github.com/gopacket/gopacket@v1.1.0/layers/tls_test.go (about)

     1  // Copyright 2020 The GoPacket Authors. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style license that can be found
     4  // in the LICENSE file in the root of the source tree.
     5  package layers
     6  
     7  import (
     8  	"reflect"
     9  	"testing"
    10  
    11  	"github.com/gopacket/gopacket"
    12  )
    13  
    14  // https://github.com/tintinweb/scapy-ssl_tls/blob/master/tests/files/RSA_WITH_AES_128_CBC_SHA.pcap
    15  // WARNING! Tests are specific for each packet. If you change a packet, please review their tests.
    16  
    17  // Packet 4 - Client Hello (full packet, from Ethernet to TLS layers)
    18  var testClientHello = []byte{
    19  	0x00, 0x0c, 0x29, 0x1f, 0xab, 0x17, 0x00, 0x50, 0x56, 0xc0, 0x00, 0x08, 0x08, 0x00, 0x45, 0x00,
    20  	0x00, 0xfe, 0x71, 0x42, 0x40, 0x00, 0x80, 0x06, 0x4e, 0xe1, 0xc0, 0xa8, 0xdc, 0x01, 0xc0, 0xa8,
    21  	0xdc, 0x83, 0x2f, 0x0e, 0x01, 0xbb, 0x25, 0x6c, 0xbd, 0x3d, 0xcc, 0xce, 0xe1, 0xf7, 0x50, 0x18,
    22  	0xff, 0xff, 0x7c, 0xaf, 0x00, 0x00, 0x16, 0x03, 0x01, 0x00, 0xd1, 0x01, 0x00, 0x00, 0xcd, 0x03,
    23  	0x01, 0xff, 0xa2, 0x88, 0x97, 0x7c, 0x41, 0xa1, 0x08, 0x34, 0x2c, 0x98, 0xc2, 0x70, 0x04, 0xa0,
    24  	0x5d, 0x5f, 0x39, 0xef, 0xe0, 0x70, 0xd5, 0x12, 0xf1, 0x35, 0x17, 0xb6, 0x0d, 0xc4, 0xd3, 0x09,
    25  	0x85, 0x00, 0x00, 0x5a, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0x00, 0x88, 0x00, 0x87,
    26  	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
    27  	0x00, 0x9a, 0x00, 0x99, 0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x2f, 0x00, 0x96,
    28  	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12,
    29  	0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
    30  	0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
    31  	0x00, 0x00, 0x49, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x34, 0x00,
    32  	0x32, 0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x18, 0x00, 0x09, 0x00,
    33  	0x0a, 0x00, 0x16, 0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07, 0x00, 0x14, 0x00, 0x15, 0x00,
    34  	0x04, 0x00, 0x05, 0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x0f, 0x00,
    35  	0x10, 0x00, 0x11, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x01,
    36  }
    37  var testClientHelloDecoded = &TLS{
    38  	BaseLayer: BaseLayer{
    39  		Contents: testClientHello[54:],
    40  		Payload:  nil,
    41  	},
    42  	ChangeCipherSpec: nil,
    43  	Handshake: []TLSHandshakeRecord{
    44  		{
    45  			TLSRecordHeader: TLSRecordHeader{
    46  				ContentType: 22,
    47  				Version:     0x0301,
    48  				Length:      209,
    49  			},
    50  			ClientHello: TLSHandshakeRecordClientHello{
    51  				HandshakeType:            0x1,
    52  				Length:                   0xcd,
    53  				ProtocolVersion:          0x301,
