) var keyPairTests = []struct { algo string @@ -89,6 +100,7 @@ var keyPairTests = []struct { } func TestX509KeyPair(t *testing.T) { + t.Parallel() var pem []byte for _, test := range keyPairTests { pem = []byte(test.cert + test.key) @@ -102,6 +114,38 @@ func TestX509KeyPair(t *testing.T) { } } +func TestX509KeyPairErrors(t *testing.T) { + _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when arguments were switched") + } + if subStr := "been switched"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err) + } + + _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates") + } + if subStr := "certificate"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err) + } + + const nonsensePEM = ` +-----BEGIN NONSENSE----- +Zm9vZm9vZm9v +-----END NONSENSE----- +` + + _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense") + } + if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err) + } +} + func TestX509MixedKeyPair(t *testing.T) { if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil { t.Error("Load of RSA certificate succeeded with ECDSA private key") @@ -111,7 +155,7 @@ func TestX509MixedKeyPair(t *testing.T) { } } -func newLocalListener(t *testing.T) net.Listener { +func newLocalListener(t testing.TB) net.Listener { ln, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { ln, err = net.Listen("tcp6", "[::1]:0") @@ -153,18 +197,137 @@ func TestDialTimeout(t *testing.T) { t.Fatal("DialWithTimeout completed successfully") } - if !strings.Contains(err.Error(), "timed out") { - t.Errorf("resulting error not a timeout: %s", err) + if !isTimeoutError(err) { + t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err) + } +} + +func TestDeadlineOnWrite(t *testing.T) { + if testing.Short() { + t.Skip("skipping in short mode") + } + + ln := newLocalListener(t) + defer ln.Close() + + srvCh := make(chan *Conn, 1) + + go func() { + sconn, err := ln.Accept() + if err != nil { + srvCh <- nil + return + } + srv := Server(sconn, testConfig.Clone()) + if err := srv.Handshake(); err != nil { + srvCh <- nil + return + } + srvCh <- srv + }() + + clientConfig := testConfig.Clone() + clientConfig.MaxVersion = VersionTLS12 + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + defer conn.Close() + + srv := <-srvCh + if srv == nil { + t.Error(err) + } + + // Make sure the client/server is setup correctly and is able to do a typical Write/Read + buf := make([]byte, 6) + if _, err := srv.Write([]byte("foobar")); err != nil { + t.Errorf("Write err: %v", err) + } + if n, err := conn.Read(buf); n != 6 || err != nil || string(buf) != "foobar" { + t.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) + } + + // Set a deadline which should cause Write to timeout + if err = srv.SetDeadline(time.Now()); err != nil { + t.Fatalf("SetDeadline(time.Now()) err: %v", err) + } + if _, err = srv.Write([]byte("should fail")); err == nil { + t.Fatal("Write should have timed out") + } + + // Clear deadline and make sure it still times out + if err = srv.SetDeadline(time.Time{}); err != nil { + t.Fatalf("SetDeadline(time.Time{}) err: %v", err) + } + if _, err = srv.Write([]byte("This connection is permanently broken")); err == nil { + t.Fatal("Write which previously failed should still time out") + } + + // Verify the error + if ne := err.(net.Error); ne.Temporary() != false { + t.Error("Write timed out but incorrectly classified the error as Temporary") + } + if !isTimeoutError(err) { + t.Error("Write timed out but did not classify the error as a Timeout") + } +} + +type readerFunc func([]byte) (int, error) + +func (f readerFunc) Read(b []byte) (int, error) { return f(b) } + +// TestDialer tests that tls.Dialer.DialContext can abort in the middle of a handshake. +// (The other cases are all handled by the existing dial tests in this package, which +// all also flow through the same code shared code paths) +func TestDialer(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + unblockServer := make(chan struct{}) // close-only + defer close(unblockServer) + go func() { + conn, err := ln.Accept() + if err != nil { + return + } + defer conn.Close() + <-unblockServer + }() + + ctx, cancel := context.WithCancel(context.Background()) + d := Dialer{Config: &Config{ + Rand: readerFunc(func(b []byte) (n int, err error) { + // By the time crypto/tls wants randomness, that means it has a TCP + // connection, so we're past the Dialer's dial and now blocked + // in a handshake. Cancel our context and see if we get unstuck. + // (Our TCP listener above never reads or writes, so the Handshake + // would otherwise be stuck forever) + cancel() + return len(b), nil + }), + ServerName: "foo", + }} + _, err := d.DialContext(ctx, "tcp", ln.Addr().String()) + if err != context.Canceled { + t.Errorf("err = %v; want context.Canceled", err) } } +func isTimeoutError(err error) bool { + if ne, ok := err.(net.Error); ok { + return ne.Timeout() + } + return false +} + // tests that Conn.Read returns (non-zero, io.EOF) instead of // (non-zero, nil) when a Close (alertCloseNotify) is sitting right // behind the application data in the buffer. func TestConnReadNonzeroAndEOF(t *testing.T) { // This test is racy: it assumes that after a write to a // localhost TCP connection, the peer TCP connection can - // immediately read it. Because it's racy, we skip this test + // immediately read it. Because it's racy, we skip this test // in short mode, and then retry it several times with an // increasing sleep in between our final write (via srv.Close // below) and the following read. @@ -193,8 +356,8 @@ func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { srvCh <- nil return } - serverConfig := *testConfig - srv := Server(sconn, &serverConfig) + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) if err := srv.Handshake(); err != nil { serr = fmt.Errorf("handshake: %v", err) srvCh <- nil @@ -203,8 +366,11 @@ func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { srvCh <- srv }() - clientConfig := *testConfig - conn, err := Dial("tcp", ln.Addr().String(), &clientConfig) + clientConfig := testConfig.Clone() + // In TLS 1.3, alerts are encrypted and disguised as application data, so + // the opportunistic peek won't work. + clientConfig.MaxVersion = VersionTLS12 + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) if err != nil { t.Fatal(err) } @@ -235,3 +401,1077 @@ func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { } return nil } + +func TestTLSUniqueMatches(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + serverTLSUniques := make(chan []byte) + parentDone := make(chan struct{}) + childDone := make(chan struct{}) + defer close(parentDone) + go func() { + defer close(childDone) + for i := 0; i < 2; i++ { + sconn, err := ln.Accept() + if err != nil { + t.Error(err) + return + } + serverConfig := testConfig.Clone() + serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3 + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + t.Error(err) + return + } + select { + case <-parentDone: + return + case serverTLSUniques <- srv.ConnectionState().TLSUnique: + } + } + }() + + clientConfig := testConfig.Clone() + clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + + var serverTLSUniquesValue []byte + select { + case <-childDone: + return + case serverTLSUniquesValue = <-serverTLSUniques: + } + + if !bytes.Equal(conn.ConnectionState().TLSUnique, serverTLSUniquesValue) { + t.Error("client and server channel bindings differ") + } + conn.Close() + + conn, err = Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + defer conn.Close() + if !conn.ConnectionState().DidResume { + t.Error("second session did not use resumption") + } + + select { + case <-childDone: + return + case serverTLSUniquesValue = <-serverTLSUniques: + } + + if !bytes.Equal(conn.ConnectionState().TLSUnique, serverTLSUniquesValue) { + t.Error("client and server channel bindings differ when session resumption is used") + } +} + +func TestVerifyHostname(t *testing.T) { + testenv.MustHaveExternalNetwork(t) + + c, err := Dial("tcp", "www.google.com:https", &Config{}) + if err != nil { + t.Fatal(err) + } + if err := c.VerifyHostname("www.google.com"); err != nil { + t.Fatalf("verify www.google.com: %v", err) + } + if err := c.VerifyHostname("www.yahoo.com"); err == nil { + t.Fatalf("verify www.yahoo.com succeeded") + } + + c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true}) + if err != nil { + t.Fatal(err) + } + if err := c.VerifyHostname("www.google.com"); err == nil { + t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") + } +} + +func TestConnCloseBreakingWrite(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + srvCh := make(chan *Conn, 1) + var serr error + var sconn net.Conn + go func() { + var err error + sconn, err = ln.Accept() + if err != nil { + serr = err + srvCh <- nil + return + } + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + serr = fmt.Errorf("handshake: %v", err) + srvCh <- nil + return + } + srvCh <- srv + }() + + cconn, err := net.Dial("tcp", ln.Addr().String()) + if err != nil { + t.Fatal(err) + } + defer cconn.Close() + + conn := &changeImplConn{ + Conn: cconn, + } + + clientConfig := testConfig.Clone() + tconn := Client(conn, clientConfig) + if err := tconn.Handshake(); err != nil { + t.Fatal(err) + } + + srv := <-srvCh + if srv == nil { + t.Fatal(serr) + } + defer sconn.Close() + + connClosed := make(chan struct{}) + conn.closeFunc = func() error { + close(connClosed) + return nil + } + + inWrite := make(chan bool, 1) + var errConnClosed = errors.New("conn closed for test") + conn.writeFunc = func(p []byte) (n int, err error) { + inWrite <- true + <-connClosed + return 0, errConnClosed + } + + closeReturned := make(chan bool, 1) + go func() { + <-inWrite + tconn.Close() // test that this doesn't block forever. + closeReturned <- true + }() + + _, err = tconn.Write([]byte("foo")) + if err != errConnClosed { + t.Errorf("Write error = %v; want errConnClosed", err) + } + + <-closeReturned + if err := tconn.Close(); err != net.ErrClosed { + t.Errorf("Close error = %v; want net.ErrClosed", err) + } +} + +func TestConnCloseWrite(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + clientDoneChan := make(chan struct{}) + + serverCloseWrite := func() error { + sconn, err := ln.Accept() + if err != nil { + return fmt.Errorf("accept: %v", err) + } + defer sconn.Close() + + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + return fmt.Errorf("handshake: %v", err) + } + defer srv.Close() + + data, err := io.ReadAll(srv) + if err != nil { + return err + } + if len(data) > 0 { + return fmt.Errorf("Read data = %q; want nothing", data) + } + + if err := srv.CloseWrite(); err != nil { + return fmt.Errorf("server CloseWrite: %v", err) + } + + // Wait for clientCloseWrite to finish, so we know we + // tested the CloseWrite before we defer the + // sconn.Close above, which would also cause the + // client to unblock like CloseWrite. + <-clientDoneChan + return nil + } + + clientCloseWrite := func() error { + defer close(clientDoneChan) + + clientConfig := testConfig.Clone() + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + return err + } + if err := conn.Handshake(); err != nil { + return err + } + defer conn.Close() + + if err := conn.CloseWrite(); err != nil { + return fmt.Errorf("client CloseWrite: %v", err) + } + + if _, err := conn.Write([]byte{0}); err != errShutdown { + return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) + } + + data, err := io.ReadAll(conn) + if err != nil { + return err + } + if len(data) > 0 { + return fmt.Errorf("Read data = %q; want nothing", data) + } + return nil + } + + errChan := make(chan error, 2) + + go func() { errChan <- serverCloseWrite() }() + go func() { errChan <- clientCloseWrite() }() + + for i := 0; i < 2; i++ { + select { + case err := <-errChan: + if err != nil { + t.Fatal(err) + } + case <-time.After(10 * time.Second): + t.Fatal("deadlock") + } + } + + // Also test CloseWrite being called before the handshake is + // finished: + { + ln2 := newLocalListener(t) + defer ln2.Close() + + netConn, err := net.Dial("tcp", ln2.Addr().String()) + if err != nil { + t.Fatal(err) + } + defer netConn.Close() + conn := Client(netConn, testConfig.Clone()) + + if err := conn.CloseWrite(); err != errEarlyCloseWrite { + t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err) + } + } +} + +func TestWarningAlertFlood(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + server := func() error { + sconn, err := ln.Accept() + if err != nil { + return fmt.Errorf("accept: %v", err) + } + defer sconn.Close() + + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + return fmt.Errorf("handshake: %v", err) + } + defer srv.Close() + + _, err = io.ReadAll(srv) + if err == nil { + return errors.New("unexpected lack of error from server") + } + const expected = "too many ignored" + if str := err.Error(); !strings.Contains(str, expected) { + return fmt.Errorf("expected error containing %q, but saw: %s", expected, str) + } + + return nil + } + + errChan := make(chan error, 1) + go func() { errChan <- server() }() + + clientConfig := testConfig.Clone() + clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3 + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + defer conn.Close() + if err := conn.Handshake(); err != nil { + t.Fatal(err) + } + + for i := 0; i < maxUselessRecords+1; i++ { + conn.sendAlert(alertNoRenegotiation) + } + + if err := <-errChan; err != nil { + t.Fatal(err) + } +} + +func TestCloneFuncFields(t *testing.T) { + const expectedCount = 6 + called := 0 + + c1 := Config{ + Time: func() time.Time { + called |= 1 << 0 + return time.Time{} + }, + GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { + called |= 1 << 1 + return nil, nil + }, + GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) { + called |= 1 << 2 + return nil, nil + }, + GetConfigForClient: func(*ClientHelloInfo) (*Config, error) { + called |= 1 << 3 + return nil, nil + }, + VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains []x509.CertificateChain) error { + called |= 1 << 4 + return nil + }, + VerifyConnection: func(ConnectionState) error { + called |= 1 << 5 + return nil + }, + } + + c2 := c1.Clone() + + c2.Time() + c2.GetCertificate(nil) + c2.GetClientCertificate(nil) + c2.GetConfigForClient(nil) + c2.VerifyPeerCertificate(nil, nil) + c2.VerifyConnection(ConnectionState{}) + + if called != (1< len(p) { + allowed = len(p) + } + if wrote < allowed { + n, err := c.Conn.Write(p[wrote:allowed]) + wrote += n + if err != nil { + return wrote, err + } + } + } + return len(p), nil +} + +func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) { + ln := newLocalListener(b) + defer ln.Close() + + N := b.N + + go func() { + for i := 0; i < N; i++ { + sconn, err := ln.Accept() + if err != nil { + // panic rather than synchronize to avoid benchmark overhead + // (cannot call b.Fatal in goroutine) + panic(fmt.Errorf("accept: %v", err)) + } + serverConfig := testConfig.Clone() + serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled + srv := Server(&slowConn{sconn, bps}, serverConfig) + if err := srv.Handshake(); err != nil { + panic(fmt.Errorf("handshake: %v", err)) + } + io.Copy(srv, srv) + } + }() + + clientConfig := testConfig.Clone() + clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled + clientConfig.MaxVersion = version + + buf := make([]byte, 16384) + peek := make([]byte, 1) + + for i := 0; i < N; i++ { + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + b.Fatal(err) + } + // make sure we're connected and previous connection has stopped + if _, err := conn.Write(buf[:1]); err != nil { + b.Fatal(err) + } + if _, err := io.ReadFull(conn, peek); err != nil { + b.Fatal(err) + } + if _, err := conn.Write(buf); err != nil { + b.Fatal(err) + } + if _, err = io.ReadFull(conn, peek); err != nil { + b.Fatal(err) + } + conn.Close() + } +} + +func BenchmarkLatency(b *testing.B) { + for _, mode := range []string{"Max", "Dynamic"} { + for _, kbps := range []int{200, 500, 1000, 2000, 5000} { + name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps) + b.Run(name, func(b *testing.B) { + b.Run("TLSv12", func(b *testing.B) { + latency(b, VersionTLS12, kbps*1000, mode == "Max") + }) + b.Run("TLSv13", func(b *testing.B) { + latency(b, VersionTLS13, kbps*1000, mode == "Max") + }) + }) + } + } +} + +func TestConnectionStateMarshal(t *testing.T) { + cs := &ConnectionState{} + _, err := json.Marshal(cs) + if err != nil { + t.Errorf("json.Marshal failed on ConnectionState: %v", err) + } +} + +func TestConnectionState(t *testing.T) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + now := func() time.Time { return time.Unix(1476984729, 0) } + + const alpnProtocol = "golang" + const serverName = "example.golang" + var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} + var ocsp = []byte("dummy ocsp") + + for _, v := range []uint16{VersionTLS12, VersionTLS13} { + var name string + switch v { + case VersionTLS12: + name = "TLSv12" + case VersionTLS13: + name = "TLSv13" + } + t.Run(name, func(t *testing.T) { + config := &Config{ + Time: now, + Rand: zeroSource{}, + Certificates: make([]Certificate, 1), + MaxVersion: v, + RootCAs: rootCAs, + ClientCAs: rootCAs, + ClientAuth: RequireAndVerifyClientCert, + NextProtos: []string{alpnProtocol}, + ServerName: serverName, + } + config.Certificates[0].Certificate = [][]byte{testRSACertificate} + config.Certificates[0].PrivateKey = testRSAPrivateKey + config.Certificates[0].SignedCertificateTimestamps = scts + config.Certificates[0].OCSPStaple = ocsp + + ss, cs, err := testHandshake(t, config, config) + if err != nil { + t.Fatalf("Handshake failed: %v", err) + } + + if ss.Version != v || cs.Version != v { + t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v) + } + + if !ss.HandshakeComplete || !cs.HandshakeComplete { + t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete) + } + + if ss.DidResume || cs.DidResume { + t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume) + } + + if ss.CipherSuite == 0 || cs.CipherSuite == 0 { + t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite) + } + + if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol { + t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol) + } + + if !cs.NegotiatedProtocolIsMutual { + t.Errorf("Got false NegotiatedProtocolIsMutual on the client side") + } + // NegotiatedProtocolIsMutual on the server side is unspecified. + + if ss.ServerName != serverName { + t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName) + } + if cs.ServerName != serverName { + t.Errorf("Got server name on client connection %q, expected %q", cs.ServerName, serverName) + } + + if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 { + t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1) + } + + if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 { + t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1) + } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 { + t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2) + } + + if len(cs.SignedCertificateTimestamps) != 2 { + t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2) + } + if !bytes.Equal(cs.OCSPResponse, ocsp) { + t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp) + } + // Only TLS 1.3 supports OCSP and SCTs on client certs. + if v == VersionTLS13 { + if len(ss.SignedCertificateTimestamps) != 2 { + t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2) + } + if !bytes.Equal(ss.OCSPResponse, ocsp) { + t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp) + } + } + + if v == VersionTLS13 { + if ss.TLSUnique != nil || cs.TLSUnique != nil { + t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique) + } + } else { + if ss.TLSUnique == nil || cs.TLSUnique == nil { + t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique) + } + } + }) + } +} + +// Issue 28744: Ensure that we don't modify memory +// that Config doesn't own such as Certificates. +func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) { + c0 := Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + } + c1 := Certificate{ + Certificate: [][]byte{testSNICertificate}, + PrivateKey: testRSAPrivateKey, + } + config := testConfig.Clone() + config.Certificates = []Certificate{c0, c1} + + config.BuildNameToCertificate() + got := config.Certificates + want := []Certificate{c0, c1} + if !reflect.DeepEqual(got, want) { + t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want) + } +} + +func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } + +func TestClientHelloInfo_SupportsCertificate(t *testing.T) { + rsaCert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + } + pkcs1Cert := &Certificate{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, + } + ecdsaCert := &Certificate{ + // ECDSA P-256 certificate + Certificate: [][]byte{testP256Certificate}, + PrivateKey: testP256PrivateKey, + } + ed25519Cert := &Certificate{ + Certificate: [][]byte{testEd25519Certificate}, + PrivateKey: testEd25519PrivateKey, + } + + tests := []struct { + c *Certificate + chi *ClientHelloInfo + wantErr string + }{ + {rsaCert, &ClientHelloInfo{ + ServerName: "example.golang", + SignatureSchemes: []SignatureScheme{PSSWithSHA256}, + SupportedVersions: []uint16{VersionTLS13}, + }, ""}, + {ecdsaCert, &ClientHelloInfo{ + SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, + }, ""}, + {rsaCert, &ClientHelloInfo{ + ServerName: "example.com", + SignatureSchemes: []SignatureScheme{PSSWithSHA256}, + SupportedVersions: []uint16{VersionTLS13}, + }, "not valid for requested server name"}, + {ecdsaCert, &ClientHelloInfo{ + SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384}, + SupportedVersions: []uint16{VersionTLS13}, + }, "signature algorithms"}, + {pkcs1Cert, &ClientHelloInfo{ + SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS13}, + }, "signature algorithms"}, + + {rsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + SignatureSchemes: []SignatureScheme{PKCS1WithSHA1}, + SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, + }, "signature algorithms"}, + {rsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + SignatureSchemes: []SignatureScheme{PKCS1WithSHA1}, + SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, + config: &Config{ + MaxVersion: VersionTLS12, + }, + }, ""}, // Check that mutual version selection works. + + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, ""}, + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384}, + SupportedVersions: []uint16{VersionTLS12}, + }, ""}, // TLS 1.2 does not restrict curves based on the SignatureScheme. + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: nil, + SupportedVersions: []uint16{VersionTLS12}, + }, ""}, // TLS 1.2 comes with default signature schemes. + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, "cipher suite"}, + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + config: &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + }, + }, "cipher suite"}, + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP384}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, "certificate curve"}, + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{1}, + SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, "doesn't support ECDHE"}, + {ecdsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{PSSWithSHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, "signature algorithms"}, + + {ed25519Cert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{Ed25519}, + SupportedVersions: []uint16{VersionTLS12}, + }, ""}, + {ed25519Cert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{Ed25519}, + SupportedVersions: []uint16{VersionTLS10}, + }, "doesn't support Ed25519"}, + {ed25519Cert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SupportedCurves: []CurveID{}, + SupportedPoints: []uint8{pointFormatUncompressed}, + SignatureSchemes: []SignatureScheme{Ed25519}, + SupportedVersions: []uint16{VersionTLS12}, + }, "doesn't support ECDHE"}, + + {rsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, + SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support + SupportedPoints: []uint8{pointFormatUncompressed}, + SupportedVersions: []uint16{VersionTLS10}, + }, ""}, + {rsaCert, &ClientHelloInfo{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + SupportedVersions: []uint16{VersionTLS12}, + }, ""}, // static RSA fallback + } + for i, tt := range tests { + err := tt.chi.SupportsCertificate(tt.c) + switch { + case tt.wantErr == "" && err != nil: + t.Errorf("%d: unexpected error: %v", i, err) + case tt.wantErr != "" && err == nil: + t.Errorf("%d: unexpected success", i) + case tt.wantErr != "" && !strings.Contains(err.Error(), tt.wantErr): + t.Errorf("%d: got error %q, expected %q", i, err, tt.wantErr) + } + } +} + +func TestCipherSuites(t *testing.T) { + var lastID uint16 + for _, c := range CipherSuites() { + if lastID > c.ID { + t.Errorf("CipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID) + } else { + lastID = c.ID + } + + if c.Insecure { + t.Errorf("%#04x: Insecure CipherSuite returned by CipherSuites()", c.ID) + } + } + lastID = 0 + for _, c := range InsecureCipherSuites() { + if lastID > c.ID { + t.Errorf("InsecureCipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID) + } else { + lastID = c.ID + } + + if !c.Insecure { + t.Errorf("%#04x: not Insecure CipherSuite returned by InsecureCipherSuites()", c.ID) + } + } + + cipherSuiteByID := func(id uint16) *CipherSuite { + for _, c := range CipherSuites() { + if c.ID == id { + return c + } + } + for _, c := range InsecureCipherSuites() { + if c.ID == id { + return c + } + } + return nil + } + + for _, c := range cipherSuites { + cc := cipherSuiteByID(c.id) + if cc == nil { + t.Errorf("%#04x: no CipherSuite entry", c.id) + continue + } + + if defaultOff := c.flags&suiteDefaultOff != 0; defaultOff != cc.Insecure { + t.Errorf("%#04x: Insecure %v, expected %v", c.id, cc.Insecure, defaultOff) + } + if tls12Only := c.flags&suiteTLS12 != 0; tls12Only && len(cc.SupportedVersions) != 1 { + t.Errorf("%#04x: suite is TLS 1.2 only, but SupportedVersions is %v", c.id, cc.SupportedVersions) + } else if !tls12Only && len(cc.SupportedVersions) != 3 { + t.Errorf("%#04x: suite TLS 1.0-1.2, but SupportedVersions is %v", c.id, cc.SupportedVersions) + } + + if got := CipherSuiteName(c.id); got != cc.Name { + t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name) + } + } + for _, c := range cipherSuitesTLS13 { + cc := cipherSuiteByID(c.id) + if cc == nil { + t.Errorf("%#04x: no CipherSuite entry", c.id) + continue + } + + if cc.Insecure { + t.Errorf("%#04x: Insecure %v, expected false", c.id, cc.Insecure) + } + if len(cc.SupportedVersions) != 1 || cc.SupportedVersions[0] != VersionTLS13 { + t.Errorf("%#04x: suite is TLS 1.3 only, but SupportedVersions is %v", c.id, cc.SupportedVersions) + } + + if got := CipherSuiteName(c.id); got != cc.Name { + t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name) + } + } + + if got := CipherSuiteName(0xabc); got != "0x0ABC" { + t.Errorf("unexpected fallback CipherSuiteName: got %q, expected 0x0ABC", got) + } +} + +type brokenSigner struct{ crypto.Signer } + +func (s brokenSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { + // Replace opts with opts.HashFunc(), so rsa.PSSOptions are discarded. + return s.Signer.Sign(rand, digest, opts.HashFunc()) +} + +// TestPKCS1OnlyCert uses a client certificate with a broken crypto.Signer that +// always makes PKCS #1 v1.5 signatures, so can't be used with RSA-PSS. +func TestPKCS1OnlyCert(t *testing.T) { + clientConfig := testConfig.Clone() + clientConfig.Certificates = []Certificate{{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: brokenSigner{testRSAPrivateKey}, + }} + serverConfig := testConfig.Clone() + serverConfig.MaxVersion = VersionTLS12 // TLS 1.3 doesn't support PKCS #1 v1.5 + serverConfig.ClientAuth = RequireAnyClientCert + + // If RSA-PSS is selected, the handshake should fail. + if _, _, err := testHandshake(t, clientConfig, serverConfig); err == nil { + t.Fatal("expected broken certificate to cause connection to fail") + } + + clientConfig.Certificates[0].SupportedSignatureAlgorithms = + []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256} + + // But if the certificate restricts supported algorithms, RSA-PSS should not + // be selected, and the handshake should succeed. + if _, _, err := testHandshake(t, clientConfig, serverConfig); err != nil { + t.Error(err) + } +} diff --git a/verifier/verifier.go b/verifier/verifier.go index 6b1bab1d..33bfcfb8 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -64,6 +64,12 @@ type VerificationResult struct { // CRLRevocationInfo provides revocation info when CRLRevoked is true CRLRevocationInfo *RevocationInfo + // OCSPCheckError will be non-nil when there was some sort of error from OCSP check + OCSPCheckError error + + // CRLCheckError will be non-nil when there was some sort of error from CRL check + CRLCheckError error + // ValiditionError will be non-nil when there was some sort of error during // validation not involving a name mismatch, e.g. if a chain could not be // built. @@ -275,11 +281,11 @@ func (v *Verifier) VerifyWithContext(ctx context.Context, c *x509.Certificate, o } else { issuer = nil } - res.OCSPRevoked, res.OCSPRevocationInfo, _ = rp.CheckOCSP(ctx, c, issuer) + res.OCSPRevoked, res.OCSPRevocationInfo, res.OCSPCheckError = rp.CheckOCSP(ctx, c, issuer) } if opts.ShouldCheckCRL && len(c.CRLDistributionPoints) > 0 { - res.CRLRevoked, res.CRLRevocationInfo, _ = rp.CheckCRL(ctx, c, nil) + res.CRLRevoked, res.CRLRevocationInfo, res.CRLCheckError = rp.CheckCRL(ctx, c, nil) } // Determine certificate type. diff --git a/x509/cert_pool.go b/x509/cert_pool.go index a6c6d2b0..cfc16753 100644 --- a/x509/cert_pool.go +++ b/x509/cert_pool.go @@ -25,6 +25,11 @@ func NewCertPool() *CertPool { } } +// cert returns cert index n in s. +func (s *CertPool) cert(n int) (*Certificate, error) { + return s.certs[n], nil +} + // findVerifiedParents attempts to find certificates in s which have signed the // given certificate. If any candidates were rejected then errCert will be set // to one of them, arbitrarily, and err will contain the reason that it was diff --git a/x509/pkcs8.go b/x509/pkcs8.go index 4f4d12a9..d8077cc7 100644 --- a/x509/pkcs8.go +++ b/x509/pkcs8.go @@ -5,6 +5,9 @@ package x509 import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/rsa" "errors" "fmt" @@ -22,11 +25,21 @@ type pkcs8 struct { // optional attributes omitted. } -// ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. -// See RFC 5208. +// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form. +// +// It returns a *rsa.PrivateKey, a *ecdsa.PrivateKey, or a ed25519.PrivateKey. +// More types might be supported in the future. +// +// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY". func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) { var privKey pkcs8 if _, err := asn1.Unmarshal(der, &privKey); err != nil { + if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil { + return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") + } + if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil { + return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)") + } return nil, err } switch { @@ -49,7 +62,76 @@ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) { } return key, nil + case privKey.Algo.Algorithm.Equal(oidPublicKeyEd25519): + if l := len(privKey.Algo.Parameters.FullBytes); l != 0 { + return nil, errors.New("x509: invalid Ed25519 private key parameters") + } + var curvePrivateKey []byte + if _, err := asn1.Unmarshal(privKey.PrivateKey, &curvePrivateKey); err != nil { + return nil, fmt.Errorf("x509: invalid Ed25519 private key: %v", err) + } + if l := len(curvePrivateKey); l != ed25519.SeedSize { + return nil, fmt.Errorf("x509: invalid Ed25519 private key length: %d", l) + } + return ed25519.NewKeyFromSeed(curvePrivateKey), nil + default: return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm) } } + +// MarshalPKCS8PrivateKey converts a private key to PKCS #8, ASN.1 DER form. +// +// The following key types are currently supported: *rsa.PrivateKey, *ecdsa.PrivateKey +// and ed25519.PrivateKey. Unsupported key types result in an error. +// +// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY". +func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) { + var privKey pkcs8 + + switch k := key.(type) { + case *rsa.PrivateKey: + privKey.Algo = pkix.AlgorithmIdentifier{ + Algorithm: oidPublicKeyRSA, + Parameters: asn1.NullRawValue, + } + privKey.PrivateKey = MarshalPKCS1PrivateKey(k) + + case *ecdsa.PrivateKey: + oid, ok := oidFromNamedCurve(k.Curve) + if !ok { + return nil, errors.New("x509: unknown curve while marshaling to PKCS#8") + } + + oidBytes, err := asn1.Marshal(oid) + if err != nil { + return nil, errors.New("x509: failed to marshal curve OID: " + err.Error()) + } + + privKey.Algo = pkix.AlgorithmIdentifier{ + Algorithm: oidPublicKeyECDSA, + Parameters: asn1.RawValue{ + FullBytes: oidBytes, + }, + } + + if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil { + return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error()) + } + + case ed25519.PrivateKey: + privKey.Algo = pkix.AlgorithmIdentifier{ + Algorithm: oidPublicKeyEd25519, + } + curvePrivateKey, err := asn1.Marshal(k.Seed()) + if err != nil { + return nil, fmt.Errorf("x509: failed to marshal private key: %v", err) + } + privKey.PrivateKey = curvePrivateKey + + default: + return nil, fmt.Errorf("x509: unknown key type while marshaling PKCS#8: %T", key) + } + + return asn1.Marshal(privKey) +} diff --git a/x509/root.go b/x509/root.go new file mode 100644 index 00000000..cc53f7ae --- /dev/null +++ b/x509/root.go @@ -0,0 +1,31 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +// To update the embedded iOS root store, update the -version +// argument to the latest security_certificates version from +// https://opensource.apple.com/source/security_certificates/ +// and run "go generate". See https://golang.org/issue/38843. +//go:generate go run root_ios_gen.go -version 55188.40.9 + +import "sync" + +var ( + once sync.Once + systemRoots *CertPool + systemRootsErr error +) + +func systemRootsPool() *CertPool { + once.Do(initSystemRoots) + return systemRoots +} + +func initSystemRoots() { + systemRoots, systemRootsErr = loadSystemRoots() + if systemRootsErr != nil { + systemRoots = nil + } +} diff --git a/x509/root_darwin.go b/x509/root_darwin.go new file mode 100644 index 00000000..c9ea7e80 --- /dev/null +++ b/x509/root_darwin.go @@ -0,0 +1,239 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !ios + +package x509 + +import ( + "bytes" + macOS "crypto/x509/internal/macos" + "fmt" + "os" + "strings" +) + +var debugDarwinRoots = strings.Contains(os.Getenv("GODEBUG"), "x509roots=1") + +func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { + return nil, nil +} + +func loadSystemRoots() (*CertPool, error) { + var trustedRoots []*Certificate + untrustedRoots := make(map[string]bool) + + // macOS has three trust domains: one for CAs added by users to their + // "login" keychain, one for CAs added by Admins to the "System" keychain, + // and one for the CAs that ship with the OS. + for _, domain := range []macOS.SecTrustSettingsDomain{ + macOS.SecTrustSettingsDomainUser, + macOS.SecTrustSettingsDomainAdmin, + macOS.SecTrustSettingsDomainSystem, + } { + certs, err := macOS.SecTrustSettingsCopyCertificates(domain) + if err == macOS.ErrNoTrustSettings { + continue + } else if err != nil { + return nil, err + } + defer macOS.CFRelease(certs) + + for i := 0; i < macOS.CFArrayGetCount(certs); i++ { + c := macOS.CFArrayGetValueAtIndex(certs, i) + cert, err := exportCertificate(c) + if err != nil { + if debugDarwinRoots { + fmt.Fprintf(os.Stderr, "crypto/x509: domain %d, certificate #%d: %v\n", domain, i, err) + } + continue + } + + var result macOS.SecTrustSettingsResult + if domain == macOS.SecTrustSettingsDomainSystem { + // Certs found in the system domain are always trusted. If the user + // configures "Never Trust" on such a cert, it will also be found in the + // admin or user domain, causing it to be added to untrustedRoots. + result = macOS.SecTrustSettingsResultTrustRoot + } else { + result, err = sslTrustSettingsResult(c) + if err != nil { + if debugDarwinRoots { + fmt.Fprintf(os.Stderr, "crypto/x509: trust settings for %v: %v\n", cert.Subject, err) + } + continue + } + if debugDarwinRoots { + fmt.Fprintf(os.Stderr, "crypto/x509: trust settings for %v: %d\n", cert.Subject, result) + } + } + + switch result { + // "Note the distinction between the results kSecTrustSettingsResultTrustRoot + // and kSecTrustSettingsResultTrustAsRoot: The former can only be applied to + // root (self-signed) certificates; the latter can only be applied to + // non-root certificates." + case macOS.SecTrustSettingsResultTrustRoot: + if isRootCertificate(cert) { + trustedRoots = append(trustedRoots, cert) + } + case macOS.SecTrustSettingsResultTrustAsRoot: + if !isRootCertificate(cert) { + trustedRoots = append(trustedRoots, cert) + } + + case macOS.SecTrustSettingsResultDeny: + // Add this certificate to untrustedRoots, which are subtracted + // from trustedRoots, so that we don't have to evaluate policies + // for every root in the system domain, but still apply user and + // admin policies that override system roots. + untrustedRoots[string(cert.Raw)] = true + + case macOS.SecTrustSettingsResultUnspecified: + // Certificates with unspecified trust should be added to a pool + // of intermediates for chain building, but we don't support it + // at the moment. This is Issue 35631. + + default: + if debugDarwinRoots { + fmt.Fprintf(os.Stderr, "crypto/x509: unknown trust setting for %v: %d\n", cert.Subject, result) + } + } + } + } + + pool := NewCertPool() + for _, cert := range trustedRoots { + if !untrustedRoots[string(cert.Raw)] { + pool.AddCert(cert) + } + } + return pool, nil +} + +// exportCertificate returns a *Certificate for a SecCertificateRef. +func exportCertificate(cert macOS.CFRef) (*Certificate, error) { + data, err := macOS.SecItemExport(cert) + if err != nil { + return nil, err + } + defer macOS.CFRelease(data) + der := macOS.CFDataToSlice(data) + + return ParseCertificate(der) +} + +// isRootCertificate reports whether Subject and Issuer match. +func isRootCertificate(cert *Certificate) bool { + return bytes.Equal(cert.RawSubject, cert.RawIssuer) +} + +// sslTrustSettingsResult obtains the final kSecTrustSettingsResult value for a +// certificate in the user or admin domain, combining usage constraints for the +// SSL SecTrustSettingsPolicy, +// +// It ignores SecTrustSettingsKeyUsage and kSecTrustSettingsAllowedError, and +// doesn't support kSecTrustSettingsDefaultRootCertSetting. +// +// https://developer.apple.com/documentation/security/1400261-sectrustsettingscopytrustsetting +func sslTrustSettingsResult(cert macOS.CFRef) (macOS.SecTrustSettingsResult, error) { + // In Apple's implementation user trust settings override admin trust settings + // (which themselves override system trust settings). If SecTrustSettingsCopyTrustSettings + // fails, or returns a NULL trust settings, when looking for the user trust + // settings then fallback to checking the admin trust settings. + // + // See Security-59306.41.2/trust/headers/SecTrustSettings.h for a description of + // the trust settings overrides, and SecLegacyAnchorSourceCopyUsageConstraints in + // Security-59306.41.2/trust/trustd/SecCertificateSource.c for a concrete example + // of how Apple applies the override in the case of NULL trust settings, or non + // success errors. + trustSettings, err := macOS.SecTrustSettingsCopyTrustSettings(cert, macOS.SecTrustSettingsDomainUser) + if err != nil || trustSettings == 0 { + if debugDarwinRoots && err != macOS.ErrNoTrustSettings { + fmt.Fprintf(os.Stderr, "crypto/x509: SecTrustSettingsCopyTrustSettings for SecTrustSettingsDomainUser failed: %s\n", err) + } + trustSettings, err = macOS.SecTrustSettingsCopyTrustSettings(cert, macOS.SecTrustSettingsDomainAdmin) + } + if err != nil || trustSettings == 0 { + // If there are neither user nor admin trust settings for a certificate returned + // from SecTrustSettingsCopyCertificates Apple returns kSecTrustSettingsResultInvalid, + // as this method is intended to return certificates _which have trust settings_. + // The most likely case for this being triggered is that the existing trust settings + // are invalid and cannot be properly parsed. In this case SecTrustSettingsCopyTrustSettings + // returns errSecInvalidTrustSettings. The existing cgo implementation returns + // kSecTrustSettingsResultUnspecified in this case, which mostly matches the Apple + // implementation because we don't do anything with certificates marked with this + // result. + // + // See SecPVCGetTrustSettingsResult in Security-59306.41.2/trust/trustd/SecPolicyServer.c + if debugDarwinRoots && err != macOS.ErrNoTrustSettings { + fmt.Fprintf(os.Stderr, "crypto/x509: SecTrustSettingsCopyTrustSettings for SecTrustSettingsDomainAdmin failed: %s\n", err) + } + return macOS.SecTrustSettingsResultUnspecified, nil + } + defer macOS.CFRelease(trustSettings) + + // "An empty trust settings array means 'always trust this certificate' with an + // overall trust setting for the certificate of kSecTrustSettingsResultTrustRoot." + if macOS.CFArrayGetCount(trustSettings) == 0 { + return macOS.SecTrustSettingsResultTrustRoot, nil + } + + isSSLPolicy := func(policyRef macOS.CFRef) bool { + properties := macOS.SecPolicyCopyProperties(policyRef) + defer macOS.CFRelease(properties) + if v, ok := macOS.CFDictionaryGetValueIfPresent(properties, macOS.SecPolicyOid); ok { + return macOS.CFEqual(v, macOS.CFRef(macOS.SecPolicyAppleSSL)) + } + return false + } + + for i := 0; i < macOS.CFArrayGetCount(trustSettings); i++ { + tSetting := macOS.CFArrayGetValueAtIndex(trustSettings, i) + + // First, check if this trust setting is constrained to a non-SSL policy. + if policyRef, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsPolicy); ok { + if !isSSLPolicy(policyRef) { + continue + } + } + + // Then check if it is restricted to a hostname, so not a root. + if _, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsPolicyString); ok { + continue + } + + cfNum, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsResultKey) + // "If this key is not present, a default value of kSecTrustSettingsResultTrustRoot is assumed." + if !ok { + return macOS.SecTrustSettingsResultTrustRoot, nil + } + result, err := macOS.CFNumberGetValue(cfNum) + if err != nil { + return 0, err + } + + // If multiple dictionaries match, we are supposed to "OR" them, + // the semantics of which are not clear. Since TrustRoot and TrustAsRoot + // are mutually exclusive, Deny should probably override, and Invalid and + // Unspecified be overridden, approximate this by stopping at the first + // TrustRoot, TrustAsRoot or Deny. + switch r := macOS.SecTrustSettingsResult(result); r { + case macOS.SecTrustSettingsResultTrustRoot, + macOS.SecTrustSettingsResultTrustAsRoot, + macOS.SecTrustSettingsResultDeny: + return r, nil + } + } + + // If trust settings are present, but none of them match the policy... + // the docs don't tell us what to do. + // + // "Trust settings for a given use apply if any of the dictionaries in the + // certificate’s trust settings array satisfies the specified use." suggests + // that it's as if there were no trust settings at all, so we should maybe + // fallback to the admin trust settings? TODO(golang.org/issue/38888). + + return macOS.SecTrustSettingsResultUnspecified, nil +} diff --git a/x509/root_darwin_test.go b/x509/root_darwin_test.go new file mode 100644 index 00000000..ae2bd02b --- /dev/null +++ b/x509/root_darwin_test.go @@ -0,0 +1,39 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +import ( + "os" + "os/exec" + "testing" + "time" +) + +func TestSystemRoots(t *testing.T) { + t0 := time.Now() + sysRoots, err := loadSystemRoots() // actual system roots + sysRootsDuration := time.Since(t0) + + if err != nil { + t.Fatalf("failed to read system roots: %v", err) + } + + t.Logf("loadSystemRoots: %v", sysRootsDuration) + + // There are 174 system roots on Catalina, and 163 on iOS right now, require + // at least 100 to make sure this is not completely broken. + if want, have := 100, sysRoots.len(); have < want { + t.Errorf("want at least %d system roots, have %d", want, have) + } + + if t.Failed() { + cmd := exec.Command("security", "dump-trust-settings") + cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr + cmd.Run() + cmd = exec.Command("security", "dump-trust-settings", "-d") + cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr + cmd.Run() + } +} diff --git a/x509/root_linux.go b/x509/root_linux.go new file mode 100644 index 00000000..ad6ce5ca --- /dev/null +++ b/x509/root_linux.go @@ -0,0 +1,23 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +// Possible certificate files; stop after finding one. +var certFiles = []string{ + "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. + "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6 + "/etc/ssl/ca-bundle.pem", // OpenSUSE + "/etc/pki/tls/cacert.pem", // OpenELEC + "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7 + "/etc/ssl/cert.pem", // Alpine Linux +} + +// Possible directories with certificate files; stop after successfully +// reading at least one file from a directory. +var certDirectories = []string{ + "/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139 + "/etc/pki/tls/certs", // Fedora/RHEL + "/system/etc/security/cacerts", // Android +} diff --git a/x509/root_unix.go b/x509/root_unix.go new file mode 100644 index 00000000..bf9e3b19 --- /dev/null +++ b/x509/root_unix.go @@ -0,0 +1,108 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build aix dragonfly freebsd js,wasm linux netbsd openbsd solaris + +package x509 + +import ( + "io/fs" + "os" + "path/filepath" + "strings" +) + +const ( + // certFileEnv is the environment variable which identifies where to locate + // the SSL certificate file. If set this overrides the system default. + certFileEnv = "SSL_CERT_FILE" + + // certDirEnv is the environment variable which identifies which directory + // to check for SSL certificate files. If set this overrides the system default. + // It is a colon separated list of directories. + // See https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html. + certDirEnv = "SSL_CERT_DIR" +) + +func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { + return nil, nil +} + +func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() + + files := certFiles + if f := os.Getenv(certFileEnv); f != "" { + files = []string{f} + } + + var firstErr error + for _, file := range files { + data, err := os.ReadFile(file) + if err == nil { + roots.AppendCertsFromPEM(data) + break + } + if firstErr == nil && !os.IsNotExist(err) { + firstErr = err + } + } + + dirs := certDirectories + if d := os.Getenv(certDirEnv); d != "" { + // OpenSSL and BoringSSL both use ":" as the SSL_CERT_DIR separator. + // See: + // * https://golang.org/issue/35325 + // * https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html + dirs = strings.Split(d, ":") + } + + for _, directory := range dirs { + fis, err := readUniqueDirectoryEntries(directory) + if err != nil { + if firstErr == nil && !os.IsNotExist(err) { + firstErr = err + } + continue + } + for _, fi := range fis { + data, err := os.ReadFile(directory + "/" + fi.Name()) + if err == nil { + roots.AppendCertsFromPEM(data) + } + } + } + + if roots.Size() > 0 || firstErr == nil { + return roots, nil + } + + return nil, firstErr +} + +// readUniqueDirectoryEntries is like os.ReadDir but omits +// symlinks that point within the directory. +func readUniqueDirectoryEntries(dir string) ([]fs.DirEntry, error) { + files, err := os.ReadDir(dir) + if err != nil { + return nil, err + } + uniq := files[:0] + for _, f := range files { + if !isSameDirSymlink(f, dir) { + uniq = append(uniq, f) + } + } + return uniq, nil +} + +// isSameDirSymlink reports whether fi in dir is a symlink with a +// target not containing a slash. +func isSameDirSymlink(f fs.DirEntry, dir string) bool { + if f.Type()&fs.ModeSymlink == 0 { + return false + } + target, err := os.Readlink(filepath.Join(dir, f.Name())) + return err == nil && !strings.Contains(target, "/") +} diff --git a/x509/root_unix_test.go b/x509/root_unix_test.go new file mode 100644 index 00000000..41d4ae58 --- /dev/null +++ b/x509/root_unix_test.go @@ -0,0 +1,261 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build dragonfly freebsd linux netbsd openbsd solaris + +package x509 + +import ( + "bytes" + "fmt" + "os" + "path/filepath" + "reflect" + "strings" + "testing" +) + +const ( + testDir = "testdata" + testDirCN = "test-dir" + testFile = "test-file.crt" + testFileCN = "test-file" + testMissing = "missing" +) + +/* +func TestEnvVars(t *testing.T) { + testCases := []struct { + name string + fileEnv string + dirEnv string + files []string + dirs []string + cns []string + }{ + { + // Environment variables override the default locations preventing fall through. + name: "override-defaults", + fileEnv: testMissing, + dirEnv: testMissing, + files: []string{testFile}, + dirs: []string{testDir}, + cns: nil, + }, + { + // File environment overrides default file locations. + name: "file", + fileEnv: testFile, + dirEnv: "", + files: nil, + dirs: nil, + cns: []string{testFileCN}, + }, + { + // Directory environment overrides default directory locations. + name: "dir", + fileEnv: "", + dirEnv: testDir, + files: nil, + dirs: nil, + cns: []string{testDirCN}, + }, + { + // File & directory environment overrides both default locations. + name: "file+dir", + fileEnv: testFile, + dirEnv: testDir, + files: nil, + dirs: nil, + cns: []string{testFileCN, testDirCN}, + }, + { + // Environment variable empty / unset uses default locations. + name: "empty-fall-through", + fileEnv: "", + dirEnv: "", + files: []string{testFile}, + dirs: []string{testDir}, + cns: []string{testFileCN, testDirCN}, + }, + } + + // Save old settings so we can restore before the test ends. + origCertFiles, origCertDirectories := certFiles, certDirectories + origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) + defer func() { + certFiles = origCertFiles + certDirectories = origCertDirectories + os.Setenv(certFileEnv, origFile) + os.Setenv(certDirEnv, origDir) + }() + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + if err := os.Setenv(certFileEnv, tc.fileEnv); err != nil { + t.Fatalf("setenv %q failed: %v", certFileEnv, err) + } + if err := os.Setenv(certDirEnv, tc.dirEnv); err != nil { + t.Fatalf("setenv %q failed: %v", certDirEnv, err) + } + + certFiles, certDirectories = tc.files, tc.dirs + + r, err := loadSystemRoots() + if err != nil { + t.Fatal("unexpected failure:", err) + } + + if r == nil { + t.Fatal("nil roots") + } + + // Verify that the returned certs match, otherwise report where the mismatch is. + for i, cn := range tc.cns { + if i >= r.Size() { + t.Errorf("missing cert %v @ %v", cn, i) + } else if r.mustCert(t, i).Subject.CommonName != cn { + fmt.Printf("%#v\n", r.mustCert(t, 0).Subject) + t.Errorf("unexpected cert common name %q, want %q", r.mustCert(t, i).Subject.CommonName, cn) + } + } + if r.Size() > len(tc.cns) { + t.Errorf("got %v certs, which is more than %v wanted", r.Size(), len(tc.cns)) + } + }) + } +} +*/ + +// Ensure that "SSL_CERT_DIR" when used as the environment +// variable delimited by colons, allows loadSystemRoots to +// load all the roots from the respective directories. +// See https://golang.org/issue/35325. +func TestLoadSystemCertsLoadColonSeparatedDirs(t *testing.T) { + origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) + origCertFiles := certFiles[:] + + // To prevent any other certs from being loaded in + // through "SSL_CERT_FILE" or from known "certFiles", + // clear them all, and they'll be reverting on defer. + certFiles = certFiles[:0] + os.Setenv(certFileEnv, "") + + defer func() { + certFiles = origCertFiles[:] + os.Setenv(certDirEnv, origDir) + os.Setenv(certFileEnv, origFile) + }() + + tmpDir, err := os.MkdirTemp(os.TempDir(), "x509-issue35325") + if err != nil { + t.Fatalf("Failed to create temporary directory: %v", err) + } + defer os.RemoveAll(tmpDir) + + rootPEMs := []string{ + geoTrustRoot, + googleLeaf, + startComRoot, + } + + var certDirs []string + for i, certPEM := range rootPEMs { + certDir := filepath.Join(tmpDir, fmt.Sprintf("cert-%d", i)) + if err := os.MkdirAll(certDir, 0755); err != nil { + t.Fatalf("Failed to create certificate dir: %v", err) + } + certOutFile := filepath.Join(certDir, "cert.crt") + if err := os.WriteFile(certOutFile, []byte(certPEM), 0655); err != nil { + t.Fatalf("Failed to write certificate to file: %v", err) + } + certDirs = append(certDirs, certDir) + } + + // Sanity check: the number of certDirs should be equal to the number of roots. + if g, w := len(certDirs), len(rootPEMs); g != w { + t.Fatalf("Failed sanity check: len(certsDir)=%d is not equal to len(rootsPEMS)=%d", g, w) + } + + // Now finally concatenate them with a colon. + colonConcatCertDirs := strings.Join(certDirs, ":") + os.Setenv(certDirEnv, colonConcatCertDirs) + gotPool, err := loadSystemRoots() + if err != nil { + t.Fatalf("Failed to load system roots: %v", err) + } + subjects := gotPool.Subjects() + // We expect exactly len(rootPEMs) subjects back. + if g, w := len(subjects), len(rootPEMs); g != w { + t.Fatalf("Invalid number of subjects: got %d want %d", g, w) + } + + wantPool := NewCertPool() + for _, certPEM := range rootPEMs { + wantPool.AppendCertsFromPEM([]byte(certPEM)) + } + strCertPool := func(p *CertPool) string { + return string(bytes.Join(p.Subjects(), []byte("\n"))) + } + + if !certPoolEqual(gotPool, wantPool) { + g, w := strCertPool(gotPool), strCertPool(wantPool) + t.Fatalf("Mismatched certPools\nGot:\n%s\n\nWant:\n%s", g, w) + } +} + +func TestReadUniqueDirectoryEntries(t *testing.T) { + tmp := t.TempDir() + temp := func(base string) string { return filepath.Join(tmp, base) } + if f, err := os.Create(temp("file")); err != nil { + t.Fatal(err) + } else { + f.Close() + } + if err := os.Symlink("target-in", temp("link-in")); err != nil { + t.Fatal(err) + } + if err := os.Symlink("../target-out", temp("link-out")); err != nil { + t.Fatal(err) + } + got, err := readUniqueDirectoryEntries(tmp) + if err != nil { + t.Fatal(err) + } + gotNames := []string{} + for _, fi := range got { + gotNames = append(gotNames, fi.Name()) + } + wantNames := []string{"file", "link-out"} + if !reflect.DeepEqual(gotNames, wantNames) { + t.Errorf("got %q; want %q", gotNames, wantNames) + } +} + +func (s *CertPool) mustCert(t *testing.T, n int) *Certificate { + return s.certs[n] +} + +// certPoolEqual reports whether a and b are equal, except for the +// function pointers. +func certPoolEqual(a, b *CertPool) bool { + if (a != nil) != (b != nil) { + return false + } + if a == nil { + return true + } + if !reflect.DeepEqual(a.byName, b.byName) || + len(a.certs) != len(b.certs) { + return false + } + for i := range a.certs { + ca, cb := a.certs[i], b.certs[i] + if !bytes.Equal(ca.Raw, cb.Raw) { + return false + } + } + + return true +} diff --git a/x509/sec1.go b/x509/sec1.go index 4ef211ff..7e397047 100644 --- a/x509/sec1.go +++ b/x509/sec1.go @@ -53,6 +53,18 @@ func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) { }) } +// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and +// sets the curve ID to the given OID, or omits it if OID is nil. +func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) { + privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8) + return asn1.Marshal(ecPrivateKey{ + Version: 1, + PrivateKey: key.D.FillBytes(privateKey), + NamedCurveOID: oid, + PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)}, + }) +} + // parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure. // The OID for the named curve may be provided from another source (such as // the PKCS8 container) - if it is provided then use this instead of the OID diff --git a/x509/verify.go b/x509/verify.go index 450f985c..956d6750 100644 --- a/x509/verify.go +++ b/x509/verify.go @@ -279,10 +279,26 @@ func (c *Certificate) isValid(certType CertificateType, currentChain Certificate // // WARNING: this doesn't do any revocation checking. func (c *Certificate) Verify(opts VerifyOptions) (current, expired, never []CertificateChain, err error) { + // Platform-specific verification needs the ASN.1 contents so + // this makes the behavior consistent across platforms. + if len(c.Raw) == 0 { + return nil, nil, nil, errNotParsed + } + for i := 0; i < opts.Intermediates.Size(); i++ { + c, err := opts.Intermediates.cert(i) + if err != nil { + return nil, nil, nil, fmt.Errorf("crypto/x509: error fetching intermediate: %w", err) + } + if len(c.Raw) == 0 { + return nil, nil, nil, errNotParsed + } + } if opts.Roots == nil { - err = SystemRootsError{} - return + opts.Roots = systemRootsPool() + if opts.Roots == nil { + return nil, nil, nil, SystemRootsError{systemRootsErr} + } } err = c.isValid(CertificateTypeLeaf, nil) @@ -290,9 +306,14 @@ func (c *Certificate) Verify(opts VerifyOptions) (current, expired, never []Cert return } - candidateChains, err := c.buildChains(make(map[int][]CertificateChain), []*Certificate{c}, &opts) - if err != nil { - return + var candidateChains []CertificateChain + if opts.Roots.Contains(c) { + candidateChains = append(candidateChains, CertificateChain{c}) + } else { + candidateChains, err = c.buildChains(make(map[int][]CertificateChain), CertificateChain{c}, &opts) + if err != nil { + return nil, nil, nil, err + } } keyUsages := opts.KeyUsages diff --git a/x509/x509.go b/x509/x509.go index 8057b0b0..e22f0d58 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -336,6 +336,7 @@ var ( oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2} oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3} oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4} + oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} @@ -504,9 +505,10 @@ func GetSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm // id-ecPublicKey OBJECT IDENTIFIER ::= { // iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } var ( - oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} - oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} + oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} + oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} + oidPublicKeyEd25519 = oidSignatureEd25519 ) func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm { diff --git a/zcrypto_schemas/zcrypto.py b/zcrypto_schemas/zcrypto.py index 40a020be..7794eced 100644 --- a/zcrypto_schemas/zcrypto.py +++ b/zcrypto_schemas/zcrypto.py @@ -366,7 +366,7 @@ def getUnknowns(known, range, unknown="unknown"): "end": Timestamp(doc="Timestamp of when certificate expires. Timezone is UTC."), "length": Signed64BitInteger(doc="The length of time, in seconds, that the certificate is valid."), }, category="Validity Period"), - "signature_algorithm": SignatureAlgorithm(doc="Identifies the algorithm used by the CA to sign the certificate."), + "signature_algorithm": SignatureAlgorithm(doc="Identifies the algorithm used by the CA to sign the certificate.", category="Signature"), "subject_key_info": SubRecord({ "fingerprint_sha256": HexString(doc="The SHA2-256 digest calculated over the certificate's DER-encoded SubjectPublicKeyInfo field."), "key_algorithm": PublicKeyAlgorithm(doc="Identifies the type of key and any relevant parameters."), @@ -392,7 +392,7 @@ def getUnknowns(known, range, unknown="unknown"): "max_path_len": Signed32BitInteger(doc="When present, gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path."), }, category="Basic Constraints", doc="The parsed id-ce-basicConstraints extension (2.5.29.19); see RFC 5280."), "subject_alt_name": GeneralNames(category="Subject Alternate Names (SANs)", doc="The parsed Subject Alternative Name extension (id-ce-subjectAltName, 2.5.29.17).", required=False), - "issuer_alt_name": GeneralNames(doc="The parsed Issuer Alternative Name extension (id-ce-issuerAltName, 2.5.29.18).", required=False), + "issuer_alt_name": GeneralNames(category="Issuer Alternate Names (IANs)", doc="The parsed Issuer Alternative Name extension (id-ce-issuerAltName, 2.5.29.18).", required=False), "crl_distribution_points": ListOf(URL(), category="CRL Distribution Points", doc="The parsed id-ce-cRLDistributionPoints extension (2.5.29.31). Contents are a list of distributionPoint URLs (other distributionPoint types are omitted)."), # NOTE: inherit the SubjAuthKeyId docs "authority_key_id": SubjAuthKeyId(category="Authority Key ID (AKID)"), From dc3e3bd9ab11c5924322f44d40518f1119905171 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Sun, 18 Jul 2021 16:50:07 -0700 Subject: [PATCH 02/40] tls 1.3: added missing ciphers (#305) --- tls/cipher_suites.go | 678 +++++++++++++++++++++++++++++++++++++++++-- tls/conn.go | 4 + 2 files changed, 662 insertions(+), 20 deletions(-) diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index 3bd4ed44..7a73a768 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -476,29 +476,346 @@ func cipherSuiteTLS13ByID(id uint16) *cipherSuiteTLS13 { // // See https://www.iana.org/assignments/tls-parameters/tls-parameters.xml const ( + TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 + TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 + TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 + TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 + TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 // TLS 1.0 - 1.2 cipher suites. TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 - TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a - TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 + TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 + TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 + TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B + TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E + TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 + TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 + TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 + TLS_DH_ANON_WITH_RC4_128_MD5 uint16 = 0x0018 + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 + TLS_DH_ANON_WITH_DES_CBC_SHA uint16 = 0x001A + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B + SSL_FORTEZZA_KEA_WITH_NULL_SHA uint16 = 0x001C + SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA uint16 = 0x001D + TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E + TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F + TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 + TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 + TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 + TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 + TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 + TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 + TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A + TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B + TLS_PSK_WITH_NULL_SHA uint16 = 0x002C + TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D + TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E + TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F + TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 + TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 + TLS_DH_ANON_WITH_AES_128_CBC_SHA uint16 = 0x0034 TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 - TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c - TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c - TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a - TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca8 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca9 + TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 + TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 + TLS_DH_ANON_WITH_AES_256_CBC_SHA uint16 = 0x003A + TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B + TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C + TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 uint16 = 0x0060 + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 uint16 = 0x0061 + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA uint16 = 0x0062 + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA uint16 = 0x0063 + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA uint16 = 0x0064 + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA uint16 = 0x0065 + TLS_DHE_DSS_WITH_RC4_128_SHA uint16 = 0x0066 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B + TLS_DH_ANON_WITH_AES_128_CBC_SHA256 uint16 = 0x006C + TLS_DH_ANON_WITH_AES_256_CBC_SHA256 uint16 = 0x006D + TLS_GOSTR341094_WITH_28147_CNT_IMIT uint16 = 0x0080 + TLS_GOSTR341001_WITH_28147_CNT_IMIT uint16 = 0x0081 + TLS_GOSTR341094_WITH_NULL_GOSTR3411 uint16 = 0x0082 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 uint16 = 0x0083 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 + TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A + TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B + TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C + TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D + TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F + TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 + TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 + TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 + TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 + TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 + TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 + TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A + TLS_DH_ANON_WITH_SEED_CBC_SHA uint16 = 0x009B + TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C + TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 + TLS_DH_ANON_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 + TLS_DH_ANON_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 + TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 + TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD + TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE + TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF + TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 + TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 + TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 + TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 + TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 + TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 + TLS_RENEGO_PROTECTION_REQUEST uint16 = 0x00FF + TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 + TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 + TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A + TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B + TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F + TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 + TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 + TLS_ECDH_ANON_WITH_NULL_SHA uint16 = 0xC015 + TLS_ECDH_ANON_WITH_RC4_128_SHA uint16 = 0xC016 + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA uint16 = 0xC018 + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA uint16 = 0xC019 + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C + TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F + TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 + TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 + TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 + TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A + TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B + TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C + TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D + TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E + TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F + TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 + TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 + TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 + TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 + TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 + TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 + TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A + TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D + TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E + TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F + TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 + TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 + TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 + TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 + TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 + TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A + TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D + TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E + TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 + TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 + TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 + TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A + TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D + TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E + TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 + TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 + TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 + TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 + TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B + TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C + TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D + TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E + TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F + TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 + TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 + TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 + TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 + TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 + TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 + TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 + TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 + TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 + TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B + TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C + TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D + TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E + TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F + TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 + TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 + TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 + TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 + TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 + TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 + TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 + TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 + TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 + TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 + TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA + TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB + TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC + TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0xCAFE + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA + // Old ids for Chacha20 ciphers + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD uint16 = 0xCC13 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD uint16 = 0xCC14 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD uint16 = 0xCC15 // TLS 1.3 cipher suites. TLS_AES_128_GCM_SHA256 uint16 = 0x1301 @@ -514,3 +831,324 @@ const ( TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ) + +// RSA Ciphers +var RSACiphers = []uint16{ + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, +} + +// WARN: DSS: Certificate not supported/implemented +var DHECiphers []uint16 = []uint16{ + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_RC4_128_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +} + +var ECDHECiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, +} + +// WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented +// WARN: DSS: Certificate not supported/implemented +// WARN: KRB5: Supported? +var ExportCiphers []uint16 = []uint16{ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, +} + +var RSAExportCiphers []uint16 = []uint16{ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, +} + +var RSA512ExportCiphers []uint16 = []uint16{ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, +} + +var DHEExportCiphers []uint16 = []uint16{ + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, +} + +var ChromeCiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +} + +var ChromeNoDHECiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +} + +var FirefoxCiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + // WARN: DSS: Certificate not supported/implemented + // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +} + +var FirefoxNoDHECiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + // WARN: DSS: Certificate not supported/implemented + // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +} + +var SafariCiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented + // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, +} + +var SafariNoDHECiphers []uint16 = []uint16{ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented + // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + // TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, +} + +var PortableCiphers []uint16 = []uint16{ + // stdlibCiphers, to preserve the default behavior for common cipher-suites that may be present + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + // Most of the other implemented ciphers, in a somewhat reasonable order + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_RC4_128_MD5, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented + // TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + // TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + // TLS_ECDH_RSA_WITH_RC4_128_SHA, + // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + // WARN: DSS: Certificate not supported/implemented + // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + // TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + // TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + // TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + // TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + // TLS_DHE_DSS_WITH_DES_CBC_SHA, + // TLS_DHE_DSS_WITH_RC4_128_SHA, +} diff --git a/tls/conn.go b/tls/conn.go index f464c5b2..176b2fef 100644 --- a/tls/conn.go +++ b/tls/conn.go @@ -1470,3 +1470,7 @@ func (c *Conn) VerifyHostname(host string) error { func (c *Conn) handshakeComplete() bool { return atomic.LoadUint32(&c.handshakeStatus) == 1 } + +func (c *Conn) Config() *Config { + return c.config +} From 62d29d31981a3fa76c2ca135c5f6267321a069d3 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Mon, 19 Jul 2021 15:28:12 -0700 Subject: [PATCH 03/40] tls 1.3: common.go: ported missing fields in Config (#306) --- tls/common.go | 199 ++++++++++++++++++++++++++++++++++++++---------- tls/tls_test.go | 11 +++ 2 files changed, 170 insertions(+), 40 deletions(-) diff --git a/tls/common.go b/tls/common.go index 282adc5c..c3b79212 100644 --- a/tls/common.go +++ b/tls/common.go @@ -42,12 +42,13 @@ const ( ) const ( - maxPlaintext = 16384 // maximum plaintext payload length - maxCiphertext = 16384 + 2048 // maximum ciphertext payload length - maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 - recordHeaderLen = 5 // record header length - maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) - maxUselessRecords = 16 // maximum number of consecutive non-advancing records + maxPlaintext = 16384 // maximum plaintext payload length + maxCiphertext = 16384 + 2048 // maximum ciphertext payload length + maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 + recordHeaderLen = 5 // record header length + dtlsRecordHeaderLen = 13 + maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) + maxUselessRecords = 16 // maximum number of consecutive non-advancing records minVersion = VersionSSL30 maxVersion = VersionTLS13 @@ -268,6 +269,53 @@ const ( signatureEd25519 ) +// SigAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See +// RFC 5246, section A.4.1. +type SigAndHash struct { + Signature, Hash uint8 +} + +// supportedSKXSignatureAlgorithms contains the signature and hash algorithms +// that the code advertises as supported in a TLS 1.2 ClientHello. +var supportedSKXSignatureAlgorithms = []SigAndHash{ + {signatureRSA, hashSHA512}, + {signatureECDSA, hashSHA512}, + {signatureDSA, hashSHA512}, + {signatureRSA, hashSHA384}, + {signatureECDSA, hashSHA384}, + {signatureDSA, hashSHA384}, + {signatureRSA, hashSHA256}, + {signatureECDSA, hashSHA256}, + {signatureDSA, hashSHA256}, + {signatureRSA, hashSHA224}, + {signatureECDSA, hashSHA224}, + {signatureDSA, hashSHA224}, + {signatureRSA, hashSHA1}, + {signatureECDSA, hashSHA1}, + {signatureDSA, hashSHA1}, + {signatureRSA, hashMD5}, + {signatureECDSA, hashMD5}, + {signatureDSA, hashMD5}, +} + +var defaultSKXSignatureAlgorithms = []SigAndHash{ + {signatureRSA, hashSHA256}, + {signatureECDSA, hashSHA256}, + {signatureRSA, hashSHA1}, + {signatureECDSA, hashSHA1}, + {signatureRSA, hashSHA256}, + {signatureRSA, hashSHA384}, + {signatureRSA, hashSHA512}, +} + +// supportedClientCertSignatureAlgorithms contains the signature and hash +// algorithms that the code advertises as supported in a TLS 1.2 +// CertificateRequest. +var supportedClientCertSignatureAlgorithms = []SigAndHash{ + {signatureRSA, hashSHA256}, + {signatureECDSA, hashSHA256}, +} + // directSigning is a standard Hash value that signals that no pre-hashing // should be performed, and that the input should be signed directly. It is the // hash function associated with the Ed25519 signature scheme. @@ -416,6 +464,14 @@ const ( RequireAndVerifyClientCert ) +func (authType *ClientAuthType) MarshalJSON() ([]byte, error) { + return []byte(`"` + authType.String() + `"`), nil +} + +func (authType *ClientAuthType) UnmarshalJSON(b []byte) error { + panic("unimplemented") +} + // requiresClientCert reports whether the ClientAuthType requires a client // certificate to be provided. func requiresClientCert(c ClientAuthType) bool { @@ -772,6 +828,52 @@ type Config struct { // its key share in TLS 1.3. This may change in the future. CurvePreferences []CurveID + // If enabled, empty CurvePreferences indicates that there are no curves + // supported for ECDHE key exchanges + ExplicitCurvePreferences bool + + // If enabled, specifies the signature and hash algorithms to be accepted by + // a server, or sent by a client + SignatureAndHashes []SigAndHash + + // Add all ciphers in CipherSuites to Client Hello even if unimplemented + // Client-side Only + ForceSuites bool + + // Export RSA Key + ExportRSAKey *rsa.PrivateKey + + // HeartbeatEnabled sets whether the heartbeat extension is sent + HeartbeatEnabled bool + + // ClientDSAEnabled sets whether a TLS client will accept server DSA keys + // and DSS signatures + ClientDSAEnabled bool + + // Use extended random + ExtendedRandom bool + + // Force Client Hello to send TLS Session Ticket extension + ForceSessionTicketExt bool + + // Enable use of the Extended Master Secret extension + ExtendedMasterSecret bool + + SignedCertificateTimestampExt bool + + // Explicitly set Client random + ClientRandom []byte + + // Explicitly set ClientHello with raw data + ExternalClientHello []byte + + // CertsOnly is used to cause a client to close the TLS connection + // as soon as the server's certificates have been received + CertsOnly bool + + // DontBufferHandshakes causes Handshake() to act like older versions of the go crypto library, where each TLS packet is sent in a separate Write. + DontBufferHandshakes bool + // DynamicRecordSizingDisabled disables adaptive sizing of TLS records. // When true, the largest possible TLS record size is always used. When // false, the size of TLS records may be adjusted in an attempt to @@ -853,34 +955,48 @@ func (c *Config) Clone() *Config { c.mutex.RLock() defer c.mutex.RUnlock() return &Config{ - Rand: c.Rand, - Time: c.Time, - Certificates: c.Certificates, - NameToCertificate: c.NameToCertificate, - GetCertificate: c.GetCertificate, - GetClientCertificate: c.GetClientCertificate, - GetConfigForClient: c.GetConfigForClient, - VerifyPeerCertificate: c.VerifyPeerCertificate, - VerifyConnection: c.VerifyConnection, - RootCAs: c.RootCAs, - NextProtos: c.NextProtos, - ServerName: c.ServerName, - ClientAuth: c.ClientAuth, - ClientCAs: c.ClientCAs, - InsecureSkipVerify: c.InsecureSkipVerify, - CipherSuites: c.CipherSuites, - PreferServerCipherSuites: c.PreferServerCipherSuites, - SessionTicketsDisabled: c.SessionTicketsDisabled, - SessionTicketKey: c.SessionTicketKey, - ClientSessionCache: c.ClientSessionCache, - MinVersion: c.MinVersion, - MaxVersion: c.MaxVersion, - CurvePreferences: c.CurvePreferences, - DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, - Renegotiation: c.Renegotiation, - KeyLogWriter: c.KeyLogWriter, - sessionTicketKeys: c.sessionTicketKeys, - autoSessionTicketKeys: c.autoSessionTicketKeys, + Rand: c.Rand, + Time: c.Time, + Certificates: c.Certificates, + NameToCertificate: c.NameToCertificate, + GetCertificate: c.GetCertificate, + GetClientCertificate: c.GetClientCertificate, + GetConfigForClient: c.GetConfigForClient, + VerifyPeerCertificate: c.VerifyPeerCertificate, + VerifyConnection: c.VerifyConnection, + RootCAs: c.RootCAs, + NextProtos: c.NextProtos, + ServerName: c.ServerName, + ClientAuth: c.ClientAuth, + ClientCAs: c.ClientCAs, + InsecureSkipVerify: c.InsecureSkipVerify, + CipherSuites: c.CipherSuites, + PreferServerCipherSuites: c.PreferServerCipherSuites, + SessionTicketsDisabled: c.SessionTicketsDisabled, + SessionTicketKey: c.SessionTicketKey, + ClientSessionCache: c.ClientSessionCache, + MinVersion: c.MinVersion, + MaxVersion: c.MaxVersion, + CurvePreferences: c.CurvePreferences, + DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, + Renegotiation: c.Renegotiation, + KeyLogWriter: c.KeyLogWriter, + ExplicitCurvePreferences: c.ExplicitCurvePreferences, + SignatureAndHashes: c.SignatureAndHashes, + ForceSuites: c.ForceSuites, + ExportRSAKey: c.ExportRSAKey, + HeartbeatEnabled: c.HeartbeatEnabled, + ClientDSAEnabled: c.ClientDSAEnabled, + ExtendedRandom: c.ExtendedRandom, + ForceSessionTicketExt: c.ForceSessionTicketExt, + ExtendedMasterSecret: c.ExtendedMasterSecret, + SignedCertificateTimestampExt: c.SignedCertificateTimestampExt, + ClientRandom: c.ClientRandom, + ExternalClientHello: c.ExternalClientHello, + CertsOnly: c.CertsOnly, + DontBufferHandshakes: c.DontBufferHandshakes, + sessionTicketKeys: c.sessionTicketKeys, + autoSessionTicketKeys: c.autoSessionTicketKeys, } } @@ -1080,6 +1196,9 @@ func supportedVersionsFromMax(maxVersion uint16) []uint16 { var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521} func (c *Config) curvePreferences() []CurveID { + if c.ExplicitCurvePreferences { + return c.CurvePreferences + } if c == nil || len(c.CurvePreferences) == 0 { return defaultCurvePreferences } @@ -1403,25 +1522,25 @@ var writerMutex sync.Mutex // A Certificate is a chain of one or more certificates, leaf first. type Certificate struct { - Certificate [][]byte + Certificate [][]byte `json:"certificate_chain,omitempty"` // PrivateKey contains the private key corresponding to the public key in // Leaf. This must implement crypto.Signer with an RSA, ECDSA or Ed25519 PublicKey. // For a server up to TLS 1.2, it can also implement crypto.Decrypter with // an RSA PublicKey. - PrivateKey crypto.PrivateKey + PrivateKey crypto.PrivateKey `json:"-"` // SupportedSignatureAlgorithms is an optional list restricting what // signature algorithms the PrivateKey can be used for. - SupportedSignatureAlgorithms []SignatureScheme + SupportedSignatureAlgorithms []SignatureScheme `json:"supported_sig_algos,omitempty"` // OCSPStaple contains an optional OCSP response which will be served // to clients that request it. - OCSPStaple []byte + OCSPStaple []byte `json:"ocsp_staple,omitempty"` // SignedCertificateTimestamps contains an optional list of Signed // Certificate Timestamps which will be served to clients that request it. - SignedCertificateTimestamps [][]byte + SignedCertificateTimestamps [][]byte `json:"signed_cert_timestamps,omitempty"` // Leaf is the parsed form of the leaf certificate, which may be initialized // using x509.ParseCertificate to reduce per-handshake processing. If nil, // the leaf certificate will be parsed as needed. - Leaf *x509.Certificate + Leaf *x509.Certificate `json:"leaf,omitempty"` } // leaf returns the parsed leaf certificate, either from c.Leaf or by parsing diff --git a/tls/tls_test.go b/tls/tls_test.go index 2a3211bf..cf6a1272 100644 --- a/tls/tls_test.go +++ b/tls/tls_test.go @@ -8,6 +8,7 @@ import ( "bytes" "context" "crypto" + "crypto/rsa" "encoding/json" "errors" "fmt" @@ -825,6 +826,16 @@ func TestCloneNonFuncFields(t *testing.T) { f.Set(reflect.ValueOf([]CurveID{CurveP256})) case "Renegotiation": f.Set(reflect.ValueOf(RenegotiateOnceAsClient)) + case "ExplicitCurvePreferences", "ForceSuites", "HeartbeatEnabled", + "ClientDSAEnabled", "ExtendedRandom", "ForceSessionTicketExt", + "ExtendedMasterSecret", "SignedCertificateTimestampExt", "CertsOnly", "DontBufferHandshakes": + f.Set(reflect.ValueOf(true)) + case "ClientRandom", "ExternalClientHello": + f.Set(reflect.ValueOf([]byte{})) + case "SignatureAndHashes": + f.Set(reflect.ValueOf([]SigAndHash{})) + case "ExportRSAKey": + f.Set(reflect.ValueOf((*rsa.PrivateKey)(nil))) case "mutex", "autoSessionTicketKeys", "sessionTicketKeys": continue // these are unexported fields that are handled separately default: From 54fce8d033845b5de17f6cfb0ea5e7d6393b2131 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Mon, 9 Aug 2021 07:43:58 -0700 Subject: [PATCH 04/40] TLS 1.3: Handshake logs (#307) * [DRAFT] Handshake logs * Removed heartbleed * Added handshake logs for ZGrab2 * Added handshake logs for ZGrab2 * TLS1.3: added cert logs * TLS1.3: adding keyAgreement logs * TLS1.3: log SignatureAndHashes * TLS1.3: log SupportedCurves * TLS1.3: log ServerKeyExchange * TLS 1.3: adding legacy Key Agreement algs --- go.mod | 4 +- go.sum | 17 +- json/names.go | 2 + tls/cipher_suites.go | 167 +++++++++++- tls/common.go | 70 ++++- tls/common_string.go | 40 +-- tls/conn.go | 14 +- tls/handshake_client.go | 48 +++- tls/handshake_client_test.go | 15 +- tls/handshake_client_tls13.go | 15 +- tls/handshake_messages.go | 8 +- tls/handshake_server.go | 27 +- tls/key_agreement.go | 386 +++++++++++++++++++++++++++- tls/tls_handshake.go | 468 ++++++++++++++++++++++++++++++++++ tls/tls_ka.go | 145 +++++++++++ tls/tls_names.go | 12 + tls/tls_test.go | 2 +- 17 files changed, 1361 insertions(+), 79 deletions(-) create mode 100644 tls/tls_ka.go diff --git a/go.mod b/go.mod index a9749090..c3e51110 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,10 @@ require ( github.com/sirupsen/logrus v1.3.0 github.com/stretchr/testify v1.4.0 github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb - github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 - golang.org/x/net v0.0.0-20201110031124-69a78807bb2b + golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 + golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 gopkg.in/yaml.v2 v2.3.0 // indirect ) diff --git a/go.sum b/go.sum index 169a1cf1..fd5d322b 100644 --- a/go.sum +++ b/go.sum @@ -23,27 +23,26 @@ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJy github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb h1:oPaLW393z/0fKmyrC1rTmXbyst2hTF3uXFXgnT8CcdE= github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= -github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 h1:kKCF7VX/wTmdg2ZjEaqlq99Bjsoiz7vH6sFniF/vI4M= -github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 h1:17HHAgFKlLcZsDOjBOUrd5hDihb1ggf+1a5dTbkgkIY= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 h1:xYJJ3S178yv++9zXV/hnr29plCAGO9vAFG9dorqaFQc= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/json/names.go b/json/names.go index 38828248..efbafa8d 100644 --- a/json/names.go +++ b/json/names.go @@ -45,6 +45,7 @@ const ( BrainpoolP256r1 TLSCurveID = 26 BrainpoolP384r1 TLSCurveID = 27 BrainpoolP512r1 TLSCurveID = 28 + X25519 TLSCurveID = 29 ) var ecIDToName map[TLSCurveID]string @@ -80,6 +81,7 @@ func init() { ecIDToName[BrainpoolP256r1] = "brainpoolp256r1" ecIDToName[BrainpoolP384r1] = "brainpoolp384r1" ecIDToName[BrainpoolP512r1] = "brainpoolp512r1" + ecIDToName[X25519] = "x25519" ecNameToID = make(map[string]TLSCurveID, 64) ecNameToID["sect163k1"] = Sect163k1 diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index 7a73a768..ac7e4d50 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -147,6 +147,30 @@ const ( // suiteDefaultOff indicates that this cipher suite is not included by // default. suiteDefaultOff + + // suiteECDSA indicates that the cipher suite involves an ECDSA + // signature and therefore may only be selected when the server's + // certificate is ECDSA. If this is not set then the cipher suite is + // RSA based. + suiteECDSA + + // suiteNoDTLS indicates that the cipher suite cannot be used + // in DTLS. + suiteNoDTLS + + // suitePSK indicates that the cipher suite authenticates with + // a pre-shared key rather than a server private key. + suitePSK + + // suiteExport indicates that the cipher suite is an export suite + suiteExport + + // suiteAnon indicates the cipher suite is anonymous + suiteAnon + + // suiteDSS indicates the cipher suite uses DSS signatures and requires a + // DSA server key + suiteDSS ) // A cipherSuite is a specific combination of key agreement, cipher and MAC function. @@ -193,6 +217,102 @@ var cipherSuites = []*cipherSuite{ {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteDefaultOff, cipherRC4, macSHA1, nil}, } +var implementedCipherSuites = []*cipherSuite{ + // Ciphersuite order is chosen so that ECDHE comes before plain RSA and + // AEADs are the top preference. + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECSign, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECSign, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, + + // RC4-based cipher suites are disabled by default. + {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteDefaultOff, cipherRC4, macSHA1, nil}, + + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteNoDTLS, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteNoDTLS, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, + //{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, + //{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, dheRSAKA, suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, + {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, dheRSAKA, suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, dheRSAKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, dheRSAKA, 0, cipherAES, macSHA1, nil}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, dheRSAKA, 0, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteNoDTLS, cipherRC4, macSHA1, nil}, + //{TLS_RSA_WITH_RC4_128_MD5, 16, 16, 0, rsaKA, suiteNoDTLS, cipherRC4, macMD5, nil}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, + {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, dheRSAKA, 0, cipher3DES, macSHA1, nil}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, + // WARN: PSK: Not supported/implemented + //{TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdhePSKKA, suiteECDHE | suiteTLS12 | suitePSK, nil, nil, aeadAESGCM}, + //{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, suiteNoDTLS | suitePSK, cipherRC4, macSHA1, nil}, + //{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, + //{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, + //{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, + //{TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, + + //{TLS_RSA_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, rsaEphemeralKA, suiteExport, cipherRC4, macMD5, nil}, + //{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, rsaEphemeralKA, suiteExport, cipherDES, macSHA1, nil}, + //{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 5, 16, 8, rsaEphemeralKA, suiteExport, cipherRC2, macMD5, nil}, + //{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, dheRSAKA, suiteExport, cipherDES, macSHA1, nil}, + + // WARN: DSS: Certificate not supported/implemented + //{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, dheDSSKA, suiteExport | suiteDSS, cipherDES, macSHA1, nil}, + // WARN: Non-ephemeral, Anonymous DH: Not supported/implemented + //{TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, dhAnonKA, suiteExport | suiteAnon, cipherDES, macSHA1, nil}, + //{TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, dhAnonKA, suiteExport | suiteAnon, cipherRC4, macMD5, nil}, + // WARN DSS: Certificate not supported/implemented + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 16, 20, 16, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipher3DES, macSHA1, nil}, + // WARN: DSS: Certificate not supported/implemented + //{TLS_DHE_DSS_WITH_DES_CBC_SHA, 8, 20, 8, dheDSSKA, suiteDSS, cipherDES, macSHA1, nil}, + {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, dheDSSKA, suiteDSS, cipher3DES, macSHA1, nil}, + //{TLS_DHE_RSA_WITH_DES_CBC_SHA, 8, 20, 8, dheRSAKA, 0, cipherDES, macSHA1, nil}, + // WARN: DSS: Certificate not supported/implemented + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 32, 20, 16, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 16, 32, 16, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_DHE_DSS_WITH_RC4_128_SHA, 16, 20, 0, dheDSSKA, suiteDSS, cipherRC4, macSHA1, nil}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 32, 32, 16, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 16, 0, 4, dheDSSKA, suiteDSS | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 32, 0, 4, dheDSSKA, suiteDSS | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, +} + // selectCipherSuite returns the first cipher suite from ids which is also in // supportedIDs and passes the ok filter. func selectCipherSuite(ids, supportedIDs []uint16, ok func(*cipherSuite) bool) *cipherSuite { @@ -329,6 +449,20 @@ func (f *xorNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]by return result, err } +func aeadCHACHA20POLY1305(key, fixedNonce []byte) aead { + if len(fixedNonce) != aeadNonceLength { + panic("tls: internal error: wrong nonce length") + } + aead, err := chacha20poly1305.New(key) + if err != nil { + panic(err) + } + + ret := &xorNonceAEAD{aead: aead} + copy(ret.nonceMask[:], fixedNonce) + return ret +} + func aeadAESGCM(key, noncePrefix []byte) aead { if len(noncePrefix) != noncePrefixLength { panic("tls: internal error: wrong nonce length") @@ -419,6 +553,19 @@ func rsaKA(version uint16) keyAgreement { return rsaKeyAgreement{} } +/* TODO +func rsaEphemeralKA(version uint16) keyAgreement { + return &rsaKeyAgreement{ + version: version, + ephemeral: true, + auth: &signedKeyAgreement{ + sigType: signatureRSA, + version: version, + }, + } +} +*/ + func ecdheECDSAKA(version uint16) keyAgreement { return &ecdheKeyAgreement{ isRSA: false, @@ -433,6 +580,24 @@ func ecdheRSAKA(version uint16) keyAgreement { } } +func dheRSAKA(version uint16) keyAgreement { + return &dheKeyAgreement{ + auth: &signedKeyAgreement{ + sigType: signatureRSA, + version: version, + }, + } +} + +func dheDSSKA(version uint16) keyAgreement { + return &dheKeyAgreement{ + auth: &signedKeyAgreement{ + sigType: signatureDSA, + version: version, + }, + } +} + // mutualCipherSuite returns a cipherSuite given a list of supported // ciphersuites and the id requested by the peer. func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { @@ -445,7 +610,7 @@ func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { } func cipherSuiteByID(id uint16) *cipherSuite { - for _, cipherSuite := range cipherSuites { + for _, cipherSuite := range implementedCipherSuites { if cipherSuite.id == id { return cipherSuite } diff --git a/tls/common.go b/tls/common.go index c3b79212..4cca15a6 100644 --- a/tls/common.go +++ b/tls/common.go @@ -19,6 +19,7 @@ import ( "errors" "fmt" "io" + "math/big" "net" "runtime" "sort" @@ -258,6 +259,15 @@ const ( hashSHA512 uint8 = 6 ) +var supportedHashFunc = map[uint8]crypto.Hash{ + hashMD5: crypto.MD5, + hashSHA1: crypto.SHA1, + hashSHA224: crypto.SHA224, + hashSHA256: crypto.SHA256, + hashSHA384: crypto.SHA384, + hashSHA512: crypto.SHA512, +} + // Signature algorithms (for internal signaling use). Starting at 225 to avoid overlap with // TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do. const ( @@ -340,6 +350,21 @@ var supportedSignatureAlgorithms = []SignatureScheme{ ECDSAWithSHA1, } +var signatureAlgorithms = map[SignatureScheme]SigAndHash{ + PSSWithSHA256: {signatureRSA, hashSHA256}, + ECDSAWithP256AndSHA256: {signatureECDSA, hashSHA256}, + Ed25519: {signatureEd25519, hashSHA256}, // TODO: is it correct + PSSWithSHA384: {signatureRSA, hashSHA384}, + PSSWithSHA512: {signatureRSA, hashSHA512}, + PKCS1WithSHA256: {signatureRSA, hashSHA256}, + PKCS1WithSHA384: {signatureRSA, hashSHA384}, + PKCS1WithSHA512: {signatureRSA, hashSHA512}, + ECDSAWithP384AndSHA384: {signatureECDSA, hashSHA384}, + ECDSAWithP521AndSHA512: {signatureECDSA, hashSHA512}, + PKCS1WithSHA1: {signatureRSA, hashSHA1}, + ECDSAWithSHA1: {signatureECDSA, hashSHA1}, +} + // helloRetryRequestRandom is set as the Random value of a ServerHello // to signal that the message is actually a HelloRetryRequest. var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3. @@ -520,7 +545,7 @@ type ClientSessionCache interface { Put(sessionKey string, cs *ClientSessionState) } -//go:generate stringer -type=SignatureScheme,CurveID,ClientAuthType -output=common_string.go +//go:generate stringer -type=SignatureScheme,ClientAuthType -output=common_string.go // SignatureScheme identifies a signature algorithm supported by TLS. See // RFC 8446, Section 4.2.3. @@ -1468,6 +1493,23 @@ func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error { return errors.New("chain is not signed by an acceptable CA") } +func (c *Config) signatureAndHashesForServer() []SigAndHash { + if c != nil && c.SignatureAndHashes != nil { + return c.SignatureAndHashes + } + return supportedClientCertSignatureAlgorithms +} + +func (c *Config) signatureAndHashesForClient() []SigAndHash { + if c != nil && c.SignatureAndHashes != nil { + return c.SignatureAndHashes + } + if c.ClientDSAEnabled { + return supportedSKXSignatureAlgorithms + } + return defaultSKXSignatureAlgorithms +} + // BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate // from the CommonName and SubjectAlternateName fields of each of the leaf // certificates. @@ -1634,6 +1676,13 @@ func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) { return nil, false } +// TODO(jsing): Make these available to both crypto/x509 and crypto/tls. +type dsaSignature struct { + R, S *big.Int +} + +type ecdsaSignature dsaSignature + var emptyConfig Config func defaultConfig() *Config { @@ -1734,6 +1783,15 @@ func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlg return false } +func isSupportedSignatureAndHash(sigHash SigAndHash, sigHashes []SigAndHash) bool { + for _, s := range sigHashes { + if s == sigHash { + return true + } + } + return false +} + var aesgcmCiphers = map[uint16]bool{ // 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: true, @@ -1781,3 +1839,13 @@ func deprioritizeAES(ciphers []uint16) []uint16 { }) return reordered } + +func sigAndHashes(algos []SignatureScheme) []SigAndHash { + list := []SigAndHash{} + for _, sigAndAlg := range algos { + if sa, ok := signatureAlgorithms[SignatureScheme(sigAndAlg)]; ok { + list = append(list, sa) + } + } + return list +} diff --git a/tls/common_string.go b/tls/common_string.go index 23810881..24ffa5ac 100644 --- a/tls/common_string.go +++ b/tls/common_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=SignatureScheme,CurveID,ClientAuthType -output=common_string.go"; DO NOT EDIT. +// Code generated by "stringer -type=SignatureScheme,ClientAuthType -output=common_string.go"; DO NOT EDIT. package tls @@ -18,6 +18,8 @@ func _() { _ = x[ECDSAWithP384AndSHA384-1283] _ = x[ECDSAWithP521AndSHA512-1539] _ = x[Ed25519-2055] + _ = x[EdDSAWithEd25519-2055] + _ = x[EdDSAWithEd448-2056] _ = x[PKCS1WithSHA1-513] _ = x[ECDSAWithSHA1-515] } @@ -31,11 +33,11 @@ const ( _SignatureScheme_name_5 = "ECDSAWithP384AndSHA384" _SignatureScheme_name_6 = "PKCS1WithSHA512" _SignatureScheme_name_7 = "ECDSAWithP521AndSHA512" - _SignatureScheme_name_8 = "PSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519" + _SignatureScheme_name_8 = "PSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519EdDSAWithEd448" ) var ( - _SignatureScheme_index_8 = [...]uint8{0, 13, 26, 39, 46} + _SignatureScheme_index_8 = [...]uint8{0, 13, 26, 39, 46, 60} ) func (i SignatureScheme) String() string { @@ -56,43 +58,13 @@ func (i SignatureScheme) String() string { return _SignatureScheme_name_6 case i == 1539: return _SignatureScheme_name_7 - case 2052 <= i && i <= 2055: + case 2052 <= i && i <= 2056: i -= 2052 return _SignatureScheme_name_8[_SignatureScheme_index_8[i]:_SignatureScheme_index_8[i+1]] default: return "SignatureScheme(" + strconv.FormatInt(int64(i), 10) + ")" } } -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[CurveP256-23] - _ = x[CurveP384-24] - _ = x[CurveP521-25] - _ = x[X25519-29] -} - -const ( - _CurveID_name_0 = "CurveP256CurveP384CurveP521" - _CurveID_name_1 = "X25519" -) - -var ( - _CurveID_index_0 = [...]uint8{0, 9, 18, 27} -) - -func (i CurveID) String() string { - switch { - case 23 <= i && i <= 25: - i -= 23 - return _CurveID_name_0[_CurveID_index_0[i]:_CurveID_index_0[i+1]] - case i == 29: - return _CurveID_name_1 - default: - return "CurveID(" + strconv.FormatInt(int64(i), 10) + ")" - } -} func _() { // An "invalid array index" compiler error signifies that the constant values have changed. // Re-run the stringer command to generate them again. diff --git a/tls/conn.go b/tls/conn.go index 176b2fef..ac510192 100644 --- a/tls/conn.go +++ b/tls/conn.go @@ -115,6 +115,9 @@ type Conn struct { activeCall int32 tmp [16]byte + + // tls + handshakeLog *ServerHandshake } // Access to net.Conn methods. @@ -1389,7 +1392,16 @@ func (c *Conn) Handshake() error { c.in.Lock() defer c.in.Unlock() - c.handshakeErr = c.handshakeFn() + // TODO: c.handshakeFn() gives a race condition in ZGrab2 + // using explicit calls here instead + + //c.handshakeErr = c.handshakeFn() + if c.isClient { + c.handshakeErr = c.clientHandshake() + } else { + c.handshakeErr = c.serverHandshake() + } + if c.handshakeErr == nil { c.handshakes++ } else { diff --git a/tls/handshake_client.go b/tls/handshake_client.go index fb167828..47c53637 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -165,6 +165,8 @@ func (c *Conn) clientHandshake() (err error) { }() } + c.handshakeLog = new(ServerHandshake) + if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil { return err } @@ -173,12 +175,14 @@ func (c *Conn) clientHandshake() (err error) { if err != nil { return err } + c.handshakeLog.ClientHello = hello.MakeLog() serverHello, ok := msg.(*serverHelloMsg) if !ok { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(serverHello, msg) } + c.handshakeLog.ServerHello = serverHello.MakeLog() if err := c.pickTLSVersion(serverHello); err != nil { return err @@ -222,6 +226,14 @@ func (c *Conn) clientHandshake() (err error) { return err } + if hs.session == nil { + c.handshakeLog.SessionTicket = nil + } else { + c.handshakeLog.SessionTicket = hs.session.MakeLog() + } + + c.handshakeLog.KeyMaterial = hs.MakeLog() + // If we had a successful handshake and hs.session is different from // the one already cached - cache a new one. if cacheKey != "" && hs.session != nil && session != hs.session { @@ -498,6 +510,8 @@ func (hs *clientHandshakeState) doFullHandshake() error { } } + c.handshakeLog.ServerCertificates = certMsg.MakeLog() + if c.handshakes == 0 { // If this is the first handshake on a connection, process and // (optionally) verify the server's certificates. @@ -523,6 +537,8 @@ func (hs *clientHandshakeState) doFullHandshake() error { if ok { hs.finishedHash.Write(skx.marshal()) err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx) + + c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) if err != nil { c.sendAlert(alertUnexpectedMessage) return err @@ -570,6 +586,8 @@ func (hs *clientHandshakeState) doFullHandshake() error { if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { return err } + + c.handshakeLog.ServerCertificates = certMsg.MakeLog() } preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) @@ -577,6 +595,9 @@ func (hs *clientHandshakeState) doFullHandshake() error { c.sendAlert(alertInternalError) return err } + + c.handshakeLog.ClientKeyExchange = ckx.MakeLog(keyAgreement) + if ckx != nil { hs.finishedHash.Write(ckx.marshal()) if _, err := c.writeRecord(recordTypeHandshake, ckx.marshal()); err != nil { @@ -760,6 +781,7 @@ func (hs *clientHandshakeState) readFinished(out []byte) error { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(serverFinished, msg) } + c.handshakeLog.ServerFinished = serverFinished.MakeLog() verify := hs.finishedHash.serverSum(hs.masterSecret) if len(verify) != len(serverFinished.verifyData) || @@ -814,6 +836,8 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { finished := new(finishedMsg) finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) hs.finishedHash.Write(finished.marshal()) + c.handshakeLog.ClientFinished = finished.MakeLog() + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { return err } @@ -834,18 +858,20 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { certs[i] = cert } + opts := x509.VerifyOptions{ + Roots: c.config.RootCAs, + CurrentTime: c.config.time(), + DNSName: c.config.ServerName, + Intermediates: x509.NewCertPool(), + } + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + var err error + var validation *x509.Validation + c.verifiedChains, validation, err = certs[0].ValidateWithStupidDetail(opts) + c.handshakeLog.ServerCertificates.addParsed(certs, validation) if !c.config.InsecureSkipVerify { - opts := x509.VerifyOptions{ - Roots: c.config.RootCAs, - CurrentTime: c.config.time(), - DNSName: c.config.ServerName, - Intermediates: x509.NewCertPool(), - } - for _, cert := range certs[1:] { - opts.Intermediates.AddCert(cert) - } - var err error - c.verifiedChains, _, _, err = certs[0].Verify(opts) if err != nil { c.sendAlert(alertBadCertificate) return err diff --git a/tls/handshake_client_test.go b/tls/handshake_client_test.go index 692e2e81..68bec896 100644 --- a/tls/handshake_client_test.go +++ b/tls/handshake_client_test.go @@ -1672,6 +1672,13 @@ func testVerifyConnection(t *testing.T, version uint16) { testHandshakeState := func(name string, didResume bool) { _, hs, err := testHandshake(t, clientConfig, serverConfig) + if clientConfig.InsecureSkipVerify { + if err != nil && !strings.Contains(err.Error(), "bad certificate") { + t.Fatalf("%s: handshake failed: %s", name, err) + } + return + } + if err != nil { t.Fatalf("%s: handshake failed: %s", name, err) } @@ -1813,9 +1820,11 @@ func testVerifyPeerCertificate(t *testing.T, version uint16) { // With InsecureSkipVerify set, this // callback should still be called but // validatedChains must be empty. - if l := len(validatedChains); l != 0 { - return fmt.Errorf("got len(validatedChains) = %d, wanted zero", l) - } + /* + if l := len(validatedChains); l != 0 { + return fmt.Errorf("got len(validatedChains) = %d, wanted zero", l) + } + */ *called = true return nil } diff --git a/tls/handshake_client_tls13.go b/tls/handshake_client_tls13.go index daa5d97f..bf7067f6 100644 --- a/tls/handshake_client_tls13.go +++ b/tls/handshake_client_tls13.go @@ -37,18 +37,16 @@ type clientHandshakeStateTLS13 struct { // handshake requires hs.c, hs.hello, hs.serverHello, hs.ecdheParams, and, // optionally, hs.session, hs.earlySecret and hs.binderKey to be set. func (hs *clientHandshakeStateTLS13) handshake() error { - c := hs.c - // The server must not select TLS 1.3 in a renegotiation. See RFC 8446, // sections 4.1.2 and 4.1.3. - if c.handshakes > 0 { - c.sendAlert(alertProtocolVersion) + if hs.c.handshakes > 0 { + hs.c.sendAlert(alertProtocolVersion) return errors.New("tls: server selected TLS 1.3 in a renegotiation") } // Consistency check on the presence of a keyShare and its parameters. if hs.ecdheParams == nil || len(hs.hello.keyShares) != 1 { - return c.sendAlert(alertInternalError) + return hs.c.sendAlert(alertInternalError) } if err := hs.checkServerHelloOrHRR(); err != nil { @@ -69,7 +67,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { hs.transcript.Write(hs.serverHello.marshal()) - c.buffering = true + hs.c.buffering = true if err := hs.processServerHello(); err != nil { return err } @@ -94,11 +92,11 @@ func (hs *clientHandshakeStateTLS13) handshake() error { if err := hs.sendClientFinished(); err != nil { return err } - if _, err := c.flush(); err != nil { + if _, err := hs.c.flush(); err != nil { return err } - atomic.StoreUint32(&c.handshakeStatus, 1) + atomic.StoreUint32(&hs.c.handshakeStatus, 1) return nil } @@ -458,6 +456,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error { c.scts = certMsg.certificate.SignedCertificateTimestamps c.ocspResponse = certMsg.certificate.OCSPStaple + c.handshakeLog.ServerCertificates = certMsg.MakeLog() if err := c.verifyServerCertificate(certMsg.certificate.Certificate); err != nil { return err } diff --git a/tls/handshake_messages.go b/tls/handshake_messages.go index b5f81e44..699b77d3 100644 --- a/tls/handshake_messages.go +++ b/tls/handshake_messages.go @@ -73,6 +73,7 @@ type clientHelloMsg struct { sessionId []byte cipherSuites []uint16 compressionMethods []uint8 + nextProtoNeg bool serverName string ocspStapling bool supportedCurves []CurveID @@ -92,6 +93,8 @@ type clientHelloMsg struct { pskModes []uint8 pskIdentities []pskIdentity pskBinders [][]byte + // TODO: ZGrab2 : populate + unknownExtensions [][]byte } func (m *clientHelloMsg) marshal() []byte { @@ -1424,8 +1427,9 @@ func unmarshalCertificate(s *cryptobyte.String, certificate *Certificate) bool { } type serverKeyExchangeMsg struct { - raw []byte - key []byte + raw []byte + key []byte + digest []byte } func (m *serverKeyExchangeMsg) marshal() []byte { diff --git a/tls/handshake_server.go b/tls/handshake_server.go index 40ad3230..6ef0478d 100644 --- a/tls/handshake_server.go +++ b/tls/handshake_server.go @@ -121,11 +121,15 @@ func (hs *serverHandshakeState) handshake() error { c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) atomic.StoreUint32(&c.handshakeStatus, 1) + c.handshakeLog.KeyMaterial = hs.MakeLog() + return nil } // readClientHello reads a ClientHello message and selects the protocol version. func (c *Conn) readClientHello() (*clientHelloMsg, error) { + c.handshakeLog = new(ServerHandshake) + msg, err := c.readHandshake() if err != nil { return nil, err @@ -135,6 +139,7 @@ func (c *Conn) readClientHello() (*clientHelloMsg, error) { c.sendAlert(alertUnexpectedMessage) return nil, unexpectedMessageError(clientHello, msg) } + c.handshakeLog.ClientHello = clientHello.MakeLog() var configForClient *Config originalConfig := c.config @@ -436,6 +441,7 @@ func (hs *serverHandshakeState) doResumeHandshake() error { if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { return err } + c.handshakeLog.ServerHello = hs.hello.MakeLog() if err := c.processCertsFromClient(Certificate{ Certificate: hs.sessionState.certificates, @@ -473,14 +479,18 @@ func (hs *serverHandshakeState) doFullHandshake() error { } hs.finishedHash.Write(hs.clientHello.marshal()) hs.finishedHash.Write(hs.hello.marshal()) - if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()) + c.handshakeLog.ServerHello = hs.hello.MakeLog() + if err != nil { return err } certMsg := new(certificateMsg) certMsg.certificates = hs.cert.Certificate hs.finishedHash.Write(certMsg.marshal()) - if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + _, err = c.writeRecord(recordTypeHandshake, certMsg.marshal()) + c.handshakeLog.ServerCertificates = certMsg.MakeLog() + if err != nil { return err } @@ -501,7 +511,10 @@ func (hs *serverHandshakeState) doFullHandshake() error { } if skx != nil { hs.finishedHash.Write(skx.marshal()) - if _, err := c.writeRecord(recordTypeHandshake, skx.marshal()); err != nil { + _, err := c.writeRecord(recordTypeHandshake, skx.marshal()) + + c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) + if err != nil { return err } } @@ -594,6 +607,8 @@ func (hs *serverHandshakeState) doFullHandshake() error { c.sendAlert(alertHandshakeFailure) return err } + c.handshakeLog.ClientKeyExchange = ckx.MakeLog(keyAgreement) + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random) if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil { c.sendAlert(alertInternalError) @@ -691,6 +706,7 @@ func (hs *serverHandshakeState) readFinished(out []byte) error { c.sendAlert(alertUnexpectedMessage) return unexpectedMessageError(clientFinished, msg) } + c.handshakeLog.ClientFinished = clientFinished.MakeLog() verify := hs.finishedHash.clientSum(hs.masterSecret) if len(verify) != len(clientFinished.verifyData) || @@ -757,7 +773,10 @@ func (hs *serverHandshakeState) sendFinished(out []byte) error { finished := new(finishedMsg) finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) hs.finishedHash.Write(finished.marshal()) - if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + _, err := c.writeRecord(recordTypeHandshake, finished.marshal()) + c.handshakeLog.ServerFinished = finished.MakeLog() + + if err != nil { return err } diff --git a/tls/key_agreement.go b/tls/key_agreement.go index becdc824..5ab6e19a 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -6,12 +6,19 @@ package tls import ( "crypto" + "crypto/dsa" + "crypto/ecdsa" "crypto/md5" + "crypto/rand" "crypto/rsa" "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "encoding/asn1" "errors" "fmt" "io" + "math/big" "github.com/zmap/zcrypto/x509" ) @@ -19,9 +26,184 @@ import ( var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message") var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message") +// keyAgreementAuthentication is a helper interface that specifies how +// to authenticate the ServerKeyExchange parameters. +type keyAgreementAuthentication interface { + signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) + verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) +} + +// nilKeyAgreementAuthentication does not authenticate the key +// agreement parameters. +type nilKeyAgreementAuthentication struct{} + +func (ka *nilKeyAgreementAuthentication) signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) { + skx := new(serverKeyExchangeMsg) + skx.key = params + return skx, nil +} + +func (ka *nilKeyAgreementAuthentication) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) { + return nil, nil +} + +// signedKeyAgreement signs the ServerKeyExchange parameters with the +// server's private key. +type signedKeyAgreement struct { + version uint16 + sigType uint8 + raw []byte + valid bool + sh SigAndHash +} + +func (ka *signedKeyAgreement) signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) { + var tls12HashId uint8 + var err error + if ka.version >= VersionTLS12 { + if tls12HashId, err = pickTLS12HashForSignature(ka.sigType, sigAndHashes(clientHello.supportedSignatureAlgorithms), config.signatureAndHashesForServer()); err != nil { + return nil, err + } + ka.sh.Hash = tls12HashId + } + ka.sh.Signature = ka.sigType + hashFunc := supportedHashFunc[tls12HashId] + digest := hashForServerKeyExchange(ka.sigType, hashFunc, ka.version, clientHello.random, hello.random, params) + if err != nil { + return nil, err + } + var sig []byte + switch ka.sigType { + case signatureECDSA: + privKey, ok := cert.PrivateKey.(*ecdsa.PrivateKey) + if !ok { + return nil, errors.New("ECDHE ECDSA requires an ECDSA server private key") + } + r, s, err := ecdsa.Sign(config.rand(), privKey, digest) + if err != nil { + return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) + } + sig, err = asn1.Marshal(ecdsaSignature{r, s}) + case signatureRSA: + privKey, ok := cert.PrivateKey.(*rsa.PrivateKey) + if !ok { + return nil, errors.New("ECDHE RSA requires a RSA server private key") + } + sig, err = rsa.SignPKCS1v15(config.rand(), privKey, hashFunc, digest) + if err != nil { + return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) + } + default: + return nil, errors.New("unknown ECDHE signature algorithm") + } + + skx := new(serverKeyExchangeMsg) + skx.digest = digest + sigAndHashLen := 0 + if ka.version >= VersionTLS12 { + sigAndHashLen = 2 + } + skx.key = make([]byte, len(params)+sigAndHashLen+2+len(sig)) + copy(skx.key, params) + k := skx.key[len(params):] + if ka.version >= VersionTLS12 { + k[0] = tls12HashId + k[1] = ka.sigType + k = k[2:] + } + k[0] = byte(len(sig) >> 8) + k[1] = byte(len(sig)) + copy(k[2:], sig) + ka.raw = sig + ka.valid = true // We (the server) signed + return skx, nil +} + +func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) { + if len(sig) < 2 { + return nil, errServerKeyExchange + } + + var tls12HashId uint8 + if ka.version >= VersionTLS12 { + // handle SignatureAndHashAlgorithm + var sigAndHash []uint8 + sigAndHash, sig = sig[:2], sig[2:] + tls12HashId = sigAndHash[0] + ka.sh.Hash = tls12HashId + ka.sh.Signature = sigAndHash[1] + if sigAndHash[1] != ka.sigType { + return nil, errServerKeyExchange + } + if len(sig) < 2 { + return nil, errServerKeyExchange + } + + if !isSupportedSignatureAndHash(SigAndHash{ka.sigType, tls12HashId}, config.signatureAndHashesForClient()) { + return nil, errors.New("tls: unsupported hash function for ServerKeyExchange") + } + } + sigLen := int(sig[0])<<8 | int(sig[1]) + if sigLen+2 != len(sig) { + return nil, errServerKeyExchange + } + sig = sig[2:] + ka.raw = sig + + hashFunc := supportedHashFunc[tls12HashId] + digest := hashForServerKeyExchange(ka.sigType, hashFunc, ka.version, clientHello.random, serverHello.random, params) + switch ka.sigType { + case signatureECDSA: + augECDSA, ok := cert.PublicKey.(*x509.AugmentedECDSA) + if !ok { + return nil, errors.New("ECDHE ECDSA: could not covert cert.PublicKey to x509.AugmentedECDSA") + } + pubKey := augECDSA.Pub + ecdsaSig := new(ecdsaSignature) + if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil { + return nil, err + } + if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { + return nil, errors.New("ECDSA signature contained zero or negative values") + } + if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) { + return nil, errors.New("ECDSA verification failure") + } + case signatureRSA: + pubKey, ok := cert.PublicKey.(*rsa.PublicKey) + if !ok { + return nil, errors.New("ECDHE RSA requires a RSA server public key") + } + if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil { + return nil, err + } + case signatureDSA: + pubKey, ok := cert.PublicKey.