From 22ed75c3ce7dfe4a64c2a91e48c18c7fc80782b7 Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Tue, 15 Dec 2020 16:57:26 +0000
Subject: [PATCH] Add one more TLS 1.3 testcase and update NEWS

---
 NEWS                                          |  29 +++++++++++++++++-
 .../.stdout                                   |  13 ++++++++
 .../ssl.log                                   |  11 +++++++
 testing/btest/Traces/tls/tls13_wolfssl.pcap   | Bin 0 -> 3399 bytes
 .../ssl/tls13_encrypted_handshake_events.test |  22 +++++++++++++
 5 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
 create mode 100644 testing/btest/Traces/tls/tls13_wolfssl.pcap
 create mode 100644 testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test

diff --git a/NEWS b/NEWS
index 8bde1613fc..1a5391ff23 100644
--- a/NEWS
+++ b/NEWS
@@ -157,11 +157,13 @@ New Functionality
   Configuring with ``--disable-zkg`` disables the zkg inclusion. You
   can continue to install and use zkg independently. You're also free
   to use the config file in ``$prefix/etc/zkg/config`` with other zkg
-  installations. 
+  installations.
 
   The zkg source tree resides in ``auxil/package-manager`` as an
   additional Git submodule.
 
+- Addad a new ``ssl_probable_encrypted_handshake_message`` event, which
+  is raised for encrypted TLS 1.3 handshake messages.
 
 Changed Functionality
 ---------------------
@@ -241,6 +243,31 @@ Changed Functionality
   can be triggered by anybody controlling one of the endpoints (instead
   of both).  For discussion, see https://github.com/zeek/zeek/issues/343.
 
+- TLS 1.3 support was improved in several ways:
+
+  * In the past, some TLS 1.3 sessions were misidentified as using session
+    resumption when, in fact, they were not resumed. This was caused by
+    the TLS session ID which no longer has any meaning in TLS 1.3. This was
+    fixed.
+
+  * Similarly, in the past, TLS 1.3 sessions that use TLS 1.3 PSKs for
+    session resumption were not marked as resumed. This also was fixed.
+
+  * The way in which session establishment for TLS 1.3 is performed was
+    rewritten. This causes the ``ssl_encrypted_data`` event to be correctly
+    raised; in the past this did not work for some sessions. A new
+    ``ssl_probable_encrypted_handshake_message`` event was added that is
+    raised for encrypted TLS 1.3 handshake packets.
+
+  * In the same vein, hello retry requests in TLS 1.3 should now always
+    be handled correctly; in the past this only happened in some cases.
+
+    Please note: When a connection uses Hello Retry requests you will see
+    two client hello and two server hello events in a single connection.
+
+    This happened in the past, but may become more common now; this might
+    trigger unexpected behavior in your scripts.
+
 Removed Functionality
 ---------------------
 