    54  				Random:                   []uint8{0xff, 0xa2, 0x88, 0x97, 0x7c, 0x41, 0xa1, 0x8, 0x34, 0x2c, 0x98, 0xc2, 0x70, 0x4, 0xa0, 0x5d, 0x5f, 0x39, 0xef, 0xe0, 0x70, 0xd5, 0x12, 0xf1, 0x35, 0x17, 0xb6, 0xd, 0xc4, 0xd3, 0x9, 0x85},
    55  				SessionIDLength:          0x0,
    56  				SessionID:                []uint8{},
    57  				CipherSuitsLength:        0x5a,
    58  				CipherSuits:              []uint8{0xc0, 0x14, 0xc0, 0xa, 0x0, 0x39, 0x0, 0x38, 0x0, 0x88, 0x0, 0x87, 0xc0, 0xf, 0xc0, 0x5, 0x0, 0x35, 0x0, 0x84, 0xc0, 0x13, 0xc0, 0x9, 0x0, 0x33, 0x0, 0x32, 0x0, 0x9a, 0x0, 0x99, 0x0, 0x45, 0x0, 0x44, 0xc0, 0xe, 0xc0, 0x4, 0x0, 0x2f, 0x0, 0x96, 0x0, 0x41, 0xc0, 0x11, 0xc0, 0x7, 0xc0, 0xc, 0xc0, 0x2, 0x0, 0x5, 0x0, 0x4, 0xc0, 0x12, 0xc0, 0x8, 0x0, 0x16, 0x0, 0x13, 0xc0, 0xd, 0xc0, 0x3, 0x0, 0xa, 0x0, 0x15, 0x0, 0x12, 0x0, 0x9, 0x0, 0x14, 0x0, 0x11, 0x0, 0x8, 0x0, 0x6, 0x0, 0x3, 0x0, 0xff},
    59  				CompressionMethodsLength: 0x2,
    60  				CompressionMethods:       []uint8{0x1, 0x0},
    61  				ExtensionsLength:         0x49,
    62  				Extensions:               []uint8{0x0, 0xb, 0x0, 0x4, 0x3, 0x0, 0x1, 0x2, 0x0, 0xa, 0x0, 0x34, 0x0, 0x32, 0x0, 0xe, 0x0, 0xd, 0x0, 0x19, 0x0, 0xb, 0x0, 0xc, 0x0, 0x18, 0x0, 0x9, 0x0, 0xa, 0x0, 0x16, 0x0, 0x17, 0x0, 0x8, 0x0, 0x6, 0x0, 0x7, 0x0, 0x14, 0x0, 0x15, 0x0, 0x4, 0x0, 0x5, 0x0, 0x12, 0x0, 0x13, 0x0, 0x1, 0x0, 0x2, 0x0, 0x3, 0x0, 0xf, 0x0, 0x10, 0x0, 0x11, 0x0, 0x23, 0x0, 0x0, 0x0, 0xf, 0x0, 0x1, 0x1},
    63  			},
    64  		},
    65  	},
    66  	AppData: nil,
    67  	Alert:   nil,
    68  }
    69  
    70  // Packet 6 - Server Hello, Certificate, Server Hello Done
    71  var testServerHello = []byte{
    72  	0x16, 0x03, 0x01, 0x00, 0x3a, 0x02, 0x00, 0x00, 0x36, 0x03, 0x01, 0x55, 0x5c, 0xd6, 0x97, 0xa3,
    73  	0x97, 0xe9, 0xf4, 0x0c, 0xf4, 0x56, 0x14, 0x9f, 0xe4, 0x24, 0xf9, 0xeb, 0x49, 0xd4, 0xd1, 0x5f,
    74  	0xfc, 0x12, 0xb4, 0xfd, 0x45, 0x4e, 0x3d, 0xeb, 0x6a, 0xad, 0xcf, 0x00, 0x00, 0x2f, 0x01, 0x00,
    75  	0x0e, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x16,
    76  	0x03, 0x01, 0x01, 0x90, 0x0b, 0x00, 0x01, 0x8c, 0x00, 0x01, 0x89, 0x00, 0x01, 0x86, 0x30, 0x82,
    77  	0x01, 0x82, 0x30, 0x82, 0x01, 0x2c, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
    78  	0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30, 0x38, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
    79  	0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x08,
    80  	0x13, 0x03, 0x51, 0x4c, 0x44, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12,
    81  	0x53, 0x53, 0x4c, 0x65, 0x61, 0x79, 0x2f, 0x72, 0x73, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20,
    82  	0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x35, 0x31, 0x30, 0x30, 0x39, 0x32, 0x33, 0x33, 0x32,
    83  	0x30, 0x35, 0x5a, 0x17, 0x0d, 0x39, 0x38, 0x30, 0x37, 0x30, 0x35, 0x32, 0x33, 0x33, 0x32, 0x30,
