Merge branch 'topic/johanna/dtls13'

* topic/johanna/dtls13:
  DTLS1.3 - address review feedback
  DTLS 1.3: Update test baseline
  DTLS 1.3: finish implementation, add connection_id extension
  Add basic DTLSv1.3 support
  SSL: Fix logging of Hello Retry Requests

CHANGES

@@ -1,3 +1,33 @@
+6.0.0-dev.559 | 2023-05-11 15:01:44 +0100
+
+  * Add DTLSv1.3 support (Johanna Amann, Corelight)
+
+    DTLSv1.3 changes the DTLS record format, introducing a completely new
+    unified header - which is a first for DTLS.
+
+    In case connection IDs are used, parsing of the unified header
+    is skipped. This is due to the fact, that the header then contains a
+    variable length element, with the length of the element not given in the
+    header. Instead, the length is given in the client/server hello message
+    of the opposite side of the connection (which we might have missed).
+
+    Furthermore, parsing is not of a high importance, since we are not
+    passing the connection ID, or any of the other parsed values of the
+    unified header into scriptland.
+
+  * SSL: Fix logging of Hello Retry Requests (Johanna Amann, Corelight)
+
+    It turns out that we never logged hello retry requests correctly in the
+    ssl_history field.
+
+    Hello retry requests are (in their final version) signaled by a specific
+    random value in the server random.
+
+    This commit fixes this oversight, and hello retry requests are now
+    correctly logged as such.
+
+  * remote_event_ts_compat: Fix NETWORK_TIMESTAMP to NetworkTimestamp (Arne Welzel, Corelight)
+
 6.0.0-dev.551 | 2023-05-11 14:00:31 +0200
 
   * Add compatibility tests for timestamped events. (Jan Grashoefer, Corelight)

NEWS

@@ -242,6 +242,10 @@ New Functionality
 - The ``ip4_hdr`` record was extended by ``DF``, ``MF``, ``offset`` and ``sum``
   to aid packet-level analysis use-cases.
 
+- Zeek now supports parsing the recently standardized DTLS 1.3. Besides the protocol
+  messages being correctly parsed and raising the typical SSL/TLS events, the biggest
+  visible change is the newly added ``ssl_extension_connection_id`` event.
+
 - The NTP analyzer now recognizes when client and server mode messages disagree
   with the notion of "originator" and "responder" and flips the connection. This
   can happen in packet loss or packet re-ordering scenarios. Such connections will

VERSION

@@ -1 +1 @@
-6.0.0-dev.551
+6.0.0-dev.559

scripts/base/protocols/ssl/consts.zeek

@@ -11,6 +11,7 @@ export {
 	const DTLSv10 = 0xFEFF;
 	# DTLSv11 does not exist
 	const DTLSv12 = 0xFEFD;
+	const DTLSv13 = 0xFEFC;
 
 	## Mapping between the constants and string values for SSL/TLS versions.
 	const version_strings: table[count] of string = {
@@ -21,7 +22,8 @@ export {
 		[TLSv12] = "TLSv12",
 		[TLSv13] = "TLSv13",
 		[DTLSv10] = "DTLSv10",
-		[DTLSv12] = "DTLSv12"
+		[DTLSv12] = "DTLSv12",
+		[DTLSv13] = "DTLSv13"
 	} &default=function(i: count):string
 		{
 		if ( i/0xFF == 0x7F ) # TLS 1.3 draft

scripts/base/protocols/ssl/main.zeek

@@ -68,6 +68,9 @@ export {
 		## Flag to indicate if this record already has been logged, to
 		## prevent duplicates.
 		logged:           bool             &default=F;
+		## Flag to indicate that we have seen a Hello Retry request message.
+		## Used internally for ssl_history logging
+		hrr_seen:         bool             &default=F;
 
 		## SSL history showing which types of packets we received in which order.
 		## Letters have the following meaning with client-sent letters being capitalized:
@@ -283,6 +286,10 @@ event ssl_server_hello(c: connection, version: count, record_version: count, pos
 		}
 	c$ssl$cipher = cipher_desc[cipher];
 
+	# Check if this is a hello retry request. A magic value in the random is used to signal this
+	if ( server_random == "\xCF\x21\xAD\x74\xE5\x9A\x61\x11\xBE\x1D\x8C\x02\x1E\x65\xB8\x91\xC2\xA2\x11\x16\x7A\xBB\x8C\x5E\x07\x9E\x09\xE2\xC8\xA8\x33\x9C" )
+		c$ssl$hrr_seen = T;
+
 	if ( c$ssl?$session_id && c$ssl$session_id == bytestring_to_hexstr(session_id) && c$ssl$version_num/0xFF != 0x7F && c$ssl$version_num != TLSv13 )
 		c$ssl$resumed = T;
 	}
@@ -360,7 +367,14 @@ event ssl_handshake_message(c: connection, is_client: bool, msg_type: count, len
 			add_to_history(c, is_client, "c");
 			break;
 		case SSL::SERVER_HELLO:
-			add_to_history(c, is_client, "s");
+			if ( c$ssl$hrr_seen )
+				{
+				# the server_hello event is raised first, and sets the flag
+				add_to_history(c, is_client, "j");
+				c$ssl$hrr_seen = F;
+				}
+			else
+				add_to_history(c, is_client, "s");
 			break;
 		case SSL::HELLO_VERIFY_REQUEST:
 			add_to_history(c, is_client, "v");

src/analyzer/protocol/ssl/dtls-analyzer.pac

@@ -138,6 +138,33 @@ refine connection SSL_Conn += {
 
 		return true;
 		%}
+
+		function proc_unified_record(is_orig: bool, ur: UnifiedRecord) : bool
+			%{
+			// we don't have a CCS packet anymore - so let's just assume the connection is established once we have seen a packet from each direction.
+			if ( is_orig )
+				client_state_ = STATE_ENCRYPTED;
+			else
+				server_state_ = STATE_ENCRYPTED;
+
+			if ( client_state_ == STATE_ENCRYPTED && server_state_ == STATE_ENCRYPTED && established_ == false )
+				{
+				established_ = true;
+				if ( ssl_established )
+					zeek::BifEvent::enqueue_ssl_established(zeek_analyzer(), zeek_analyzer()->Conn());
+				}
+
+			if ( ssl_encrypted_data )
+				{
+				// In case a CID is given, swallow is not quite the correct length, because we are not parsing the entire header. This is not entirely
+				// trivial to work around, and the workaround won't work in all cases - and it might also not matter.
+				// We also have more potentially interesting information (the sequence number) - which we don't currently give to scriptland.
+				zeek::BifEvent::enqueue_ssl_encrypted_data(zeek_analyzer(),
+					zeek_analyzer()->Conn(), is_orig ^ zeek_analyzer()->GetFlipped(), DTLSv13, APPLICATION_DATA, ur->swallow().length());
+				}
+
+			return true;
+			%}
 };
 
 refine typeattr SSLRecord += &let {
@@ -147,3 +174,7 @@ refine typeattr SSLRecord += &let {
 refine typeattr Handshake += &let {
 	proc: bool = $context.connection.proc_handshake(rec, this);
 };
+
+refine typeattr UnifiedRecord += &let {
+	proc: bool = $context.connection.proc_unified_record(is_orig, this);
+};

src/analyzer/protocol/ssl/dtls-protocol.pac

@@ -4,11 +4,45 @@
 ######################################################################
 
 type DTLSPDU(is_orig: bool) = record {
-	records: SSLRecord(is_orig)[] &transient;
+	records: SSLRecordSwitch(is_orig)[] &transient;
 };
 
