Initial import

2025-10-08 20:53:56 +02:00
commit 2081d684ed
25 changed files with 3486 additions and 0 deletions
--- a/tls_test.go
+++ b/tls_test.go
@@ -0,0 +1,91 @@
+package dpi
+
+import (
+	"encoding/hex"
+	"strings"
+	"testing"
+)
+
+func TestDecodeTLSClientHello(t *testing.T) {
+	// Taken from a random PCAP on the internet
+	clientHelloBytes, err := testDecodeHexString(`
+		     1603 0100 c801 0000 c403 03ec 12dd
+		1764 a439 fd7e 8c85 46b8 4d1e a06e b3d7
+		a051 f03c b817 470d 4c54 c5df 7200 001c
+		eaea c02b c02f c02c c030 cca9 cca8 c013
+		c014 009c 009d 002f 0035 000a 0100 007f
+		dada 0000 ff01 0001 0000 0000 1600 1400
+		0011 7777 772e 7769 6b69 7065 6469 612e
+		6f72 6700 1700 0000 2300 0000 0d00 1400
+		1204 0308 0404 0105 0308 0505 0108 0606
+		0102 0100 0500 0501 0000 0000 0012 0000
+		0010 000e 000c 0268 3208 6874 7470 2f31
+		2e31 7550 0000 000b 0002 0100 000a 000a
+		0008 1a1a 001d 0017 0018 1a1a 0001 00
+	`)
+	if err != nil {
+		t.Fatalf("failed to decode test ClientHello: %s", err)
+	}
+
+	// Taken from RFC8443 TLS 1.3 traces example:
+	rfc8443ClientHelloBytes, err := testDecodeHexString(`
+		                            16 03 01 00 c4 01 00 00 c0 03 03 cb
+         34 ec b1 e7 81 63 ba 1c 38 c6 da cb 19 6a 6d ff a2 1a 8d 99 12
+         ec 18 a2 ef 62 83 02 4d ec e7 00 00 06 13 01 13 03 13 02 01 00
+         00 91 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
+         00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02
+         01 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 99 38 1d
+         e5 60 e4 bd 43 d2 3d 8e 43 5a 7d ba fe b3 c0 6e 51 c1 3c ae 4d
+         54 13 69 1e 52 9a af 2c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
+         04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
+         01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
+	`)
+	if err != nil {
+		t.Fatalf("failed to decode test ClientHello: %s", err)
+	}
+
+	t.Run("Client Hello", func(t *testing.T) {
+		hello, err := DecodeTLSClientHelloHandshake(clientHelloBytes)
+		if err != nil {
+			t.Fatal(err)
+			return
+		}
+		hello.Raw = nil
+		t.Logf("%#v", hello)
+	})
+
+	t.Run("TLS 1.3 Client Hello", func(t *testing.T) {
+		hello, err := DecodeTLSClientHelloHandshake(rfc8443ClientHelloBytes)
+		if err != nil {
+			t.Fatal(err)
+			return
+		}
+		hello.Raw = nil
+		t.Logf("%#v", hello)
+	})
+
+}
+
+func TestDecodeTLSServerHello(t *testing.T) {
+	serverHelloBytes, err := hex.DecodeString("02000030030300000000000000000000000000000000000000000000000000000000000000000000000000080005000000050000")
+	if err != nil {
+		t.Fatalf("failed to decode test ServerHello: %s", err)
+	}
+
+	t.Run("Server Hello", func(t *testing.T) {
+		hello, err := DecodeTLSServerHello(serverHelloBytes)
+		if err != nil {
+			t.Fatal(err)
+			return
+		}
+		t.Logf("%#+v", hello)
+	})
+}
+
+func testDecodeHexString(s string) ([]byte, error) {
+	s = strings.TrimSpace(s)
+	s = strings.ReplaceAll(s, " ", "")
+	s = strings.ReplaceAll(s, "\n", "")
+	s = strings.ReplaceAll(s, "\t", "")
+	return hex.DecodeString(s)
+}