    84  	0x35, 0x5a, 0x30, 0x60, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41,
    85  	0x55, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x03, 0x51, 0x4c, 0x44, 0x31,
    86  	0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x4d, 0x69, 0x6e, 0x63, 0x6f, 0x6d,
    87  	0x20, 0x50, 0x74, 0x79, 0x2e, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
    88  	0x55, 0x04, 0x0b, 0x13, 0x02, 0x43, 0x53, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
    89  	0x13, 0x12, 0x53, 0x53, 0x4c, 0x65, 0x61, 0x79, 0x20, 0x64, 0x65, 0x6d, 0x6f, 0x20, 0x73, 0x65,
    90  	0x72, 0x76, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
    91  	0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xb7, 0x2c, 0x25,
    92  	0xdc, 0x49, 0xc5, 0xae, 0x6b, 0x43, 0xc5, 0x2e, 0x41, 0xc1, 0x2e, 0x6d, 0x95, 0x7a, 0x3a, 0xa9,
    93  	0x03, 0x51, 0x78, 0x45, 0x0f, 0x2a, 0xd1, 0x58, 0xd1, 0x88, 0xf6, 0x9f, 0x8f, 0x1f, 0xd9, 0xfd,
    94  	0xa5, 0x87, 0xde, 0x2a, 0x5d, 0x31, 0x5b, 0xee, 0x24, 0x66, 0xbf, 0xc0, 0x55, 0xdb, 0xfe, 0x70,
    95  	0xc5, 0x2c, 0x39, 0x5f, 0x5a, 0x9f, 0xa8, 0x08, 0xfc, 0x21, 0x06, 0xd5, 0x4f, 0x02, 0x03, 0x01,
    96  	0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05,
    97  	0x00, 0x03, 0x41, 0x00, 0x2b, 0x34, 0x5b, 0x22, 0x85, 0x62, 0x23, 0x07, 0x36, 0xf4, 0x0c, 0x2b,
    98  	0x14, 0xd0, 0x1b, 0xcb, 0xd9, 0xbb, 0xd2, 0xc0, 0x9a, 0xcf, 0x12, 0xa1, 0x65, 0x90, 0x3a, 0xb7,
    99  	0x17, 0x83, 0x3a, 0x10, 0x6b, 0xad, 0x2f, 0xd6, 0xb1, 0x11, 0xc0, 0x0d, 0x5a, 0x06, 0xdb, 0x11,
   100  	0xd0, 0x2f, 0x34, 0x90, 0xf5, 0x76, 0x61, 0x26, 0xa1, 0x69, 0xf2, 0xdb, 0xb3, 0xe7, 0x20, 0xcb,
   101  	0x3a, 0x64, 0xe6, 0x41, 0x16, 0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
   102  }
   103  
   104  // Packet 7 - Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
   105  var testClientKeyExchange = []byte{
   106  	0x16, 0x03, 0x01, 0x00, 0x46, 0x10, 0x00, 0x00, 0x42, 0x00, 0x40, 0x9e, 0x73, 0xdf, 0xe0, 0xf2,
   107  	0xd0, 0x40, 0x32, 0x44, 0x9a, 0x34, 0x7f, 0x57, 0x86, 0x10, 0xea, 0x3d, 0xc5, 0xe2, 0xf9, 0xa5,
   108  	0x69, 0x43, 0xc9, 0x0b, 0x00, 0x7e, 0x91, 0x31, 0x57, 0xfc, 0xc5, 0x65, 0x18, 0x0d, 0x44, 0xfd,
   109  	0x51, 0xf8, 0xda, 0x8a, 0x7a, 0xab, 0x16, 0x03, 0xeb, 0xac, 0x23, 0x6e, 0x8d, 0xdd, 0xbb, 0xf4,
   110  	0x75, 0xe7, 0xb7, 0xa3, 0xce, 0xdb, 0x67, 0x6b, 0x7d, 0x30, 0x2a, 0x14, 0x03, 0x01, 0x00, 0x01,
   111  	0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x15, 0xcb, 0x7a, 0x5b, 0x2d, 0xc0, 0x27, 0x09, 0x28, 0x62,
   112  	0x95, 0x44, 0x9f, 0xa1, 0x1e, 0x4e, 0x6a, 0xfb, 0x49, 0x9d, 0x6a, 0x24, 0x44, 0xc6, 0x8e, 0x26,
   113  	0xbc, 0xc1, 0x28, 0x8c, 0x27, 0xcc, 0xa2, 0xba, 0xec, 0x38, 0x63, 0x6e, 0x64, 0xd8, 0x52, 0x94,
   114  	0x17, 0x96, 0x61, 0xfd, 0x9c, 0x54,
   115  }
   116  var testClientKeyExchangeDecoded = &TLS{
   117  	BaseLayer: BaseLayer{
   118  		Contents: testClientKeyExchange[81:],
   119  		Payload:  nil,