(*dsa.PublicKey) + if !ok { + return nil, errors.New("DSS ciphers require a DSA server public key") + } + dsaSig := new(dsaSignature) + if _, err := asn1.Unmarshal(sig, dsaSig); err != nil { + return nil, err + } + if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 { + return nil, errors.New("DSA signature contained zero or negative values") + } + if !dsa.Verify(pubKey, digest, dsaSig.R, dsaSig.S) { + return nil, errors.New("DSA verification failure") + } + default: + return nil, errors.New("unknown ECDHE signature algorithm") + } + ka.valid = true + return digest, nil +} + // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. -type rsaKeyAgreement struct{} +type rsaKeyAgreement struct { + verifyError error +} func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { return nil, nil @@ -102,6 +284,42 @@ func md5SHA1Hash(slices [][]byte) []byte { return md5sha1 } +// sha224Hash implements TLS 1.2's hash function. +func sha224Hash(slices [][]byte) []byte { + h := crypto.SHA224.New() + for _, slice := range slices { + h.Write(slice) + } + return h.Sum(nil) +} + +// sha256Hash implements TLS 1.2's hash function. +func sha256Hash(slices [][]byte) []byte { + h := sha256.New() + for _, slice := range slices { + h.Write(slice) + } + return h.Sum(nil) +} + +// sha256Hash implements TLS 1.2's hash function. +func sha384Hash(slices [][]byte) []byte { + h := crypto.SHA384.New() + for _, slice := range slices { + h.Write(slice) + } + return h.Sum(nil) +} + +// sha512Hash implements TLS 1.2's hash function. +func sha512Hash(slices [][]byte) []byte { + h := sha512.New() + for _, slice := range slices { + h.Write(slice) + } + return h.Sum(nil) +} + // hashForServerKeyExchange hashes the given slices and returns their digest // using the given hash function (for >= TLS 1.2) or using a default based on // the sigType (for earlier TLS versions). For Ed25519 signatures, which don't @@ -128,6 +346,29 @@ func hashForServerKeyExchange(sigType uint8, hashFunc crypto.Hash, version uint1 return md5SHA1Hash(slices) } +// pickTLS12HashForSignature returns a TLS 1.2 hash identifier for signing a +// ServerKeyExchange given the signature type being used and the client's +// advertised list of supported signature and hash combinations. +func pickTLS12HashForSignature(sigType uint8, clientList, serverList []SigAndHash) (uint8, error) { + if len(clientList) == 0 { + // If the client didn't specify any signature_algorithms + // extension then we can assume that it supports SHA1. See + // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + return hashSHA1, nil + } + + for _, sigAndHash := range clientList { + if sigAndHash.Signature != sigType { + continue + } + if isSupportedSignatureAndHash(sigAndHash, serverList) { + return sigAndHash.Hash, nil + } + } + + return 0, errors.New("tls: client doesn't support any common hash functions") +} + // ecdheKeyAgreement implements a TLS key agreement where the server // generates an ephemeral EC public/private key pair and signs it. The // pre-master secret is then calculated using ECDH. The signature may @@ -141,6 +382,8 @@ type ecdheKeyAgreement struct { // and returned in generateClientKeyExchange. ckx *clientKeyExchangeMsg preMasterSecret []byte + + verifyError error } func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { @@ -320,7 +563,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell sig = sig[2:] signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams) - if err := verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil { + if ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); ka.verifyError != nil { return errors.New("tls: invalid signature by the server certificate: " + err.Error()) } return nil @@ -333,3 +576,142 @@ func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHel return ka.preMasterSecret, ka.ckx, nil } + +// dheRSAKeyAgreement implements a TLS key agreement where the server generates +// an ephemeral Diffie-Hellman public/private key pair and signs it. The +// pre-master secret is then calculated using Diffie-Hellman. +type dheKeyAgreement struct { + auth keyAgreementAuthentication + p, g *big.Int + yTheirs *big.Int + yOurs *big.Int + xOurs *big.Int + yServer *big.Int + yClient *big.Int + verifyError error +} + +func (ka *dheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { + var q *big.Int + // 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC + // 5114, Section 2.3) + // TODO: Take a prime in the config + ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16) + ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16) + q, _ = new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16) + + var err error + ka.xOurs, err = rand.Int(config.rand(), q) + if err != nil { + return nil, err + } + yOurs := new(big.Int).Exp(ka.g, ka.xOurs, ka.p) + ka.yOurs = yOurs + ka.yServer = new(big.Int).Set(yOurs) + + // http://tools.ietf.org/html/rfc5246#section-7.4.3 + pBytes := ka.p.Bytes() + gBytes := ka.g.Bytes() + yBytes := yOurs.Bytes() + serverDHParams := make([]byte, 0, 2+len(pBytes)+2+len(gBytes)+2+len(yBytes)) + serverDHParams = append(serverDHParams, byte(len(pBytes)>>8), byte(len(pBytes))) + serverDHParams = append(serverDHParams, pBytes...) + serverDHParams = append(serverDHParams, byte(len(gBytes)>>8), byte(len(gBytes))) + serverDHParams = append(serverDHParams, gBytes...) + serverDHParams = append(serverDHParams, byte(len(yBytes)>>8), byte(len(yBytes))) + serverDHParams = append(serverDHParams, yBytes...) + + return ka.auth.signParameters(config, cert, clientHello, hello, serverDHParams) +} + +func (ka *dheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { + if len(ckx.ciphertext) < 2 { + return nil, errClientKeyExchange + } + yLen := (int(ckx.ciphertext[0]) << 8) | int(ckx.ciphertext[1]) + if yLen != len(ckx.ciphertext)-2 { + return nil, errClientKeyExchange + } + yTheirs := new(big.Int).SetBytes(ckx.ciphertext[2:]) + ka.yClient = new(big.Int).Set(yTheirs) + if yTheirs.Sign() <= 0 || yTheirs.Cmp(ka.p) >= 0 { + return nil, errClientKeyExchange + } + return new(big.Int).Exp(yTheirs, ka.xOurs, ka.p).Bytes(), nil +} + +func (ka *dheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { + // Read dh_p + k := skx.key + if len(k) < 2 { + return errServerKeyExchange + } + pLen := (int(k[0]) << 8) | int(k[1]) + k = k[2:] + if len(k) < pLen { + return errServerKeyExchange + } + ka.p = new(big.Int).SetBytes(k[:pLen]) + k = k[pLen:] + + // Read dh_g + if len(k) < 2 { + return errServerKeyExchange + } + gLen := (int(k[0]) << 8) | int(k[1]) + k = k[2:] + if len(k) < gLen { + return errServerKeyExchange + } + ka.g = new(big.Int).SetBytes(k[:gLen]) + k = k[gLen:] + + // Read dh_Ys + if len(k) < 2 { + return errServerKeyExchange + } + yLen := (int(k[0]) << 8) | int(k[1]) + k = k[2:] + if len(k) < yLen { + return errServerKeyExchange + } + ka.yTheirs = new(big.Int).SetBytes(k[:yLen]) + ka.yServer = new(big.Int).Set(ka.yTheirs) + k = k[yLen:] + if ka.yTheirs.Sign() <= 0 || ka.yTheirs.Cmp(ka.p) >= 0 { + return errServerKeyExchange + } + + sig := k + serverDHParams := skx.key[:len(skx.key)-len(sig)] + skx.digest, ka.verifyError = ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverDHParams, sig) + if config.InsecureSkipVerify { + return nil + } + return ka.verifyError +} + +func (ka *dheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { + if ka.p == nil || ka.g == nil || ka.yTheirs == nil { + return nil, nil, errors.New("missing ServerKeyExchange message") + } + + xOurs, err := rand.Int(config.rand(), ka.p) + if err != nil { + return nil, nil, err + } + preMasterSecret := new(big.Int).Exp(ka.yTheirs, xOurs, ka.p).Bytes() + + yOurs := new(big.Int).Exp(ka.g, xOurs, ka.p) + ka.yOurs = yOurs + ka.xOurs = xOurs + ka.yClient = new(big.Int).Set(yOurs) + yBytes := yOurs.Bytes() + ckx := new(clientKeyExchangeMsg) + ckx.ciphertext = make([]byte, 2+len(yBytes)) + ckx.ciphertext[0] = byte(len(yBytes) >> 8) + ckx.ciphertext[1] = byte(len(yBytes)) + copy(ckx.ciphertext[2:], yBytes) + + return preMasterSecret, ckx, nil +} diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index c6973f96..82b098b8 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -5,14 +5,208 @@ package tls import ( + "bytes" "encoding/hex" "encoding/json" + "errors" "fmt" "strings" + + "github.com/zmap/zcrypto/ct" + jsonKeys "github.com/zmap/zcrypto/json" + "github.com/zmap/zcrypto/x509" ) +var ErrUnimplementedCipher error = errors.New("unimplemented cipher suite") +var ErrNoMutualCipher error = errors.New("no mutual cipher suite") + type TLSVersion uint16 +type ClientHello struct { + Version TLSVersion `json:"version"` + Random []byte `json:"random"` + SessionID []byte `json:"session_id,omitempty"` + CipherSuites []CipherSuiteID `json:"cipher_suites"` + CompressionMethods []CompressionMethod `json:"compression_methods"` + OcspStapling bool `json:"ocsp_stapling"` + TicketSupported bool `json:"ticket"` + SecureRenegotiation bool `json:"secure_renegotiation"` + HeartbeatSupported bool `json:"heartbeat"` + ExtendedRandom []byte `json:"extended_random,omitempty"` + ExtendedMasterSecret bool `json:"extended_master_secret"` + NextProtoNeg bool `json:"next_protocol_negotiation"` + ServerName string `json:"server_name,omitempty"` + Scts bool `json:"scts"` + SupportedCurves []CurveID `json:"supported_curves,omitempty"` + SupportedPoints []PointFormat `json:"supported_point_formats,omitempty"` + SessionTicket *SessionTicket `json:"session_ticket,omitempty"` + SignatureAndHashes []SignatureAndHash `json:"signature_and_hashes,omitempty"` + SctEnabled bool `json:"sct_enabled"` + AlpnProtocols []string `json:"alpn_protocols,omitempty"` + UnknownExtensions [][]byte `json:"unknown_extensions,omitempty"` +} + +type ParsedAndRawSCT struct { + Raw []byte `json:"raw,omitempty"` + Parsed *ct.SignedCertificateTimestamp `json:"parsed,omitempty"` +} + +type ServerHello struct { + Version TLSVersion `json:"version"` + Random []byte `json:"random"` + SessionID []byte `json:"session_id"` + CipherSuite CipherSuiteID `json:"cipher_suite"` + // TODO FIXME: Why is this a raw uint8, not a CompressionMethod? + CompressionMethod uint8 `json:"compression_method"` + OcspStapling bool `json:"ocsp_stapling"` + TicketSupported bool `json:"ticket"` + SecureRenegotiation bool `json:"secure_renegotiation"` + HeartbeatSupported bool `json:"heartbeat"` + ExtendedRandom []byte `json:"extended_random,omitempty"` + ExtendedMasterSecret bool `json:"extended_master_secret"` + SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` +} + +// SimpleCertificate holds a *x509.Certificate and a []byte for the certificate +type SimpleCertificate struct { + Raw []byte `json:"raw,omitempty"` + Parsed *x509.Certificate `json:"parsed,omitempty"` +} + +// Certificates represents a TLS certificates message in a format friendly to the golang JSON library. +// ValidationError should be non-nil whenever Valid is false. +type Certificates struct { + Certificate SimpleCertificate `json:"certificate,omitempty"` + Chain []SimpleCertificate `json:"chain,omitempty"` + Validation *x509.Validation `json:"validation,omitempty"` +} + +// ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message +type ServerKeyExchange struct { + Raw []byte `json:"-"` + RSAParams *jsonKeys.RSAPublicKey `json:"rsa_params,omitempty"` + DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` + ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` + Digest []byte `json:"digest,omitempty"` + Signature *DigitalSignature `json:"signature,omitempty"` + SignatureError string `json:"signature_error,omitempty"` +} + +// ClientKeyExchange represents the raw key data sent by the client in TLS key exchange message +type ClientKeyExchange struct { + Raw []byte `json:"-"` + RSAParams *jsonKeys.RSAClientParams `json:"rsa_params,omitempty"` + DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` + ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` +} + +// Finished represents a TLS Finished message +type Finished struct { + VerifyData []byte `json:"verify_data"` +} + +// SessionTicket represents the new session ticket sent by the server to the +// client +type SessionTicket struct { + Value []uint8 `json:"value,omitempty"` + Length int `json:"length,omitempty"` + LifetimeHint uint32 `json:"lifetime_hint,omitempty"` +} + +type MasterSecret struct { + Value []byte `json:"value,omitempty"` + Length int `json:"length,omitempty"` +} + +type PreMasterSecret struct { + Value []byte `json:"value,omitempty"` + Length int `json:"length,omitempty"` +} + +// KeyMaterial explicitly represent the cryptographic values negotiated by +// the client and server +type KeyMaterial struct { + MasterSecret *MasterSecret `json:"master_secret,omitempty"` + PreMasterSecret *PreMasterSecret `json:"pre_master_secret,omitempty"` +} + +// ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. +// It implements zgrab.EventData interface +type ServerHandshake struct { + ClientHello *ClientHello `json:"client_hello,omitempty" zgrab:"debug"` + ServerHello *ServerHello `json:"server_hello,omitempty"` + ServerCertificates *Certificates `json:"server_certificates,omitempty"` + ServerKeyExchange *ServerKeyExchange `json:"server_key_exchange,omitempty"` + ClientKeyExchange *ClientKeyExchange `json:"client_key_exchange,omitempty"` + ClientFinished *Finished `json:"client_finished,omitempty"` + SessionTicket *SessionTicket `json:"session_ticket,omitempty"` + ServerFinished *Finished `json:"server_finished,omitempty"` + KeyMaterial *KeyMaterial `json:"key_material,omitempty"` +} + +// MarshalJSON implements the json.Marshler interface +func (v *TLSVersion) MarshalJSON() ([]byte, error) { + aux := struct { + Name string `json:"name"` + Value int `json:"value"` + }{ + Name: v.String(), + Value: int(*v), + } + return json.Marshal(&aux) +} + +// UnmarshalJSON implements the json.Unmarshaler interface +func (v *TLSVersion) UnmarshalJSON(b []byte) error { + aux := struct { + Name string `json:"name"` + Value int `json:"value"` + }{} + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + *v = TLSVersion(aux.Value) + if expectedName := v.String(); expectedName != aux.Name { + return fmt.Errorf("mismatched tls version and name: version: %d, name: %s, expected name: %s", aux.Value, aux.Name, expectedName) + } + return nil +} + +// MarshalJSON implements the json.Marshler interface +func (cs *CipherSuiteID) MarshalJSON() ([]byte, error) { + buf := make([]byte, 2) + buf[0] = byte(*cs >> 8) + buf[1] = byte(*cs) + enc := strings.ToUpper(hex.EncodeToString(buf)) + aux := struct { + Hex string `json:"hex"` + Name string `json:"name"` + Value int `json:"value"` + }{ + Hex: fmt.Sprintf("0x%s", enc), + Name: cs.String(), + Value: int(*cs), + } + return json.Marshal(&aux) +} + +// UnmarshalJSON implements the json.Unmarshaler interface +func (cs *CipherSuiteID) UnmarshalJSON(b []byte) error { + aux := struct { + Hex string `json:"hex"` + Name string `json:"name"` + Value uint16 `json:"value"` + }{} + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + if expectedName := nameForSuite(aux.Value); expectedName != aux.Name { + return fmt.Errorf("mismatched cipher suite and name, suite: %d, name: %s, expected name: %s", aux.Value, aux.Name, expectedName) + } + *cs = CipherSuiteID(aux.Value) + return nil +} + type CompressionMethod uint8 func (cm *CompressionMethod) MarshalJSON() ([]byte, error) { @@ -47,3 +241,277 @@ func (cm *CompressionMethod) UnmarshalJSON(b []byte) error { *cm = CompressionMethod(aux.Value) return nil } + +func (c *Conn) GetHandshakeLog() *ServerHandshake { + return c.handshakeLog +} + +func (c *Conn) InCipher() (cipher interface{}) { + return c.in.cipher +} + +func (c *Conn) InSeq() []byte { + return c.in.seq[:] +} + +func (c *Conn) OutCipher() (cipher interface{}) { + return c.out.cipher +} + +func (c *Conn) OutSeq() []byte { + return c.out.seq[:] +} + +func (m *clientHelloMsg) MakeLog() *ClientHello { + ch := new(ClientHello) + + ch.Version = TLSVersion(m.vers) + + ch.Random = make([]byte, len(m.random)) + copy(ch.Random, m.random) + + ch.SessionID = make([]byte, len(m.sessionId)) + copy(ch.SessionID, m.sessionId) + + ch.CipherSuites = make([]CipherSuiteID, len(m.cipherSuites)) + for i, aCipher := range m.cipherSuites { + ch.CipherSuites[i] = CipherSuiteID(aCipher) + } + + ch.CompressionMethods = make([]CompressionMethod, len(m.compressionMethods)) + for i, aCompressMethod := range m.compressionMethods { + ch.CompressionMethods[i] = CompressionMethod(aCompressMethod) + } + + ch.OcspStapling = m.ocspStapling + ch.TicketSupported = m.ticketSupported + ch.SecureRenegotiation = m.secureRenegotiationSupported && len(m.secureRenegotiation) > 0 + + ch.NextProtoNeg = m.nextProtoNeg + ch.ServerName = m.serverName + ch.Scts = m.scts + + ch.SupportedCurves = make([]CurveID, len(m.supportedCurves)) + copy(ch.SupportedCurves, m.supportedCurves) + + ch.SupportedPoints = make([]PointFormat, len(m.supportedPoints)) + for i, aFormat := range m.supportedPoints { + ch.SupportedPoints[i] = PointFormat(aFormat) + } + + if len(m.sessionTicket) > 0 { + ch.SessionTicket = new(SessionTicket) + copy(ch.SessionTicket.Value, m.sessionTicket) + ch.SessionTicket.Length = len(m.sessionTicket) + ch.SessionTicket.LifetimeHint = 0 // Clients don't send + } + + ch.SignatureAndHashes = []SignatureAndHash{} + for _, sigAndAlg := range m.supportedSignatureAlgorithms { + if sa, ok := signatureAlgorithms[SignatureScheme(sigAndAlg)]; ok { + ch.SignatureAndHashes = append(ch.SignatureAndHashes, SignatureAndHash(sa)) + } + } + + ch.AlpnProtocols = make([]string, len(m.alpnProtocols)) + copy(ch.AlpnProtocols, m.alpnProtocols) + + ch.UnknownExtensions = make([][]byte, len(m.unknownExtensions)) + for i, extBytes := range m.unknownExtensions { + tempBytes := make([]byte, len(extBytes)) + copy(tempBytes, extBytes) + ch.UnknownExtensions[i] = tempBytes + } + + return ch +} + +func (m *serverHelloMsg) MakeLog() *ServerHello { + sh := new(ServerHello) + sh.Version = TLSVersion(m.vers) + sh.Random = make([]byte, len(m.random)) + copy(sh.Random, m.random) + sh.SessionID = make([]byte, len(m.sessionId)) + copy(sh.SessionID, m.sessionId) + sh.CipherSuite = CipherSuiteID(m.cipherSuite) + sh.CompressionMethod = m.compressionMethod + sh.OcspStapling = m.ocspStapling + sh.TicketSupported = m.ticketSupported + sh.SecureRenegotiation = m.secureRenegotiationSupported && len(m.secureRenegotiation) > 0 + + if len(m.scts) > 0 { + for _, rawSCT := range m.scts { + var out ParsedAndRawSCT + out.Raw = make([]byte, len(rawSCT)) + copy(out.Raw, rawSCT) + sct, err := ct.DeserializeSCT(bytes.NewReader(rawSCT)) + if err == nil { + out.Parsed = sct + } + sh.SignedCertificateTimestamps = append(sh.SignedCertificateTimestamps, out) + } + } + return sh +} + +func (m *certificateMsg) MakeLog() *Certificates { + sc := new(Certificates) + if len(m.certificates) >= 1 { + cert := m.certificates[0] + sc.Certificate.Raw = make([]byte, len(cert)) + copy(sc.Certificate.Raw, cert) + } + if len(m.certificates) >= 2 { + chain := m.certificates[1:] + sc.Chain = make([]SimpleCertificate, len(chain)) + for idx, cert := range chain { + sc.Chain[idx].Raw = make([]byte, len(cert)) + copy(sc.Chain[idx].Raw, cert) + } + } + return sc +} + +func (m *certificateMsgTLS13) MakeLog() *Certificates { + sc := new(Certificates) + if len(m.certificate.Certificate) >= 1 { + cert := m.certificate.Certificate[0] + sc.Certificate.Raw = make([]byte, len(cert)) + copy(sc.Certificate.Raw, cert) + } + if len(m.certificate.Certificate) >= 2 { + chain := m.certificate.Certificate[1:] + sc.Chain = make([]SimpleCertificate, len(chain)) + for idx, cert := range chain { + sc.Chain[idx].Raw = make([]byte, len(cert)) + copy(sc.Chain[idx].Raw, cert) + } + } + return sc +} + +// addParsed sets the parsed certificates and the validation. It assumes the +// chain slice has already been allocated. +func (c *Certificates) addParsed(certs []*x509.Certificate, validation *x509.Validation) { + if len(certs) >= 1 { + c.Certificate.Parsed = certs[0] + } + if len(certs) >= 2 { + chain := certs[1:] + for idx, cert := range chain { + c.Chain[idx].Parsed = cert + } + } + c.Validation = validation +} + +// TODO: ZGrab2 +func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange { + skx := new(ServerKeyExchange) + skx.Raw = make([]byte, len(m.key)) + //var auth keyAgreementAuthentication + var errAuth error + copy(skx.Raw, m.key) + skx.Digest = append(make([]byte, 0), m.digest...) + + // Write out parameters + switch ka := ka.(type) { + case *rsaKeyAgreement: + skx.RSAParams = ka.RSAParams() + //auth = ka.auth + errAuth = ka.verifyError + + case *dheKeyAgreement: + skx.DHParams = ka.DHParams() + //auth = ka.auth + errAuth = ka.verifyError + + case *ecdheKeyAgreement: + skx.ECDHParams = ka.ECDHParams() + //auth = ka.auth + errAuth = ka.verifyError + default: + break + } + + /* + // Write out signature + switch auth := auth.(type) { + case *signedKeyAgreement: + skx.Signature = auth.Signature() + default: + break + } + */ + + // Write the signature validation error + if errAuth != nil { + skx.SignatureError = errAuth.Error() + } + + return skx +} + +func (m *finishedMsg) MakeLog() *Finished { + sf := new(Finished) + sf.VerifyData = make([]byte, len(m.verifyData)) + copy(sf.VerifyData, m.verifyData) + return sf +} + +func (m *ClientSessionState) MakeLog() *SessionTicket { + st := new(SessionTicket) + st.Length = len(m.sessionTicket) + st.Value = make([]uint8, st.Length) + copy(st.Value, m.sessionTicket) + // st.LifetimeHint = m.lifetimeHint + return st +} + +func (m *clientHandshakeState) MakeLog() *KeyMaterial { + keymat := new(KeyMaterial) + + keymat.MasterSecret = new(MasterSecret) + keymat.MasterSecret.Length = len(m.masterSecret) + keymat.MasterSecret.Value = make([]byte, len(m.masterSecret)) + copy(keymat.MasterSecret.Value, m.masterSecret) + + keymat.PreMasterSecret = new(PreMasterSecret) + return keymat +} + +func (m *serverHandshakeState) MakeLog() *KeyMaterial { + keymat := new(KeyMaterial) + + keymat.MasterSecret = new(MasterSecret) + keymat.MasterSecret.Length = len(m.masterSecret) + keymat.MasterSecret.Value = make([]byte, len(m.masterSecret)) + copy(keymat.MasterSecret.Value, m.masterSecret) + + keymat.PreMasterSecret = new(PreMasterSecret) + return keymat +} + +func (m *clientKeyExchangeMsg) MakeLog(ka keyAgreement) *ClientKeyExchange { + ckx := new(ClientKeyExchange) + ckx.Raw = make([]byte, len(m.raw)) + copy(ckx.Raw, m.raw) + + switch ka := ka.(type) { + case *rsaKeyAgreement: + ckx.RSAParams = new(jsonKeys.RSAClientParams) + ckx.RSAParams.Length = uint16(len(m.ciphertext) - 2) // First 2 bytes are length + ckx.RSAParams.EncryptedPMS = make([]byte, len(m.ciphertext)-2) + copy(ckx.RSAParams.EncryptedPMS, m.ciphertext[2:]) + // Premaster-Secret is available in KeyMaterial record + // TODO: ZGrab2 + //case *dheKeyAgreement: + // ckx.DHParams = ka.ClientDHParams() + case *ecdheKeyAgreement: + ckx.ECDHParams = ka.ClientECDHParams() + default: + break + } + + return ckx +} diff --git a/tls/tls_ka.go b/tls/tls_ka.go new file mode 100644 index 00000000..0ed7ff2b --- /dev/null +++ b/tls/tls_ka.go @@ -0,0 +1,145 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "encoding/json" + "math/big" + "regexp" + "strconv" + + jsonKeys "github.com/zmap/zcrypto/json" +) + +// SignatureAndHash is a SigAndHash that implements json.Marshaler and +// json.Unmarshaler +type SignatureAndHash SigAndHash + +type auxSignatureAndHash struct { + SignatureAlgorithm string `json:"signature_algorithm"` + HashAlgorithm string `json:"hash_algorithm"` +} + +// MarshalJSON implements the json.Marshaler interface +func (sh *SignatureAndHash) MarshalJSON() ([]byte, error) { + aux := auxSignatureAndHash{ + SignatureAlgorithm: nameForSignature(sh.Signature), + HashAlgorithm: nameForHash(sh.Hash), + } + return json.Marshal(&aux) +} + +var unknownAlgorithmRegex = regexp.MustCompile(`unknown\.(\d+)`) + +// UnmarshalJSON implements the json.Unmarshaler interface +func (sh *SignatureAndHash) UnmarshalJSON(b []byte) error { + aux := new(auxSignatureAndHash) + if err := json.Unmarshal(b, aux); err != nil { + return err + } + sh.Signature = signatureToName(aux.SignatureAlgorithm) + sh.Hash = hashToName(aux.HashAlgorithm) + return nil +} + +// DigitalSignature represents a signature for a digitally-signed-struct in the +// TLS record protocol. It is dependent on the version of TLS in use. In TLS +// 1.2, the first two bytes of the signature specify the signature and hash +// algorithms. These are contained the TLSSignature.Raw field, but also parsed +// out into TLSSignature.SigHashExtension. In older versions of TLS, the +// signature and hash extension is not used, and so +// TLSSignature.SigHashExtension will be empty. The version string is stored in +// TLSSignature.TLSVersion. +type DigitalSignature struct { + Raw []byte `json:"raw"` + Type string `json:"type,omitempty"` + Valid bool `json:"valid"` + SigHashExtension *SignatureAndHash `json:"signature_and_hash_type,omitempty"` + Version TLSVersion `json:"tls_version"` +} + +func signatureTypeToName(sigType uint8) string { + switch sigType { + case signatureRSA: + return "rsa" + case signatureDSA: + return "dsa" + case signatureECDSA: + return "ecdsa" + default: + break + } + return "unknown." + strconv.Itoa(int(sigType)) +} + +func (ka *rsaKeyAgreement) RSAParams() *jsonKeys.RSAPublicKey { + out := new(jsonKeys.RSAPublicKey) + //out.PublicKey = ka.publicKey + return out +} + +func (ka *ecdheKeyAgreement) ECDHParams() *jsonKeys.ECDHParams { + out := new(jsonKeys.ECDHParams) + out.TLSCurveID = jsonKeys.TLSCurveID(ka.params.CurveID()) + out.ServerPublic = &jsonKeys.ECPoint{} + /* + if ka.x != nil { + out.ServerPublic.X = new(big.Int) + out.ServerPublic.X.Set(ka.x) + } + if ka.y != nil { + out.ServerPublic.Y = new(big.Int) + out.ServerPublic.Y.Set(ka.y) + } + if len(ka.serverPrivKey) > 0 { + out.ServerPrivate = new(jsonKeys.ECDHPrivateParams) + out.ServerPrivate.Length = len(ka.serverPrivKey) + out.ServerPrivate.Value = make([]byte, len(ka.serverPrivKey)) + copy(out.ServerPrivate.Value, ka.serverPrivKey) + } + */ + return out +} + +func (ka *ecdheKeyAgreement) ClientECDHParams() *jsonKeys.ECDHParams { + out := new(jsonKeys.ECDHParams) + out.TLSCurveID = jsonKeys.TLSCurveID(ka.params.CurveID()) + out.ClientPublic = &jsonKeys.ECPoint{} + /* + if ka.clientX != nil { + out.ClientPublic.X = new(big.Int) + out.ClientPublic.X.Set(ka.clientX) + } + if ka.clientY != nil { + out.ClientPublic.Y = new(big.Int) + out.ClientPublic.Y.Set(ka.clientY) + } + + if len(ka.clientPrivKey) > 0 { + out.ClientPrivate = new(jsonKeys.ECDHPrivateParams) + out.ClientPrivate.Length = len(ka.clientPrivKey) + out.ClientPrivate.Value = make([]byte, len(ka.clientPrivKey)) + copy(out.ClientPrivate.Value, ka.clientPrivKey) + } + */ + return out +} + +func (ka *dheKeyAgreement) DHParams() *jsonKeys.DHParams { + out := new(jsonKeys.DHParams) + if ka.p != nil { + out.Prime = new(big.Int).Set(ka.p) + } + if ka.g != nil { + out.Generator = new(big.Int).Set(ka.g) + } + if ka.yServer != nil { + out.ServerPublic = new(big.Int).Set(ka.yServer) + if ka.yOurs != nil && ka.xOurs != nil && ka.yServer.Cmp(ka.yOurs) == 0 { + out.ServerPrivate = new(big.Int).Set(ka.xOurs) + } + } + return out +} diff --git a/tls/tls_names.go b/tls/tls_names.go index a97fdff4..f5cb58bb 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -199,6 +199,11 @@ func init() { cipherSuiteNames[0x00C4] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" cipherSuiteNames[0x00C5] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256" cipherSuiteNames[0x00FF] = "TLS_RENEGO_PROTECTION_REQUEST" + + cipherSuiteNames[0x1301] = "TLS_AES_128_GCM_SHA256" + cipherSuiteNames[0x1302] = "TLS_AES_256_GCM_SHA384" + cipherSuiteNames[0x1303] = "TLS_CHACHA20_POLY1305_SHA256" + cipherSuiteNames[0x5600] = "TLS_FALLBACK_SCSV" cipherSuiteNames[0xC001] = "TLS_ECDH_ECDSA_WITH_NULL_SHA" cipherSuiteNames[0xC002] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" @@ -596,3 +601,10 @@ func (sigScheme *SignatureScheme) String() string { func (sigScheme *SignatureScheme) Bytes() []byte { return []byte{byte(*sigScheme >> 8), byte(*sigScheme)} } + +func (curveID CurveID) String() string { + if name, ok := curveNames[uint16(curveID)]; ok { + return name + } + return "unknown" +} diff --git a/tls/tls_test.go b/tls/tls_test.go index cf6a1272..06341e1d 100644 --- a/tls/tls_test.go +++ b/tls/tls_test.go @@ -492,7 +492,7 @@ func TestVerifyHostname(t *testing.T) { t.Fatal(err) } if err := c.VerifyHostname("www.google.com"); err == nil { - t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") + //t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") } } From 61204b50226ba5281c75e6c8ceb63b9c56a2dbec Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Thu, 19 Aug 2021 09:09:22 -0700 Subject: [PATCH 05/40] Merge from master (#312) --- go.mod | 2 +- go.sum | 4 ++-- tls/tls_handshake.go | 3 +++ verifier/revocation.go | 31 +++++++++++++++---------------- verifier/verifier.go | 2 +- 5 files changed, 22 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index c3e51110..5074974e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 github.com/sirupsen/logrus v1.3.0 github.com/stretchr/testify v1.4.0 - github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb + github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59 github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 diff --git a/go.sum b/go.sum index fd5d322b..01b70d5b 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb h1:oPaLW393z/0fKmyrC1rTmXbyst2hTF3uXFXgnT8CcdE= -github.com/weppos/publicsuffix-go v0.15.1-0.20210627075608-6c05b413dffb/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= +github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59 h1:AVtJaLXRE+TF52GI9c+vTzW677NEIwfHidI6hs61D/I= +github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 h1:17HHAgFKlLcZsDOjBOUrd5hDihb1ggf+1a5dTbkgkIY= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index 82b098b8..683d3976 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -65,6 +65,7 @@ type ServerHello struct { ExtendedRandom []byte `json:"extended_random,omitempty"` ExtendedMasterSecret bool `json:"extended_master_secret"` SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` + AlpnProtocol string `json:"alpn_protocol,omitempty"` } // SimpleCertificate holds a *x509.Certificate and a []byte for the certificate @@ -351,6 +352,8 @@ func (m *serverHelloMsg) MakeLog() *ServerHello { sh.SignedCertificateTimestamps = append(sh.SignedCertificateTimestamps, out) } } + //sh.ExtendedMasterSecret = m.extendedMasterSecret + sh.AlpnProtocol = m.alpnProtocol return sh } diff --git a/verifier/revocation.go b/verifier/revocation.go index 0f589e62..b3906370 100644 --- a/verifier/revocation.go +++ b/verifier/revocation.go @@ -59,13 +59,13 @@ func CheckOCSP(ctx context.Context, c *x509.Certificate, issuer *x509.Certificat return false, nil, errors.New("Failed to parse OCSP Response: " + err.Error()) } - if ocspResp.IsRevoked { - isRevoked = true - info = &RevocationInfo{ - RevocationTime: ocspResp.RevokedAt, - NextUpdate: ocspResp.NextUpdate, - Reason: ocspResp.RevocationReason, - } + isRevoked = ocspResp.IsRevoked + info = &RevocationInfo{ + NextUpdate: ocspResp.NextUpdate, + } + if isRevoked { + info.RevocationTime = &ocspResp.RevokedAt + info.Reason = ocspResp.RevocationReason } return @@ -89,16 +89,15 @@ func CheckCRL(ctx context.Context, c *x509.Certificate, certList *pkix.Certifica return false, nil, err } - if crlData.IsRevoked { - isRevoked = true - info = &RevocationInfo{ - RevocationTime: crlData.RevocationTime, - NextUpdate: crlData.NextUpdate, - } + isRevoked = crlData.IsRevoked - if crlData.CertificateEntryExtensions.Reason != nil { - info.Reason = *crlData.CertificateEntryExtensions.Reason - } + info = &RevocationInfo{ + NextUpdate: crlData.NextUpdate, + } + + if isRevoked && crlData.CertificateEntryExtensions.Reason != nil { + info.Reason = *crlData.CertificateEntryExtensions.Reason + info.RevocationTime = &crlData.RevocationTime } return diff --git a/verifier/verifier.go b/verifier/verifier.go index 33bfcfb8..e88eda77 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -145,8 +145,8 @@ type VerifyProcedure interface { // RevocationInfo provides basic revocation information type RevocationInfo struct { - RevocationTime time.Time NextUpdate time.Time + RevocationTime *time.Time Reason crl.RevocationReasonCode } From 82767f2c35d3d8de88c9eb1f34fd2ba8d8d79413 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Mon, 6 Sep 2021 14:49:57 -0700 Subject: [PATCH 06/40] TLS 1.3: Add handshake tests (#315) --- tls/zcrypto_handshake_test.go | 119 ++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 tls/zcrypto_handshake_test.go diff --git a/tls/zcrypto_handshake_test.go b/tls/zcrypto_handshake_test.go new file mode 100644 index 00000000..ba8b6f23 --- /dev/null +++ b/tls/zcrypto_handshake_test.go @@ -0,0 +1,119 @@ +package tls + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestTLSVersions(t *testing.T) { + tests := []struct { + version uint16 + addr string + }{ + // TODO SSL 3 + //{VersionSSL30, "172.17.0.2:443"}, + {VersionTLS10, "tls-v1-0.badssl.com:1010"}, + {VersionTLS11, "tls-v1-1.badssl.com:1011"}, + {VersionTLS12, "tls-v1-2.badssl.com:1012"}, + //{VersionTLS13, "tls-v1-3.badssl.com:1013"}, + } + + for _, test := range tests { + t.Run(TLSVersion(test.version).String(), func(t *testing.T) { + + config := Config{ + InsecureSkipVerify: true, + MaxVersion: test.version, + } + conn, err := Dial("tcp", test.addr, &config) + + require.NoError(t, err) + defer conn.Close() + + if log := conn.handshakeLog; assert.NotNil(t, log) { + assert.EqualValues(t, test.version, conn.handshakeLog.ServerHello.Version) + } + }) + } +} + +func TestCipherSuitesBadSSL(t *testing.T) { + tests := []struct { + cipherSuite uint16 + addr string + }{ + //{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, ""}, + //{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ""}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, ""}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, "rc4.badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "badssl.com:443"}, + //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, ""}, + //{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "ecc384.badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, ""}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "badssl.com:443"}, + //{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ""}, + //{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "badssl.com:443"}, + //{TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "badssl.com:443"}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, "badssl.com:443"}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, "badssl.com:443"}, + {TLS_RSA_WITH_RC4_128_SHA, "rc4.badssl.com:443"}, + //{TLS_RSA_WITH_RC4_128_MD5, "rc4-md5.badssl.com:443"}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, "badssl.com:443"}, + //{TLS_RSA_WITH_AES_256_CBC_SHA256, "badssl.com:443"}, + {TLS_RSA_WITH_AES_128_CBC_SHA, "badssl.com:443"}, + {TLS_RSA_WITH_AES_256_CBC_SHA, "badssl.com:443"}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "3des.badssl.com:443"}, + //{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "3des.badssl.com:443"}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, "3des.badssl.com:443"}, + //{TLS_RSA_EXPORT_WITH_RC4_40_MD5, ""}, + //{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, ""}, + //{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, ""}, + //{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, ""}, + //{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, ""}, + //{TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, ""}, + //{TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, ""}, + //{TLS_DHE_DSS_WITH_AES_128_CBC_SHA, ""}, + //{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, ""}, + //{TLS_DHE_DSS_WITH_DES_CBC_SHA, ""}, + //{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, ""}, + //{TLS_DHE_RSA_WITH_DES_CBC_SHA, ""}, + //{TLS_DHE_DSS_WITH_AES_256_CBC_SHA, ""}, + //{TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, ""}, + //{TLS_DHE_DSS_WITH_RC4_128_SHA, ""}, + //{TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, ""}, + //{TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, ""}, + //{TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, ""}, + } // + + for _, test := range tests { + cs := CipherSuiteID(test.cipherSuite) + t.Run(cs.String(), func(t *testing.T) { + + config := Config{ + InsecureSkipVerify: true, + CipherSuites: []uint16{test.cipherSuite}, + } + conn, err := Dial("tcp", test.addr, &config) + + require.NoError(t, err) + defer conn.Close() + + if log := conn.handshakeLog; assert.NotNil(t, log) { + assert.EqualValues(t, cs, conn.handshakeLog.ServerHello.CipherSuite) + } + }) + } +} From e5a0c22da659445444dd3e03176f2817912848f2 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Wed, 8 Sep 2021 08:18:17 -0700 Subject: [PATCH 07/40] TLS 1.3: fix exception in processServerKeyExchange (#316) --- tls/key_agreement.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tls/key_agreement.go b/tls/key_agreement.go index 5ab6e19a..27c1a9e8 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -564,7 +564,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams) if ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); ka.verifyError != nil { - return errors.New("tls: invalid signature by the server certificate: " + err.Error()) + return errors.New("tls: invalid signature by the server certificate: " + ka.verifyError.Error()) } return nil } From 11cb43ac62ddb6391b2231bab24abc66a74a3c15 Mon Sep 17 00:00:00 2001 From: Denis Issoupov Date: Mon, 20 Sep 2021 14:19:30 +0100 Subject: [PATCH 08/40] TLS1.3: added test for negociated Cipher Suite (#318) Co-authored-by: Denis Issoupov --- tls/zcrypto_handshake_test.go | 105 ++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/tls/zcrypto_handshake_test.go b/tls/zcrypto_handshake_test.go index ba8b6f23..9c389fbf 100644 --- a/tls/zcrypto_handshake_test.go +++ b/tls/zcrypto_handshake_test.go @@ -1,6 +1,8 @@ package tls import ( + "net/http" + "net/http/httptest" "testing" "github.com/stretchr/testify/assert" @@ -117,3 +119,106 @@ func TestCipherSuitesBadSSL(t *testing.T) { }) } } + +func TestCipherSuitesLocalTLS13(t *testing.T) { + server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte(`OK`)) + })) + defer server.Close() + + tests := []struct { + cipherSuite uint16 + expectedSuites []uint16 + err string + }{ + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, []uint16{TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, ""}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, ""}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, []uint16{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, ""}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}, ""}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, []uint16{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, ""}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, ""}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, ""}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, ""}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, ""}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, []uint16{TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, ""}, + {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, ""}, + {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, []uint16{TLS_DHE_RSA_WITH_AES_256_GCM_SHA384}, ""}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, []uint16{TLS_DHE_RSA_WITH_AES_128_CBC_SHA256}, ""}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, []uint16{TLS_DHE_RSA_WITH_AES_256_CBC_SHA256}, ""}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, []uint16{TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, ""}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, []uint16{TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, ""}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, ""}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, []uint16{TLS_RSA_WITH_AES_256_GCM_SHA384}, ""}, + {TLS_RSA_WITH_RC4_128_SHA, []uint16{TLS_RSA_WITH_RC4_128_SHA}, ""}, + {TLS_RSA_WITH_RC4_128_MD5, []uint16{TLS_RSA_WITH_RC4_128_MD5}, ""}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, []uint16{TLS_RSA_WITH_AES_128_CBC_SHA256}, ""}, + {TLS_RSA_WITH_AES_256_CBC_SHA256, []uint16{TLS_RSA_WITH_AES_256_CBC_SHA256}, ""}, + {TLS_RSA_WITH_AES_128_CBC_SHA, []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, ""}, + {TLS_RSA_WITH_AES_256_CBC_SHA, []uint16{TLS_RSA_WITH_AES_256_CBC_SHA}, ""}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, []uint16{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}, ""}, + {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, []uint16{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, ""}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA}, ""}, + {TLS_RSA_EXPORT_WITH_RC4_40_MD5, []uint16{TLS_RSA_EXPORT_WITH_RC4_40_MD5}, ""}, + {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, []uint16{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA}, ""}, + {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, []uint16{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, ""}, + {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, []uint16{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA}, ""}, + {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, []uint16{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA}, ""}, + {TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, []uint16{TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA}, ""}, + {TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, []uint16{TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5}, ""}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, []uint16{TLS_DHE_DSS_WITH_AES_128_CBC_SHA}, ""}, + {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, []uint16{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}, ""}, + {TLS_DHE_DSS_WITH_DES_CBC_SHA, []uint16{TLS_DHE_DSS_WITH_DES_CBC_SHA}, ""}, + {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, []uint16{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA}, ""}, + {TLS_DHE_RSA_WITH_DES_CBC_SHA, []uint16{TLS_DHE_RSA_WITH_DES_CBC_SHA}, ""}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, []uint16{TLS_DHE_DSS_WITH_AES_256_CBC_SHA}, ""}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, []uint16{TLS_DHE_DSS_WITH_AES_128_CBC_SHA256}, ""}, + {TLS_DHE_DSS_WITH_RC4_128_SHA, []uint16{TLS_DHE_DSS_WITH_RC4_128_SHA}, ""}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, []uint16{TLS_DHE_DSS_WITH_AES_256_CBC_SHA256}, ""}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, []uint16{TLS_DHE_DSS_WITH_AES_128_GCM_SHA256}, ""}, + {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, []uint16{TLS_DHE_DSS_WITH_AES_256_GCM_SHA384}, ""}, + } + + for _, test := range tests { + cs := CipherSuiteID(test.cipherSuite) + t.Run(cs.String(), func(t *testing.T) { + + config := Config{ + InsecureSkipVerify: true, + CipherSuites: []uint16{test.cipherSuite}, + } + conn, err := Dial("tcp", server.Listener.Addr().String(), &config) + + if test.err != "" { + if assert.Error(t, err) { + assert.Equal(t, test.err, err.Error()) + } + return + } + + require.NoError(t, err) + defer conn.Close() + + if log := conn.handshakeLog; assert.NotNil(t, log) { + assert.True(t, + hasCipher(test.expectedSuites, test.cipherSuite), + "unexpected: "+cipherSuiteNames[int(cs)]) + } + }) + } +} + +func hasCipher(list []uint16, c uint16) bool { + for _, l := range list { + if l == c { + return true + } + } + return false +} From 794a43ce1b16497990991e11b8a918ecbe299e43 Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Tue, 14 Dec 2021 19:26:36 -0500 Subject: [PATCH 09/40] TLS1.3 Feature Branch: Add back in SessionTicket support (#323) * Extract and output session ticket lifetime hint This restores the functionality from commit db98bd3, on the TLSv13 branch * tls: support ForceSessionTicketExt for ticketSupported --- tls/common.go | 1 + tls/handshake_client.go | 5 +++++ tls/handshake_messages.go | 7 +++++-- tls/tls_handshake.go | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/tls/common.go b/tls/common.go index 4cca15a6..b53f7004 100644 --- a/tls/common.go +++ b/tls/common.go @@ -512,6 +512,7 @@ func requiresClientCert(c ClientAuthType) bool { // sessions. type ClientSessionState struct { sessionTicket []uint8 // Encrypted ticket used for session resumption with server + lifetimeHint uint32 // Hint from server about how long the session ticket should be stored vers uint16 // TLS version negotiated for the session cipherSuite uint16 // Ciphersuite negotiated for the session masterSecret []byte // Full handshake MasterSecret, or TLS 1.3 resumption_master_secret diff --git a/tls/handshake_client.go b/tls/handshake_client.go index 47c53637..54a3769e 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -167,6 +167,10 @@ func (c *Conn) clientHandshake() (err error) { c.handshakeLog = new(ServerHandshake) + if c.config.ForceSessionTicketExt { + hello.ticketSupported = true + } + if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil { return err } @@ -817,6 +821,7 @@ func (hs *clientHandshakeState) readSessionTicket() error { cipherSuite: hs.suite.id, masterSecret: hs.masterSecret, serverCertificates: c.peerCertificates, + lifetimeHint: sessionTicketMsg.lifetimeHint, verifiedChains: c.verifiedChains, receivedAt: c.config.time(), ocspResponse: c.ocspResponse, diff --git a/tls/handshake_messages.go b/tls/handshake_messages.go index 699b77d3..67904ccd 100644 --- a/tls/handshake_messages.go +++ b/tls/handshake_messages.go @@ -1753,8 +1753,9 @@ func (m *certificateVerifyMsg) unmarshal(data []byte) bool { } type newSessionTicketMsg struct { - raw []byte - ticket []byte + raw []byte + ticket []byte + lifetimeHint uint32 } func (m *newSessionTicketMsg) marshal() (x []byte) { @@ -1791,6 +1792,8 @@ func (m *newSessionTicketMsg) unmarshal(data []byte) bool { return false } + m.lifetimeHint = uint32(data[4])<<24 | uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7]) + ticketLen := int(data[8])<<8 + int(data[9]) if len(data)-10 != ticketLen { return false diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index 683d3976..4cc860c2 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -467,7 +467,7 @@ func (m *ClientSessionState) MakeLog() *SessionTicket { st.Length = len(m.sessionTicket) st.Value = make([]uint8, st.Length) copy(st.Value, m.sessionTicket) - // st.LifetimeHint = m.lifetimeHint + st.LifetimeHint = m.lifetimeHint return st } From d2652309b7af120490f71b16225a3bcdd2979ab8 Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Thu, 16 Dec 2021 12:59:09 -0500 Subject: [PATCH 10/40] TLS 1.3: don't create skx log if processing server key exchange failed (#326) --- tls/handshake_client.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tls/handshake_client.go b/tls/handshake_client.go index 54a3769e..559f3726 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -541,12 +541,11 @@ func (hs *clientHandshakeState) doFullHandshake() error { if ok { hs.finishedHash.Write(skx.marshal()) err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx) - - c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) if err != nil { c.sendAlert(alertUnexpectedMessage) return err } + c.handshakeLog.ServerKeyExchange = skx.MakeLog(keyAgreement) msg, err = c.readHandshake() if err != nil { From d08a277a83a73c294fe5210117e328c67d6e55ba Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Fri, 17 Dec 2021 16:32:10 -0500 Subject: [PATCH 11/40] tls 1.3: Add support for SupportedVersions Extension in log (#327) For TLS 1.3 connections, SupportedVersions.SelectedVersions will be present, and be 0x0304. Add this to the HandshakeLog, if present. --- tls/tls_handshake.go | 30 +++++++++++++++++++++--------- tls/tls_names.go | 2 ++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index 4cc860c2..b705448b 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -57,15 +57,20 @@ type ServerHello struct { SessionID []byte `json:"session_id"` CipherSuite CipherSuiteID `json:"cipher_suite"` // TODO FIXME: Why is this a raw uint8, not a CompressionMethod? - CompressionMethod uint8 `json:"compression_method"` - OcspStapling bool `json:"ocsp_stapling"` - TicketSupported bool `json:"ticket"` - SecureRenegotiation bool `json:"secure_renegotiation"` - HeartbeatSupported bool `json:"heartbeat"` - ExtendedRandom []byte `json:"extended_random,omitempty"` - ExtendedMasterSecret bool `json:"extended_master_secret"` - SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` - AlpnProtocol string `json:"alpn_protocol,omitempty"` + CompressionMethod uint8 `json:"compression_method"` + OcspStapling bool `json:"ocsp_stapling"` + TicketSupported bool `json:"ticket"` + SecureRenegotiation bool `json:"secure_renegotiation"` + HeartbeatSupported bool `json:"heartbeat"` + ExtendedRandom []byte `json:"extended_random,omitempty"` + ExtendedMasterSecret bool `json:"extended_master_secret"` + SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` + AlpnProtocol string `json:"alpn_protocol,omitempty"` + SupportedVersions *SupportedVersionsExt `json:"supported_versions,omitempty"` +} + +type SupportedVersionsExt struct { + SelectedVersion TLSVersion `json:"selected_version"` } // SimpleCertificate holds a *x509.Certificate and a []byte for the certificate @@ -354,6 +359,13 @@ func (m *serverHelloMsg) MakeLog() *ServerHello { } //sh.ExtendedMasterSecret = m.extendedMasterSecret sh.AlpnProtocol = m.alpnProtocol + + // TLS 1.3 SupportedVersions + if m.supportedVersion != 0 { + sh.SupportedVersions = &SupportedVersionsExt{ + SelectedVersion: TLSVersion(m.supportedVersion), + } + } return sh } diff --git a/tls/tls_names.go b/tls/tls_names.go index f5cb58bb..d50e89c3 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -579,6 +579,8 @@ func (v TLSVersion) String() string { return "TLSv1.1" case 0x0303: return "TLSv1.2" + case 0x0304: + return "TLSv1.3" default: return "unknown" } From 52b63a627612e0ca5a7b062d7d3173cb5455a7fc Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Mon, 21 Feb 2022 15:16:48 -0500 Subject: [PATCH 12/40] TLS 1.3, X509: stub out darwin root stores (#328) --- x509/root_darwin.go | 227 +------------------------------------------- 1 file changed, 2 insertions(+), 225 deletions(-) diff --git a/x509/root_darwin.go b/x509/root_darwin.go index c9ea7e80..2c114b6f 100644 --- a/x509/root_darwin.go +++ b/x509/root_darwin.go @@ -2,238 +2,15 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !ios // +build !ios package x509 -import ( - "bytes" - macOS "crypto/x509/internal/macos" - "fmt" - "os" - "strings" -) - -var debugDarwinRoots = strings.Contains(os.Getenv("GODEBUG"), "x509roots=1") - func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { return nil, nil } func loadSystemRoots() (*CertPool, error) { - var trustedRoots []*Certificate - untrustedRoots := make(map[string]bool) - - // macOS has three trust domains: one for CAs added by users to their - // "login" keychain, one for CAs added by Admins to the "System" keychain, - // and one for the CAs that ship with the OS. - for _, domain := range []macOS.SecTrustSettingsDomain{ - macOS.SecTrustSettingsDomainUser, - macOS.SecTrustSettingsDomainAdmin, - macOS.SecTrustSettingsDomainSystem, - } { - certs, err := macOS.SecTrustSettingsCopyCertificates(domain) - if err == macOS.ErrNoTrustSettings { - continue - } else if err != nil { - return nil, err - } - defer macOS.CFRelease(certs) - - for i := 0; i < macOS.CFArrayGetCount(certs); i++ { - c := macOS.CFArrayGetValueAtIndex(certs, i) - cert, err := exportCertificate(c) - if err != nil { - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: domain %d, certificate #%d: %v\n", domain, i, err) - } - continue - } - - var result macOS.SecTrustSettingsResult - if domain == macOS.SecTrustSettingsDomainSystem { - // Certs found in the system domain are always trusted. If the user - // configures "Never Trust" on such a cert, it will also be found in the - // admin or user domain, causing it to be added to untrustedRoots. - result = macOS.SecTrustSettingsResultTrustRoot - } else { - result, err = sslTrustSettingsResult(c) - if err != nil { - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: trust settings for %v: %v\n", cert.Subject, err) - } - continue - } - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: trust settings for %v: %d\n", cert.Subject, result) - } - } - - switch result { - // "Note the distinction between the results kSecTrustSettingsResultTrustRoot - // and kSecTrustSettingsResultTrustAsRoot: The former can only be applied to - // root (self-signed) certificates; the latter can only be applied to - // non-root certificates." - case macOS.SecTrustSettingsResultTrustRoot: - if isRootCertificate(cert) { - trustedRoots = append(trustedRoots, cert) - } - case macOS.SecTrustSettingsResultTrustAsRoot: - if !isRootCertificate(cert) { - trustedRoots = append(trustedRoots, cert) - } - - case macOS.SecTrustSettingsResultDeny: - // Add this certificate to untrustedRoots, which are subtracted - // from trustedRoots, so that we don't have to evaluate policies - // for every root in the system domain, but still apply user and - // admin policies that override system roots. - untrustedRoots[string(cert.Raw)] = true - - case macOS.SecTrustSettingsResultUnspecified: - // Certificates with unspecified trust should be added to a pool - // of intermediates for chain building, but we don't support it - // at the moment. This is Issue 35631. - - default: - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: unknown trust setting for %v: %d\n", cert.Subject, result) - } - } - } - } - - pool := NewCertPool() - for _, cert := range trustedRoots { - if !untrustedRoots[string(cert.Raw)] { - pool.AddCert(cert) - } - } - return pool, nil -} - -// exportCertificate returns a *Certificate for a SecCertificateRef. -func exportCertificate(cert macOS.CFRef) (*Certificate, error) { - data, err := macOS.SecItemExport(cert) - if err != nil { - return nil, err - } - defer macOS.CFRelease(data) - der := macOS.CFDataToSlice(data) - - return ParseCertificate(der) -} - -// isRootCertificate reports whether Subject and Issuer match. -func isRootCertificate(cert *Certificate) bool { - return bytes.Equal(cert.RawSubject, cert.RawIssuer) -} - -// sslTrustSettingsResult obtains the final kSecTrustSettingsResult value for a -// certificate in the user or admin domain, combining usage constraints for the -// SSL SecTrustSettingsPolicy, -// -// It ignores SecTrustSettingsKeyUsage and kSecTrustSettingsAllowedError, and -// doesn't support kSecTrustSettingsDefaultRootCertSetting. -// -// https://developer.apple.com/documentation/security/1400261-sectrustsettingscopytrustsetting -func sslTrustSettingsResult(cert macOS.CFRef) (macOS.SecTrustSettingsResult, error) { - // In Apple's implementation user trust settings override admin trust settings - // (which themselves override system trust settings). If SecTrustSettingsCopyTrustSettings - // fails, or returns a NULL trust settings, when looking for the user trust - // settings then fallback to checking the admin trust settings. - // - // See Security-59306.41.2/trust/headers/SecTrustSettings.h for a description of - // the trust settings overrides, and SecLegacyAnchorSourceCopyUsageConstraints in - // Security-59306.41.2/trust/trustd/SecCertificateSource.c for a concrete example - // of how Apple applies the override in the case of NULL trust settings, or non - // success errors. - trustSettings, err := macOS.SecTrustSettingsCopyTrustSettings(cert, macOS.SecTrustSettingsDomainUser) - if err != nil || trustSettings == 0 { - if debugDarwinRoots && err != macOS.ErrNoTrustSettings { - fmt.Fprintf(os.Stderr, "crypto/x509: SecTrustSettingsCopyTrustSettings for SecTrustSettingsDomainUser failed: %s\n", err) - } - trustSettings, err = macOS.SecTrustSettingsCopyTrustSettings(cert, macOS.SecTrustSettingsDomainAdmin) - } - if err != nil || trustSettings == 0 { - // If there are neither user nor admin trust settings for a certificate returned - // from SecTrustSettingsCopyCertificates Apple returns kSecTrustSettingsResultInvalid, - // as this method is intended to return certificates _which have trust settings_. - // The most likely case for this being triggered is that the existing trust settings - // are invalid and cannot be properly parsed. In this case SecTrustSettingsCopyTrustSettings - // returns errSecInvalidTrustSettings. The existing cgo implementation returns - // kSecTrustSettingsResultUnspecified in this case, which mostly matches the Apple - // implementation because we don't do anything with certificates marked with this - // result. - // - // See SecPVCGetTrustSettingsResult in Security-59306.41.2/trust/trustd/SecPolicyServer.c - if debugDarwinRoots && err != macOS.ErrNoTrustSettings { - fmt.Fprintf(os.Stderr, "crypto/x509: SecTrustSettingsCopyTrustSettings for SecTrustSettingsDomainAdmin failed: %s\n", err) - } - return macOS.SecTrustSettingsResultUnspecified, nil - } - defer macOS.CFRelease(trustSettings) - - // "An empty trust settings array means 'always trust this certificate' with an - // overall trust setting for the certificate of kSecTrustSettingsResultTrustRoot." - if macOS.CFArrayGetCount(trustSettings) == 0 { - return macOS.SecTrustSettingsResultTrustRoot, nil - } - - isSSLPolicy := func(policyRef macOS.CFRef) bool { - properties := macOS.SecPolicyCopyProperties(policyRef) - defer macOS.CFRelease(properties) - if v, ok := macOS.CFDictionaryGetValueIfPresent(properties, macOS.SecPolicyOid); ok { - return macOS.CFEqual(v, macOS.CFRef(macOS.SecPolicyAppleSSL)) - } - return false - } - - for i := 0; i < macOS.CFArrayGetCount(trustSettings); i++ { - tSetting := macOS.CFArrayGetValueAtIndex(trustSettings, i) - - // First, check if this trust setting is constrained to a non-SSL policy. - if policyRef, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsPolicy); ok { - if !isSSLPolicy(policyRef) { - continue - } - } - - // Then check if it is restricted to a hostname, so not a root. - if _, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsPolicyString); ok { - continue - } - - cfNum, ok := macOS.CFDictionaryGetValueIfPresent(tSetting, macOS.SecTrustSettingsResultKey) - // "If this key is not present, a default value of kSecTrustSettingsResultTrustRoot is assumed." - if !ok { - return macOS.SecTrustSettingsResultTrustRoot, nil - } - result, err := macOS.CFNumberGetValue(cfNum) - if err != nil { - return 0, err - } - - // If multiple dictionaries match, we are supposed to "OR" them, - // the semantics of which are not clear. Since TrustRoot and TrustAsRoot - // are mutually exclusive, Deny should probably override, and Invalid and - // Unspecified be overridden, approximate this by stopping at the first - // TrustRoot, TrustAsRoot or Deny. - switch r := macOS.SecTrustSettingsResult(result); r { - case macOS.SecTrustSettingsResultTrustRoot, - macOS.SecTrustSettingsResultTrustAsRoot, - macOS.SecTrustSettingsResultDeny: - return r, nil - } - } - - // If trust settings are present, but none of them match the policy... - // the docs don't tell us what to do. - // - // "Trust settings for a given use apply if any of the dictionaries in the - // certificate’s trust settings array satisfies the specified use." suggests - // that it's as if there were no trust settings at all, so we should maybe - // fallback to the admin trust settings? TODO(golang.org/issue/38888). - - return macOS.SecTrustSettingsResultUnspecified, nil + return nil, nil } From 55904056ad9f9a1b64b393d6f7357c25ef3aa04f Mon Sep 17 00:00:00 2001 From: Elliot Cubit <65554000+elliot-censys@users.noreply.github.com> Date: Tue, 22 Feb 2022 10:36:37 -0500 Subject: [PATCH 13/40] handshake_client: do not overwrite server certs (#329) Do not overwrite collected server certs when we are asked for a client cert. --- tls/handshake_client.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/tls/handshake_client.go b/tls/handshake_client.go index 559f3726..e412bee8 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -589,8 +589,6 @@ func (hs *clientHandshakeState) doFullHandshake() error { if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { return err } - - c.handshakeLog.ServerCertificates = certMsg.MakeLog() } preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) From e5412fa4423dac50662fe0d567e0192bbd3bb61c Mon Sep 17 00:00:00 2001 From: Nakul Bajaj Date: Wed, 20 Apr 2022 07:25:39 -0700 Subject: [PATCH 14/40] Added extension identifiers for Server Hello messages to Handshake Log (#331) * Added extension IDs for Server Hello messages to handshake log * Added marshalling capabilities for unknown extensions with empty data * Switched to extension extract function on serverHelloMsg * Re-added whitespace break --- tls/handshake_messages.go | 35 +++++++++++++++++++++++++++++++++++ tls/tls_handshake.go | 5 +++++ 2 files changed, 40 insertions(+) diff --git a/tls/handshake_messages.go b/tls/handshake_messages.go index 67904ccd..fbce055b 100644 --- a/tls/handshake_messages.go +++ b/tls/handshake_messages.go @@ -842,6 +842,41 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool { return true } +func (m *serverHelloMsg) extractExtensions() ([]uint16, bool) { + + extensionIdentifiers := make([]uint16, 0) + s := cryptobyte.String(m.raw) + + var sessionId []byte + if !s.Skip(38) || // message type and uint24 length field + !readUint8LengthPrefixed(&s, &sessionId) || + !s.Skip(3) { + return nil, false + } + + if s.Empty() { + return nil, false + } + + var extensions cryptobyte.String + if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() { + return nil, false + } + + for !extensions.Empty() { + var extension uint16 + var extData cryptobyte.String + if !extensions.ReadUint16(&extension) || + !extensions.ReadUint16LengthPrefixed(&extData) { + return nil, false + } + + extensionIdentifiers = append(extensionIdentifiers, extension) + } + + return extensionIdentifiers, true +} + type encryptedExtensionsMsg struct { raw []byte alpnProtocol string diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index b705448b..5ab0556c 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -67,6 +67,7 @@ type ServerHello struct { SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` AlpnProtocol string `json:"alpn_protocol,omitempty"` SupportedVersions *SupportedVersionsExt `json:"supported_versions,omitempty"` + ExtensionIdentifiers []uint16 `json:"extension_identifiers,omitempty"` } type SupportedVersionsExt struct { @@ -344,6 +345,10 @@ func (m *serverHelloMsg) MakeLog() *ServerHello { sh.OcspStapling = m.ocspStapling sh.TicketSupported = m.ticketSupported sh.SecureRenegotiation = m.secureRenegotiationSupported && len(m.secureRenegotiation) > 0 + extensionIdentifiers, success := m.extractExtensions() + if success { + sh.ExtensionIdentifiers = extensionIdentifiers + } if len(m.scts) > 0 { for _, rawSCT := range m.scts { From dbbfb1c7497c17ee4d2872e2387743f751985785 Mon Sep 17 00:00:00 2001 From: Nakul Bajaj Date: Thu, 21 Apr 2022 08:20:45 -0700 Subject: [PATCH 15/40] Updated TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001 = 53249 (#333) --- tls/cipher_suites.go | 3 ++- tls/tls_names.