mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 20:48:21 +00:00
Merge remote-tracking branch 'origin/topic/johanna/its-time-to-add-more-tls-extension-types'
* origin/topic/johanna/its-time-to-add-more-tls-extension-types:
SSL: Add new extension types and ECH test
(cherry picked from commit 3257c0e216)
This commit is contained in:
Johanna Amann
Tim Wojtulewicz
parent
7fbc085c40
commit
2b5ac7ce19
8 changed files with 188 additions and 14 deletions
|
|
@ -12,7 +12,7 @@ ocsp_response_bytes, successful, 0, F6215E926EB3EC41FE08FC25F09FB1B9A0344A10, XX
|
|||
request, 0,
|
||||
request cert, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4
|
||||
ocsp_response_status, successful
|
||||
ocsp_response_certificate, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4, revoked, XXXXXXXXXX.XXXXXX, (UNKNOWN), XXXXXXXXXX.XXXXXX, XXXXXXXXXX.XXXXXX
|
||||
ocsp_response_certificate, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4, revoked, XXXXXXXXXX.XXXXXX, privilegeWithdrawn, XXXXXXXXXX.XXXXXX, XXXXXXXXXX.XXXXXX
|
||||
ocsp_response_bytes, successful, 0, F6215E926EB3EC41FE08FC25F09FB1B9A0344A10, XXXXXXXXXX.XXXXXX, sha1WithRSAEncryption
|
||||
request, 0,
|
||||
request cert, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 017447CB30072EE15B9C1B057B731C5A
|
||||
|
|
|
|||
|
|
@ -9,6 +9,6 @@
|
|||
#types time string string string string string string time string time time
|
||||
XXXXXXXXXX.XXXXXX Fv1Mrl4zObGy9drLdg sha1 74241467069FF5E0983F5E3E1A6BA0652A541575 0159ABE7DD3A0B59A66463D6CF200757D591E76A 010BF45E184C4169AB61B41168DF802E revoked XXXXXXXXXX.XXXXXX superseded XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX
|
||||
XXXXXXXXXX.XXXXXX F7TCyr1Y6YSyUVOW5 sha1 74241467069FF5E0983F5E3E1A6BA0652A541575 0159ABE7DD3A0B59A66463D6CF200757D591E76A 013D34BFD6348EBA231D6925768ACD87 revoked XXXXXXXXXX.XXXXXX unspecified XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX
|
||||
XXXXXXXXXX.XXXXXX FmK7Wj1W7PV2RclIig sha1 74241467069FF5E0983F5E3E1A6BA0652A541575 0159ABE7DD3A0B59A66463D6CF200757D591E76A 0150C0C06D53F9D39205D84EFB5F2BA4 revoked XXXXXXXXXX.XXXXXX (UNKNOWN) XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX
|
||||
XXXXXXXXXX.XXXXXX FmK7Wj1W7PV2RclIig sha1 74241467069FF5E0983F5E3E1A6BA0652A541575 0159ABE7DD3A0B59A66463D6CF200757D591E76A 0150C0C06D53F9D39205D84EFB5F2BA4 revoked XXXXXXXXXX.XXXXXX privilegeWithdrawn XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX
|
||||
XXXXXXXXXX.XXXXXX FfpvoO3DJXnAcoNnp4 sha1 74241467069FF5E0983F5E3E1A6BA0652A541575 0159ABE7DD3A0B59A66463D6CF200757D591E76A 017447CB30072EE15B9C1B057B731C5A revoked XXXXXXXXXX.XXXXXX keyCompromise XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -0,0 +1,53 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
T, grease_0xDADA
|
||||
T, renegotiation_info
|
||||
T, application_layer_protocol_negotiation
|
||||
T, signature_algorithms
|
||||
T, key_share
|
||||
T, psk_key_exchange_modes
|
||||
T, application_setting
|
||||
T, SessionTicket TLS
|
||||
T, supported_versions
|
||||
Curves, 192.168.20.65, 162.159.138.85
|
||||
grease_0x1A1A
|
||||
x25519
|
||||
secp256r1
|
||||
secp384r1
|
||||
T, supported_groups
|
||||
T, encrypted_client_hello
|
||||
T, extended_master_secret
|
||||
T, status_request
|
||||
T, signed_certificate_timestamp
|
||||
T, ec_point_formats
|
||||
T, server_name
|
||||
T, compress_certificate
|
||||
T, grease_0x9A9A
|
||||
T, padding
|
||||
F, supported_versions
|
||||
F, key_share
|
||||
