#[macro_use] extern crate pretty_assertions; extern crate nom; extern crate tls_parser; mod tls_extensions { use tls_parser::*; #[rustfmt::skip] static CLIENT_EXTENSIONS1: &[u8] = &[ 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x1c, 0x00, 0x1a, 0x00, 0x17, 0x00, 0x19, 0x00, 0x1c, 0x00, 0x1b, 0x00, 0x18, 0x00, 0x1a, 0x00, 0x16, 0x00, 0x0e, 0x00, 0x0d, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x01, 0x06, 0x02, 0x06, 0x03, 0x05, 0x01, 0x05, 0x02, 0x05, 0x03, 0x04, 0x01, 0x04, 0x02, 0x04, 0x03, 0x03, 0x01, 0x03, 0x02, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x01 ]; #[test] fn test_tls_extensions() { let empty = &b""[..]; let bytes = CLIENT_EXTENSIONS1; let ec_point_formats = &[0, 1, 2]; let ext1 = &[0, 0, 0, 0]; let ecc: Vec<_> = [23, 25, 28, 27, 24, 26, 22, 14, 13, 11, 12, 9, 10] .iter() .map(|&x| NamedGroup(x)) .collect(); let expected = Ok(( empty, vec![ TlsExtension::SNI(vec![(SNIType::HostName, b"www.google.com")]), TlsExtension::EcPointFormats(ec_point_formats), TlsExtension::EllipticCurves(ecc), TlsExtension::SessionTicket(empty), TlsExtension::SignatureAlgorithms(vec![ 0x0601, 0x0602, 0x0603, 0x0501, 0x0502, 0x0503, 0x0401, 0x0402, 0x0403, 0x0301, 0x0302, 0x0303, 0x0201, 0x0202, 0x0203, ]), TlsExtension::StatusRequest(Some((CertificateStatusType::OCSP, ext1))), TlsExtension::Heartbeat(1), ], )); let res = parse_tls_extensions(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_max_fragment_length() { let empty = &b""[..]; let bytes = &[0x00, 0x01, 0x00, 0x01, 0x04]; let expected = Ok((empty, TlsExtension::MaxFragmentLength(4))); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_alpn() { let empty = &b""[..]; let bytes = &[ 0x00, 0x10, 0x00, 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, ]; let expected = Ok(( empty, TlsExtension::ALPN(vec![ b"h2-16", b"h2-15", b"h2-14", b"h2", b"spdy/3.1", b"http/1.1", ]), )); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_encrypt_then_mac() { let empty = &b""[..]; let bytes = &[0x00, 0x16, 0x00, 0x00]; let expected = Ok((empty, TlsExtension::EncryptThenMac)); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_extended_master_secret() { let empty = &b""[..]; let bytes = &[0x00, 0x17, 0x00, 0x00]; let expected = Ok((empty, TlsExtension::ExtendedMasterSecret)); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_npn() { let empty = &b""[..]; let bytes = &[0x33, 0x74, 0x00, 0x00]; let expected = Ok((empty, TlsExtension::NextProtocolNegotiation)); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_list() { let empty = &b""[..]; let bytes = &[0, 5, 0, 0, 0, 23, 0, 0, 255, 1, 0, 1, 0]; let expected = Ok(( empty, vec![ TlsExtension::StatusRequest(None), TlsExtension::ExtendedMasterSecret, TlsExtension::RenegotiationInfo(&[]), ], )); let res = parse_tls_extensions(bytes); println!("{:?}", res); assert_eq!(res, expected); } #[test] fn test_tls_extension_keyshare_helloretryrequest() { let empty = &b""[..]; let bytes = &[ 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xa2, 0x4e, 0x84, 0xfa, 0x82, 0x63, 0xf8, 0xff, 0x20, 0x7a, 0x79, 0x82, 0xfd, 0x34, 0x12, 0xfc, 0xae, 0x8d, 0xd8, 0xe3, 0x1e, 0xf4, 0x5d, 0xe6, 0x61, 0x09, 0x3b, 0x7f, 0xa5, 0x81, 0x12, 0x63, 0x00, 0x2b, 0x00, 0x02, 0x7f, 0x17, ]; let expected = Ok(( empty, vec![ TlsExtension::KeyShare(&bytes[4..40]), TlsExtension::SupportedVersions(vec![TlsVersion(0x7f17)]), ], )); let res = parse_tls_extensions(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_signed_certificate_timestamp() { let empty = &b""[..]; let bytes = &[0x00, 0x12, 0x00, 0x00]; let expected = Ok((empty, TlsExtension::SignedCertificateTimestamp(None))); let res = parse_tls_extension(bytes); assert_eq!(res, expected); } #[test] fn test_tls_extension_grease() { let empty = &b""[..]; let bytes = &[0x3a, 0x3a, 0x00, 0x01, 0x00]; let expected = TlsExtension::Grease(0x3a3a, &[0x00]); let res = parse_tls_extension(bytes); assert_eq!(res, Ok((empty, expected))); } const ESNI: &[u8] = include_bytes!("../assets/esni.bin"); #[test] fn test_tls_extension_esni() { let res = parse_tls_extension(ESNI).expect("Parsing eSNI failed"); match res.1 { TlsExtension::EncryptedServerName { ciphersuite, group, .. } => { assert_eq!(ciphersuite.0, 0x1301); assert_eq!(group.0, 0x1d); } _ => panic!("Wrong extension type (expected eSNI"), } } #[test] fn test_tls_extension_record_size_limit() { let empty = &b""[..]; let bytes = &[0x00, 0x1c, 0x00, 0x02, 0x40, 0x01]; let expected = TlsExtension::RecordSizeLimit(16385); let res = parse_tls_extension(bytes); assert_eq!(res, Ok((empty, expected))); } } // mod tls_extensions