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index ac7e4d50..0cfaadca 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -973,10 +973,11 @@ const ( TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF - TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0xCAFE TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0xD001 + // Old ids for Chacha20 ciphers TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD uint16 = 0xCC13 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD uint16 = 0xCC14 diff --git a/tls/tls_names.go b/tls/tls_names.go index d50e89c3..db9410e9 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -380,13 +380,13 @@ func init() { cipherSuiteNames[0xC0AD] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" cipherSuiteNames[0xC0AE] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" cipherSuiteNames[0xC0AF] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" - cipherSuiteNames[0xCAFE] = "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" cipherSuiteNames[0xCC13] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD" cipherSuiteNames[0xCC14] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD" cipherSuiteNames[0xCC15] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD" cipherSuiteNames[0xCCA8] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" cipherSuiteNames[0xCCA9] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" cipherSuiteNames[0xCCAA] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" + cipherSuiteNames[0xD001] = "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" cipherSuiteNames[0xFEFE] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA" cipherSuiteNames[0xFEFF] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" cipherSuiteNames[0xFFE0] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" From 1b9a8647e24621272603d6a0adbbae7d8c9b7a6e Mon Sep 17 00:00:00 2001 From: Elliot Cubit <65554000+elliot-censys@users.noreply.github.com> Date: Thu, 5 May 2022 14:30:17 -0400 Subject: [PATCH 16/40] Make jsonifyExtensions public and add grouped CertificatesPolicies UserNotice (#334) * x509: make jsonifyExtensions() public * Certificate Policies: add grouped user notices field The separate fields for NoticeReferencNumbers, NoticeRefOrganization, and ExplicitTexts introduce ambiguity since these fields are structured and optional in the source data. A certificate with a mixture of UserNotices that have only one of ExplicitText or NoticeReference would previously be impossible to reconstruct. Add a new field, UserNotices, which preserved the original grouping of values, leaving the old format exposed in place, so that this case can be reconstructed without breaking existing usage. --- x509/extensions.go | 4 ++- x509/json.go | 2 +- x509/x509.go | 23 +++++++++++- x509/x509_test.go | 90 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+), 3 deletions(-) diff --git a/x509/extensions.go b/x509/extensions.go index b1edaf26..0a68e31e 100644 --- a/x509/extensions.go +++ b/x509/extensions.go @@ -89,6 +89,7 @@ type CertificatePoliciesData struct { ExplicitTexts [][]string NoticeRefOrganization [][]string NoticeRefNumbers [][]NoticeNumber + UserNotices [][]UserNotice } func (cp *CertificatePoliciesData) MarshalJSON() ([]byte, error) { @@ -724,7 +725,7 @@ type CABFOrganizationIdentifier struct { Reference string `json:"reference,omitempty"` } -func (c *Certificate) jsonifyExtensions() (*CertificateExtensions, UnknownCertificateExtensions) { +func (c *Certificate) JsonifyExtensions() (*CertificateExtensions, UnknownCertificateExtensions) { exts := new(CertificateExtensions) unk := make([]pkix.Extension, 0, 2) for _, e := range c.Extensions { @@ -792,6 +793,7 @@ func (c *Certificate) jsonifyExtensions() (*CertificateExtensions, UnknownCertif exts.CertificatePolicies.ExplicitTexts = c.ParsedExplicitTexts exts.CertificatePolicies.QualifierId = c.QualifierId exts.CertificatePolicies.CPSUri = c.CPSuri + exts.CertificatePolicies.UserNotices = c.UserNotices } else if e.Id.Equal(oidExtAuthorityInfoAccess) { exts.AuthorityInfoAccess = new(AuthorityInfoAccess) diff --git a/x509/json.go b/x509/json.go index a1b73a08..37da0fba 100644 --- a/x509/json.go +++ b/x509/json.go @@ -482,7 +482,7 @@ func (c *Certificate) MarshalJSON() ([]byte, error) { } jc.SubjectKeyInfo = c.jsonifySubjectKey() - jc.Extensions, jc.UnknownExtensions = c.jsonifyExtensions() + jc.Extensions, jc.UnknownExtensions = c.JsonifyExtensions() // TODO: Handle the fact this might not match jc.SignatureAlgorithm = c.jsonifySignatureAlgorithm() diff --git a/x509/x509.go b/x509/x509.go index e22f0d58..dce6f15c 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -820,6 +820,8 @@ type Certificate struct { ParsedExplicitTexts [][]string ParsedNoticeRefOrganization [][]string + UserNotices [][]UserNotice + // Name constraints NameConstraintsCritical bool // if true then the name constraints are marked critical. PermittedDNSNames []GeneralSubtreeString @@ -1173,6 +1175,11 @@ type userNotice struct { ExplicitText asn1.RawValue `asn1:"optional"` } +type UserNotice struct { + ExplicitText *string + NoticeReference *NoticeReference +} + type noticeReference struct { Organization asn1.RawValue NoticeNumbers []int @@ -1941,6 +1948,7 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.ParsedExplicitTexts = make([][]string, len(policies)) out.ParsedNoticeRefOrganization = make([][]string, len(policies)) out.CPSuri = make([][]string, len(policies)) + out.UserNotices = make([][]UserNotice, len(policies)) for i, policy := range policies { out.PolicyIdentifiers[i] = policy.Policy @@ -1949,6 +1957,7 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.QualifierId[i] = append(out.QualifierId[i], qualifier.PolicyQualifierId) userNoticeOID := asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} cpsURIOID := asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + if qualifier.PolicyQualifierId.Equal(userNoticeOID) { var un userNotice _, err := asn1.Unmarshal(qualifier.Qualifier.FullBytes, &un) @@ -1956,15 +1965,27 @@ func parseCertificate(in *certificate) (*Certificate, error) { return nil, err } if err == nil { + groupUserNotice := UserNotice{} if len(un.ExplicitText.Bytes) != 0 { out.ExplicitTexts[i] = append(out.ExplicitTexts[i], un.ExplicitText) - out.ParsedExplicitTexts[i] = append(out.ParsedExplicitTexts[i], string(un.ExplicitText.Bytes)) + parsed := string(un.ExplicitText.Bytes) + out.ParsedExplicitTexts[i] = append(out.ParsedExplicitTexts[i], parsed) + + groupUserNotice.ExplicitText = &parsed } + if un.NoticeRef.Organization.Bytes != nil || un.NoticeRef.NoticeNumbers != nil { out.NoticeRefOrgnization[i] = append(out.NoticeRefOrgnization[i], un.NoticeRef.Organization) out.NoticeRefNumbers[i] = append(out.NoticeRefNumbers[i], un.NoticeRef.NoticeNumbers) out.ParsedNoticeRefOrganization[i] = append(out.ParsedNoticeRefOrganization[i], string(un.NoticeRef.Organization.Bytes)) + + groupUserNotice.NoticeReference = &NoticeReference{ + Organization: string(un.NoticeRef.Organization.Bytes), + NoticeNumbers: un.NoticeRef.NoticeNumbers, + } } + + out.UserNotices[i] = append(out.UserNotices[i], groupUserNotice) } } if qualifier.PolicyQualifierId.Equal(cpsURIOID) { diff --git a/x509/x509_test.go b/x509/x509_test.go index 2416156d..27a3a1d8 100644 --- a/x509/x509_test.go +++ b/x509/x509_test.go @@ -733,6 +733,96 @@ func TestVerifyCertificateWithDSASignature(t *testing.T) { } } +const pemCertPolicyUserNotices = `-----BEGIN CERTIFICATE----- +MIIEiTCCA3GgAwIBAgIUMYpvK6wyDbRymJE+DvP7moEyrzYwDQYJKoZIhvcNAQEL +BQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFy +Ym9yMQ8wDQYDVQQKDAZDZW5zeXMxDzANBgNVBAsMBkNlbnN5czEPMA0GA1UEAwwG +Q2Vuc3lzMTIwMAYJKoZIhvcNAQkBFiNhYnNvbHV0ZWx5bm90eW91cmJ1c2luZXNz +QGNlbnN5cy5pbzAeFw0yMjA1MDUxNzQxMjBaFw0yMjA2MDQxNzQxMjBaMIGVMQsw +CQYDVQQGEwJVUzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEPMA0G +A1UECgwGQ2Vuc3lzMQ8wDQYDVQQLDAZDZW5zeXMxDzANBgNVBAMMBkNlbnN5czEy +MDAGCSqGSIb3DQEJARYjYWJzb2x1dGVseW5vdHlvdXJidXNpbmVzc0BjZW5zeXMu +aW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0zShNJeZsIR/aZNS1 +TDTLbx61Y2qkllUzr+Lh47/SQAw4c2jdJB/yAdqEIWXPgmvlegYb+0XJRz1FeUBU +A8mzStDVPgfmW9vJksdPdp5yBoxodpBJ5NA5Ez+S3+znJL6F4vH+orgOO2D+ah4E +9qybSxVXjKxWGTjqKvKJOohRi9VxaGNVvJbvg2K+HtgEl7J7nkJfT+a4yIsM086U +e0p/ZzxNLummTwrZmEmD78HnrEIg91m2vb/I9QJvGtLnZDBp2TdeqKh0ihmadldG +w8hXYr25hh1TQQLxi7F3b22LQexRsg/GKDKAVu2HQL9V8Qty97RExPRdLDJDAFVK +XzwXAgMBAAGjgc4wgcswgcgGA1UdIASBwDCBvTAFBgMqAwQwBQYDLQYHMIGsBgMr +BQcwgaQwEAYIKwYBBQUHAgEWBHVybDEwEAYIKwYBBQUHAgEWBHVybDIwQQYIKwYB +BQUHAgIwNTArFht0aGUgbWluaXN0cnkgb2Ygc2lsbHkgd2Fsa3MwDAIBAQIBAgIB +AwIBBBoGZm9vYmFyMBQGCCsGAQUFBwICMAgaBmZvb2JhejAlBggrBgEFBQcCAjAZ +MBcWEGFwZXJ0dXJlIHNjaWVuY2UwAwIBKjANBgkqhkiG9w0BAQsFAAOCAQEAxXVD +/1kBp1ro5EfPGxiDscjQ7cOJBVUdbLMfqQzXmBLzFnJUj0DryyeUZsMHIw8PMctr +NUR6rrNWFX0IQENOJIwFjHv0X1gih1dJcohBcgaT8SNCCcZsGImEqdFZlL6mgwtI +K4YBIAde0Jl0Kwrk+6CdR1/tlXN0PegycogBvfItSXwKkKvjkIKGy7A9g6+MWtMg +DcOdH/BxukeT6hfvOAI5r6eFMkpbK/tL2RuygdMk9hIwqnJ3E/SjTRs8jkEACZ2y +PXbTZ4ymfTyPXCwA8szaFzz/LXJ7yak1YzDqyAh7fTN+om9mBcmciDoz6+JV027o +0/KLWM5xP8R3VbSbYQ== +-----END CERTIFICATE-----` + +func assertUserNoticeEqual(t *testing.T, n1, n2 UserNotice) { + + assert.Equal(t, n1.ExplicitText, n2.ExplicitText) + + if (n1.NoticeReference == nil) != (n2.NoticeReference == nil) { + return + } + + if n1.NoticeReference != nil { + r1 := *n1.NoticeReference + r2 := *n2.NoticeReference + assert.Equal(t, r1.Organization, r2.Organization) + assert.Equal(t, r1.NoticeNumbers, r2.NoticeNumbers) + } +} + +// TestCertificatePolicyUserNotices ensures that the UserNotices field of +// the CertificatePolicies extension are parsed correctly, using an example +// certificate with an unorthodox usage of the extension. +func TestCertificatePolicyUserNotices(t *testing.T) { + block, _ := pem.Decode([]byte(pemCertPolicyUserNotices)) + cert, err := ParseCertificate(block.Bytes) + if err != nil { + t.Errorf("couldn't parse test cert %s", err.Error()) + } + + if !assert.Len(t, cert.UserNotices, 3) { + return + } + + if !assert.Len(t, cert.UserNotices[2], 3) { + return + } + + e1 := "foobar" + e2 := "foobaz" + + p1 := UserNotice{ + ExplicitText: &e1, + NoticeReference: &NoticeReference{ + Organization: "the ministry of silly walks", + NoticeNumbers: []int{1, 2, 3, 4}, + }, + } + + p2 := UserNotice{ + ExplicitText: &e2, + NoticeReference: nil, + } + + p3 := UserNotice{ + NoticeReference: &NoticeReference{ + Organization: "aperture science", + NoticeNumbers: []int{42}, + }, + } + + assertUserNoticeEqual(t, p1, cert.UserNotices[2][0]) + assertUserNoticeEqual(t, p2, cert.UserNotices[2][1]) + assertUserNoticeEqual(t, p3, cert.UserNotices[2][2]) +} + const pemCertificate = `-----BEGIN CERTIFICATE----- MIIB5DCCAZCgAwIBAgIBATALBgkqhkiG9w0BAQUwLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UE AxMQdGVzdC5leGFtcGxlLmNvbTAeFw03MDAxMDEwMDE2NDBaFw03MDAxMDIwMzQ2NDBaMC0xEDAO From 817b9ce9833142bb7ab31223e78b72f33ef62f0c Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Thu, 11 Aug 2022 10:49:40 -0400 Subject: [PATCH 17/40] standardize unsupported elliptic curve error --- ct/x509/sec1.go | 1 + x509/pkcs8.go | 6 +++--- x509/sec1.go | 14 +++++++------- x509/x509.go | 41 +++++++++++++++++++++++------------------ 4 files changed, 34 insertions(+), 28 deletions(-) diff --git a/ct/x509/sec1.go b/ct/x509/sec1.go index b0ea06e3..6af18e88 100644 --- a/ct/x509/sec1.go +++ b/ct/x509/sec1.go @@ -7,6 +7,7 @@ package x509 import ( "crypto/ecdsa" "crypto/elliptic" + // START CT CHANGES "github.com/zmap/zcrypto/ct/asn1" // START CT CHANGES diff --git a/x509/pkcs8.go b/x509/pkcs8.go index d8077cc7..1bcb740c 100644 --- a/x509/pkcs8.go +++ b/x509/pkcs8.go @@ -98,9 +98,9 @@ func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) { privKey.PrivateKey = MarshalPKCS1PrivateKey(k) case *ecdsa.PrivateKey: - oid, ok := oidFromNamedCurve(k.Curve) - if !ok { - return nil, errors.New("x509: unknown curve while marshaling to PKCS#8") + oid, err := oidFromNamedCurve(k.Curve) + if err != nil { + return nil, err } oidBytes, err := asn1.Marshal(oid) diff --git a/x509/sec1.go b/x509/sec1.go index 7e397047..e8e669ff 100644 --- a/x509/sec1.go +++ b/x509/sec1.go @@ -36,9 +36,9 @@ func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) { // MarshalECPrivateKey marshals an EC private key into ASN.1, DER format. func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) { - oid, ok := oidFromNamedCurve(key.Curve) - if !ok { - return nil, errors.New("x509: unknown elliptic curve") + oid, err := oidFromNamedCurve(key.Curve) + if err != nil { + return nil, err } privateKeyBytes := key.D.Bytes() @@ -80,12 +80,12 @@ func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *e var curve elliptic.Curve if namedCurveOID != nil { - curve = namedCurveFromOID(*namedCurveOID) + curve, err = namedCurveFromOID(*namedCurveOID) } else { - curve = namedCurveFromOID(privKey.NamedCurveOID) + curve, err = namedCurveFromOID(privKey.NamedCurveOID) } - if curve == nil { - return nil, errors.New("x509: unknown elliptic curve") + if err != nil { + return nil, err } k := new(big.Int).SetBytes(privKey.PrivateKey) diff --git a/x509/x509.go b/x509/x509.go index dce6f15c..c4c1e27f 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -88,9 +88,10 @@ func marshalPublicKey(pub interface{}) (publicKeyBytes []byte, publicKeyAlgorith publicKeyAlgorithm.Parameters = asn1.NullRawValue case *ecdsa.PublicKey: publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) - oid, ok := oidFromNamedCurve(pub.Curve) - if !ok { - return nil, pkix.AlgorithmIdentifier{}, errors.New("x509: unsupported elliptic curve") + var oid asn1.ObjectIdentifier + oid, err = oidFromNamedCurve(pub.Curve) + if err != nil { + return nil, pkix.AlgorithmIdentifier{}, err } publicKeyAlgorithm.Algorithm = oidPublicKeyECDSA var paramBytes []byte @@ -558,33 +559,33 @@ var ( oidKeyEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} ) -func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { +func namedCurveFromOID(oid asn1.ObjectIdentifier) (elliptic.Curve, error) { switch { case oid.Equal(oidNamedCurveP224): - return elliptic.P224() + return elliptic.P224(), nil case oid.Equal(oidNamedCurveP256): - return elliptic.P256() + return elliptic.P256(), nil case oid.Equal(oidNamedCurveP384): - return elliptic.P384() + return elliptic.P384(), nil case oid.Equal(oidNamedCurveP521): - return elliptic.P521() + return elliptic.P521(), nil } - return nil + return nil, ErrUnsupportedEllipticCurve } -func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) { +func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, error) { switch curve { case elliptic.P224(): - return oidNamedCurveP224, true + return oidNamedCurveP224, nil case elliptic.P256(): - return oidNamedCurveP256, true + return oidNamedCurveP256, nil case elliptic.P384(): - return oidNamedCurveP384, true + return oidNamedCurveP384, nil case elliptic.P521(): - return oidNamedCurveP521, true + return oidNamedCurveP521, nil } - return nil, false + return nil, ErrUnsupportedEllipticCurve } // KeyUsage represents the set of actions that are valid for a given key. It's @@ -941,6 +942,10 @@ func (c *Certificate) GetParsedSubjectCommonName(invalidateCache bool) ParsedDom // involves algorithms that are not currently implemented. var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented") +// ErrUnsupportedEllipticCurve results from attempting to perform an operation that +// involves elliptic curves that are not currently implemented. +var ErrUnsupportedEllipticCurve = errors.New("x509: unsupported elliptic curve") + // An InsecureAlgorithmError type InsecureAlgorithmError SignatureAlgorithm @@ -1366,9 +1371,9 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{ if len(rest) != 0 { return nil, errors.New("x509: trailing data after ECDSA parameters") } - namedCurve := namedCurveFromOID(*namedCurveOID) - if namedCurve == nil { - return nil, errors.New("x509: unsupported elliptic curve") + namedCurve, err := namedCurveFromOID(*namedCurveOID) + if err != nil { + return nil, err } x, y := elliptic.Unmarshal(namedCurve, asn1Data) if x == nil { From e7d0b65fa06ee8266a4c5d6fb6f2d32d8653f7a7 Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Mon, 15 Aug 2022 17:59:59 -0400 Subject: [PATCH 18/40] ct: allow publishing certificates with parsing errors --- ct/scanner/scanner.go | 145 ++++++++++++++++++++++++++++++++++-------- ct/types.go | 16 +++-- 2 files changed, 130 insertions(+), 31 deletions(-) diff --git a/ct/scanner/scanner.go b/ct/scanner/scanner.go index 4273438e..58489690 100644 --- a/ct/scanner/scanner.go +++ b/ct/scanner/scanner.go @@ -13,8 +13,20 @@ import ( "github.com/zmap/zcrypto/ct" "github.com/zmap/zcrypto/ct/client" "github.com/zmap/zcrypto/ct/x509" + "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509/pkix" ) +// ASN1Certificate holds the top-level asn1 fields in a certificate. +// +// It is used to determine if a certificate contains well-formed asn1 data or is corrupted. +type ASN1Certificate struct { + Raw asn1.RawContent + TBSCertificate asn1.RawValue + SignatureAlgorithm pkix.AlgorithmIdentifier + SignatureValue asn1.BitString +} + // Clients wishing to implement their own Matchers should implement this interface: type Matcher interface { // CertificateMatches is called by the scanner for each X509 Certificate found in the log. @@ -137,6 +149,9 @@ type ScannerOptions struct { Name string MaximumIndex int64 + + // Always output encountered certificates, so long as they are valid ASN.1 + IgnoreParsingErrors bool } // Creates a new ScannerOptions struct with sensible defaults @@ -188,30 +203,87 @@ type fetchRange struct { end int64 } -// Takes the error returned by either x509.ParseCertificate() or -// x509.ParseTBSCertificate() and determines if it's non-fatal or otherwise. -// In the case of non-fatal errors, the error will be logged, -// entriesWithNonFatalErrors will be incremented, and the return value will be -// nil. -// Fatal errors will be logged, unparsableEntires will be incremented, and the +// parseCertificate takes a raw certificate, parses it, and if there is an error, +// determines if it is fatal. In the case of non-fatal errors, the error will be logged, +// entriesWithNonFatalErrors will be incremented, and the returned error will be nil. +// +// Fatal parse errors will be logged, unparsableEntries will be incremented, and the // fatal error itself will be returned. -// When |err| is nil, this method does nothing. -func (s *Scanner) handleParseEntryError(err error, entryType ct.LogEntryType, index int64) error { +// +// This function does NOT promise that the returned certificate will be non-nil +// whenever err is non-nil. +func (s *Scanner) parseCertificate( + precert bool, + entryType ct.LogEntryType, + index int64, + raw []byte, +) (*x509.Certificate, error) { + var cert *x509.Certificate + var err error + if precert { + cert, err = x509.ParseTBSCertificate(raw) + } else { + cert, err = x509.ParseCertificate(raw) + } + if err == nil { // No error to handle - return nil + return cert, nil } + + var isFatal bool + switch err.(type) { case x509.NonFatalErrors: s.entriesWithNonFatalErrors++ - // We'll make a note, but continue. - s.logger.Warnf("Non-fatal error in %+v at index %d of log at %s: %s", entryType, index, s.logClient.Uri, err) default: s.unparsableEntries++ - s.logger.Warnf("Failed to parse in %+v at index %d of log at %s: %s", entryType, index, s.logClient.Uri, err) - return err + isFatal = true + } + + if !isFatal { + s.logger.Warnf( + "Ignored non-fatal error in %+v at index %d of log at %s: %s", + entryType, + index, + s.logClient.Uri, + err, + ) + return cert, nil + } + + if !s.opts.IgnoreParsingErrors { + s.logger.Errorf( + "Fatal parse error in %+v at index %d of log at %s: %s", + entryType, + index, + s.logClient.Uri, + err, + ) + return nil, err } - return nil + + var asn1cert ASN1Certificate + if _, perr := asn1.Unmarshal(raw, &asn1cert); perr != nil { + s.logger.Warnf( + "Corrupted cert ASN.1 in %+v at index %d of log %s: %s", + entryType, + index, + s.logClient.Uri, + perr, + ) + return nil, perr + } + + s.logger.Warnf( + "Ignored fatal parse error in %+v at index %d of log %s: %s", + entryType, + index, + s.logClient.Uri, + err, + ) + + return cert, nil } // Processes the given |entry| in the specified log. @@ -223,29 +295,52 @@ func (s *Scanner) processEntry(entry ct.LogEntry, foundCert func(*ct.LogEntry, s // Only interested in precerts and this is an X.509 cert, early-out. return } - cert, err := x509.ParseCertificate(entry.Leaf.TimestampedEntry.X509Entry) - if err = s.handleParseEntryError(err, entry.Leaf.TimestampedEntry.EntryType, entry.Index); err != nil { - // We hit an unparseable entry, already logged inside handleParseEntryError() + cert, err := s.parseCertificate( + false, + entry.Leaf.TimestampedEntry.EntryType, + entry.Index, + entry.Leaf.TimestampedEntry.X509Entry, + ) + if err != nil { return } - if s.opts.Matcher.CertificateMatches(cert) { - entry.X509Cert = cert + if cert != nil { + if s.opts.Matcher.CertificateMatches(cert) { + entry.RawCert = entry.Leaf.TimestampedEntry.X509Entry + entry.X509Cert = cert + foundCert(&entry, s.opts.Name) + } + } else { + entry.RawCert = entry.Leaf.TimestampedEntry.X509Entry foundCert(&entry, s.opts.Name) } case ct.PrecertLogEntryType: - c, err := x509.ParseTBSCertificate(entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate) - if err = s.handleParseEntryError(err, entry.Leaf.TimestampedEntry.EntryType, entry.Index); err != nil { - // We hit an unparseable entry, already logged inside handleParseEntryError() + cert, err := s.parseCertificate( + true, + entry.Leaf.TimestampedEntry.EntryType, + entry.Index, + entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate, + ) + if err != nil { return } precert := &ct.Precertificate{ Raw: entry.Chain[0], - TBSCertificate: *c, + TBSCertificate: cert, IssuerKeyHash: entry.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash} - if s.opts.Matcher.PrecertificateMatches(precert) { - entry.Precert = precert + + entry.IsPrecert = true + entry.RawCert = entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate + entry.Precert = precert + + if cert != nil { + if s.opts.Matcher.PrecertificateMatches(precert) { + foundPrecert(&entry, s.opts.Name) + } + } else { foundPrecert(&entry, s.opts.Name) } + s.precertsSeen++ } } diff --git a/ct/types.go b/ct/types.go index 5e4748f2..b7b257bd 100644 --- a/ct/types.go +++ b/ct/types.go @@ -236,12 +236,16 @@ func (d *DigitallySigned) UnmarshalJSON(b []byte) error { // LogEntry represents the contents of an entry in a CT log, see section 3.1. type LogEntry struct { - Index int64 - Leaf MerkleTreeLeaf + Index int64 + Leaf MerkleTreeLeaf + RawCert []byte + IsPrecert bool + Chain []ASN1Cert + Server string + // When the raw cert is parseable, and not a precert, + // X509Cert contains the parsed certificate for convenience. X509Cert *x509.Certificate Precert *Precertificate - Chain []ASN1Cert - Server string } // SHA256Hash represents the output from the SHA256 hash function. @@ -347,8 +351,8 @@ type Precertificate struct { // SHA256 hash of the issuing key IssuerKeyHash [issuerKeyHashLength]byte // Parsed TBSCertificate structure (held in an x509.Certificate for ease of - // access. - TBSCertificate x509.Certificate + // access), when possible. + TBSCertificate *x509.Certificate } // X509Certificate returns the X.509 Certificate contained within the From 1912d0775685d4b91be3e9cb0a52009ed1ba5a27 Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Thu, 22 Sep 2022 11:36:41 -0400 Subject: [PATCH 19/40] tls: perform type assertion on cert publickey (#345) Prior to the TLS 1.3 backport, there was a type assertion to make sure that cert.PublicKey.(*rsa.PublicKey) was true. This was lost in the backport work, and while very rare we did recently hit a case where this assertion is not true. Doing it inline in the call leads to a panic. This restores the prior type assertion check, and returns err if it fails. --- tls/key_agreement.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tls/key_agreement.go b/tls/key_agreement.go index 27c1a9e8..26c2d322 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -250,7 +250,11 @@ func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello return nil, nil, err } - encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret) + publicKey, ok := cert.PublicKey.(*rsa.PublicKey) + if !ok { + return nil, nil, errClientKeyExchange + } + encrypted, err := rsa.EncryptPKCS1v15(config.rand(), publicKey, preMasterSecret) if err != nil { return nil, nil, err } From 894d0f89c6646d6135dfd8b70beb1b3b1567477b Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Tue, 31 Jan 2023 16:54:44 -0500 Subject: [PATCH 20/40] Expose 'validSignature' field --- x509/cert_pool.go | 2 +- x509/json.go | 2 +- x509/x509.go | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/x509/cert_pool.go b/x509/cert_pool.go index cfc16753..d7bf903a 100644 --- a/x509/cert_pool.go +++ b/x509/cert_pool.go @@ -49,7 +49,7 @@ func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int, errCer for _, c := range candidates { if err = cert.CheckSignatureFrom(s.certs[c]); err == nil { - cert.validSignature = true + cert.ValidSignature = true parents = append(parents, c) } else { errCert = s.certs[c] diff --git a/x509/json.go b/x509/json.go index 37da0fba..168a90a1 100644 --- a/x509/json.go +++ b/x509/json.go @@ -488,7 +488,7 @@ func (c *Certificate) MarshalJSON() ([]byte, error) { jc.SignatureAlgorithm = c.jsonifySignatureAlgorithm() jc.Signature.SignatureAlgorithm = jc.SignatureAlgorithm jc.Signature.Value = c.Signature - jc.Signature.Valid = c.validSignature + jc.Signature.Valid = c.ValidSignature jc.Signature.SelfSigned = c.SelfSigned if c.SelfSigned { jc.Signature.Valid = true diff --git a/x509/x509.go b/x509/x509.go index c4c1e27f..3ddf0ac7 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -865,8 +865,9 @@ type Certificate struct { IsPrecert bool - // Internal - validSignature bool + // ValidSignature is true if the certificate was signed by any roots or + // intermediates given in a call to (*Certificate).Verify(). + ValidSignature bool // CT SignedCertificateTimestampList []*ct.SignedCertificateTimestamp From a3f90a5332f8d9d2dffa651eda782fde6dd1bc1f Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Tue, 21 Feb 2023 14:20:46 -0500 Subject: [PATCH 21/40] verifier: set ValidSignature field The x509 package sets this field true when it finds a valid signature while validating certificates; copy the behavior here for consistency. --- verifier/walk.go | 1 + 1 file changed, 1 insertion(+) diff --git a/verifier/walk.go b/verifier/walk.go index 48b40adc..a84d68bb 100644 --- a/verifier/walk.go +++ b/verifier/walk.go @@ -46,6 +46,7 @@ func (g *Graph) WalkChainsAsync(c *x509.Certificate, opt WalkOptions) chan x509. continue } start.issuer = candidate + c.ValidSignature = true break } } From 2ba506e07f41d0b7ee046b9b6bd1e1ae7abfb14e Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Tue, 21 Feb 2023 14:41:13 -0500 Subject: [PATCH 22/40] run go fmt --- ct/x509/root_bsd.go | 1 + ct/x509/root_cgo_darwin.go | 1 + ct/x509/root_darwin_arm_gen.go | 1 + ct/x509/root_darwin_armx.go | 1 + ct/x509/root_plan9.go | 1 + ct/x509/root_unix.go | 1 + ct/x509/root_unix_test.go | 1 + internal/cpu/cpu_arm64_android.go | 1 + internal/cpu/cpu_arm64_darwin.go | 5 ++--- internal/cpu/cpu_arm64_freebsd.go | 1 + internal/cpu/cpu_arm64_hwcap.go | 4 ++-- internal/cpu/cpu_arm64_linux.go | 5 ++--- internal/cpu/cpu_arm64_other.go | 1 + internal/cpu/cpu_mips64x.go | 1 + internal/cpu/cpu_no_name.go | 4 ++-- internal/cpu/cpu_ppc64x.go | 1 + internal/cpu/cpu_ppc64x_aix.go | 1 + internal/cpu/cpu_ppc64x_linux.go | 1 + internal/cpu/cpu_x86.go | 1 + internal/cpu/cpu_x86_test.go | 1 + internal/testenv/testenv_cgo.go | 1 + internal/testenv/testenv_notwin.go | 1 + tls/generate_cert.go | 1 + tls/handshake_unix_test.go | 1 + x509/extended_key_usage_gen.go | 1 + x509/root_unix.go | 1 + x509/root_unix_test.go | 1 + x509/x509_test_import.go | 1 + 28 files changed, 32 insertions(+), 10 deletions(-) diff --git a/ct/x509/root_bsd.go b/ct/x509/root_bsd.go index 13719338..8c04bdcd 100644 --- a/ct/x509/root_bsd.go +++ b/ct/x509/root_bsd.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build dragonfly || freebsd || netbsd || openbsd // +build dragonfly freebsd netbsd openbsd package x509 diff --git a/ct/x509/root_cgo_darwin.go b/ct/x509/root_cgo_darwin.go index 2c3de0f6..8fe54cbe 100644 --- a/ct/x509/root_cgo_darwin.go +++ b/ct/x509/root_cgo_darwin.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build cgo && !arm && !arm64 && !ios // +build cgo,!arm,!arm64,!ios package x509 diff --git a/ct/x509/root_darwin_arm_gen.go b/ct/x509/root_darwin_arm_gen.go index fc2488ad..46313a4e 100644 --- a/ct/x509/root_darwin_arm_gen.go +++ b/ct/x509/root_darwin_arm_gen.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ignore // +build ignore // Generates root_darwin_armx.go. diff --git a/ct/x509/root_darwin_armx.go b/ct/x509/root_darwin_armx.go index ad1c53d8..113acb6f 100644 --- a/ct/x509/root_darwin_armx.go +++ b/ct/x509/root_darwin_armx.go @@ -4,6 +4,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build cgo && darwin && (arm || arm64 || ios) // +build cgo // +build darwin // +build arm arm64 ios diff --git a/ct/x509/root_plan9.go b/ct/x509/root_plan9.go index ebeb7dfc..605044e7 100644 --- a/ct/x509/root_plan9.go +++ b/ct/x509/root_plan9.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build plan9 // +build plan9 package x509 diff --git a/ct/x509/root_unix.go b/ct/x509/root_unix.go index 65b5a5fd..f6ae062d 100644 --- a/ct/x509/root_unix.go +++ b/ct/x509/root_unix.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build dragonfly || freebsd || linux || nacl || netbsd || openbsd || solaris // +build dragonfly freebsd linux nacl netbsd openbsd solaris package x509 diff --git a/ct/x509/root_unix_test.go b/ct/x509/root_unix_test.go index a9e06a99..5c08ea15 100644 --- a/ct/x509/root_unix_test.go +++ b/ct/x509/root_unix_test.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris // +build dragonfly freebsd linux netbsd openbsd solaris package x509 diff --git a/internal/cpu/cpu_arm64_android.go b/internal/cpu/cpu_arm64_android.go index 3c9e57c5..ac6eee54 100644 --- a/internal/cpu/cpu_arm64_android.go +++ b/internal/cpu/cpu_arm64_android.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build arm64 // +build arm64 package cpu diff --git a/internal/cpu/cpu_arm64_darwin.go b/internal/cpu/cpu_arm64_darwin.go index e094b97f..ce1b250a 100644 --- a/internal/cpu/cpu_arm64_darwin.go +++ b/internal/cpu/cpu_arm64_darwin.go @@ -2,9 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build arm64 -// +build darwin -// +build !ios +//go:build arm64 && darwin && !ios +// +build arm64,darwin,!ios package cpu diff --git a/internal/cpu/cpu_arm64_freebsd.go b/internal/cpu/cpu_arm64_freebsd.go index 9de2005c..8c481370 100644 --- a/internal/cpu/cpu_arm64_freebsd.go +++ b/internal/cpu/cpu_arm64_freebsd.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build arm64 // +build arm64 package cpu diff --git a/internal/cpu/cpu_arm64_hwcap.go b/internal/cpu/cpu_arm64_hwcap.go index fdaf43e1..8ac04fd8 100644 --- a/internal/cpu/cpu_arm64_hwcap.go +++ b/internal/cpu/cpu_arm64_hwcap.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build arm64 -// +build linux +//go:build arm64 && linux +// +build arm64,linux package cpu diff --git a/internal/cpu/cpu_arm64_linux.go b/internal/cpu/cpu_arm64_linux.go index 2f7411ff..c3a3f9a8 100644 --- a/internal/cpu/cpu_arm64_linux.go +++ b/internal/cpu/cpu_arm64_linux.go @@ -2,9 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build arm64 -// +build linux -// +build !android +//go:build arm64 && linux && !android +// +build arm64,linux,!android package cpu diff --git a/internal/cpu/cpu_arm64_other.go b/internal/cpu/cpu_arm64_other.go index f191db28..e8b5d529 100644 --- a/internal/cpu/cpu_arm64_other.go +++ b/internal/cpu/cpu_arm64_other.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build arm64 && !linux && !freebsd && !android && (!darwin || ios) // +build arm64 // +build !linux // +build !freebsd diff --git a/internal/cpu/cpu_mips64x.go b/internal/cpu/cpu_mips64x.go index 0c4794a7..d2f9d449 100644 --- a/internal/cpu/cpu_mips64x.go +++ b/internal/cpu/cpu_mips64x.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build mips64 || mips64le // +build mips64 mips64le package cpu diff --git a/internal/cpu/cpu_no_name.go b/internal/cpu/cpu_no_name.go index ce1c37a3..8d563b53 100644 --- a/internal/cpu/cpu_no_name.go +++ b/internal/cpu/cpu_no_name.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build !386 -// +build !amd64 +//go:build !386 && !amd64 +// +build !386,!amd64 package cpu diff --git a/internal/cpu/cpu_ppc64x.go b/internal/cpu/cpu_ppc64x.go index beb17654..2e7fd3eb 100644 --- a/internal/cpu/cpu_ppc64x.go +++ b/internal/cpu/cpu_ppc64x.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ppc64 || ppc64le // +build ppc64 ppc64le package cpu diff --git a/internal/cpu/cpu_ppc64x_aix.go b/internal/cpu/cpu_ppc64x_aix.go index b840b823..3d17a9c7 100644 --- a/internal/cpu/cpu_ppc64x_aix.go +++ b/internal/cpu/cpu_ppc64x_aix.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ppc64 || ppc64le // +build ppc64 ppc64le package cpu diff --git a/internal/cpu/cpu_ppc64x_linux.go b/internal/cpu/cpu_ppc64x_linux.go index 73b19143..b7c73451 100644 --- a/internal/cpu/cpu_ppc64x_linux.go +++ b/internal/cpu/cpu_ppc64x_linux.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ppc64 || ppc64le // +build ppc64 ppc64le package cpu diff --git a/internal/cpu/cpu_x86.go b/internal/cpu/cpu_x86.go index ba6bf690..fd1217a0 100644 --- a/internal/cpu/cpu_x86.go +++ b/internal/cpu/cpu_x86.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build 386 || amd64 // +build 386 amd64 package cpu diff --git a/internal/cpu/cpu_x86_test.go b/internal/cpu/cpu_x86_test.go index 52d4310b..a0534905 100644 --- a/internal/cpu/cpu_x86_test.go +++ b/internal/cpu/cpu_x86_test.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build 386 || amd64 // +build 386 amd64 package cpu_test diff --git a/internal/testenv/testenv_cgo.go b/internal/testenv/testenv_cgo.go index e3d4d16b..02f08f57 100644 --- a/internal/testenv/testenv_cgo.go +++ b/internal/testenv/testenv_cgo.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build cgo // +build cgo package testenv diff --git a/internal/testenv/testenv_notwin.go b/internal/testenv/testenv_notwin.go index ccb5d558..846ec938 100644 --- a/internal/testenv/testenv_notwin.go +++ b/internal/testenv/testenv_notwin.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !windows // +build !windows package testenv diff --git a/tls/generate_cert.go b/tls/generate_cert.go index 3ece82e2..ebcfd5cc 100644 --- a/tls/generate_cert.go +++ b/tls/generate_cert.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ignore // +build ignore // Generate a self-signed X.509 certificate for a TLS server. Outputs to diff --git a/tls/handshake_unix_test.go b/tls/handshake_unix_test.go index 72718544..19fc6986 100644 --- a/tls/handshake_unix_test.go +++ b/tls/handshake_unix_test.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris package tls diff --git a/x509/extended_key_usage_gen.go b/x509/extended_key_usage_gen.go index 087fbda5..d70dff35 100644 --- a/x509/extended_key_usage_gen.go +++ b/x509/extended_key_usage_gen.go @@ -1,5 +1,6 @@ // The following directive is necessary to make the package coherent: +//go:build ignore // +build ignore // This program generates extended_key_usage.go. It can be invoked by running diff --git a/x509/root_unix.go b/x509/root_unix.go index bf9e3b19..e6a1a885 100644 --- a/x509/root_unix.go +++ b/x509/root_unix.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build aix || dragonfly || freebsd || (js && wasm) || linux || netbsd || openbsd || solaris // +build aix dragonfly freebsd js,wasm linux netbsd openbsd solaris package x509 diff --git a/x509/root_unix_test.go b/x509/root_unix_test.go index 41d4ae58..0af0ce98 100644 --- a/x509/root_unix_test.go +++ b/x509/root_unix_test.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris // +build dragonfly freebsd linux netbsd openbsd solaris package x509 diff --git a/x509/x509_test_import.go b/x509/x509_test_import.go index 4a0645c7..4df5f74c 100644 --- a/x509/x509_test_import.go +++ b/x509/x509_test_import.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build ignore // +build ignore // This file is run by the x509 tests to ensure that a program with minimal From b1f1309f0fa14e4b2e565d64b55d47dcb3528824 Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Thu, 13 Apr 2023 10:31:07 -0400 Subject: [PATCH 23/40] verifier: add AppendFromPEMErr method --- data/test/certificates/fpki.go | 25 +++++++++ verifier/graph.go | 18 +++++-- verifier/graph_test.go | 92 +++++++++++++++++++++++++++++++--- 3 files changed, 125 insertions(+), 10 deletions(-) diff --git a/data/test/certificates/fpki.go b/data/test/certificates/fpki.go index 06a8a93e..24400dbe 100644 --- a/data/test/certificates/fpki.go +++ b/data/test/certificates/fpki.go @@ -119,6 +119,31 @@ fOs/QbP1b0s6Xq5vk3aY0vGZnUXEjnI= -----END CERTIFICATE----- ` +// CorruptCertificate is a mangled certificate which is not valid ASN.1 +const CorruptCertificate = ` +-----BEGIN CERTIFICATE----- +MIFDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT +A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xMjAzMjAxODQ2NDFaFw0y +OTEyMzAxODQ2NDFaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQFFFFFFFNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg +Um9vdCBDQSAzMIIBIjANBgQQQQQQQQQQQQQQAAOCAQ8AMIIBCgKCAQEAqewUcoro +S3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXEZG7v8WAjywpmQK60yGgqAFFo +STfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14YGiNbvT8f8u2NGcwD0UCkj6cg +AkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy1DekNdZv7hezsQarCxmG6CNt +MRsoeGXF3mJSvMF96+6gIHOPETHISWORKSGCTPC/unRAOwwERYBnXMXrolfDGn8K +Lb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJOuQL2erp/DtzNG/955jk86HC +kF8c9T8u1xnTfwIDAQABo0IwQDAdBgNVHQ4EFgQUbIqUonexgHIdgXoWqvLczmbu +RcAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAJ9xpMC2ltKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASDFLiH+H +9Jj1qMYJyR/wLB/sgrj0pUc4wTMr30x+mr4LC7HLD3xQKBDPio2i6bqshtfUsZNf +Io+WBbRODHWRfdPy55TClBR2T48MqxCHWDKFB3WGEgte6lO0CshMhJIf6+hBhjy6 +9E5BStFsWEdBw4Za8u7p8pgnguouNtb4Bl6C8aBSk0QJutKpGVpYo6hdIG1PZPgw +hxuQE0iBzcqQxw3B1Jg/jvIOV2gzEo6ZCbHw5PYQ9DbySb3qozjIVkEjg5rfoRs1 +fOs/QbP1b0s6Xq5vk3aY0vGZnUXEjnI= +-----END CERTIFICATE----- +` + // HexHashDoDRootCA3SignedBySelf is the hex SHA256 fingerprint of // DoDRootCA3SignedBySelf. const HexHashDoDRootCA3SignedBySelf = "b107b33f453e5510f68e513110c6f6944bacc263df0137f821c1b3c2f8f863d2" diff --git a/verifier/graph.go b/verifier/graph.go index 17328cdd..e289bda7 100644 --- a/verifier/graph.go +++ b/verifier/graph.go @@ -254,12 +254,23 @@ func (g *Graph) IsRoot(c *x509.Certificate) bool { } // AppendFromPEM adds any certificates encoded as PEM from r to the graph. If -// root is true, it marks them as roots. It returns the number of certificates -// parsed. +// root is true, it marks them as roots. It completely ignores all errors, and +// is deprecated. Use AppendFromPEMErr, which this function wraps, instead. func (g *Graph) AppendFromPEM(r io.Reader, root bool) int { + n, _, _ := g.AppendFromPEMErr(r, root) + return n +} + +// AppendFromPEM adds any certificates encoded as PEM from r to the graph. If +// root is true, it marks them as roots. It returns: +// - The number of certificates parsed +// - A slice of errors encountered while parsing certificates +// - Any non-EOF error encountered reading from r +func (g *Graph) AppendFromPEMErr(r io.Reader, root bool) (int, []error, error) { count := 0 scanner := bufio.NewScanner(r) scanner.Split(zcertificate.ScannerSplitPEM) + var parsingErrs []error for scanner.Scan() { p, _ := pem.Decode(scanner.Bytes()) if p == nil { @@ -267,6 +278,7 @@ func (g *Graph) AppendFromPEM(r io.Reader, root bool) int { } c, err := x509.ParseCertificate(p.Bytes) if err != nil { + parsingErrs = append(parsingErrs, err) continue } g.AddCert(c) @@ -275,7 +287,7 @@ func (g *Graph) AppendFromPEM(r io.Reader, root bool) int { } count++ } - return count + return count, parsingErrs, scanner.Err() } // NewGraphEdgeSet initializes an empty GraphEdgeSet. diff --git a/verifier/graph_test.go b/verifier/graph_test.go index a1f3ce6a..5b4cb802 100644 --- a/verifier/graph_test.go +++ b/verifier/graph_test.go @@ -16,8 +16,11 @@ package verifier import ( "encoding/hex" + "errors" + "io" "strings" "testing" + "testing/iotest" "github.com/zmap/zcrypto/x509" @@ -35,6 +38,45 @@ type graphTest struct { expectedEdges []edgeIdx } +type graphErrorTest struct { + name string + in io.Reader + errs int + err error +} + +var graphErrorTests = []graphErrorTest{ + { + name: "io", + in: iotest.ErrReader(io.ErrUnexpectedEOF), + errs: 0, + err: io.ErrUnexpectedEOF, + }, + { + name: "parsing", + in: strings.NewReader(data.CorruptCertificate), + errs: 1, + err: nil, + }, + { + name: "both", + in: io.MultiReader( + strings.NewReader( + strings.Join( + []string{ + data.CorruptCertificate, + data.CorruptCertificate, + }, + "\n", + ), + ), + iotest.ErrReader(io.ErrUnexpectedEOF), + ), + errs: 2, + err: io.ErrUnexpectedEOF, + }, +} + var graphTests = []graphTest{ { name: "one-certificate", @@ -401,12 +443,48 @@ func TestGraph(t *testing.T) { func TestAppendFromPEM(t *testing.T) { for _, test := range graphTests { - g := NewGraph() - joined := strings.Join(test.certificates, "\n") - r := strings.NewReader(joined) - n := g.AppendFromPEM(r, false) - if len(test.certificates) != n { - t.Errorf("%s: expected size %d, got %d", test.name, len(test.certificates), n) - } + t.Run(test.name, func(t *testing.T) { + g := NewGraph() + joined := strings.Join(test.certificates, "\n") + r := strings.NewReader(joined) + n := g.AppendFromPEM(r, false) + if len(test.certificates) != n { + t.Errorf("%s: expected size %d, got %d", test.name, len(test.certificates), n) + } + }) } } + +func TestAppendFromPEMErr(t *testing.T) { + for _, test := range graphTests { + t.Run(test.name, func(t *testing.T) { + g := NewGraph() + joined := strings.Join(test.certificates, "\n") + r := strings.NewReader(joined) + n, errs, err := g.AppendFromPEMErr(r, false) + if len(errs) > 0 { + t.Errorf("expected no parsing errors, got %d: %v", len(errs), errs) + } + if err != nil { + t.Errorf("expected nil err, got %v", err) + } + if len(test.certificates) != n { + t.Errorf("%s: expected size %d, got %d", test.name, len(test.certificates), n) + } + }) + } + + t.Run("errors", func(t *testing.T) { + for _, test := range graphErrorTests { + t.Run(test.name, func(t *testing.T) { + _, errs, err := NewGraph().AppendFromPEMErr(test.in, false) + if len(errs) != test.errs { + t.Errorf("want %d parsing errs got %d", test.errs, len(errs)) + } + if !errors.Is(err, test.err) { + t.Errorf("expected error %v but got %v", test.err, err) + } + }) + } + }) +} From f9aa5b94fdd39192f82742635b2d3abf9d4a71c2 Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Fri, 28 Apr 2023 13:36:04 -0400 Subject: [PATCH 24/40] verifier: set ValidSignature for certificates in the graph --- verifier/walk.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/verifier/walk.go b/verifier/walk.go index a84d68bb..ce4f3300 100644 --- a/verifier/walk.go +++ b/verifier/walk.go @@ -49,7 +49,11 @@ func (g *Graph) WalkChainsAsync(c *x509.Certificate, opt WalkOptions) chan x509. c.ValidSignature = true break } + } else { + // We already trust the signatures in the graph. + c.ValidSignature = true } + go g.walkFromEdgeToRoot(start, out) return out } From 84259cd741285631ac0e9821bed393935791eb01 Mon Sep 17 00:00:00 2001 From: Elliot Cubit Date: Thu, 7 Sep 2023 14:26:02 -0400 Subject: [PATCH 25/40] pkix: marshal nonstandard name attributes only once --- x509/json_test.go | 8 ++++---- x509/pkix/pkix.go | 21 +-------------------- 2 files changed, 5 insertions(+), 24 deletions(-) diff --git a/x509/json_test.go b/x509/json_test.go index 85d6855e..c7170dee 100644 --- a/x509/json_test.go +++ b/x509/json_test.go @@ -24,7 +24,7 @@ func TestCertificateJSON(t *testing.T) { }, { file: "ian.test.cert", - expected: `{"version":3,"serial_number":"13905679301969112323","signature_algorithm":{"name":"SHA1-RSA","oid":"1.2.840.113549.1.1.5"},"issuer":{"common_name":["IAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@iantest.com"]},"issuer_dn":"emailAddress=test@iantest.com, CN=IAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US, emailAddress=test@iantest.com","validity":{"start":"2016-09-07T21:10:12Z","end":"2017-09-07T21:10:12Z","length":31536000},"subject":{"common_name":["IAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@iantest.com"]},"subject_dn":"emailAddress=test@iantest.com, CN=IAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US, emailAddress=test@iantest.com","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"5Sj63YALzwmLnXNWuFmAZlv6sWelKFbP+SWPPEtsjXGHE8R0rAE6lRjjCPw8CRMIIQgGeyxDuB0kLDiR6gG6aHOOb1hdOcxhS7Cw7YsICeZ7V6fN9+opFGwdKJ998TvWsl1Vw2crfTL0P9YmRivevk9kOVfmj/dFvqRzLL81CmNnDwfsgqo4l1/WxpOpB5+gua5Fu+q3WyEk8oPcr5jX5z4d8AVhi1ZUYBr8wNrlR/RWfTJYqL0uch6hg2dLlzodG7v6kKSH/GVhPd1+eL4Kp4kNaFiJkHstRDz9YZ0y505Z8VF9V3WRsZ7l6JyyRR7dbqJTwiVYM7uESKN2inDMYw==","length":2048},"fingerprint_sha256":"688d5164e9da2ebcbcc8dca96513f500687acc7a70aa025c7f268a75ebc23f71"},"extensions":{"key_usage":{"digital_signature":true,"key_encipherment":true,"value":5},"issuer_alt_name":{"dns_names":["example.1.com","example.2.com"],"email_addresses":["test@iantest.com","test2@iantest2.com"],"ip_addresses":["1.2.3.4"],"other_names":[{"id":"1.2.3.4","value":"DCBEQlZ6YjIxbElHOTBhR1Z5SUdsa1pXNTBhV1pwWlhJPQ=="}],"registered_ids":["1.2.3.4"],"uniform_resource_identifiers":["http://www.insecure.com"]}},"signature":{"signature_algorithm":{"name":"SHA1-RSA","oid":"1.2.840.113549.1.1.5"},"value":"NKUyMbXEPqjfHmhThDqPF5onrwqVAtumI0FQtfZs7V1Ve4fPU+Hc7jNvyGzv3h2qynKORbX+ZgXX1yUaVL3VJBpKogwr8ogpVbr5q/D5KrIwI8nUHF9meMPjDj0imtuE4KqSSvHa9YqT16e1iMwcs9vYEmpetIVs8pGIUp9DtpSKV9sn0ZlaLRO4lA1Cx25N8W5Ue3Qoj78Vl/lZCIBn4Whqpo/h5joOlETNyghzm8Cw0PAMviC/k/rFstizrWa1c8s60Ex5S3A4cdIvF03U5mwYSGMxgfi7TvD6uRlp/L7t6VSxHChq3C9j965Xec2qK6klS/4XXVAizN7/V/6TEA==","valid":true,"self_signed":true},"fingerprint_md5":"b930cccf8bf02db782dadb8e7171d783","fingerprint_sha1":"51e9e3ddf2d7d46bd269851efbcb574aa4ac47c1","fingerprint_sha256":"2b96e909ccec2ef95d0ef20678a05844c46308d44a78958b4fa9e474a522683b","tbs_noct_fingerprint":"7729889cecc4fd392a4b1bff3222093345e3cc0a7b8f35b1fb3b2a7201818093","spki_subject_fingerprint":"d417ddc01fb3d88a50ed9dca6fd7e1484e6043dc64fc743fbb17f57af10cc13b","tbs_fingerprint":"7729889cecc4fd392a4b1bff3222093345e3cc0a7b8f35b1fb3b2a7201818093","validation_level":"unknown","redacted":false}`, + expected: `{"version":3,"serial_number":"13905679301969112323","signature_algorithm":{"name":"SHA1-RSA","oid":"1.2.840.113549.1.1.5"},"issuer":{"common_name":["IAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@iantest.com"]},"issuer_dn":"emailAddress=test@iantest.com, CN=IAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US","validity":{"start":"2016-09-07T21:10:12Z","end":"2017-09-07T21:10:12Z","length":31536000},"subject":{"common_name":["IAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@iantest.com"]},"subject_dn":"emailAddress=test@iantest.com, CN=IAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"5Sj63YALzwmLnXNWuFmAZlv6sWelKFbP+SWPPEtsjXGHE8R0rAE6lRjjCPw8CRMIIQgGeyxDuB0kLDiR6gG6aHOOb1hdOcxhS7Cw7YsICeZ7V6fN9+opFGwdKJ998TvWsl1Vw2crfTL0P9YmRivevk9kOVfmj/dFvqRzLL81CmNnDwfsgqo4l1/WxpOpB5+gua5Fu+q3WyEk8oPcr5jX5z4d8AVhi1ZUYBr8wNrlR/RWfTJYqL0uch6hg2dLlzodG7v6kKSH/GVhPd1+eL4Kp4kNaFiJkHstRDz9YZ0y505Z8VF9V3WRsZ7l6JyyRR7dbqJTwiVYM7uESKN2inDMYw==","length":2048},"fingerprint_sha256":"688d5164e9da2ebcbcc8dca96513f500687acc7a70aa025c7f268a75ebc23f71"},"extensions":{"key_usage":{"digital_signature":true,"key_encipherment":true,"value":5},"issuer_alt_name":{"dns_names":["example.1.com","example.2.com"],"email_addresses":["test@iantest.com","test2@iantest2.com"],"ip_addresses":["1.2.3.4"],"other_names":[{"id":"1.2.3.4","value":"DCBEQlZ6YjIxbElHOTBhR1Z5SUdsa1pXNTBhV1pwWlhJPQ=="}],"registered_ids":["1.2.3.4"],"uniform_resource_identifiers":["http://www.insecure.com"]}},"signature":{"signature_algorithm":{"name":"SHA1-RSA","oid":"1.2.840.113549.1.1.5"},"value":"NKUyMbXEPqjfHmhThDqPF5onrwqVAtumI0FQtfZs7V1Ve4fPU+Hc7jNvyGzv3h2qynKORbX+ZgXX1yUaVL3VJBpKogwr8ogpVbr5q/D5KrIwI8nUHF9meMPjDj0imtuE4KqSSvHa9YqT16e1iMwcs9vYEmpetIVs8pGIUp9DtpSKV9sn0ZlaLRO4lA1Cx25N8W5Ue3Qoj78Vl/lZCIBn4Whqpo/h5joOlETNyghzm8Cw0PAMviC/k/rFstizrWa1c8s60Ex5S3A4cdIvF03U5mwYSGMxgfi7TvD6uRlp/L7t6VSxHChq3C9j965Xec2qK6klS/4XXVAizN7/V/6TEA==","valid":true,"self_signed":true},"fingerprint_md5":"b930cccf8bf02db782dadb8e7171d783","fingerprint_sha1":"51e9e3ddf2d7d46bd269851efbcb574aa4ac47c1","fingerprint_sha256":"2b96e909ccec2ef95d0ef20678a05844c46308d44a78958b4fa9e474a522683b","tbs_noct_fingerprint":"7729889cecc4fd392a4b1bff3222093345e3cc0a7b8f35b1fb3b2a7201818093","spki_subject_fingerprint":"d417ddc01fb3d88a50ed9dca6fd7e1484e6043dc64fc743fbb17f57af10cc13b","tbs_fingerprint":"7729889cecc4fd392a4b1bff3222093345e3cc0a7b8f35b1fb3b2a7201818093","validation_level":"unknown","redacted":false}`, }, { file: "name.constraint.test.cert", @@ -32,7 +32,7 @@ func TestCertificateJSON(t *testing.T) { }, { file: "san.test.cert", - expected: `{"version":3,"serial_number":"11969031822203118914","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["SAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@santest.com"]},"issuer_dn":"emailAddress=test@santest.com, CN=SAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US, emailAddress=test@santest.com","validity":{"start":"2016-08-24T18:55:08Z","end":"2018-08-24T18:55:08Z","length":63072000},"subject":{"common_name":["SAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@santest.com"]},"subject_dn":"emailAddress=test@santest.com, CN=SAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US, emailAddress=test@santest.com","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"zNNJPiLkZhaNcLFfuffykzP4925ggaM+XcLoNkvvHivT4bqFKChmhTbE5J9ZGJgy2adniWEApjQHLRhRui6aO4CWkbP63iJTKJ1CyjV2tUO4ObgMsWlsOPD0ccqUdqw3QpqTgvelBIjENl+bB9yXSe+kDb64cQpi9SaT1STVr/CTrDpDD0THdf1GFqFlKM0ioY8u2pa293rn50o9TLtIr4l6kzQaRopzfZPnJ+CWXTjGIp4YypULsbvp8LIcPIRyp/6U7j8XMhJr33DW5wOfPcKBT/aJm5PILRwKHodQ14yNxKW0g+OizTHKdRkVHEKSwFEp4rEfsr20erx6Vyh7Fq+7IjoP/5gTbNJmWRxJ1h88xpCxETNfpqXt4x5LkTA9sXpMNTk4Bpy02k/0KNMqTO2osI5Mof5+hxGe7CkhaB1OujmaoPMRB7+cKCIf5dv1u+0GH4k7YlOwYiev+mHzIOd04rdJG0MN/y60tEgjs7JiC75AKMldRfqHZ+ZII0NV","length":3072},"fingerprint_sha256":"8aef7c362bb4dfc4a83f33dcdcb016b1473ed2a87cb815ddf332f6eb076bd133"},"extensions":{"basic_constraints":{"is_ca":true},"subject_alt_name":{"directory_names":[{"common_name":["My Name"],"country":["US"],"organization":["My Organization"],"organizational_unit":["My Unit"]}],"dns_names":["dns1.test.com","dns2.test.com"],"email_addresses":["email@testsan.com"],"ip_addresses":["1.2.3.4"],"other_names":[{"id":"1.2.3.4","value":"DBVzb21lIG90aGVyIGlkZW50aWZpZXI="}],"registered_ids":["1.2.3.4"],"uniform_resource_identifiers":["http://watchit.com/"]},"authority_key_id":"b970e26ca9347b9f94a434d931d0891cdc273f56","subject_key_id":"b970e26ca9347b9f94a434d931d0891cdc273f56"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"FAHBXJgYGi3MSKfj8npv+C1LlBbUdSMvqBEm4VSYIrsWHQeAabn4xiEzEs9QX3JsJD/muSo5y7VOiDOOuICPgh8ZDVJ1Rp1IFpr3HZsvLxLaKC7p/6Qc9MOFrZR2zwLjTc4VgVJ2r1X596duXuE/we5RMfAPTrqT20CVuiblsF2vvOJLmQr9o17a0kqAVukkffUoGvHRe1FC4lO4BkJq1DiXzRSUwxXh9Mzb4aGkNzltgP3HSXPzXTAGq9YxDoV86S1ITzTHDlFQpZoCsXXG4FKhw64gKWO3mFAbM8YMp4cLzdci9TRbiJVO/ZZnNROlBfPQTLtxSri5Emj9sWCDLAW3TGfDRDCPsYZGcImhpNFtlUkt+RLhdMsQk95lcahZp9pyHd2NgjsaSsQdJ+/H3F6+7nUTiwHmF0+yUfp6I5uVoFwEM1LYPWQ+YFfDSaZqzYty9TxwIBy57w59l74+lcx4AilhpT9yam5UfknMXdfI+ZYLK+uuqqhvcEKP+hR6","valid":true,"self_signed":true},"fingerprint_md5":"ce2473da2a3c2f6f6abd24523acd70e3","fingerprint_sha1":"8cdead6be60527f06708cd2a3b771914dcc5e927","fingerprint_sha256":"97f710a8fbec337da46bdc700df02029e1bd68abd1ccf8a1e8c61cd0db99b5bf","tbs_noct_fingerprint":"1ce4125fdc6a8fb884ca8c83e7b0e26fcddf5703ff3c4819573b9c907f33fbc0","spki_subject_fingerprint":"603db6169df03726f8f3c390a8f2e48ad749da598ea8b16befaed05c7ff62d4e","tbs_fingerprint":"1ce4125fdc6a8fb884ca8c83e7b0e26fcddf5703ff3c4819573b9c907f33fbc0","validation_level":"unknown","names":["1.2.3.4","dns1.test.com","dns2.test.com","http://watchit.com/"],"redacted":false}`, + expected: `{"version":3,"serial_number":"11969031822203118914","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["SAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@santest.com"]},"issuer_dn":"emailAddress=test@santest.com, CN=SAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US","validity":{"start":"2016-08-24T18:55:08Z","end":"2018-08-24T18:55:08Z","length":63072000},"subject":{"common_name":["SAN Test"],"country":["US"],"locality":["Champaign"],"province":["IL"],"organization":["UIUC"],"organizational_unit":["CS"],"email_address":["test@santest.com"]},"subject_dn":"emailAddress=test@santest.com, CN=SAN Test, OU=CS, O=UIUC, L=Champaign, ST=IL, C=US","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"zNNJPiLkZhaNcLFfuffykzP4925ggaM+XcLoNkvvHivT4bqFKChmhTbE5J9ZGJgy2adniWEApjQHLRhRui6aO4CWkbP63iJTKJ1CyjV2tUO4ObgMsWlsOPD0ccqUdqw3QpqTgvelBIjENl+bB9yXSe+kDb64cQpi9SaT1STVr/CTrDpDD0THdf1GFqFlKM0ioY8u2pa293rn50o9TLtIr4l6kzQaRopzfZPnJ+CWXTjGIp4YypULsbvp8LIcPIRyp/6U7j8XMhJr33DW5wOfPcKBT/aJm5PILRwKHodQ14yNxKW0g+OizTHKdRkVHEKSwFEp4rEfsr20erx6Vyh7Fq+7IjoP/5gTbNJmWRxJ1h88xpCxETNfpqXt4x5LkTA9sXpMNTk4Bpy02k/0KNMqTO2osI5Mof5+hxGe7CkhaB1OujmaoPMRB7+cKCIf5dv1u+0GH4k7YlOwYiev+mHzIOd04rdJG0MN/y60tEgjs7JiC75AKMldRfqHZ+ZII0NV","length":3072},"fingerprint_sha256":"8aef7c362bb4dfc4a83f33dcdcb016b1473ed2a87cb815ddf332f6eb076bd133"},"extensions":{"basic_constraints":{"is_ca":true},"subject_alt_name":{"directory_names":[{"common_name":["My Name"],"country":["US"],"organization":["My Organization"],"organizational_unit":["My Unit"]}],"dns_names":["dns1.test.com","dns2.test.com"],"email_addresses":["email@testsan.com"],"ip_addresses":["1.2.3.4"],"other_names":[{"id":"1.2.3.4","value":"DBVzb21lIG90aGVyIGlkZW50aWZpZXI="}],"registered_ids":["1.2.3.4"],"uniform_resource_identifiers":["http://watchit.com/"]},"authority_key_id":"b970e26ca9347b9f94a434d931d0891cdc273f56","subject_key_id":"b970e26ca9347b9f94a434d931d0891cdc273f56"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"FAHBXJgYGi3MSKfj8npv+C1LlBbUdSMvqBEm4VSYIrsWHQeAabn4xiEzEs9QX3JsJD/muSo5y7VOiDOOuICPgh8ZDVJ1Rp1IFpr3HZsvLxLaKC7p/6Qc9MOFrZR2zwLjTc4VgVJ2r1X596duXuE/we5RMfAPTrqT20CVuiblsF2vvOJLmQr9o17a0kqAVukkffUoGvHRe1FC4lO4BkJq1DiXzRSUwxXh9Mzb4aGkNzltgP3HSXPzXTAGq9YxDoV86S1ITzTHDlFQpZoCsXXG4FKhw64gKWO3mFAbM8YMp4cLzdci9TRbiJVO/ZZnNROlBfPQTLtxSri5Emj9sWCDLAW3TGfDRDCPsYZGcImhpNFtlUkt+RLhdMsQk95lcahZp9pyHd2NgjsaSsQdJ+/H3F6+7nUTiwHmF0+yUfp6I5uVoFwEM1LYPWQ+YFfDSaZqzYty9TxwIBy57w59l74+lcx4AilhpT9yam5UfknMXdfI+ZYLK+uuqqhvcEKP+hR6","valid":true,"self_signed":true},"fingerprint_md5":"ce2473da2a3c2f6f6abd24523acd70e3","fingerprint_sha1":"8cdead6be60527f06708cd2a3b771914dcc5e927","fingerprint_sha256":"97f710a8fbec337da46bdc700df02029e1bd68abd1ccf8a1e8c61cd0db99b5bf","tbs_noct_fingerprint":"1ce4125fdc6a8fb884ca8c83e7b0e26fcddf5703ff3c4819573b9c907f33fbc0","spki_subject_fingerprint":"603db6169df03726f8f3c390a8f2e48ad749da598ea8b16befaed05c7ff62d4e","tbs_fingerprint":"1ce4125fdc6a8fb884ca8c83e7b0e26fcddf5703ff3c4819573b9c907f33fbc0","validation_level":"unknown","names":["1.2.3.4","dns1.test.com","dns2.test.com","http://watchit.com/"],"redacted":false}`, }, { file: "dsa_pk.cert", @@ -56,11 +56,11 @@ func TestCertificateJSON(t *testing.T) { }, { file: "qwac.pem", - expected: `{"version":3,"serial_number":"202093337738244911112370","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["Buypass Class 3 CA 2"],"country":["NO"],"organization":["Buypass AS-983163327"]},"issuer_dn":"CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO","validity":{"start":"2020-02-04T14:05:09Z","end":"2022-02-03T22:59:00Z","length":63104031},"subject":{"common_name":["qwac.prod.vipps.no"],"serial_number":["918713867"],"country":["NO"],"locality":["OSLO"],"organization":["VIPPS AS"],"postal_code":["0150"],"jurisdiction_country":["NO"],"organization_id":["PSDNO-FSA-918713867"]},"subject_dn":"serialNumber=918713867, organizationIdentifier=PSDNO-FSA-918713867, CN=qwac.prod.vipps.no, O=VIPPS AS, C=NO, jurisdictionCountry=NO, businessCategory=Private Organization, L=OSLO, postalCode=0150, organizationIdentifier=PSDNO-FSA-918713867, jurisdictionCountry=NO, businessCategory=Private Organization","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"pZhG4M3ej2sh+PdDZdMP6mW2w0Ulw11O6xg2NWaU4qypfggxS+HC5QM65GGyvHZh0BlVTYs1zuIQSxeylitwcoyOLpv1kZtXtvhXjGlnJJJCXOJh6g86WeWrhUxHFOQQtvtFg7ZhaYpeyldabnHcDcyxq3LVQmRL6WQwSQgEHCIlXCSI5+DCcBKr9iZYokq0kAg6jCFJojhUypv/rRYS2C3HBWtlWiw1Ln0BeJVEzXaCyQsmtX/TQb0W4O1YhGmvj7fC+P+mQh4PJqwd2mU5CGjcJWLdd664TudjU8uDiR7/VgwaCbi0m8ugcJNxvZ3/yLElj95aHY6gKG+rmciIGQ==","length":2048},"fingerprint_sha256":"7e0b4098d838ebe5238997c5418ea20b96a1f7e9b643293885197d609d09e77c"},"extensions":{"key_usage":{"digital_signature":true,"key_encipherment":true,"value":5},"basic_constraints":{"is_ca":false},"subject_alt_name":{"dns_names":["qwac.prod.vipps.no"]},"crl_distribution_points":["http://crl.buypass.no/crl/BPClass3CA2.crl"],"authority_key_id":"22302ed2fbf64bcac0b83bd204c4e972e6979b0c","subject_key_id":"a002f1a7fd4a9e9932efeebaa1a3aa1e2ee7eec5","extended_key_usage":{"server_auth":true,"client_auth":true},"certificate_policies":[{"id":"2.16.578.1.26.1.3.3","cps":["https://www.buypass.no/cps"]},{"id":"2.23.140.1.1"},{"id":"0.4.0.194112.1.4"}],"authority_info_access":{"ocsp_urls":["http://ocsp.buypass.com"],"issuer_urls":["http://crt.buypass.no/crt/BPClass3CA2.cer"]},"ct_poison":true,"cabf_organization_id":{"scheme":"PSD","country":"NO","reference":"918713867"},"qc_statements":{"ids":["0.4.0.1862.1.1","0.4.0.19495.2","0.4.0.1862.1.6","0.4.0.1862.1.5"],"parsed":{"etsi_compliance":[true],"types":[{"ids":["0.4.0.1862.1.6.3"]}],"pds_locations":[{"locations":[{"url":"https://www.buypass.no/pds/pds_en.pdf","language":"en"}]}]}}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"C6EnzHU7tGVa2HUw0Y3KaRtgSkF3FNAsO63VRac/SZMykM60bM9nuwdy46/o01iQ+wi+P/kS5r6UYIBOwLOmv6PrMuj+nV3YhADI9/A1R4MqEjKWHzVefTXUT6vWOm7JDf2n4H3wdh/LxdfjxEn01/NcCPh+HEgatldcoXpnirVKctO2Kgg5dD2uLWtPQixr2aJQx+4wALCBG7cwKmp0M9CLJv35+O2/1dMwhm95NfpcX6t53F7M9720fTeFTYALX1jdN2SxA7VyHqhkc0poTNtKtutRkMMWkwcDSz/FD0NMjJdsaVIJ+bdB7gh7JT1hd4CBJDKRhNRq9aSGGIcEeQ==","valid":false,"self_signed":false},"fingerprint_md5":"ed91f4dc129bb1e645e36454b4955fd6","fingerprint_sha1":"f1b7533029586920ee56df926bc59dcd8cfa3630","fingerprint_sha256":"f42775eeb4baa39ab4ba0e3a37ee2f30a41267274ea20a75ae2721cae39f9a83","tbs_noct_fingerprint":"cff7cb3009a22b725e4d3d71762c377cbdefd196cff2712a0893e2c29870b320","spki_subject_fingerprint":"b4e3dff7dbac7fa5744f916ddaac9bb7ac09f6914c523d8cd356b543b621802c","tbs_fingerprint":"e5d2338b23acb820d285a04b800aa4f9fc162c8c919cb2b957f2b2209848a0b2","validation_level":"EV","names":["qwac.prod.vipps.no"],"redacted":false}`, + expected: `{"version":3,"serial_number":"202093337738244911112370","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["Buypass Class 3 CA 2"],"country":["NO"],"organization":["Buypass AS-983163327"]},"issuer_dn":"CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO","validity":{"start":"2020-02-04T14:05:09Z","end":"2022-02-03T22:59:00Z","length":63104031},"subject":{"common_name":["qwac.prod.vipps.no"],"serial_number":["918713867"],"country":["NO"],"locality":["OSLO"],"organization":["VIPPS AS"],"postal_code":["0150"],"jurisdiction_country":["NO"],"organization_id":["PSDNO-FSA-918713867"]},"subject_dn":"serialNumber=918713867, organizationIdentifier=PSDNO-FSA-918713867, CN=qwac.prod.vipps.no, O=VIPPS AS, C=NO, jurisdictionCountry=NO, businessCategory=Private Organization, L=OSLO, postalCode=0150","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"pZhG4M3ej2sh+PdDZdMP6mW2w0Ulw11O6xg2NWaU4qypfggxS+HC5QM65GGyvHZh0BlVTYs1zuIQSxeylitwcoyOLpv1kZtXtvhXjGlnJJJCXOJh6g86WeWrhUxHFOQQtvtFg7ZhaYpeyldabnHcDcyxq3LVQmRL6WQwSQgEHCIlXCSI5+DCcBKr9iZYokq0kAg6jCFJojhUypv/rRYS2C3HBWtlWiw1Ln0BeJVEzXaCyQsmtX/TQb0W4O1YhGmvj7fC+P+mQh4PJqwd2mU5CGjcJWLdd664TudjU8uDiR7/VgwaCbi0m8ugcJNxvZ3/yLElj95aHY6gKG+rmciIGQ==","length":2048},"fingerprint_sha256":"7e0b4098d838ebe5238997c5418ea20b96a1f7e9b643293885197d609d09e77c"},"extensions":{"key_usage":{"digital_signature":true,"key_encipherment":true,"value":5},"basic_constraints":{"is_ca":false},"subject_alt_name":{"dns_names":["qwac.prod.vipps.no"]},"crl_distribution_points":["http://crl.buypass.no/crl/BPClass3CA2.crl"],"authority_key_id":"22302ed2fbf64bcac0b83bd204c4e972e6979b0c","subject_key_id":"a002f1a7fd4a9e9932efeebaa1a3aa1e2ee7eec5","extended_key_usage":{"server_auth":true,"client_auth":true},"certificate_policies":[{"id":"2.16.578.1.26.1.3.3","cps":["https://www.buypass.no/cps"]},{"id":"2.23.140.1.1"},{"id":"0.4.0.194112.1.4"}],"authority_info_access":{"ocsp_urls":["http://ocsp.buypass.com"],"issuer_urls":["http://crt.buypass.no/crt/BPClass3CA2.cer"]},"ct_poison":true,"cabf_organization_id":{"scheme":"PSD","country":"NO","reference":"918713867"},"qc_statements":{"ids":["0.4.0.1862.1.1","0.4.0.19495.2","0.4.0.1862.1.6","0.4.0.1862.1.5"],"parsed":{"etsi_compliance":[true],"types":[{"ids":["0.4.0.1862.1.6.3"]}],"pds_locations":[{"locations":[{"url":"https://www.buypass.no/pds/pds_en.pdf","language":"en"}]}]}}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"C6EnzHU7tGVa2HUw0Y3KaRtgSkF3FNAsO63VRac/SZMykM60bM9nuwdy46/o01iQ+wi+P/kS5r6UYIBOwLOmv6PrMuj+nV3YhADI9/A1R4MqEjKWHzVefTXUT6vWOm7JDf2n4H3wdh/LxdfjxEn01/NcCPh+HEgatldcoXpnirVKctO2Kgg5dD2uLWtPQixr2aJQx+4wALCBG7cwKmp0M9CLJv35+O2/1dMwhm95NfpcX6t53F7M9720fTeFTYALX1jdN2SxA7VyHqhkc0poTNtKtutRkMMWkwcDSz/FD0NMjJdsaVIJ+bdB7gh7JT1hd4CBJDKRhNRq9aSGGIcEeQ==","valid":false,"self_signed":false},"fingerprint_md5":"ed91f4dc129bb1e645e36454b4955fd6","fingerprint_sha1":"f1b7533029586920ee56df926bc59dcd8cfa3630","fingerprint_sha256":"f42775eeb4baa39ab4ba0e3a37ee2f30a41267274ea20a75ae2721cae39f9a83","tbs_noct_fingerprint":"cff7cb3009a22b725e4d3d71762c377cbdefd196cff2712a0893e2c29870b320","spki_subject_fingerprint":"b4e3dff7dbac7fa5744f916ddaac9bb7ac09f6914c523d8cd356b543b621802c","tbs_fingerprint":"e5d2338b23acb820d285a04b800aa4f9fc162c8c919cb2b957f2b2209848a0b2","validation_level":"EV","names":["qwac.prod.vipps.no"],"redacted":false}`, }, { file: "etsi_qc.pem", - expected: `{"version":3,"serial_number":"9591198274709138036589902159","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["Development Sub CA"],"country":["PK"],"organization":["Development"]},"issuer_dn":"CN=Development Sub CA, O=Development, C=PK","validity":{"start":"2019-09-25T09:37:57Z","end":"2029-10-26T09:37:57Z","length":318297600},"subject":{"common_name":["Muhammad Bilal Ashraf"],"serial_number":["578611675"],"country":["PK"],"organization":["Development"],"given_name":["Muhammad Bilal"],"surname":["Ashraf"]},"subject_dn":"CN=Muhammad Bilal Ashraf, SN=Ashraf, GN=Muhammad Bilal, serialNumber=578611675, O=Development, C=PK, SN=Ashraf, GN=Muhammad Bilal","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"2HPVolNvA0qVuwXPcXIdra/W/VOLzx5RyRjAHUC8ssYKPLJ5rNjUcAFrIMRBELVw1B+Sr3/671cDsh12nFkO4KfCpprvG9gpV2yLZPNhpUPqxpbXa6H6VQv4PYNHuf75kPJzyn2dkhw/RGNfiN9b/qM4LSxHzlrOe+gjN7uSaLEctr16v7lu650lbNC29XfG9FuRKeHAB04WoFtge6P3XwvRkHTVvcUjx0XSRD3Fbcvi/SqKZStFLN382Xp/uA7S+kX0eVHHyIgQyEydOq5lI1mTRCsJn0vOXav2YgZiHGvpDMzXPz/j/iAFblLmGeNFRUQDIrwTYUEfdGjBGOAlVw==","length":2048},"fingerprint_sha256":"bc898e576ca5b03513505d6433e91b4ada07f86a6ce3412d088db9580b13500e"},"extensions":{"key_usage":{"digital_signature":true,"content_commitment":true,"value":3},"basic_constraints":{"is_ca":false},"subject_alt_name":{"email_addresses":["bilal.ashraf@gmail.com"]},"crl_distribution_points":["http://dev.com/ca.crl"],"authority_key_id":"30cd83a736aca535ff211b37406eb2cf5f1c032f","subject_key_id":"5e3b7f1de8d5587eee26b3c792e65ac10e5fbb9d","extended_key_usage":{"email_protection":true},"certificate_policies":[{"id":"1.3.7.8.9","cps":["https://www.dev.com/repository/"]}],"authority_info_access":{"ocsp_urls":["http://dev.com/ocsp"],"issuer_urls":["http://dev.com/ca.crt"]},"qc_statements":{"ids":["0.4.0.1862.1.1","0.4.0.1862.1.3","0.4.0.1862.1.2","0.4.0.1862.1.4","0.4.0.1862.1.5","0.4.0.1862.1.6"],"parsed":{"etsi_compliance":[true],"sscd":[true],"types":[{"ids":["0.4.0.1862.1.6.1","0.4.0.1862.1.6.2","0.4.0.1862.1.6.3"]}],"limit":[{"currency":"EURO","amount":10,"exponent":2}],"pds_locations":[{"locations":[{"url":"https://dev.com/pds/en/pds.pdf","language":"en"}]}],"retention_period":[10]}}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"DyWYTIzvGbzIbUbfe0mHSNxjoacuhWWQLhyX/UfHZ5hdYL7osIvwvWu81hGiGK9Eo0279W0YexJ4qp90YIzG8kjKvK7XIbFLmYnCf7+8sXHcvH9w/b8W11cTWmC2+xuYgxCWvHkGwWVpEpZlkDc+YYjilUVQ7wIcingpT98Tek36RIZ8mcNqkXUTrCaWt9Ra4h732J87MSWydifEMYUi+fSKttw7cjBzf6Q5XFkWY0uQtY087EIRldezwa9CZASStaEVzQ7UTsOzLSbmYEQzKK8siO6Z+RjV86ZU47uSZ2cC++/SQBufAQ0Ch/tnN2O3vACfA30QhQblWHe9Wd4taA==","valid":false,"self_signed":false},"fingerprint_md5":"173780910e4430a16d0e7a4ed6667b9f","fingerprint_sha1":"ce69f32ca243df47f6fccb985d6d340b15d5a827","fingerprint_sha256":"a5885ab12e6260345007884baa9f1ca7343719d80381e3a7653be314e80dea34","tbs_noct_fingerprint":"5753c966f66d7db686320109cc4f79553fa25aa45917b8326aab7e9a42507f3b","spki_subject_fingerprint":"af9c1632cdf9bc7b1041ca90006c6956b44cfc0b224ff0c19228b980e8e1b280","tbs_fingerprint":"5753c966f66d7db686320109cc4f79553fa25aa45917b8326aab7e9a42507f3b","validation_level":"unknown","redacted":false}`, + expected: `{"version":3,"serial_number":"9591198274709138036589902159","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["Development Sub CA"],"country":["PK"],"organization":["Development"]},"issuer_dn":"CN=Development Sub CA, O=Development, C=PK","validity":{"start":"2019-09-25T09:37:57Z","end":"2029-10-26T09:37:57Z","length":318297600},"subject":{"common_name":["Muhammad Bilal Ashraf"],"serial_number":["578611675"],"country":["PK"],"organization":["Development"],"given_name":["Muhammad Bilal"],"surname":["Ashraf"]},"subject_dn":"CN=Muhammad Bilal Ashraf, SN=Ashraf, GN=Muhammad Bilal, serialNumber=578611675, O=Development, C=PK","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"2HPVolNvA0qVuwXPcXIdra/W/VOLzx5RyRjAHUC8ssYKPLJ5rNjUcAFrIMRBELVw1B+Sr3/671cDsh12nFkO4KfCpprvG9gpV2yLZPNhpUPqxpbXa6H6VQv4PYNHuf75kPJzyn2dkhw/RGNfiN9b/qM4LSxHzlrOe+gjN7uSaLEctr16v7lu650lbNC29XfG9FuRKeHAB04WoFtge6P3XwvRkHTVvcUjx0XSRD3Fbcvi/SqKZStFLN382Xp/uA7S+kX0eVHHyIgQyEydOq5lI1mTRCsJn0vOXav2YgZiHGvpDMzXPz/j/iAFblLmGeNFRUQDIrwTYUEfdGjBGOAlVw==","length":2048},"fingerprint_sha256":"bc898e576ca5b03513505d6433e91b4ada07f86a6ce3412d088db9580b13500e"},"extensions":{"key_usage":{"digital_signature":true,"content_commitment":true,"value":3},"basic_constraints":{"is_ca":false},"subject_alt_name":{"email_addresses":["bilal.ashraf@gmail.com"]},"crl_distribution_points":["http://dev.com/ca.crl"],"authority_key_id":"30cd83a736aca535ff211b37406eb2cf5f1c032f","subject_key_id":"5e3b7f1de8d5587eee26b3c792e65ac10e5fbb9d","extended_key_usage":{"email_protection":true},"certificate_policies":[{"id":"1.3.7.8.9","cps":["https://www.dev.com/repository/"]}],"authority_info_access":{"ocsp_urls":["http://dev.com/ocsp"],"issuer_urls":["http://dev.com/ca.crt"]},"qc_statements":{"ids":["0.4.0.1862.1.1","0.4.0.1862.1.3","0.4.0.1862.1.2","0.4.0.1862.1.4","0.4.0.1862.1.5","0.4.0.1862.1.6"],"parsed":{"etsi_compliance":[true],"sscd":[true],"types":[{"ids":["0.4.0.1862.1.6.1","0.4.0.1862.1.6.2","0.4.0.1862.1.6.3"]}],"limit":[{"currency":"EURO","amount":10,"exponent":2}],"pds_locations":[{"locations":[{"url":"https://dev.com/pds/en/pds.pdf","language":"en"}]}],"retention_period":[10]}}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"DyWYTIzvGbzIbUbfe0mHSNxjoacuhWWQLhyX/UfHZ5hdYL7osIvwvWu81hGiGK9Eo0279W0YexJ4qp90YIzG8kjKvK7XIbFLmYnCf7+8sXHcvH9w/b8W11cTWmC2+xuYgxCWvHkGwWVpEpZlkDc+YYjilUVQ7wIcingpT98Tek36RIZ8mcNqkXUTrCaWt9Ra4h732J87MSWydifEMYUi+fSKttw7cjBzf6Q5XFkWY0uQtY087EIRldezwa9CZASStaEVzQ7UTsOzLSbmYEQzKK8siO6Z+RjV86ZU47uSZ2cC++/SQBufAQ0Ch/tnN2O3vACfA30QhQblWHe9Wd4taA==","valid":false,"self_signed":false},"fingerprint_md5":"173780910e4430a16d0e7a4ed6667b9f","fingerprint_sha1":"ce69f32ca243df47f6fccb985d6d340b15d5a827","fingerprint_sha256":"a5885ab12e6260345007884baa9f1ca7343719d80381e3a7653be314e80dea34","tbs_noct_fingerprint":"5753c966f66d7db686320109cc4f79553fa25aa45917b8326aab7e9a42507f3b","spki_subject_fingerprint":"af9c1632cdf9bc7b1041ca90006c6956b44cfc0b224ff0c19228b980e8e1b280","tbs_fingerprint":"5753c966f66d7db686320109cc4f79553fa25aa45917b8326aab7e9a42507f3b","validation_level":"unknown","redacted":false}`, }, } for _, test := range tests { diff --git a/x509/pkix/pkix.go b/x509/pkix/pkix.go index 176b6c44..efa024e0 100644 --- a/x509/pkix/pkix.go +++ b/x509/pkix/pkix.go @@ -313,26 +313,7 @@ func (certList *CertificateList) HasExpired(now time.Time) bool { // String returns the string form of n, roughly following // the RFC 2253 Distinguished Names syntax. func (n Name) String() string { - var rdns RDNSequence - // If there are no ExtraNames, surface the parsed value (all entries in - // Names) instead. - if n.ExtraNames == nil { - for _, atv := range n.Names { - t := atv.Type - if len(t) == 4 && t[0] == 2 && t[1] == 5 && t[2] == 4 { - switch t[3] { - case 3, 5, 6, 7, 8, 9, 10, 11, 17: - // These attributes were already parsed into named fields. - continue - } - } - // Place non-standard parsed values at the beginning of the sequence - // so they will be at the end of the string. See Issue 39924. - rdns = append(rdns, []AttributeTypeAndValue{atv}) - } - } - rdns = append(rdns, n.ToRDNSequence()...) - return rdns.String() + return n.ToRDNSequence().String() } // OtherName represents the ASN.1 structure of the same name. See RFC From c093b7df25a2ec1ac21077ed1158bdccad925e38 Mon Sep 17 00:00:00 2001 From: Erik Awwad Date: Wed, 11 Sep 2024 12:41:14 -0700 Subject: [PATCH 26/40] make extension parsing more permissive (#387) * make extension parsing more permissive * allow permissive errros through on server certs --- tls/handshake_client.go | 3 +- x509/x509.go | 87 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/tls/handshake_client.go b/tls/handshake_client.go index e412bee8..301d9d41 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -20,6 +20,7 @@ import ( "sync/atomic" "time" + "github.com/zmap/zcrypto/encoding/asn1" "github.com/zmap/zcrypto/x509" ) @@ -853,7 +854,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { certs := make([]*x509.Certificate, len(certificates)) for i, asn1Data := range certificates { cert, err := x509.ParseCertificate(asn1Data) - if err != nil { + if err != nil && (!asn1.AllowPermissiveParsing || !strings.HasPrefix(err.Error(), "permissive")) { c.sendAlert(alertBadCertificate) return errors.New("tls: failed to parse certificate from server: " + err.Error()) } diff --git a/x509/x509.go b/x509/x509.go index 3ddf0ac7..498e0445 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -1668,6 +1668,9 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.SubjectUniqueId = in.TBSCertificate.SubjectUniqueId out.ExtensionsMap = make(map[string]pkix.Extension, len(in.TBSCertificate.Extensions)) + + // collect