T, grease_0xBABA
|
||||
Curves, 192.168.20.65, 162.159.138.85
|
||||
grease_0xDADA
|
||||
x25519
|
||||
secp256r1
|
||||
secp384r1
|
||||
T, supported_groups
|
||||
T, SessionTicket TLS
|
||||
T, application_setting
|
||||
T, ec_point_formats
|
||||
T, encrypted_client_hello
|
||||
T, renegotiation_info
|
||||
T, signed_certificate_timestamp
|
||||
T, status_request
|
||||
T, signature_algorithms
|
||||
T, compress_certificate
|
||||
T, psk_key_exchange_modes
|
||||
T, extended_master_secret
|
||||
T, server_name
|
||||
T, application_layer_protocol_negotiation
|
||||
T, supported_versions
|
||||
T, key_share
|
||||
T, grease_0xFAFA
|
||||
T, padding
|
||||
F, supported_versions
|
||||
F, key_share
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssl
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
|
||||
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.20.65 51066 162.159.138.85 443 TLSv13 TLS_AES_128_GCM_SHA256 x25519 cloudflare-ech.com F - - T CsiI - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.20.65 51071 162.159.138.85 443 TLSv13 TLS_AES_128_GCM_SHA256 x25519 cloudflare-ech.com F - - T CsiI - - -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
tls13draft16-chrome55.0.2879.0-canary-aborted.pcap
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53226/tcp, resp_h=52.32.149.186, resp_p=443/tcp], T
|
||||
unknown-27242
|
||||
grease_0x6A6A
|
||||
x25519
|
||||
client, TLSv10, TLSv12
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53227/tcp, resp_h=52.32.149.186, resp_p=443/tcp], T
|
||||
unknown-19018
|
||||
grease_0x4A4A
|
||||
x25519
|
||||
client, TLSv10, TLSv12
|
||||
tls13draft16-chrome55.0.2879.0-canary.pcap
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53994/tcp, resp_h=138.68.41.77, resp_p=443/tcp], T
|
||||
unknown-43690
|
||||
grease_0xAAAA
|
||||
x25519
|
||||
client, TLSv10, TLSv12
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53994/tcp, resp_h=138.68.41.77, resp_p=443/tcp], F
|
||||
|
|
@ -24,7 +24,7 @@ established, [orig_h=192.168.6.203, orig_p=53994/tcp, resp_h=138.68.41.77, resp_
|
|||
encrypted, [orig_h=192.168.6.203, orig_p=53994/tcp, resp_h=138.68.41.77, resp_p=443/tcp], T, TLSv10, 23
|
||||
encrypted, [orig_h=192.168.6.203, orig_p=53994/tcp, resp_h=138.68.41.77, resp_p=443/tcp], F, TLSv10, 23
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53996/tcp, resp_h=138.68.41.77, resp_p=443/tcp], T
|
||||
unknown-60138
|
||||
grease_0xEAEA
|
||||
x25519
|
||||
client, TLSv10, TLSv12
|
||||
key_share, [orig_h=192.168.6.203, orig_p=53996/tcp, resp_h=138.68.41.77, resp_p=443/tcp], F
|
||||
|
|
|
|||
BIN
testing/btest/Traces/tls/tls13-ech.pcap
Normal file
BIN
testing/btest/Traces/tls/tls13-ech.pcap
Normal file
Binary file not shown.
|
|
@ -0,0 +1,20 @@
|
|||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13-ech.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
# This is a trace that uses the new encrypted client hello extension to hide (among others)
|
||||
# the real value of the SNI.
|
||||
|
||||
@load base/protocols/ssl
|
||||
|
||||
event ssl_extension(c: connection, is_client: bool, code: count, val: string)
|
||||
{
|
||||
print is_client, SSL::extensions[code];
|
||||
}
|
||||
|
||||
event ssl_extension_elliptic_curves(c: connection, is_client: bool, curves: index_vec)
|
||||
{
|
||||
print "Curves", c$id$orig_h, c$id$resp_h;
|
||||
for ( i in curves )
|
||||
print SSL::ec_curves[curves[i]];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue