maze
81a3829382
Refactored Protocol.Name -> Protocol.Type; added Encapsulation field Refactored TLS parsing; added support for ALPN
134 lines
4.1 KiB
Go
134 lines
4.1 KiB
Go
package dpi
|
|
|
|
import (
|
|
"encoding/hex"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestDecodeTLSClientHello(t *testing.T) {
|
|
// Taken from a random PCAP on the internet
|
|
clientHelloBytes, err := testDecodeHexString(`
|
|
1603 0100 c801 0000 c403 03ec 12dd
|
|
1764 a439 fd7e 8c85 46b8 4d1e a06e b3d7
|
|
a051 f03c b817 470d 4c54 c5df 7200 001c
|
|
eaea c02b c02f c02c c030 cca9 cca8 c013
|
|
c014 009c 009d 002f 0035 000a 0100 007f
|
|
dada 0000 ff01 0001 0000 0000 1600 1400
|
|
0011 7777 772e 7769 6b69 7065 6469 612e
|
|
6f72 6700 1700 0000 2300 0000 0d00 1400
|
|
1204 0308 0404 0105 0308 0505 0108 0606
|
|
0102 0100 0500 0501 0000 0000 0012 0000
|
|
0010 000e 000c 0268 3208 6874 7470 2f31
|
|
2e31 7550 0000 000b 0002 0100 000a 000a
|
|
0008 1a1a 001d 0017 0018 1a1a 0001 00
|
|
`)
|
|
if err != nil {
|
|
t.Fatalf("failed to decode test ClientHello: %s", err)
|
|
}
|
|
|
|
// Taken from RFC8443 TLS 1.3 traces example:
|
|
rfc8443ClientHelloBytes, err := testDecodeHexString(`
|
|
16 03 01 00 c4 01 00 00 c0 03 03 cb
|
|
34 ec b1 e7 81 63 ba 1c 38 c6 da cb 19 6a 6d ff a2 1a 8d 99 12
|
|
ec 18 a2 ef 62 83 02 4d ec e7 00 00 06 13 01 13 03 13 02 01 00
|
|
00 91 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
|
|
00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02
|
|
01 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 99 38 1d
|
|
e5 60 e4 bd 43 d2 3d 8e 43 5a 7d ba fe b3 c0 6e 51 c1 3c ae 4d
|
|
54 13 69 1e 52 9a af 2c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
|
|
04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
|
|
01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
|
|
`)
|
|
if err != nil {
|
|
t.Fatalf("failed to decode test ClientHello: %s", err)
|
|
}
|
|
|
|
t.Run("Client Hello", func(t *testing.T) {
|
|
hello, err := DecodeTLSClientHelloHandshake(clientHelloBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
return
|
|
}
|
|
hello.Raw = nil
|
|
t.Logf("%#v", hello)
|
|
})
|
|
|
|
t.Run("TLS 1.3 Client Hello", func(t *testing.T) {
|
|
hello, err := DecodeTLSClientHelloHandshake(rfc8443ClientHelloBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
return
|
|
}
|
|
hello.Raw = nil
|
|
t.Logf("%#v", hello)
|
|
})
|
|
|
|
}
|
|
|
|
func TestDecodeTLSServerHello(t *testing.T) {
|
|
serverHelloBytes, err := hex.DecodeString("02000030030300000000000000000000000000000000000000000000000000000000000000000000000000080005000000050000")
|
|
if err != nil {
|
|
t.Fatalf("failed to decode test ServerHello: %s", err)
|
|
}
|
|
|
|
tls11ServerHello := []byte{
|
|
// --- Handshake Protocol: ServerHello (64 bytes) ---
|
|
0x02, // Handshake Type: ServerHello (2)
|
|
0x00, 0x00, 0x3c, // Length of the rest of the message (60 bytes)
|
|
0x03, 0x02, // Server Version: TLS 1.1 (Major=3, Minor=2)
|
|
|
|
// Random (32 bytes)
|
|
0xb7, 0xa8, 0xdf, 0xd5, 0x17, 0xb1, 0x50, 0xb4,
|
|
0x28, 0xb7, 0xf6, 0xf3, 0xb9, 0x83, 0xcf, 0x9f,
|
|
0x31, 0x55, 0x79, 0x1f, 0x3b, 0x07, 0x6d, 0x17,
|
|
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00,
|
|
|
|
// Session ID
|
|
0x00, // Session ID Length: 0 (new session)
|
|
|
|
0xc0, 0x09, // Cipher Suite
|
|
0x00, // Compression Method
|
|
|
|
// --- Extensions (20 bytes) ---
|
|
0x00, 0x14, // Extensions Length: 20 bytes
|
|
0xff, 0x01, // Extension Type: renegotiation_info
|
|
0x00, 0x01, // Extension Length: 1 byte
|
|
0x00, // Renegotiation Info Length: 0 bytes
|
|
0x00, 0x10, // Extension Type: alpn
|
|
0x00, 0x05, // Extension Length: 5 bytes
|
|
0x00, 0x03, // ALPN Extension Length: 3 bytes
|
|
0x02, 'h', '2',
|
|
0x0, 0x0b, // Extension Type: ec_points_format
|
|
0x0, 0x02, // Extension Length: 2 bytes
|
|
0x01, // EC Points Format Length: 1 byte
|
|
0x00, // EC Point Format: uncompressed
|
|
}
|
|
|
|
t.Run("Server Hello", func(t *testing.T) {
|
|
hello, err := DecodeTLSServerHello(serverHelloBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
return
|
|
}
|
|
t.Logf("%#+v", hello)
|
|
})
|
|
|
|
t.Run("TLS 1.1 Server Hello", func(t *testing.T) {
|
|
hello, err := DecodeTLSServerHello(tls11ServerHello)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
return
|
|
}
|
|
t.Logf("%#+v", hello)
|
|
})
|
|
}
|
|
|
|
func testDecodeHexString(s string) ([]byte, error) {
|
|
s = strings.TrimSpace(s)
|
|
s = strings.ReplaceAll(s, " ", "")
|
|
s = strings.ReplaceAll(s, "\n", "")
|
|
s = strings.ReplaceAll(s, "\t", "")
|
|
return hex.DecodeString(s)
|
|
}
|