all permissive parse errors for extensions + var permissiveErrors []error for _, e := range in.TBSCertificate.Extensions { out.Extensions = append(out.Extensions, e) out.ExtensionsMap[e.Id.String()] = e @@ -1706,6 +1709,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.URIs, out.DirectoryNames, out.EDIPartyNames, out.IPAddresses, out.RegisteredIDs, out.FailedToParseNames, err = parseGeneralNames(e.Value) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } @@ -1719,6 +1726,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.IANURIs, out.IANDirectoryNames, out.IANEDIPartyNames, out.IANIPAddresses, out.IANRegisteredIDs, out.FailedToParseNames, err = parseGeneralNames(e.Value) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } @@ -1743,6 +1754,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var constraints nameConstraints _, err := asn1.Unmarshal(e.Value, &constraints) + if err != nil && asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } if err != nil { return nil, err } @@ -1762,6 +1777,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { case 4: var rawdn pkix.RDNSequence if _, err := asn1.Unmarshal(subtree.Value.Bytes, &rawdn); err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } var dn pkix.Name @@ -1771,6 +1790,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var ediName pkix.EDIPartyName _, err = asn1.UnmarshalWithParams(subtree.Value.FullBytes, &ediName, "tag:5") if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } out.PermittedEdiPartyNames = append(out.PermittedEdiPartyNames, GeneralSubtreeEdi{Data: ediName, Max: subtree.Max, Min: subtree.Min}) @@ -1793,6 +1816,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var id asn1.ObjectIdentifier _, err = asn1.UnmarshalWithParams(subtree.Value.FullBytes, &id, "tag:8") if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } out.PermittedRegisteredIDs = append(out.PermittedRegisteredIDs, GeneralSubtreeOid{Data: id, Max: subtree.Max, Min: subtree.Min}) @@ -1809,6 +1836,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { case 4: var rawdn pkix.RDNSequence if _, err := asn1.Unmarshal(subtree.Value.Bytes, &rawdn); err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } var dn pkix.Name @@ -1818,6 +1849,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var ediName pkix.EDIPartyName _, err = asn1.Unmarshal(subtree.Value.Bytes, &ediName) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } out.ExcludedEdiPartyNames = append(out.ExcludedEdiPartyNames, GeneralSubtreeEdi{Data: ediName, Max: subtree.Max, Min: subtree.Min}) @@ -1840,6 +1875,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var id asn1.ObjectIdentifier _, err = asn1.Unmarshal(subtree.Value.Bytes, &id) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return out, err } out.ExcludedRegisteredIDs = append(out.ExcludedRegisteredIDs, GeneralSubtreeOid{Data: id, Max: subtree.Max, Min: subtree.Min}) @@ -1863,6 +1902,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var cdp []distributionPoint _, err := asn1.Unmarshal(e.Value, &cdp) + if err != nil && asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } if err != nil { return nil, err } @@ -1883,6 +1926,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { for len(dpName) > 0 { dpName, err = asn1.Unmarshal(dpName, &n) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } if n.Tag == 6 { @@ -1897,6 +1944,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { var a authKeyId _, err = asn1.Unmarshal(e.Value, &a) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } out.AuthorityKeyId = a.Id @@ -1934,6 +1985,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { // RFC 5280, 4.2.1.2 var keyid []byte _, err = asn1.Unmarshal(e.Value, &keyid) + if err != nil && asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } if err != nil { return nil, err } @@ -1944,6 +1999,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { // RFC 5280 4.2.1.4: Certificate Policies var policies []policyInformation if _, err = asn1.Unmarshal(e.Value, &policies); err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } out.PolicyIdentifiers = make([]asn1.ObjectIdentifier, len(policies)) @@ -2027,6 +2086,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { // RFC 5280 4.2.2.1: Authority Information Access var aia []authorityInfoAccess if _, err = asn1.Unmarshal(e.Value, &aia); err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } @@ -2043,6 +2106,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { } } else if e.Id.Equal(oidExtensionSignedCertificateTimestampList) { err := parseSignedCertificateTimestampList(out, e) + if err != nil && asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } if err != nil { return nil, err } @@ -2058,6 +2125,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { } else if e.Id.Equal(oidBRTorServiceDescriptor) { descs, err := parseTorServiceDescriptorSyntax(e) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } out.TorServiceDescriptors = descs @@ -2065,6 +2136,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { cabf := CABFOrganizationIDASN{} _, err := asn1.Unmarshal(e.Value, &cabf) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } out.CABFOrganizationIdentifier = &CABFOrganizationIdentifier{ @@ -2077,10 +2152,18 @@ func parseCertificate(in *certificate) (*Certificate, error) { rawStatements := QCStatementsASN{} _, err := asn1.Unmarshal(e.Value, &rawStatements.QCStatements) if err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } qcStatements := QCStatements{} if err := qcStatements.Parse(&rawStatements); err != nil { + if asn1.AllowPermissiveParsing { + permissiveErrors = append(permissiveErrors, err) + continue + } return nil, err } out.QCStatements = &qcStatements @@ -2091,6 +2174,10 @@ func parseCertificate(in *certificate) (*Certificate, error) { //} } + if len(permissiveErrors) != 0 { + return out, fmt.Errorf("permissive: %v", errors.Join(permissiveErrors...)) + } + return out, nil } From 7fe312fa0443acb56f593fb3c9a7356ca7b36505 Mon Sep 17 00:00:00 2001 From: Erik Awwad Date: Fri, 25 Oct 2024 13:13:19 -0700 Subject: [PATCH 27/40] ignore permissive errors --- tls/handshake_client.go | 3 +-- x509/x509.go | 58 ++++++++++++----------------------------- 2 files changed, 18 insertions(+), 43 deletions(-) diff --git a/tls/handshake_client.go b/tls/handshake_client.go index 301d9d41..e412bee8 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -20,7 +20,6 @@ import ( "sync/atomic" "time" - "github.com/zmap/zcrypto/encoding/asn1" "github.com/zmap/zcrypto/x509" ) @@ -854,7 +853,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { certs := make([]*x509.Certificate, len(certificates)) for i, asn1Data := range certificates { cert, err := x509.ParseCertificate(asn1Data) - if err != nil && (!asn1.AllowPermissiveParsing || !strings.HasPrefix(err.Error(), "permissive")) { + if err != nil { c.sendAlert(alertBadCertificate) return errors.New("tls: failed to parse certificate from server: " + err.Error()) } diff --git a/x509/x509.go b/x509/x509.go index 498e0445..311e84c5 100644 --- a/x509/x509.go +++ b/x509/x509.go @@ -494,17 +494,19 @@ func GetSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm // RFC 3279, 2.3 Public Key Algorithms // // pkcs-1 OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840) -// rsadsi(113549) pkcs(1) 1 } +// +// rsadsi(113549) pkcs(1) 1 } // // rsaEncryption OBJECT IDENTIFIER ::== { pkcs1-1 1 } // // id-dsa OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840) -// x9-57(10040) x9cm(4) 1 } // -// RFC 5480, 2.1.1 Unrestricted Algorithm Identifier and Parameters +// x9-57(10040) x9cm(4) 1 } +// +// # RFC 5480, 2.1.1 Unrestricted Algorithm Identifier and Parameters // -// id-ecPublicKey OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } +// id-ecPublicKey OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } var ( oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} @@ -530,18 +532,18 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm // RFC 5480, 2.1.1.1. Named Curve // -// secp224r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 33 } +// secp224r1 OBJECT IDENTIFIER ::= { +// iso(1) identified-organization(3) certicom(132) curve(0) 33 } // -// secp256r1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) -// prime(1) 7 } +// secp256r1 OBJECT IDENTIFIER ::= { +// iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) +// prime(1) 7 } // -// secp384r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 34 } +// secp384r1 OBJECT IDENTIFIER ::= { +// iso(1) identified-organization(3) certicom(132) curve(0) 34 } // -// secp521r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 35 } +// secp521r1 OBJECT IDENTIFIER ::= { +// iso(1) identified-organization(3) certicom(132) curve(0) 35 } // // NB: secp256r1 is equivalent to prime256v1 var ( @@ -1572,7 +1574,7 @@ func parseGeneralNames(value []byte) (otherNames []pkix.OtherName, dnsNames, ema return } -//TODO +// TODO func parseCertificate(in *certificate) (*Certificate, error) { out := new(Certificate) out.Raw = in.Raw @@ -1669,8 +1671,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.ExtensionsMap = make(map[string]pkix.Extension, len(in.TBSCertificate.Extensions)) - // collect all permissive parse errors for extensions - var permissiveErrors []error for _, e := range in.TBSCertificate.Extensions { out.Extensions = append(out.Extensions, e) out.ExtensionsMap[e.Id.String()] = e @@ -1710,7 +1710,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.IPAddresses, out.RegisteredIDs, out.FailedToParseNames, err = parseGeneralNames(e.Value) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -1727,7 +1726,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { out.IANIPAddresses, out.IANRegisteredIDs, out.FailedToParseNames, err = parseGeneralNames(e.Value) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -1755,7 +1753,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var constraints nameConstraints _, err := asn1.Unmarshal(e.Value, &constraints) if err != nil && asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } if err != nil { @@ -1778,7 +1775,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var rawdn pkix.RDNSequence if _, err := asn1.Unmarshal(subtree.Value.Bytes, &rawdn); err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1791,7 +1787,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err = asn1.UnmarshalWithParams(subtree.Value.FullBytes, &ediName, "tag:5") if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1817,7 +1812,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err = asn1.UnmarshalWithParams(subtree.Value.FullBytes, &id, "tag:8") if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1837,7 +1831,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var rawdn pkix.RDNSequence if _, err := asn1.Unmarshal(subtree.Value.Bytes, &rawdn); err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1850,7 +1843,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err = asn1.Unmarshal(subtree.Value.Bytes, &ediName) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1876,7 +1868,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err = asn1.Unmarshal(subtree.Value.Bytes, &id) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return out, err @@ -1903,7 +1894,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var cdp []distributionPoint _, err := asn1.Unmarshal(e.Value, &cdp) if err != nil && asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } if err != nil { @@ -1927,7 +1917,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { dpName, err = asn1.Unmarshal(dpName, &n) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -1945,7 +1934,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err = asn1.Unmarshal(e.Value, &a) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -1986,7 +1974,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var keyid []byte _, err = asn1.Unmarshal(e.Value, &keyid) if err != nil && asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } if err != nil { @@ -2000,7 +1987,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var policies []policyInformation if _, err = asn1.Unmarshal(e.Value, &policies); err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2087,7 +2073,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { var aia []authorityInfoAccess if _, err = asn1.Unmarshal(e.Value, &aia); err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2107,7 +2092,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { } else if e.Id.Equal(oidExtensionSignedCertificateTimestampList) { err := parseSignedCertificateTimestampList(out, e) if err != nil && asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } if err != nil { @@ -2126,7 +2110,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { descs, err := parseTorServiceDescriptorSyntax(e) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2137,7 +2120,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err := asn1.Unmarshal(e.Value, &cabf) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2153,7 +2135,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { _, err := asn1.Unmarshal(e.Value, &rawStatements.QCStatements) if err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2161,7 +2142,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { qcStatements := QCStatements{} if err := qcStatements.Parse(&rawStatements); err != nil { if asn1.AllowPermissiveParsing { - permissiveErrors = append(permissiveErrors, err) continue } return nil, err @@ -2174,10 +2154,6 @@ func parseCertificate(in *certificate) (*Certificate, error) { //} } - if len(permissiveErrors) != 0 { - return out, fmt.Errorf("permissive: %v", errors.Join(permissiveErrors...)) - } - return out, nil } From 90dd94c6e6158447e3ccef1faf666e1473b3f069 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 00:42:48 +0000 Subject: [PATCH 28/40] fix: regenerate ECDSA test flows A change in ECDSA signature generation made old flow data incompatible with newer Go versions: https://github.com/golang/go/commit/08f2091ce0817346458d2ae984ccea77817cd516 --- .../Client-TLSv10-ClientCert-ECDSA-ECDSA | 82 +++--- .../Client-TLSv10-ClientCert-ECDSA-RSA | 80 +++--- .../Client-TLSv12-ClientCert-ECDSA-ECDSA | 96 +++---- .../Client-TLSv12-ClientCert-ECDSA-RSA | 78 +++--- .../Client-TLSv13-ClientCert-ECDSA-RSA | 236 +++++++++--------- tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES | 74 +++--- ...rver-TLSv12-CipherSuiteCertPreferenceECDSA | 79 +++--- tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES | 79 +++--- tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES | 173 +++++++------ 9 files changed, 486 insertions(+), 491 deletions(-) diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA index 9de3f143..089e1c27 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 94 1f ba 79 da |....Y...U.....y.| -00000010 4b 58 3e 08 2c c5 31 36 a4 7e 32 bf e1 a0 f7 71 |KX>.,.16.~2....q| -00000020 01 48 63 3c 5f cb 08 7a 25 80 c7 20 35 0c c0 8b |.Hc<_..z%.. 5...| -00000030 df 30 fc dc 3d f1 48 96 0d b6 ff a8 cd 35 29 57 |.0..=.H......5)W| -00000040 7d 3f c2 9d e2 32 b1 c2 4c 05 5e 3b c0 09 00 00 |}?...2..L.^;....| +00000000 16 03 01 00 59 02 00 00 55 03 01 1b 4c 99 c4 d8 |....Y...U...L...| +00000010 fd 56 d0 bf 92 f3 5c a9 5d cc 67 83 08 a3 6f 8c |.V....\.].g...o.| +00000020 29 9b e7 4e c8 3c e8 db 94 3e 74 20 6a c3 8a f8 |)..N.<...>t j...| +00000030 c1 90 b1 6e 7c 48 0c f7 f3 d3 c9 2b c5 4f b7 c5 |...n|H.....+.O..| +00000040 77 01 91 37 3b 73 0a 45 f3 bb b9 36 c0 09 00 00 |w..7;s.E...6....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,18 +55,18 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 1a 74 |*............ .t| -00000280 c4 96 9e 65 45 9a 0a 01 7c ed 7b 51 01 d8 ba 5b |...eE...|.{Q...[| -00000290 3e 2f b1 4b 36 69 e8 47 75 7e 27 be b3 2f 00 8b |>/.K6i.Gu~'../..| -000002a0 30 81 88 02 42 01 cb 20 d9 1e ae 05 6f 1f 37 ce |0...B.. ....o.7.| -000002b0 dc 38 20 2f 8f 52 9a 92 f6 80 d6 f9 97 99 a5 8b |.8 /.R..........| -000002c0 6e 73 0b 95 a4 4e 82 67 bd 1a 34 d9 5c 4e b4 d7 |ns...N.g..4.\N..| -000002d0 35 e6 45 81 14 23 9c 4e 5a 4c 1b 93 fd 7f 43 18 |5.E..#.NZL....C.| -000002e0 db 54 4b e0 d1 d3 fa 02 42 00 ab 8e 34 d5 c2 04 |.TK.....B...4...| -000002f0 d0 a4 44 b1 b3 25 a0 af c8 80 b3 88 ae da b3 c6 |..D..%..........| -00000300 4f 57 ae 31 54 c6 d9 ee 4e 21 56 01 cc b9 6a e9 |OW.1T...N!V...j.| -00000310 e9 7e 62 2a 64 0e a4 a0 79 1e a3 64 52 70 b1 a5 |.~b*d...y..dRp..| -00000320 19 2c a4 6d 4b 3b a3 63 ed 56 2f 16 03 01 00 0a |.,.mK;.c.V/.....| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 83 e3 |*............ ..| +00000280 b7 25 a6 bc 50 01 7d 8d 87 86 c0 e2 b5 5c e1 13 |.%..P.}......\..| +00000290 6f 5d 63 df 51 9b c8 10 02 23 5e fe 71 2b 00 8b |o]c.Q....#^.q+..| +000002a0 30 81 88 02 42 01 22 4f 80 96 a1 4d 97 59 cc 5a |0...B."O...M.Y.Z| +000002b0 17 0e e6 d1 9a 4d 21 f1 32 16 fa 11 4a 72 15 9f |.....M!.2...Jr..| +000002c0 b3 a8 e3 44 77 1e d7 87 77 2f 45 91 d1 aa 2a 16 |...Dw...w/E...*.| +000002d0 ab a6 f8 3c 1d 85 be e3 22 8c e2 2d 36 b3 53 76 |...<...."..-6.Sv| +000002e0 ef 38 92 8b e0 3b 3a 02 42 00 d4 64 67 7a f7 24 |.8...;:.B..dgz.$| +000002f0 91 f4 12 39 cd b2 2e ef 99 05 16 ed f4 ee 9a d8 |...9............| +00000300 ed f4 16 91 e5 7f 51 e0 0b bd e9 17 00 15 ce 61 |......Q........a| +00000310 2b 3d 93 5b 86 64 7a 07 b8 3b 52 2e c7 92 76 85 |+=.[.dz..;R...v.| +00000320 4d 6c 73 c3 90 39 05 b3 34 5c f3 16 03 01 00 0a |Mls..9..4\......| 00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| 00000340 00 00 00 |...| >>> Flow 3 (client to server) @@ -106,29 +106,29 @@ 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 90 0f 00 |...._X.;t.......| -00000240 00 8c 00 8a 30 81 87 02 42 01 89 0f 43 df a8 34 |....0...B...C..4| -00000250 dd d7 c9 d4 2b 8d ec 29 77 7b 64 d0 0e 8c e8 2b |....+..)w{d....+| -00000260 e3 25 1c ed 0a 1b 05 e0 66 42 37 c0 e6 fa 3e 81 |.%......fB7...>.| -00000270 ec e1 06 99 f4 62 3f ea 55 79 ae 68 56 9e e3 3c |.....b?.Uy.hV..<| -00000280 83 ba 9b 1c 65 b9 eb a6 e7 f7 4e 02 41 61 2c 52 |....e.....N.Aa,R| -00000290 4c 48 92 b0 93 d8 31 58 c3 90 b0 e3 7d 55 94 fc |LH....1X....}U..| -000002a0 70 bf 18 42 51 73 d0 45 17 2e 0e 00 b0 12 76 0d |p..BQs.E......v.| -000002b0 35 78 cb fd 34 60 36 ff ed 19 ef 0a 1e 21 cc 4c |5x..4`6......!.L| -000002c0 9a ff a0 f7 cf 72 03 cd 00 bb 73 0d 1d e5 14 03 |.....r....s.....| -000002d0 01 00 01 01 16 03 01 00 30 69 76 1f 5b 81 5f 62 |........0iv.[._b| -000002e0 cf d5 d9 2c 19 71 80 d0 2a 97 8a 89 21 7f 6d 02 |...,.q..*...!.m.| -000002f0 b6 01 a4 ed fe 18 9f 34 ae 95 f6 a1 29 0b 9a 1c |.......4....)...| -00000300 04 b6 ce c7 d1 0c 5a b5 3f |......Z.?| +00000240 00 8c 00 8a 30 81 87 02 42 01 8a 8e 06 fa f4 46 |....0...B......F| +00000250 d0 b2 9c cd 1f 2b 06 fd 09 95 7f 6f 7c 04 a7 30 |.....+.....o|..0| +00000260 2c 66 a5 7e 73 2b c0 6c 8b f2 20 dd 4c 85 ff 52 |,f.~s+.l.. .L..R| +00000270 e6 e7 5f 33 00 1c 25 f2 d3 4f 72 76 db b0 d5 43 |.._3..%..Orv...C| +00000280 6a 0d 27 62 09 ac ac fc ce 88 0d 02 41 12 6a 56 |j.'b........A.jV| +00000290 22 d5 90 2f 11 7e f7 60 13 60 ac ed e2 92 b6 64 |"../.~.`.`.....d| +000002a0 ec 3b a1 1b 2d bc a0 e3 09 04 e8 aa 62 61 d4 c1 |.;..-.......ba..| +000002b0 40 4c e2 6b bb 21 54 86 c2 be 2b 92 7e ea 37 b4 |@L.k.!T...+.~.7.| +000002c0 53 69 b3 f2 aa 60 ff 98 d4 c8 20 02 4e 64 14 03 |Si...`.... .Nd..| +000002d0 01 00 01 01 16 03 01 00 30 c3 d2 64 60 85 3b a1 |........0..d`.;.| +000002e0 6d 42 e4 4a 6c 6a bb af 35 93 ef 9b 32 bf 6d bf |mB.Jlj..5...2.m.| +000002f0 00 62 28 df 6a 3c 98 6b a1 70 6f 3a b8 5a 6b 12 |.b(.j<.k.po:.Zk.| +00000300 39 0a 1d 19 19 23 dc ec 23 |9....#..#| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 7d 4b fc 73 20 |..........0}K.s | -00000010 e4 ac c4 39 15 79 e3 89 e1 24 ce 28 30 e5 f1 87 |...9.y...$.(0...| -00000020 cd c0 cc 39 a8 77 3b 06 a5 f9 b0 a1 3d 54 53 3b |...9.w;.....=TS;| -00000030 53 ec ac b2 ea 24 1b 2d 6a ef c3 |S....$.-j..| +00000000 14 03 01 00 01 01 16 03 01 00 30 8a d7 f6 ef 12 |..........0.....| +00000010 86 6c e0 74 18 34 3f 7d 00 68 51 61 b3 dd 54 71 |.l.t.4?}.hQa..Tq| +00000020 85 83 4a 93 1c 30 c4 d1 b3 95 1e 2f 07 71 ad 74 |..J..0...../.q.t| +00000030 f4 0a db dd c5 6b 9c ab fd 29 d0 |.....k...).| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 9d 57 d2 4b 5b 7e 7d 7c 28 f7 8e |.... .W.K[~}|(..| -00000010 00 0a b6 1c 3c 6b df 4d 06 c0 f8 db 86 2e 8f 8e |....j-.>.8.u.| +00000010 72 e0 41 d6 f9 c1 bc 1b 39 27 fe 87 a5 92 2c 82 |r.A.....9'....,.| +00000020 f8 1d a5 39 bc 17 03 01 00 20 63 1d d8 cb 60 da |...9..... c...`.| +00000030 15 b5 1c d4 fc cd ad fa b7 20 b5 35 06 9c 0d 42 |......... .5...B| +00000040 ae 49 ca 06 08 d2 78 1d 5b d5 15 03 01 00 20 d6 |.I....x.[..... .| +00000050 63 11 aa 85 16 5f b0 9a aa 53 7a a5 5f 2c 91 1a |c...._...Sz._,..| +00000060 ed 9b fa 6e 91 40 69 3f 0b ac 38 ba 88 86 5d |...n.@i?..8...]| diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA index 754b76ec..d2c103bc 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 97 0c 7e fc 7f |....Y...U....~..| -00000010 96 47 02 21 a7 19 45 a5 79 5c 5e fc c2 15 b3 fa |.G.!..E.y\^.....| -00000020 84 98 7d 67 65 c8 48 58 a1 5d 67 20 ad 2a c6 b3 |..}ge.HX.]g .*..| -00000030 a4 17 82 12 4a c5 97 af 12 6b 7d f6 9e 49 f1 38 |....J....k}..I.8| -00000040 d0 56 76 bc 81 23 ad 3a 3e 7f bc 2d c0 13 00 00 |.Vv..#.:>..-....| +00000000 16 03 01 00 59 02 00 00 55 03 01 dd 2d ae ed be |....Y...U...-...| +00000010 f1 0a ed e3 79 e9 67 3a 93 11 82 8a 46 5b cb e1 |....y.g:....F[..| +00000020 22 cf 31 d6 9e 20 41 97 8b 2e f4 20 5e a2 d8 96 |".1.. A.... ^...| +00000030 f5 4e 3a cc 0d 80 c4 9a 39 3f 4f 4f 59 09 81 e8 |.N:.....9?OOY...| +00000040 e8 26 8f 03 7d 56 1b 38 19 da a6 4e c0 13 00 00 |.&..}V.8...N....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| -000002c0 aa 0c 00 00 a6 03 00 1d 20 a4 24 f7 67 e3 da fa |........ .$.g...| -000002d0 10 33 95 b4 46 00 c0 3c cd 74 12 e4 a3 3b 01 70 |.3..F..<.t...;.p| -000002e0 fb 98 01 9a e9 2d d0 18 7b 00 80 ce c5 7b 4b 87 |.....-..{....{K.| -000002f0 cd bc 5d 63 09 7e d4 ce 09 53 7a 1b e5 b4 10 54 |..]c.~...Sz....T| -00000300 89 52 ac 82 9c 78 88 ed e8 1a 8c 3a 7a 2c 9a c5 |.R...x.....:z,..| -00000310 2b 97 1c 79 43 bd b1 ee 93 6f 4c 4d fc 3c 47 91 |+..yC....oLM.>> Flow 3 (client to server) @@ -110,29 +110,29 @@ 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| -00000240 00 8d 00 8b 30 81 88 02 42 01 71 f3 c4 3a 85 08 |....0...B.q..:..| -00000250 3b 18 26 48 5c 3f c3 8a 4f e9 d7 29 48 59 1a 35 |;.&H\?..O..)HY.5| -00000260 ee b3 0d 5e 29 03 1d 34 95 0e 40 73 85 13 14 d0 |...^)..4..@s....| -00000270 fb fb 96 77 21 fb d8 43 d7 e2 bf 2c 95 7b 75 5d |...w!..C...,.{u]| -00000280 59 15 81 71 d2 b6 82 96 d9 cc 78 02 42 01 d3 51 |Y..q......x.B..Q| -00000290 af 25 d0 f8 a4 e2 e7 8e 7e 46 56 53 8f d1 09 f6 |.%......~FVS....| -000002a0 76 88 5a 42 83 89 92 7b c7 e4 40 9c 3d 05 ac 43 |v.ZB...{..@.=..C| -000002b0 bf 6e 24 14 fe 36 f8 43 a6 90 8e a1 bd e2 92 84 |.n$..6.C........| -000002c0 60 e3 92 34 1c 7b 53 d5 57 6d 23 32 12 a8 23 14 |`..4.{S.Wm#2..#.| -000002d0 03 01 00 01 01 16 03 01 00 30 6f 06 c7 84 fa 7f |.........0o.....| -000002e0 c9 66 a9 6f 26 37 45 db 42 c8 8f 63 c3 5b 05 07 |.f.o&7E.B..c.[..| -000002f0 ef 07 41 be 71 60 35 d3 16 8f 92 f6 89 cb c7 dc |..A.q`5.........| -00000300 4e 45 61 99 31 45 66 40 36 86 |NEa.1Ef@6.| +00000240 00 8d 00 8b 30 81 88 02 42 00 96 46 3e d4 ac 8b |....0...B..F>...| +00000250 9a 20 fc 93 72 b2 e6 e4 84 96 de 38 75 f9 4f eb |. ..r......8u.O.| +00000260 c1 9b 37 53 5a 0a fc 8d ba 13 78 df 71 e3 29 98 |..7SZ.....x.q.).| +00000270 73 1c 4c 5b df 85 ea 58 f9 36 df a4 37 a0 c1 20 |s.L[...X.6..7.. | +00000280 86 40 c7 6f 7e 12 37 f2 08 5f 1c 02 42 01 d7 ed |.@.o~.7.._..B...| +00000290 e3 85 07 17 91 a6 c7 1b 8e 15 66 9c 5e fd fa 55 |..........f.^..U| +000002a0 68 25 df 33 3e 18 d9 cc bb c5 d2 b8 7a 7c ff 13 |h%.3>.......z|..| +000002b0 f8 73 e7 d0 82 8f e6 ce 67 90 b2 cd 92 08 8d 0d |.s......g.......| +000002c0 7f f0 d8 0e 9c 8d 19 2d a2 17 d8 7f fc 06 fe 14 |.......-........| +000002d0 03 01 00 01 01 16 03 01 00 30 18 d1 d4 f6 9e b3 |.........0......| +000002e0 f6 6d 60 f9 4f 7f c3 57 80 c7 c5 53 05 a0 e6 68 |.m`.O..W...S...h| +000002f0 69 a0 dd da 70 f5 f7 ec 14 b6 3c fd 3b 6f a4 bb |i...p.....<.;o..| +00000300 48 62 64 6e fe b2 64 29 c2 93 |Hbdn..d)..| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 d3 83 ac 08 7f |..........0.....| -00000010 a1 91 51 7c b7 99 6f 24 cd b1 cd 31 7b 12 20 47 |..Q|..o$...1{. G| -00000020 66 08 22 f6 28 ea 81 fe 92 b5 c8 40 60 bc 5b 19 |f.".(......@`.[.| -00000030 e0 2b d1 26 fd 4c 12 22 c5 13 9a |.+.&.L."...| +00000000 14 03 01 00 01 01 16 03 01 00 30 37 62 9c ac 53 |..........07b..S| +00000010 e8 a2 86 25 5e 27 1e b3 27 f3 a3 35 b5 7a 9b 67 |...%^'..'..5.z.g| +00000020 16 44 5a b3 99 5e 43 5f 7f cd 86 36 de 0f 84 5c |.DZ..^C_...6...\| +00000030 1d a4 9f f9 9a d6 04 10 e1 bf dc |...........| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 79 06 89 7e e0 17 9a e3 dc 4c ee |.... y..~.....L.| -00000010 70 63 13 bc 27 f5 43 fa f8 90 49 d9 89 43 7a 15 |pc..'.C...I..Cz.| -00000020 d4 e2 a8 e6 3e 17 03 01 00 20 ea 84 0e 21 62 d5 |....>.... ...!b.| -00000030 ee 26 5e fc 3e 0c 83 3b 91 01 c4 a7 8e 9b c4 1a |.&^.>..;........| -00000040 86 f8 a0 44 21 44 2f 31 cf a1 15 03 01 00 20 c6 |...D!D/1...... .| -00000050 11 f1 65 ea f3 39 d1 d2 ac 95 1f 81 36 ae db b1 |..e..9......6...| -00000060 88 a8 42 25 86 ec 1b c1 7e 12 60 a9 6b 7f 66 |..B%....~.`.k.f| +00000000 17 03 01 00 20 cf 98 d2 0c 84 93 87 74 b5 86 cf |.... .......t...| +00000010 0b cb 30 4f b3 af 3f c0 f7 2b 43 dc 55 e9 15 2c |..0O..?..+C.U..,| +00000020 00 77 ea fd 86 17 03 01 00 20 5a bb 1f 1c 17 75 |.w....... Z....u| +00000030 a6 6e 0b 3c 9f 84 91 34 67 91 e9 1d 8b 38 b2 81 |.n.<...4g....8..| +00000040 ca 62 d8 f4 11 92 d6 cb 88 c1 15 03 01 00 20 7f |.b............ .| +00000050 16 fc c2 1a f9 6e 7a a8 65 01 fc 9e 6a c9 4c 3b |.....nz.e...j.L;| +00000060 9e 21 ca b2 0e 06 96 a6 5b b3 b8 ce 32 cf 2a |.!......[...2.*| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA index e40999fb..f2271365 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 08 a4 b1 ad 21 |....Y...U......!| -00000010 3a 60 7a d3 3b 60 67 48 5d de da ff 3f a8 55 a9 |:`z.;`gH]...?.U.| -00000020 c4 72 69 32 12 c1 d1 4e d4 78 e1 20 6e 9f ed 1e |.ri2...N.x. n...| -00000030 50 9a 31 e2 ae e2 6a f4 01 cc 94 21 25 73 f3 a5 |P.1...j....!%s..| -00000040 f6 28 b3 c6 6b c1 b3 2d fc 0c d3 66 c0 09 00 00 |.(..k..-...f....| +00000000 16 03 03 00 59 02 00 00 55 03 03 22 35 6a a3 f0 |....Y...U.."5j..| +00000010 d0 66 9d d8 2e 96 2e d4 8f d9 8e 34 05 4c 72 c9 |.f.........4.Lr.| +00000020 51 1b de 92 22 80 73 9e 92 9d c1 20 d7 8e 10 04 |Q...".s.... ....| +00000030 6e 42 26 b1 6a 3e fd 55 4e 72 e2 ca 83 f4 6d b4 |nB&.j>.UNr....m.| +00000040 a5 ba 05 86 96 1a 82 9d 2e 41 cc 84 c0 09 00 00 |.........A......| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,23 +55,23 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 ec f3 |*............ ..| -00000280 2b 3b be 93 68 53 f2 ab 6c 97 5a fa 9b 8c bf eb |+;..hS..l.Z.....| -00000290 37 6f af d7 b8 02 f3 8c 0b f9 75 29 11 32 04 03 |7o........u).2..| -000002a0 00 8b 30 81 88 02 42 01 9d 90 aa b3 19 d2 9d cf |..0...B.........| -000002b0 92 c1 64 05 89 db d0 dd 80 f3 a4 7e 09 ec 36 22 |..d........~..6"| -000002c0 95 79 c4 36 0e 21 80 7d 4b 72 a5 38 a4 b0 a7 5f |.y.6.!.}Kr.8..._| -000002d0 fb ae f7 66 23 82 91 c2 f8 95 df 60 ce dc e8 1a |...f#......`....| -000002e0 3f 2b 2c fa 5e 58 67 98 78 02 42 00 fa 88 7f ae |?+,.^Xg.x.B.....| -000002f0 00 55 2c a1 c2 47 ed c8 11 74 64 e7 c6 30 63 fb |.U,..G...td..0c.| -00000300 bb 42 2a 02 9b 80 60 88 e7 3f af 17 a3 7f 1e f6 |.B*...`..?......| -00000310 31 9c 1f 8c 89 e5 a0 b1 01 2a 4e d8 d2 1e 9f 11 |1........*N.....| -00000320 f5 e3 35 38 3e b0 da 30 f1 fb ed e5 d1 16 03 03 |..58>..0........| -00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| -00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| -00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| -00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| -00000370 04 0e 00 00 00 |.....| +00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 c5 87 |*............ ..| +00000280 a9 c2 44 8a dc 1d 18 0b 18 36 de eb 47 41 8d 42 |..D......6..GA.B| +00000290 71 7e 32 e7 79 c0 f3 bf 20 f7 14 e1 9e 1f 04 03 |q~2.y... .......| +000002a0 00 8a 30 81 87 02 41 49 1e cd 5d 00 87 6b e4 01 |..0...AI..]..k..| +000002b0 f7 d6 02 87 ef a9 31 66 fe 0c c7 3c be 13 11 77 |......1f...<...w| +000002c0 ed 24 5c 96 85 02 5c 08 e0 90 d6 ed 05 f4 c5 da |.$\...\.........| +000002d0 dc 0c 86 0d 3a 0c 66 94 e6 ab 11 e4 1a cd 00 6c |....:.f........l| +000002e0 33 df 86 7f 4a f1 85 5c 02 42 01 c3 6a 4f 7a 89 |3...J..\.B..jOz.| +000002f0 6f 81 e0 bb 05 7e 4f d9 54 73 c2 4c 62 46 f9 cf |o....~O.Ts.LbF..| +00000300 05 b5 d8 37 14 9b 9d a6 25 a6 a8 83 96 52 31 99 |...7....%....R1.| +00000310 e4 d3 62 a0 bc 07 7a 9f e2 24 28 87 64 6a ab ba |..b...z..$(.dj..| +00000320 e1 3d c2 47 80 c0 f6 91 58 d1 fe 7b 16 03 03 00 |.=.G....X..{....| +00000330 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 06 |:...6...@.......| +00000340 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 |................| +00000350 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 |................| +00000360 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 04 |................| +00000370 0e 00 00 00 |....| >>> Flow 3 (client to server) 00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -108,32 +108,32 @@ 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| -00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| -00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 e6 0a ff de |......0...B.....| -00000250 af a6 d2 7a 5f 4e f8 eb c8 19 74 53 5c e8 bc 2d |...z_N....tS\..-| -00000260 72 24 11 d2 11 ec ec cd a1 9c 3d 10 a2 de f8 8b |r$........=.....| -00000270 22 98 d3 33 c2 13 3b 93 89 ae ca a6 a8 94 70 fe |"..3..;.......p.| -00000280 76 2f 04 bc ac fb 66 79 3b 76 7f 6d 96 02 42 01 |v/....fy;v.m..B.| -00000290 df f6 30 14 7c 7e a1 0b f6 b8 8b d7 75 b8 bd 0e |..0.|~......u...| -000002a0 63 8a bd 8b ec 75 70 db d9 37 d7 53 f3 8b a2 ae |c....up..7.S....| -000002b0 60 96 69 74 eb bb 3d a6 9a 7d 46 51 73 ff 78 cf |`.it..=..}FQs.x.| -000002c0 7f 49 d9 27 5e 9f f9 d2 11 cc 0e e4 dc 04 fe d5 |.I.'^...........| -000002d0 d2 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |...........@....| -000002e0 00 00 00 00 00 00 00 00 00 00 00 00 7a db 34 e9 |............z.4.| -000002f0 98 f8 c1 f0 38 c3 33 22 5c c3 45 b0 a3 10 3c 77 |....8.3"\.E...>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 18 c0 f3 96 7b |..........@....{| -00000010 45 91 6d 5b 1c 67 4f 37 74 b7 db 72 45 57 09 25 |E.m[.gO7t..rEW.%| -00000020 4a 14 68 4d 78 6c c7 15 6a b1 57 e6 ff 53 c4 58 |J.hMxl..j.W..S.X| -00000030 41 c5 6b 08 3c 5a 8c b9 04 d0 27 62 ee a6 e3 36 |A.k.>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 a6 c2 ef 07 bb 38 4a e4 8f 0c 12 |..........8J....| -00000020 19 1a 96 62 22 57 57 a2 b5 b3 06 70 95 28 a7 f7 |...b"WW....p.(..| -00000030 0d 42 69 37 7f 15 03 03 00 30 00 00 00 00 00 00 |.Bi7.....0......| -00000040 00 00 00 00 00 00 00 00 00 00 04 ed 3e 68 40 eb |............>h@.| -00000050 a0 7e 57 da 27 e7 f5 e8 6c e5 6d 58 c8 a5 18 47 |.~W.'...l.mX...G| -00000060 92 5a 43 90 de 07 9e 9a 3b cc |.ZC.....;.| +00000010 00 00 00 00 00 aa 19 65 46 1a 58 51 a1 35 f5 33 |.......eF.XQ.5.3| +00000020 3c 1c 72 ee 73 17 cb c1 30 83 96 8c be 26 1e 7a |<.r.s...0....&.z| +00000030 7b cf bf 89 23 15 03 03 00 30 00 00 00 00 00 00 |{...#....0......| +00000040 00 00 00 00 00 00 00 00 00 00 dd 3d 04 95 40 6f |...........=..@o| +00000050 bd 71 1b 49 ab 8e eb 0c d7 48 1a 2f a8 04 d1 07 |.q.I.....H./....| +00000060 71 ba 00 92 cf 04 a0 26 b7 df |q......&..| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA index f5fae453..deb7ebb4 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 be ba ac 2a 81 |....Y...U.....*.| -00000010 33 b1 6e 4d 8b 9b 29 f9 16 86 bc cd b2 03 50 72 |3.nM..).......Pr| -00000020 91 9a 93 f9 e1 d6 27 55 8b b8 6c 20 84 c2 21 9e |......'U..l ..!.| -00000030 60 aa b3 f0 ec 2f 66 0d 59 31 02 08 9e 68 68 c0 |`..../f.Y1...hh.| -00000040 58 9a 8e 6c 25 ce 4d e3 3f 9d dc 91 c0 2f 00 00 |X..l%.M.?..../..| +00000000 16 03 03 00 59 02 00 00 55 03 03 eb 7d df bd 54 |....Y...U...}..T| +00000010 86 26 5f 81 d7 ff c8 93 39 4e 9a d1 3d 43 13 29 |.&_.....9N..=C.)| +00000020 4d a4 42 e2 af a6 2c 95 47 7e 09 20 24 fe df 24 |M.B...,.G~. $..$| +00000030 5f af d6 f0 ff 1a 04 31 4d 9e a2 fe 14 a4 e2 c1 |_......1M.......| +00000040 19 9f 81 9c 07 d2 7e 12 a6 40 43 e7 c0 2f 00 00 |......~..@C../..| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| -000002c0 ac 0c 00 00 a8 03 00 1d 20 82 89 54 65 64 97 8d |........ ..Ted..| -000002d0 e8 63 a2 5b 4f 16 56 7c cf 8b 0a 75 46 52 7e b6 |.c.[O.V|...uFR~.| -000002e0 99 2a e9 52 1f 11 46 85 36 08 04 00 80 cd a5 84 |.*.R..F.6.......| -000002f0 ff 9a 79 b5 04 85 88 fb 1e 1c d6 6b 78 e8 4d a5 |..y........kx.M.| -00000300 10 38 25 8e 8d de 71 51 b5 fd a6 2a f8 8b 5c 6d |.8%...qQ...*..\m| -00000310 1e 88 f7 d8 12 24 ff f7 7e dd 05 1c bf 71 7d 4f |.....$..~....q}O| -00000320 26 2f 2e 27 d8 e1 a8 8b d2 42 2b a6 d9 4e e6 60 |&/.'.....B+..N.`| -00000330 48 57 38 5d 3b f3 94 74 2c 8f ba e0 84 54 1c c0 |HW8];..t,....T..| -00000340 10 51 a0 31 1a d0 ec 72 01 f1 d3 65 73 c7 40 25 |.Q.1...r...es.@%| -00000350 af cd 10 18 29 2c 1a 52 e0 c9 a6 de 85 8c 96 e6 |....),.R........| -00000360 7d 85 0a 64 86 59 39 25 8f 8c 36 4c 37 16 03 03 |}..d.Y9%..6L7...| +000002c0 ac 0c 00 00 a8 03 00 1d 20 fb 00 5a 8a 6d 1b 84 |........ ..Z.m..| +000002d0 45 3e 25 b2 a7 e8 fb 2a 19 c6 21 2e 6a 3a c4 53 |E>%....*..!.j:.S| +000002e0 68 84 db 65 92 2d f0 ba 5e 08 04 00 80 23 e7 73 |h..e.-..^....#.s| +000002f0 42 fd 84 9c 83 7b 0a f4 8d e5 20 02 e8 00 b5 2a |B....{.... ....*| +00000300 71 d4 bb f9 99 54 c4 28 c5 85 4e f2 89 7c 29 3f |q....T.(..N..|)?| +00000310 a7 b7 46 b0 3b 0a a2 21 dd a4 8b 7f b1 0b 6a 5c |..F.;..!......j\| +00000320 2e 5f 4a fb b8 1b fa 28 ae 43 a0 0b 95 c4 09 7a |._J....(.C.....z| +00000330 5b 32 b0 d4 56 cc d2 a7 3a 70 f0 28 77 76 a3 6a |[2..V...:p.(wv.j| +00000340 08 90 59 86 32 e5 c8 1b bf 36 fb 84 aa dd 50 dc |..Y.2....6....P.| +00000350 e6 f5 c9 31 76 7c bf 7c 85 7b 6d 66 33 4e 22 10 |...1v|.|.{mf3N".| +00000360 ab 56 71 91 6a 9e 32 3d be 37 81 80 34 16 03 03 |.Vq.j.2=.7..4...| 00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| 00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| 00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| @@ -112,28 +112,28 @@ 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| -00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| -00000240 00 8e 04 03 00 8a 30 81 87 02 41 72 16 75 7d 08 |......0...Ar.u}.| -00000250 42 7b 33 e7 59 51 ef 3c 54 e7 81 e4 10 31 ab 5d |B{3.YQ.kK.'| +000002c0 34 e1 82 82 28 71 8d 78 1c d2 d0 09 06 1b bd 80 |4...(q.x........| +000002d0 17 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 |...........(....| +000002e0 00 00 00 00 ba 74 37 f0 99 70 8f 1a 60 05 8c ef |.....t7..p..`...| +000002f0 19 48 9d a6 7d 0b 4a c5 e4 90 67 87 ec 13 5e 07 |.H..}.J...g...^.| +00000300 5a 4c a3 1f |ZL..| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 28 b8 e9 dd 30 75 |..........(...0u| -00000010 40 7d 71 76 db 9a 95 92 81 02 3a 9e 36 d5 15 ca |@}qv......:.6...| -00000020 5d 63 a1 0f 8c 53 c9 1c 37 56 b2 0d 54 15 a2 dc |]c...S..7V..T...| -00000030 03 d6 2e |...| +00000000 14 03 03 00 01 01 16 03 03 00 28 bc 78 d9 5f 15 |..........(.x._.| +00000010 2f c7 50 12 74 0a 47 f0 57 21 cf 64 d2 0b 63 8e |/.P.t.G.W!.d..c.| +00000020 f6 e7 88 1f b9 02 36 0e fe 71 bd 90 37 ac 42 8c |......6..q..7.B.| +00000030 77 19 84 |w..| >>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 01 85 96 |................| -00000010 67 b2 4b d3 e3 27 80 9f 2d a8 f4 bf 47 91 58 6e |g.K..'..-...G.Xn| -00000020 47 d8 98 15 03 03 00 1a 00 00 00 00 00 00 00 02 |G...............| -00000030 36 54 82 d1 a2 0f 2a c3 53 f6 09 d0 5c 78 46 97 |6T....*.S...\xF.| -00000040 20 41 | A| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 35 db 8b |.............5..| +00000010 ec 5b 2e 53 c2 8f c5 f1 bd fd af 8d 04 13 9d 21 |.[.S...........!| +00000020 39 b5 e8 15 03 03 00 1a 00 00 00 00 00 00 00 02 |9...............| +00000030 f1 53 f5 c9 6c 9d 02 1e b9 32 b4 a0 cd 0d fc 7f |.S..l....2......| +00000040 27 11 |'.| diff --git a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA index c8e95c85..d0ece882 100644 --- a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA @@ -16,124 +16,124 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 7a 02 00 00 76 03 03 98 9a 92 3f c6 |....z...v.....?.| -00000010 67 f5 96 5b 2f 5e 70 89 2d f6 1e ce 6f 6a e5 91 |g..[/^p.-...oj..| -00000020 4b 4b 6f 98 cc f7 78 4a b1 54 4a 20 00 00 00 00 |KKo...xJ.TJ ....| +00000000 16 03 03 00 7a 02 00 00 76 03 03 49 e7 57 9a 7a |....z...v..I.W.z| +00000010 40 ce da fd 82 83 32 c4 76 7a 41 04 9c ed ff 3d |@.....2.vzA....=| +00000020 90 f5 75 e5 b0 24 c8 cf 05 c6 46 20 00 00 00 00 |..u..$....F ....| 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| -00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 58 |..+.....3.$... X| -00000060 96 37 c3 41 35 73 13 21 fc 31 e3 09 33 48 15 be |.7.A5s.!.1..3H..| -00000070 31 fb 57 61 b2 c9 60 31 2d 68 83 d5 7c d1 3a 14 |1.Wa..`1-h..|.:.| -00000080 03 03 00 01 01 17 03 03 00 17 1d ce 7d b7 ca e3 |............}...| -00000090 10 82 cb f6 1d 52 61 41 29 57 e3 7e e5 88 5c 47 |.....RaA)W.~..\G| -000000a0 16 17 03 03 00 42 1b 49 e1 4a d7 73 57 cd e9 b7 |.....B.I.J.sW...| -000000b0 e2 47 d3 74 21 6a 14 1d 1b 8d f5 aa 4c 1b f8 61 |.G.t!j......L..a| -000000c0 8c 3a e4 2e 9d ff 3f 7d b2 4d 79 6e 1d 02 05 ce |.:....?}.Myn....| -000000d0 c3 ad e6 f9 2b 2b dd 75 3b 6f 3e 0b 29 07 09 74 |....++.u;o>.)..t| -000000e0 d1 37 68 9b 8a b6 8d 2b 17 03 03 02 6d d1 1b 9f |.7h....+....m...| -000000f0 75 ba cf 2d 10 4b f0 4e 09 58 fa ff 06 e8 c9 d5 |u..-.K.N.X......| -00000100 a0 51 c8 d4 6f b2 c5 c1 d5 f3 ff 12 1f 43 d8 74 |.Q..o........C.t| -00000110 33 d9 9b e5 f3 34 26 0e 89 dc 00 54 67 17 d2 f3 |3....4&....Tg...| -00000120 c9 9e be f8 4c 77 8a 63 b1 64 5a b4 d7 57 d2 89 |....Lw.c.dZ..W..| -00000130 ce 68 d1 f7 93 01 6c 36 b7 c9 4d 50 d0 4b df 5e |.h....l6..MP.K.^| -00000140 8a bb 6c d9 54 57 9b b9 c9 ec d8 49 c7 51 3c e5 |..l.TW.....I.Q<.| -00000150 7b fb 48 0f fd 1b dd 0f 57 d3 a8 ee f6 51 ba 78 |{.H.....W....Q.x| -00000160 c0 60 f1 d9 c1 d2 65 b4 a7 98 99 fb 64 83 4c 2c |.`....e.....d.L,| -00000170 a6 e9 19 ef 0e 88 68 f8 21 a4 2b bd 95 e9 52 d5 |......h.!.+...R.| -00000180 fb 12 d3 36 06 a2 13 f9 e2 35 6a 06 dd 49 d9 42 |...6.....5j..I.B| -00000190 89 d9 f0 24 5c 36 b8 6d 95 35 21 b3 9c 3b ee 08 |...$\6.m.5!..;..| -000001a0 06 06 4d aa 74 eb fc 1b c1 fd cf 07 24 74 44 2d |..M.t.......$tD-| -000001b0 54 d5 c5 d3 4e c4 eb 09 6e 90 8f 3d c0 c5 1c 21 |T...N...n..=...!| -000001c0 7c 32 1b bc 4b 85 2b f0 b0 f5 cd 61 3d dd 31 03 ||2..K.+....a=.1.| -000001d0 5e e0 5e 06 1a 37 61 1a 58 fa ed e8 cf 0c 4f da |^.^..7a.X.....O.| -000001e0 73 69 42 3a f4 ed dc ad e5 e7 9b fd 54 16 77 85 |siB:........T.w.| -000001f0 ae 84 41 10 be 84 ad 28 ef e6 13 2a e9 9f 9f 2f |..A....(...*.../| -00000200 c5 d0 65 c6 f5 58 b3 39 9b 5e 07 ba 95 be 5e 75 |..e..X.9.^....^u| -00000210 68 17 ba 9d 2a 69 6d b8 ed d4 4b 6a ce 30 b1 82 |h...*im...Kj.0..| -00000220 ae ec 68 9a 26 13 6b 05 38 0f 38 c9 94 01 d0 0b |..h.&.k.8.8.....| -00000230 7b bb ca 70 86 6c e4 f1 eb 81 05 25 33 c0 3e e3 |{..p.l.....%3.>.| -00000240 2a 25 8e 32 eb d5 03 c7 c4 d8 22 22 ef 99 5a a3 |*%.2......""..Z.| -00000250 01 6a b5 65 9a 55 6e fb 84 83 aa 43 ae 4a 3e da |.j.e.Un....C.J>.| -00000260 40 7e 09 e1 3b 15 ad 33 66 5a 3d 30 62 72 86 54 |@~..;..3fZ=0br.T| -00000270 cd a2 6a bf 82 61 17 87 84 c5 3f f3 1e 86 a2 b1 |..j..a....?.....| -00000280 2c 1a f9 ba 8c a2 21 5b 93 b2 16 b4 81 ae 7d 98 |,.....![......}.| -00000290 d6 db 0a 56 14 c9 f7 48 c1 c7 3c 7e 63 8e bc 50 |...V...H..<~c..P| -000002a0 6a 64 e1 1d 04 ba d3 cc 6a 61 60 4b d2 97 d5 ba |jd......ja`K....| -000002b0 23 1a 69 76 86 db 96 39 04 f6 ec e9 96 79 6a 25 |#.iv...9.....yj%| -000002c0 ff 39 dd 19 08 34 4d c3 f6 7c 91 f2 6b 3a e1 0f |.9...4M..|..k:..| -000002d0 66 6d 14 5d 82 21 0b e3 e0 c3 f1 a1 70 e1 2c bc |fm.].!......p.,.| -000002e0 fb 54 aa 85 3c a0 7c 9a 35 00 e2 a1 4f 83 3e f1 |.T..<.|.5...O.>.| -000002f0 64 83 ab c5 e6 31 c7 00 eb 36 f1 bc 41 f3 eb d4 |d....1...6..A...| -00000300 97 30 4d 7f d2 d1 e7 1a 9e a2 53 31 35 6a 16 d1 |.0M.......S15j..| -00000310 65 be d7 d3 93 2a be d2 27 dc 1b 8c 09 16 30 d4 |e....*..'.....0.| -00000320 cb eb e0 bb 42 50 ff 59 c3 81 81 36 88 09 c2 23 |....BP.Y...6...#| -00000330 dc dd 80 63 bb 78 19 6b 6a 70 4b b5 17 bf ed 6c |...c.x.kjpK....l| -00000340 58 f1 15 a9 16 66 c8 45 f5 5f 99 05 b1 3b be e6 |X....f.E._...;..| -00000350 66 d7 45 df 19 16 9d c7 dd 4d 17 03 03 00 99 38 |f.E......M.....8| -00000360 70 9e 16 94 07 67 7c ce 90 67 99 46 5e d9 61 b5 |p....g|..g.F^.a.| -00000370 9b b8 31 fc cc 80 a3 07 30 c9 f5 f9 90 fb e2 0d |..1.....0.......| -00000380 dc 93 ab de 38 25 83 f8 77 0c 94 53 75 68 c7 71 |....8%..w..Suh.q| -00000390 72 6f 61 77 a7 d7 c7 ed 5c d3 08 18 9f 64 f4 6e |roaw....\....d.n| -000003a0 30 dc 05 b1 65 11 79 08 66 34 8c 06 99 a9 00 26 |0...e.y.f4.....&| -000003b0 86 2c e4 b5 6d cf db b1 03 f0 d0 c5 c0 f5 50 04 |.,..m.........P.| -000003c0 f7 27 97 3e 31 19 aa a8 58 c4 78 43 a9 e3 76 0d |.'.>1...X.xC..v.| -000003d0 98 88 20 07 11 4c d6 8a 66 31 72 2e ed 47 66 71 |.. ..L..f1r..Gfq| -000003e0 9a 3e 9c 0d 1c 17 df ab 6a 52 b4 43 a6 c2 64 30 |.>......jR.C..d0| -000003f0 45 08 b8 de 59 be 3a f9 17 03 03 00 35 94 9b 02 |E...Y.:.....5...| -00000400 47 a6 e3 55 9f 95 8a 8d 35 3b bb 56 ec 10 ab dd |G..U....5;.V....| -00000410 a3 ca fe ad bf 25 90 76 c4 15 a0 c0 73 d5 96 96 |.....%.v....s...| -00000420 44 bc ba e9 09 f5 8e e7 e7 7d db f2 e7 9f 99 d2 |D........}......| -00000430 dc e7 |..| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 8f |..+.....3.$... .| +00000060 5c ab 47 e0 ae 56 b8 0e 70 7a f8 96 fb 00 3f e4 |\.G..V..pz....?.| +00000070 2b 84 17 a4 d5 b0 d3 6c d1 b0 74 b1 ed df 0e 14 |+......l..t.....| +00000080 03 03 00 01 01 17 03 03 00 17 33 62 49 6f 53 cf |..........3bIoS.| +00000090 b1 27 f4 f8 06 2d ac 51 1f a5 3e d2 05 f4 1f 5e |.'...-.Q..>....^| +000000a0 a4 17 03 03 00 42 fc 30 15 29 ad 07 b6 75 98 3c |.....B.0.)...u.<| +000000b0 33 3c a8 f6 cb 32 77 e7 74 5d 88 e8 5a ff d3 80 |3<...2w.t]..Z...| +000000c0 c4 00 ff a9 84 11 79 aa ac ff c8 19 73 6f b3 1e |......y.....so..| +000000d0 ee 11 18 e0 ae 77 b3 b8 b3 75 b9 fa 0a ca 68 df |.....w...u....h.| +000000e0 34 0f 10 9e 9e eb 18 fa 17 03 03 02 6d d7 58 4b |4...........m.XK| +000000f0 30 9b c8 b8 3a 3d 5b 1e 67 48 18 1b 38 b4 b6 6d |0...:=[.gH..8..m| +00000100 d6 c1 7d 2a ee 9b 83 64 3d 73 a5 4d ba 1e 82 86 |..}*...d=s.M....| +00000110 51 a8 da 3e 6f 97 82 83 50 d1 04 30 a7 ee d0 6b |Q..>o...P..0...k| +00000120 3b c0 08 23 46 b2 f9 80 9f 03 f6 1e e7 60 4a 3b |;..#F........`J;| +00000130 36 18 37 55 06 f2 f5 a3 d6 35 64 6e 9f 66 8a f2 |6.7U.....5dn.f..| +00000140 57 5b 3e ea af 39 64 12 26 05 63 7e 4c bd 27 11 |W[>..9d.&.c~L.'.| +00000150 9c bb 41 b6 7f 27 80 9f fe 93 4f 5c 5e 0f f8 b9 |..A..'....O\^...| +00000160 dc 30 6e b4 65 5a be 61 08 bf 50 f4 6d 1c f3 61 |.0n.eZ.a..P.m..a| +00000170 f0 6f 8f 16 0a 46 6c f2 51 1b 3c 64 64 8b 37 94 |.o...Fl.Q......| +00000240 91 ee 60 96 ba 3b d2 fb 73 68 c2 0c c9 53 4a 40 |..`..;..sh...SJ@| +00000250 18 28 bb 4c c8 97 83 35 6d df 75 2a 90 f7 3b 16 |.(.L...5m.u*..;.| +00000260 08 b9 78 6b bb da 18 2e 65 fe 4f 02 85 f0 31 9f |..xk....e.O...1.| +00000270 2e 6b fe 5e e6 30 c9 a9 95 d0 3c 20 06 de 18 6d |.k.^.0....< ...m| +00000280 13 d7 78 d7 2f bc 2e 99 3e 43 91 9f ef 67 29 04 |..x./...>C...g).| +00000290 88 f2 f3 99 01 50 d8 71 de 59 5c 3a 8a de 59 07 |.....P.q.Y\:..Y.| +000002a0 4d c0 d0 00 2c b6 d8 65 10 d9 37 a4 6c e8 91 d7 |M...,..e..7.l...| +000002b0 53 16 73 46 e6 74 88 c2 d7 1e 86 b9 a3 f1 57 37 |S.sF.t........W7| +000002c0 ec 19 e0 a9 af 2c a6 c2 fa 9b 2e f2 9c e0 72 6f |.....,........ro| +000002d0 d5 1c 76 50 b0 63 10 27 db 65 ca bf dc e6 f6 8e |..vP.c.'.e......| +000002e0 07 de 50 1a e7 fa 59 0d 81 51 de af 87 23 9f 0b |..P...Y..Q...#..| +000002f0 4e 72 00 bb ca ad c5 e4 b4 e1 61 34 14 d4 55 13 |Nr........a4..U.| +00000300 89 30 1a ee 0d 69 c6 04 a5 65 9d d9 63 78 1e cb |.0...i...e..cx..| +00000310 3c 8e 60 dd f8 0d 15 89 82 cc c1 aa 09 7f e8 a7 |<.`.............| +00000320 9b 4d d4 55 02 3b 97 79 28 55 6c 49 7b d3 b1 2b |.M.U.;.y(UlI{..+| +00000330 6e 42 ba 85 0c 9f 58 36 22 49 85 13 7d 23 72 0b |nB....X6"I..}#r.| +00000340 8c 35 0a 76 f5 2b 3a eb 33 d3 ac 1f 24 d4 f5 64 |.5.v.+:.3...$..d| +00000350 4f 36 6c ce 71 77 48 11 d3 67 17 03 03 00 99 95 |O6l.qwH..g......| +00000360 8d bd 37 34 e3 dd 4d ea 36 29 b4 6a 45 f1 5b e5 |..74..M.6).jE.[.| +00000370 d2 99 f5 a9 8d d2 80 1e 17 6d 2d 33 c8 11 8a 3e |.........m-3...>| +00000380 3d e2 58 3e 4b da aa d0 45 1f 1a 67 3c 53 7e c2 |=.X>K...E..g>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 02 1e 64 ba 97 ba 8d |...........d....| -00000010 3f 1b d5 5b c5 2e e5 b9 10 01 37 c9 5c e5 ed 39 |?..[......7.\..9| -00000020 7f 9c 8b f8 ef 50 64 5e 30 05 16 ac 80 51 96 78 |.....Pd^0....Q.x| -00000030 2a 50 0f 1e d8 76 ab fd bd 7f 3b 17 7e 1d e9 f5 |*P...v....;.~...| -00000040 03 76 1b 66 3d 15 dc f3 65 a2 aa a9 23 89 09 e9 |.v.f=...e...#...| -00000050 dc de a6 27 fc 21 d9 97 d4 08 05 9a 1c 49 8c ee |...'.!.......I..| -00000060 fc bd f1 9f e2 4e 3a e3 ee 07 39 d0 34 05 cb 18 |.....N:...9.4...| -00000070 83 2b 68 45 df 84 4b b2 c3 79 42 73 b9 f1 1c f2 |.+hE..K..yBs....| -00000080 5f d9 5c f5 7c 4e 86 5e 97 78 ea 0a fa e7 60 68 |_.\.|N.^.x....`h| -00000090 80 c3 17 5f e7 92 9d 6e 9a 92 37 84 92 4b 83 9c |..._...n..7..K..| -000000a0 fa 4c 2a 82 23 eb 67 d0 b2 cc 9e 59 8f 2c e7 bc |.L*.#.g....Y.,..| -000000b0 b3 4f 2a 0c 93 bf 17 b8 48 70 5e 0a 85 92 6d 2a |.O*.....Hp^...m*| -000000c0 ac 81 9e cd 2c 59 fc a7 e3 5b 82 d5 e3 f5 cd c2 |....,Y...[......| -000000d0 8a 68 b8 e9 36 e2 08 0b f7 09 9c 17 95 a3 5e 3d |.h..6.........^=| -000000e0 ef 7c c6 5c fe 32 9e 9d 31 c9 b7 76 5a 71 c3 d7 |.|.\.2..1..vZq..| -000000f0 cd e3 c6 70 e5 2f 07 df 1d b4 34 56 0b ed 52 13 |...p./....4V..R.| -00000100 bc b2 ac 66 0c 84 b0 2e 32 93 08 f2 04 91 8e e3 |...f....2.......| -00000110 7b 7f 22 2a a9 04 50 5c 78 f1 06 c5 fd 2c 4c 77 |{."*..P\x....,Lw| -00000120 a9 17 b5 a8 42 6d f2 0e 87 32 d3 7f be 9e 1d 09 |....Bm...2......| -00000130 50 10 25 9d f1 a5 25 c3 c2 be 0d 8d 8e 96 5e 1c |P.%...%.......^.| -00000140 83 06 45 bc f0 5b 6f b5 0a 02 2a cc ce ac 7e 62 |..E..[o...*...~b| -00000150 f0 b1 89 25 30 bc 12 d2 da f9 1d d0 46 55 97 4c |...%0.......FU.L| -00000160 09 39 e1 a5 1f 4d e1 aa bd 6f 1f 0d 79 4a aa 49 |.9...M...o..yJ.I| -00000170 73 25 dc a5 bd f7 2b 64 3c 84 ed b0 ef 13 c5 6c |s%....+d<......l| -00000180 16 8b 27 bf a5 3d 15 f2 4a 3b 53 ad ba e9 9e 2a |..'..=..J;S....*| -00000190 6d f2 44 5c 66 69 04 94 27 99 08 8e c2 7e c6 69 |m.D\fi..'....~.i| -000001a0 f7 65 1d 0b a5 8c 35 52 0b f1 bd 59 ca d1 bf 44 |.e....5R...Y...D| -000001b0 47 b0 7b f8 3b a0 84 55 73 c2 83 bb 9d e0 bc ed |G.{.;..Us.......| -000001c0 60 07 32 ce 71 b3 60 12 ef ca 28 bb 6c fb bb c7 |`.2.q.`...(.l...| -000001d0 3e eb 05 65 a5 26 1a 6c 40 c8 b4 4e 31 12 a0 96 |>..e.&.l@..N1...| -000001e0 19 66 86 f5 1e f8 bd 6d f4 2e 98 60 fe ff 22 1e |.f.....m...`..".| -000001f0 a9 27 49 87 77 7d b4 5d ea f8 bc 3a 10 15 84 8c |.'I.w}.]...:....| -00000200 cd aa 2c e8 94 93 a5 ee db 7a d8 96 e9 d5 68 e9 |..,......z....h.| -00000210 34 68 40 5b dd 18 dc f0 ef b7 17 72 fd 06 70 d1 |4h@[.......r..p.| -00000220 b6 89 ae 66 40 40 f7 61 0b 17 03 03 00 a4 26 c1 |...f@@.a......&.| -00000230 3c d9 6c 83 52 e3 5e 64 46 7f 12 1d 3d c7 7d 0f |<.l.R.^dF...=.}.| -00000240 a9 8f d3 45 f5 81 46 16 24 c6 c3 7e 5f e4 25 be |...E..F.$..~_.%.| -00000250 00 33 7a 1c 35 d4 5c 64 54 56 08 66 4d 2f 68 15 |.3z.5.\dTV.fM/h.| -00000260 1b 71 d9 aa c9 9e e0 cc d2 73 a9 99 41 9b 08 1f |.q.......s..A...| -00000270 d4 41 de e5 4f 1f 30 65 61 02 8e 6f 79 d7 47 86 |.A..O.0ea..oy.G.| -00000280 2f e6 0e 65 9e 06 e8 98 d1 fe bc 89 b4 bc f4 9b |/..e............| -00000290 70 02 06 e4 9d 37 dd 1b 63 b6 06 62 1a c7 45 30 |p....7..c..b..E0| -000002a0 9d 08 64 35 8b 96 88 9a 1e 58 2f d0 ef 44 39 04 |..d5.....X/..D9.| -000002b0 3c bf e2 e6 c4 73 de f9 b0 10 ed 56 eb 04 bd 4e |<....s.....V...N| -000002c0 89 38 50 3b e7 e5 12 7c 8e 74 b2 a5 79 2d 88 7b |.8P;...|.t..y-.{| -000002d0 e5 1b 17 03 03 00 35 42 b2 61 24 4c 38 b5 d1 42 |......5B.a$L8..B| -000002e0 93 12 66 c5 be 3c f0 b1 b2 6b 86 07 99 7d f3 e4 |..f..<...k...}..| -000002f0 74 2b 43 98 38 df 70 7a e5 f7 67 cf c3 08 23 19 |t+C.8.pz..g...#.| -00000300 4a cf 06 26 fe 56 4a 97 4a 82 70 09 17 03 03 00 |J..&.VJ.J.p.....| -00000310 17 9b 3f bb 09 7d 4f c9 05 42 f7 d1 a7 59 0c a7 |..?..}O..B...Y..| -00000320 c6 9b 36 e1 46 ad 9b 89 17 03 03 00 13 ae a5 51 |..6.F..........Q| -00000330 76 d8 3a 77 a8 a0 38 70 bf be c8 fb ff fe 53 09 |v.:w..8p......S.| +00000000 14 03 03 00 01 01 17 03 03 02 1e 31 90 3b bb 10 |...........1.;..| +00000010 9e ff 8b 88 b5 c5 fb 2a 4d 58 cb 60 ca 89 8a e8 |.......*MX.`....| +00000020 19 e1 23 04 01 ed 04 2b 26 45 8d ca 27 f4 de 39 |..#....+&E..'..9| +00000030 ca 91 7f e8 fc 7f b5 0e 71 65 3c 2c 35 9e 14 2a |........qe<,5..*| +00000040 61 79 64 8f 57 0e b2 4e 9f 1c b1 ee 42 88 dd d5 |ayd.W..N....B...| +00000050 63 4c 63 8b e2 51 7e b0 05 38 27 a3 3d 8f 6e 6c |cLc..Q~..8'.=.nl| +00000060 ef 8e 7a 45 b5 06 cc fb 1c 8e 75 97 cd 9a 70 3f |..zE......u...p?| +00000070 13 cb 9e e5 7d 95 80 4e ed dc 8a 2e e0 f6 b2 da |....}..N........| +00000080 9e f4 98 c2 f7 04 6f 62 19 16 57 24 18 de 70 04 |......ob..W$..p.| +00000090 6f c9 93 28 95 95 2d c0 c8 ed 8a f0 17 d9 fe 90 |o..(..-.........| +000000a0 81 60 10 2a fd 88 23 39 4d 8e c4 74 83 76 c8 64 |.`.*..#9M..t.v.d| +000000b0 20 36 f2 e8 27 b0 44 94 19 88 2e 96 66 70 fc 96 | 6..'.D.....fp..| +000000c0 b1 2e 4c 04 9b 9f 10 bf c2 52 d7 42 44 c0 83 da |..L......R.BD...| +000000d0 cf 20 ab 5b 80 f9 ee 1d 56 f9 ef 28 15 6a c2 92 |. .[....V..(.j..| +000000e0 dc 8d c3 1a fd be 93 9b 67 55 5d c7 1c d3 1a e1 |........gU].....| +000000f0 d7 9a b0 51 85 83 1a 37 3f 6c 98 04 73 54 d4 12 |...Q...7?l..sT..| +00000100 7e af 5f b2 08 56 25 0d f1 51 73 91 c8 ef 41 ca |~._..V%..Qs...A.| +00000110 5f 4d 9e 2b bb c7 55 d0 98 72 f8 2b d7 6b d9 09 |_M.+..U..r.+.k..| +00000120 73 96 56 e9 6a 9c d6 b2 1f c0 0e 16 ef 48 bb 0f |s.V.j........H..| +00000130 e0 da 90 19 9e e0 b2 eb be 9b 69 e7 81 de b9 ea |..........i.....| +00000140 80 49 ce be 05 9d a9 ba d6 86 00 58 00 58 87 a5 |.I.........X.X..| +00000150 b6 c6 a5 55 05 7d 8b 24 09 ab fb f1 63 91 90 f3 |...U.}.$....c...| +00000160 29 5c 7c 6c 65 0b b9 12 63 75 a7 f7 56 ea a9 cd |)\|le...cu..V...| +00000170 34 70 74 02 33 2e 93 6e 21 d0 7d 74 ef a1 50 2b |4pt.3..n!.}t..P+| +00000180 88 22 fc 60 b2 e1 3e a3 c3 b8 42 ab 00 0a 98 bb |.".`..>...B.....| +00000190 4b d9 78 a1 ae 34 71 df 9e 04 4e 3b be 46 e0 90 |K.x..4q...N;.F..| +000001a0 c9 b5 a4 69 d7 65 7d 55 8a e1 90 85 8c f0 88 5e |...i.e}U.......^| +000001b0 fa 2e b7 f6 63 52 1f 29 bf 2b 9a 1e ac 9c a1 04 |....cR.).+......| +000001c0 5b 9a 08 14 10 11 ad 12 62 01 49 d5 26 9a 65 3c |[.......b.I.&.e<| +000001d0 e7 af dc 93 f5 7e 32 51 74 4b de 32 30 91 5d b1 |.....~2QtK.20.].| +000001e0 8b 45 cc a3 ff f0 25 be a4 7c 0b da 0c 42 27 c7 |.E....%..|...B'.| +000001f0 a8 bf 08 6c e3 66 8a 9f 62 e2 fb 71 11 57 4b b7 |...l.f..b..q.WK.| +00000200 fb 5c fb e3 3a c5 f6 92 dd cd 1d d7 11 61 da 9b |.\..:........a..| +00000210 01 13 cc 79 0d c2 14 fd b5 1e ee f0 b0 37 a1 9d |...y.........7..| +00000220 21 67 b3 c6 a7 5a eb 02 4e 17 03 03 00 a4 d0 6f |!g...Z..N......o| +00000230 b4 2a 8a db 3a 5e d3 cf c0 00 a9 f3 e3 6c c4 43 |.*..:^.......l.C| +00000240 d4 f1 9d f0 be 1d c2 22 5e 9a 10 0a 30 05 18 56 |......."^...0..V| +00000250 94 bb 95 f4 33 05 30 8b 1f 63 ba d2 df dd f6 9d |....3.0..c......| +00000260 41 d8 74 43 12 57 ab 20 62 1e 0c 68 a1 43 68 6f |A.tC.W. b..h.Cho| +00000270 ef 5f bf f8 d2 cf 8c d0 01 e3 df 1d 4a d2 c9 a8 |._..........J...| +00000280 0b eb 24 bf 74 9d f1 ac 0d 5a ce 7b 18 cf 9b bc |..$.t....Z.{....| +00000290 ef fe 5b 9f e5 6c 16 2d 85 4f 2f 21 3b 55 c5 e3 |..[..l.-.O/!;U..| +000002a0 6c b9 a3 50 74 d6 75 46 58 7c 60 c4 a2 1a 32 ba |l..Pt.uFX|`...2.| +000002b0 48 e6 62 db 93 57 4a 47 8e c0 91 44 d8 a8 50 d0 |H.b..WJG...D..P.| +000002c0 a0 1d 80 0a b0 54 d4 c2 f4 c1 0d b0 5b eb 4a 6e |.....T......[.Jn| +000002d0 b3 59 17 03 03 00 35 da 2f c1 1d 24 90 21 c7 0a |.Y....5./..$.!..| +000002e0 e5 f9 70 b5 93 7f 52 95 7f 1d 1a 48 7e 6e 6b 1d |..p...R....H~nk.| +000002f0 ac 44 95 8a 4a f4 f8 3f b0 68 0d 88 b0 f6 be 1b |.D..J..?.h......| +00000300 53 f6 c9 2a bc b7 c9 4a 9c 67 ab cb 17 03 03 00 |S..*...J.g......| +00000310 17 68 93 00 49 89 49 36 d6 1b 1b 59 78 23 16 1a |.h..I.I6...Yx#..| +00000320 82 44 23 e7 99 28 a1 ee 17 03 03 00 13 7f f4 b6 |.D#..(..........| +00000330 ad a5 f6 b0 1e ba 90 de f4 8a 9e 67 02 2d 54 1a |...........g.-T.| diff --git a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES index 1132b39f..47fc8ac5 100644 --- a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES @@ -1,11 +1,10 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 63 01 00 00 5f 03 01 38 de f5 d6 ae |....c..._..8....| -00000010 46 71 e8 02 f2 45 88 b8 64 fb 6e 68 67 d1 7f e8 |Fq...E..d.nhg...| -00000020 49 71 1e a9 ec 8e 54 06 bb 2b 16 00 00 04 c0 0a |Iq....T..+......| -00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| -00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000060 00 16 00 00 00 17 00 00 |........| +00000000 16 03 01 00 51 01 00 00 4d 03 01 1f 7c 58 1e 8d |....Q...M...|X..| +00000010 a4 41 a6 50 c7 4f 6b 01 6d a6 11 60 e9 cb be 78 |.A.P.Ok.m..`...x| +00000020 df d6 28 ec 34 75 26 ff 1a 09 83 00 00 04 c0 0a |..(.4u&.........| +00000030 00 ff 01 00 00 20 00 0b 00 04 03 00 01 02 00 0a |..... ..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 |......| >>> Flow 2 (server to client) 00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -44,37 +43,36 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 01 00 b5 0c 00 00 b1 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 01 00 b3 0c 00 00 af 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 8b 30 81 |......._X.;t..0.| -00000280 88 02 42 01 ad 26 fd 16 9a 93 5f 87 ce 29 8c d2 |..B..&...._..)..| -00000290 56 a7 d2 59 56 bd d3 1f 90 54 bd af 91 81 25 ff |V..YV....T....%.| -000002a0 66 74 57 16 2f 31 f2 5a 48 97 03 b9 41 4c 8e bb |ftW./1.ZH...AL..| -000002b0 87 31 ed 71 84 37 63 78 9f 0a c7 9d 5e f3 5a 53 |.1.q.7cx....^.ZS| -000002c0 88 89 46 ba a7 02 42 00 92 74 15 1c 0e 1f 2f 95 |..F...B..t..../.| -000002d0 e5 79 d5 e9 90 ce d8 96 0d fd b8 42 55 00 94 08 |.y.........BU...| -000002e0 4e 47 a9 ea bd 67 0b 02 a6 9e 8b d3 09 e5 53 ea |NG...g........S.| -000002f0 03 22 2e 2d 78 2c 69 1d 28 ab 13 3d 0a 46 15 09 |.".-x,i.(..=.F..| -00000300 b6 0b 74 69 2d 5a 96 bf b6 16 03 01 00 04 0e 00 |..ti-Z..........| -00000310 00 00 |..| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 89 30 81 |......._X.;t..0.| +00000280 86 02 41 5a be 3b 57 47 18 04 6e 40 99 4b ff 41 |..AZ.;WG..n@.K.A| +00000290 01 cb 57 69 6f 98 75 c1 50 be 58 ca 09 f3 cd 24 |..Wio.u.P.X....$| +000002a0 1d 5b c6 84 43 ce ab 8e 4c 0b 21 a3 64 47 a1 db |.[..C...L.!.dG..| +000002b0 27 3d e4 95 a1 d5 bf 09 26 d3 66 90 93 18 8f 1f |'=......&.f.....| +000002c0 3f 0c ac c7 02 41 0d a7 79 b4 4d 52 f0 6c 40 e8 |?....A..y.MR.l@.| +000002d0 15 c6 1d 31 50 5e 68 5d 24 4c 01 90 40 d8 7a 36 |...1P^h]$L..@.z6| +000002e0 5e 06 68 96 ac e9 85 3c 6c 5d ed b6 63 90 85 2c |^.h....>> Flow 3 (client to server) -00000000 16 03 01 00 25 10 00 00 21 20 82 c0 dd 83 c2 45 |....%...! .....E| -00000010 a2 bc 3a 2a ec ab 60 8e 02 e0 db 7c 59 83 c1 62 |..:*..`....|Y..b| -00000020 c7 cc 61 1e de dc 40 e4 65 6c 14 03 01 00 01 01 |..a...@.el......| -00000030 16 03 01 00 30 3e 26 56 0b a2 10 47 00 55 27 21 |....0>&V...G.U'!| -00000040 63 33 f2 7d 4b ba 77 5f e7 a7 09 7a 1f 51 85 f2 |c3.}K.w_...z.Q..| -00000050 46 a5 af 80 79 1a c7 72 bb 3d f9 dd 1d 83 05 22 |F...y..r.=....."| -00000060 c9 6c dd 91 d9 |.l...| +00000000 16 03 01 00 25 10 00 00 21 20 16 38 d1 9b d1 09 |....%...! .8....| +00000010 07 34 7a e6 72 21 ec 59 46 10 7f 58 03 ac 52 27 |.4z.r!.YF..X..R'| +00000020 f2 2e f7 c5 98 7a f1 94 cc 56 14 03 01 00 01 01 |.....z...V......| +00000030 16 03 01 00 30 1a 3b 60 62 b5 e1 36 3e 1d 0a 26 |....0.;`b..6>..&| +00000040 ad f8 fd a1 5a c1 8e da 17 99 ec 5a 77 36 70 90 |....Z......Zw6p.| +00000050 40 05 0e 36 1c fe 23 a4 a9 d5 68 a4 c7 d1 54 be |@..6..#...h...T.| +00000060 7f 08 5f db ac |.._..| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 38 fa fd 42 8f |..........08..B.| -00000010 80 5a 7c 33 d4 6c 72 f7 4e 2f 00 ab c2 86 58 9d |.Z|3.lr.N/....X.| -00000020 fc a5 43 fa ea 5b a1 ee a9 df df 9d 90 4c c0 e3 |..C..[.......L..| -00000030 10 09 c4 23 21 f9 e9 69 f5 f8 fa 17 03 01 00 20 |...#!..i....... | -00000040 1e 57 17 e4 96 06 32 d4 00 a3 98 ed bd 1c 61 78 |.W....2.......ax| -00000050 e7 0d 89 ec 84 c3 56 fa 75 73 87 6f 47 35 80 3f |......V.us.oG5.?| -00000060 17 03 01 00 30 4d 51 0a dd 70 6d b0 c2 d1 46 5c |....0MQ..pm...F\| -00000070 b5 03 87 de e6 65 d3 e2 83 e0 33 f8 a2 0a 29 7f |.....e....3...).| -00000080 6c 24 2b 1f 7b 2b 53 19 21 e9 62 6c 31 75 9c be |l$+.{+S.!.bl1u..| -00000090 5b b0 3d 5b 1a 15 03 01 00 20 19 51 64 4b 5a 9b |[.=[..... .QdKZ.| -000000a0 c8 2a 1c e7 9e 29 d9 df ad 1d 08 09 82 a3 b1 1d |.*...)..........| -000000b0 60 99 00 25 30 51 a1 72 b6 27 |`..%0Q.r.'| +00000000 14 03 01 00 01 01 16 03 01 00 30 e9 c6 49 cf 75 |..........0..I.u| +00000010 77 32 9e 8e b1 86 2f a5 c5 ec d3 68 ba 03 e9 f0 |w2..../....h....| +00000020 87 0c 91 7b ad 80 1b 6e 7b 5d e5 58 85 ef 64 67 |...{...n{].X..dg| +00000030 b1 b0 d7 5f ed a8 72 54 b9 ad bb 17 03 01 00 20 |..._..rT....... | +00000040 7e 4d 0a 36 fc 9a 53 1e 18 70 08 4b 0d 46 dd 70 |~M.6..S..p.K.F.p| +00000050 60 aa 17 5f 4c 65 f3 5b c2 1d 25 70 3a 17 86 c3 |`.._Le.[..%p:...| +00000060 17 03 01 00 30 cf 19 e6 f3 aa 5f dd 6d 33 d2 c6 |....0....._.m3..| +00000070 4e 6f 74 01 5a a5 46 a4 4d 56 cd 46 7e 8e 24 5e |Not.Z.F.MV.F~.$^| +00000080 b8 1b ad 60 a7 3a 45 6a ee 00 16 37 90 3d 05 01 |...`.:Ej...7.=..| +00000090 e1 89 cb fe 2c 15 03 01 00 20 0f 5e fc 03 7b e2 |....,.... .^..{.| +000000a0 e0 f9 68 19 ea 6c 8b 01 c8 07 03 c8 04 0b bd ba |..h..l..........| +000000b0 59 59 3d bc e2 71 20 52 98 08 |YY=..q R..| diff --git a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA index 63e0edb6..413a1763 100644 --- a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA +++ b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA @@ -1,17 +1,16 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 cb 01 00 00 c7 03 03 3f 5d 09 25 4e |...........?].%N| -00000010 82 83 13 89 ba 89 43 d5 43 4f f1 c3 2f 08 77 39 |......C.CO../.w9| -00000020 bf eb c7 1d 4b d6 85 c8 17 2f 83 00 00 38 c0 2c |....K..../...8.,| +00000000 16 03 01 00 b9 01 00 00 b5 03 03 26 77 87 e6 2f |...........&w../| +00000010 cf 42 85 3f bf 97 c3 c1 b2 16 cc fd dc f5 2c c7 |.B.?..........,.| +00000020 a5 3b 92 94 a1 f9 7d 20 06 c7 48 00 00 38 c0 2c |.;....} ..H..8.,| 00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| 00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| 00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| -00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| -00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| -00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| -00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| -000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| -000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| -000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| +00000060 00 35 00 2f 00 ff 01 00 00 54 00 0b 00 04 03 00 |.5./.....T......| +00000070 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| +00000080 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000090 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +000000a0 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +000000b0 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -50,39 +49,39 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| -00000280 30 81 88 02 42 01 5c 2a 30 4f 9f dc df a8 33 06 |0...B.\*0O....3.| -00000290 3b bc 35 46 6a 9c a3 a1 26 ec 42 29 bf 63 b3 9b |;.5Fj...&.B).c..| -000002a0 8c bf 7b 07 8d 28 eb 41 68 7a 8a 1b f3 de a9 dc |..{..(.Ahz......| -000002b0 1e d1 21 3c 4d 24 df 89 90 b6 f2 fb ad 60 d2 27 |..!V..F.| -000002e0 b4 e5 90 72 ed af 71 0d fb e6 39 2f d5 4b 73 ba |...r..q...9/.Ks.| -000002f0 85 d2 a4 bf 99 74 d7 81 eb 3e 69 4d f0 12 1e 3c |.....t...>iM...<| -00000300 53 ca f0 35 85 ef ff ed cc 0f f7 16 03 03 00 04 |S..5............| -00000310 0e 00 00 00 |....| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8a |......._X.;t....| +00000280 30 81 87 02 42 00 f9 82 66 d5 95 95 75 b1 51 fa |0...B...f...u.Q.| +00000290 2b a0 36 f9 a5 4a d9 8a 19 bd 69 ac 20 cd 55 c9 |+.6..J....i. .U.| +000002a0 4e fc 3e 4e c3 a5 46 fa aa f7 70 97 a0 a0 3c a3 |N.>N..F...p...<.| +000002b0 4d a2 da 87 e6 7c 27 ed ae 74 8a 33 7f 60 a5 a9 |M....|'..t.3.`..| +000002c0 38 5b 4c 7b 06 b8 48 02 41 18 42 80 28 92 1a a3 |8[L{..H.A.B.(...| +000002d0 38 2e 59 22 4d 37 a3 a6 3d cc e8 6e 92 c6 b8 95 |8.Y"M7..=..n....| +000002e0 81 39 d1 fd e2 60 75 bd 09 a2 7d 01 04 ca 2d 29 |.9...`u...}...-)| +000002f0 38 db c9 1a 32 92 9f f1 81 dd 09 b4 f6 c5 60 53 |8...2.........`S| +00000300 ce 47 e4 01 be 53 33 11 61 7e 16 03 03 00 04 0e |.G...S3.a~......| +00000310 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 b8 a6 ed 33 20 59 |....%...! ...3 Y| -00000010 76 0b 7c 87 53 f1 12 c1 46 d9 db 68 c0 6f d6 30 |v.|.S...F..h.o.0| -00000020 ea e0 64 04 54 7a 4c 95 03 41 14 03 03 00 01 01 |..d.TzL..A......| -00000030 16 03 03 00 40 c0 70 29 39 a0 8a bd 59 58 88 44 |....@.p)9...YX.D| -00000040 ea 10 b4 79 3e 0e 72 b7 2a 03 6d 4d 5a 24 f5 c0 |...y>.r.*.mMZ$..| -00000050 4e e5 19 f0 fb 66 ca 97 89 4b 67 dc bb 19 cd 0b |N....f...Kg.....| -00000060 6e 74 01 d3 a4 9a ab af 8e 44 10 99 ac ff 9e 9e |nt.......D......| -00000070 17 04 56 78 55 |..VxU| +00000000 16 03 03 00 25 10 00 00 21 20 61 b0 b4 1a ab 94 |....%...! a.....| +00000010 34 68 e0 fb 20 de c5 72 d5 0b fa 9d 2e 6c ac c7 |4h.. ..r.....l..| +00000020 81 07 9a 73 cc 39 62 db 41 70 14 03 03 00 01 01 |...s.9b.Ap......| +00000030 16 03 03 00 40 8d 90 9b 5b b9 7d 3a aa 14 bc 84 |....@...[.}:....| +00000040 04 59 77 ae a4 d3 1a 2b 7f b5 a5 d6 8e 0f d1 18 |.Yw....+........| +00000050 65 35 80 51 ff 85 c9 27 20 d8 c8 bc 67 17 a3 e8 |e5.Q...' ...g...| +00000060 a9 cc 0f 48 39 64 ec bd 8f 5e 27 77 15 6d be 50 |...H9d...^'w.m.P| +00000070 26 f1 d1 54 85 |&..T.| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 01 a0 6b 2c c5 |.............k,.| -00000020 7e 83 70 b5 2c 8c 43 b6 8b 2e 18 2a 1d be 11 6d |~.p.,.C....*...m| -00000030 13 f9 ba b5 de db 01 2a 64 d9 5b 24 c9 61 a1 4d |.......*d.[$.a.M| -00000040 11 bb fc b1 86 61 b0 04 a9 cd 1e 17 03 03 00 40 |.....a.........@| +00000010 00 00 00 00 00 00 00 00 00 00 00 7a f1 62 3b 55 |...........z.b;U| +00000020 9f 76 d8 69 c3 63 9c f3 59 a5 5a 44 96 4f 71 4e |.v.i.c..Y.ZD.OqN| +00000030 86 29 2a 15 80 d4 e9 49 21 c3 0b dd f1 e9 5b 6d |.)*....I!.....[m| +00000040 01 3d ce 6f 35 26 f3 f4 fe e6 c5 17 03 03 00 40 |.=.o5&.........@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 d8 98 85 b4 cb 61 39 69 2f b1 1f 24 c1 5a 4f e3 |.....a9i/..$.ZO.| -00000070 0b 20 5d 6c 3f 3f 82 3a a3 8a b3 cf e9 41 bb 60 |. ]l??.:.....A.`| -00000080 ed b6 67 a0 76 39 ab 93 a5 35 d0 42 b3 a7 4c 92 |..g.v9...5.B..L.| +00000060 20 0d d4 7a f9 98 6e ae 88 55 f1 21 84 44 e5 6a | ..z..n..U.!.D.j| +00000070 37 1f 87 f0 79 cc 73 22 07 51 e8 f5 25 c9 e5 b0 |7...y.s".Q..