   120  	},
   121  	ChangeCipherSpec: []TLSChangeCipherSpecRecord{
   122  		{
   123  			TLSRecordHeader{
   124  				ContentType: 20,
   125  				Version:     0x0301,
   126  				Length:      1,
   127  			},
   128  			1,
   129  		},
   130  	},
   131  	Handshake: []TLSHandshakeRecord{
   132  		{
   133  			TLSRecordHeader: TLSRecordHeader{
   134  				ContentType: 22,
   135  				Version:     0x0301,
   136  				Length:      70,
   137  			},
   138  		},
   139  		{
   140  			TLSRecordHeader: TLSRecordHeader{
   141  				ContentType: 22,
   142  				Version:     0x0301,
   143  				Length:      48,
   144  			},
   145  		},
   146  	},
   147  	AppData: nil,
   148  	Alert:   nil,
   149  }
   150  
   151  // Packet 9 - New Session Ticket, Change Cipher Spec, Encryption Handshake Message
   152  var testNewSessionTicket = []byte{
   153  	0x16, 0x03, 0x01, 0x00, 0xaa, 0x04, 0x00, 0x00, 0xa6, 0x00, 0x00, 0x1c, 0x20, 0x00, 0xa0, 0xd4,
   154  	0xee, 0xb0, 0x9b, 0xb5, 0xa2, 0xd3, 0x00, 0x57, 0x84, 0x59, 0xec, 0x0d, 0xbf, 0x05, 0x0c, 0xd5,
   155  	0xb9, 0xe2, 0xf8, 0x32, 0xb5, 0xec, 0xce, 0xe2, 0x9c, 0x25, 0x25, 0xd9, 0x3e, 0x4a, 0x94, 0x5b,
   156  	0xca, 0x18, 0x2b, 0x0f, 0x5f, 0xf6, 0x73, 0x38, 0x62, 0xcd, 0xcc, 0xf1, 0x32, 0x39, 0xe4, 0x5e,
   157  	0x30, 0xf3, 0x94, 0xf5, 0xc5, 0x94, 0x3a, 0x8c, 0x8e, 0xe5, 0x12, 0x4a, 0x1e, 0xd8, 0x31, 0xb5,
   158  	0x17, 0x09, 0xa6, 0x4c, 0x69, 0xca, 0xae, 0xfb, 0x04, 0x17, 0x64, 0x54, 0x9e, 0xc2, 0xfa, 0xf3,
   159  	0x6d, 0xe9, 0xa5, 0xed, 0xa6, 0x65, 0xfe, 0x2f, 0xf3, 0xc6, 0xce, 0x78, 0x40, 0xf7, 0x65, 0xe0,
   160  	0x13, 0xd3, 0x77, 0xc7, 0xc5, 0x79, 0x16, 0x56, 0x4c, 0x30, 0x94, 0xcf, 0xb0, 0x3c, 0x00, 0x91,
   161  	0xbd, 0x86, 0x08, 0x9f, 0x2f, 0x05, 0x67, 0x03, 0x6f, 0xa7, 0x3b, 0xb9, 0x36, 0xf2, 0x80, 0x4f,
   162  	0x60, 0x5d, 0x4c, 0xc4, 0x42, 0x5d, 0x02, 0x44, 0xba, 0x31, 0x8f, 0x39, 0x8e, 0x0c, 0x1e, 0xa8,
   163  	0x26, 0x4f, 0x3e, 0x01, 0x96, 0xb3, 0x6f, 0xc6, 0x25, 0xe4, 0x30, 0x03, 0xd6, 0x3a, 0x7d, 0x14,
   164  	0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x25, 0xb8, 0x58, 0xc1, 0xa6, 0x3f,
   165  	0xf8, 0xbd, 0xe6, 0xae, 0xbd, 0x98, 0xd4, 0x75, 0xa5, 0x45, 0x1b, 0xd8, 0x6a, 0x70, 0x79, 0x86,
   166  	0x29, 0x4e, 0x4f, 0x64, 0xba, 0xe7, 0x1f, 0xca, 0x4b, 0x96, 0x9b, 0xf7, 0x0b, 0x50, 0xf5, 0x4f,
   167  	0xfd, 0xda, 0xda, 0xcd, 0xcd, 0x4b, 0x12, 0x2e, 0xdf, 0xd5,
   168  }
   169  
   170  // Packet 13 - Two Application Data Records
   171  var testDoubleAppData = []byte{
   172  	0x17, 0x03, 0x01, 0x00, 0x20, 0x77, 0x3a, 0x94, 0x7d, 0xb4, 0x47, 0x4a, 0x1d, 0xd4, 0x6c, 0x5a,
   173  	0x69, 0x74, 0x03, 0x93, 0x32, 0xca, 0x54, 0x5e, 0xa5, 0x81, 0x99, 0x6a, 0x73, 0x66, 0xbf, 0x06,
   174  	0xa0, 0xdc, 0x6a, 0x9c, 0xb1, 0x17, 0x03, 0x01, 0x00, 0x20, 0x44, 0x64, 0xc8, 0xc2, 0x5a, 0xfc,
   175  	0x4a, 0x82, 0xdd, 0x53, 0x6d, 0x30, 0x82, 0x4d, 0x35, 0x22, 0xf1, 0x5f, 0x3b, 0x96, 0x66, 0x79,
