SSL: Add new extension types and ECH test

This commit adds a multitude of new extension types that were added in the last few years; it also adds grease values to extensions, curves, and ciphersuites. Furthermore, it adds a test that contains a encrypted-client-hello key-exchange (which uses several extension types that we do not have in our baseline so far).
2025-10-12 19:48:20 +00:00 · 2023-10-30 13:55:17 +00:00 · 2023-10-30 13:55:17 +00:00 · ff27eb5a69
commit ff27eb5a69
parent 552c65a881
6 changed files with 186 additions and 12 deletions
--- a/testing/btest/scripts/base/protocols/ssl/tls13-encrypted-client-hello.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls13-encrypted-client-hello.test
@ -0,0 +1,20 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13-ech.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff .stdout
+
+# This is a trace that uses the new encrypted client hello extension to hide (among others)
+# the real value of the SNI.
+
+@load base/protocols/ssl
+
+event ssl_extension(c: connection, is_client: bool, code: count, val: string)
+	{
+	print is_client, SSL::extensions[code];
+	}
+
+event ssl_extension_elliptic_curves(c: connection, is_client: bool, curves: index_vec)
+	{
+	print "Curves", c$id$orig_h, c$id$resp_h;
+	for ( i in curves )
+		print SSL::ec_curves[curves[i]];
+	}