%...| +00000080 13 2f fb 31 47 4e d6 29 93 cb ab 2f 42 89 1d 2f |./.1GN.).../B../| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 c7 0d 06 b2 2b 73 ab ed 16 88 6f |.........+s....o| -000000b0 62 77 fb 48 e4 5e 6d 7e 24 02 b6 08 fa 46 c8 76 |bw.H.^m~$....F.v| -000000c0 18 fc f4 c4 08 |.....| +000000a0 00 00 00 00 00 05 96 9a af 6b 7f 27 ff 2e 04 23 |.........k.'...#| +000000b0 0d c9 d1 1c cd 8a 61 5f d4 47 44 81 c2 e7 5e 12 |......a_.GD...^.| +000000c0 00 07 4b 42 98 |..KB.| diff --git a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES index d7e61880..9b43f8c7 100644 --- a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES @@ -1,14 +1,13 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 97 01 00 00 93 03 03 86 3b 10 1e 5f |............;.._| -00000010 81 eb 21 bd 77 47 61 e9 3f 82 85 14 91 8c ab 7d |..!.wGa.?......}| -00000020 84 bd b1 f0 06 20 8a 7b 06 d6 78 00 00 04 c0 0a |..... .{..x.....| -00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| -00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| -00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| -00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| -00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| +00000000 16 03 01 00 85 01 00 00 81 03 03 db 38 f7 49 28 |............8.I(| +00000010 97 e3 27 9d 20 02 82 7f fa b8 cd 67 c6 41 26 32 |..'. ......g.A&2| +00000020 e7 b6 e7 62 fa dd 5f 3e 42 c2 5f 00 00 04 c0 0a |...b.._>B._.....| +00000030 00 ff 01 00 00 54 00 0b 00 04 03 00 01 02 00 0a |.....T..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 |.........0......| +00000060 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000070 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000080 03 02 02 02 04 02 05 02 06 02 |..........| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -47,39 +46,39 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| -00000280 30 81 88 02 42 01 c5 d1 36 97 5b 0e 5e a6 90 50 |0...B...6.[.^..P| -00000290 a0 2e 80 b5 df d7 5a f6 95 0d a4 c6 f0 da 2e e7 |......Z.........| -000002a0 91 79 9f 85 2e ef ca 66 3c f7 c4 7b bd 61 70 bb |.y.....f<..{.ap.| -000002b0 16 c5 aa 00 35 33 ae 58 00 b3 f1 fe 0f 77 52 23 |....53.X.....wR#| -000002c0 f4 40 ba 4b c7 e5 43 02 42 01 64 af ab 8a 87 38 |.@.K..C.B.d....8| -000002d0 a1 7f b8 ae 84 0e a4 ff ad 16 09 44 0b 65 67 70 |...........D.egp| -000002e0 12 7f 1a 37 9a 1d 5e b7 3b 63 df f9 6b f1 b9 ba |...7..^.;c..k...| -000002f0 6b 35 8f b3 03 da 3d 61 00 3d 4e 75 b4 d0 92 d5 |k5....=a.=Nu....| -00000300 ee 50 9d d7 f9 26 69 e6 ec cf 3b 16 03 03 00 04 |.P...&i...;.....| -00000310 0e 00 00 00 |....| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8a |......._X.;t....| +00000280 30 81 87 02 42 00 af 31 9a 20 79 6e 4f 35 81 fa |0...B..1. ynO5..| +00000290 54 00 f0 7b bc 4a a0 fa 72 29 54 e6 8c 41 5b e3 |T..{.J..r)T..A[.| +000002a0 0e 3f ec d9 f1 af ab 75 42 ba d0 69 ce 69 93 72 |.?.....uB..i.i.r| +000002b0 d2 21 b5 9a ea 80 3b 65 87 93 c0 c0 5a d0 3f c6 |.!....;e....Z.?.| +000002c0 ee ad 2d e1 53 f5 f4 02 41 13 e5 95 01 ff 4f 67 |..-.S...A.....Og| +000002d0 e8 34 00 ae d3 99 f7 2d 3a 19 c8 cf 91 48 79 ee |.4.....-:....Hy.| +000002e0 6b fe ee 47 f7 3e 87 23 24 fb 72 08 e2 f4 44 89 |k..G.>.#$.r...D.| +000002f0 09 c6 08 6f 9d 7e 43 36 31 67 6e f6 8a f4 5e fa |...o.~C61gn...^.| +00000300 dd 42 3b b6 a8 a9 11 ca 43 01 16 03 03 00 04 0e |.B;.....C.......| +00000310 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 54 db 5b a1 4c e0 |....%...! T.[.L.| -00000010 0e 52 a2 45 e3 b4 ac 91 3d e1 de a9 3e eb 80 9e |.R.E....=...>...| -00000020 f5 04 7b fc 82 10 2f d9 d1 41 14 03 03 00 01 01 |..{.../..A......| -00000030 16 03 03 00 40 47 68 cc 5e 68 3f 05 d6 f8 5c 11 |....@Gh.^h?...\.| -00000040 08 a3 91 72 ae 4c 98 67 2f 45 ee 16 6b 8b 2d 28 |...r.L.g/E..k.-(| -00000050 15 34 43 47 f9 46 f2 96 c2 85 d5 cc 03 e0 84 de |.4CG.F..........| -00000060 9c 03 fe bf c9 73 23 15 d0 0f 85 3a 76 db 9f 5d |.....s#....:v..]| -00000070 95 b7 de 9c c2 |.....| +00000000 16 03 03 00 25 10 00 00 21 20 8f 6b fb 70 cb 5a |....%...! .k.p.Z| +00000010 6b b3 2c 65 29 90 c9 c1 30 03 01 a0 bb ab 4a 3a |k.,e)...0.....J:| +00000020 1b fd 5c 85 5b 50 57 68 dd 2a 14 03 03 00 01 01 |..\.[PWh.*......| +00000030 16 03 03 00 40 c8 9b 27 df f2 7f 0c e2 3f 60 aa |....@..'.....?`.| +00000040 0c ed 3e 70 0f 24 b9 75 84 ef 45 ef c1 49 17 ff |..>p.$.u..E..I..| +00000050 bc fc f9 62 0b 1d 12 bb 96 da f8 18 ff ef 66 f7 |...b..........f.| +00000060 68 bf 91 40 f8 99 4a d0 9a 68 55 a4 d9 4c 4c 7d |h..@..J..hU..LL}| +00000070 39 61 a4 df e4 |9a...| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 98 34 52 f3 44 |............4R.D| -00000020 18 69 23 61 ef 8f e9 c0 88 9c ad 1f cb e4 8d 55 |.i#a...........U| -00000030 bd bb 77 9c 65 9d 21 f0 54 4c 46 db 4f e6 e8 ab |..w.e.!.TLF.O...| -00000040 6b 1d 60 38 7f e0 2c 38 ef e7 43 17 03 03 00 40 |k.`8..,8..C....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 aa 26 94 c7 3b |............&..;| +00000020 2e be b5 9d 0b 27 5b b4 54 cf 8d e7 ce 1f 88 4a |.....'[.T......J| +00000030 60 01 32 f6 4c b2 c0 66 b6 30 ae 57 78 99 92 f3 |`.2.L..f.0.Wx...| +00000040 1b d0 db 80 7c 87 4a bb fb f3 45 17 03 03 00 40 |....|.J...E....@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 44 68 90 07 1e 8c 7f db 3e 3f 8c 28 e1 d7 41 38 |Dh......>?.(..A8| -00000070 e2 78 04 e3 42 c2 a9 76 bb 0a ae b9 93 df 81 d7 |.x..B..v........| -00000080 9b 0f 1d 44 19 79 ff 7c 21 8f 75 ca e2 82 cc c4 |...D.y.|!.u.....| +00000060 4d e4 d8 17 70 af 3c 0b 39 c9 8c e9 77 ca 15 4c |M...p.<.9...w..L| +00000070 e5 23 de e0 18 17 48 c8 60 3a 57 7f 10 00 5a 61 |.#....H.`:W...Za| +00000080 f2 39 c6 9a c6 c5 fc 51 a4 5e 9f a0 70 11 d5 d5 |.9.....Q.^..p...| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 82 1f e6 2c 3f c7 55 19 01 0b 62 |........,?.U...b| -000000b0 1a 99 fc f8 d3 b0 38 21 41 92 1a d1 e0 43 96 da |......8!A....C..| -000000c0 80 4b 58 91 c8 |.KX..| +000000a0 00 00 00 00 00 2e 3a 5b 0b d6 7b 12 d8 a7 01 2a |......:[..{....*| +000000b0 79 7c fb 88 f1 75 cc db b0 58 41 db d3 1b bc 85 |y|...u...XA.....| +000000c0 e1 24 b9 ee 2f |.$../| diff --git a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES index d2b02504..98c18f30 100644 --- a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES @@ -1,96 +1,95 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 dc 01 00 00 d8 03 03 90 bc cf 62 d0 |..............b.| -00000010 bc 89 6b 84 ad 18 87 f5 9c 96 0e 02 3f ae a5 4b |..k.........?..K| -00000020 80 70 f8 54 47 b1 78 03 48 4d 06 20 ae 9e 3c 17 |.p.TG.x.HM. ..<.| -00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| -00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 00 04 13 01 |.ea@.|....s.....| -00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| -00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| -00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| -000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| -000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| -000000c0 20 ad 11 a7 07 20 9c cb 33 96 f4 0d 78 a1 89 55 | .... ..3...x..U| -000000d0 6c af 70 f4 ac d6 cb d9 0d 1b 13 fa 50 de 68 17 |l.p.........P.h.| -000000e0 1d |.| +00000000 16 03 01 00 d4 01 00 00 d0 03 03 eb 18 9a be 8a |................| +00000010 aa b6 73 10 6e 82 58 cf 69 df e1 ef c5 7e 3b 63 |..s.n.X.i....~;c| +00000020 56 43 d1 08 dd ce 3c 19 bb b6 57 20 b1 c0 f9 5b |VC....<...W ...[| +00000030 15 1f 4b 24 0c e7 18 7c 45 44 0f b9 e9 bd f4 bc |..K$...|ED......| +00000040 9d 70 fc cd b0 88 d6 8a de ef 19 36 00 04 13 01 |.p.........6....| +00000050 00 ff 01 00 00 83 00 0b 00 04 03 00 01 02 00 0a |................| +00000060 00 16 00 14 00 1d 00 17 00 1e 00 19 00 18 01 00 |................| +00000070 01 01 01 02 01 03 01 04 00 16 00 00 00 17 00 00 |................| +00000080 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................| +00000090 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +000000a0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....| +000000b0 33 00 26 00 24 00 1d 00 20 32 91 8e 3f b1 52 c1 |3.&.$... 2..?.R.| +000000c0 ac 66 b5 cf 09 d0 1f f8 f5 c0 fe df fd 50 12 fc |.f...........P..| +000000d0 d2 68 d8 7f 47 db e6 60 25 |.h..G..`%| >>> Flow 2 (server to client) 00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 20 ae 9e 3c 17 |........... ..<.| -00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| -00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 13 01 00 00 |.ea@.|....s.....| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 b1 c0 f9 5b |........... ...[| +00000030 15 1f 4b 24 0c e7 18 7c 45 44 0f b9 e9 bd f4 bc |..K$...|ED......| +00000040 9d 70 fc cd b0 88 d6 8a de ef 19 36 13 01 00 00 |.p.........6....| 00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| 00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| -00000080 03 03 00 01 01 17 03 03 00 17 f1 16 14 8f 0a b5 |................| -00000090 92 fa 55 d7 fb 6c 33 04 ae c6 ed 3b 90 27 e9 ae |..U..l3....;.'..| -000000a0 e8 17 03 03 02 22 ca b1 97 19 9d da 2e 1d 12 f4 |....."..........| -000000b0 05 af 35 28 1e 85 9d 28 81 f0 5a 83 46 9c df f7 |..5(...(..Z.F...| -000000c0 58 2e 30 fa b9 07 00 cf fe 69 37 5e f2 75 a0 ef |X.0......i7^.u..| -000000d0 f3 ab 60 0b c5 09 72 bd b4 42 2f 45 24 3e 82 d0 |..`...r..B/E$>..| -000000e0 f1 a1 dd 3a de 6a b9 9d 85 2b 83 75 47 c9 d2 c3 |...:.j...+.uG...| -000000f0 25 91 85 c2 a1 97 6a 62 dd aa 19 11 94 e2 6b f9 |%.....jb......k.| -00000100 7d 5a bc 5e d4 64 bc 74 44 85 d1 7a eb 3a ef d5 |}Z.^.d.tD..z.:..| -00000110 96 f4 22 64 61 2b 79 77 ac 8b 61 69 cc eb ad fd |.."da+yw..ai....| -00000120 38 5e 61 74 d9 4f 70 82 06 3b 3e f8 a8 53 7c e8 |8^at.Op..;>..S|.| -00000130 9d 98 43 a1 af 86 ba d9 64 64 f0 e0 b0 8f 39 6b |..C.....dd....9k| -00000140 16 d6 92 09 8d 5b d0 34 f4 14 60 69 a0 28 73 3a |.....[.4..`i.(s:| -00000150 24 7f 81 4e 8b d1 50 49 1a c0 60 92 fd 02 47 6d |$..N..PI..`...Gm| -00000160 d8 97 62 b2 b4 57 8b d7 d1 b6 bf 19 40 cb 13 09 |..b..W......@...| -00000170 ef d6 55 66 39 88 29 e0 14 2d 06 98 d6 b6 bf a6 |..Uf9.)..-......| -00000180 04 10 47 d5 64 fe 38 69 db 33 a4 fc 12 de 83 5b |..G.d.8i.3.....[| -00000190 c9 8e 76 56 bc f7 dd ac 96 c6 a0 ed e5 43 0b 13 |..vV.........C..| -000001a0 1e 78 94 18 fd 57 50 79 08 91 18 aa 84 63 4e 46 |.x...WPy.....cNF| -000001b0 53 db e0 f3 9a 0b d6 13 20 36 aa 56 dd 7a 62 d9 |S....... 6.V.zb.| -000001c0 3f f6 bd 87 74 3c 86 d1 94 a1 04 79 a8 54 e4 8e |?...t<.....y.T..| -000001d0 11 d6 52 42 5c 4b 77 18 b9 d7 db f7 48 9a 69 e1 |..RB\Kw.....H.i.| -000001e0 2d b9 38 38 e4 e8 94 5e b1 7e 2c 81 96 6a a0 ed |-.88...^.~,..j..| -000001f0 bb 35 6a 8c 93 f2 6d 38 70 df 79 54 d9 45 c8 b8 |.5j...m8p.yT.E..| -00000200 b2 9c 0f 9f 70 34 8f ac b3 08 f5 3e b1 d2 5a d7 |....p4.....>..Z.| -00000210 7b ee f3 dc 9a d1 12 c3 77 24 76 9b bf 09 50 a7 |{.......w$v...P.| -00000220 3c ab 7f 1f 99 b5 02 8c ac 5e 85 cc 53 fd ca e0 |<........^..S...| -00000230 c7 e2 41 08 fd cb b0 79 0c 8b 02 4f 80 92 c2 cd |..A....y...O....| -00000240 6c a1 aa 75 d2 4c d1 25 40 7c 14 41 a7 15 20 a3 |l..u.L.%@|.A.. .| -00000250 a6 81 64 7c c0 c7 2d dd 82 84 ad 2a f4 06 f9 61 |..d|..-....*...a| -00000260 23 1c dd c6 ef 72 da 6b eb be 41 f0 b4 5f 9a 02 |#....r.k..A.._..| -00000270 ee a8 f3 bb 05 48 ec 50 a3 ff f3 94 bb d8 a9 6d |.....H.P.......m| -00000280 92 49 7c bf a1 eb 55 26 08 26 d3 80 d6 cb 05 ea |.I|...U&.&......| -00000290 d1 db bf 97 3d 10 ff 4e f6 05 33 23 68 95 31 42 |....=..N..3#h.1B| -000002a0 5a d5 30 61 79 c4 88 7f e1 be 28 ad 72 bb 78 36 |Z.0ay.....(.r.x6| -000002b0 ba bb 38 75 fb 97 33 b6 28 8c a2 f4 46 fe 37 d8 |..8u..3.(...F.7.| -000002c0 b0 67 63 97 c1 51 0c 61 17 03 03 00 a4 20 15 70 |.gc..Q.a..... .p| -000002d0 7a 69 b1 33 c2 e1 f5 9c 2b b2 06 1e 01 a6 7f 03 |zi.3....+.......| -000002e0 cd 00 13 02 3b 0c 2b 3f 85 d8 ed 6d 81 7e e9 b2 |....;.+?...m.~..| -000002f0 b6 be 7b 77 51 30 dd b5 fc 93 08 91 9e 46 e2 85 |..{wQ0.......F..| -00000300 74 3c 9a 04 26 86 b8 6c 98 99 57 7e 36 54 0d 90 |t<..&..l..W~6T..| -00000310 4c 55 65 77 69 59 b2 e5 5b a3 19 4a b0 72 3d 91 |LUewiY..[..J.r=.| -00000320 2e 5d 9b 8c 52 a1 e6 f5 22 c6 3c 0d 9b d8 9c b9 |.]..R...".<.....| -00000330 cb 90 51 bc 16 69 06 30 22 16 62 08 3b 3f 05 99 |..Q..i.0".b.;?..| -00000340 60 2a cc cf 29 f5 e1 b0 84 81 c8 63 00 d4 d4 13 |`*..)......c....| -00000350 b5 5d 4c 63 8a 60 3e 44 24 03 30 85 91 4c 3d f2 |.]Lc.`>D$.0..L=.| -00000360 2c c2 78 f2 c3 4c bb 90 60 0b 66 18 02 e7 5c 85 |,.x..L..`.f...\.| -00000370 19 17 03 03 00 35 49 76 5f ff 32 3a 09 7a 4b f2 |.....5Iv_.2:.zK.| -00000380 fe f3 38 b6 76 f4 12 f2 aa a3 ed b6 02 ab 0b b9 |..8.v...........| -00000390 3b 9d 00 51 f1 5c 96 23 6b 49 f8 32 9f 74 30 32 |;..Q.\.#kI.2.t02| -000003a0 4d af af ef d5 55 2c ff 2b a0 45 17 03 03 00 93 |M....U,.+.E.....| -000003b0 6e e0 6a f9 44 af c0 af 95 ab 1e ff fd 97 38 f5 |n.j.D.........8.| -000003c0 7b 24 70 da e2 4e 8b dc 9b 49 84 fe 73 0a b0 7e |{$p..N...I..s..~| -000003d0 cf 14 f7 8a 67 e7 74 bd ee 82 93 c6 27 a2 bd 1e |....g.t.....'...| -000003e0 cb 71 06 af 65 dd f0 d9 91 81 b0 f8 21 34 48 d1 |.q..e.......!4H.| -000003f0 c4 e0 e3 19 a8 b4 48 b7 3a be 52 e5 7c a8 a3 c2 |......H.:.R.|...| -00000400 08 6c ac 66 4d 36 cf a1 9d 1f 72 c5 09 20 db 05 |.l.fM6....r.. ..| -00000410 e5 0a 44 af 4a d8 32 38 19 7d 28 e3 05 23 99 66 |..D.J.28.}(..#.f| -00000420 f6 ad 77 02 7e 00 67 c1 71 58 b9 89 3c 93 15 95 |..w.~.g.qX..<...| -00000430 ee 38 e2 ea c0 73 fe da e4 75 6d 38 ca 54 0b bf |.8...s...um8.T..| -00000440 f0 af 86 |...| +00000080 03 03 00 01 01 17 03 03 00 17 b5 f6 51 6b 88 3d |............Qk.=| +00000090 19 f7 f0 e2 7b e2 6f 03 86 27 a4 b2 7d 94 dc 2c |....{.o..'..}..,| +000000a0 42 17 03 03 02 22 f3 ae b6 3a 74 78 ef ff a5 a7 |B...."...:tx....| +000000b0 45 cb ec a9 ae 8b ea ba 41 e8 9d 1e fc 01 80 2d |E.......A......-| +000000c0 00 af cd c7 82 8d a2 0a 80 3c d4 e2 19 b0 fe 80 |.........<......| +000000d0 0c 54 81 28 af 4f 11 59 f2 7b 74 8f bd 9e 34 34 |.T.(.O.Y.{t...44| +000000e0 db 5a 33 90 46 fe 84 f0 8a 39 23 2d 00 07 8d 76 |.Z3.F....9#-...v| +000000f0 96 6b 32 82 46 36 f7 7a d0 68 8b 83 9f f9 b4 08 |.k2.F6.z.h......| +00000100 3f c2 3d 38 c0 aa 5c 8b 9a 87 0b 24 52 d0 ec 0e |?.=8..\....$R...| +00000110 9f 26 cc 44 93 7d 9a a0 51 57 d4 f4 3d f3 a7 46 |.&.D.}..QW..=..F| +00000120 a4 d0 37 b0 dc 0a c7 4b aa ca f9 c6 6e 5a 46 0b |..7....K....nZF.| +00000130 44 17 3f 11 1a 0b 82 02 cf ee 9e 4c 62 d3 83 d7 |D.?........Lb...| +00000140 ec 2f ce 9e d5 01 5d 06 28 e9 7c 10 39 99 00 ef |./....].(.|.9...| +00000150 20 cb 64 fd 86 ca e7 df d5 c0 4f e3 60 51 4d c9 | .d.......O.`QM.| +00000160 75 89 44 d8 1d 28 d2 de 6d 9e 56 62 13 4d 50 04 |u.D..(..m.Vb.MP.| +00000170 b3 83 a4 5d 20 c9 e9 2b a1 32 9f 73 d4 39 4a ae |...] ..+.2.s.9J.| +00000180 96 6a 01 8d 63 f6 61 99 31 82 c4 3c e9 c8 bb d5 |.j..c.a.1..<....| +00000190 e3 46 0e 32 3f 37 e1 66 9d 77 46 17 ce f0 f5 37 |.F.2?7.f.wF....7| +000001a0 07 38 cf 9a 03 df e2 93 3a 20 50 ab 50 2a f5 78 |.8......: P.P*.x| +000001b0 06 79 32 92 f4 6a 45 78 8b db d1 34 a3 c5 68 0b |.y2..jEx...4..h.| +000001c0 5d 6b 24 79 42 b4 19 fa d5 81 0b e0 13 20 77 a8 |]k$yB........ w.| +000001d0 c6 f1 36 34 80 34 bf d7 39 ec 1a a5 dd 48 7c 01 |..64.4..9....H|.| +000001e0 24 5c 19 ae ba 80 83 eb 71 61 70 05 17 ab 0b 13 |$\......qap.....| +000001f0 8a 4f 2c 80 19 28 cd 16 0f a7 ba 42 bb 9a 76 f1 |.O,..(.....B..v.| +00000200 24 24 96 17 b0 58 9a 94 64 9f 7f f6 19 75 7a 39 |$$...X..d....uz9| +00000210 2d c8 0f 5a 36 17 ce d7 7f 94 de 9c 25 eb 12 13 |-..Z6.......%...| +00000220 31 2a 18 e3 48 4b 8e bc 3b fa 5e 3b fc 18 f8 b4 |1*..HK..;.^;....| +00000230 cb 6e b2 5a 52 09 a3 ca e4 93 48 56 8c bc 96 5c |.n.ZR.....HV...\| +00000240 ec 4b ed 0c ca b9 76 10 36 b8 61 32 e4 c5 50 d1 |.K....v.6.a2..P.| +00000250 48 e0 62 ee de 64 c7 e4 42 66 b0 25 cb 07 e9 1e |H.b..d..Bf.%....| +00000260 b0 03 f6 8d 61 71 57 10 8f 8d 4a b3 98 23 a4 7f |....aqW...J..#..| +00000270 c8 44 46 17 ed 82 ec e3 da 50 1b 5e 31 0d 27 24 |.DF......P.^1.'$| +00000280 18 c7 08 cc 6d 5e a4 bc 2f c1 1f bc 43 fd 26 a1 |....m^../...C.&.| +00000290 9f 46 c0 b2 61 9e 30 71 6a a8 28 b8 a7 40 ba bc |.F..a.0qj.(..@..| +000002a0 bd 28 3a 90 0b e4 57 b0 4e 07 58 68 22 10 ee 0f |.(:...W.N.Xh"...| +000002b0 aa af 24 d7 95 64 77 b8 9c 6a db d2 a4 1a 9e 28 |..$..dw..j.....(| +000002c0 03 90 c2 90 c6 e7 25 da 17 03 03 00 a4 c5 0d 5b |......%........[| +000002d0 cd b5 3f 54 79 dd ab 78 42 74 2e 1d 34 df bc 02 |..?Ty..xBt..4...| +000002e0 90 c4 7d 36 30 cd 33 34 2c 10 b1 e1 93 1b dc 95 |..}60.34,.......| +000002f0 64 66 fe 36 0f 62 80 63 82 de 7c 25 2a 86 b6 60 |df.6.b.c..|%*..`| +00000300 d8 9e bc ce c1 ba 8c fa c5 2b c3 a0 fb 6e 50 69 |.........+...nPi| +00000310 a7 41 f2 88 04 50 f6 8a 3b 9a 66 c8 4c d4 5c 6f |.A...P..;.f.L.\o| +00000320 77 4e 3a 58 1f 1f ce 26 d9 9e 65 d9 67 15 2a d2 |wN:X...&..e.g.*.| +00000330 b9 7a a5 34 71 92 dc 2f 59 2a 67 92 73 a8 dd 40 |.z.4q../Y*g.s..@| +00000340 5e 11 6a 23 0f b2 6a 2f 1a 23 99 c9 b2 47 67 34 |^.j#..j/.#...Gg4| +00000350 dc 87 3a 3b 9a f8 64 fa da 41 3d 26 b1 fd 21 d8 |..:;..d..A=&..!.| +00000360 05 47 1a 9e 56 05 ca c8 75 04 d8 ae f9 d6 91 1d |.G..V...u.......| +00000370 be 17 03 03 00 35 a6 37 fb 4c c0 13 80 ba 39 27 |.....5.7.L....9'| +00000380 c2 da 78 2f 59 32 04 26 73 2c ee 3e d4 69 b8 75 |..x/Y2.&s,.>.i.u| +00000390 bf c3 17 d0 e5 ab 41 9b 4a 2d a7 78 98 25 ed 52 |......A.J-.x.%.R| +000003a0 0d 4a 49 7f 7f 85 2b 1b 8e 7a 9a 17 03 03 00 93 |.JI...+..z......| +000003b0 4a 22 c6 87 a0 9e 40 44 df f1 71 3c d5 f4 69 3a |J"....@D..q<..i:| +000003c0 35 8e 53 a2 25 a5 eb 65 63 c3 2b 84 34 22 e1 5f |5.S.%..ec.+.4"._| +000003d0 22 66 de 6c 77 ef de 74 34 02 ef 5f e8 b3 ec 22 |"f.lw..t4.._..."| +000003e0 49 40 e6 f2 04 a1 e9 cc 8c 94 69 5c 80 12 5c ba |I@........i\..\.| +000003f0 1b 11 a3 f4 77 8b 33 02 64 47 8a 35 8d 1a a8 91 |....w.3.dG.5....| +00000400 0d 3e 3b b4 35 a5 65 6f 9b 6c 2a 7f 69 56 dd aa |.>;.5.eo.l*.iV..| +00000410 9d e2 22 ea bf 9e 13 2d 7a 12 b3 01 74 26 c6 68 |.."....-z...t&.h| +00000420 3f da 38 cd ef f7 17 a9 12 3a 90 cd 2f 69 0b 00 |?.8......:../i..| +00000430 3e 95 b2 be 70 51 d5 ad cf f9 f2 2c 95 59 74 bd |>...pQ.....,.Yt.| +00000440 87 c1 8f |...| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 00 35 23 02 12 13 f1 |..........5#....| -00000010 db fa 70 c0 92 85 8a d3 fa 80 1b 5c a6 22 ff 20 |..p........\.". | -00000020 5d bf 1d 61 58 34 c0 48 6f e1 26 a6 bf bc 76 c7 |]..aX4.Ho.&...v.| -00000030 8b da ee 54 64 30 c4 5c b1 61 67 82 29 bb 3f 4b |...Td0.\.ag.).?K| +00000000 14 03 03 00 01 01 17 03 03 00 35 9e 5c 12 25 97 |..........5.\.%.| +00000010 bb 3d 7b ad c6 86 fc d4 0e 47 15 c6 a4 53 9c 58 |.={......G...S.X| +00000020 00 6e b0 62 48 71 4a 5e 6e 7d b9 9a 5b 0c 69 97 |.n.bHqJ^n}..[.i.| +00000030 51 5e 86 02 01 ab 3b 98 39 af 0a 09 6d b3 b5 d6 |Q^....;.9...m...| >>> Flow 4 (server to client) -00000000 17 03 03 00 1e 95 c0 53 e2 37 94 09 83 1e 7e 23 |.......S.7....~#| -00000010 dc 9f 02 5e 91 19 b6 f9 72 0d 38 3f 25 ae b2 5f |...^....r.8?%.._| -00000020 4b f2 78 17 03 03 00 13 d2 ad 73 d6 f3 21 ab 7c |K.x.......s..!.|| -00000030 02 dd 63 ff cf d7 34 ca 71 3d 70 |..c...4.q=p| +00000000 17 03 03 00 1e ea c2 18 ba 35 48 30 d9 37 8d 53 |.........5H0.7.S| +00000010 33 11 0a a9 1e 0f 25 99 f1 28 23 e8 d6 88 72 f9 |3.....%..(#...r.| +00000020 d0 04 43 17 03 03 00 13 da 9d 22 c9 26 24 e4 0a |..C.......".&$..| +00000030 83 0a ef 38 d3 12 58 67 ee a3 a8 |...8..Xg...| From d5e1856a98c7b5f7bbbec351fa4cf2b23d7785f7 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 08:03:26 +0000 Subject: [PATCH 29/40] fix: configurable server random w/ downgrade canary --- tls/handshake_server.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tls/handshake_server.go b/tls/handshake_server.go index 746fb1c7..799c8fde 100644 --- a/tls/handshake_server.go +++ b/tls/handshake_server.go @@ -204,10 +204,14 @@ func (hs *serverHandshakeState) processClientHello() error { } serverRandom = serverRandom[:24] } + + // If the server random is being overridden, use it. if len(c.config.ServerRandom) == 32 { copy(hs.hello.random, c.config.ServerRandom) } else { - _, err := io.ReadFull(c.config.rand(), hs.hello.random) + // Otherwise, generate a random server random. If downgrade canary is set, + // this should only update the first 24 bytes of the server random. + _, err := io.ReadFull(c.config.rand(), serverRandom) if err != nil { c.sendAlert(alertInternalError) return err From d3e579ab0359d5ff554ae5630fb231f8e349fdf4 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 11:51:39 +0000 Subject: [PATCH 30/40] fix: Config.Time in tests using expired certificates Adopted from https://github.com/golang/go/commit/d1d93129506c78cc8ee25644384286822d93c81a --- tls/handshake_client_test.go | 23 +++++++++++++++-------- tls/handshake_server_test.go | 2 ++ tls/handshake_test.go | 5 +++++ tls/tls_test.go | 4 +--- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/tls/handshake_client_test.go b/tls/handshake_client_test.go index 68bec896..84c28d9f 100644 --- a/tls/handshake_client_test.go +++ b/tls/handshake_client_test.go @@ -886,6 +886,7 @@ func testResumption(t *testing.T, version uint16) { MaxVersion: version, CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, Certificates: testConfig.Certificates, + Time: testTime, } issuer, err := x509.ParseCertificate(testRSACertificateIssuer) @@ -902,6 +903,7 @@ func testResumption(t *testing.T, version uint16) { ClientSessionCache: NewLRUClientSessionCache(32), RootCAs: rootCAs, ServerName: "example.golang", + Time: testTime, } testResumeState := func(test string, didResume bool) { @@ -949,20 +951,20 @@ func testResumption(t *testing.T, version uint16) { } // An old session ticket can resume, but the server will provide a ticket encrypted with a fresh key. - serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) } + serverConfig.Time = func() time.Time { return testTime().Add(24*time.Hour + time.Minute) } testResumeState("ResumeWithOldTicket", true) if bytes.Equal(ticket[:ticketKeyNameLen], getTicket()[:ticketKeyNameLen]) { t.Fatal("old first ticket matches the fresh one") } // Now the session tickey key is expired, so a full handshake should occur. - serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) } + serverConfig.Time = func() time.Time { return testTime().Add(24*8*time.Hour + time.Minute) } testResumeState("ResumeWithExpiredTicket", false) if bytes.Equal(ticket, getTicket()) { t.Fatal("expired first ticket matches the fresh one") } - serverConfig.Time = func() time.Time { return time.Now() } // reset the time back + serverConfig.Time = testTime // reset the time back key1 := randomKey() serverConfig.SetSessionTicketKeys([][32]byte{key1}) @@ -979,11 +981,11 @@ func testResumption(t *testing.T, version uint16) { testResumeState("KeyChangeFinish", true) // Age the session ticket a bit, but not yet expired. - serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) } + serverConfig.Time = func() time.Time { return testTime().Add(24*time.Hour + time.Minute) } testResumeState("OldSessionTicket", true) ticket = getTicket() // Expire the session ticket, which would force a full handshake. - serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) } + serverConfig.Time = func() time.Time { return testTime().Add(24*8*time.Hour + 2*time.Minute) } testResumeState("ExpiredSessionTicket", false) if bytes.Equal(ticket, getTicket()) { t.Fatal("new ticket wasn't provided after old ticket expired") @@ -993,15 +995,15 @@ func testResumption(t *testing.T, version uint16) { d := 0 * time.Hour for i := 0; i < 13; i++ { d += 12 * time.Hour - serverConfig.Time = func() time.Time { return time.Now().Add(d) } + serverConfig.Time = func() time.Time { return testTime().Add(d) } testResumeState("OldSessionTicket", true) } // Expire it (now a little more than 7 days) and make sure a full // handshake occurs for TLS 1.2. Resumption should still occur for // TLS 1.3 since the client should be using a fresh ticket sent over // by the server. - d += 12 * time.Hour - serverConfig.Time = func() time.Time { return time.Now().Add(d) } + d += 12*time.Hour + 1*time.Minute + serverConfig.Time = func() time.Time { return testTime().Add(d) } if version == VersionTLS13 { testResumeState("ExpiredSessionTicket", true) } else { @@ -1017,6 +1019,7 @@ func testResumption(t *testing.T, version uint16) { MaxVersion: version, CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, Certificates: testConfig.Certificates, + Time: testTime, } serverConfig.SetSessionTicketKeys([][32]byte{key2}) @@ -1655,6 +1658,7 @@ func testVerifyConnection(t *testing.T, version uint16) { Certificates: []Certificate{testConfig.Certificates[0]}, ClientCAs: rootCAs, NextProtos: []string{"protocol1"}, + Time: testTime, } serverConfig.Certificates[0].SignedCertificateTimestamps = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} serverConfig.Certificates[0].OCSPStaple = []byte("dummy ocsp") @@ -1667,6 +1671,7 @@ func testVerifyConnection(t *testing.T, version uint16) { ServerName: "example.golang", Certificates: []Certificate{testConfig.Certificates[0]}, NextProtos: []string{"protocol1"}, + Time: testTime, } test.configureClient(clientConfig, &clientCalled) @@ -2465,11 +2470,13 @@ func testResumptionKeepsOCSPAndSCT(t *testing.T, ver uint16) { ClientSessionCache: NewLRUClientSessionCache(32), ServerName: "example.golang", RootCAs: roots, + Time: testTime, } serverConfig := testConfig.Clone() serverConfig.MaxVersion = ver serverConfig.Certificates[0].OCSPStaple = []byte{1, 2, 3} serverConfig.Certificates[0].SignedCertificateTimestamps = [][]byte{{4, 5, 6}} + serverConfig.Time = testTime _, ccs, err := testHandshake(t, clientConfig, serverConfig) if err != nil { diff --git a/tls/handshake_server_test.go b/tls/handshake_server_test.go index a7acc952..2094033b 100644 --- a/tls/handshake_server_test.go +++ b/tls/handshake_server_test.go @@ -462,12 +462,14 @@ func testCrossVersionResume(t *testing.T, version uint16) { serverConfig := &Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, Certificates: testConfig.Certificates, + Time: testTime, } clientConfig := &Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, InsecureSkipVerify: true, ClientSessionCache: NewLRUClientSessionCache(1), ServerName: "servername", + Time: testTime, } // Establish a session at TLS 1.1. diff --git a/tls/handshake_test.go b/tls/handshake_test.go index c4e5f0ef..b78b42ec 100644 --- a/tls/handshake_test.go +++ b/tls/handshake_test.go @@ -435,6 +435,11 @@ func fromHex(s string) []byte { return b } +// testTime is 2016-10-20T17:32:09.000Z, which is within the validity period of +// [testRSACertificate], [testRSACertificateIssuer], [testRSA2048Certificate], +// [testRSA2048CertificateIssuer], and [testECDSACertificate]. +var testTime = func() time.Time { return time.Unix(1476984729, 0) } + var testRSACertificate = fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7") var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76") diff --git a/tls/tls_test.go b/tls/tls_test.go index 06341e1d..673e8d2a 100644 --- a/tls/tls_test.go +++ b/tls/tls_test.go @@ -1069,8 +1069,6 @@ func TestConnectionState(t *testing.T) { rootCAs := x509.NewCertPool() rootCAs.AddCert(issuer) - now := func() time.Time { return time.Unix(1476984729, 0) } - const alpnProtocol = "golang" const serverName = "example.golang" var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} @@ -1086,7 +1084,7 @@ func TestConnectionState(t *testing.T) { } t.Run(name, func(t *testing.T) { config := &Config{ - Time: now, + Time: testTime, Rand: zeroSource{}, Certificates: make([]Certificate, 1), MaxVersion: v, From 3f733dbe17521aa3b28459feedf977335beb2080 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 12:10:43 +0000 Subject: [PATCH 31/40] Revert "fix: regenerate ECDSA test flows" This reverts commit 90dd94c6e6158447e3ccef1faf666e1473b3f069. --- .../Client-TLSv10-ClientCert-ECDSA-ECDSA | 82 +++--- .../Client-TLSv10-ClientCert-ECDSA-RSA | 80 +++--- .../Client-TLSv12-ClientCert-ECDSA-ECDSA | 96 +++---- .../Client-TLSv12-ClientCert-ECDSA-RSA | 78 +++--- .../Client-TLSv13-ClientCert-ECDSA-RSA | 236 +++++++++--------- tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES | 74 +++--- ...rver-TLSv12-CipherSuiteCertPreferenceECDSA | 79 +++--- tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES | 79 +++--- tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES | 173 ++++++------- 9 files changed, 491 insertions(+), 486 deletions(-) diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA index 089e1c27..9de3f143 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 1b 4c 99 c4 d8 |....Y...U...L...| -00000010 fd 56 d0 bf 92 f3 5c a9 5d cc 67 83 08 a3 6f 8c |.V....\.].g...o.| -00000020 29 9b e7 4e c8 3c e8 db 94 3e 74 20 6a c3 8a f8 |)..N.<...>t j...| -00000030 c1 90 b1 6e 7c 48 0c f7 f3 d3 c9 2b c5 4f b7 c5 |...n|H.....+.O..| -00000040 77 01 91 37 3b 73 0a 45 f3 bb b9 36 c0 09 00 00 |w..7;s.E...6....| +00000000 16 03 01 00 59 02 00 00 55 03 01 94 1f ba 79 da |....Y...U.....y.| +00000010 4b 58 3e 08 2c c5 31 36 a4 7e 32 bf e1 a0 f7 71 |KX>.,.16.~2....q| +00000020 01 48 63 3c 5f cb 08 7a 25 80 c7 20 35 0c c0 8b |.Hc<_..z%.. 5...| +00000030 df 30 fc dc 3d f1 48 96 0d b6 ff a8 cd 35 29 57 |.0..=.H......5)W| +00000040 7d 3f c2 9d e2 32 b1 c2 4c 05 5e 3b c0 09 00 00 |}?...2..L.^;....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,18 +55,18 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 83 e3 |*............ ..| -00000280 b7 25 a6 bc 50 01 7d 8d 87 86 c0 e2 b5 5c e1 13 |.%..P.}......\..| -00000290 6f 5d 63 df 51 9b c8 10 02 23 5e fe 71 2b 00 8b |o]c.Q....#^.q+..| -000002a0 30 81 88 02 42 01 22 4f 80 96 a1 4d 97 59 cc 5a |0...B."O...M.Y.Z| -000002b0 17 0e e6 d1 9a 4d 21 f1 32 16 fa 11 4a 72 15 9f |.....M!.2...Jr..| -000002c0 b3 a8 e3 44 77 1e d7 87 77 2f 45 91 d1 aa 2a 16 |...Dw...w/E...*.| -000002d0 ab a6 f8 3c 1d 85 be e3 22 8c e2 2d 36 b3 53 76 |...<...."..-6.Sv| -000002e0 ef 38 92 8b e0 3b 3a 02 42 00 d4 64 67 7a f7 24 |.8...;:.B..dgz.$| -000002f0 91 f4 12 39 cd b2 2e ef 99 05 16 ed f4 ee 9a d8 |...9............| -00000300 ed f4 16 91 e5 7f 51 e0 0b bd e9 17 00 15 ce 61 |......Q........a| -00000310 2b 3d 93 5b 86 64 7a 07 b8 3b 52 2e c7 92 76 85 |+=.[.dz..;R...v.| -00000320 4d 6c 73 c3 90 39 05 b3 34 5c f3 16 03 01 00 0a |Mls..9..4\......| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 1a 74 |*............ .t| +00000280 c4 96 9e 65 45 9a 0a 01 7c ed 7b 51 01 d8 ba 5b |...eE...|.{Q...[| +00000290 3e 2f b1 4b 36 69 e8 47 75 7e 27 be b3 2f 00 8b |>/.K6i.Gu~'../..| +000002a0 30 81 88 02 42 01 cb 20 d9 1e ae 05 6f 1f 37 ce |0...B.. ....o.7.| +000002b0 dc 38 20 2f 8f 52 9a 92 f6 80 d6 f9 97 99 a5 8b |.8 /.R..........| +000002c0 6e 73 0b 95 a4 4e 82 67 bd 1a 34 d9 5c 4e b4 d7 |ns...N.g..4.\N..| +000002d0 35 e6 45 81 14 23 9c 4e 5a 4c 1b 93 fd 7f 43 18 |5.E..#.NZL....C.| +000002e0 db 54 4b e0 d1 d3 fa 02 42 00 ab 8e 34 d5 c2 04 |.TK.....B...4...| +000002f0 d0 a4 44 b1 b3 25 a0 af c8 80 b3 88 ae da b3 c6 |..D..%..........| +00000300 4f 57 ae 31 54 c6 d9 ee 4e 21 56 01 cc b9 6a e9 |OW.1T...N!V...j.| +00000310 e9 7e 62 2a 64 0e a4 a0 79 1e a3 64 52 70 b1 a5 |.~b*d...y..dRp..| +00000320 19 2c a4 6d 4b 3b a3 63 ed 56 2f 16 03 01 00 0a |.,.mK;.c.V/.....| 00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| 00000340 00 00 00 |...| >>> Flow 3 (client to server) @@ -106,29 +106,29 @@ 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 90 0f 00 |...._X.;t.......| -00000240 00 8c 00 8a 30 81 87 02 42 01 8a 8e 06 fa f4 46 |....0...B......F| -00000250 d0 b2 9c cd 1f 2b 06 fd 09 95 7f 6f 7c 04 a7 30 |.....+.....o|..0| -00000260 2c 66 a5 7e 73 2b c0 6c 8b f2 20 dd 4c 85 ff 52 |,f.~s+.l.. .L..R| -00000270 e6 e7 5f 33 00 1c 25 f2 d3 4f 72 76 db b0 d5 43 |.._3..%..Orv...C| -00000280 6a 0d 27 62 09 ac ac fc ce 88 0d 02 41 12 6a 56 |j.'b........A.jV| -00000290 22 d5 90 2f 11 7e f7 60 13 60 ac ed e2 92 b6 64 |"../.~.`.`.....d| -000002a0 ec 3b a1 1b 2d bc a0 e3 09 04 e8 aa 62 61 d4 c1 |.;..-.......ba..| -000002b0 40 4c e2 6b bb 21 54 86 c2 be 2b 92 7e ea 37 b4 |@L.k.!T...+.~.7.| -000002c0 53 69 b3 f2 aa 60 ff 98 d4 c8 20 02 4e 64 14 03 |Si...`.... .Nd..| -000002d0 01 00 01 01 16 03 01 00 30 c3 d2 64 60 85 3b a1 |........0..d`.;.| -000002e0 6d 42 e4 4a 6c 6a bb af 35 93 ef 9b 32 bf 6d bf |mB.Jlj..5...2.m.| -000002f0 00 62 28 df 6a 3c 98 6b a1 70 6f 3a b8 5a 6b 12 |.b(.j<.k.po:.Zk.| -00000300 39 0a 1d 19 19 23 dc ec 23 |9....#..#| +00000240 00 8c 00 8a 30 81 87 02 42 01 89 0f 43 df a8 34 |....0...B...C..4| +00000250 dd d7 c9 d4 2b 8d ec 29 77 7b 64 d0 0e 8c e8 2b |....+..)w{d....+| +00000260 e3 25 1c ed 0a 1b 05 e0 66 42 37 c0 e6 fa 3e 81 |.%......fB7...>.| +00000270 ec e1 06 99 f4 62 3f ea 55 79 ae 68 56 9e e3 3c |.....b?.Uy.hV..<| +00000280 83 ba 9b 1c 65 b9 eb a6 e7 f7 4e 02 41 61 2c 52 |....e.....N.Aa,R| +00000290 4c 48 92 b0 93 d8 31 58 c3 90 b0 e3 7d 55 94 fc |LH....1X....}U..| +000002a0 70 bf 18 42 51 73 d0 45 17 2e 0e 00 b0 12 76 0d |p..BQs.E......v.| +000002b0 35 78 cb fd 34 60 36 ff ed 19 ef 0a 1e 21 cc 4c |5x..4`6......!.L| +000002c0 9a ff a0 f7 cf 72 03 cd 00 bb 73 0d 1d e5 14 03 |.....r....s.....| +000002d0 01 00 01 01 16 03 01 00 30 69 76 1f 5b 81 5f 62 |........0iv.[._b| +000002e0 cf d5 d9 2c 19 71 80 d0 2a 97 8a 89 21 7f 6d 02 |...,.q..*...!.m.| +000002f0 b6 01 a4 ed fe 18 9f 34 ae 95 f6 a1 29 0b 9a 1c |.......4....)...| +00000300 04 b6 ce c7 d1 0c 5a b5 3f |......Z.?| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 8a d7 f6 ef 12 |..........0.....| -00000010 86 6c e0 74 18 34 3f 7d 00 68 51 61 b3 dd 54 71 |.l.t.4?}.hQa..Tq| -00000020 85 83 4a 93 1c 30 c4 d1 b3 95 1e 2f 07 71 ad 74 |..J..0...../.q.t| -00000030 f4 0a db dd c5 6b 9c ab fd 29 d0 |.....k...).| +00000000 14 03 01 00 01 01 16 03 01 00 30 7d 4b fc 73 20 |..........0}K.s | +00000010 e4 ac c4 39 15 79 e3 89 e1 24 ce 28 30 e5 f1 87 |...9.y...$.(0...| +00000020 cd c0 cc 39 a8 77 3b 06 a5 f9 b0 a1 3d 54 53 3b |...9.w;.....=TS;| +00000030 53 ec ac b2 ea 24 1b 2d 6a ef c3 |S....$.-j..| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 61 3e 6a 2d de 3e dd 38 d2 75 95 |.... a>j-.>.8.u.| -00000010 72 e0 41 d6 f9 c1 bc 1b 39 27 fe 87 a5 92 2c 82 |r.A.....9'....,.| -00000020 f8 1d a5 39 bc 17 03 01 00 20 63 1d d8 cb 60 da |...9..... c...`.| -00000030 15 b5 1c d4 fc cd ad fa b7 20 b5 35 06 9c 0d 42 |......... .5...B| -00000040 ae 49 ca 06 08 d2 78 1d 5b d5 15 03 01 00 20 d6 |.I....x.[..... .| -00000050 63 11 aa 85 16 5f b0 9a aa 53 7a a5 5f 2c 91 1a |c...._...Sz._,..| -00000060 ed 9b fa 6e 91 40 69 3f 0b ac 38 ba 88 86 5d |...n.@i?..8...]| +00000000 17 03 01 00 20 9d 57 d2 4b 5b 7e 7d 7c 28 f7 8e |.... .W.K[~}|(..| +00000010 00 0a b6 1c 3c 6b df 4d 06 c0 f8 db 86 2e 8f 8e |....>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 dd 2d ae ed be |....Y...U...-...| -00000010 f1 0a ed e3 79 e9 67 3a 93 11 82 8a 46 5b cb e1 |....y.g:....F[..| -00000020 22 cf 31 d6 9e 20 41 97 8b 2e f4 20 5e a2 d8 96 |".1.. A.... ^...| -00000030 f5 4e 3a cc 0d 80 c4 9a 39 3f 4f 4f 59 09 81 e8 |.N:.....9?OOY...| -00000040 e8 26 8f 03 7d 56 1b 38 19 da a6 4e c0 13 00 00 |.&..}V.8...N....| +00000000 16 03 01 00 59 02 00 00 55 03 01 97 0c 7e fc 7f |....Y...U....~..| +00000010 96 47 02 21 a7 19 45 a5 79 5c 5e fc c2 15 b3 fa |.G.!..E.y\^.....| +00000020 84 98 7d 67 65 c8 48 58 a1 5d 67 20 ad 2a c6 b3 |..}ge.HX.]g .*..| +00000030 a4 17 82 12 4a c5 97 af 12 6b 7d f6 9e 49 f1 38 |....J....k}..I.8| +00000040 d0 56 76 bc 81 23 ad 3a 3e 7f bc 2d c0 13 00 00 |.Vv..#.:>..-....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| -000002c0 aa 0c 00 00 a6 03 00 1d 20 cd d3 41 76 0e 8f d8 |........ ..Av...| -000002d0 f5 72 83 c9 01 fa 6a 4e 87 28 f7 e3 a1 d5 25 c6 |.r....jN.(....%.| -000002e0 b1 e9 38 38 6f 71 60 94 0a 00 80 c3 25 13 b1 95 |..88oq`.....%...| -000002f0 d7 ac 16 6e fc 5a 4e ed 00 b2 a3 d6 fd 96 16 c2 |...n.ZN.........| -00000300 e0 81 35 3d 68 3c 6f cf e1 bf de 62 c1 1c 50 c7 |..5=h>> Flow 3 (client to server) @@ -110,29 +110,29 @@ 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| -00000240 00 8d 00 8b 30 81 88 02 42 00 96 46 3e d4 ac 8b |....0...B..F>...| -00000250 9a 20 fc 93 72 b2 e6 e4 84 96 de 38 75 f9 4f eb |. ..r......8u.O.| -00000260 c1 9b 37 53 5a 0a fc 8d ba 13 78 df 71 e3 29 98 |..7SZ.....x.q.).| -00000270 73 1c 4c 5b df 85 ea 58 f9 36 df a4 37 a0 c1 20 |s.L[...X.6..7.. | -00000280 86 40 c7 6f 7e 12 37 f2 08 5f 1c 02 42 01 d7 ed |.@.o~.7.._..B...| -00000290 e3 85 07 17 91 a6 c7 1b 8e 15 66 9c 5e fd fa 55 |..........f.^..U| -000002a0 68 25 df 33 3e 18 d9 cc bb c5 d2 b8 7a 7c ff 13 |h%.3>.......z|..| -000002b0 f8 73 e7 d0 82 8f e6 ce 67 90 b2 cd 92 08 8d 0d |.s......g.......| -000002c0 7f f0 d8 0e 9c 8d 19 2d a2 17 d8 7f fc 06 fe 14 |.......-........| -000002d0 03 01 00 01 01 16 03 01 00 30 18 d1 d4 f6 9e b3 |.........0......| -000002e0 f6 6d 60 f9 4f 7f c3 57 80 c7 c5 53 05 a0 e6 68 |.m`.O..W...S...h| -000002f0 69 a0 dd da 70 f5 f7 ec 14 b6 3c fd 3b 6f a4 bb |i...p.....<.;o..| -00000300 48 62 64 6e fe b2 64 29 c2 93 |Hbdn..d)..| +00000240 00 8d 00 8b 30 81 88 02 42 01 71 f3 c4 3a 85 08 |....0...B.q..:..| +00000250 3b 18 26 48 5c 3f c3 8a 4f e9 d7 29 48 59 1a 35 |;.&H\?..O..)HY.5| +00000260 ee b3 0d 5e 29 03 1d 34 95 0e 40 73 85 13 14 d0 |...^)..4..@s....| +00000270 fb fb 96 77 21 fb d8 43 d7 e2 bf 2c 95 7b 75 5d |...w!..C...,.{u]| +00000280 59 15 81 71 d2 b6 82 96 d9 cc 78 02 42 01 d3 51 |Y..q......x.B..Q| +00000290 af 25 d0 f8 a4 e2 e7 8e 7e 46 56 53 8f d1 09 f6 |.%......~FVS....| +000002a0 76 88 5a 42 83 89 92 7b c7 e4 40 9c 3d 05 ac 43 |v.ZB...{..@.=..C| +000002b0 bf 6e 24 14 fe 36 f8 43 a6 90 8e a1 bd e2 92 84 |.n$..6.C........| +000002c0 60 e3 92 34 1c 7b 53 d5 57 6d 23 32 12 a8 23 14 |`..4.{S.Wm#2..#.| +000002d0 03 01 00 01 01 16 03 01 00 30 6f 06 c7 84 fa 7f |.........0o.....| +000002e0 c9 66 a9 6f 26 37 45 db 42 c8 8f 63 c3 5b 05 07 |.f.o&7E.B..c.[..| +000002f0 ef 07 41 be 71 60 35 d3 16 8f 92 f6 89 cb c7 dc |..A.q`5.........| +00000300 4e 45 61 99 31 45 66 40 36 86 |NEa.1Ef@6.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 37 62 9c ac 53 |..........07b..S| -00000010 e8 a2 86 25 5e 27 1e b3 27 f3 a3 35 b5 7a 9b 67 |...%^'..'..5.z.g| -00000020 16 44 5a b3 99 5e 43 5f 7f cd 86 36 de 0f 84 5c |.DZ..^C_...6...\| -00000030 1d a4 9f f9 9a d6 04 10 e1 bf dc |...........| +00000000 14 03 01 00 01 01 16 03 01 00 30 d3 83 ac 08 7f |..........0.....| +00000010 a1 91 51 7c b7 99 6f 24 cd b1 cd 31 7b 12 20 47 |..Q|..o$...1{. G| +00000020 66 08 22 f6 28 ea 81 fe 92 b5 c8 40 60 bc 5b 19 |f.".(......@`.[.| +00000030 e0 2b d1 26 fd 4c 12 22 c5 13 9a |.+.&.L."...| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 cf 98 d2 0c 84 93 87 74 b5 86 cf |.... .......t...| -00000010 0b cb 30 4f b3 af 3f c0 f7 2b 43 dc 55 e9 15 2c |..0O..?..+C.U..,| -00000020 00 77 ea fd 86 17 03 01 00 20 5a bb 1f 1c 17 75 |.w....... Z....u| -00000030 a6 6e 0b 3c 9f 84 91 34 67 91 e9 1d 8b 38 b2 81 |.n.<...4g....8..| -00000040 ca 62 d8 f4 11 92 d6 cb 88 c1 15 03 01 00 20 7f |.b............ .| -00000050 16 fc c2 1a f9 6e 7a a8 65 01 fc 9e 6a c9 4c 3b |.....nz.e...j.L;| -00000060 9e 21 ca b2 0e 06 96 a6 5b b3 b8 ce 32 cf 2a |.!......[...2.*| +00000000 17 03 01 00 20 79 06 89 7e e0 17 9a e3 dc 4c ee |.... y..~.....L.| +00000010 70 63 13 bc 27 f5 43 fa f8 90 49 d9 89 43 7a 15 |pc..'.C...I..Cz.| +00000020 d4 e2 a8 e6 3e 17 03 01 00 20 ea 84 0e 21 62 d5 |....>.... ...!b.| +00000030 ee 26 5e fc 3e 0c 83 3b 91 01 c4 a7 8e 9b c4 1a |.&^.>..;........| +00000040 86 f8 a0 44 21 44 2f 31 cf a1 15 03 01 00 20 c6 |...D!D/1...... .| +00000050 11 f1 65 ea f3 39 d1 d2 ac 95 1f 81 36 ae db b1 |..e..9......6...| +00000060 88 a8 42 25 86 ec 1b c1 7e 12 60 a9 6b 7f 66 |..B%....~.`.k.f| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA index f2271365..e40999fb 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 22 35 6a a3 f0 |....Y...U.."5j..| -00000010 d0 66 9d d8 2e 96 2e d4 8f d9 8e 34 05 4c 72 c9 |.f.........4.Lr.| -00000020 51 1b de 92 22 80 73 9e 92 9d c1 20 d7 8e 10 04 |Q...".s.... ....| -00000030 6e 42 26 b1 6a 3e fd 55 4e 72 e2 ca 83 f4 6d b4 |nB&.j>.UNr....m.| -00000040 a5 ba 05 86 96 1a 82 9d 2e 41 cc 84 c0 09 00 00 |.........A......| +00000000 16 03 03 00 59 02 00 00 55 03 03 08 a4 b1 ad 21 |....Y...U......!| +00000010 3a 60 7a d3 3b 60 67 48 5d de da ff 3f a8 55 a9 |:`z.;`gH]...?.U.| +00000020 c4 72 69 32 12 c1 d1 4e d4 78 e1 20 6e 9f ed 1e |.ri2...N.x. n...| +00000030 50 9a 31 e2 ae e2 6a f4 01 cc 94 21 25 73 f3 a5 |P.1...j....!%s..| +00000040 f6 28 b3 c6 6b c1 b3 2d fc 0c d3 66 c0 09 00 00 |.(..k..-...f....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,23 +55,23 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 c5 87 |*............ ..| -00000280 a9 c2 44 8a dc 1d 18 0b 18 36 de eb 47 41 8d 42 |..D......6..GA.B| -00000290 71 7e 32 e7 79 c0 f3 bf 20 f7 14 e1 9e 1f 04 03 |q~2.y... .......| -000002a0 00 8a 30 81 87 02 41 49 1e cd 5d 00 87 6b e4 01 |..0...AI..]..k..| -000002b0 f7 d6 02 87 ef a9 31 66 fe 0c c7 3c be 13 11 77 |......1f...<...w| -000002c0 ed 24 5c 96 85 02 5c 08 e0 90 d6 ed 05 f4 c5 da |.$\...\.........| -000002d0 dc 0c 86 0d 3a 0c 66 94 e6 ab 11 e4 1a cd 00 6c |....:.f........l| -000002e0 33 df 86 7f 4a f1 85 5c 02 42 01 c3 6a 4f 7a 89 |3...J..\.B..jOz.| -000002f0 6f 81 e0 bb 05 7e 4f d9 54 73 c2 4c 62 46 f9 cf |o....~O.Ts.LbF..| -00000300 05 b5 d8 37 14 9b 9d a6 25 a6 a8 83 96 52 31 99 |...7....%....R1.| -00000310 e4 d3 62 a0 bc 07 7a 9f e2 24 28 87 64 6a ab ba |..b...z..$(.dj..| -00000320 e1 3d c2 47 80 c0 f6 91 58 d1 fe 7b 16 03 03 00 |.=.G....X..{....| -00000330 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 06 |:...6...@.......| -00000340 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 |................| -00000350 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 |................| -00000360 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 04 |................| -00000370 0e 00 00 00 |....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 ec f3 |*............ ..| +00000280 2b 3b be 93 68 53 f2 ab 6c 97 5a fa 9b 8c bf eb |+;..hS..l.Z.....| +00000290 37 6f af d7 b8 02 f3 8c 0b f9 75 29 11 32 04 03 |7o........u).2..| +000002a0 00 8b 30 81 88 02 42 01 9d 90 aa b3 19 d2 9d cf |..0...B.........| +000002b0 92 c1 64 05 89 db d0 dd 80 f3 a4 7e 09 ec 36 22 |..d........~..6"| +000002c0 95 79 c4 36 0e 21 80 7d 4b 72 a5 38 a4 b0 a7 5f |.y.6.!.}Kr.8..._| +000002d0 fb ae f7 66 23 82 91 c2 f8 95 df 60 ce dc e8 1a |...f#......`....| +000002e0 3f 2b 2c fa 5e 58 67 98 78 02 42 00 fa 88 7f ae |?+,.^Xg.x.B.....| +000002f0 00 55 2c a1 c2 47 ed c8 11 74 64 e7 c6 30 63 fb |.U,..G...td..0c.| +00000300 bb 42 2a 02 9b 80 60 88 e7 3f af 17 a3 7f 1e f6 |.B*...`..?......| +00000310 31 9c 1f 8c 89 e5 a0 b1 01 2a 4e d8 d2 1e 9f 11 |1........*N.....| +00000320 f5 e3 35 38 3e b0 da 30 f1 fb ed e5 d1 16 03 03 |..58>..0........| +00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +00000370 04 0e 00 00 00 |.....| >>> Flow 3 (client to server) 00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -108,32 +108,32 @@ 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| -00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| -00000240 00 8e 04 03 00 8a 30 81 87 02 42 00 ee c5 6c ad |......0...B...l.| -00000250 d7 8b 47 1b 40 fd 40 fb 2b 29 b4 cb fa 47 c1 d5 |..G.@.@.+)...G..| -00000260 4d ed 6b c0 53 60 36 41 90 62 99 27 82 0e 25 4d |M.k.S`6A.b.'..%M| -00000270 ac 0d e8 dc f6 5a 04 60 0e 80 d8 23 12 bb 94 e4 |.....Z.`...#....| -00000280 43 14 2f 52 a8 91 32 f0 27 02 0d f2 62 02 41 75 |C./R..2.'...b.Au| -00000290 b2 83 f0 b9 9f 42 a6 59 f5 a5 88 75 e3 ef 58 da |.....B.Y...u..X.| -000002a0 49 f5 cb bd a1 90 79 c0 68 da ed a6 bd 85 f1 45 |I.....y.h......E| -000002b0 57 63 57 cb e2 10 b0 ee 31 29 87 e7 23 3a fb ad |WcW.....1)..#:..| -000002c0 5b 86 ea ae a8 ff bc 56 7d 56 e2 a5 51 e5 45 6a |[......V}V..Q.Ej| -000002d0 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -000002e0 00 00 00 00 00 00 00 00 00 00 00 b6 7e b6 a1 23 |............~..#| -000002f0 63 a9 91 17 ae 51 db 60 d0 e2 e4 1d 8e 26 48 70 |c....Q.`.....&Hp| -00000300 24 4a c8 ff 60 7a a4 6f 33 25 74 4a 5a ad b0 09 |$J..`z.o3%tJZ...| -00000310 ec 5c ca 1c cf 09 93 df 8b 3d 5c |.\.......=\| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| +00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 e6 0a ff de |......0...B.....| +00000250 af a6 d2 7a 5f 4e f8 eb c8 19 74 53 5c e8 bc 2d |...z_N....tS\..-| +00000260 72 24 11 d2 11 ec ec cd a1 9c 3d 10 a2 de f8 8b |r$........=.....| +00000270 22 98 d3 33 c2 13 3b 93 89 ae ca a6 a8 94 70 fe |"..3..;.......p.| +00000280 76 2f 04 bc ac fb 66 79 3b 76 7f 6d 96 02 42 01 |v/....fy;v.m..B.| +00000290 df f6 30 14 7c 7e a1 0b f6 b8 8b d7 75 b8 bd 0e |..0.|~......u...| +000002a0 63 8a bd 8b ec 75 70 db d9 37 d7 53 f3 8b a2 ae |c....up..7.S....| +000002b0 60 96 69 74 eb bb 3d a6 9a 7d 46 51 73 ff 78 cf |`.it..=..}FQs.x.| +000002c0 7f 49 d9 27 5e 9f f9 d2 11 cc 0e e4 dc 04 fe d5 |.I.'^...........| +000002d0 d2 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |...........@....| +000002e0 00 00 00 00 00 00 00 00 00 00 00 00 7a db 34 e9 |............z.4.| +000002f0 98 f8 c1 f0 38 c3 33 22 5c c3 45 b0 a3 10 3c 77 |....8.3"\.E...>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 b1 87 1a d0 f6 |..........@.....| -00000010 3b 6b cc 81 24 1d 27 3d 5e 6e a8 7e ed 32 d8 ed |;k..$.'=^n.~.2..| -00000020 a3 c0 57 66 26 2e 8a e9 24 22 b0 56 8d d8 c9 a7 |..Wf&...$".V....| -00000030 ae 80 67 e2 c5 60 0e 55 26 20 78 37 a8 87 a8 87 |..g..`.U& x7....| -00000040 26 b6 f8 85 c6 8c b6 42 64 9d dc |&......Bd..| +00000000 14 03 03 00 01 01 16 03 03 00 40 18 c0 f3 96 7b |..........@....{| +00000010 45 91 6d 5b 1c 67 4f 37 74 b7 db 72 45 57 09 25 |E.m[.gO7t..rEW.%| +00000020 4a 14 68 4d 78 6c c7 15 6a b1 57 e6 ff 53 c4 58 |J.hMxl..j.W..S.X| +00000030 41 c5 6b 08 3c 5a 8c b9 04 d0 27 62 ee a6 e3 36 |A.k.>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 aa 19 65 46 1a 58 51 a1 35 f5 33 |.......eF.XQ.5.3| -00000020 3c 1c 72 ee 73 17 cb c1 30 83 96 8c be 26 1e 7a |<.r.s...0....&.z| -00000030 7b cf bf 89 23 15 03 03 00 30 00 00 00 00 00 00 |{...#....0......| -00000040 00 00 00 00 00 00 00 00 00 00 dd 3d 04 95 40 6f |...........=..@o| -00000050 bd 71 1b 49 ab 8e eb 0c d7 48 1a 2f a8 04 d1 07 |.q.I.....H./....| -00000060 71 ba 00 92 cf 04 a0 26 b7 df |q......&..| +00000010 00 00 00 00 00 a6 c2 ef 07 bb 38 4a e4 8f 0c 12 |..........8J....| +00000020 19 1a 96 62 22 57 57 a2 b5 b3 06 70 95 28 a7 f7 |...b"WW....p.(..| +00000030 0d 42 69 37 7f 15 03 03 00 30 00 00 00 00 00 00 |.Bi7.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 04 ed 3e 68 40 eb |............>h@.| +00000050 a0 7e 57 da 27 e7 f5 e8 6c e5 6d 58 c8 a5 18 47 |.~W.'...l.mX...G| +00000060 92 5a 43 90 de 07 9e 9a 3b cc |.ZC.....;.| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA index deb7ebb4..f5fae453 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 eb 7d df bd 54 |....Y...U...}..T| -00000010 86 26 5f 81 d7 ff c8 93 39 4e 9a d1 3d 43 13 29 |.&_.....9N..=C.)| -00000020 4d a4 42 e2 af a6 2c 95 47 7e 09 20 24 fe df 24 |M.B...,.G~. $..$| -00000030 5f af d6 f0 ff 1a 04 31 4d 9e a2 fe 14 a4 e2 c1 |_......1M.......| -00000040 19 9f 81 9c 07 d2 7e 12 a6 40 43 e7 c0 2f 00 00 |......~..@C../..| +00000000 16 03 03 00 59 02 00 00 55 03 03 be ba ac 2a 81 |....Y...U.....*.| +00000010 33 b1 6e 4d 8b 9b 29 f9 16 86 bc cd b2 03 50 72 |3.nM..).......Pr| +00000020 91 9a 93 f9 e1 d6 27 55 8b b8 6c 20 84 c2 21 9e |......'U..l ..!.| +00000030 60 aa b3 f0 ec 2f 66 0d 59 31 02 08 9e 68 68 c0 |`..../f.Y1...hh.| +00000040 58 9a 8e 6c 25 ce 4d e3 3f 9d dc 91 c0 2f 00 00 |X..l%.M.?..../..| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| -000002c0 ac 0c 00 00 a8 03 00 1d 20 fb 00 5a 8a 6d 1b 84 |........ ..Z.m..| -000002d0 45 3e 25 b2 a7 e8 fb 2a 19 c6 21 2e 6a 3a c4 53 |E>%....*..!.j:.S| -000002e0 68 84 db 65 92 2d f0 ba 5e 08 04 00 80 23 e7 73 |h..e.-..^....#.s| -000002f0 42 fd 84 9c 83 7b 0a f4 8d e5 20 02 e8 00 b5 2a |B....{.... ....*| -00000300 71 d4 bb f9 99 54 c4 28 c5 85 4e f2 89 7c 29 3f |q....T.(..N..|)?| -00000310 a7 b7 46 b0 3b 0a a2 21 dd a4 8b 7f b1 0b 6a 5c |..F.;..!......j\| -00000320 2e 5f 4a fb b8 1b fa 28 ae 43 a0 0b 95 c4 09 7a |._J....(.C.....z| -00000330 5b 32 b0 d4 56 cc d2 a7 3a 70 f0 28 77 76 a3 6a |[2..V...:p.(wv.j| -00000340 08 90 59 86 32 e5 c8 1b bf 36 fb 84 aa dd 50 dc |..Y.2....6....P.| -00000350 e6 f5 c9 31 76 7c bf 7c 85 7b 6d 66 33 4e 22 10 |...1v|.|.{mf3N".| -00000360 ab 56 71 91 6a 9e 32 3d be 37 81 80 34 16 03 03 |.Vq.j.2=.7..4...| +000002c0 ac 0c 00 00 a8 03 00 1d 20 82 89 54 65 64 97 8d |........ ..Ted..| +000002d0 e8 63 a2 5b 4f 16 56 7c cf 8b 0a 75 46 52 7e b6 |.c.[O.V|...uFR~.| +000002e0 99 2a e9 52 1f 11 46 85 36 08 04 00 80 cd a5 84 |.*.R..F.6.......| +000002f0 ff 9a 79 b5 04 85 88 fb 1e 1c d6 6b 78 e8 4d a5 |..y........kx.M.| +00000300 10 38 25 8e 8d de 71 51 b5 fd a6 2a f8 8b 5c 6d |.8%...qQ...*..\m| +00000310 1e 88 f7 d8 12 24 ff f7 7e dd 05 1c bf 71 7d 4f |.....$..~....q}O| +00000320 26 2f 2e 27 d8 e1 a8 8b d2 42 2b a6 d9 4e e6 60 |&/.'.....B+..N.`| +00000330 48 57 38 5d 3b f3 94 74 2c 8f ba e0 84 54 1c c0 |HW8];..t,....T..| +00000340 10 51 a0 31 1a d0 ec 72 01 f1 d3 65 73 c7 40 25 |.Q.1...r...es.@%| +00000350 af cd 10 18 29 2c 1a 52 e0 c9 a6 de 85 8c 96 e6 |....),.R........| +00000360 7d 85 0a 64 86 59 39 25 8f 8c 36 4c 37 16 03 03 |}..d.Y9%..6L7...| 00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| 00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| 00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| @@ -112,28 +112,28 @@ 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| -00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| -00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 a5 1b 33 65 |......0...B...3e| -00000250 45 b5 71 a0 c4 c8 45 7a 17 9d fa c3 b9 7f 30 38 |E.q...Ez......08| -00000260 e0 d7 37 53 39 99 ee a9 21 a2 4c 6b b8 c8 45 33 |..7S9...!.Lk..E3| -00000270 eb f8 8c d9 a0 72 8f 2b 9d 7b ea 56 0f 63 d1 40 |.....r.+.{.V.c.@| -00000280 57 05 ae e4 cc 03 10 20 5a 37 1a 87 f6 02 42 01 |W...... Z7....B.| -00000290 a3 59 4b c7 e4 99 88 20 ff 5d d7 07 ac ad 26 3b |.YK.... .]....&;| -000002a0 06 f6 14 23 c9 bd 3f b4 ac 78 57 14 41 6f 14 55 |...#..?..xW.Ao.U| -000002b0 82 2d 6b a1 52 f2 c8 09 1f 61 a8 3e 6b 4b 1f 27 |.-k.R....a.>kK.'| -000002c0 34 e1 82 82 28 71 8d 78 1c d2 d0 09 06 1b bd 80 |4...(q.x........| -000002d0 17 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 |...........(....| -000002e0 00 00 00 00 ba 74 37 f0 99 70 8f 1a 60 05 8c ef |.....t7..p..`...| -000002f0 19 48 9d a6 7d 0b 4a c5 e4 90 67 87 ec 13 5e 07 |.H..}.J...g...^.| -00000300 5a 4c a3 1f |ZL..| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| +00000240 00 8e 04 03 00 8a 30 81 87 02 41 72 16 75 7d 08 |......0...Ar.u}.| +00000250 42 7b 33 e7 59 51 ef 3c 54 e7 81 e4 10 31 ab 5d |B{3.YQ.>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 28 bc 78 d9 5f 15 |..........(.x._.| -00000010 2f c7 50 12 74 0a 47 f0 57 21 cf 64 d2 0b 63 8e |/.P.t.G.W!.d..c.| -00000020 f6 e7 88 1f b9 02 36 0e fe 71 bd 90 37 ac 42 8c |......6..q..7.B.| -00000030 77 19 84 |w..| +00000000 14 03 03 00 01 01 16 03 03 00 28 b8 e9 dd 30 75 |..........(...0u| +00000010 40 7d 71 76 db 9a 95 92 81 02 3a 9e 36 d5 15 ca |@}qv......:.6...| +00000020 5d 63 a1 0f 8c 53 c9 1c 37 56 b2 0d 54 15 a2 dc |]c...S..7V..T...| +00000030 03 d6 2e |...| >>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 35 db 8b |.............5..| -00000010 ec 5b 2e 53 c2 8f c5 f1 bd fd af 8d 04 13 9d 21 |.[.S...........!| -00000020 39 b5 e8 15 03 03 00 1a 00 00 00 00 00 00 00 02 |9...............| -00000030 f1 53 f5 c9 6c 9d 02 1e b9 32 b4 a0 cd 0d fc 7f |.S..l....2......| -00000040 27 11 |'.| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 01 85 96 |................| +00000010 67 b2 4b d3 e3 27 80 9f 2d a8 f4 bf 47 91 58 6e |g.K..'..-...G.Xn| +00000020 47 d8 98 15 03 03 00 1a 00 00 00 00 00 00 00 02 |G...............| +00000030 36 54 82 d1 a2 0f 2a c3 53 f6 09 d0 5c 78 46 97 |6T....*.S...\xF.| +00000040 20 41 | A| diff --git a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA index d0ece882..c8e95c85 100644 --- a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA @@ -16,124 +16,124 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 7a 02 00 00 76 03 03 49 e7 57 9a 7a |....z...v..I.W.z| -00000010 40 ce da fd 82 83 32 c4 76 7a 41 04 9c ed ff 3d |@.....2.vzA....=| -00000020 90 f5 75 e5 b0 24 c8 cf 05 c6 46 20 00 00 00 00 |..u..$....F ....| +00000000 16 03 03 00 7a 02 00 00 76 03 03 98 9a 92 3f c6 |....z...v.....?.| +00000010 67 f5 96 5b 2f 5e 70 89 2d f6 1e ce 6f 6a e5 91 |g..[/^p.-...oj..| +00000020 4b 4b 6f 98 cc f7 78 4a b1 54 4a 20 00 00 00 00 |KKo...xJ.TJ ....| 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| -00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 8f |..+.....3.$... .| -00000060 5c ab 47 e0 ae 56 b8 0e 70 7a f8 96 fb 00 3f e4 |\.G..V..pz....?.| -00000070 2b 84 17 a4 d5 b0 d3 6c d1 b0 74 b1 ed df 0e 14 |+......l..t.....| -00000080 03 03 00 01 01 17 03 03 00 17 33 62 49 6f 53 cf |..........3bIoS.| -00000090 b1 27 f4 f8 06 2d ac 51 1f a5 3e d2 05 f4 1f 5e |.'...-.Q..>....^| -000000a0 a4 17 03 03 00 42 fc 30 15 29 ad 07 b6 75 98 3c |.....B.0.)...u.<| -000000b0 33 3c a8 f6 cb 32 77 e7 74 5d 88 e8 5a ff d3 80 |3<...2w.t]..Z...| -000000c0 c4 00 ff a9 84 11 79 aa ac ff c8 19 73 6f b3 1e |......y.....so..| -000000d0 ee 11 18 e0 ae 77 b3 b8 b3 75 b9 fa 0a ca 68 df |.....w...u....h.| -000000e0 34 0f 10 9e 9e eb 18 fa 17 03 03 02 6d d7 58 4b |4...........m.XK| -000000f0 30 9b c8 b8 3a 3d 5b 1e 67 48 18 1b 38 b4 b6 6d |0...:=[.gH..8..m| -00000100 d6 c1 7d 2a ee 9b 83 64 3d 73 a5 4d ba 1e 82 86 |..}*...d=s.M....| -00000110 51 a8 da 3e 6f 97 82 83 50 d1 04 30 a7 ee d0 6b |Q..>o...P..0...k| -00000120 3b c0 08 23 46 b2 f9 80 9f 03 f6 1e e7 60 4a 3b |;..#F........`J;| -00000130 36 18 37 55 06 f2 f5 a3 d6 35 64 6e 9f 66 8a f2 |6.7U.....5dn.f..| -00000140 57 5b 3e ea af 39 64 12 26 05 63 7e 4c bd 27 11 |W[>..9d.&.c~L.'.| -00000150 9c bb 41 b6 7f 27 80 9f fe 93 4f 5c 5e 0f f8 b9 |..A..'....O\^...| -00000160 dc 30 6e b4 65 5a be 61 08 bf 50 f4 6d 1c f3 61 |.0n.eZ.a..P.m..a| -00000170 f0 6f 8f 16 0a 46 6c f2 51 1b 3c 64 64 8b 37 94 |.o...Fl.Q......| -00000240 91 ee 60 96 ba 3b d2 fb 73 68 c2 0c c9 53 4a 40 |..`..;..sh...SJ@| -00000250 18 28 bb 4c c8 97 83 35 6d df 75 2a 90 f7 3b 16 |.(.L...5m.u*..;.| -00000260 08 b9 78 6b bb da 18 2e 65 fe 4f 02 85 f0 31 9f |..xk....e.O...1.| -00000270 2e 6b fe 5e e6 30 c9 a9 95 d0 3c 20 06 de 18 6d |.k.^.0....< ...m| -00000280 13 d7 78 d7 2f bc 2e 99 3e 43 91 9f ef 67 29 04 |..x./...>C...g).| -00000290 88 f2 f3 99 01 50 d8 71 de 59 5c 3a 8a de 59 07 |.....P.q.Y\:..Y.| -000002a0 4d c0 d0 00 2c b6 d8 65 10 d9 37 a4 6c e8 91 d7 |M...,..e..7.l...| -000002b0 53 16 73 46 e6 74 88 c2 d7 1e 86 b9 a3 f1 57 37 |S.sF.t........W7| -000002c0 ec 19 e0 a9 af 2c a6 c2 fa 9b 2e f2 9c e0 72 6f |.....,........ro| -000002d0 d5 1c 76 50 b0 63 10 27 db 65 ca bf dc e6 f6 8e |..vP.c.'.e......| -000002e0 07 de 50 1a e7 fa 59 0d 81 51 de af 87 23 9f 0b |..P...Y..Q...#..| -000002f0 4e 72 00 bb ca ad c5 e4 b4 e1 61 34 14 d4 55 13 |Nr........a4..U.| -00000300 89 30 1a ee 0d 69 c6 04 a5 65 9d d9 63 78 1e cb |.0...i...e..cx..| -00000310 3c 8e 60 dd f8 0d 15 89 82 cc c1 aa 09 7f e8 a7 |<.`.............| -00000320 9b 4d d4 55 02 3b 97 79 28 55 6c 49 7b d3 b1 2b |.M.U.;.y(UlI{..+| -00000330 6e 42 ba 85 0c 9f 58 36 22 49 85 13 7d 23 72 0b |nB....X6"I..}#r.| -00000340 8c 35 0a 76 f5 2b 3a eb 33 d3 ac 1f 24 d4 f5 64 |.5.v.+:.3...$..d| -00000350 4f 36 6c ce 71 77 48 11 d3 67 17 03 03 00 99 95 |O6l.qwH..g......| -00000360 8d bd 37 34 e3 dd 4d ea 36 29 b4 6a 45 f1 5b e5 |..74..M.6).jE.[.| -00000370 d2 99 f5 a9 8d d2 80 1e 17 6d 2d 33 c8 11 8a 3e |.........m-3...>| -00000380 3d e2 58 3e 4b da aa d0 45 1f 1a 67 3c 53 7e c2 |=.X>K...E..g.)..t| +000000e0 d1 37 68 9b 8a b6 8d 2b 17 03 03 02 6d d1 1b 9f |.7h....+....m...| +000000f0 75 ba cf 2d 10 4b f0 4e 09 58 fa ff 06 e8 c9 d5 |u..-.K.N.X......| +00000100 a0 51 c8 d4 6f b2 c5 c1 d5 f3 ff 12 1f 43 d8 74 |.Q..o........C.t| +00000110 33 d9 9b e5 f3 34 26 0e 89 dc 00 54 67 17 d2 f3 |3....4&....Tg...| +00000120 c9 9e be f8 4c 77 8a 63 b1 64 5a b4 d7 57 d2 89 |....Lw.c.dZ..W..| +00000130 ce 68 d1 f7 93 01 6c 36 b7 c9 4d 50 d0 4b df 5e |.h....l6..MP.K.^| +00000140 8a bb 6c d9 54 57 9b b9 c9 ec d8 49 c7 51 3c e5 |..l.TW.....I.Q<.| +00000150 7b fb 48 0f fd 1b dd 0f 57 d3 a8 ee f6 51 ba 78 |{.H.....W....Q.x| +00000160 c0 60 f1 d9 c1 d2 65 b4 a7 98 99 fb 64 83 4c 2c |.`....e.....d.L,| +00000170 a6 e9 19 ef 0e 88 68 f8 21 a4 2b bd 95 e9 52 d5 |......h.!.+...R.| +00000180 fb 12 d3 36 06 a2 13 f9 e2 35 6a 06 dd 49 d9 42 |...6.....5j..I.B| +00000190 89 d9 f0 24 5c 36 b8 6d 95 35 21 b3 9c 3b ee 08 |...$\6.m.5!..;..| +000001a0 06 06 4d aa 74 eb fc 1b c1 fd cf 07 24 74 44 2d |..M.t.......$tD-| +000001b0 54 d5 c5 d3 4e c4 eb 09 6e 90 8f 3d c0 c5 1c 21 |T...N...n..=...!| +000001c0 7c 32 1b bc 4b 85 2b f0 b0 f5 cd 61 3d dd 31 03 ||2..K.+....a=.1.| +000001d0 5e e0 5e 06 1a 37 61 1a 58 fa ed e8 cf 0c 4f da |^.^..7a.X.....O.| +000001e0 73 69 42 3a f4 ed dc ad e5 e7 9b fd 54 16 77 85 |siB:........T.w.| +000001f0 ae 84 41 10 be 84 ad 28 ef e6 13 2a e9 9f 9f 2f |..A....(...*.../| +00000200 c5 d0 65 c6 f5 58 b3 39 9b 5e 07 ba 95 be 5e 75 |..e..X.9.^....^u| +00000210 68 17 ba 9d 2a 69 6d b8 ed d4 4b 6a ce 30 b1 82 |h...*im...Kj.0..| +00000220 ae ec 68 9a 26 13 6b 05 38 0f 38 c9 94 01 d0 0b |..h.&.k.8.8.....| +00000230 7b bb ca 70 86 6c e4 f1 eb 81 05 25 33 c0 3e e3 |{..p.l.....%3.>.| +00000240 2a 25 8e 32 eb d5 03 c7 c4 d8 22 22 ef 99 5a a3 |*%.2......""..Z.| +00000250 01 6a b5 65 9a 55 6e fb 84 83 aa 43 ae 4a 3e da |.j.e.Un....C.J>.| +00000260 40 7e 09 e1 3b 15 ad 33 66 5a 3d 30 62 72 86 54 |@~..;..3fZ=0br.T| +00000270 cd a2 6a bf 82 61 17 87 84 c5 3f f3 1e 86 a2 b1 |..j..a....?.....| +00000280 2c 1a f9 ba 8c a2 21 5b 93 b2 16 b4 81 ae 7d 98 |,.....![......}.| +00000290 d6 db 0a 56 14 c9 f7 48 c1 c7 3c 7e 63 8e bc 50 |...V...H..<~c..P| +000002a0 6a 64 e1 1d 04 ba d3 cc 6a 61 60 4b d2 97 d5 ba |jd......ja`K....| +000002b0 23 1a 69 76 86 db 96 39 04 f6 ec e9 96 79 6a 25 |#.iv...9.....yj%| +000002c0 ff 39 dd 19 08 34 4d c3 f6 7c 91 f2 6b 3a e1 0f |.9...4M..|..k:..| +000002d0 66 6d 14 5d 82 21 0b e3 e0 c3 f1 a1 70 e1 2c bc |fm.].!......p.,.| +000002e0 fb 54 aa 85 3c a0 7c 9a 35 00 e2 a1 4f 83 3e f1 |.T..<.|.5...O.>.| +000002f0 64 83 ab c5 e6 31 c7 00 eb 36 f1 bc 41 f3 eb d4 |d....1...6..A...| +00000300 97 30 4d 7f d2 d1 e7 1a 9e a2 53 31 35 6a 16 d1 |.0M.......S15j..| +00000310 65 be d7 d3 93 2a be d2 27 dc 1b 8c 09 16 30 d4 |e....*..'.....0.| +00000320 cb eb e0 bb 42 50 ff 59 c3 81 81 36 88 09 c2 23 |....BP.Y...6...#| +00000330 dc dd 80 63 bb 78 19 6b 6a 70 4b b5 17 bf ed 6c |...c.x.kjpK....l| +00000340 58 f1 15 a9 16 66 c8 45 f5 5f 99 05 b1 3b be e6 |X....f.E._...;..| +00000350 66 d7 45 df 19 16 9d c7 dd 4d 17 03 03 00 99 38 |f.E......M.....8| +00000360 70 9e 16 94 07 67 7c ce 90 67 99 46 5e d9 61 b5 |p....g|..g.F^.a.| +00000370 9b b8 31 fc cc 80 a3 07 30 c9 f5 f9 90 fb e2 0d |..1.....0.......| +00000380 dc 93 ab de 38 25 83 f8 77 0c 94 53 75 68 c7 71 |....8%..w..Suh.q| +00000390 72 6f 61 77 a7 d7 c7 ed 5c d3 08 18 9f 64 f4 6e |roaw....\....d.n| +000003a0 30 dc 05 b1 65 11 79 08 66 34 8c 06 99 a9 00 26 |0...e.y.f4.....&| +000003b0 86 2c e4 b5 6d cf db b1 03 f0 d0 c5 c0 f5 50 04 |.,..m.........P.| +000003c0 f7 27 97 3e 31 19 aa a8 58 c4 78 43 a9 e3 76 0d |.'.>1...X.xC..v.| +000003d0 98 88 20 07 11 4c d6 8a 66 31 72 2e ed 47 66 71 |.. ..L..f1r..Gfq| +000003e0 9a 3e 9c 0d 1c 17 df ab 6a 52 b4 43 a6 c2 64 30 |.>......jR.C..d0| +000003f0 45 08 b8 de 59 be 3a f9 17 03 03 00 35 94 9b 02 |E...Y.:.....5...| +00000400 47 a6 e3 55 9f 95 8a 8d 35 3b bb 56 ec 10 ab dd |G..U....5;.V....| +00000410 a3 ca fe ad bf 25 90 76 c4 15 a0 c0 73 d5 96 96 |.....%.v....s...| +00000420 44 bc ba e9 09 f5 8e e7 e7 7d db f2 e7 9f 99 d2 |D........}......| +00000430 dc e7 |..| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 02 1e 31 90 3b bb 10 |...........1.;..| -00000010 9e ff 8b 88 b5 c5 fb 2a 4d 58 cb 60 ca 89 8a e8 |.......*MX.`....| -00000020 19 e1 23 04 01 ed 04 2b 26 45 8d ca 27 f4 de 39 |..#....+&E..'..9| -00000030 ca 91 7f e8 fc 7f b5 0e 71 65 3c 2c 35 9e 14 2a |........qe<,5..*| -00000040 61 79 64 8f 57 0e b2 4e 9f 1c b1 ee 42 88 dd d5 |ayd.W..N....B...| -00000050 63 4c 63 8b e2 51 7e b0 05 38 27 a3 3d 8f 6e 6c |cLc..Q~..8'.=.nl| -00000060 ef 8e 7a 45 b5 06 cc fb 1c 8e 75 97 cd 9a 70 3f |..zE......u...p?| -00000070 13 cb 9e e5 7d 95 80 4e ed dc 8a 2e e0 f6 b2 da |....}..N........| -00000080 9e f4 98 c2 f7 04 6f 62 19 16 57 24 18 de 70 04 |......ob..W$..p.| -00000090 6f c9 93 28 95 95 2d c0 c8 ed 8a f0 17 d9 fe 90 |o..(..-.........| -000000a0 81 60 10 2a fd 88 23 39 4d 8e c4 74 83 76 c8 64 |.`.*..#9M..t.v.d| -000000b0 20 36 f2 e8 27 b0 44 94 19 88 2e 96 66 70 fc 96 | 6..'.D.....fp..| -000000c0 b1 2e 4c 04 9b 9f 10 bf c2 52 d7 42 44 c0 83 da |..L......R.BD...| -000000d0 cf 20 ab 5b 80 f9 ee 1d 56 f9 ef 28 15 6a c2 92 |. .[....V..(.j..| -000000e0 dc 8d c3 1a fd be 93 9b 67 55 5d c7 1c d3 1a e1 |........gU].....| -000000f0 d7 9a b0 51 85 83 1a 37 3f 6c 98 04 73 54 d4 12 |...Q...7?l..sT..| -00000100 7e af 5f b2 08 56 25 0d f1 51 73 91 c8 ef 41 ca |~._..V%..Qs...A.| -00000110 5f 4d 9e 2b bb c7 55 d0 98 72 f8 2b d7 6b d9 09 |_M.+..U..r.+.k..| -00000120 73 96 56 e9 6a 9c d6 b2 1f c0 0e 16 ef 48 bb 0f |s.V.j........H..| -00000130 e0 da 90 19 9e e0 b2 eb be 9b 69 e7 81 de b9 ea |..........i.....| -00000140 80 49 ce be 05 9d a9 ba d6 86 00 58 00 58 87 a5 |.I.........X.X..| -00000150 b6 c6 a5 55 05 7d 8b 24 09 ab fb f1 63 91 90 f3 |...U.}.$....c...| -00000160 29 5c 7c 6c 65 0b b9 12 63 75 a7 f7 56 ea a9 cd |)\|le...cu..V...| -00000170 34 70 74 02 33 2e 93 6e 21 d0 7d 74 ef a1 50 2b |4pt.3..n!.}t..P+| -00000180 88 22 fc 60 b2 e1 3e a3 c3 b8 42 ab 00 0a 98 bb |.".`..>...B.....| -00000190 4b d9 78 a1 ae 34 71 df 9e 04 4e 3b be 46 e0 90 |K.x..4q...N;.F..| -000001a0 c9 b5 a4 69 d7 65 7d 55 8a e1 90 85 8c f0 88 5e |...i.e}U.......^| -000001b0 fa 2e b7 f6 63 52 1f 29 bf 2b 9a 1e ac 9c a1 04 |....cR.).+......| -000001c0 5b 9a 08 14 10 11 ad 12 62 01 49 d5 26 9a 65 3c |[.......b.I.&.e<| -000001d0 e7 af dc 93 f5 7e 32 51 74 4b de 32 30 91 5d b1 |.....~2QtK.20.].| -000001e0 8b 45 cc a3 ff f0 25 be a4 7c 0b da 0c 42 27 c7 |.E....%..|...B'.| -000001f0 a8 bf 08 6c e3 66 8a 9f 62 e2 fb 71 11 57 4b b7 |...l.f..b..q.WK.| -00000200 fb 5c fb e3 3a c5 f6 92 dd cd 1d d7 11 61 da 9b |.\..:........a..| -00000210 01 13 cc 79 0d c2 14 fd b5 1e ee f0 b0 37 a1 9d |...y.........7..| -00000220 21 67 b3 c6 a7 5a eb 02 4e 17 03 03 00 a4 d0 6f |!g...Z..N......o| -00000230 b4 2a 8a db 3a 5e d3 cf c0 00 a9 f3 e3 6c c4 43 |.*..:^.......l.C| -00000240 d4 f1 9d f0 be 1d c2 22 5e 9a 10 0a 30 05 18 56 |......."^...0..V| -00000250 94 bb 95 f4 33 05 30 8b 1f 63 ba d2 df dd f6 9d |....3.0..c......| -00000260 41 d8 74 43 12 57 ab 20 62 1e 0c 68 a1 43 68 6f |A.tC.W. b..h.Cho| -00000270 ef 5f bf f8 d2 cf 8c d0 01 e3 df 1d 4a d2 c9 a8 |._..........J...| -00000280 0b eb 24 bf 74 9d f1 ac 0d 5a ce 7b 18 cf 9b bc |..$.t....Z.{....| -00000290 ef fe 5b 9f e5 6c 16 2d 85 4f 2f 21 3b 55 c5 e3 |..[..l.-.O/!;U..| -000002a0 6c b9 a3 50 74 d6 75 46 58 7c 60 c4 a2 1a 32 ba |l..Pt.uFX|`...2.| -000002b0 48 e6 62 db 93 57 4a 47 8e c0 91 44 d8 a8 50 d0 |H.b..WJG...D..P.| -000002c0 a0 1d 80 0a b0 54 d4 c2 f4 c1 0d b0 5b eb 4a 6e |.....T......[.Jn| -000002d0 b3 59 17 03 03 00 35 da 2f c1 1d 24 90 21 c7 0a |.Y....5./..$.!..| -000002e0 e5 f9 70 b5 93 7f 52 95 7f 1d 1a 48 7e 6e 6b 1d |..p...R....H~nk.| -000002f0 ac 44 95 8a 4a f4 f8 3f b0 68 0d 88 b0 f6 be 1b |.D..J..?.h......| -00000300 53 f6 c9 2a bc b7 c9 4a 9c 67 ab cb 17 03 03 00 |S..*...J.g......| -00000310 17 68 93 00 49 89 49 36 d6 1b 1b 59 78 23 16 1a |.h..I.I6...Yx#..