   176  	0x61, 0x9f, 0x51, 0x93, 0x1b, 0xbf, 0x53, 0x3b, 0xf8, 0x26,
   177  }
   178  var testDoubleAppDataDecoded = &TLS{
   179  	BaseLayer: BaseLayer{
   180  		Contents: testDoubleAppData[37:],
   181  		Payload:  nil,
   182  	},
   183  	ChangeCipherSpec: nil,
   184  	Handshake:        nil,
   185  	AppData: []TLSAppDataRecord{
   186  		{
   187  			TLSRecordHeader{
   188  				ContentType: 23,
   189  				Version:     0x0301,
   190  				Length:      32,
   191  			},
   192  			testDoubleAppData[5 : 5+32],
   193  		},
   194  		{
   195  			TLSRecordHeader{
   196  				ContentType: 23,
   197  				Version:     0x0301,
   198  				Length:      32,
   199  			},
   200  			testDoubleAppData[42 : 42+32],
   201  		},
   202  	},
   203  	Alert: nil,
   204  }
   205  
   206  var testAlertEncrypted = []byte{
   207  	0x15, 0x03, 0x03, 0x00, 0x20, 0x44, 0xb9, 0x9c, 0x2c, 0x6e, 0xab, 0xa3, 0xdf, 0xb1, 0x77, 0x04,
   208  	0xa2, 0xa4, 0x3a, 0x9a, 0x08, 0x1d, 0xe6, 0x51, 0xac, 0xa0, 0x5f, 0xab, 0x74, 0xa7, 0x96, 0x24,
   209  	0xfe, 0x62, 0xfe, 0xe8, 0x5e,
   210  }
   211  var testAlertEncryptedDecoded = &TLS{
   212  	BaseLayer: BaseLayer{
   213  		Contents: testAlertEncrypted,
   214  		Payload:  nil,
   215  	},
   216  	ChangeCipherSpec: nil,
   217  	Handshake:        nil,
   218  	AppData:          nil,
   219  	Alert: []TLSAlertRecord{
   220  		{
   221  			TLSRecordHeader{
   222  				ContentType: 21,
   223  				Version:     0x0303,
   224  				Length:      32,
   225  			},
   226  			0xFF,
   227  			0xFF,
   228  			testAlertEncrypted[5:],
   229  		},
   230  	},
   231  }
   232  
   233  // Malformed TLS records
   234  var testMalformed = []byte{
   235  	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
   236  	0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
   237  	0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
   238  }
   239  
   240  var testTLSDecodeOptions = gopacket.DecodeOptions{
   241  	SkipDecodeRecovery:       true,
   242  	DecodeStreamsAsDatagrams: true,
   243  }
   244  
   245  func TestParseTLSClientHello(t *testing.T) {
   246  	p := gopacket.NewPacket(testClientHello, LinkTypeEthernet, testTLSDecodeOptions)
   247  	if p.ErrorLayer() != nil {
   248  		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
   249  	}
   250  	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeTCP, LayerTypeTLS}, t)
   251  
   252  	if got, ok := p.Layer(LayerTypeTLS).(*TLS); ok {
   253  		want := testClientHelloDecoded
   254  		if !reflect.DeepEqual(got, want) {
   255  			t.Errorf("TLS ClientHello packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   256  		}
   257  	} else {
   258  		t.Error("No TLS layer type found in packet")
   259  	}
   260  }
   261  
   262  func TestTLSClientHelloDecodeFromBytes(t *testing.T) {
   263  	var got TLS
   264  	want := *testClientKeyExchangeDecoded
   265  