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout
new file mode 100644
index 0000000000..791f1947fe
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout
@@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+Probable handshake, F, 23
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 716
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 281
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 69
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, T, 69
+Established!
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], T, TLSv12, 23
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], T, TLSv12, 23
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
new file mode 100644
index 0000000000..075c2d3eb5
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.186.133	43056	192.168.186.134	9090	TLSv13	TLS_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	-	-	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Traces/tls/tls13_wolfssl.pcap b/testing/btest/Traces/tls/tls13_wolfssl.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..d86dd5c67198660f5a75393cd98265a53d11bf27
GIT binary patch
literal 3399
zcmaKu2UJs87lm)~0)!-B5R_)2NmCR@q$ocG5JahtA}R<Hf@EldNEvkyDUPBzjwqoe
zG!YQNMl1++L3&rP4${R25*3a5-x~+U1eRIrWF=W|eRrR|&v`Fxx6fze0RjB?A^;rx
z@|$+O=gM*lSPeg;0u-Hs#!~q1wJMhgtN}1(%%uUE_&?@13d-VP?JLk%k8$kGAft=3
z@SomBd;<Va5Gy6%iKNb3jvLVLI1H0OWL$+188W}~zmow#<Q1NXis<Sw1^Q7}QwAZO
zk~RJ7{*zJvku}@?@<8-)vKu5@!jn)<(rmy`5oop%(M*B#7tvJQ`{u_`BTk@qBO)WM
z>+ev2G_(YjC=mx3s)+dP_bG`Axc3?Q6GS&eoQYwe3X*PPSY@yCy`+@2AMDP?-RC(5
zS(8)9V}6SjM=RX!6~(+<uL7Ht#luTez!I<$S}qSP2qzhNrm7Bh!(p}^0fGBk8M0sW
z(lcAXayX=?LzWuhb?!;2EDBII>0bW#(Z9fGa&`2Pd{^anbNr6H4~hD8L>0^j65<#E
z!!SIM0xDpRI3@<a;xVE)kxUdLl86MNq&Q9tN5Ek?csLm#1tdTP(m)X?Kn*j1ETF>Q
z<iF2IEp+DxzlD=DNaiDViv2{Ad;yc}fPV9v#lO1)o!J6YbVGi(S5v?(Xf>+u^Y+7R
zlqP>c#M6UQ5*2X#a;OU>2#It=M1JqW0}z2>{$-1eo(0XaXRiO%D*tnlr@Q|%rE^LO
z;C5vVBXV0s1(1c;IYG0(Tm7Evom+O;A?=u3ZS2s&=SR=3)Y!q&I6HLJ?~>-}jC;Bk
znh9a*n&)H^B-xo(=YzFIG+rr%q#Mys^RJlaJU-?Ht;S;n)RA6|kVnFMWWZ1p%;XA@
z3F?Ttn(7BV;x#2qOprV33K8)Q6yO2vK{d%E=j5*f*X@NpO7#=C4m~n*obbpSdgLw-
zJ(3SgpdN^{+I6S!q_1KhLps>;mkNVKCmuR251wWT4?-on0l<KvF3@i^h5mg4{Q(pD
zH$(m2i0IQy0kRknl&F48EcqKEo=O(czi(W>HN0K@n=#VA8S2N^skK?im~e8JcR$HL
zoGZzdZ!Dtg>0oy==W-LoW-Yb$Ij7}SHY@Tip}q4<h(<0=vAZPxIL7Na<+|&z?H8QI
z;Fx;FlC<3^Dd9Jrf(PjE9=Lr|5Ph)cTXVkFaXVE*pHmw{-EC51j~9j8sASx?*C89*
z7v9@R?+A(5l$W3|x0IR#g4pHZU0cWcE_?5BPj3p<d5q=aS68XyUauiss@tP^el*LG
z8K~b;)2vPKBNf;NpN`}AJG<02KiD|5_m^}1Av=tpGbI~_D=q(?t}7WTVb^&?GirKb