| -00000320 82 44 23 e7 99 28 a1 ee 17 03 03 00 13 7f f4 b6 |.D#..(..........| -00000330 ad a5 f6 b0 1e ba 90 de f4 8a 9e 67 02 2d 54 1a |...........g.-T.| +00000000 14 03 03 00 01 01 17 03 03 02 1e 64 ba 97 ba 8d |...........d....| +00000010 3f 1b d5 5b c5 2e e5 b9 10 01 37 c9 5c e5 ed 39 |?..[......7.\..9| +00000020 7f 9c 8b f8 ef 50 64 5e 30 05 16 ac 80 51 96 78 |.....Pd^0....Q.x| +00000030 2a 50 0f 1e d8 76 ab fd bd 7f 3b 17 7e 1d e9 f5 |*P...v....;.~...| +00000040 03 76 1b 66 3d 15 dc f3 65 a2 aa a9 23 89 09 e9 |.v.f=...e...#...| +00000050 dc de a6 27 fc 21 d9 97 d4 08 05 9a 1c 49 8c ee |...'.!.......I..| +00000060 fc bd f1 9f e2 4e 3a e3 ee 07 39 d0 34 05 cb 18 |.....N:...9.4...| +00000070 83 2b 68 45 df 84 4b b2 c3 79 42 73 b9 f1 1c f2 |.+hE..K..yBs....| +00000080 5f d9 5c f5 7c 4e 86 5e 97 78 ea 0a fa e7 60 68 |_.\.|N.^.x....`h| +00000090 80 c3 17 5f e7 92 9d 6e 9a 92 37 84 92 4b 83 9c |..._...n..7..K..| +000000a0 fa 4c 2a 82 23 eb 67 d0 b2 cc 9e 59 8f 2c e7 bc |.L*.#.g....Y.,..| +000000b0 b3 4f 2a 0c 93 bf 17 b8 48 70 5e 0a 85 92 6d 2a |.O*.....Hp^...m*| +000000c0 ac 81 9e cd 2c 59 fc a7 e3 5b 82 d5 e3 f5 cd c2 |....,Y...[......| +000000d0 8a 68 b8 e9 36 e2 08 0b f7 09 9c 17 95 a3 5e 3d |.h..6.........^=| +000000e0 ef 7c c6 5c fe 32 9e 9d 31 c9 b7 76 5a 71 c3 d7 |.|.\.2..1..vZq..| +000000f0 cd e3 c6 70 e5 2f 07 df 1d b4 34 56 0b ed 52 13 |...p./....4V..R.| +00000100 bc b2 ac 66 0c 84 b0 2e 32 93 08 f2 04 91 8e e3 |...f....2.......| +00000110 7b 7f 22 2a a9 04 50 5c 78 f1 06 c5 fd 2c 4c 77 |{."*..P\x....,Lw| +00000120 a9 17 b5 a8 42 6d f2 0e 87 32 d3 7f be 9e 1d 09 |....Bm...2......| +00000130 50 10 25 9d f1 a5 25 c3 c2 be 0d 8d 8e 96 5e 1c |P.%...%.......^.| +00000140 83 06 45 bc f0 5b 6f b5 0a 02 2a cc ce ac 7e 62 |..E..[o...*...~b| +00000150 f0 b1 89 25 30 bc 12 d2 da f9 1d d0 46 55 97 4c |...%0.......FU.L| +00000160 09 39 e1 a5 1f 4d e1 aa bd 6f 1f 0d 79 4a aa 49 |.9...M...o..yJ.I| +00000170 73 25 dc a5 bd f7 2b 64 3c 84 ed b0 ef 13 c5 6c |s%....+d<......l| +00000180 16 8b 27 bf a5 3d 15 f2 4a 3b 53 ad ba e9 9e 2a |..'..=..J;S....*| +00000190 6d f2 44 5c 66 69 04 94 27 99 08 8e c2 7e c6 69 |m.D\fi..'....~.i| +000001a0 f7 65 1d 0b a5 8c 35 52 0b f1 bd 59 ca d1 bf 44 |.e....5R...Y...D| +000001b0 47 b0 7b f8 3b a0 84 55 73 c2 83 bb 9d e0 bc ed |G.{.;..Us.......| +000001c0 60 07 32 ce 71 b3 60 12 ef ca 28 bb 6c fb bb c7 |`.2.q.`...(.l...| +000001d0 3e eb 05 65 a5 26 1a 6c 40 c8 b4 4e 31 12 a0 96 |>..e.&.l@..N1...| +000001e0 19 66 86 f5 1e f8 bd 6d f4 2e 98 60 fe ff 22 1e |.f.....m...`..".| +000001f0 a9 27 49 87 77 7d b4 5d ea f8 bc 3a 10 15 84 8c |.'I.w}.]...:....| +00000200 cd aa 2c e8 94 93 a5 ee db 7a d8 96 e9 d5 68 e9 |..,......z....h.| +00000210 34 68 40 5b dd 18 dc f0 ef b7 17 72 fd 06 70 d1 |4h@[.......r..p.| +00000220 b6 89 ae 66 40 40 f7 61 0b 17 03 03 00 a4 26 c1 |...f@@.a......&.| +00000230 3c d9 6c 83 52 e3 5e 64 46 7f 12 1d 3d c7 7d 0f |<.l.R.^dF...=.}.| +00000240 a9 8f d3 45 f5 81 46 16 24 c6 c3 7e 5f e4 25 be |...E..F.$..~_.%.| +00000250 00 33 7a 1c 35 d4 5c 64 54 56 08 66 4d 2f 68 15 |.3z.5.\dTV.fM/h.| +00000260 1b 71 d9 aa c9 9e e0 cc d2 73 a9 99 41 9b 08 1f |.q.......s..A...| +00000270 d4 41 de e5 4f 1f 30 65 61 02 8e 6f 79 d7 47 86 |.A..O.0ea..oy.G.| +00000280 2f e6 0e 65 9e 06 e8 98 d1 fe bc 89 b4 bc f4 9b |/..e............| +00000290 70 02 06 e4 9d 37 dd 1b 63 b6 06 62 1a c7 45 30 |p....7..c..b..E0| +000002a0 9d 08 64 35 8b 96 88 9a 1e 58 2f d0 ef 44 39 04 |..d5.....X/..D9.| +000002b0 3c bf e2 e6 c4 73 de f9 b0 10 ed 56 eb 04 bd 4e |<....s.....V...N| +000002c0 89 38 50 3b e7 e5 12 7c 8e 74 b2 a5 79 2d 88 7b |.8P;...|.t..y-.{| +000002d0 e5 1b 17 03 03 00 35 42 b2 61 24 4c 38 b5 d1 42 |......5B.a$L8..B| +000002e0 93 12 66 c5 be 3c f0 b1 b2 6b 86 07 99 7d f3 e4 |..f..<...k...}..| +000002f0 74 2b 43 98 38 df 70 7a e5 f7 67 cf c3 08 23 19 |t+C.8.pz..g...#.| +00000300 4a cf 06 26 fe 56 4a 97 4a 82 70 09 17 03 03 00 |J..&.VJ.J.p.....| +00000310 17 9b 3f bb 09 7d 4f c9 05 42 f7 d1 a7 59 0c a7 |..?..}O..B...Y..| +00000320 c6 9b 36 e1 46 ad 9b 89 17 03 03 00 13 ae a5 51 |..6.F..........Q| +00000330 76 d8 3a 77 a8 a0 38 70 bf be c8 fb ff fe 53 09 |v.:w..8p......S.| diff --git a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES index 47fc8ac5..1132b39f 100644 --- a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES @@ -1,10 +1,11 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 51 01 00 00 4d 03 01 1f 7c 58 1e 8d |....Q...M...|X..| -00000010 a4 41 a6 50 c7 4f 6b 01 6d a6 11 60 e9 cb be 78 |.A.P.Ok.m..`...x| -00000020 df d6 28 ec 34 75 26 ff 1a 09 83 00 00 04 c0 0a |..(.4u&.........| -00000030 00 ff 01 00 00 20 00 0b 00 04 03 00 01 02 00 0a |..... ..........| -00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| -00000050 00 00 00 17 00 00 |......| +00000000 16 03 01 00 63 01 00 00 5f 03 01 38 de f5 d6 ae |....c..._..8....| +00000010 46 71 e8 02 f2 45 88 b8 64 fb 6e 68 67 d1 7f e8 |Fq...E..d.nhg...| +00000020 49 71 1e a9 ec 8e 54 06 bb 2b 16 00 00 04 c0 0a |Iq....T..+......| +00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 |........| >>> Flow 2 (server to client) 00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -43,36 +44,37 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 01 00 b3 0c 00 00 af 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 01 00 b5 0c 00 00 b1 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 89 30 81 |......._X.;t..0.| -00000280 86 02 41 5a be 3b 57 47 18 04 6e 40 99 4b ff 41 |..AZ.;WG..n@.K.A| -00000290 01 cb 57 69 6f 98 75 c1 50 be 58 ca 09 f3 cd 24 |..Wio.u.P.X....$| -000002a0 1d 5b c6 84 43 ce ab 8e 4c 0b 21 a3 64 47 a1 db |.[..C...L.!.dG..| -000002b0 27 3d e4 95 a1 d5 bf 09 26 d3 66 90 93 18 8f 1f |'=......&.f.....| -000002c0 3f 0c ac c7 02 41 0d a7 79 b4 4d 52 f0 6c 40 e8 |?....A..y.MR.l@.| -000002d0 15 c6 1d 31 50 5e 68 5d 24 4c 01 90 40 d8 7a 36 |...1P^h]$L..@.z6| -000002e0 5e 06 68 96 ac e9 85 3c 6c 5d ed b6 63 90 85 2c |^.h....>> Flow 3 (client to server) -00000000 16 03 01 00 25 10 00 00 21 20 16 38 d1 9b d1 09 |....%...! .8....| -00000010 07 34 7a e6 72 21 ec 59 46 10 7f 58 03 ac 52 27 |.4z.r!.YF..X..R'| -00000020 f2 2e f7 c5 98 7a f1 94 cc 56 14 03 01 00 01 01 |.....z...V......| -00000030 16 03 01 00 30 1a 3b 60 62 b5 e1 36 3e 1d 0a 26 |....0.;`b..6>..&| -00000040 ad f8 fd a1 5a c1 8e da 17 99 ec 5a 77 36 70 90 |....Z......Zw6p.| -00000050 40 05 0e 36 1c fe 23 a4 a9 d5 68 a4 c7 d1 54 be |@..6..#...h...T.| -00000060 7f 08 5f db ac |.._..| +00000000 16 03 01 00 25 10 00 00 21 20 82 c0 dd 83 c2 45 |....%...! .....E| +00000010 a2 bc 3a 2a ec ab 60 8e 02 e0 db 7c 59 83 c1 62 |..:*..`....|Y..b| +00000020 c7 cc 61 1e de dc 40 e4 65 6c 14 03 01 00 01 01 |..a...@.el......| +00000030 16 03 01 00 30 3e 26 56 0b a2 10 47 00 55 27 21 |....0>&V...G.U'!| +00000040 63 33 f2 7d 4b ba 77 5f e7 a7 09 7a 1f 51 85 f2 |c3.}K.w_...z.Q..| +00000050 46 a5 af 80 79 1a c7 72 bb 3d f9 dd 1d 83 05 22 |F...y..r.=....."| +00000060 c9 6c dd 91 d9 |.l...| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 e9 c6 49 cf 75 |..........0..I.u| -00000010 77 32 9e 8e b1 86 2f a5 c5 ec d3 68 ba 03 e9 f0 |w2..../....h....| -00000020 87 0c 91 7b ad 80 1b 6e 7b 5d e5 58 85 ef 64 67 |...{...n{].X..dg| -00000030 b1 b0 d7 5f ed a8 72 54 b9 ad bb 17 03 01 00 20 |..._..rT....... | -00000040 7e 4d 0a 36 fc 9a 53 1e 18 70 08 4b 0d 46 dd 70 |~M.6..S..p.K.F.p| -00000050 60 aa 17 5f 4c 65 f3 5b c2 1d 25 70 3a 17 86 c3 |`.._Le.[..%p:...| -00000060 17 03 01 00 30 cf 19 e6 f3 aa 5f dd 6d 33 d2 c6 |....0....._.m3..| -00000070 4e 6f 74 01 5a a5 46 a4 4d 56 cd 46 7e 8e 24 5e |Not.Z.F.MV.F~.$^| -00000080 b8 1b ad 60 a7 3a 45 6a ee 00 16 37 90 3d 05 01 |...`.:Ej...7.=..| -00000090 e1 89 cb fe 2c 15 03 01 00 20 0f 5e fc 03 7b e2 |....,.... .^..{.| -000000a0 e0 f9 68 19 ea 6c 8b 01 c8 07 03 c8 04 0b bd ba |..h..l..........| -000000b0 59 59 3d bc e2 71 20 52 98 08 |YY=..q R..| +00000000 14 03 01 00 01 01 16 03 01 00 30 38 fa fd 42 8f |..........08..B.| +00000010 80 5a 7c 33 d4 6c 72 f7 4e 2f 00 ab c2 86 58 9d |.Z|3.lr.N/....X.| +00000020 fc a5 43 fa ea 5b a1 ee a9 df df 9d 90 4c c0 e3 |..C..[.......L..| +00000030 10 09 c4 23 21 f9 e9 69 f5 f8 fa 17 03 01 00 20 |...#!..i....... | +00000040 1e 57 17 e4 96 06 32 d4 00 a3 98 ed bd 1c 61 78 |.W....2.......ax| +00000050 e7 0d 89 ec 84 c3 56 fa 75 73 87 6f 47 35 80 3f |......V.us.oG5.?| +00000060 17 03 01 00 30 4d 51 0a dd 70 6d b0 c2 d1 46 5c |....0MQ..pm...F\| +00000070 b5 03 87 de e6 65 d3 e2 83 e0 33 f8 a2 0a 29 7f |.....e....3...).| +00000080 6c 24 2b 1f 7b 2b 53 19 21 e9 62 6c 31 75 9c be |l$+.{+S.!.bl1u..| +00000090 5b b0 3d 5b 1a 15 03 01 00 20 19 51 64 4b 5a 9b |[.=[..... .QdKZ.| +000000a0 c8 2a 1c e7 9e 29 d9 df ad 1d 08 09 82 a3 b1 1d |.*...)..........| +000000b0 60 99 00 25 30 51 a1 72 b6 27 |`..%0Q.r.'| diff --git a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA index 413a1763..63e0edb6 100644 --- a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA +++ b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA @@ -1,16 +1,17 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 b9 01 00 00 b5 03 03 26 77 87 e6 2f |...........&w../| -00000010 cf 42 85 3f bf 97 c3 c1 b2 16 cc fd dc f5 2c c7 |.B.?..........,.| -00000020 a5 3b 92 94 a1 f9 7d 20 06 c7 48 00 00 38 c0 2c |.;....} ..H..8.,| +00000000 16 03 01 00 cb 01 00 00 c7 03 03 3f 5d 09 25 4e |...........?].%N| +00000010 82 83 13 89 ba 89 43 d5 43 4f f1 c3 2f 08 77 39 |......C.CO../.w9| +00000020 bf eb c7 1d 4b d6 85 c8 17 2f 83 00 00 38 c0 2c |....K..../...8.,| 00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| 00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| 00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| -00000060 00 35 00 2f 00 ff 01 00 00 54 00 0b 00 04 03 00 |.5./.....T......| -00000070 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| -00000080 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| -00000090 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| -000000a0 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| -000000b0 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| +00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| +00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| +000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| +000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -49,39 +50,39 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8a |......._X.;t....| -00000280 30 81 87 02 42 00 f9 82 66 d5 95 95 75 b1 51 fa |0...B...f...u.Q.| -00000290 2b a0 36 f9 a5 4a d9 8a 19 bd 69 ac 20 cd 55 c9 |+.6..J....i. .U.| -000002a0 4e fc 3e 4e c3 a5 46 fa aa f7 70 97 a0 a0 3c a3 |N.>N..F...p...<.| -000002b0 4d a2 da 87 e6 7c 27 ed ae 74 8a 33 7f 60 a5 a9 |M....|'..t.3.`..| -000002c0 38 5b 4c 7b 06 b8 48 02 41 18 42 80 28 92 1a a3 |8[L{..H.A.B.(...| -000002d0 38 2e 59 22 4d 37 a3 a6 3d cc e8 6e 92 c6 b8 95 |8.Y"M7..=..n....| -000002e0 81 39 d1 fd e2 60 75 bd 09 a2 7d 01 04 ca 2d 29 |.9...`u...}...-)| -000002f0 38 db c9 1a 32 92 9f f1 81 dd 09 b4 f6 c5 60 53 |8...2.........`S| -00000300 ce 47 e4 01 be 53 33 11 61 7e 16 03 03 00 04 0e |.G...S3.a~......| -00000310 00 00 00 |...| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| +00000280 30 81 88 02 42 01 5c 2a 30 4f 9f dc df a8 33 06 |0...B.\*0O....3.| +00000290 3b bc 35 46 6a 9c a3 a1 26 ec 42 29 bf 63 b3 9b |;.5Fj...&.B).c..| +000002a0 8c bf 7b 07 8d 28 eb 41 68 7a 8a 1b f3 de a9 dc |..{..(.Ahz......| +000002b0 1e d1 21 3c 4d 24 df 89 90 b6 f2 fb ad 60 d2 27 |..!V..F.| +000002e0 b4 e5 90 72 ed af 71 0d fb e6 39 2f d5 4b 73 ba |...r..q...9/.Ks.| +000002f0 85 d2 a4 bf 99 74 d7 81 eb 3e 69 4d f0 12 1e 3c |.....t...>iM...<| +00000300 53 ca f0 35 85 ef ff ed cc 0f f7 16 03 03 00 04 |S..5............| +00000310 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 61 b0 b4 1a ab 94 |....%...! a.....| -00000010 34 68 e0 fb 20 de c5 72 d5 0b fa 9d 2e 6c ac c7 |4h.. ..r.....l..| -00000020 81 07 9a 73 cc 39 62 db 41 70 14 03 03 00 01 01 |...s.9b.Ap......| -00000030 16 03 03 00 40 8d 90 9b 5b b9 7d 3a aa 14 bc 84 |....@...[.}:....| -00000040 04 59 77 ae a4 d3 1a 2b 7f b5 a5 d6 8e 0f d1 18 |.Yw....+........| -00000050 65 35 80 51 ff 85 c9 27 20 d8 c8 bc 67 17 a3 e8 |e5.Q...' ...g...| -00000060 a9 cc 0f 48 39 64 ec bd 8f 5e 27 77 15 6d be 50 |...H9d...^'w.m.P| -00000070 26 f1 d1 54 85 |&..T.| +00000000 16 03 03 00 25 10 00 00 21 20 b8 a6 ed 33 20 59 |....%...! ...3 Y| +00000010 76 0b 7c 87 53 f1 12 c1 46 d9 db 68 c0 6f d6 30 |v.|.S...F..h.o.0| +00000020 ea e0 64 04 54 7a 4c 95 03 41 14 03 03 00 01 01 |..d.TzL..A......| +00000030 16 03 03 00 40 c0 70 29 39 a0 8a bd 59 58 88 44 |....@.p)9...YX.D| +00000040 ea 10 b4 79 3e 0e 72 b7 2a 03 6d 4d 5a 24 f5 c0 |...y>.r.*.mMZ$..| +00000050 4e e5 19 f0 fb 66 ca 97 89 4b 67 dc bb 19 cd 0b |N....f...Kg.....| +00000060 6e 74 01 d3 a4 9a ab af 8e 44 10 99 ac ff 9e 9e |nt.......D......| +00000070 17 04 56 78 55 |..VxU| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 7a f1 62 3b 55 |...........z.b;U| -00000020 9f 76 d8 69 c3 63 9c f3 59 a5 5a 44 96 4f 71 4e |.v.i.c..Y.ZD.OqN| -00000030 86 29 2a 15 80 d4 e9 49 21 c3 0b dd f1 e9 5b 6d |.)*....I!.....[m| -00000040 01 3d ce 6f 35 26 f3 f4 fe e6 c5 17 03 03 00 40 |.=.o5&.........@| +00000010 00 00 00 00 00 00 00 00 00 00 00 01 a0 6b 2c c5 |.............k,.| +00000020 7e 83 70 b5 2c 8c 43 b6 8b 2e 18 2a 1d be 11 6d |~.p.,.C....*...m| +00000030 13 f9 ba b5 de db 01 2a 64 d9 5b 24 c9 61 a1 4d |.......*d.[$.a.M| +00000040 11 bb fc b1 86 61 b0 04 a9 cd 1e 17 03 03 00 40 |.....a.........@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 20 0d d4 7a f9 98 6e ae 88 55 f1 21 84 44 e5 6a | ..z..n..U.!.D.j| -00000070 37 1f 87 f0 79 cc 73 22 07 51 e8 f5 25 c9 e5 b0 |7...y.s".Q..%...| -00000080 13 2f fb 31 47 4e d6 29 93 cb ab 2f 42 89 1d 2f |./.1GN.).../B../| +00000060 d8 98 85 b4 cb 61 39 69 2f b1 1f 24 c1 5a 4f e3 |.....a9i/..$.ZO.| +00000070 0b 20 5d 6c 3f 3f 82 3a a3 8a b3 cf e9 41 bb 60 |. ]l??.:.....A.`| +00000080 ed b6 67 a0 76 39 ab 93 a5 35 d0 42 b3 a7 4c 92 |..g.v9...5.B..L.| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 05 96 9a af 6b 7f 27 ff 2e 04 23 |.........k.'...#| -000000b0 0d c9 d1 1c cd 8a 61 5f d4 47 44 81 c2 e7 5e 12 |......a_.GD...^.| -000000c0 00 07 4b 42 98 |..KB.| +000000a0 00 00 00 00 00 c7 0d 06 b2 2b 73 ab ed 16 88 6f |.........+s....o| +000000b0 62 77 fb 48 e4 5e 6d 7e 24 02 b6 08 fa 46 c8 76 |bw.H.^m~$....F.v| +000000c0 18 fc f4 c4 08 |.....| diff --git a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES index 9b43f8c7..d7e61880 100644 --- a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES @@ -1,13 +1,14 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 85 01 00 00 81 03 03 db 38 f7 49 28 |............8.I(| -00000010 97 e3 27 9d 20 02 82 7f fa b8 cd 67 c6 41 26 32 |..'. ......g.A&2| -00000020 e7 b6 e7 62 fa dd 5f 3e 42 c2 5f 00 00 04 c0 0a |...b.._>B._.....| -00000030 00 ff 01 00 00 54 00 0b 00 04 03 00 01 02 00 0a |.....T..........| -00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| -00000050 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 |.........0......| -00000060 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| -00000070 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| -00000080 03 02 02 02 04 02 05 02 06 02 |..........| +00000000 16 03 01 00 97 01 00 00 93 03 03 86 3b 10 1e 5f |............;.._| +00000010 81 eb 21 bd 77 47 61 e9 3f 82 85 14 91 8c ab 7d |..!.wGa.?......}| +00000020 84 bd b1 f0 06 20 8a 7b 06 d6 78 00 00 04 c0 0a |..... .{..x.....| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -46,39 +47,39 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8a |......._X.;t....| -00000280 30 81 87 02 42 00 af 31 9a 20 79 6e 4f 35 81 fa |0...B..1. ynO5..| -00000290 54 00 f0 7b bc 4a a0 fa 72 29 54 e6 8c 41 5b e3 |T..{.J..r)T..A[.| -000002a0 0e 3f ec d9 f1 af ab 75 42 ba d0 69 ce 69 93 72 |.?.....uB..i.i.r| -000002b0 d2 21 b5 9a ea 80 3b 65 87 93 c0 c0 5a d0 3f c6 |.!....;e....Z.?.| -000002c0 ee ad 2d e1 53 f5 f4 02 41 13 e5 95 01 ff 4f 67 |..-.S...A.....Og| -000002d0 e8 34 00 ae d3 99 f7 2d 3a 19 c8 cf 91 48 79 ee |.4.....-:....Hy.| -000002e0 6b fe ee 47 f7 3e 87 23 24 fb 72 08 e2 f4 44 89 |k..G.>.#$.r...D.| -000002f0 09 c6 08 6f 9d 7e 43 36 31 67 6e f6 8a f4 5e fa |...o.~C61gn...^.| -00000300 dd 42 3b b6 a8 a9 11 ca 43 01 16 03 03 00 04 0e |.B;.....C.......| -00000310 00 00 00 |...| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| +00000280 30 81 88 02 42 01 c5 d1 36 97 5b 0e 5e a6 90 50 |0...B...6.[.^..P| +00000290 a0 2e 80 b5 df d7 5a f6 95 0d a4 c6 f0 da 2e e7 |......Z.........| +000002a0 91 79 9f 85 2e ef ca 66 3c f7 c4 7b bd 61 70 bb |.y.....f<..{.ap.| +000002b0 16 c5 aa 00 35 33 ae 58 00 b3 f1 fe 0f 77 52 23 |....53.X.....wR#| +000002c0 f4 40 ba 4b c7 e5 43 02 42 01 64 af ab 8a 87 38 |.@.K..C.B.d....8| +000002d0 a1 7f b8 ae 84 0e a4 ff ad 16 09 44 0b 65 67 70 |...........D.egp| +000002e0 12 7f 1a 37 9a 1d 5e b7 3b 63 df f9 6b f1 b9 ba |...7..^.;c..k...| +000002f0 6b 35 8f b3 03 da 3d 61 00 3d 4e 75 b4 d0 92 d5 |k5....=a.=Nu....| +00000300 ee 50 9d d7 f9 26 69 e6 ec cf 3b 16 03 03 00 04 |.P...&i...;.....| +00000310 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 8f 6b fb 70 cb 5a |....%...! .k.p.Z| -00000010 6b b3 2c 65 29 90 c9 c1 30 03 01 a0 bb ab 4a 3a |k.,e)...0.....J:| -00000020 1b fd 5c 85 5b 50 57 68 dd 2a 14 03 03 00 01 01 |..\.[PWh.*......| -00000030 16 03 03 00 40 c8 9b 27 df f2 7f 0c e2 3f 60 aa |....@..'.....?`.| -00000040 0c ed 3e 70 0f 24 b9 75 84 ef 45 ef c1 49 17 ff |..>p.$.u..E..I..| -00000050 bc fc f9 62 0b 1d 12 bb 96 da f8 18 ff ef 66 f7 |...b..........f.| -00000060 68 bf 91 40 f8 99 4a d0 9a 68 55 a4 d9 4c 4c 7d |h..@..J..hU..LL}| -00000070 39 61 a4 df e4 |9a...| +00000000 16 03 03 00 25 10 00 00 21 20 54 db 5b a1 4c e0 |....%...! T.[.L.| +00000010 0e 52 a2 45 e3 b4 ac 91 3d e1 de a9 3e eb 80 9e |.R.E....=...>...| +00000020 f5 04 7b fc 82 10 2f d9 d1 41 14 03 03 00 01 01 |..{.../..A......| +00000030 16 03 03 00 40 47 68 cc 5e 68 3f 05 d6 f8 5c 11 |....@Gh.^h?...\.| +00000040 08 a3 91 72 ae 4c 98 67 2f 45 ee 16 6b 8b 2d 28 |...r.L.g/E..k.-(| +00000050 15 34 43 47 f9 46 f2 96 c2 85 d5 cc 03 e0 84 de |.4CG.F..........| +00000060 9c 03 fe bf c9 73 23 15 d0 0f 85 3a 76 db 9f 5d |.....s#....:v..]| +00000070 95 b7 de 9c c2 |.....| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 aa 26 94 c7 3b |............&..;| -00000020 2e be b5 9d 0b 27 5b b4 54 cf 8d e7 ce 1f 88 4a |.....'[.T......J| -00000030 60 01 32 f6 4c b2 c0 66 b6 30 ae 57 78 99 92 f3 |`.2.L..f.0.Wx...| -00000040 1b d0 db 80 7c 87 4a bb fb f3 45 17 03 03 00 40 |....|.J...E....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 98 34 52 f3 44 |............4R.D| +00000020 18 69 23 61 ef 8f e9 c0 88 9c ad 1f cb e4 8d 55 |.i#a...........U| +00000030 bd bb 77 9c 65 9d 21 f0 54 4c 46 db 4f e6 e8 ab |..w.e.!.TLF.O...| +00000040 6b 1d 60 38 7f e0 2c 38 ef e7 43 17 03 03 00 40 |k.`8..,8..C....@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 4d e4 d8 17 70 af 3c 0b 39 c9 8c e9 77 ca 15 4c |M...p.<.9...w..L| -00000070 e5 23 de e0 18 17 48 c8 60 3a 57 7f 10 00 5a 61 |.#....H.`:W...Za| -00000080 f2 39 c6 9a c6 c5 fc 51 a4 5e 9f a0 70 11 d5 d5 |.9.....Q.^..p...| +00000060 44 68 90 07 1e 8c 7f db 3e 3f 8c 28 e1 d7 41 38 |Dh......>?.(..A8| +00000070 e2 78 04 e3 42 c2 a9 76 bb 0a ae b9 93 df 81 d7 |.x..B..v........| +00000080 9b 0f 1d 44 19 79 ff 7c 21 8f 75 ca e2 82 cc c4 |...D.y.|!.u.....| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 2e 3a 5b 0b d6 7b 12 d8 a7 01 2a |......:[..{....*| -000000b0 79 7c fb 88 f1 75 cc db b0 58 41 db d3 1b bc 85 |y|...u...XA.....| -000000c0 e1 24 b9 ee 2f |.$../| +000000a0 00 00 00 00 00 82 1f e6 2c 3f c7 55 19 01 0b 62 |........,?.U...b| +000000b0 1a 99 fc f8 d3 b0 38 21 41 92 1a d1 e0 43 96 da |......8!A....C..| +000000c0 80 4b 58 91 c8 |.KX..| diff --git a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES index 98c18f30..d2b02504 100644 --- a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES @@ -1,95 +1,96 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 d4 01 00 00 d0 03 03 eb 18 9a be 8a |................| -00000010 aa b6 73 10 6e 82 58 cf 69 df e1 ef c5 7e 3b 63 |..s.n.X.i....~;c| -00000020 56 43 d1 08 dd ce 3c 19 bb b6 57 20 b1 c0 f9 5b |VC....<...W ...[| -00000030 15 1f 4b 24 0c e7 18 7c 45 44 0f b9 e9 bd f4 bc |..K$...|ED......| -00000040 9d 70 fc cd b0 88 d6 8a de ef 19 36 00 04 13 01 |.p.........6....| -00000050 00 ff 01 00 00 83 00 0b 00 04 03 00 01 02 00 0a |................| -00000060 00 16 00 14 00 1d 00 17 00 1e 00 19 00 18 01 00 |................| -00000070 01 01 01 02 01 03 01 04 00 16 00 00 00 17 00 00 |................| -00000080 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................| -00000090 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| -000000a0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....| -000000b0 33 00 26 00 24 00 1d 00 20 32 91 8e 3f b1 52 c1 |3.&.$... 2..?.R.| -000000c0 ac 66 b5 cf 09 d0 1f f8 f5 c0 fe df fd 50 12 fc |.f...........P..| -000000d0 d2 68 d8 7f 47 db e6 60 25 |.h..G..`%| +00000000 16 03 01 00 dc 01 00 00 d8 03 03 90 bc cf 62 d0 |..............b.| +00000010 bc 89 6b 84 ad 18 87 f5 9c 96 0e 02 3f ae a5 4b |..k.........?..K| +00000020 80 70 f8 54 47 b1 78 03 48 4d 06 20 ae 9e 3c 17 |.p.TG.x.HM. ..<.| +00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| +00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 00 04 13 01 |.ea@.|....s.....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 ad 11 a7 07 20 9c cb 33 96 f4 0d 78 a1 89 55 | .... ..3...x..U| +000000d0 6c af 70 f4 ac d6 cb d9 0d 1b 13 fa 50 de 68 17 |l.p.........P.h.| +000000e0 1d |.| >>> Flow 2 (server to client) 00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 20 b1 c0 f9 5b |........... ...[| -00000030 15 1f 4b 24 0c e7 18 7c 45 44 0f b9 e9 bd f4 bc |..K$...|ED......| -00000040 9d 70 fc cd b0 88 d6 8a de ef 19 36 13 01 00 00 |.p.........6....| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 ae 9e 3c 17 |........... ..<.| +00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| +00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 13 01 00 00 |.ea@.|....s.....| 00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| 00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| -00000080 03 03 00 01 01 17 03 03 00 17 b5 f6 51 6b 88 3d |............Qk.=| -00000090 19 f7 f0 e2 7b e2 6f 03 86 27 a4 b2 7d 94 dc 2c |....{.o..'..}..,| -000000a0 42 17 03 03 02 22 f3 ae b6 3a 74 78 ef ff a5 a7 |B...."...:tx....| -000000b0 45 cb ec a9 ae 8b ea ba 41 e8 9d 1e fc 01 80 2d |E.......A......-| -000000c0 00 af cd c7 82 8d a2 0a 80 3c d4 e2 19 b0 fe 80 |.........<......| -000000d0 0c 54 81 28 af 4f 11 59 f2 7b 74 8f bd 9e 34 34 |.T.(.O.Y.{t...44| -000000e0 db 5a 33 90 46 fe 84 f0 8a 39 23 2d 00 07 8d 76 |.Z3.F....9#-...v| -000000f0 96 6b 32 82 46 36 f7 7a d0 68 8b 83 9f f9 b4 08 |.k2.F6.z.h......| -00000100 3f c2 3d 38 c0 aa 5c 8b 9a 87 0b 24 52 d0 ec 0e |?.=8..\....$R...| -00000110 9f 26 cc 44 93 7d 9a a0 51 57 d4 f4 3d f3 a7 46 |.&.D.}..QW..=..F| -00000120 a4 d0 37 b0 dc 0a c7 4b aa ca f9 c6 6e 5a 46 0b |..7....K....nZF.| -00000130 44 17 3f 11 1a 0b 82 02 cf ee 9e 4c 62 d3 83 d7 |D.?........Lb...| -00000140 ec 2f ce 9e d5 01 5d 06 28 e9 7c 10 39 99 00 ef |./....].(.|.9...| -00000150 20 cb 64 fd 86 ca e7 df d5 c0 4f e3 60 51 4d c9 | .d.......O.`QM.| -00000160 75 89 44 d8 1d 28 d2 de 6d 9e 56 62 13 4d 50 04 |u.D..(..m.Vb.MP.| -00000170 b3 83 a4 5d 20 c9 e9 2b a1 32 9f 73 d4 39 4a ae |...] ..+.2.s.9J.| -00000180 96 6a 01 8d 63 f6 61 99 31 82 c4 3c e9 c8 bb d5 |.j..c.a.1..<....| -00000190 e3 46 0e 32 3f 37 e1 66 9d 77 46 17 ce f0 f5 37 |.F.2?7.f.wF....7| -000001a0 07 38 cf 9a 03 df e2 93 3a 20 50 ab 50 2a f5 78 |.8......: P.P*.x| -000001b0 06 79 32 92 f4 6a 45 78 8b db d1 34 a3 c5 68 0b |.y2..jEx...4..h.| -000001c0 5d 6b 24 79 42 b4 19 fa d5 81 0b e0 13 20 77 a8 |]k$yB........ w.| -000001d0 c6 f1 36 34 80 34 bf d7 39 ec 1a a5 dd 48 7c 01 |..64.4..9....H|.| -000001e0 24 5c 19 ae ba 80 83 eb 71 61 70 05 17 ab 0b 13 |$\......qap.....| -000001f0 8a 4f 2c 80 19 28 cd 16 0f a7 ba 42 bb 9a 76 f1 |.O,..(.....B..v.| -00000200 24 24 96 17 b0 58 9a 94 64 9f 7f f6 19 75 7a 39 |$$...X..d....uz9| -00000210 2d c8 0f 5a 36 17 ce d7 7f 94 de 9c 25 eb 12 13 |-..Z6.......%...| -00000220 31 2a 18 e3 48 4b 8e bc 3b fa 5e 3b fc 18 f8 b4 |1*..HK..;.^;....| -00000230 cb 6e b2 5a 52 09 a3 ca e4 93 48 56 8c bc 96 5c |.n.ZR.....HV...\| -00000240 ec 4b ed 0c ca b9 76 10 36 b8 61 32 e4 c5 50 d1 |.K....v.6.a2..P.| -00000250 48 e0 62 ee de 64 c7 e4 42 66 b0 25 cb 07 e9 1e |H.b..d..Bf.%....| -00000260 b0 03 f6 8d 61 71 57 10 8f 8d 4a b3 98 23 a4 7f |....aqW...J..#..| -00000270 c8 44 46 17 ed 82 ec e3 da 50 1b 5e 31 0d 27 24 |.DF......P.^1.'$| -00000280 18 c7 08 cc 6d 5e a4 bc 2f c1 1f bc 43 fd 26 a1 |....m^../...C.&.| -00000290 9f 46 c0 b2 61 9e 30 71 6a a8 28 b8 a7 40 ba bc |.F..a.0qj.(..@..| -000002a0 bd 28 3a 90 0b e4 57 b0 4e 07 58 68 22 10 ee 0f |.(:...W.N.Xh"...| -000002b0 aa af 24 d7 95 64 77 b8 9c 6a db d2 a4 1a 9e 28 |..$..dw..j.....(| -000002c0 03 90 c2 90 c6 e7 25 da 17 03 03 00 a4 c5 0d 5b |......%........[| -000002d0 cd b5 3f 54 79 dd ab 78 42 74 2e 1d 34 df bc 02 |..?Ty..xBt..4...| -000002e0 90 c4 7d 36 30 cd 33 34 2c 10 b1 e1 93 1b dc 95 |..}60.34,.......| -000002f0 64 66 fe 36 0f 62 80 63 82 de 7c 25 2a 86 b6 60 |df.6.b.c..|%*..`| -00000300 d8 9e bc ce c1 ba 8c fa c5 2b c3 a0 fb 6e 50 69 |.........+...nPi| -00000310 a7 41 f2 88 04 50 f6 8a 3b 9a 66 c8 4c d4 5c 6f |.A...P..;.f.L.\o| -00000320 77 4e 3a 58 1f 1f ce 26 d9 9e 65 d9 67 15 2a d2 |wN:X...&..e.g.*.| -00000330 b9 7a a5 34 71 92 dc 2f 59 2a 67 92 73 a8 dd 40 |.z.4q../Y*g.s..@| -00000340 5e 11 6a 23 0f b2 6a 2f 1a 23 99 c9 b2 47 67 34 |^.j#..j/.#...Gg4| -00000350 dc 87 3a 3b 9a f8 64 fa da 41 3d 26 b1 fd 21 d8 |..:;..d..A=&..!.| -00000360 05 47 1a 9e 56 05 ca c8 75 04 d8 ae f9 d6 91 1d |.G..V...u.......| -00000370 be 17 03 03 00 35 a6 37 fb 4c c0 13 80 ba 39 27 |.....5.7.L....9'| -00000380 c2 da 78 2f 59 32 04 26 73 2c ee 3e d4 69 b8 75 |..x/Y2.&s,.>.i.u| -00000390 bf c3 17 d0 e5 ab 41 9b 4a 2d a7 78 98 25 ed 52 |......A.J-.x.%.R| -000003a0 0d 4a 49 7f 7f 85 2b 1b 8e 7a 9a 17 03 03 00 93 |.JI...+..z......| -000003b0 4a 22 c6 87 a0 9e 40 44 df f1 71 3c d5 f4 69 3a |J"....@D..q<..i:| -000003c0 35 8e 53 a2 25 a5 eb 65 63 c3 2b 84 34 22 e1 5f |5.S.%..ec.+.4"._| -000003d0 22 66 de 6c 77 ef de 74 34 02 ef 5f e8 b3 ec 22 |"f.lw..t4.._..."| -000003e0 49 40 e6 f2 04 a1 e9 cc 8c 94 69 5c 80 12 5c ba |I@........i\..\.| -000003f0 1b 11 a3 f4 77 8b 33 02 64 47 8a 35 8d 1a a8 91 |....w.3.dG.5....| -00000400 0d 3e 3b b4 35 a5 65 6f 9b 6c 2a 7f 69 56 dd aa |.>;.5.eo.l*.iV..| -00000410 9d e2 22 ea bf 9e 13 2d 7a 12 b3 01 74 26 c6 68 |.."....-z...t&.h| -00000420 3f da 38 cd ef f7 17 a9 12 3a 90 cd 2f 69 0b 00 |?.8......:../i..| -00000430 3e 95 b2 be 70 51 d5 ad cf f9 f2 2c 95 59 74 bd |>...pQ.....,.Yt.| -00000440 87 c1 8f |...| +00000080 03 03 00 01 01 17 03 03 00 17 f1 16 14 8f 0a b5 |................| +00000090 92 fa 55 d7 fb 6c 33 04 ae c6 ed 3b 90 27 e9 ae |..U..l3....;.'..| +000000a0 e8 17 03 03 02 22 ca b1 97 19 9d da 2e 1d 12 f4 |....."..........| +000000b0 05 af 35 28 1e 85 9d 28 81 f0 5a 83 46 9c df f7 |..5(...(..Z.F...| +000000c0 58 2e 30 fa b9 07 00 cf fe 69 37 5e f2 75 a0 ef |X.0......i7^.u..| +000000d0 f3 ab 60 0b c5 09 72 bd b4 42 2f 45 24 3e 82 d0 |..`...r..B/E$>..| +000000e0 f1 a1 dd 3a de 6a b9 9d 85 2b 83 75 47 c9 d2 c3 |...:.j...+.uG...| +000000f0 25 91 85 c2 a1 97 6a 62 dd aa 19 11 94 e2 6b f9 |%.....jb......k.| +00000100 7d 5a bc 5e d4 64 bc 74 44 85 d1 7a eb 3a ef d5 |}Z.^.d.tD..z.:..| +00000110 96 f4 22 64 61 2b 79 77 ac 8b 61 69 cc eb ad fd |.."da+yw..ai....| +00000120 38 5e 61 74 d9 4f 70 82 06 3b 3e f8 a8 53 7c e8 |8^at.Op..;>..S|.| +00000130 9d 98 43 a1 af 86 ba d9 64 64 f0 e0 b0 8f 39 6b |..C.....dd....9k| +00000140 16 d6 92 09 8d 5b d0 34 f4 14 60 69 a0 28 73 3a |.....[.4..`i.(s:| +00000150 24 7f 81 4e 8b d1 50 49 1a c0 60 92 fd 02 47 6d |$..N..PI..`...Gm| +00000160 d8 97 62 b2 b4 57 8b d7 d1 b6 bf 19 40 cb 13 09 |..b..W......@...| +00000170 ef d6 55 66 39 88 29 e0 14 2d 06 98 d6 b6 bf a6 |..Uf9.)..-......| +00000180 04 10 47 d5 64 fe 38 69 db 33 a4 fc 12 de 83 5b |..G.d.8i.3.....[| +00000190 c9 8e 76 56 bc f7 dd ac 96 c6 a0 ed e5 43 0b 13 |..vV.........C..| +000001a0 1e 78 94 18 fd 57 50 79 08 91 18 aa 84 63 4e 46 |.x...WPy.....cNF| +000001b0 53 db e0 f3 9a 0b d6 13 20 36 aa 56 dd 7a 62 d9 |S....... 6.V.zb.| +000001c0 3f f6 bd 87 74 3c 86 d1 94 a1 04 79 a8 54 e4 8e |?...t<.....y.T..| +000001d0 11 d6 52 42 5c 4b 77 18 b9 d7 db f7 48 9a 69 e1 |..RB\Kw.....H.i.| +000001e0 2d b9 38 38 e4 e8 94 5e b1 7e 2c 81 96 6a a0 ed |-.88...^.~,..j..| +000001f0 bb 35 6a 8c 93 f2 6d 38 70 df 79 54 d9 45 c8 b8 |.5j...m8p.yT.E..| +00000200 b2 9c 0f 9f 70 34 8f ac b3 08 f5 3e b1 d2 5a d7 |....p4.....>..Z.| +00000210 7b ee f3 dc 9a d1 12 c3 77 24 76 9b bf 09 50 a7 |{.......w$v...P.| +00000220 3c ab 7f 1f 99 b5 02 8c ac 5e 85 cc 53 fd ca e0 |<........^..S...| +00000230 c7 e2 41 08 fd cb b0 79 0c 8b 02 4f 80 92 c2 cd |..A....y...O....| +00000240 6c a1 aa 75 d2 4c d1 25 40 7c 14 41 a7 15 20 a3 |l..u.L.%@|.A.. .| +00000250 a6 81 64 7c c0 c7 2d dd 82 84 ad 2a f4 06 f9 61 |..d|..-....*...a| +00000260 23 1c dd c6 ef 72 da 6b eb be 41 f0 b4 5f 9a 02 |#....r.k..A.._..| +00000270 ee a8 f3 bb 05 48 ec 50 a3 ff f3 94 bb d8 a9 6d |.....H.P.......m| +00000280 92 49 7c bf a1 eb 55 26 08 26 d3 80 d6 cb 05 ea |.I|...U&.&......| +00000290 d1 db bf 97 3d 10 ff 4e f6 05 33 23 68 95 31 42 |....=..N..3#h.1B| +000002a0 5a d5 30 61 79 c4 88 7f e1 be 28 ad 72 bb 78 36 |Z.0ay.....(.r.x6| +000002b0 ba bb 38 75 fb 97 33 b6 28 8c a2 f4 46 fe 37 d8 |..8u..3.(...F.7.| +000002c0 b0 67 63 97 c1 51 0c 61 17 03 03 00 a4 20 15 70 |.gc..Q.a..... .p| +000002d0 7a 69 b1 33 c2 e1 f5 9c 2b b2 06 1e 01 a6 7f 03 |zi.3....+.......| +000002e0 cd 00 13 02 3b 0c 2b 3f 85 d8 ed 6d 81 7e e9 b2 |....;.+?...m.~..| +000002f0 b6 be 7b 77 51 30 dd b5 fc 93 08 91 9e 46 e2 85 |..{wQ0.......F..| +00000300 74 3c 9a 04 26 86 b8 6c 98 99 57 7e 36 54 0d 90 |t<..&..l..W~6T..| +00000310 4c 55 65 77 69 59 b2 e5 5b a3 19 4a b0 72 3d 91 |LUewiY..[..J.r=.| +00000320 2e 5d 9b 8c 52 a1 e6 f5 22 c6 3c 0d 9b d8 9c b9 |.]..R...".<.....| +00000330 cb 90 51 bc 16 69 06 30 22 16 62 08 3b 3f 05 99 |..Q..i.0".b.;?..| +00000340 60 2a cc cf 29 f5 e1 b0 84 81 c8 63 00 d4 d4 13 |`*..)......c....| +00000350 b5 5d 4c 63 8a 60 3e 44 24 03 30 85 91 4c 3d f2 |.]Lc.`>D$.0..L=.| +00000360 2c c2 78 f2 c3 4c bb 90 60 0b 66 18 02 e7 5c 85 |,.x..L..`.f...\.| +00000370 19 17 03 03 00 35 49 76 5f ff 32 3a 09 7a 4b f2 |.....5Iv_.2:.zK.| +00000380 fe f3 38 b6 76 f4 12 f2 aa a3 ed b6 02 ab 0b b9 |..8.v...........| +00000390 3b 9d 00 51 f1 5c 96 23 6b 49 f8 32 9f 74 30 32 |;..Q.\.#kI.2.t02| +000003a0 4d af af ef d5 55 2c ff 2b a0 45 17 03 03 00 93 |M....U,.+.E.....| +000003b0 6e e0 6a f9 44 af c0 af 95 ab 1e ff fd 97 38 f5 |n.j.D.........8.| +000003c0 7b 24 70 da e2 4e 8b dc 9b 49 84 fe 73 0a b0 7e |{$p..N...I..s..~| +000003d0 cf 14 f7 8a 67 e7 74 bd ee 82 93 c6 27 a2 bd 1e |....g.t.....'...| +000003e0 cb 71 06 af 65 dd f0 d9 91 81 b0 f8 21 34 48 d1 |.q..e.......!4H.| +000003f0 c4 e0 e3 19 a8 b4 48 b7 3a be 52 e5 7c a8 a3 c2 |......H.:.R.|...| +00000400 08 6c ac 66 4d 36 cf a1 9d 1f 72 c5 09 20 db 05 |.l.fM6....r.. ..| +00000410 e5 0a 44 af 4a d8 32 38 19 7d 28 e3 05 23 99 66 |..D.J.28.}(..#.f| +00000420 f6 ad 77 02 7e 00 67 c1 71 58 b9 89 3c 93 15 95 |..w.~.g.qX..<...| +00000430 ee 38 e2 ea c0 73 fe da e4 75 6d 38 ca 54 0b bf |.8...s...um8.T..| +00000440 f0 af 86 |...| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 00 35 9e 5c 12 25 97 |..........5.\.%.| -00000010 bb 3d 7b ad c6 86 fc d4 0e 47 15 c6 a4 53 9c 58 |.={......G...S.X| -00000020 00 6e b0 62 48 71 4a 5e 6e 7d b9 9a 5b 0c 69 97 |.n.bHqJ^n}..[.i.| -00000030 51 5e 86 02 01 ab 3b 98 39 af 0a 09 6d b3 b5 d6 |Q^....;.9...m...| +00000000 14 03 03 00 01 01 17 03 03 00 35 23 02 12 13 f1 |..........5#....| +00000010 db fa 70 c0 92 85 8a d3 fa 80 1b 5c a6 22 ff 20 |..p........\.". | +00000020 5d bf 1d 61 58 34 c0 48 6f e1 26 a6 bf bc 76 c7 |]..aX4.Ho.&...v.| +00000030 8b da ee 54 64 30 c4 5c b1 61 67 82 29 bb 3f 4b |...Td0.\.ag.).?K| >>> Flow 4 (server to client) -00000000 17 03 03 00 1e ea c2 18 ba 35 48 30 d9 37 8d 53 |.........5H0.7.S| -00000010 33 11 0a a9 1e 0f 25 99 f1 28 23 e8 d6 88 72 f9 |3.....%..(#...r.| -00000020 d0 04 43 17 03 03 00 13 da 9d 22 c9 26 24 e4 0a |..C.......".&$..| -00000030 83 0a ef 38 d3 12 58 67 ee a3 a8 |...8..Xg...| +00000000 17 03 03 00 1e 95 c0 53 e2 37 94 09 83 1e 7e 23 |.......S.7....~#| +00000010 dc 9f 02 5e 91 19 b6 f9 72 0d 38 3f 25 ae b2 5f |...^....r.8?%.._| +00000020 4b f2 78 17 03 03 00 13 d2 ad 73 d6 f3 21 ab 7c |K.x.......s..!.|| +00000030 02 dd 63 ff cf d7 34 ca 71 3d 70 |..c...4.q=p| From e0d9751542387aac48b19b9ddf44c0813793ad56 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 12:23:21 +0000 Subject: [PATCH 32/40] fix: regenerate ECDSA test flows A change in ECDSA signature generation made old flow data incompatible with newer Go versions: https://github.com/golang/go/commit/08f2091ce0817346458d2ae984ccea77817cd516 --- .../Client-TLSv10-ClientCert-ECDSA-ECDSA | 88 +++---- .../Client-TLSv10-ClientCert-ECDSA-RSA | 80 +++--- .../Client-TLSv12-ClientCert-ECDSA-ECDSA | 84 +++---- .../Client-TLSv12-ClientCert-ECDSA-RSA | 74 +++--- .../Client-TLSv13-ClientCert-ECDSA-RSA | 236 +++++++++--------- tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES | 75 +++--- ...rver-TLSv12-CipherSuiteCertPreferenceECDSA | 73 +++--- tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES | 79 +++--- tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES | 173 +++++++------ 9 files changed, 479 insertions(+), 483 deletions(-) diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA index 9de3f143..633eba8e 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 94 1f ba 79 da |....Y...U.....y.| -00000010 4b 58 3e 08 2c c5 31 36 a4 7e 32 bf e1 a0 f7 71 |KX>.,.16.~2....q| -00000020 01 48 63 3c 5f cb 08 7a 25 80 c7 20 35 0c c0 8b |.Hc<_..z%.. 5...| -00000030 df 30 fc dc 3d f1 48 96 0d b6 ff a8 cd 35 29 57 |.0..=.H......5)W| -00000040 7d 3f c2 9d e2 32 b1 c2 4c 05 5e 3b c0 09 00 00 |}?...2..L.^;....| +00000000 16 03 01 00 59 02 00 00 55 03 01 c3 ad 74 ea cf |....Y...U....t..| +00000010 d6 08 2f 5d 17 2a 37 66 0c 2b 35 f9 67 01 50 01 |../].*7f.+5.g.P.| +00000020 59 53 aa 49 09 de 46 df 44 25 23 20 f4 1f 75 9a |YS.I..F.D%# ..u.| +00000030 e0 9f 41 30 81 72 20 3a 4d 6f 14 5f 62 d6 4c f0 |..A0.r :Mo._b.L.| +00000040 24 8a 75 8a c7 7e d2 c6 f7 f9 80 51 c0 09 00 00 |$.u..~.....Q....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,20 +55,20 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 1a 74 |*............ .t| -00000280 c4 96 9e 65 45 9a 0a 01 7c ed 7b 51 01 d8 ba 5b |...eE...|.{Q...[| -00000290 3e 2f b1 4b 36 69 e8 47 75 7e 27 be b3 2f 00 8b |>/.K6i.Gu~'../..| -000002a0 30 81 88 02 42 01 cb 20 d9 1e ae 05 6f 1f 37 ce |0...B.. ....o.7.| -000002b0 dc 38 20 2f 8f 52 9a 92 f6 80 d6 f9 97 99 a5 8b |.8 /.R..........| -000002c0 6e 73 0b 95 a4 4e 82 67 bd 1a 34 d9 5c 4e b4 d7 |ns...N.g..4.\N..| -000002d0 35 e6 45 81 14 23 9c 4e 5a 4c 1b 93 fd 7f 43 18 |5.E..#.NZL....C.| -000002e0 db 54 4b e0 d1 d3 fa 02 42 00 ab 8e 34 d5 c2 04 |.TK.....B...4...| -000002f0 d0 a4 44 b1 b3 25 a0 af c8 80 b3 88 ae da b3 c6 |..D..%..........| -00000300 4f 57 ae 31 54 c6 d9 ee 4e 21 56 01 cc b9 6a e9 |OW.1T...N!V...j.| -00000310 e9 7e 62 2a 64 0e a4 a0 79 1e a3 64 52 70 b1 a5 |.~b*d...y..dRp..| -00000320 19 2c a4 6d 4b 3b a3 63 ed 56 2f 16 03 01 00 0a |.,.mK;.c.V/.....| -00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| -00000340 00 00 00 |...| +00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 51 72 |*............ Qr| +00000280 cb 1b 4b 3f db ee 44 4b 18 87 44 38 d2 98 35 c4 |..K?..DK..D8..5.| +00000290 b6 ee 45 fb fb e9 f3 40 46 ad 2c 5d 6b 6e 00 8a |..E....@F.,]kn..| +000002a0 30 81 87 02 42 00 b8 68 24 dd 13 0a a5 21 a0 8c |0...B..h$....!..| +000002b0 04 2a d0 f1 b0 1b 06 2e 25 b5 fb 1e a8 32 6f 3b |.*......%....2o;| +000002c0 12 08 45 56 06 75 fb 23 41 66 a8 b9 9c 63 52 ee |..EV.u.#Af...cR.| +000002d0 31 96 62 08 23 54 ed f7 40 87 0f 36 90 12 65 85 |1.b.#T..@..6..e.| +000002e0 dc 15 24 91 45 3e 4d 02 41 38 0c e2 b3 f5 62 34 |..$.E>M.A8....b4| +000002f0 1d c9 e5 b1 3c 6f 06 39 e4 ef ee 1d 4a b9 90 22 |....>> Flow 3 (client to server) 00000000 16 03 01 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| 00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| @@ -105,30 +105,30 @@ 00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| -00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 90 0f 00 |...._X.;t.......| -00000240 00 8c 00 8a 30 81 87 02 42 01 89 0f 43 df a8 34 |....0...B...C..4| -00000250 dd d7 c9 d4 2b 8d ec 29 77 7b 64 d0 0e 8c e8 2b |....+..)w{d....+| -00000260 e3 25 1c ed 0a 1b 05 e0 66 42 37 c0 e6 fa 3e 81 |.%......fB7...>.| -00000270 ec e1 06 99 f4 62 3f ea 55 79 ae 68 56 9e e3 3c |.....b?.Uy.hV..<| -00000280 83 ba 9b 1c 65 b9 eb a6 e7 f7 4e 02 41 61 2c 52 |....e.....N.Aa,R| -00000290 4c 48 92 b0 93 d8 31 58 c3 90 b0 e3 7d 55 94 fc |LH....1X....}U..| -000002a0 70 bf 18 42 51 73 d0 45 17 2e 0e 00 b0 12 76 0d |p..BQs.E......v.| -000002b0 35 78 cb fd 34 60 36 ff ed 19 ef 0a 1e 21 cc 4c |5x..4`6......!.L| -000002c0 9a ff a0 f7 cf 72 03 cd 00 bb 73 0d 1d e5 14 03 |.....r....s.....| -000002d0 01 00 01 01 16 03 01 00 30 69 76 1f 5b 81 5f 62 |........0iv.[._b| -000002e0 cf d5 d9 2c 19 71 80 d0 2a 97 8a 89 21 7f 6d 02 |...,.q..*...!.m.| -000002f0 b6 01 a4 ed fe 18 9f 34 ae 95 f6 a1 29 0b 9a 1c |.......4....)...| -00000300 04 b6 ce c7 d1 0c 5a b5 3f |......Z.?| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| +00000240 00 8d 00 8b 30 81 88 02 42 01 d6 33 e5 9f 13 d4 |....0...B..3....| +00000250 5a e7 f2 c8 c2 3e 74 04 1c b8 59 17 15 13 09 d1 |Z....>t...Y.....| +00000260 71 25 12 8d 40 d8 4c 2d b9 8a 8d b5 3d fc 91 93 |q%..@.L-....=...| +00000270 82 3e 7c 4c 0f 6c 4d fd bd 26 c9 48 79 5a 22 7d |.>|L.lM..&.HyZ"}| +00000280 fe 11 1c f8 e4 45 19 80 fe 32 08 02 42 00 8b 9b |.....E...2..B...| +00000290 f7 2e ca 06 fc b9 d6 7e b5 2e 47 5e e3 13 87 aa |.......~..G^....| +000002a0 39 e3 93 6d 55 12 bb 72 7e 26 09 74 ae a6 0b 5f |9..mU..r~&.t..._| +000002b0 4b ef 95 ce fe 4e 5d 18 e3 ec f3 37 51 22 c2 95 |K....N]....7Q"..| +000002c0 02 bf d5 ab 25 f1 3f 66 b0 c8 05 98 8b d8 3a 14 |....%.?f......:.| +000002d0 03 01 00 01 01 16 03 01 00 30 24 ea 19 cb 79 37 |.........0$...y7| +000002e0 ef 3b 82 fc 8c be 7a fd cc 1a 0e 51 58 6f f8 7c |.;....z....QXo.|| +000002f0 a9 2d c6 15 61 f8 48 48 5c e3 ca 02 4a f6 fd 75 |.-..a.HH\...J..u| +00000300 dc ac fa ca 26 19 03 ce b3 34 |....&....4| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 7d 4b fc 73 20 |..........0}K.s | -00000010 e4 ac c4 39 15 79 e3 89 e1 24 ce 28 30 e5 f1 87 |...9.y...$.(0...| -00000020 cd c0 cc 39 a8 77 3b 06 a5 f9 b0 a1 3d 54 53 3b |...9.w;.....=TS;| -00000030 53 ec ac b2 ea 24 1b 2d 6a ef c3 |S....$.-j..| +00000000 14 03 01 00 01 01 16 03 01 00 30 d2 fa ef dd d8 |..........0.....| +00000010 ec a6 7a 98 5f c3 92 2e e8 0c 22 dd 1b 50 7e 61 |..z._....."..P~a| +00000020 3c 0d e0 2d c6 93 89 a0 8e 11 27 0c 6d fb 1c 0d |<..-......'.m...| +00000030 5f 4a a2 30 48 17 a2 c4 fc 40 fc |_J.0H....@.| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 9d 57 d2 4b 5b 7e 7d 7c 28 f7 8e |.... .W.K[~}|(..| -00000010 00 0a b6 1c 3c 6b df 4d 06 c0 f8 db 86 2e 8f 8e |.....peM0...A...| +00000040 1c 99 4e 94 d3 65 7e 8a 05 c1 15 03 01 00 20 47 |..N..e~....... G| +00000050 aa e5 92 52 76 1f 7a a0 fc f1 20 ca 40 7d 63 f3 |...Rv.z... .@}c.| +00000060 30 61 3f 93 04 95 b2 92 51 f5 5a 0f 9b b3 65 |0a?.....Q.Z...e| diff --git a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA index 754b76ec..79534831 100644 --- a/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 97 0c 7e fc 7f |....Y...U....~..| -00000010 96 47 02 21 a7 19 45 a5 79 5c 5e fc c2 15 b3 fa |.G.!..E.y\^.....| -00000020 84 98 7d 67 65 c8 48 58 a1 5d 67 20 ad 2a c6 b3 |..}ge.HX.]g .*..| -00000030 a4 17 82 12 4a c5 97 af 12 6b 7d f6 9e 49 f1 38 |....J....k}..I.8| -00000040 d0 56 76 bc 81 23 ad 3a 3e 7f bc 2d c0 13 00 00 |.Vv..#.:>..-....| +00000000 16 03 01 00 59 02 00 00 55 03 01 b7 b1 1b 5f 2a |....Y...U....._*| +00000010 81 f9 1e 2e 0e ad 67 ee c6 46 51 12 56 55 7f a7 |......g..FQ.VU..| +00000020 49 ef 5f 0d de 32 7e 10 2e 7c 76 20 c4 ed 63 d5 |I._..2~..|v ..c.| +00000030 15 23 22 34 b3 53 af 6e a8 23 9a ff 40 94 24 4a |.#"4.S.n.#..@.$J| +00000040 cd b6 b0 f3 c9 59 fb 8a 0c 44 26 5b c0 13 00 00 |.....Y...D&[....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| -000002c0 aa 0c 00 00 a6 03 00 1d 20 a4 24 f7 67 e3 da fa |........ .$.g...| -000002d0 10 33 95 b4 46 00 c0 3c cd 74 12 e4 a3 3b 01 70 |.3..F..<.t...;.p| -000002e0 fb 98 01 9a e9 2d d0 18 7b 00 80 ce c5 7b 4b 87 |.....-..{....{K.| -000002f0 cd bc 5d 63 09 7e d4 ce 09 53 7a 1b e5 b4 10 54 |..]c.~...Sz....T| -00000300 89 52 ac 82 9c 78 88 ed e8 1a 8c 3a 7a 2c 9a c5 |.R...x.....:z,..| -00000310 2b 97 1c 79 43 bd b1 ee 93 6f 4c 4d fc 3c 47 91 |+..yC....oLM.>> Flow 3 (client to server) @@ -110,29 +110,29 @@ 00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| -00000240 00 8d 00 8b 30 81 88 02 42 01 71 f3 c4 3a 85 08 |....0...B.q..:..| -00000250 3b 18 26 48 5c 3f c3 8a 4f e9 d7 29 48 59 1a 35 |;.&H\?..O..)HY.5| -00000260 ee b3 0d 5e 29 03 1d 34 95 0e 40 73 85 13 14 d0 |...^)..4..@s....| -00000270 fb fb 96 77 21 fb d8 43 d7 e2 bf 2c 95 7b 75 5d |...w!..C...,.{u]| -00000280 59 15 81 71 d2 b6 82 96 d9 cc 78 02 42 01 d3 51 |Y..q......x.B..Q| -00000290 af 25 d0 f8 a4 e2 e7 8e 7e 46 56 53 8f d1 09 f6 |.%......~FVS....| -000002a0 76 88 5a 42 83 89 92 7b c7 e4 40 9c 3d 05 ac 43 |v.ZB...{..@.=..C| -000002b0 bf 6e 24 14 fe 36 f8 43 a6 90 8e a1 bd e2 92 84 |.n$..6.C........| -000002c0 60 e3 92 34 1c 7b 53 d5 57 6d 23 32 12 a8 23 14 |`..4.{S.Wm#2..#.| -000002d0 03 01 00 01 01 16 03 01 00 30 6f 06 c7 84 fa 7f |.........0o.....| -000002e0 c9 66 a9 6f 26 37 45 db 42 c8 8f 63 c3 5b 05 07 |.f.o&7E.B..c.[..| -000002f0 ef 07 41 be 71 60 35 d3 16 8f 92 f6 89 cb c7 dc |..A.q`5.........| -00000300 4e 45 61 99 31 45 66 40 36 86 |NEa.1Ef@6.| +00000240 00 8d 00 8b 30 81 88 02 42 00 c5 03 0a 89 ca 33 |....0...B......3| +00000250 e3 c2 ac dc b4 cf 79 ed 39 aa 2d 93 9a 74 14 2c |......y.9.-..t.,| +00000260 4a c0 34 ca ec df d9 3d 7b 54 9c 28 4f ce bf 06 |J.4....={T.(O...| +00000270 c7 18 d0 42 bb e0 b9 55 6b 23 7a 52 96 b3 57 73 |...B...Uk#zR..Ws| +00000280 17 2b 1a a2 14 22 b1 a7 e3 9d ac 02 42 01 91 b9 |.+..."......B...| +00000290 8d 56 a7 cf b1 0a f7 b9 68 e5 ba 54 b4 66 17 0f |.V......h..T.f..| +000002a0 26 26 2a 5f a3 79 b7 26 0e f6 24 da 25 d0 f5 e4 |&&*_.y.&..$.%...| +000002b0 e8 ea 04 8b 17 9c b3 74 18 29 db b3 b3 ae b6 fd |.......t.)......| +000002c0 1d 2e ee c6 60 b2 d2 84 95 e6 50 7c 28 ea a0 14 |....`.....P|(...| +000002d0 03 01 00 01 01 16 03 01 00 30 c9 9e e5 21 20 db |.........0...! .| +000002e0 26 73 19 23 9c 8d 3f 1f 4f a3 65 f3 ef f0 85 23 |&s.#..?.O.e....#| +000002f0 eb 3f 51 e0 53 fa 63 83 f7 88 e8 dd ff a1 a9 a7 |.?Q.S.c.........| +00000300 d4 38 8d f6 fd f4 cd 92 4d b4 |.8......M.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 d3 83 ac 08 7f |..........0.....| -00000010 a1 91 51 7c b7 99 6f 24 cd b1 cd 31 7b 12 20 47 |..Q|..o$...1{. G| -00000020 66 08 22 f6 28 ea 81 fe 92 b5 c8 40 60 bc 5b 19 |f.".(......@`.[.| -00000030 e0 2b d1 26 fd 4c 12 22 c5 13 9a |.+.&.L."...| +00000000 14 03 01 00 01 01 16 03 01 00 30 60 80 6a 5d 33 |..........0`.j]3| +00000010 76 be d3 5e fb 86 f8 10 32 05 26 1b 16 15 29 e7 |v..^....2.&...).| +00000020 c8 13 e0 ca db a0 07 7f 09 25 d1 ad 37 46 ff 3c |.........%..7F.<| +00000030 9e 7f 7b 16 21 ce ff 7b 6c 10 b2 |..{.!..{l..| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 79 06 89 7e e0 17 9a e3 dc 4c ee |.... y..~.....L.| -00000010 70 63 13 bc 27 f5 43 fa f8 90 49 d9 89 43 7a 15 |pc..'.C...I..Cz.| -00000020 d4 e2 a8 e6 3e 17 03 01 00 20 ea 84 0e 21 62 d5 |....>.... ...!b.| -00000030 ee 26 5e fc 3e 0c 83 3b 91 01 c4 a7 8e 9b c4 1a |.&^.>..;........| -00000040 86 f8 a0 44 21 44 2f 31 cf a1 15 03 01 00 20 c6 |...D!D/1...... .| -00000050 11 f1 65 ea f3 39 d1 d2 ac 95 1f 81 36 ae db b1 |..e..9......6...| -00000060 88 a8 42 25 86 ec 1b c1 7e 12 60 a9 6b 7f 66 |..B%....~.`.k.f| +00000000 17 03 01 00 20 8f ba a9 bc 67 c9 7d 37 ee d2 ee |.... ....g.}7...| +00000010 04 3c 4b 3c 4b 77 ca bb 8c a8 72 4b bb b3 48 77 |.>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 08 a4 b1 ad 21 |....Y...U......!| -00000010 3a 60 7a d3 3b 60 67 48 5d de da ff 3f a8 55 a9 |:`z.;`gH]...?.U.| -00000020 c4 72 69 32 12 c1 d1 4e d4 78 e1 20 6e 9f ed 1e |.ri2...N.x. n...| -00000030 50 9a 31 e2 ae e2 6a f4 01 cc 94 21 25 73 f3 a5 |P.1...j....!%s..| -00000040 f6 28 b3 c6 6b c1 b3 2d fc 0c d3 66 c0 09 00 00 |.(..k..-...f....| +00000000 16 03 03 00 59 02 00 00 55 03 03 3c 45 8b 51 bd |....Y...U...| +00000040 d7 0e d2 a2 08 d3 08 5e 5f fd d9 f5 c0 09 00 00 |.......^_.......| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,18 +55,18 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 ec f3 |*............ ..| -00000280 2b 3b be 93 68 53 f2 ab 6c 97 5a fa 9b 8c bf eb |+;..hS..l.Z.....| -00000290 37 6f af d7 b8 02 f3 8c 0b f9 75 29 11 32 04 03 |7o........u).2..| -000002a0 00 8b 30 81 88 02 42 01 9d 90 aa b3 19 d2 9d cf |..0...B.........| -000002b0 92 c1 64 05 89 db d0 dd 80 f3 a4 7e 09 ec 36 22 |..d........~..6"| -000002c0 95 79 c4 36 0e 21 80 7d 4b 72 a5 38 a4 b0 a7 5f |.y.6.!.}Kr.8..._| -000002d0 fb ae f7 66 23 82 91 c2 f8 95 df 60 ce dc e8 1a |...f#......`....| -000002e0 3f 2b 2c fa 5e 58 67 98 78 02 42 00 fa 88 7f ae |?+,.^Xg.x.B.....| -000002f0 00 55 2c a1 c2 47 ed c8 11 74 64 e7 c6 30 63 fb |.U,..G...td..0c.| -00000300 bb 42 2a 02 9b 80 60 88 e7 3f af 17 a3 7f 1e f6 |.B*...`..?......| -00000310 31 9c 1f 8c 89 e5 a0 b1 01 2a 4e d8 d2 1e 9f 11 |1........*N.....| -00000320 f5 e3 35 38 3e b0 da 30 f1 fb ed e5 d1 16 03 03 |..58>..0........| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 94 9b |*............ ..| +00000280 3a 75 0f 60 ff 57 cd ba 55 fd 27 45 74 6f 5f e2 |:u.`.W..U.'Eto_.| +00000290 4c 23 ff 60 24 c4 75 20 dc 6f 58 0f 0c 23 04 03 |L#.`$.u .oX..#..| +000002a0 00 8b 30 81 88 02 42 01 1f 33 4e f3 6e 6d 3f de |..0...B..3N.nm?.| +000002b0 09 35 7a 0d f0 3a 7e cc fe 86 6c fa da b5 07 2a |.5z..:~...l....*| +000002c0 aa 10 3c ca 34 3a 20 b1 3b 7f 64 31 3c ae 2f 7c |..<.4: .;.d1<./|| +000002d0 a4 f2 1c 2d 58 34 be a0 16 59 44 84 26 8b 36 d4 |...-X4...YD.&.6.| +000002e0 43 1f 77 d7 79 f1 10 09 34 02 42 01 fb cd 70 b2 |C.w.y...4.B...p.| +000002f0 2b e0 bd b6 5a 0c b4 8d c6 3b 4d 3c ad b9 d4 49 |+...Z....;M<...I| +00000300 35 10 d0 58 22 f6 c9 fe cb c9 36 64 07 23 c3 4b |5..X".....6d.#.K| +00000310 62 eb b0 8f 9c 9e 9c 84 c6 20 96 7f f9 9b bb 92 |b........ ......| +00000320 8e ce 26 16 cf f2 44 42 37 76 90 e5 7f 16 03 03 |..&...DB7v......| 00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| 00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| 00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| @@ -109,31 +109,31 @@ 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| -00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 e6 0a ff de |......0...B.....| -00000250 af a6 d2 7a 5f 4e f8 eb c8 19 74 53 5c e8 bc 2d |...z_N....tS\..-| -00000260 72 24 11 d2 11 ec ec cd a1 9c 3d 10 a2 de f8 8b |r$........=.....| -00000270 22 98 d3 33 c2 13 3b 93 89 ae ca a6 a8 94 70 fe |"..3..;.......p.| -00000280 76 2f 04 bc ac fb 66 79 3b 76 7f 6d 96 02 42 01 |v/....fy;v.m..B.| -00000290 df f6 30 14 7c 7e a1 0b f6 b8 8b d7 75 b8 bd 0e |..0.|~......u...| -000002a0 63 8a bd 8b ec 75 70 db d9 37 d7 53 f3 8b a2 ae |c....up..7.S....| -000002b0 60 96 69 74 eb bb 3d a6 9a 7d 46 51 73 ff 78 cf |`.it..=..}FQs.x.| -000002c0 7f 49 d9 27 5e 9f f9 d2 11 cc 0e e4 dc 04 fe d5 |.I.'^...........| -000002d0 d2 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |...........@....| -000002e0 00 00 00 00 00 00 00 00 00 00 00 00 7a db 34 e9 |............z.4.| -000002f0 98 f8 c1 f0 38 c3 33 22 5c c3 45 b0 a3 10 3c 77 |....8.3"\.E...>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 40 18 c0 f3 96 7b |..........@....{| -00000010 45 91 6d 5b 1c 67 4f 37 74 b7 db 72 45 57 09 25 |E.m[.gO7t..rEW.%| -00000020 4a 14 68 4d 78 6c c7 15 6a b1 57 e6 ff 53 c4 58 |J.hMxl..j.W..S.X| -00000030 41 c5 6b 08 3c 5a 8c b9 04 d0 27 62 ee a6 e3 36 |A.k.>> Flow 5 (client to server) 00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -00000010 00 00 00 00 00 a6 c2 ef 07 bb 38 4a e4 8f 0c 12 |..........8J....| -00000020 19 1a 96 62 22 57 57 a2 b5 b3 06 70 95 28 a7 f7 |...b"WW....p.(..| -00000030 0d 42 69 37 7f 15 03 03 00 30 00 00 00 00 00 00 |.Bi7.....0......| -00000040 00 00 00 00 00 00 00 00 00 00 04 ed 3e 68 40 eb |............>h@.| -00000050 a0 7e 57 da 27 e7 f5 e8 6c e5 6d 58 c8 a5 18 47 |.~W.'...l.mX...G| -00000060 92 5a 43 90 de 07 9e 9a 3b cc |.ZC.....;.| +00000010 00 00 00 00 00 87 57 20 d9 bf 98 9c ac db 15 5f |......W ......._| +00000020 ec 64 5b c4 5f 04 52 36 61 8b d6 5c 57 72 44 7d |.d[._.R6a..\WrD}| +00000030 88 bb 7f 26 ec 15 03 03 00 30 00 00 00 00 00 00 |...&.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 99 0b c7 41 de 12 |.............A..| +00000050 e4 8d 6d 36 d1 cc 57 80 c1 8b b6 f5 dd b8 e6 4d |..m6..W........M| +00000060 25 c5 f6 cc f4 83 28 57 68 ed |%.....(Wh.| diff --git a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA index f5fae453..4f613481 100644 --- a/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA @@ -16,11 +16,11 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 be ba ac 2a 81 |....Y...U.....*.| -00000010 33 b1 6e 4d 8b 9b 29 f9 16 86 bc cd b2 03 50 72 |3.nM..).......Pr| -00000020 91 9a 93 f9 e1 d6 27 55 8b b8 6c 20 84 c2 21 9e |......'U..l ..!.| -00000030 60 aa b3 f0 ec 2f 66 0d 59 31 02 08 9e 68 68 c0 |`..../f.Y1...hh.| -00000040 58 9a 8e 6c 25 ce 4d e3 3f 9d dc 91 c0 2f 00 00 |X..l%.M.?..../..| +00000000 16 03 03 00 59 02 00 00 55 03 03 b7 3d 76 d3 92 |....Y...U...=v..| +00000010 cb a3 71 a9 e0 cb c1 74 fc d7 d5 cb 43 4f 5b 10 |..q....t....CO[.| +00000020 30 f8 4d e9 83 36 cf 8d bd 7a e9 20 67 ed ed 40 |0.M..6...z. g..@| +00000030 2b 3e f4 f2 aa 1b ee 4f f0 ad 81 a1 b7 13 c7 8d |+>.....O........| +00000040 ba 55 af da bf ab c7 71 51 df 2c 15 c0 2f 00 00 |.U.....qQ.,../..| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,17 +60,17 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| -000002c0 ac 0c 00 00 a8 03 00 1d 20 82 89 54 65 64 97 8d |........ ..Ted..| -000002d0 e8 63 a2 5b 4f 16 56 7c cf 8b 0a 75 46 52 7e b6 |.c.[O.V|...uFR~.| -000002e0 99 2a e9 52 1f 11 46 85 36 08 04 00 80 cd a5 84 |.*.R..F.6.......| -000002f0 ff 9a 79 b5 04 85 88 fb 1e 1c d6 6b 78 e8 4d a5 |..y........kx.M.| -00000300 10 38 25 8e 8d de 71 51 b5 fd a6 2a f8 8b 5c 6d |.8%...qQ...*..\m| -00000310 1e 88 f7 d8 12 24 ff f7 7e dd 05 1c bf 71 7d 4f |.....$..~....q}O| -00000320 26 2f 2e 27 d8 e1 a8 8b d2 42 2b a6 d9 4e e6 60 |&/.'.....B+..N.`| -00000330 48 57 38 5d 3b f3 94 74 2c 8f ba e0 84 54 1c c0 |HW8];..t,....T..| -00000340 10 51 a0 31 1a d0 ec 72 01 f1 d3 65 73 c7 40 25 |.Q.1...r...es.@%| -00000350 af cd 10 18 29 2c 1a 52 e0 c9 a6 de 85 8c 96 e6 |....),.R........| -00000360 7d 85 0a 64 86 59 39 25 8f 8c 36 4c 37 16 03 03 |}..d.Y9%..6L7...| +000002c0 ac 0c 00 00 a8 03 00 1d 20 43 4f 0d 65 e0 bb ec |........ CO.e...| +000002d0 a2 dc 17 ed e1 0c fe 10 e0 19 e6 5e a3 95 63 2b |...........^..c+| +000002e0 01 c2 0c 60 3d e0 47 40 4f 08 04 00 80 4c a0 08 |...`=.G@O....L..| +000002f0 60 ec c1 c3 88 b1 53 c0 f5 d4 68 b1 dc f0 eb 63 |`.....S...h....c| +00000300 ef bc 46 47 30 dc 04 27 12 2e 46 b5 77 fa 59 53 |..FG0..'..F.w.YS| +00000310 48 77 a1 34 73 0a 1c 03 aa d0 8a ca a2 e9 96 96 |Hw.4s...........| +00000320 d4 da 8a cb 34 5e 7d f6 0a 30 9e 8f f4 27 fd 9f |....4^}..0...'..| +00000330 de 43 a5 cb da 96 07 c0 dd 5c aa 2d f6 5a 78 67 |.C.......\.-.Zxg| +00000340 1f da e5 ea be cc 8c 0e 1f de c8 f0 e6 82 42 dd |..............B.| +00000350 46 8d 6a 5b 1b 9d a5 17 9c 94 09 9f b2 88 c5 93 |F.j[............| +00000360 8a 11 d6 5b f4 76 65 75 81 ba 53 c9 7d 16 03 03 |...[.veu..S.}...| 00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| 00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| 00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| @@ -113,27 +113,27 @@ 00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| 00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| 00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| -00000240 00 8e 04 03 00 8a 30 81 87 02 41 72 16 75 7d 08 |......0...Ar.u}.| -00000250 42 7b 33 e7 59 51 ef 3c 54 e7 81 e4 10 31 ab 5d |B{3.YQ..| +000002a0 9b a7 a8 25 7f fa b0 54 f3 66 4b 45 32 1b c6 39 |...%...T.fKE2..9| +000002b0 b7 21 16 77 ec c6 b2 0a 7f 15 d5 17 45 6f 41 df |.!.w........EoA.| +000002c0 f0 24 64 69 ab 34 aa b0 3e 22 3b 79 24 2f a0 5f |.$di.4..>";y$/._| 000002d0 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| -000002e0 00 00 00 27 0b ff 3a 92 88 b6 86 86 0e c2 f5 94 |...'..:.........| -000002f0 d5 29 a4 6d 95 12 e1 d8 ec d9 a4 3c 1c db 52 76 |.).m.......<..Rv| -00000300 2a 72 29 |*r)| +000002e0 00 00 00 ed f9 62 2a e4 0d a1 a2 98 fa 7c 4b bc |.....b*......|K.| +000002f0 d5 ca 14 ce 85 d2 23 5f 42 63 5d 41 a9 e5 06 c8 |......#_Bc]A....| +00000300 9d 40 7a |.@z| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 28 b8 e9 dd 30 75 |..........(...0u| -00000010 40 7d 71 76 db 9a 95 92 81 02 3a 9e 36 d5 15 ca |@}qv......:.6...| -00000020 5d 63 a1 0f 8c 53 c9 1c 37 56 b2 0d 54 15 a2 dc |]c...S..7V..T...| -00000030 03 d6 2e |...| +00000000 14 03 03 00 01 01 16 03 03 00 28 0e f0 c3 23 0f |..........(...#.| +00000010 11 38 f1 18 11 1c 64 a3 5b 6b 27 b1 22 b3 9d 50 |.8....d.[k'."..P| +00000020 0a 51 da d6 8f d2 eb 9f 98 46 e2 35 6a 60 c9 75 |.Q.......F.5j`.u| +00000030 87 c3 79 |..y| >>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 01 85 96 |................| -00000010 67 b2 4b d3 e3 27 80 9f 2d a8 f4 bf 47 91 58 6e |g.K..'..-...G.Xn| -00000020 47 d8 98 15 03 03 00 1a 00 00 00 00 00 00 00 02 |G...............| -00000030 36 54 82 d1 a2 0f 2a c3 53 f6 09 d0 5c 78 46 97 |6T....*.S...\xF.| -00000040 20 41 | A| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 6b ce 08 |.............k..| +00000010 db da b0 d7 7d ff 69 cc f7 67 7b 63 dc a1 63 90 |....}.i..g{c..c.| +00000020 ef 1b 67 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..g.............| +00000030 cf 40 5e e0 6d ea b0 97 d5 06 92 d4 ac 8e db bd |.@^.m...........| +00000040 f2 ba |..| diff --git a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA index c8e95c85..2737763a 100644 --- a/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA +++ b/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA @@ -16,124 +16,124 @@ 000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| 000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t| >>> Flow 2 (server to client) -00000000 16 03 03 00 7a 02 00 00 76 03 03 98 9a 92 3f c6 |....z...v.....?.| -00000010 67 f5 96 5b 2f 5e 70 89 2d f6 1e ce 6f 6a e5 91 |g..[/^p.-...oj..| -00000020 4b 4b 6f 98 cc f7 78 4a b1 54 4a 20 00 00 00 00 |KKo...xJ.TJ ....| +00000000 16 03 03 00 7a 02 00 00 76 03 03 69 fa 97 4e 78 |....z...v..i..Nx| +00000010 f0 8e bb fe 36 17 11 e7 d9 0c 6b a1 a1 e5 0b 20 |....6.....k.... | +00000020 6b eb 55 ae b9 b0 f8 2a e1 46 0b 20 00 00 00 00 |k.U....*.F. ....| 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| -00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 58 |..+.....3.$... X| -00000060 96 37 c3 41 35 73 13 21 fc 31 e3 09 33 48 15 be |.7.A5s.!.1..3H..| -00000070 31 fb 57 61 b2 c9 60 31 2d 68 83 d5 7c d1 3a 14 |1.Wa..`1-h..|.:.| -00000080 03 03 00 01 01 17 03 03 00 17 1d ce 7d b7 ca e3 |............}...| -00000090 10 82 cb f6 1d 52 61 41 29 57 e3 7e e5 88 5c 47 |.....RaA)W.~..\G| -000000a0 16 17 03 03 00 42 1b 49 e1 4a d7 73 57 cd e9 b7 |.....B.I.J.sW...| -000000b0 e2 47 d3 74 21 6a 14 1d 1b 8d f5 aa 4c 1b f8 61 |.G.t!j......L..a| -000000c0 8c 3a e4 2e 9d ff 3f 7d b2 4d 79 6e 1d 02 05 ce |.:....?}.Myn....| -000000d0 c3 ad e6 f9 2b 2b dd 75 3b 6f 3e 0b 29 07 09 74 |....++.u;o>.)..t| -000000e0 d1 37 68 9b 8a b6 8d 2b 17 03 03 02 6d d1 1b 9f |.7h....+....m...| -000000f0 75 ba cf 2d 10 4b f0 4e 09 58 fa ff 06 e8 c9 d5 |u..-.K.N.X......| -00000100 a0 51 c8 d4 6f b2 c5 c1 d5 f3 ff 12 1f 43 d8 74 |.Q..o........C.t| -00000110 33 d9 9b e5 f3 34 26 0e 89 dc 00 54 67 17 d2 f3 |3....4&....Tg...| -00000120 c9 9e be f8 4c 77 8a 63 b1 64 5a b4 d7 57 d2 89 |....Lw.c.dZ..W..| -00000130 ce 68 d1 f7 93 01 6c 36 b7 c9 4d 50 d0 4b df 5e |.h....l6..MP.K.^| -00000140 8a bb 6c d9 54 57 9b b9 c9 ec d8 49 c7 51 3c e5 |..l.TW.....I.Q<.| -00000150 7b fb 48 0f fd 1b dd 0f 57 d3 a8 ee f6 51 ba 78 |{.H.....W....Q.x| -00000160 c0 60 f1 d9 c1 d2 65 b4 a7 98 99 fb 64 83 4c 2c |.`....e.....d.L,| -00000170 a6 e9 19 ef 0e 88 68 f8 21 a4 2b bd 95 e9 52 d5 |......h.!.+...R.| -00000180 fb 12 d3 36 06 a2 13 f9 e2 35 6a 06 dd 49 d9 42 |...6.....5j..I.B| -00000190 89 d9 f0 24 5c 36 b8 6d 95 35 21 b3 9c 3b ee 08 |...$\6.m.5!..;..| -000001a0 06 06 4d aa 74 eb fc 1b c1 fd cf 07 24 74 44 2d |..M.t.......$tD-| -000001b0 54 d5 c5 d3 4e c4 eb 09 6e 90 8f 3d c0 c5 1c 21 |T...N...n..=...!| -000001c0 7c 32 1b bc 4b 85 2b f0 b0 f5 cd 61 3d dd 31 03 ||2..K.+....a=.1.| -000001d0 5e e0 5e 06 1a 37 61 1a 58 fa ed e8 cf 0c 4f da |^.^..7a.X.....O.| -000001e0 73 69 42 3a f4 ed dc ad e5 e7 9b fd 54 16 77 85 |siB:........T.w.| -000001f0 ae 84 41 10 be 84 ad 28 ef e6 13 2a e9 9f 9f 2f |..A....(...*.../| -00000200 c5 d0 65 c6 f5 58 b3 39 9b 5e 07 ba 95 be 5e 75 |..e..X.9.^....^u| -00000210 68 17 ba 9d 2a 69 6d b8 ed d4 4b 6a ce 30 b1 82 |h...*im...Kj.0..| -00000220 ae ec 68 9a 26 13 6b 05 38 0f 38 c9 94 01 d0 0b |..h.&.k.8.8.....| -00000230 7b bb ca 70 86 6c e4 f1 eb 81 05 25 33 c0 3e e3 |{..p.l.....%3.>.| -00000240 2a 25 8e 32 eb d5 03 c7 c4 d8 22 22 ef 99 5a a3 |*%.2......""..Z.| -00000250 01 6a b5 65 9a 55 6e fb 84 83 aa 43 ae 4a 3e da |.j.e.Un....C.J>.| -00000260 40 7e 09 e1 3b 15 ad 33 66 5a 3d 30 62 72 86 54 |@~..;..3fZ=0br.T| -00000270 cd a2 6a bf 82 61 17 87 84 c5 3f f3 1e 86 a2 b1 |..j..a....?.....| -00000280 2c 1a f9 ba 8c a2 21 5b 93 b2 16 b4 81 ae 7d 98 |,.....![......}.| -00000290 d6 db 0a 56 14 c9 f7 48 c1 c7 3c 7e 63 8e bc 50 |...V...H..<~c..P| -000002a0 6a 64 e1 1d 04 ba d3 cc 6a 61 60 4b d2 97 d5 ba |jd......ja`K....| -000002b0 23 1a 69 76 86 db 96 39 04 f6 ec e9 96 79 6a 25 |#.iv...9.....yj%| -000002c0 ff 39 dd 19 08 34 4d c3 f6 7c 91 f2 6b 3a e1 0f |.9...4M..|..k:..| -000002d0 66 6d 14 5d 82 21 0b e3 e0 c3 f1 a1 70 e1 2c bc |fm.].!......p.,.| -000002e0 fb 54 aa 85 3c a0 7c 9a 35 00 e2 a1 4f 83 3e f1 |.T..<.|.5...O.>.| -000002f0 64 83 ab c5 e6 31 c7 00 eb 36 f1 bc 41 f3 eb d4 |d....1...6..A...| -00000300 97 30 4d 7f d2 d1 e7 1a 9e a2 53 31 35 6a 16 d1 |.0M.......S15j..| -00000310 65 be d7 d3 93 2a be d2 27 dc 1b 8c 09 16 30 d4 |e....*..'.....0.| -00000320 cb eb e0 bb 42 50 ff 59 c3 81 81 36 88 09 c2 23 |....BP.Y...6...#| -00000330 dc dd 80 63 bb 78 19 6b 6a 70 4b b5 17 bf ed 6c |...c.x.kjpK....l| -00000340 58 f1 15 a9 16 66 c8 45 f5 5f 99 05 b1 3b be e6 |X....f.E._...;..| -00000350 66 d7 45 df 19 16 9d c7 dd 4d 17 03 03 00 99 38 |f.E......M.....8| -00000360 70 9e 16 94 07 67 7c ce 90 67 99 46 5e d9 61 b5 |p....g|..g.F^.a.| -00000370 9b b8 31 fc cc 80 a3 07 30 c9 f5 f9 90 fb e2 0d |..1.....0.......| -00000380 dc 93 ab de 38 25 83 f8 77 0c 94 53 75 68 c7 71 |....8%..w..Suh.q| -00000390 72 6f 61 77 a7 d7 c7 ed 5c d3 08 18 9f 64 f4 6e |roaw....\....d.n| -000003a0 30 dc 05 b1 65 11 79 08 66 34 8c 06 99 a9 00 26 |0...e.y.f4.....&| -000003b0 86 2c e4 b5 6d cf db b1 03 f0 d0 c5 c0 f5 50 04 |.,..m.........P.| -000003c0 f7 27 97 3e 31 19 aa a8 58 c4 78 43 a9 e3 76 0d |.'.>1...X.xC..v.| -000003d0 98 88 20 07 11 4c d6 8a 66 31 72 2e ed 47 66 71 |.. ..L..f1r..Gfq| -000003e0 9a 3e 9c 0d 1c 17 df ab 6a 52 b4 43 a6 c2 64 30 |.>......jR.C..d0| -000003f0 45 08 b8 de 59 be 3a f9 17 03 03 00 35 94 9b 02 |E...Y.:.....5...| -00000400 47 a6 e3 55 9f 95 8a 8d 35 3b bb 56 ec 10 ab dd |G..U....5;.V....| -00000410 a3 ca fe ad bf 25 90 76 c4 15 a0 c0 73 d5 96 96 |.....%.v....s...| -00000420 44 bc ba e9 09 f5 8e e7 e7 7d db f2 e7 9f 99 d2 |D........}......| -00000430 dc e7 |..| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 b3 |..+.....3.$... .| +00000060 5f dd e8 cb 83 72 6d 43 9d 40 e0 dd 71 56 78 59 |_....rmC.@..qVxY| +00000070 a9 f0 7c 91 e9 ad a3 8e 4a f7 b0 e0 87 52 0e 14 |..|.....J....R..| +00000080 03 03 00 01 01 17 03 03 00 17 da 4c c5 c1 8e cc |...........L....| +00000090 06 ab 99 43 c1 16 7a 11 71 58 75 45 93 54 b3 17 |...C..z.qXuE.T..| +000000a0 7f 17 03 03 00 42 14 ad e4 ca ca bf 7f 60 61 41 |.....B.......`aA| +000000b0 76 aa 74 d9 96 65 a2 85 f3 02 7f 73 f0 db 81 97 |v.t..e.....s....| +000000c0 4c fe b7 e9 a2 40 0d d7 b3 e4 d1 b7 20 f8 71 07 |L....@...... .q.| +000000d0 12 c8 ec f0 4d 4f 48 63 61 63 82 11 fe 5f 5c 0c |....MOHcac..._\.| +000000e0 89 af 01 69 d4 3f de 09 17 03 03 02 6d bb f4 18 |...i.?......m...| +000000f0 05 e2 f9 03 01 0e 29 13 9c 04 0f bf 37 05 af d8 |......).....7...| +00000100 30 c1 e8 e5 38 ee 4b e4 04 04 f5 68 81 c9 f0 ca |0...8.K....h....| +00000110 76 e6 a6 ac 8e 8d de fe a8 f2 a8 ab f7 20 dd 56 |v............ .V| +00000120 8f 55 d0 a9 f6 67 b9 7a 7a 9b 8a 8f 89 81 33 5e |.U...g.zz.....3^| +00000130 c6 4f ae 1f b9 35 8c 3a 99 20 46 14 f5 9a 13 b3 |.O...5.:. F.....| +00000140 22 6a 94 d3 9e cb f1 00 ef 8e d2 72 7c 94 9f b7 |"j.........r|...| +00000150 e4 43 01 f1 04 f1 cf 46 f0 99 ac 3d aa 7b 5c 28 |.C.....F...=.{\(| +00000160 c1 13 7d 4e f0 5b 88 2b 07 32 68 56 b0 c9 4c 16 |..}N.[.+.2hV..L.| +00000170 e9 e7 7c 1d 4d c7 7d 2c 06 74 20 28 d4 f0 15 cc |..|.M.},.t (....| +00000180 30 fb 28 35 5e fc b6 92 32 50 45 7d 6f 8d 93 db |0.(5^...2PE}o...| +00000190 59 83 4d 1b 80 53 42 cf 63 28 b0 c1 a7 55 ea 71 |Y.M..SB.c(...U.q| +000001a0 17 15 69 7e b3 b3 32 b9 ed 68 31 61 e8 2f cf d1 |..i~..2..h1a./..| +000001b0 a8 51 5b eb 9e e6 8b 09 9c c6 d4 2a 2b e9 ba 92 |.Q[........*+...| +000001c0 43 3e 1b 24 8e 5c b5 1d e8 5c 37 5d 3a b9 4c 38 |C>.$.\...\7]:.L8| +000001d0 63 c8 d1 7b 52 fb 5d 85 d4 aa 9c 33 68 73 5d fe |c..{R.]....3hs].| +000001e0 ae 11 e7 51 59 6b 3e 3c b2 b1 a5 87 6e 24 27 6d |...QYk><....n$'m| +000001f0 f2 a1 e3 ba 5c 75 e0 e2 3e 3f b4 ed 3c ce f5 9d |....\u..>?..<...| +00000200 8c 0e c0 48 33 7a 74 92 da 2b f4 87 3f 9f bd da |...H3zt..+..?...| +00000210 c8 46 21 29 a0 6c a5 ae 98 b5 e3 3b 61 dc 17 17 |.F!).l.....;a...| +00000220 57 7b e6 1c 07 56 34 fb f9 d8 7f 3d e4 9e 04 9a |W{...V4....=....| +00000230 6d e7 08 b8 10 83 08 89 86 39 7f d5 b0 3f 41 e3 |m........9...?A.| +00000240 c3 20 77 9c e6 78 f7 e7 3c d8 57 ef 8c fb b7 6d |. w..x..<.W....m| +00000250 6f 7d ae d0 e2 d7 c4 ec ab 3a 6f 59 ad aa fa 7e |o}.......:oY...~| +00000260 7b 05 fa 35 c6 88 2a f5 f3 0b f9 45 98 30 12 6c |{..5..*....E.0.l| +00000270 bf b9 39 2c 21 f0 2c 85 0b 5b 08 95 dd 37 80 d3 |..9,!.,..[...7..| +00000280 b8 53 2b 1d fe cd f0 b8 a9 69 f8 38 31 c1 6f 91 |.S+......i.81.o.| +00000290 99 31 46 66 e7 52 23 1c 1f 8a b9 85 9e dc 03 23 |.1Ff.R#........#| +000002a0 13 b1 f7 88 c5 0d 0b d1 da 93 6b 6e 1b ce 1b 15 |..........kn....| +000002b0 49 02 6b fd 45 95 00 c9 ae ce f5 f8 36 b3 b3 19 |I.k.E.......6...| +000002c0 5c 0a e6 b0 b1 4e 5d 27 9b ec bf 18 51 2d d6 01 |\....N]'....Q-..| +000002d0 40 e9 d4 99 74 c9 0a ca 48 59 66 4e 06 d0 32 0a |@...t...HYfN..2.| +000002e0 a1 5d a2 b0 0d ad a5 7b b6 3d 48 5a 91 d8 e2 8b |.].....{.=HZ....| +000002f0 88 33 04 8b e7 e8 4f 01 38 58 2e ab 3f 37 65 d7 |.3....O.8X..?7e.| +00000300 b6 0f 38 c6 87 86 b5 4f ae 65 37 eb c4 82 54 c0 |..8....O.e7...T.| +00000310 2a 6d c9 43 60 fe de f5 a4 b5 95 be 8a e2 86 dc |*m.C`...........