   266  	if err := got.DecodeFromBytes(testClientKeyExchange, gopacket.NilDecodeFeedback); err != nil {
   267  		t.Errorf("TLS DecodeFromBytes first decode failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   268  	}
   269  
   270  	if !reflect.DeepEqual(got, want) {
   271  		t.Errorf("TLS DecodeFromBytes first decode doesn't match:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   272  	}
   273  
   274  	if err := got.DecodeFromBytes(testClientKeyExchange, gopacket.NilDecodeFeedback); err != nil {
   275  		t.Errorf("TLS DecodeFromBytes second decode failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   276  	}
   277  
   278  	if !reflect.DeepEqual(got, want) {
   279  		t.Errorf("TLS DecodeFromBytes second decode doesn't match:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   280  	}
   281  }
   282  
   283  func TestParseTLSChangeCipherSpec(t *testing.T) {
   284  	p := gopacket.NewPacket(testClientKeyExchange, LayerTypeTLS, testTLSDecodeOptions)
   285  	if p.ErrorLayer() != nil {
   286  		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
   287  	}
   288  	checkLayers(p, []gopacket.LayerType{LayerTypeTLS}, t)
   289  
   290  	if got, ok := p.Layer(LayerTypeTLS).(*TLS); ok {
   291  		want := testClientKeyExchangeDecoded
   292  		if !reflect.DeepEqual(got, want) {
   293  			t.Errorf("TLS ChangeCipherSpec packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   294  		}
   295  	} else {
   296  		t.Error("No TLS layer type found in packet")
   297  	}
   298  }
   299  
   300  func TestParseTLSAppData(t *testing.T) {
   301  	p := gopacket.NewPacket(testDoubleAppData, LayerTypeTLS, testTLSDecodeOptions)
   302  	if p.ErrorLayer() != nil {
   303  		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
   304  	}
   305  	checkLayers(p, []gopacket.LayerType{LayerTypeTLS}, t)
   306  
   307  	if got, ok := p.Layer(LayerTypeTLS).(*TLS); ok {
   308  		want := testDoubleAppDataDecoded
   309  		if !reflect.DeepEqual(got, want) {
   310  			t.Errorf("TLS TLSAppData packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   311  		}
   312  	} else {
   313  		t.Error("No TLS layer type found in packet")
   314  	}
   315  }
   316  
   317  func TestSerializeTLSAppData(t *testing.T) {
   318  	buf := gopacket.NewSerializeBuffer()
   319  	opts := gopacket.SerializeOptions{FixLengths: true}
   320  	err := gopacket.SerializeLayers(buf, opts, testDoubleAppDataDecoded)
   321  	if err != nil {
   322  		t.Fatal(err)
   323  	}
   324  
   325  	p2 := gopacket.NewPacket(buf.Bytes(), LayerTypeTLS, testTLSDecodeOptions)
   326  	if p2.ErrorLayer() != nil {
   327  		t.Error("Failed to decode packet:", p2.ErrorLayer().Error())
   328  	}
   329  	checkLayers(p2, []gopacket.LayerType{LayerTypeTLS}, t)
   330  
   331  	if got, ok := p2.Layer(LayerTypeTLS).(*TLS); ok {
   332  		want := testDoubleAppDataDecoded
   333  		if !reflect.DeepEqual(got, want) {
   334  			t.Errorf("Reconstructed TLSAppData packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   335  		}
   336  	} else {
   337  		t.Error("No TLS layer type found in reconstructed packet")
   338  	}
   339  }
   340  
   341  func TestParseTLSMalformed(t *testing.T) {
   342  	p := gopacket.NewPacket(testMalformed, LayerTypeTLS, testTLSDecodeOptions)
   343  	if p.ErrorLayer() == nil {
   344  		t.Error("No Decoding Error when parsing a malformed data")
   345  	}
   346  }
   347  
   348  func TestParseTLSTooShort(t *testing.T) {
   349  	p := gopacket.NewPacket(testMalformed[0:2], LayerTypeTLS, testTLSDecodeOptions)
   350  	if p.ErrorLayer() == nil {
   351  		t.Error("No Decoding Error when parsing a malformed data")
   352  	}
   353  }
   354  
   355  func TestParseTLSLengthMismatch(t *testing.T) {
   356  	var testLengthMismatch = make([]byte, len(testDoubleAppData))
   357  	copy(testLengthMismatch, testDoubleAppData)
   358  	testLengthMismatch[3] = 0xFF
   359  	testLengthMismatch[4] = 0xFF
   360  	p := gopacket.NewPacket(testLengthMismatch, LayerTypeTLS, testTLSDecodeOptions)
   361  	if p.ErrorLayer() == nil {
   362  		t.Error("No Decoding Error when parsing a malformed data")
   363  	}
   364  }
   365  
   366  func TestParseTLSAlertEncrypted(t *testing.T) {
   367  	p := gopacket.NewPacket(testAlertEncrypted, LayerTypeTLS, testTLSDecodeOptions)
   368  	if p.ErrorLayer() != nil {
   369  		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
   370  	}
   371  	checkLayers(p, []gopacket.LayerType{LayerTypeTLS}, t)
   372  
   373  	if got, ok := p.Layer(LayerTypeTLS).(*TLS); ok {
   374  		want := testAlertEncryptedDecoded
   375  		if !reflect.DeepEqual(got, want) {
   376  			t.Errorf("TLS TLSAlert packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   377  		}
   378  	} else {
   379  		t.Error("No TLS layer type found in packet")
   380  	}
   381  }
   382  
   383  func TestSerializeTLSAlertEncrypted(t *testing.T) {
   384  	buf := gopacket.NewSerializeBuffer()
   385  	opts := gopacket.SerializeOptions{FixLengths: true}
   386  	err := gopacket.SerializeLayers(buf, opts, testAlertEncryptedDecoded)
   387  	if err != nil {
   388  		t.Fatal(err)
   389  	}
   390  
   391  	p2 := gopacket.NewPacket(buf.Bytes(), LayerTypeTLS, testTLSDecodeOptions)
   392  	if p2.ErrorLayer() != nil {
   393  		t.Error("Failed to decode packet:", p2.ErrorLayer().Error())
   394  	}
   395  	checkLayers(p2, []gopacket.LayerType{LayerTypeTLS}, t)
   396  
   397  	if got, ok := p2.Layer(LayerTypeTLS).(*TLS); ok {
   398  		want := testAlertEncryptedDecoded
   399  		if !reflect.DeepEqual(got, want) {
   400  			t.Errorf("Reconstructed TLSAlertEncrypted packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
   401  		}
   402  	} else {
   403  		t.Error("No TLS layer type found in reconstructed packet")
   404  	}
   405  }