-type SSLRecord(is_orig: bool) = record {
-	content_type: uint8;
+# This feels like (another) really dirty hack. DTLS 1.3 introduces a new way in which ciphertext records
+# can be encoded, using a new unified header, which is completely different from the earlier DTLS headers.
+# It only is used after the client & server hello - which essentially are the same as in DTLS 1.2 (including
+# using the same record-layer versions - which is why `dtls_version_ok` underneath does not refer to DTLS 1.3)
+# The DTLS 1.3 unified header is signaled by the first 3 bits of the first byte being set to `001`, but only
+# after DTLS 1.3 has been negotiated.
+type SSLRecordSwitch(is_orig: bool) = record {
+	firstbyte: uint8;
+
+	cont: case $context.connection.is_unified_record(firstbyte) of {
+		false -> rec: SSLRecord(firstbyte, is_orig);
+		true -> unified: UnifiedRecord(firstbyte, is_orig);
+	};
+};
+
+type UnifiedRecord(firstbyte: uint8, is_orig: bool) = record {
+	# If we have a CID, we do currently not try to parse anything, as the connection
+	# ID is variable length, with the length not given in this packet (but only in the hello message
+	# of the opposite side of the direction).
+	seqnum: case with_cid of {
+		false -> sequence_number: bytestring &length=(sequence_number_length?2:1);
+		true -> nothing1: bytestring &length=0;
+	} &requires(sequence_number_length) &requires(with_cid);
+	lengthfield: case (with_cid == false && length_present == true) of {
+		true -> length: uint16;
+		false -> nothing2: bytestring &length=0;
+	} &requires(length_present) &requires(with_cid);
+	swallow: bytestring &restofdata;
+} &let {
+	with_cid: bool = ((firstbyte&0x10)==0x10);
+	sequence_number_length: bool = ((firstbyte&0x08)==0x08);
+	length_present: bool = ((firstbyte&0x04)==0x04);
+	epoch_low_bits: uint8 = (firstbyte&0x03);
+} &byteorder = bigendian;
+
+type SSLRecord(content_type: uint8, is_orig: bool) = record {
 	version: uint16;
 # the epoch signalizes that a changecipherspec message has been received. Hence, everything with
 # an epoch > 0 should be encrypted
@@ -83,4 +117,9 @@ refine connection SSL_Conn += {
 		}
 		%}
 
+		function is_unified_record(firstbyte: uint8): bool
+			%{
+			uint16_t negotiated_version = zeek_analyzer()->GetNegotiatedVersion();
+			return negotiated_version == DTLSv13 && ( (firstbyte & 0xE0) == 0x20 );
+			%}
 };

src/analyzer/protocol/ssl/events.bif

@@ -106,7 +106,7 @@ event ssl_server_hello%(c: connection, version: count, record_version: count, po
 ##    ssl_extension_server_name ssl_extension_signature_algorithm ssl_extension_key_share
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
-##    ssl_connection_flipped
+##    ssl_connection_flipped ssl_extension_connection_id
 event ssl_extension%(c: connection, is_client: bool, code: count, val: string%);
 
 ## Generated for an SSL/TLS Elliptic Curves extension. This TLS extension is
@@ -129,6 +129,7 @@ event ssl_extension%(c: connection, is_client: bool, code: count, val: string%);
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_elliptic_curves%(c: connection, is_client: bool, curves: index_vec%);
 
 ## Generated for an SSL/TLS Supported Point Formats extension. This TLS extension
@@ -153,6 +154,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_client: bool, curves: ind
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_rsa_client_pms ssl_server_signature
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_ec_point_formats%(c: connection, is_client: bool, point_formats: index_vec%);
 
 ## Generated for an Signature Algorithms extension. This TLS extension
@@ -176,6 +178,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_client: bool, point_form
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_rsa_client_pms ssl_server_signature
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_signature_algorithm%(c: connection, is_client: bool, signature_algorithms: signature_and_hashalgorithm_vec%);
 
 ## Generated for a Key Share extension. This TLS extension is defined in TLS1.3-draft16
@@ -198,6 +201,7 @@ event ssl_extension_signature_algorithm%(c: connection, is_client: bool, signatu
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_rsa_client_pms ssl_server_signature
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_key_share%(c: connection, is_client: bool, curves: index_vec%);
 
 ## Generated for the pre-shared key extension as it is sent in the TLS 1.3 client hello.
@@ -222,6 +226,7 @@ event ssl_extension_key_share%(c: connection, is_client: bool, curves: index_vec
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_rsa_client_pms ssl_server_signature ssl_extension_pre_shared_key_server_hello
+##    ssl_extension_connection_id
 event ssl_extension_pre_shared_key_client_hello%(c: connection, is_client: bool, identities: psk_identity_vec, binders: string_vec%);
 