| +00000320 ad 29 9b 50 ba a4 dd ed 1f ed a8 6b 00 3b d6 ee |.).P.......k.;..| +00000330 8f 44 53 80 6e ab 04 c3 4e 91 62 e5 8a 84 32 e7 |.DS.n...N.b...2.| +00000340 56 58 97 25 21 1c 51 8e d2 2b 7a e7 06 d5 07 96 |VX.%!.Q..+z.....| +00000350 c6 f5 2d f6 b0 e3 c1 cb 74 cf 17 03 03 00 99 e4 |..-.....t.......| +00000360 70 c3 5e bf 76 98 b8 03 65 c4 27 74 25 5a f6 2e |p.^.v...e.'t%Z..| +00000370 8c a6 14 95 fc 5f 28 25 f6 0f 1c 41 2d 7a 76 7a |....._(%...A-zvz| +00000380 64 8c 9f 42 74 37 d6 fd 6e b6 3d 6b 83 f7 65 3c |d..Bt7..n.=k..e<| +00000390 2e cc 82 46 b3 38 9d 7d 4c 40 b0 c8 79 3b bc fa |...F.8.}L@..y;..| +000003a0 a6 eb 36 c1 e9 23 37 b2 33 ca 5e 24 a7 1c 11 c7 |..6..#7.3.^$....| +000003b0 e5 b4 ef 57 a5 ce 7a 4f 86 84 bc ac 13 fa 5e 5e |...W..zO......^^| +000003c0 8f 52 3b e9 f1 97 a5 2c b6 38 72 32 b7 3a 37 58 |.R;....,.8r2.:7X| +000003d0 06 03 e0 d4 30 e5 0a 5d 1d aa b6 00 47 1f e3 46 |....0..]....G..F| +000003e0 2e 0b a9 55 f2 fb a4 6d e6 b9 d0 0d c1 12 34 95 |...U...m......4.| +000003f0 bc 69 e3 4a 91 98 6a 33 17 03 03 00 35 b6 35 48 |.i.J..j3....5.5H| +00000400 40 ec f6 54 95 dd 61 3c 2e 94 c0 91 d7 e3 bf 6b |@..T..a<.......k| +00000410 9d 9c 04 7b 0d e0 d8 44 98 ca ef 5a c6 87 ac f5 |...{...D...Z....| +00000420 17 ca c6 da 55 ed 0b af 14 60 ec 12 44 25 a7 4a |....U....`..D%.J| +00000430 88 63 |.c| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 02 1e 64 ba 97 ba 8d |...........d....| -00000010 3f 1b d5 5b c5 2e e5 b9 10 01 37 c9 5c e5 ed 39 |?..[......7.\..9| -00000020 7f 9c 8b f8 ef 50 64 5e 30 05 16 ac 80 51 96 78 |.....Pd^0....Q.x| -00000030 2a 50 0f 1e d8 76 ab fd bd 7f 3b 17 7e 1d e9 f5 |*P...v....;.~...| -00000040 03 76 1b 66 3d 15 dc f3 65 a2 aa a9 23 89 09 e9 |.v.f=...e...#...| -00000050 dc de a6 27 fc 21 d9 97 d4 08 05 9a 1c 49 8c ee |...'.!.......I..| -00000060 fc bd f1 9f e2 4e 3a e3 ee 07 39 d0 34 05 cb 18 |.....N:...9.4...| -00000070 83 2b 68 45 df 84 4b b2 c3 79 42 73 b9 f1 1c f2 |.+hE..K..yBs....| -00000080 5f d9 5c f5 7c 4e 86 5e 97 78 ea 0a fa e7 60 68 |_.\.|N.^.x....`h| -00000090 80 c3 17 5f e7 92 9d 6e 9a 92 37 84 92 4b 83 9c |..._...n..7..K..| -000000a0 fa 4c 2a 82 23 eb 67 d0 b2 cc 9e 59 8f 2c e7 bc |.L*.#.g....Y.,..| -000000b0 b3 4f 2a 0c 93 bf 17 b8 48 70 5e 0a 85 92 6d 2a |.O*.....Hp^...m*| -000000c0 ac 81 9e cd 2c 59 fc a7 e3 5b 82 d5 e3 f5 cd c2 |....,Y...[......| -000000d0 8a 68 b8 e9 36 e2 08 0b f7 09 9c 17 95 a3 5e 3d |.h..6.........^=| -000000e0 ef 7c c6 5c fe 32 9e 9d 31 c9 b7 76 5a 71 c3 d7 |.|.\.2..1..vZq..| -000000f0 cd e3 c6 70 e5 2f 07 df 1d b4 34 56 0b ed 52 13 |...p./....4V..R.| -00000100 bc b2 ac 66 0c 84 b0 2e 32 93 08 f2 04 91 8e e3 |...f....2.......| -00000110 7b 7f 22 2a a9 04 50 5c 78 f1 06 c5 fd 2c 4c 77 |{."*..P\x....,Lw| -00000120 a9 17 b5 a8 42 6d f2 0e 87 32 d3 7f be 9e 1d 09 |....Bm...2......| -00000130 50 10 25 9d f1 a5 25 c3 c2 be 0d 8d 8e 96 5e 1c |P.%...%.......^.| -00000140 83 06 45 bc f0 5b 6f b5 0a 02 2a cc ce ac 7e 62 |..E..[o...*...~b| -00000150 f0 b1 89 25 30 bc 12 d2 da f9 1d d0 46 55 97 4c |...%0.......FU.L| -00000160 09 39 e1 a5 1f 4d e1 aa bd 6f 1f 0d 79 4a aa 49 |.9...M...o..yJ.I| -00000170 73 25 dc a5 bd f7 2b 64 3c 84 ed b0 ef 13 c5 6c |s%....+d<......l| -00000180 16 8b 27 bf a5 3d 15 f2 4a 3b 53 ad ba e9 9e 2a |..'..=..J;S....*| -00000190 6d f2 44 5c 66 69 04 94 27 99 08 8e c2 7e c6 69 |m.D\fi..'....~.i| -000001a0 f7 65 1d 0b a5 8c 35 52 0b f1 bd 59 ca d1 bf 44 |.e....5R...Y...D| -000001b0 47 b0 7b f8 3b a0 84 55 73 c2 83 bb 9d e0 bc ed |G.{.;..Us.......| -000001c0 60 07 32 ce 71 b3 60 12 ef ca 28 bb 6c fb bb c7 |`.2.q.`...(.l...| -000001d0 3e eb 05 65 a5 26 1a 6c 40 c8 b4 4e 31 12 a0 96 |>..e.&.l@..N1...| -000001e0 19 66 86 f5 1e f8 bd 6d f4 2e 98 60 fe ff 22 1e |.f.....m...`..".| -000001f0 a9 27 49 87 77 7d b4 5d ea f8 bc 3a 10 15 84 8c |.'I.w}.]...:....| -00000200 cd aa 2c e8 94 93 a5 ee db 7a d8 96 e9 d5 68 e9 |..,......z....h.| -00000210 34 68 40 5b dd 18 dc f0 ef b7 17 72 fd 06 70 d1 |4h@[.......r..p.| -00000220 b6 89 ae 66 40 40 f7 61 0b 17 03 03 00 a4 26 c1 |...f@@.a......&.| -00000230 3c d9 6c 83 52 e3 5e 64 46 7f 12 1d 3d c7 7d 0f |<.l.R.^dF...=.}.| -00000240 a9 8f d3 45 f5 81 46 16 24 c6 c3 7e 5f e4 25 be |...E..F.$..~_.%.| -00000250 00 33 7a 1c 35 d4 5c 64 54 56 08 66 4d 2f 68 15 |.3z.5.\dTV.fM/h.| -00000260 1b 71 d9 aa c9 9e e0 cc d2 73 a9 99 41 9b 08 1f |.q.......s..A...| -00000270 d4 41 de e5 4f 1f 30 65 61 02 8e 6f 79 d7 47 86 |.A..O.0ea..oy.G.| -00000280 2f e6 0e 65 9e 06 e8 98 d1 fe bc 89 b4 bc f4 9b |/..e............| -00000290 70 02 06 e4 9d 37 dd 1b 63 b6 06 62 1a c7 45 30 |p....7..c..b..E0| -000002a0 9d 08 64 35 8b 96 88 9a 1e 58 2f d0 ef 44 39 04 |..d5.....X/..D9.| -000002b0 3c bf e2 e6 c4 73 de f9 b0 10 ed 56 eb 04 bd 4e |<....s.....V...N| -000002c0 89 38 50 3b e7 e5 12 7c 8e 74 b2 a5 79 2d 88 7b |.8P;...|.t..y-.{| -000002d0 e5 1b 17 03 03 00 35 42 b2 61 24 4c 38 b5 d1 42 |......5B.a$L8..B| -000002e0 93 12 66 c5 be 3c f0 b1 b2 6b 86 07 99 7d f3 e4 |..f..<...k...}..| -000002f0 74 2b 43 98 38 df 70 7a e5 f7 67 cf c3 08 23 19 |t+C.8.pz..g...#.| -00000300 4a cf 06 26 fe 56 4a 97 4a 82 70 09 17 03 03 00 |J..&.VJ.J.p.....| -00000310 17 9b 3f bb 09 7d 4f c9 05 42 f7 d1 a7 59 0c a7 |..?..}O..B...Y..| -00000320 c6 9b 36 e1 46 ad 9b 89 17 03 03 00 13 ae a5 51 |..6.F..........Q| -00000330 76 d8 3a 77 a8 a0 38 70 bf be c8 fb ff fe 53 09 |v.:w..8p......S.| +00000000 14 03 03 00 01 01 17 03 03 02 1e 74 7a d4 72 05 |...........tz.r.| +00000010 85 c4 ac 9a 50 04 4e b4 58 ed 4e d5 c4 24 da f5 |....P.N.X.N..$..| +00000020 5b e8 3c 49 c4 fc 56 25 31 74 c9 31 ba 8f 2e 62 |[.\...UH| +00000280 9c 52 f3 21 8d 7b 3a 61 9e 7a f5 35 ac c1 0d 9d |.R.!.{:a.z.5....| +00000290 46 f7 85 c6 f6 76 58 02 04 75 44 be 7a e1 25 84 |F....vX..uD.z.%.| +000002a0 95 6a 7a 1f 70 52 b4 82 f4 dd 63 0c d9 84 94 65 |.jz.pR....c....e| +000002b0 ae 56 11 da b2 b1 3f 27 fe 28 e2 f0 04 72 b6 42 |.V....?'.(...r.B| +000002c0 bd f3 7b cd 9f 1d 44 6d c9 d4 63 61 23 d4 e9 c7 |..{...Dm..ca#...| +000002d0 92 17 03 03 00 35 6d 1c e6 c7 23 8c cb 6b f1 03 |.....5m...#..k..| +000002e0 45 2f 97 92 4d 0b cf ab e0 ae a8 91 d3 1e 75 d1 |E/..M.........u.| +000002f0 28 c9 16 f6 f9 41 51 75 61 2a 63 2b 27 ef fd ef |(....AQua*c+'...| +00000300 ad 87 e9 e2 f3 c2 60 50 ce cb fb 17 03 03 00 17 |......`P........| +00000310 ca 7b a5 e9 bb e6 20 57 1e b2 d7 cb 75 71 1a e0 |.{.... W....uq..| +00000320 41 ae b4 51 23 e0 76 17 03 03 00 13 dd 73 a8 d0 |A..Q#.v......s..| +00000330 3b 64 cc b8 5b 05 36 e1 b1 67 bc 52 ae 5e 75 |;d..[.6..g.R.^u| diff --git a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES index 1132b39f..944fe584 100644 --- a/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES @@ -1,11 +1,10 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 63 01 00 00 5f 03 01 38 de f5 d6 ae |....c..._..8....| -00000010 46 71 e8 02 f2 45 88 b8 64 fb 6e 68 67 d1 7f e8 |Fq...E..d.nhg...| -00000020 49 71 1e a9 ec 8e 54 06 bb 2b 16 00 00 04 c0 0a |Iq....T..+......| -00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1| -00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000060 00 16 00 00 00 17 00 00 |........| +00000000 16 03 01 00 51 01 00 00 4d 03 01 1d a1 82 7a c4 |....Q...M.....z.| +00000010 1c a5 ab 70 c4 7f 23 75 a5 66 e4 9f 74 af df c6 |...p..#u.f..t...| +00000020 b7 a1 28 da ab 59 99 37 47 1d e6 00 00 04 c0 0a |..(..Y.7G.......| +00000030 00 ff 01 00 00 20 00 0b 00 04 03 00 01 02 00 0a |..... ..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 |......| >>> Flow 2 (server to client) 00000000 16 03 01 00 37 02 00 00 33 03 01 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -44,37 +43,37 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 01 00 b5 0c 00 00 b1 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 01 00 b4 0c 00 00 b0 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 8b 30 81 |......._X.;t..0.| -00000280 88 02 42 01 ad 26 fd 16 9a 93 5f 87 ce 29 8c d2 |..B..&...._..)..| -00000290 56 a7 d2 59 56 bd d3 1f 90 54 bd af 91 81 25 ff |V..YV....T....%.| -000002a0 66 74 57 16 2f 31 f2 5a 48 97 03 b9 41 4c 8e bb |ftW./1.ZH...AL..| -000002b0 87 31 ed 71 84 37 63 78 9f 0a c7 9d 5e f3 5a 53 |.1.q.7cx....^.ZS| -000002c0 88 89 46 ba a7 02 42 00 92 74 15 1c 0e 1f 2f 95 |..F...B..t..../.| -000002d0 e5 79 d5 e9 90 ce d8 96 0d fd b8 42 55 00 94 08 |.y.........BU...| -000002e0 4e 47 a9 ea bd 67 0b 02 a6 9e 8b d3 09 e5 53 ea |NG...g........S.| -000002f0 03 22 2e 2d 78 2c 69 1d 28 ab 13 3d 0a 46 15 09 |.".-x,i.(..=.F..| -00000300 b6 0b 74 69 2d 5a 96 bf b6 16 03 01 00 04 0e 00 |..ti-Z..........| -00000310 00 00 |..| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 8a 30 81 |......._X.;t..0.| +00000280 87 02 42 00 9f bb ce 86 5a 4e 56 51 a6 a3 e9 e6 |..B.....ZNVQ....| +00000290 9b f9 f1 b5 8d 6f 00 ce 0a 2b 67 7c 65 c1 5d 88 |.....o...+g|e.].| +000002a0 dd 49 8d 50 15 a7 7f e7 7d f1 86 17 21 81 84 34 |.I.P....}...!..4| +000002b0 fd e3 b5 8c 6f 2a 00 c9 8a cc 8e f4 ab b0 99 80 |....o*..........| +000002c0 af 46 b6 1b a0 02 41 39 5c a0 ec fc 1b 98 52 6a |.F....A9\.....Rj| +000002d0 ae d4 e7 01 d3 31 e8 0f d6 10 49 4e 16 b8 0d 01 |.....1....IN....| +000002e0 26 4d 7a c3 b1 6e b9 2b f7 75 c3 81 3a 65 a9 dd |&Mz..n.+.u..:e..| +000002f0 56 45 de f8 e1 66 01 45 10 53 be f5 da 57 a7 20 |VE...f.E.S...W. | +00000300 7c 65 49 60 01 72 47 6f 16 03 01 00 04 0e 00 00 ||eI`.rGo........| +00000310 00 |.| >>> Flow 3 (client to server) -00000000 16 03 01 00 25 10 00 00 21 20 82 c0 dd 83 c2 45 |....%...! .....E| -00000010 a2 bc 3a 2a ec ab 60 8e 02 e0 db 7c 59 83 c1 62 |..:*..`....|Y..b| -00000020 c7 cc 61 1e de dc 40 e4 65 6c 14 03 01 00 01 01 |..a...@.el......| -00000030 16 03 01 00 30 3e 26 56 0b a2 10 47 00 55 27 21 |....0>&V...G.U'!| -00000040 63 33 f2 7d 4b ba 77 5f e7 a7 09 7a 1f 51 85 f2 |c3.}K.w_...z.Q..| -00000050 46 a5 af 80 79 1a c7 72 bb 3d f9 dd 1d 83 05 22 |F...y..r.=....."| -00000060 c9 6c dd 91 d9 |.l...| +00000000 16 03 01 00 25 10 00 00 21 20 95 89 f8 3a ed 31 |....%...! ...:.1| +00000010 8f 2d 80 0d 27 f1 53 74 3e 36 04 9b 3b 77 70 55 |.-..'.St>6..;wpU| +00000020 8b 97 7e aa 29 16 de 21 1b 27 14 03 01 00 01 01 |..~.)..!.'......| +00000030 16 03 01 00 30 89 86 93 14 ce cf b3 28 36 67 a9 |....0.......(6g.| +00000040 38 3a e3 b4 56 2d 42 e6 8f f5 09 a5 27 90 4a ba |8:..V-B.....'.J.| +00000050 15 30 dc 8e 7a d3 c4 58 40 5a b8 19 62 1b 49 f0 |.0..z..X@Z..b.I.| +00000060 fd 2f 87 a2 df |./...| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 38 fa fd 42 8f |..........08..B.| -00000010 80 5a 7c 33 d4 6c 72 f7 4e 2f 00 ab c2 86 58 9d |.Z|3.lr.N/....X.| -00000020 fc a5 43 fa ea 5b a1 ee a9 df df 9d 90 4c c0 e3 |..C..[.......L..| -00000030 10 09 c4 23 21 f9 e9 69 f5 f8 fa 17 03 01 00 20 |...#!..i....... | -00000040 1e 57 17 e4 96 06 32 d4 00 a3 98 ed bd 1c 61 78 |.W....2.......ax| -00000050 e7 0d 89 ec 84 c3 56 fa 75 73 87 6f 47 35 80 3f |......V.us.oG5.?| -00000060 17 03 01 00 30 4d 51 0a dd 70 6d b0 c2 d1 46 5c |....0MQ..pm...F\| -00000070 b5 03 87 de e6 65 d3 e2 83 e0 33 f8 a2 0a 29 7f |.....e....3...).| -00000080 6c 24 2b 1f 7b 2b 53 19 21 e9 62 6c 31 75 9c be |l$+.{+S.!.bl1u..| -00000090 5b b0 3d 5b 1a 15 03 01 00 20 19 51 64 4b 5a 9b |[.=[..... .QdKZ.| -000000a0 c8 2a 1c e7 9e 29 d9 df ad 1d 08 09 82 a3 b1 1d |.*...)..........| -000000b0 60 99 00 25 30 51 a1 72 b6 27 |`..%0Q.r.'| +00000000 14 03 01 00 01 01 16 03 01 00 30 32 59 c1 a2 05 |..........02Y...| +00000010 14 3a 40 95 2a 8f 09 2c bf 37 07 7b 5c 21 ad c6 |.:@.*..,.7.{\!..| +00000020 82 06 ec 56 9a b2 1c dd 8a 50 5c 01 c7 d0 72 3d |...V.....P\...r=| +00000030 65 ad cd 41 64 e4 97 0d 7a 7b a4 17 03 01 00 20 |e..Ad...z{..... | +00000040 49 a6 74 1a 6d d5 27 5c e1 a2 ae 49 1d 95 af 4e |I.t.m.'\...I...N| +00000050 08 bf ec fa 3c f3 52 64 3b 3b f7 87 45 dc c5 d3 |....<.Rd;;..E...| +00000060 17 03 01 00 30 c6 9e c9 90 88 69 8f 37 a3 01 d8 |....0.....i.7...| +00000070 0a 47 d3 85 67 5d 7b 82 a1 ca 6c bb ff e5 fb 55 |.G..g]{...l....U| +00000080 98 30 79 0a 5d 9b c1 74 1b b1 06 6f 97 cf 7e 2f |.0y.]..t...o..~/| +00000090 a2 c1 b9 a5 32 15 03 01 00 20 8b 2b 8f 99 05 51 |....2.... .+...Q| +000000a0 78 62 f8 d4 10 2d 52 c8 16 b7 81 55 3c b8 f0 5d |xb...-R....U<..]| +000000b0 b5 1b ac 98 62 40 db 96 50 49 |....b@..PI| diff --git a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA index 63e0edb6..ae6e99e0 100644 --- a/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA +++ b/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA @@ -1,17 +1,16 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 cb 01 00 00 c7 03 03 3f 5d 09 25 4e |...........?].%N| -00000010 82 83 13 89 ba 89 43 d5 43 4f f1 c3 2f 08 77 39 |......C.CO../.w9| -00000020 bf eb c7 1d 4b d6 85 c8 17 2f 83 00 00 38 c0 2c |....K..../...8.,| +00000000 16 03 01 00 b9 01 00 00 b5 03 03 5a da e6 d1 db |...........Z....| +00000010 47 25 f6 bd f3 8d 8e e8 83 15 26 a8 1a ef 89 c1 |G%........&.....| +00000020 c7 db 9a 7c 66 81 43 5f 8b e6 61 00 00 38 c0 2c |...|f.C_..a..8.,| 00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| 00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| 00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| -00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| -00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| -00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| -00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| -000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| -000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| -000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| +00000060 00 35 00 2f 00 ff 01 00 00 54 00 0b 00 04 03 00 |.5./.....T......| +00000070 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................| +00000080 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..| +00000090 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................| +000000a0 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................| +000000b0 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -53,36 +52,36 @@ 00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| 00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| -00000280 30 81 88 02 42 01 5c 2a 30 4f 9f dc df a8 33 06 |0...B.\*0O....3.| -00000290 3b bc 35 46 6a 9c a3 a1 26 ec 42 29 bf 63 b3 9b |;.5Fj...&.B).c..| -000002a0 8c bf 7b 07 8d 28 eb 41 68 7a 8a 1b f3 de a9 dc |..{..(.Ahz......| -000002b0 1e d1 21 3c 4d 24 df 89 90 b6 f2 fb ad 60 d2 27 |..!V..F.| -000002e0 b4 e5 90 72 ed af 71 0d fb e6 39 2f d5 4b 73 ba |...r..q...9/.Ks.| -000002f0 85 d2 a4 bf 99 74 d7 81 eb 3e 69 4d f0 12 1e 3c |.....t...>iM...<| -00000300 53 ca f0 35 85 ef ff ed cc 0f f7 16 03 03 00 04 |S..5............| +00000280 30 81 88 02 42 00 f0 67 2c a9 99 6f de 2c 23 b3 |0...B..g,..o.,#.| +00000290 0f e2 5b 92 55 52 1f 68 49 f7 48 98 47 88 f0 f7 |..[.UR.hI.H.G...| +000002a0 dd c5 ca 2f cb b6 1e 4b a4 e4 e8 64 b2 0a 38 79 |.../...K...d..8y| +000002b0 40 f6 db e2 66 43 18 38 24 27 ee 6f 79 78 f7 58 |@...fC.8$'.oyx.X| +000002c0 06 54 60 ff a0 65 93 02 42 01 6d 7b 4f 48 ce 8e |.T`..e..B.m{OH..| +000002d0 f4 a3 ba c5 80 1a 75 30 df f5 b8 42 84 3a ac c7 |......u0...B.:..| +000002e0 f0 44 50 ec e5 eb 62 7e bb 4c 8a cb 5a f0 72 28 |.DP...b~.L..Z.r(| +000002f0 e9 94 a9 0b 5c a6 5b 74 5b 7f 36 c8 6e 2d 7e 30 |....\.[t[.6.n-~0| +00000300 27 12 5a 92 10 f1 7b db 81 78 84 16 03 03 00 04 |'.Z...{..x......| 00000310 0e 00 00 00 |....| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 b8 a6 ed 33 20 59 |....%...! ...3 Y| -00000010 76 0b 7c 87 53 f1 12 c1 46 d9 db 68 c0 6f d6 30 |v.|.S...F..h.o.0| -00000020 ea e0 64 04 54 7a 4c 95 03 41 14 03 03 00 01 01 |..d.TzL..A......| -00000030 16 03 03 00 40 c0 70 29 39 a0 8a bd 59 58 88 44 |....@.p)9...YX.D| -00000040 ea 10 b4 79 3e 0e 72 b7 2a 03 6d 4d 5a 24 f5 c0 |...y>.r.*.mMZ$..| -00000050 4e e5 19 f0 fb 66 ca 97 89 4b 67 dc bb 19 cd 0b |N....f...Kg.....| -00000060 6e 74 01 d3 a4 9a ab af 8e 44 10 99 ac ff 9e 9e |nt.......D......| -00000070 17 04 56 78 55 |..VxU| +00000000 16 03 03 00 25 10 00 00 21 20 8b f1 7e ee 8f 8c |....%...! ..~...| +00000010 32 60 ee 25 07 6e 36 f1 09 77 43 e6 e3 e5 cb 8f |2`.%.n6..wC.....| +00000020 66 72 0a 9a e7 d6 97 fe 20 77 14 03 03 00 01 01 |fr...... w......| +00000030 16 03 03 00 40 47 1e 98 99 b3 aa 23 54 8b 1d 0f |....@G.....#T...| +00000040 d6 7e 4f 70 fc 55 9c ae f7 8e c8 53 8f ef be 5e |.~Op.U.....S...^| +00000050 2a 06 c8 fd 25 1a ff 6c 8d 56 61 ce 2a ed d1 ad |*...%..l.Va.*...| +00000060 46 e9 b7 d9 92 23 8a 20 22 0d ea 27 c0 4d 68 86 |F....#. "..'.Mh.| +00000070 75 ef 25 3c f1 |u.%<.| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 01 a0 6b 2c c5 |.............k,.| -00000020 7e 83 70 b5 2c 8c 43 b6 8b 2e 18 2a 1d be 11 6d |~.p.,.C....*...m| -00000030 13 f9 ba b5 de db 01 2a 64 d9 5b 24 c9 61 a1 4d |.......*d.[$.a.M| -00000040 11 bb fc b1 86 61 b0 04 a9 cd 1e 17 03 03 00 40 |.....a.........@| +00000010 00 00 00 00 00 00 00 00 00 00 00 18 a0 a0 cd f8 |................| +00000020 7a 9d c2 77 43 18 ad dd 62 27 0d b4 55 3e c2 b7 |z..wC...b'..U>..| +00000030 56 7e 9d ac e4 51 b3 54 5d cf fa 7f 3b 7a 91 eb |V~...Q.T]...;z..| +00000040 ba 17 c0 44 66 d2 7a d2 5d 0a 1e 17 03 03 00 40 |...Df.z.]......@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 d8 98 85 b4 cb 61 39 69 2f b1 1f 24 c1 5a 4f e3 |.....a9i/..$.ZO.| -00000070 0b 20 5d 6c 3f 3f 82 3a a3 8a b3 cf e9 41 bb 60 |. ]l??.:.....A.`| -00000080 ed b6 67 a0 76 39 ab 93 a5 35 d0 42 b3 a7 4c 92 |..g.v9...5.B..L.| +00000060 bb 89 ec b2 40 44 f2 49 93 3a 0c 33 98 d9 6e 12 |....@D.I.:.3..n.| +00000070 3f e1 f1 36 9c 35 8c e9 33 e3 f7 52 9a ae e0 df |?..6.5..3..R....| +00000080 73 31 6e 54 a1 78 9a 89 9b 62 1a e7 4c 70 c4 1b |s1nT.x...b..Lp..| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 c7 0d 06 b2 2b 73 ab ed 16 88 6f |.........+s....o| -000000b0 62 77 fb 48 e4 5e 6d 7e 24 02 b6 08 fa 46 c8 76 |bw.H.^m~$....F.v| -000000c0 18 fc f4 c4 08 |.....| +000000a0 00 00 00 00 00 9d 93 07 e6 37 ef c4 f7 3a b0 bf |.........7...:..| +000000b0 c6 27 40 ed a1 41 43 77 c4 d2 a5 55 99 98 68 d8 |.'@..ACw...U..h.| +000000c0 00 69 83 55 d5 |.i.U.| diff --git a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES index d7e61880..5d24ce6d 100644 --- a/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES @@ -1,14 +1,13 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 97 01 00 00 93 03 03 86 3b 10 1e 5f |............;.._| -00000010 81 eb 21 bd 77 47 61 e9 3f 82 85 14 91 8c ab 7d |..!.wGa.?......}| -00000020 84 bd b1 f0 06 20 8a 7b 06 d6 78 00 00 04 c0 0a |..... .{..x.....| -00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| -00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| -00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| -00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| -00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| +00000000 16 03 01 00 85 01 00 00 81 03 03 8f e1 32 27 c0 |.............2'.| +00000010 68 d4 45 d1 d7 25 ea 57 4a 7f ac fc 74 0c 9a 7d |h.E..%.WJ...t..}| +00000020 a0 af 0a 0c a4 3f 93 8f 43 20 dd 00 00 04 c0 0a |.....?..C ......| +00000030 00 ff 01 00 00 54 00 0b 00 04 03 00 01 02 00 0a |.....T..........| +00000040 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 |................| +00000050 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 |.........0......| +00000060 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000070 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +00000080 03 02 02 02 04 02 05 02 06 02 |..........| >>> Flow 2 (server to client) 00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| @@ -47,39 +46,39 @@ 00000220 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd d7 11 |.....7z..z......| 00000230 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d ae cb |i..|V..1x+..x...| 00000240 be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f 2a 16 |..N6$1{j.9....*.| -00000250 03 03 00 b7 0c 00 00 b3 03 00 1d 20 2f e5 7d a3 |........... /.}.| +00000250 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2f e5 7d a3 |........... /.}.| 00000260 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| -00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8b |......._X.;t....| -00000280 30 81 88 02 42 01 c5 d1 36 97 5b 0e 5e a6 90 50 |0...B...6.[.^..P| -00000290 a0 2e 80 b5 df d7 5a f6 95 0d a4 c6 f0 da 2e e7 |......Z.........| -000002a0 91 79 9f 85 2e ef ca 66 3c f7 c4 7b bd 61 70 bb |.y.....f<..{.ap.| -000002b0 16 c5 aa 00 35 33 ae 58 00 b3 f1 fe 0f 77 52 23 |....53.X.....wR#| -000002c0 f4 40 ba 4b c7 e5 43 02 42 01 64 af ab 8a 87 38 |.@.K..C.B.d....8| -000002d0 a1 7f b8 ae 84 0e a4 ff ad 16 09 44 0b 65 67 70 |...........D.egp| -000002e0 12 7f 1a 37 9a 1d 5e b7 3b 63 df f9 6b f1 b9 ba |...7..^.;c..k...| -000002f0 6b 35 8f b3 03 da 3d 61 00 3d 4e 75 b4 d0 92 d5 |k5....=a.=Nu....| -00000300 ee 50 9d d7 f9 26 69 e6 ec cf 3b 16 03 03 00 04 |.P...&i...;.....| -00000310 0e 00 00 00 |....| +00000270 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 03 00 8a |......._X.;t....| +00000280 30 81 87 02 41 73 c7 59 fb 1d 8a 50 26 f9 54 c7 |0...As.Y...P&.T.| +00000290 2b ff 68 7c f2 a3 3a e3 a5 d8 e4 42 bd 71 fa 07 |+.h|..:....B.q..| +000002a0 61 71 d4 01 27 03 7f cf b3 8d 16 e0 e7 fd 6b 48 |aq..'.........kH| +000002b0 46 3e 5b 4c 99 0a fe dd d9 c9 85 ab 8c 93 28 79 |F>[L..........(y| +000002c0 2e 33 bd a3 19 54 02 42 01 02 71 fd ee a6 75 6c |.3...T.B..q...ul| +000002d0 a2 fd 1e 09 38 bc 88 f6 25 cc 4b c3 02 8e cd 3a |....8...%.K....:| +000002e0 64 77 e2 bd 03 71 e7 2a 10 5b d0 07 18 a2 43 b3 |dw...q.*.[....C.| +000002f0 da 5e 12 51 95 8a 8d a8 43 cd c8 f3 6b 18 88 6a |.^.Q....C...k..j| +00000300 ee 43 76 80 cd 37 90 06 00 75 16 03 03 00 04 0e |.Cv..7...u......| +00000310 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 03 00 25 10 00 00 21 20 54 db 5b a1 4c e0 |....%...! T.[.L.| -00000010 0e 52 a2 45 e3 b4 ac 91 3d e1 de a9 3e eb 80 9e |.R.E....=...>...| -00000020 f5 04 7b fc 82 10 2f d9 d1 41 14 03 03 00 01 01 |..{.../..A......| -00000030 16 03 03 00 40 47 68 cc 5e 68 3f 05 d6 f8 5c 11 |....@Gh.^h?...\.| -00000040 08 a3 91 72 ae 4c 98 67 2f 45 ee 16 6b 8b 2d 28 |...r.L.g/E..k.-(| -00000050 15 34 43 47 f9 46 f2 96 c2 85 d5 cc 03 e0 84 de |.4CG.F..........| -00000060 9c 03 fe bf c9 73 23 15 d0 0f 85 3a 76 db 9f 5d |.....s#....:v..]| -00000070 95 b7 de 9c c2 |.....| +00000000 16 03 03 00 25 10 00 00 21 20 95 42 80 d6 07 1a |....%...! .B....| +00000010 94 fe 2c 51 4f 62 52 22 0f 8f 5b e4 46 ad 1e 3a |..,QObR"..[.F..:| +00000020 9a e0 95 42 65 d8 82 21 a0 3c 14 03 03 00 01 01 |...Be..!.<......| +00000030 16 03 03 00 40 ba d1 da ba 87 a4 3f 9b 83 93 21 |....@......?...!| +00000040 db 54 a7 3c fe 8e 50 45 b1 e5 1f 6d 7f e3 d6 23 |.T.<..PE...m...#| +00000050 87 94 b5 8d 47 93 f1 28 45 da 7c bc 7a 92 11 37 |....G..(E.|.z..7| +00000060 de 8b 0a 03 0e c9 73 8a 98 96 45 8b f7 c4 e5 fa |......s...E.....| +00000070 45 26 5b 0f f3 |E&[..| >>> Flow 4 (server to client) 00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| -00000010 00 00 00 00 00 00 00 00 00 00 00 98 34 52 f3 44 |............4R.D| -00000020 18 69 23 61 ef 8f e9 c0 88 9c ad 1f cb e4 8d 55 |.i#a...........U| -00000030 bd bb 77 9c 65 9d 21 f0 54 4c 46 db 4f e6 e8 ab |..w.e.!.TLF.O...| -00000040 6b 1d 60 38 7f e0 2c 38 ef e7 43 17 03 03 00 40 |k.`8..,8..C....@| +00000010 00 00 00 00 00 00 00 00 00 00 00 a0 13 d2 e0 23 |...............#| +00000020 b2 51 80 bc 09 e6 fb c0 34 bc c7 99 c7 84 00 50 |.Q......4......P| +00000030 8a 8c ba 6d 11 cc a0 de 3f 88 26 0d c9 93 b4 1e |...m....?.&.....| +00000040 36 e4 39 b1 15 72 4b 1d 3a a4 46 17 03 03 00 40 |6.9..rK.:.F....@| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 44 68 90 07 1e 8c 7f db 3e 3f 8c 28 e1 d7 41 38 |Dh......>?.(..A8| -00000070 e2 78 04 e3 42 c2 a9 76 bb 0a ae b9 93 df 81 d7 |.x..B..v........| -00000080 9b 0f 1d 44 19 79 ff 7c 21 8f 75 ca e2 82 cc c4 |...D.y.|!.u.....| +00000060 4c f8 84 0b 49 71 fb ba 18 9a 0d 09 9c be 6c 55 |L...Iq........lU| +00000070 de df a7 0d 5a 89 b0 a0 c1 47 09 d3 ba 31 c1 52 |....Z....G...1.R| +00000080 7e 7e eb ec d1 2b 71 b3 0d 54 ec ee 14 95 3a 25 |~~...+q..T....:%| 00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| -000000a0 00 00 00 00 00 82 1f e6 2c 3f c7 55 19 01 0b 62 |........,?.U...b| -000000b0 1a 99 fc f8 d3 b0 38 21 41 92 1a d1 e0 43 96 da |......8!A....C..| -000000c0 80 4b 58 91 c8 |.KX..| +000000a0 00 00 00 00 00 3d 94 70 b6 f3 50 8b 57 42 9a cc |.....=.p..P.WB..| +000000b0 08 82 0a 1c a5 a7 bf 8c fa 70 3a 1e 43 a3 84 b0 |.........p:.C...| +000000c0 62 20 b5 c4 c4 |b ...| diff --git a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES index d2b02504..5a30a27e 100644 --- a/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES +++ b/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES @@ -1,96 +1,95 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 dc 01 00 00 d8 03 03 90 bc cf 62 d0 |..............b.| -00000010 bc 89 6b 84 ad 18 87 f5 9c 96 0e 02 3f ae a5 4b |..k.........?..K| -00000020 80 70 f8 54 47 b1 78 03 48 4d 06 20 ae 9e 3c 17 |.p.TG.x.HM. ..<.| -00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| -00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 00 04 13 01 |.ea@.|....s.....| -00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| -00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| -00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| -00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| -00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| -000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| -000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| -000000c0 20 ad 11 a7 07 20 9c cb 33 96 f4 0d 78 a1 89 55 | .... ..3...x..U| -000000d0 6c af 70 f4 ac d6 cb d9 0d 1b 13 fa 50 de 68 17 |l.p.........P.h.| -000000e0 1d |.| +00000000 16 03 01 00 d4 01 00 00 d0 03 03 7a 02 0f 93 ec |...........z....| +00000010 a3 f3 48 5b 19 02 bb 1e 85 9e c3 97 e4 af cd 3e |..H[...........>| +00000020 10 f7 14 50 9d fd ca 5e 49 e1 80 20 ec 74 62 6f |...P...^I.. .tbo| +00000030 fb c8 8c 99 8d 77 32 37 5f 99 3c 54 c3 66 cf 67 |.....w27_.>> Flow 2 (server to client) 00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000020 00 00 00 00 00 00 00 00 00 00 00 20 ae 9e 3c 17 |........... ..<.| -00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN| -00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 13 01 00 00 |.ea@.|....s.....| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 ec 74 62 6f |........... .tbo| +00000030 fb c8 8c 99 8d 77 32 37 5f 99 3c 54 c3 66 cf 67 |.....w27_...| -000000e0 f1 a1 dd 3a de 6a b9 9d 85 2b 83 75 47 c9 d2 c3 |...:.j...+.uG...| -000000f0 25 91 85 c2 a1 97 6a 62 dd aa 19 11 94 e2 6b f9 |%.....jb......k.| -00000100 7d 5a bc 5e d4 64 bc 74 44 85 d1 7a eb 3a ef d5 |}Z.^.d.tD..z.:..| -00000110 96 f4 22 64 61 2b 79 77 ac 8b 61 69 cc eb ad fd |.."da+yw..ai....| -00000120 38 5e 61 74 d9 4f 70 82 06 3b 3e f8 a8 53 7c e8 |8^at.Op..;>..S|.| -00000130 9d 98 43 a1 af 86 ba d9 64 64 f0 e0 b0 8f 39 6b |..C.....dd....9k| -00000140 16 d6 92 09 8d 5b d0 34 f4 14 60 69 a0 28 73 3a |.....[.4..`i.(s:| -00000150 24 7f 81 4e 8b d1 50 49 1a c0 60 92 fd 02 47 6d |$..N..PI..`...Gm| -00000160 d8 97 62 b2 b4 57 8b d7 d1 b6 bf 19 40 cb 13 09 |..b..W......@...| -00000170 ef d6 55 66 39 88 29 e0 14 2d 06 98 d6 b6 bf a6 |..Uf9.)..-......| -00000180 04 10 47 d5 64 fe 38 69 db 33 a4 fc 12 de 83 5b |..G.d.8i.3.....[| -00000190 c9 8e 76 56 bc f7 dd ac 96 c6 a0 ed e5 43 0b 13 |..vV.........C..| -000001a0 1e 78 94 18 fd 57 50 79 08 91 18 aa 84 63 4e 46 |.x...WPy.....cNF| -000001b0 53 db e0 f3 9a 0b d6 13 20 36 aa 56 dd 7a 62 d9 |S....... 6.V.zb.| -000001c0 3f f6 bd 87 74 3c 86 d1 94 a1 04 79 a8 54 e4 8e |?...t<.....y.T..| -000001d0 11 d6 52 42 5c 4b 77 18 b9 d7 db f7 48 9a 69 e1 |..RB\Kw.....H.i.| -000001e0 2d b9 38 38 e4 e8 94 5e b1 7e 2c 81 96 6a a0 ed |-.88...^.~,..j..| -000001f0 bb 35 6a 8c 93 f2 6d 38 70 df 79 54 d9 45 c8 b8 |.5j...m8p.yT.E..| -00000200 b2 9c 0f 9f 70 34 8f ac b3 08 f5 3e b1 d2 5a d7 |....p4.....>..Z.| -00000210 7b ee f3 dc 9a d1 12 c3 77 24 76 9b bf 09 50 a7 |{.......w$v...P.| -00000220 3c ab 7f 1f 99 b5 02 8c ac 5e 85 cc 53 fd ca e0 |<........^..S...| -00000230 c7 e2 41 08 fd cb b0 79 0c 8b 02 4f 80 92 c2 cd |..A....y...O....| -00000240 6c a1 aa 75 d2 4c d1 25 40 7c 14 41 a7 15 20 a3 |l..u.L.%@|.A.. .| -00000250 a6 81 64 7c c0 c7 2d dd 82 84 ad 2a f4 06 f9 61 |..d|..-....*...a| -00000260 23 1c dd c6 ef 72 da 6b eb be 41 f0 b4 5f 9a 02 |#....r.k..A.._..| -00000270 ee a8 f3 bb 05 48 ec 50 a3 ff f3 94 bb d8 a9 6d |.....H.P.......m| -00000280 92 49 7c bf a1 eb 55 26 08 26 d3 80 d6 cb 05 ea |.I|...U&.&......| -00000290 d1 db bf 97 3d 10 ff 4e f6 05 33 23 68 95 31 42 |....=..N..3#h.1B| -000002a0 5a d5 30 61 79 c4 88 7f e1 be 28 ad 72 bb 78 36 |Z.0ay.....(.r.x6| -000002b0 ba bb 38 75 fb 97 33 b6 28 8c a2 f4 46 fe 37 d8 |..8u..3.(...F.7.| -000002c0 b0 67 63 97 c1 51 0c 61 17 03 03 00 a4 20 15 70 |.gc..Q.a..... .p| -000002d0 7a 69 b1 33 c2 e1 f5 9c 2b b2 06 1e 01 a6 7f 03 |zi.3....+.......| -000002e0 cd 00 13 02 3b 0c 2b 3f 85 d8 ed 6d 81 7e e9 b2 |....;.+?...m.~..| -000002f0 b6 be 7b 77 51 30 dd b5 fc 93 08 91 9e 46 e2 85 |..{wQ0.......F..| -00000300 74 3c 9a 04 26 86 b8 6c 98 99 57 7e 36 54 0d 90 |t<..&..l..W~6T..| -00000310 4c 55 65 77 69 59 b2 e5 5b a3 19 4a b0 72 3d 91 |LUewiY..[..J.r=.| -00000320 2e 5d 9b 8c 52 a1 e6 f5 22 c6 3c 0d 9b d8 9c b9 |.]..R...".<.....| -00000330 cb 90 51 bc 16 69 06 30 22 16 62 08 3b 3f 05 99 |..Q..i.0".b.;?..| -00000340 60 2a cc cf 29 f5 e1 b0 84 81 c8 63 00 d4 d4 13 |`*..)......c....| -00000350 b5 5d 4c 63 8a 60 3e 44 24 03 30 85 91 4c 3d f2 |.]Lc.`>D$.0..L=.| -00000360 2c c2 78 f2 c3 4c bb 90 60 0b 66 18 02 e7 5c 85 |,.x..L..`.f...\.| -00000370 19 17 03 03 00 35 49 76 5f ff 32 3a 09 7a 4b f2 |.....5Iv_.2:.zK.| -00000380 fe f3 38 b6 76 f4 12 f2 aa a3 ed b6 02 ab 0b b9 |..8.v...........| -00000390 3b 9d 00 51 f1 5c 96 23 6b 49 f8 32 9f 74 30 32 |;..Q.\.#kI.2.t02| -000003a0 4d af af ef d5 55 2c ff 2b a0 45 17 03 03 00 93 |M....U,.+.E.....| -000003b0 6e e0 6a f9 44 af c0 af 95 ab 1e ff fd 97 38 f5 |n.j.D.........8.| -000003c0 7b 24 70 da e2 4e 8b dc 9b 49 84 fe 73 0a b0 7e |{$p..N...I..s..~| -000003d0 cf 14 f7 8a 67 e7 74 bd ee 82 93 c6 27 a2 bd 1e |....g.t.....'...| -000003e0 cb 71 06 af 65 dd f0 d9 91 81 b0 f8 21 34 48 d1 |.q..e.......!4H.| -000003f0 c4 e0 e3 19 a8 b4 48 b7 3a be 52 e5 7c a8 a3 c2 |......H.:.R.|...| -00000400 08 6c ac 66 4d 36 cf a1 9d 1f 72 c5 09 20 db 05 |.l.fM6....r.. ..| -00000410 e5 0a 44 af 4a d8 32 38 19 7d 28 e3 05 23 99 66 |..D.J.28.}(..#.f| -00000420 f6 ad 77 02 7e 00 67 c1 71 58 b9 89 3c 93 15 95 |..w.~.g.qX..<...| -00000430 ee 38 e2 ea c0 73 fe da e4 75 6d 38 ca 54 0b bf |.8...s...um8.T..| -00000440 f0 af 86 |...| +00000080 03 03 00 01 01 17 03 03 00 17 7b 9f a3 c6 7e d1 |..........{...~.| +00000090 16 13 20 ec 41 73 f9 c2 64 81 b8 ed 4f 1d e1 05 |.. .As..d...O...| +000000a0 ff 17 03 03 02 22 9b 4b 35 12 12 97 72 1b b1 38 |.....".K5...r..8| +000000b0 37 f9 f1 93 c1 6c 80 04 81 fb 4f 17 84 85 8d 0a |7....l....O.....| +000000c0 33 a7 19 60 c7 02 74 05 3e 93 aa 03 96 b7 3d 33 |3..`..t.>.....=3| +000000d0 b6 03 3d 36 81 08 9c 9e 2c 98 3f 61 07 ca 07 60 |..=6....,.?a...`| +000000e0 21 f4 e2 6e 55 82 07 df bb fe b7 a4 32 51 35 ce |!..nU.......2Q5.| +000000f0 97 a0 dc 6e d9 59 35 aa 90 65 eb f6 51 f5 4b 03 |...n.Y5..e..Q.K.| +00000100 f6 d4 f2 db 9d c7 9d 88 f0 b2 bf d5 9b 55 34 0c |.............U4.| +00000110 57 1b 0c d7 23 c6 3d c1 6e 30 3c af e3 48 95 a3 |W...#.=.n0<..H..| +00000120 05 e7 aa a5 54 9d 4f bf fd bf 17 45 46 50 f7 36 |....T.O....EFP.6| +00000130 b7 04 5e 22 ec 4a a2 8c 0b dc 7f 8a 69 b6 4d 16 |..^".J......i.M.| +00000140 15 73 c2 c8 58 64 91 a4 65 e3 90 ba cd e8 d9 11 |.s..Xd..e.......| +00000150 ae 0b e4 27 16 7b bf e1 c9 f1 69 e1 38 64 95 de |...'.{....i.8d..| +00000160 b6 7c 9f 5a a1 40 27 37 99 74 fb e2 94 dc b2 04 |.|.Z.@'7.t......| +00000170 2a 23 f8 11 dc 88 3e d9 f8 1d 2c 9c e8 48 6e 0a |*#....>...,..Hn.| +00000180 81 a8 41 c0 7e 80 b5 5b ae 51 00 07 81 52 4d f4 |..A.~..[.Q...RM.| +00000190 9a da 13 cb af 53 33 7d ba 7f 8a 32 fb 58 86 90 |.....S3}...2.X..| +000001a0 56 6f 36 70 f3 9a 5b 01 a3 35 2f 5b df 35 97 eb |Vo6p..[..5/[.5..| +000001b0 98 d9 03 ad 84 4e 53 d9 35 a7 64 c9 d7 02 5e 31 |.....NS.5.d...^1| +000001c0 a1 26 75 14 ae e2 5e c4 cd b7 9c 99 61 46 18 a8 |.&u...^.....aF..| +000001d0 15 18 b4 ae ce e6 d6 15 e8 ff 63 b4 e3 a2 22 1b |..........c...".| +000001e0 81 f6 e5 48 ff fd 7a 6f c9 a4 ff da 2e 91 ed 1d |...H..zo........| +000001f0 a8 43 81 6b 79 a9 b2 d1 92 26 13 b6 be 52 9c fe |.C.ky....&...R..| +00000200 38 f1 4b 8f c5 d5 e5 33 c4 4c 7d ec da 44 2f 8a |8.K....3.L}..D/.| +00000210 ad 69 63 41 23 7a ce 4d ca 3a 97 1c 87 27 0e 34 |.icA#z.M.:...'.4| +00000220 a0 3f 49 8f 77 63 ef a8 f1 16 97 32 fd cd 19 9c |.?I.wc.....2....| +00000230 1d e0 14 96 70 4b dd 1b e9 34 af 5a 23 e4 3e 1d |....pK...4.Z#.>.| +00000240 a8 53 44 96 34 a7 56 b5 85 58 85 40 7b b0 e9 7c |.SD.4.V..X.@{..|| +00000250 60 28 6d a8 91 79 50 e5 15 ae 83 5c 96 3b bd 40 |`(m..yP....\.;.@| +00000260 37 be 96 2c 47 b7 07 06 c6 67 31 63 a4 b4 60 67 |7..,G....g1c..`g| +00000270 77 19 d0 3b 90 48 3f 2c 29 fb e0 ba 27 dd 76 f1 |w..;.H?,)...'.v.| +00000280 fd 7e fa 9f 6b 21 b7 71 eb e2 13 d7 d0 52 9c 1b |.~..k!.q.....R..| +00000290 ee 3c 85 8a 1e 45 01 32 c2 ed 51 5f 8b 75 f9 d7 |.<...E.2..Q_.u..| +000002a0 25 8b 6a 55 7a 2d 97 f1 f5 65 2a 39 76 5f 86 94 |%.jUz-...e*9v_..| +000002b0 34 85 44 64 07 b6 fd d6 6d 61 a4 32 63 c0 6b 2b |4.Dd....ma.2c.k+| +000002c0 0c 63 6e 07 b4 40 bb 5f 17 03 03 00 a4 52 70 21 |.cn..@._.....Rp!| +000002d0 6c bf b1 1b 12 21 35 a2 8b 0f e1 7c ff 60 c3 e6 |l....!5....|.`..| +000002e0 74 a3 fa fc af 86 f3 c5 55 ec 84 c9 4b e0 5a 92 |t.......U...K.Z.| +000002f0 cc 20 06 4d 96 da 2c df 32 5e 23 fa e0 a4 95 40 |. .M..,.2^#....@| +00000300 33 45 aa ba cc 5d 5a 47 c5 f6 75 64 93 9d b4 e2 |3E...]ZG..ud....| +00000310 be aa 1b a8 d6 a9 70 17 73 f5 76 88 bb 5a a5 5a |......p.s.v..Z.Z| +00000320 b2 38 5d 91 bb 23 3f d7 e9 2f e0 05 17 39 40 7e |.8]..#?../...9@~| +00000330 bb 36 90 2f 3e ad b2 dd 4c c5 0b 38 bb 28 9c d8 |.6./>...L..8.(..| +00000340 59 79 e2 4d aa 22 d9 20 88 b8 9c c8 24 8a 1d 24 |Yy.M.". ....$..$| +00000350 bc 1a 9d f7 53 11 01 43 22 04 94 c7 ec 47 00 54 |....S..C"....G.T| +00000360 4a 50 9c 12 15 36 87 5c f1 fd 49 b8 2a e0 2a 15 |JP...6.\..I.*.*.| +00000370 88 17 03 03 00 35 0c 20 57 8e d3 6a e8 6d 28 bc |.....5. W..j.m(.| +00000380 f9 92 e3 b6 a3 d3 00 63 85 10 5e 43 da 1d 5f e3 |.......c..^C.._.| +00000390 16 b7 52 5f 16 74 f3 64 bf d9 7a 61 36 76 76 81 |..R_.t.d..za6vv.| +000003a0 34 af a7 a9 1e 7f 88 24 6f 68 c2 17 03 03 00 93 |4......$oh......| +000003b0 79 26 62 fc 11 92 59 74 b0 1d 9c 74 d0 19 20 ca |y&b...Yt...t.. .| +000003c0 76 c7 fa da 45 23 d5 8b 67 41 29 6a fa ad 30 d1 |v...E#..gA)j..0.| +000003d0 f9 1b e1 11 57 72 d4 28 51 ca f2 1b 77 27 b0 ee |....Wr.(Q...w'..| +000003e0 3f ed e4 8d 80 25 21 97 d5 74 84 b3 2a e6 03 74 |?....%!..t..*..t| +000003f0 1e f8 92 25 5f b6 d6 78 c5 fd 72 9b 48 5d b2 3f |...%_..x..r.H].?| +00000400 e7 a9 de 1e 16 7f e6 25 ef 37 6d 59 4a 0c a5 f2 |.......%.7mYJ...| +00000410 b7 06 28 e5 43 55 77 4f d3 67 80 f6 1b e8 c5 68 |..(.CUwO.g.....h| +00000420 39 ae 17 b2 de 3f 56 1a e3 4b 33 b6 57 cf 1d 5b |9....?V..K3.W..[| +00000430 03 3d 73 fa 70 22 50 26 9e 78 d0 11 94 08 59 01 |.=s.p"P&.x....Y.| +00000440 ed 74 50 |.tP| >>> Flow 3 (client to server) -00000000 14 03 03 00 01 01 17 03 03 00 35 23 02 12 13 f1 |..........5#....| -00000010 db fa 70 c0 92 85 8a d3 fa 80 1b 5c a6 22 ff 20 |..p........\.". | -00000020 5d bf 1d 61 58 34 c0 48 6f e1 26 a6 bf bc 76 c7 |]..aX4.Ho.&...v.| -00000030 8b da ee 54 64 30 c4 5c b1 61 67 82 29 bb 3f 4b |...Td0.\.ag.).?K| +00000000 14 03 03 00 01 01 17 03 03 00 35 2b 59 23 5a 3d |..........5+Y#Z=| +00000010 ca a0 f2 77 9e f4 75 29 04 90 af 69 a3 13 69 9b |...w..u)...i..i.| +00000020 88 bc b0 75 fe 8b ae 49 da 9f bd f3 90 60 f8 bd |...u...I.....`..| +00000030 0c 03 43 ec ef 29 7b df 8e ce 1a 09 4b 16 3d 40 |..C..){.....K.=@| >>> Flow 4 (server to client) -00000000 17 03 03 00 1e 95 c0 53 e2 37 94 09 83 1e 7e 23 |.......S.7....~#| -00000010 dc 9f 02 5e 91 19 b6 f9 72 0d 38 3f 25 ae b2 5f |...^....r.8?%.._| -00000020 4b f2 78 17 03 03 00 13 d2 ad 73 d6 f3 21 ab 7c |K.x.......s..!.|| -00000030 02 dd 63 ff cf d7 34 ca 71 3d 70 |..c...4.q=p| +00000000 17 03 03 00 1e 70 25 fb 6d 47 f0 05 ab 81 90 1e |.....p%.mG......| +00000010 f4 d9 9f cd 0e 4a 34 94 62 4a d8 f7 03 85 47 ba |.....J4.bJ....G.| +00000020 3e 8a b0 17 03 03 00 13 81 0a f9 9e ac c7 5f 0d |>............._.| +00000030 0c 52 65 5d 70 2a f3 af 3a 10 68 |.Re]p*..:.h| From 97e834cd7132afbbdb7f85413c62904daf0069f8 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Tue, 18 Feb 2025 12:32:39 +0000 Subject: [PATCH 33/40] style: reformat merged file --- tls/tls_names.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tls/tls_names.go b/tls/tls_names.go index efb77a09..f683a6c0 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -442,7 +442,7 @@ func init() { curveNames[259] = "ffdhe6144" curveNames[260] = "ffdhe8192" curveNames[4587] = "secp256r1mlkem768" // draft-kwiatkowski-tls-ecdhe-mlkem - curveNames[4588] = "x25519mlkem768" // draft-kwiatkowski-tls-ecdhe-mlkem + curveNames[4588] = "x25519mlkem768" // draft-kwiatkowski-tls-ecdhe-mlkem curveNames[65281] = "arbitrary_explicit_prime_curves" curveNames[65282] = "arbitrary_explicit_char2_curves" From 68960d5692c86b342cf80b9dcad11455d98f5a0a Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Fri, 7 Mar 2025 05:55:18 +0000 Subject: [PATCH 34/40] fix(tls): preMasterSecret for TLS12 --- tls/handshake_client.go | 20 +++++++++++--------- tls/handshake_server.go | 29 +++++++++++++++-------------- tls/tls_handshake.go | 13 ++++++++++--- tls/tls_ka.go | 17 +++++++++++++++++ 4 files changed, 53 insertions(+), 26 deletions(-) diff --git a/tls/handshake_client.go b/tls/handshake_client.go index 45a5796d..ca52d6c1 100644 --- a/tls/handshake_client.go +++ b/tls/handshake_client.go @@ -25,13 +25,14 @@ import ( ) type clientHandshakeState struct { - c *Conn - serverHello *serverHelloMsg - hello *clientHelloMsg - suite *cipherSuite - finishedHash finishedHash - masterSecret []byte - session *ClientSessionState + c *Conn + serverHello *serverHelloMsg + hello *clientHelloMsg + suite *cipherSuite + finishedHash finishedHash + masterSecret []byte + preMasterSecret []byte + session *ClientSessionState } type CacheKeyGenerator interface { @@ -873,7 +874,8 @@ func (hs *clientHandshakeState) doFullHandshake() error { } } - preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) + var ckx *clientKeyExchangeMsg + hs.preMasterSecret, ckx, err = keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) if err != nil { c.sendAlert(alertInternalError) return err @@ -936,7 +938,7 @@ func (hs *clientHandshakeState) doFullHandshake() error { } } - hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random) + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, hs.preMasterSecret, hs.hello.random, hs.serverHello.random) if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil { c.sendAlert(alertInternalError) return errors.New("tls: failed to write to key log: " + err.Error()) diff --git a/tls/handshake_server.go b/tls/handshake_server.go index 799c8fde..d969bb6e 100644 --- a/tls/handshake_server.go +++ b/tls/handshake_server.go @@ -23,18 +23,19 @@ import ( // serverHandshakeState contains details of a server handshake in progress. // It's discarded once the handshake has completed. type serverHandshakeState struct { - c *Conn - clientHello *clientHelloMsg - hello *serverHelloMsg - suite *cipherSuite - ecdheOk bool - ecSignOk bool - rsaDecryptOk bool - rsaSignOk bool - sessionState *sessionState - finishedHash finishedHash - masterSecret []byte - cert *Certificate + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + suite *cipherSuite + ecdheOk bool + ecSignOk bool + rsaDecryptOk bool + rsaSignOk bool + sessionState *sessionState + finishedHash finishedHash + masterSecret []byte + preMasterSecret []byte + cert *Certificate } // serverHandshake performs a TLS handshake as a server. @@ -613,14 +614,14 @@ func (hs *serverHandshakeState) doFullHandshake() error { } hs.finishedHash.Write(ckx.marshal()) - preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers) + hs.preMasterSecret, err = keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers) if err != nil { c.sendAlert(alertHandshakeFailure) return err } c.handshakeLog.ClientKeyExchange = ckx.MakeLog(keyAgreement) - hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random) + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, hs.preMasterSecret, hs.clientHello.random, hs.hello.random) if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil { c.sendAlert(alertInternalError) return err diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index 541440c7..0a382ea6 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -502,6 +502,10 @@ func (m *clientHandshakeState) MakeLog() *KeyMaterial { copy(keymat.MasterSecret.Value, m.masterSecret) keymat.PreMasterSecret = new(PreMasterSecret) + keymat.PreMasterSecret.Length = len(m.preMasterSecret) + keymat.PreMasterSecret.Value = make([]byte, len(m.preMasterSecret)) + copy(keymat.PreMasterSecret.Value, m.preMasterSecret) + return keymat } @@ -514,6 +518,10 @@ func (m *serverHandshakeState) MakeLog() *KeyMaterial { copy(keymat.MasterSecret.Value, m.masterSecret) keymat.PreMasterSecret = new(PreMasterSecret) + keymat.PreMasterSecret.Length = len(m.preMasterSecret) + keymat.PreMasterSecret.Value = make([]byte, len(m.preMasterSecret)) + copy(keymat.PreMasterSecret.Value, m.preMasterSecret) + return keymat } @@ -529,9 +537,8 @@ func (m *clientKeyExchangeMsg) MakeLog(ka keyAgreement) *ClientKeyExchange { ckx.RSAParams.EncryptedPMS = make([]byte, len(m.ciphertext)-2) copy(ckx.RSAParams.EncryptedPMS, m.ciphertext[2:]) // Premaster-Secret is available in KeyMaterial record - // TODO: ZGrab2 - //case *dheKeyAgreement: - // ckx.DHParams = ka.ClientDHParams() + case *dheKeyAgreement: + ckx.DHParams = ka.ClientDHParams() case *ecdheKeyAgreement: ckx.ECDHParams = ka.ClientECDHParams() default: diff --git a/tls/tls_ka.go b/tls/tls_ka.go index 0ed7ff2b..5a8410d2 100644 --- a/tls/tls_ka.go +++ b/tls/tls_ka.go @@ -143,3 +143,20 @@ func (ka *dheKeyAgreement) DHParams() *jsonKeys.DHParams { } return out } + +func (ka *dheKeyAgreement) ClientDHParams() *jsonKeys.DHParams { + out := new(jsonKeys.DHParams) + if ka.p != nil { + out.Prime = new(big.Int).Set(ka.p) + } + if ka.g != nil { + out.Generator = new(big.Int).Set(ka.g) + } + if ka.yClient != nil { + out.ClientPublic = new(big.Int).Set(ka.yClient) + if ka.yOurs != nil && ka.xOurs != nil && ka.yClient.Cmp(ka.yOurs) == 0 { + out.ClientPrivate = new(big.Int).Set(ka.xOurs) + } + } + return out +} From e41bc990cdaccde982d0c0258ef65e410db6f1ce Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 9 Mar 2025 07:45:56 +0000 Subject: [PATCH 35/40] fix(tls): TLS12 sig and digest --- tls/cipher_suites.go | 23 ++++++++++++----------- tls/key_agreement.go | 19 ++++++++++++++++++- tls/tls_handshake.go | 24 +++++++++++------------- tls/tls_ka.go | 14 ++++++++++++++ 4 files changed, 55 insertions(+), 25 deletions(-) diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index 5207bd8d..d00305f6 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -555,24 +555,20 @@ func tls10MAC(h hash.Hash, out, seq, header, data, extra []byte) []byte { } func rsaKA(version uint16) keyAgreement { - return rsaKeyAgreement{} -} - -/* TODO -func rsaEphemeralKA(version uint16) keyAgreement { - return &rsaKeyAgreement{ - version: version, - ephemeral: true, + return rsaKeyAgreement{ auth: &signedKeyAgreement{ sigType: signatureRSA, version: version, - }, - } + }} } -*/ func ecdheECDSAKA(version uint16) keyAgreement { return &ecdheKeyAgreement{ + auth: &signedKeyAgreement{ + sigType: signatureECDSA, + version: version, + }, + isRSA: false, version: version, } @@ -580,6 +576,11 @@ func ecdheECDSAKA(version uint16) keyAgreement { func ecdheRSAKA(version uint16) keyAgreement { return &ecdheKeyAgreement{ + auth: &signedKeyAgreement{ + sigType: signatureRSA, + version: version, + }, + isRSA: true, version: version, } diff --git a/tls/key_agreement.go b/tls/key_agreement.go index 61eddcfd..2d8b0255 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -205,6 +205,7 @@ func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clie // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. type rsaKeyAgreement struct { + auth keyAgreementAuthentication verifyError error } @@ -381,6 +382,8 @@ func pickTLS12HashForSignature(sigType uint8, clientList, serverList []SigAndHas // pre-master secret is then calculated using ECDH. The signature may // be ECDSA, Ed25519 or RSA. type ecdheKeyAgreement struct { + auth keyAgreementAuthentication + version uint16 isRSA bool params ecdheParameters @@ -570,7 +573,21 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell sig = sig[2:] signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams) - if ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); ka.verifyError != nil { + ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig) + + // For logging purposes + skx.digest = signed + switch auth := ka.auth.(type) { + case *signedKeyAgreement: + auth.raw = sig + auth.valid = ka.verifyError == nil + auth.sh.Signature = sigType + auth.sh.Hash = uint8(sigHash) + default: + break + } + + if ka.verifyError != nil { return errors.New("tls: invalid signature by the server certificate: " + ka.verifyError.Error()) } return nil diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index 0a382ea6..c76e2749 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -434,7 +434,7 @@ func (c *Certificates) addParsed(certs []*x509.Certificate, validation *x509.Val func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange { skx := new(ServerKeyExchange) skx.Raw = make([]byte, len(m.key)) - //var auth keyAgreementAuthentication + var auth keyAgreementAuthentication var errAuth error copy(skx.Raw, m.key) skx.Digest = append(make([]byte, 0), m.digest...) @@ -443,31 +443,29 @@ func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange { switch ka := ka.(type) { case *rsaKeyAgreement: skx.RSAParams = ka.RSAParams() - //auth = ka.auth + auth = ka.auth errAuth = ka.verifyError case *dheKeyAgreement: skx.DHParams = ka.DHParams() - //auth = ka.auth + auth = ka.auth errAuth = ka.verifyError case *ecdheKeyAgreement: skx.ECDHParams = ka.ECDHParams() - //auth = ka.auth + auth = ka.auth errAuth = ka.verifyError default: break } - /* - // Write out signature - switch auth := auth.(type) { - case *signedKeyAgreement: - skx.Signature = auth.Signature() - default: - break - } - */ + // Write out signature + switch auth := auth.(type) { + case *signedKeyAgreement: + skx.Signature = auth.Signature() + default: + break + } // Write the signature validation error if errAuth != nil { diff --git a/tls/tls_ka.go b/tls/tls_ka.go index 5a8410d2..b991922e 100644 --- a/tls/tls_ka.go +++ b/tls/tls_ka.go @@ -74,6 +74,20 @@ func signatureTypeToName(sigType uint8) string { return "unknown." + strconv.Itoa(int(sigType)) } +func (ka *signedKeyAgreement) Signature() *DigitalSignature { + out := DigitalSignature{ + Raw: ka.raw, + Type: signatureTypeToName(ka.sigType), + Valid: ka.valid, + Version: TLSVersion(ka.version), + } + if ka.version >= VersionTLS12 { + out.SigHashExtension = new(SignatureAndHash) + *out.SigHashExtension = SignatureAndHash(ka.sh) + } + return &out +} + func (ka *rsaKeyAgreement) RSAParams() *jsonKeys.RSAPublicKey { out := new(jsonKeys.RSAPublicKey) //out.PublicKey = ka.publicKey From 9eda340f5d56156d21b0cc3d049e454330394521 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 9 Mar 2025 09:00:21 +0000 Subject: [PATCH 36/40] fix(tls): TLS12 ecdh params --- tls/key_agreement.go | 42 ++++++++++++++--------- tls/key_schedule.go | 82 ++++++++++++++++++++++++++++++++++++++++++++ tls/tls_ka.go | 42 ++++------------------- 3 files changed, 114 insertions(+), 52 deletions(-) diff --git a/tls/key_agreement.go b/tls/key_agreement.go index 2d8b0255..ebc14dde 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -8,6 +8,7 @@ import ( "crypto" "crypto/dsa" "crypto/ecdsa" + "crypto/elliptic" "crypto/md5" "crypto/rand" "crypto/rsa" @@ -33,20 +34,6 @@ type keyAgreementAuthentication interface { verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) } -// nilKeyAgreementAuthentication does not authenticate the key -// agreement parameters. -type nilKeyAgreementAuthentication struct{} - -func (ka *nilKeyAgreementAuthentication) signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) { - skx := new(serverKeyExchangeMsg) - skx.key = params - return skx, nil -} - -func (ka *nilKeyAgreementAuthentication) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) ([]byte, error) { - return nil, nil -} - // signedKeyAgreement signs the ServerKeyExchange parameters with the // server's private key. type signedKeyAgreement struct { @@ -382,7 +369,8 @@ func pickTLS12HashForSignature(sigType uint8, clientList, serverList []SigAndHas // pre-master secret is then calculated using ECDH. The signature may // be ECDSA, Ed25519 or RSA. type ecdheKeyAgreement struct { - auth keyAgreementAuthentication + auth keyAgreementAuthentication + serverParams ecdheParameters version uint16 isRSA bool @@ -417,6 +405,7 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer return nil, err } ka.params = params + ka.serverParams.Clone() // See RFC 4492, Section 5.4. ecdhePublic := params.PublicKey() @@ -495,6 +484,20 @@ func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Cert return nil, errClientKeyExchange } + // This part is solely for logging purposes. Later in MakeLog(), we only have access to ka.params + // for the client key exchange parameters. We need to store the client's public key here + // to make the log later. The Go TLS library doesn't store the parsed client public key anywhere. + ka.params = nil + if ka.serverParams.CurveID() == X25519 { + ka.params = &x25519Parameters{publicKey: ckx.ciphertext[1:]} + } else { + curve, ok := curveForCurveID(ka.serverParams.CurveID()) + if ok { + x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:]) + ka.params = &nistParameters{x: x, y: y, curveID: ka.serverParams.CurveID()} + } + } + return preMasterSecret, nil } @@ -519,8 +522,15 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell return errServerKeyExchange } - if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { + if curve, ok := curveForCurveID(curveID); curveID != X25519 && !ok { return errors.New("tls: server selected unsupported curve") + } else { + if curveID == X25519 { + ka.serverParams = &x25519Parameters{publicKey: publicKey} + } else { + x, y := elliptic.Unmarshal(curve, publicKey) + ka.serverParams = &nistParameters{x: x, y: y, curveID: curveID} + } } params, err := generateECDHEParameters(config.rand(), curveID) diff --git a/tls/key_schedule.go b/tls/key_schedule.go index 31401697..b9d7a824 100644 --- a/tls/key_schedule.go +++ b/tls/key_schedule.go @@ -12,6 +12,7 @@ import ( "io" "math/big" + jsonKeys "github.com/zmap/zcrypto/json" "golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/curve25519" "golang.org/x/crypto/hkdf" @@ -107,6 +108,9 @@ type ecdheParameters interface { CurveID() CurveID PublicKey() []byte SharedKey(peerPublicKey []byte) []byte + + Clone() ecdheParameters + MakeLog() (*jsonKeys.ECPoint, *jsonKeys.ECDHPrivateParams) } func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) { @@ -177,6 +181,49 @@ func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte { return xShared.FillBytes(sharedKey) } +func (p *nistParameters) Clone() ecdheParameters { + clone := *p + + if p.privateKey != nil { + clone.privateKey = make([]byte, len(p.privateKey)) + copy(clone.privateKey, p.privateKey) + } + + if p.x != nil { + clone.x = new(big.Int).Set(p.x) + } + + if p.y != nil { + clone.y = new(big.Int).Set(p.y) + } + + return &clone +} + +func (p *nistParameters) MakeLog() (*jsonKeys.ECPoint, *jsonKeys.ECDHPrivateParams) { + public := new(jsonKeys.ECPoint) + + if p.x != nil { + public.X = new(big.Int) + public.X.Set(p.x) + } + + if p.y != nil { + public.Y = new(big.Int) + public.Y.Set(p.y) + } + + var private *jsonKeys.ECDHPrivateParams + if len(p.privateKey) > 0 { + private = new(jsonKeys.ECDHPrivateParams) + private.Length = len(p.privateKey) + private.Value = make([]byte, len(p.privateKey)) + copy(private.Value, p.privateKey) + } + + return public, private +} + type x25519Parameters struct { privateKey []byte publicKey []byte @@ -197,3 +244,38 @@ func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte { } return sharedKey } + +func (p *x25519Parameters) Clone() ecdheParameters { + clone := *p + + if p.privateKey != nil { + clone.privateKey = make([]byte, len(p.privateKey)) + copy(clone.privateKey, p.privateKey) + } + + if p.publicKey != nil { + clone.publicKey = make([]byte, len(p.publicKey)) + copy(clone.publicKey, p.publicKey) + } + + return &clone +} + +func (p *x25519Parameters) MakeLog() (*jsonKeys.ECPoint, *jsonKeys.ECDHPrivateParams) { + public := new(jsonKeys.ECPoint) + + if p.publicKey != nil { + public.X = new(big.Int) + public.X.SetBytes(p.publicKey) + } + + var private *jsonKeys.ECDHPrivateParams + if len(p.privateKey) > 0 { + private = new(jsonKeys.ECDHPrivateParams) + private.Length = len(p.privateKey) + private.Value = make([]byte, len(p.privateKey)) + copy(private.Value, p.privateKey) + } + + return public, private +} diff --git a/tls/tls_ka.go b/tls/tls_ka.go index b991922e..6012f83e 100644 --- a/tls/tls_ka.go +++ b/tls/tls_ka.go @@ -90,54 +90,24 @@ func (ka *signedKeyAgreement) Signature() *DigitalSignature { func (ka *rsaKeyAgreement) RSAParams() *jsonKeys.RSAPublicKey { out := new(jsonKeys.RSAPublicKey) - //out.PublicKey = ka.publicKey return out } func (ka *ecdheKeyAgreement) ECDHParams() *jsonKeys.ECDHParams { out := new(jsonKeys.ECDHParams) - out.TLSCurveID = jsonKeys.TLSCurveID(ka.params.CurveID()) - out.ServerPublic = &jsonKeys.ECPoint{} - /* - if ka.x != nil { - out.ServerPublic.X = new(big.Int) - out.ServerPublic.X.Set(ka.x) - } - if ka.y != nil { - out.ServerPublic.Y = new(big.Int) - out.ServerPublic.Y.Set(ka.y) - } - if len(ka.serverPrivKey) > 0 { - out.ServerPrivate = new(jsonKeys.ECDHPrivateParams) - out.ServerPrivate.Length = len(ka.serverPrivKey) - out.ServerPrivate.Value = make([]byte, len(ka.serverPrivKey)) - copy(out.ServerPrivate.Value, ka.serverPrivKey) - } - */ + out.TLSCurveID = jsonKeys.TLSCurveID(ka.serverParams.CurveID()) + + out.ServerPublic, out.ServerPrivate = ka.serverParams.MakeLog() + return out } func (ka *ecdheKeyAgreement) ClientECDHParams() *jsonKeys.ECDHParams { out := new(jsonKeys.ECDHParams) out.TLSCurveID = jsonKeys.TLSCurveID(ka.params.CurveID()) - out.ClientPublic = &jsonKeys.ECPoint{} - /* - if ka.clientX != nil { - out.ClientPublic.X = new(big.Int) - out.ClientPublic.X.Set(ka.clientX) - } - if ka.clientY != nil { - out.ClientPublic.Y = new(big.Int) - out.ClientPublic.Y.Set(ka.clientY) - } - if len(ka.clientPrivKey) > 0 { - out.ClientPrivate = new(jsonKeys.ECDHPrivateParams) - out.ClientPrivate.Length = len(ka.clientPrivKey) - out.ClientPrivate.Value = make([]byte, len(ka.clientPrivKey)) - copy(out.ClientPrivate.Value, ka.clientPrivKey) - } - */ + out.ClientPublic, out.ClientPrivate = ka.params.MakeLog() + return out } From 11895e06ce563bd35cafc833c80502832d22790f Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 9 Mar 2025 09:09:33 +0000 Subject: [PATCH 37/40] fix(tls): ignore y coord in json output for x25519 --- json/ecdhe.go | 9 +++++++-- tls/key_agreement.go | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/json/ecdhe.go b/json/ecdhe.go index aa808ab1..0029539c 100644 --- a/json/ecdhe.go +++ b/json/ecdhe.go @@ -49,12 +49,17 @@ type ECPoint struct { // MarshalJSON implements the json.Marshler interface func (p *ECPoint) MarshalJSON() ([]byte, error) { + var y *cryptoParameter + if p.Y != nil { // Not present for x25519 + y = &cryptoParameter{Int: p.Y} + } + aux := struct { X *cryptoParameter `json:"x"` - Y *cryptoParameter `json:"y"` + Y *cryptoParameter `json:"y,omitempty"` }{ X: &cryptoParameter{Int: p.X}, - Y: &cryptoParameter{Int: p.Y}, + Y: y, } return json.Marshal(&aux) } diff --git a/tls/key_agreement.go b/tls/key_agreement.go index ebc14dde..c102c539 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -405,7 +405,7 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer return nil, err } ka.params = params - ka.serverParams.Clone() + ka.serverParams = params.Clone() // See RFC 4492, Section 5.4. ecdhePublic := params.PublicKey() From f98319588153912068f931bcc5b5210a055b6704 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 16 Mar 2025 21:35:09 +0000 Subject: [PATCH 38/40] fix: x509 error message for the new self-signed certificates error --- x509/verify.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x509/verify.go b/x509/verify.go index 956d6750..7042aedd 100644 --- a/x509/verify.go +++ b/x509/verify.go @@ -94,6 +94,8 @@ func (e CertificateInvalidError) Error() string { return "x509: issuer name does not match subject from issuing certificate" case NeverValid: return "x509: certificate will never be valid" + case IsSelfSigned: + return "x509: certificate is self-signed and not a trusted root" } return "x509: unknown error" } From 7d3b1a2df8f8f7e592b082aff555a106b597ffa3 Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 16 Mar 2025 21:39:25 +0000 Subject: [PATCH 39/40] fix: remove misleading RFC reference and add new TLS signature algorithms Dropped an incorrect comment that suggested signature algorithm constants aligned with RFC 5246, as this was a long-standing misunderstanding. Added support for additional signature algorithms introduced by the updated TLS library. --- tls/common.go | 15 +++++++++------ tls/tls_ka.go | 6 ++++++ tls/tls_names.go | 11 ++++++++--- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/tls/common.go b/tls/common.go index fe972bf4..0e397d8a 100644 --- a/tls/common.go +++ b/tls/common.go @@ -249,13 +249,16 @@ const ( ) // Hash functions for TLS 1.2 (See RFC 5246, section A.4.1) +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 const ( - hashMD5 uint8 = 1 - hashSHA1 uint8 = 2 - hashSHA224 uint8 = 3 - hashSHA256 uint8 = 4 - hashSHA384 uint8 = 5 - hashSHA512 uint8 = 6 + hashNone uint8 = 0 + hashMD5 uint8 = 1 + hashSHA1 uint8 = 2 + hashSHA224 uint8 = 3 + hashSHA256 uint8 = 4 + hashSHA384 uint8 = 5 + hashSHA512 uint8 = 6 + hashIntrinsic uint8 = 8 ) var supportedHashFunc = map[uint8]crypto.Hash{ diff --git a/tls/tls_ka.go b/tls/tls_ka.go index 6012f83e..c365543a 100644 --- a/tls/tls_ka.go +++ b/tls/tls_ka.go @@ -66,8 +66,14 @@ func signatureTypeToName(sigType uint8) string { return "rsa" case signatureDSA: return "dsa" + case signaturePKCS1v15: + return "pkcs1v15" + case signatureRSAPSS: + return "rsapss" case signatureECDSA: return "ecdsa" + case signatureEd25519: + return "ed25519" default: break } diff --git a/tls/tls_names.go b/tls/tls_names.go index f683a6c0..110cbc21 100644 --- a/tls/tls_names.go +++ b/tls/tls_names.go @@ -19,22 +19,27 @@ var clientAuthTypeNames map[int]string var signatureSchemeNames map[uint16]string func init() { - // RFC 5246 7.4.1.4.1 + // Signature algorithms (for internal signaling use). Starting at 225 to avoid overlap with + // TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do. signatureNames = make(map[uint8]string, 8) - // TODO FIXME: the RFC also defines anonymous(0) and (255). signatureNames[signatureRSA] = "rsa" signatureNames[signatureDSA] = "dsa" + signatureNames[signaturePKCS1v15] = "pkcs1v15" + signatureNames[signatureRSAPSS] = "rsapss" signatureNames[signatureECDSA] = "ecdsa" + signatureNames[signatureEd25519] = "ed25519" // RFC 5246 7.4.1.4.1 + // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 hashNames = make(map[uint8]string, 16) - // TODO FIXME: the RFC also defines none(0) and (255). + hashNames[hashNone] = "none" hashNames[hashMD5] = "md5" hashNames[hashSHA1] = "sha1" hashNames[hashSHA224] = "sha224" hashNames[hashSHA256] = "sha256" hashNames[hashSHA384] = "sha384" hashNames[hashSHA512] = "sha512" + hashNames[hashIntrinsic] = "intrinsic" cipherSuiteNames = make(map[int]string, 512) cipherSuiteNames[0x0000] = "TLS_NULL_WITH_NULL_NULL" From 6576108785b216362aabbd0a7ab5eadee003cc8f Mon Sep 17 00:00:00 2001 From: devStorm <59678453+developStorm@users.noreply.github.com> Date: Sun, 16 Mar 2025 22:23:26 +0000 Subject: [PATCH 40/40] fix: update rsaKeyAgreement methods to use pointer receivers --- tls/cipher_suites.go | 2 +- tls/key_agreement.go | 11 ++++++----- tls/tls_handshake.go | 18 ++++++------------ 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/tls/cipher_suites.go b/tls/cipher_suites.go index d00305f6..d9759ee0 100644 --- a/tls/cipher_suites.go +++ b/tls/cipher_suites.go @@ -555,7 +555,7 @@ func tls10MAC(h hash.Hash, out, seq, header, data, extra []byte) []byte { } func rsaKA(version uint16) keyAgreement { - return rsaKeyAgreement{ + return &rsaKeyAgreement{ auth: &signedKeyAgreement{ sigType: signatureRSA, version: version, diff --git a/tls/key_agreement.go b/tls/key_agreement.go index c102c539..9bde1a39 100644 --- a/tls/key_agreement.go +++ b/tls/key_agreement.go @@ -192,15 +192,16 @@ func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clie // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. type rsaKeyAgreement struct { - auth keyAgreementAuthentication + auth keyAgreementAuthentication + verifyError error } -func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { +func (ka *rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { return nil, nil } -func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { +func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { if len(ckx.ciphertext) < 2 { return nil, errClientKeyExchange } @@ -228,11 +229,11 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certifi return preMasterSecret, nil } -func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { +func (ka *rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { return errors.New("tls: unexpected ServerKeyExchange") } -func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { +func (ka *rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { preMasterSecret := make([]byte, 48) preMasterSecret[0] = byte(clientHello.vers >> 8) preMasterSecret[1] = byte(clientHello.vers) diff --git a/tls/tls_handshake.go b/tls/tls_handshake.go index c76e2749..784a3b19 100644 --- a/tls/tls_handshake.go +++ b/tls/tls_handshake.go @@ -89,13 +89,12 @@ type Certificates struct { // ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message type ServerKeyExchange struct { - Raw []byte `json:"-"` - RSAParams *jsonKeys.RSAPublicKey `json:"rsa_params,omitempty"` - DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` - ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` - Digest []byte `json:"digest,omitempty"` - Signature *DigitalSignature `json:"signature,omitempty"` - SignatureError string `json:"signature_error,omitempty"` + Raw []byte `json:"-"` + DHParams *jsonKeys.DHParams `json:"dh_params,omitempty"` + ECDHParams *jsonKeys.ECDHParams `json:"ecdh_params,omitempty"` + Digest []byte `json:"digest,omitempty"` + Signature *DigitalSignature `json:"signature,omitempty"` + SignatureError string `json:"signature_error,omitempty"` } // ClientKeyExchange represents the raw key data sent by the client in TLS key exchange message @@ -441,11 +440,6 @@ func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange { // Write out parameters switch ka := ka.(type) { - case *rsaKeyAgreement: - skx.RSAParams = ka.RSAParams() - auth = ka.auth - errAuth = ka.verifyError - case *dheKeyAgreement: skx.DHParams = ka.DHParams() auth = ka.auth