zv#+Gtq7m})#p_y3^A${z)IYYrmFpot>As+08=W?<*=_LKv>QDIXC9UAEWg$kJ9v0Q
z_PKaAXRqP@u8z<p%eqM}y#BSz2Ch_(v1q|WE~z43YOmKaQk+7)>LN+c08Ut}MpcYB
z{}9Efw^8+$)rnEC#!0M{E2CA*rxu!zJ{{bqBE#L<GB)t(kyZCgMsen}H^<{CRGPBS
zSnt|GW-FJ&4B<$2miH`e=5BGxAKD<saT=kv6v?vRHeDq+R%xcs4ViazAaKox8CZGh
z>gr|A3v(X!n&l*~)51$=5t7={R_~-f?!7YW1NrSnxsAq>0n(eJcT_m^%*VULU0Z6e
z_~8Xs$S#bN;m!%QVcnGB*(gxbj?Rix7mKY9?RHz}lhl}*no`vlL@s>ZR<yz^{lohw
zsReAwIng%`YsQ`R|9bwB?Zv0p=X+$G@zCuu&&m$`=S7bjegAAeffH065*w2pxjQ=Q
zn2q{s<tE(HW}2^@{Mg{V>~;f3)4MujDyAd+b*?56BXt&)4T*Jo4eF}$!dKPa>!h<;
z7c8bl=$v48nH+aLWcTSyePp0Ne-C%f8yBj%1(Oq_Ru$lQ^W(+2rL3AX?U^ahdTiWx
z8s*enY0zBIH<sIHFKZl2l4_mhY-Gifc`#d|SZ5bg_t5zcbD}s}kvg~{KUq2r!O~ey
zUb+ldv~=}p6HDhYzI3k7DPRk{bE6VnI^3@;fQYAUg_kbFb$sbINlYxAFI+kgxO6y0
z@2$z?wxsoCPx-tqDVIM~h$-%wzf~+>Nb4W5+x>9us$0>chWkg!&fzWky8hw*HrxFj
z%$F^-I=Cg`4RcU^c23hw@r4QT1uMO^_wcl|8v+N{3<Z=|*cJ{yFuSg!x^jot9~-x>
zWNPJc=iy!t?7#eHAD2au2`!4yU$M*3#l)+%#Qego&z}40ou~0LE%g@;nCq@`$=A+u
z7R&#HR|z_^CMCd^Ihx+D#-MfI$vocw!r1A|t|L1WZHw)bcvabAdue;*v@C|I?mE=g
z+RZuhYMNeru>rMaMU$FB@qrU0?~j+Y^rtmE*FUhVk=gEl+0!7tVaJB1T%`@e)IWlv
zhH4I;BF{@Ys<<kGh6{Hy6aQkiXy+%n;=9suBPhXQ==V<&oF_=oVse7)FqB~3j)?^6
zFhO5LOzfqALohs4q6va177h`Mm4y>zhm9wwMx02H2@|BF+rG7*p&I>CwVaY6QPFsL
zc({txz=3VNEhEI=*9Nvc_9@^zQC-9ur1fMde)M@(h3_=|oM+uaBDV+Zt8>hcG;!d%
zD5<>VAZ^W1+fTaH6m(0QqTB0&ZnY=6^@iOt5ix8)s9WL3W)wpU5ufp<Br4!|oRSG5
z0}%z??v*$~H&&~|?wZ|C)Kv5HwMbG8NqJ;cX+85qeTl{DLUGyxA7#BNuJN91DO#k-
z=@~=|r-cqLl7`*>9KNuC!DA)9#6Lya+Mu>_7y_zEkHiv&wm{n*VQp-+sH^Pj(TX@;
z0%@|gusKJom6d8d8{bvw1qCn4ZM~NE>f__M;>~^6hlfbY9Ueh>(#8pqGmSR;o!H(!
zvL)~JW$q=~>r+ufB^s^sn&%!a>6!guvyJIXrLO<ANxxD1_>gG0Jec~*)l|1^)V40$
zS*hXOrjAR-m4>r>W32FU(TRnN>jjT@xgnwCME=6D@Pesgh)mUW$4<5yOpagMHZfIx
zaH<%{9kT?fA7??7hzW?^QxMq#;=g~HVQNW;7z&C0K|duD1Vs9jL>V0agx0vmi|OOU
kL%~8s;ps8}g1g}gUy%gaFu@yWUU&1y6AVk%Y`d8Le??|GeE<Le

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test b/testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test
new file mode 100644
index 0000000000..3293315723
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test
@@ -0,0 +1,22 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/ssl
+
+redef SSL::disable_analyzer_after_detection=F;
+
+event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
+	{
+	print "encrypted", c$id, is_orig, SSL::version_strings[record_version], content_type;
+	}
+
+event ssl_established(c: connection)
+	{
+	print "Established!";
+	}
+
+event ssl_probable_encrypted_handshake_message(c: connection, is_orig: bool, length: count)
+	{
+	print "Probable handshake", is_orig, length;
+	}