 ## Generated for the pre-shared key extension as it is sent in the TLS 1.3 server hello.
@@ -242,6 +247,7 @@ event ssl_extension_pre_shared_key_client_hello%(c: connection, is_client: bool,
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params
 ##    ssl_rsa_client_pms ssl_server_signature ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_pre_shared_key_server_hello%(c: connection, is_client: bool, selected_identity: count%);
 
 ## Generated if a server uses an ECDH-anon or ECDHE cipher suite using a named curve
@@ -360,6 +366,7 @@ event ssl_rsa_client_pms%(c: connection, pms: string%);
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_extension_signed_certificate_timestamp
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_client: bool, protocols: string_vec%);
 
 ## Generated for an SSL/TLS Server Name extension. This SSL/TLS extension is
@@ -384,6 +391,7 @@ event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_cl
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions
 ##    ssl_extension_signed_certificate_timestamp
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_server_name%(c: connection, is_client: bool, names: string_vec%);
 
 ## Generated for the signed_certificate_timestamp TLS extension as defined in
@@ -417,6 +425,7 @@ event ssl_extension_server_name%(c: connection, is_client: bool, names: string_v
 ##    ssl_extension_application_layer_protocol_negotiation
 ##    x509_ocsp_ext_signed_certificate_timestamp sct_verify
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_signed_certificate_timestamp%(c: connection, is_client: bool, version: count, logid: string, timestamp: count, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%);
 
 ## Generated for an TLS Supported Versions extension. This TLS extension
@@ -439,6 +448,7 @@ event ssl_extension_signed_certificate_timestamp%(c: connection, is_client: bool
 ##    ssl_extension_key_share ssl_extension_server_name
 ##    ssl_extension_psk_key_exchange_modes ssl_extension_signed_certificate_timestamp
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_supported_versions%(c: connection, is_client: bool, versions: index_vec%);
 
 ## Generated for an TLS Pre-Shared Key Exchange Modes extension. This TLS extension is defined
@@ -459,8 +469,30 @@ event ssl_extension_supported_versions%(c: connection, is_client: bool, versions
 ##    ssl_extension_key_share ssl_extension_server_name
 ##    ssl_extension_supported_versions ssl_extension_signed_certificate_timestamp
 ##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+##    ssl_extension_connection_id
 event ssl_extension_psk_key_exchange_modes%(c: connection, is_client: bool, modes: index_vec%);
 
+## Generated for an DTLS Connection ID extension. This TLS extension is defined
+## in the RFC 9146 and sent by the client or the server to signify that Connection IDs should
+## be used for the connection.
+##
+## c: The connection.
+##
+## is_client: True if event is raised for the client side of the connection
+##            (the side that sends the client hello). This is typically equivalent
+##            with the originator, but does not have to be in all circumstances.
+##
+## cid: The connection ID given by the client or the server.
+##
+## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
+##    ssl_session_ticket_handshake ssl_extension
+##    ssl_extension_elliptic_curves ssl_extension_ec_point_formats
+##    ssl_extension_application_layer_protocol_negotiation
+##    ssl_extension_key_share ssl_extension_server_name
+##    ssl_extension_supported_versions ssl_extension_signed_certificate_timestamp
+##    ssl_extension_pre_shared_key_server_hello ssl_extension_pre_shared_key_client_hello
+event ssl_extension_connection_id%(c: connection, is_client: bool, cid: string%);
+
 ## Generated at the end of an SSL/TLS handshake. SSL/TLS sessions start with
 ## an unencrypted handshake, and Zeek extracts as much information out of that
 ## as it can. This event signals the time when an SSL/TLS has finished the
@@ -577,6 +609,12 @@ event ssl_plaintext_data%(c: connection, is_client: bool, record_version: count,
 ## Note that :zeek:id:`SSL::disable_analyzer_after_detection` has to be changed
 ## from its default to false for this event to be generated.
 ##
+## Also note that, for DTLS 1.3, it is not always possible to give an exact length for
+## the payload that is transported in the packet. If connection IDs are used, the length
+## provided is the length of the entire packet, without the first byte (for the unified header).
+## If no connection IDs are used, the length given is the actual payload length. Connection IDs
+## are used with the connection ID extension in the client or server hello.
+##
 ## c: The connection.
 ##
 ## is_client: True if event is raised for the client side of the connection
@@ -589,10 +627,11 @@ event ssl_plaintext_data%(c: connection, is_client: bool, record_version: count,
 ## content_type: message type as reported by TLS session layer. Not populated for
 ##               SSLv2.
 ##
-## length: length of the entire message.
+## length: length of the encrypted payload in the record.
 ##
 ## .. zeek:see::  ssl_client_hello ssl_established ssl_extension ssl_server_hello
 ##    ssl_alert ssl_heartbeat ssl_probable_encrypted_handshake_message
+##    ssl_extension_connection_id
 event ssl_encrypted_data%(c: connection, is_client: bool, record_version: count, content_type: count, length: count%);
 
 ## This event is generated for application data records of TLS 1.3 connections of which

src/analyzer/protocol/ssl/ssl-defs.pac

@@ -77,6 +77,7 @@ function version_ok(vers : uint16) : bool
 	case TLSv13:
 	case DTLSv10:
 	case DTLSv12:
+	case DTLSv13:
 		return true;
 
 	default:
@@ -121,7 +122,8 @@ enum SSLVersions {
 
 	DTLSv10   = 0xFEFF,
 	# DTLSv11 does not exist.
-	DTLSv12   = 0xFEFD
+	DTLSv12   = 0xFEFD,
+	DTLSv13   = 0xFEFC
 };
 
 enum SSLExtensions {
@@ -155,6 +157,7 @@ enum SSLExtensions {
 	EXT_CERTIFICATE_AUTHORITIES = 47,
 	EXT_OID_FILTERS = 48,
 	EXT_KEY_SHARE = 51,
+	EXT_CONNECTION_ID = 54,
 	EXT_NEXT_PROTOCOL_NEGOTIATION = 13172,
 	EXT_ORIGIN_BOUND_CERTIFICATES = 13175,
 	EXT_ENCRYPTED_CLIENT_CERTIFICATES = 13180,

src/analyzer/protocol/ssl/tls-handshake-analyzer.pac

@@ -670,6 +670,17 @@ refine connection Handshake_Conn += {
 		return true;
 		%}
 
+	function proc_connection_id(rec: HandshakeRecord, cid: bytestring) : bool
+		%{
+		if ( ! ssl_extension_connection_id )
+			return true;
+
+		auto cid_string = zeek::make_intrusive<zeek::StringVal>(cid.length(), (const char*) cid.data());
+		zeek::BifEvent::enqueue_ssl_extension_connection_id(zeek_analyzer(), zeek_analyzer()->Conn(), ${rec.is_orig} ^ flipped_, cid_string);
+
+		return true;
+		%}
+
 };
 
 refine typeattr ClientHello += &let {
@@ -802,3 +813,7 @@ refine typeattr SignedCertificateTimestamp += &let {
 refine typeattr CertificateRequest += &let {
 	proc: bool = $context.connection.proc_certificate_request(rec, this);
 };
+
+refine typeattr ConnectionId += &let {
+	proc: bool = $context.connection.proc_connection_id(rec, cid);
+};

src/analyzer/protocol/ssl/tls-handshake-protocol.pac

@@ -811,12 +811,18 @@ type SSLExtension(rec: HandshakeRecord) = record {
 		EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == 0 || $element != 0);
 		EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == 0 || $element != 0);
 		EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == 0 || $element != 0);
+		EXT_CONNECTION_ID -> connection_id: ConnectionId(rec)[] &until($element == 0 || $element != 0);
 		default -> data: bytestring &restofdata;
 	};
 } &length=data_len+4 &exportsourcedata;
 
 %include tls-handshake-signed_certificate_timestamp.pac
 
+type ConnectionId(rec: HandshakeRecord) = record {
+	length: uint8;
+	cid: bytestring &length=length;
+};
+
 type SupportedVersionsSelector(rec: HandshakeRecord, data_len: uint16) = case ( rec.is_orig ^ $context.connection.flipped() ) of {
 	true -> a: SupportedVersions(rec);
 	false -> b: OneSupportedVersion(rec);

testing/btest/Baseline/scripts.base.protocols.ssl.dtls-13/.stdout

@@ -0,0 +1,52 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+CH, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+SH, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+SH, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+Encrypted, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 31
+Encrypted, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 1298
+Encrypted, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 289
+Encrypted, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 61
+Encrypted, [orig_h=10.168.36.147, orig_p=33714/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, 65276, 23, 61
+start CID test
+CID, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, I am a client CID
+CH, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, I am a client CID
+CH, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, I am a client CID
+CH, [orig_h=10.168.36.147, orig_p=52232/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, I am a client CID
+CH, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+SH, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, I am a client CID
+CH, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, fancy server CID
+SH, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 52
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 89
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 1365
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 1292
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 310
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 82
+Encrypted, [orig_h=10.168.36.147, orig_p=57488/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, 65276, 23, 1366
+CH, [orig_h=10.168.36.147, orig_p=58771/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=58771/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=58771/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=58771/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, fancy server CID
+CH, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, fancy server CID
+CH, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CID, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, fancy server CID
+CH, [orig_h=10.168.36.147, orig_p=56544/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+SH, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+CH, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+SH, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], 65277, 65277
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 31
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 68
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 1378
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 1237
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 289
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], F, 65276, 23, 61
+Encrypted, [orig_h=10.168.36.147, orig_p=47904/udp, resp_h=10.168.36.144, resp_p=11111/udp], T, 65276, 23, 1351

testing/btest/Baseline/scripts.base.protocols.ssl.dtls-13/ssl-all.log

@@ -0,0 +1,25 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.168.36.147	33714	10.168.36.144	11111	DTLSv13	TLS_AES_128_GCM_SHA256	secp256r1	-	F	-	-	T	CjCs	-	-	-
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.168.36.147	57488	10.168.36.144	11111	DTLSv13	TLS_AES_128_GCM_SHA256	secp256r1	-	F	-	-	T	CjCs	-	-	-
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	10.168.36.147	47904	10.168.36.144	11111	DTLSv13	TLS_AES_128_GCM_SHA256	secp256r1	-	F	-	-	T	CjCs	-	-	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.168.36.147	52232	10.168.36.144	11111	-	-	-	-	F	-	-	F	CCC	-	-	-
+XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	10.168.36.147	56544	10.168.36.144	11111	-	-	-	-	F	-	-	F	CCC	-	-	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.168.36.147	58771	10.168.36.144	11111	-	-	-	-	F	-	-	F	CCCC	-	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log

@@ -61,5 +61,5 @@ XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.178.80	54220	174.138.9.219	443	TLSv1
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert
 #types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.192.48.168	63564	64.233.185.139	443	TLSv13	TLS_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	CsiICs	-	-	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.192.48.168	63564	64.233.185.139	443	TLSv13	TLS_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	CjiICs	-	-	-
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/scripts/base/protocols/ssl/dtls-13.test

@@ -0,0 +1,30 @@
+# This tests a normal SSL connection and the log it outputs.
+
+# @TEST-EXEC: zeek -C -r $TRACES/tls/dtls13-wolfssl.pcap %INPUT
+# @TEST-EXEC: cp ssl.log ssl-all.log
+# @TEST-EXEC: echo "start CID test"
+# @TEST-EXEC: zeek -C -r $TRACES/tls/dtls13-cid.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: btest-diff ssl-all.log
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: test ! -f dpd.log
+
+event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
+	{
+	print "CH", c$id, version, record_version;
+	}
+
+event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
+	{
+	print "SH", c$id, version, record_version;
+	}
+
+event ssl_extension_connection_id(c: connection, is_client: bool, cid: string)
+	{
+	print "CID", c$id, is_client, cid;
+	}
+
+event ssl_encrypted_data(c: connection, is_client: bool, record_version: count, content_type: count, length: count)
+	{
+	print "Encrypted", c$id, is_client, record_version, content_type, length;
+	}