From beb4dc134ba9738617ac968b573835d2582bb8f0 Mon Sep 17 00:00:00 2001 From: Vishwa Pravin Date: Sat, 11 Mar 2023 10:33:19 +0530 Subject: [PATCH] Adding tls1.3 decryption support --- samples/log.txt | 257 +++++++++++++++++++ samples/tls.13_keyupdates_aes256.pcap | Bin 0 -> 5443 bytes samples/tls.13_session_resumption.pcap | Bin 0 -> 3053 bytes samples/tls1.2_aes256.pcap | Bin 0 -> 3476 bytes samples/tls1.3_aes128.pcap | Bin 0 -> 4370 bytes samples/tls1.3_aes256gcm.pcap | Bin 0 -> 5363 bytes samples/tls1.3_ccm.pcap | Bin 0 -> 3990 bytes samples/tls1.3_ccm8.pcap | Bin 0 -> 3895 bytes samples/tls1.3_chacha.pcap | Bin 0 -> 4300 bytes samples/tls1.3_curl_google.pcap | Bin 0 -> 26697 bytes ssl/ciphersuites.c | 5 + ssl/ssl.enums.c | 237 ++++++++++++++++- ssl/ssl_h.h | 3 + ssl/ssl_rec.c | 122 ++++++++- ssl/ssl_rec.h | 7 +- ssl/sslciphers.h | 3 + ssl/ssldecode.c | 341 +++++++++++++++++++++---- ssl/ssldecode.h | 3 + ssl/sslprint.c | 22 +- 19 files changed, 905 insertions(+), 95 deletions(-) create mode 100644 samples/log.txt create mode 100644 samples/tls.13_keyupdates_aes256.pcap create mode 100644 samples/tls.13_session_resumption.pcap create mode 100644 samples/tls1.2_aes256.pcap create mode 100644 samples/tls1.3_aes128.pcap create mode 100644 samples/tls1.3_aes256gcm.pcap create mode 100644 samples/tls1.3_ccm.pcap create mode 100644 samples/tls1.3_ccm8.pcap create mode 100644 samples/tls1.3_chacha.pcap create mode 100644 samples/tls1.3_curl_google.pcap diff --git a/samples/log.txt b/samples/log.txt new file mode 100644 index 0000000..79e2158 --- /dev/null +++ b/samples/log.txt @@ -0,0 +1,257 @@ +SERVER_HANDSHAKE_TRAFFIC_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 f1ea21905d642416d45baf557d45e0c9ab60df273c2f0c9366f84a91d7b886a1e9f8b544fa9dc2afc019799c042d2ee4 +CLIENT_HANDSHAKE_TRAFFIC_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 8384d76d250a7b9c8a20665d056902ea605fbec8e1130ced6fdbb6e1bf11368165f6c8a77f425bdb0c7339dda42e8feb +EXPORTER_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 95aff990e7ab00e6bf1c837e677b5fde3a371f79554046d0576faf00b3b8410693424cd1eed3b174d1794b8b18501184 +SERVER_TRAFFIC_SECRET_0 c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 80bddec16045070e74b34053380fe07656451c293a5aef07e237698510efcd42f1276b75500eb1be7c82db10ab17446c +CLIENT_TRAFFIC_SECRET_0 c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 5d7aa51a77b269e4515dbf8c7a12d18a4d4695d12b4fbe0824903ee016b8912851666a218e13676ae9e68c8f07047d49 +SERVER_HANDSHAKE_TRAFFIC_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 491889e2602dce15b2bd6d9c97ef3cf4a9619a91981b1ca1b757f469ba6b296d3a67a7bf1e57fcb2139d73dd76d6eb42 +CLIENT_HANDSHAKE_TRAFFIC_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 5b1fb10febd3290acc8d52ff4965e2122212777c4504347d3615e2ae7d1bdbd94880458eefee4b1e76d99d6d4d7615b6 +EXPORTER_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a abb9d5d6977721538016924baf1bcbaa775d6d4a8c2bbcf95e56a70dd2bb5e0d00b0aede51c3ea2bcbebea0cdaf0ca37 +SERVER_TRAFFIC_SECRET_0 ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 212122dac8d55337e4328017b24636e265a58374a67358d314d9d04d648d9137ba368910f3137d706376675c24edb614 +CLIENT_TRAFFIC_SECRET_0 ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a d42814aceb92901b53121e7360977e6b800c9361019690787b608bbd236221121f475c8640b0da2f885b9e8d4de65a83 +SERVER_HANDSHAKE_TRAFFIC_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 03c6ebb0c72c901b8e7e2560d7a779ddb193670a91fece021c994ad05173be1d25f8b790f73b0efb5efeaaa667b839b2 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 d3762c34c01832e9742e59757acdf5152a32f81e013820a15a58d09c42f836fde33b11f5a5b46717e674a45652c6ad7e +EXPORTER_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 f9cb1f6e3fd795d5b6a98cfa3d6c14be5afff180a49da65820441486dfa13f4c65374f0e978d15072495b964dcf91f2f +SERVER_TRAFFIC_SECRET_0 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 e76d4c2be886bc95fc610fa043037e7a1353be6874d2ba48e0bfe39e2e1ae9fcc340ea3a40e23e47076888288e78b8ab +CLIENT_TRAFFIC_SECRET_0 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 76bbf106d61accf2898e1ac39f2c180a246dc5bb195b4c7dbcf2075b345b561c2a5329b3b607547c395a40499fba91ef +CLIENT_RANDOM 4c7540ab66eeb36607f45d1bf39556fa911b2b8987e09ac470ca6a6bb89cc067 f9d31873bb7236b6de64df5cb5332b40a73e7f7aa0ed6f904f09bd0acfa2e057519c0e3353698ef8dc597341d4203bbd +CLIENT_RANDOM e508d7e8af016d142e771e423b89e4badd50f9218c133f94a51fa0f331f6d6f0 98525781eeb33f9bbba8d1f6736635f7a8d585eea5a8609e583e7d5df01f7bf32704004fe8b28130fd14fcbd8581dd41 +CLIENT_RANDOM 431483723659efb64c534a68fcf8c431ebd116c5901fbb7b6450dade0132f5f1 374ae1fbd2e1bfadb2a296699c2e505805ecfb9477f5313766dea4cac0d042798d23f6b4b26978c1b81b3d623572892d +CLIENT_RANDOM 532eea4473553fb90fbd4f55e96209e9af0284813675afe05d45b7bc0792f356 f6d96be8d360ad0531809f3e970908387578a44bd89597c6055288e9c2c49eba4f8944180de4fbb4f14a44feebfd4eb7 +CLIENT_RANDOM 208dd4e770e625284e02ec114c0a581955ad2390b1ae16867772eb9c24223a54 0cc15de80101a5812bc1866e2db9d57563d96f616560485337a3662a9ad40d9cb65e5274980d4301f6c59eedb59e2011 +SERVER_HANDSHAKE_TRAFFIC_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 0aec7e7e6338bf3f3365813e8ccc57f282a591069bb9df53806aece17116eb41735ad1c92d6559462817e703d03b56d9 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 29ec8ccb3969271d3c396f1b6f69a9fb21b0a1c092ec885357574aa419f429ca31f4d5faba1c773d65cb8e5247674709 +EXPORTER_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 155129466c93e7e521b20dfeaab4c13ce81db5db5883d0d482c73186b9fad5be9520be2a60fd6b19a90f241e4208da94 +SERVER_TRAFFIC_SECRET_0 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b ce8247fe6ee7ad0771be7d78feea579e36abaab1a5eaf15126d4bc6c3f9b305d8211fbe2ed256fd93852036bc59b890c +CLIENT_TRAFFIC_SECRET_0 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b f8b89fbaee709d96f812f5de52514ecfa90186a9163b2c682bfdbcb7b803c66465ee6fb893d4d2adacc151ac368cf95c +SERVER_HANDSHAKE_TRAFFIC_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 b16fcac17c6995d2f6bdf776caec8d995ed622484bccb1e0a9b8bf04b3e511d67afdf4514fc17dddede6dbae854979bd +CLIENT_HANDSHAKE_TRAFFIC_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 0a4c4177774b560d33ffecd1481a80607cb9879c1439e16ddff823db59dfcb2a9c9de5cda41dc231c0da8b1e587d6a53 +EXPORTER_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 b8da25ec874c0e02dedfc2381797d451744df5316db81648400cb7d3faf5748b15ae6b30d6f7a0704f6e0ae1df812150 +SERVER_TRAFFIC_SECRET_0 ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 745e4564d0fdb4ea808cb27b5c93b561eb831f685bea16fbba93b7671a4373f3094846d6b85eaeded7e3eec262262a08 +CLIENT_TRAFFIC_SECRET_0 ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 95c94469093f6a3db2ad4a9c71ee3d430f4b2156a67bc5c8853c4e62a0bead9b4a3182244c64b8d9b7c713b51c1aa594 +SERVER_HANDSHAKE_TRAFFIC_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 a0c6152223baf9046f2b829ce88b489a9004b87f27b2b05d8995907399b44fc3b8621c3c8ee5f2e98f8d27ed20b8ad96 +CLIENT_HANDSHAKE_TRAFFIC_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 25aef5cd4ff1205789989b46fc8fcd55706d4aa779e73ff081a842845101dacbaef19831c083ffcc31377d77f3ea65b8 +EXPORTER_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 979a3b06f56ff0f7695c3195c037acb392ddc9ad411ee248a4dfebad0293dd1f727aea585cbb07adb17dae8c7ebc8c52 +SERVER_TRAFFIC_SECRET_0 c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 d9803a512639d0b15a419d4601678c9cc81a770a299cd43fc57e94506302cb2712fa2124c5208c1500540a7e0cef2bb2 +CLIENT_TRAFFIC_SECRET_0 c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 d8932395c083441cb9f797b398750e50abc0d6f62bc7d31baf6b5141e9650bdf9231fab42b50f7cf4a0f2f044c9bc057 +SERVER_HANDSHAKE_TRAFFIC_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 9fef2405b1d6417a6c4296d1c34e5bae4b9be0a873470f66038f6a0240475809bdc7258672700506877bb886231f901d +CLIENT_HANDSHAKE_TRAFFIC_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 5ba0498b149e2f4a88ef10f539deacbf37512916c84f05a31fb3c286d7d8a62fc372ced1f8944d0622af0b8a409667e8 +EXPORTER_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 b24e413022bc1534ba085eb9f8f0c27009164b6c8004cd81a1a7082e02a696022b814f26a5d8d2b607440617189d8da9 +SERVER_TRAFFIC_SECRET_0 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 fd00511b44573b9aad40b352da4b3881378c5f3b07fc06ff4891b7e9690eaf758c13a3b34c5c7c14f9f43b1d3472753b +CLIENT_TRAFFIC_SECRET_0 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 56f356d630824780cb82ee0a1bc7da81fefe318b8039e92edfffc76efc064b02642c565d0d5c900846c87c9c2b9c1b68 +SERVER_HANDSHAKE_TRAFFIC_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 64f529b9491a85c407d5b4fdb5ada88167cd8aac3cd8cd29999277127b785c52dff6a4406748e7e5ca1b4754c673c1a7 +CLIENT_HANDSHAKE_TRAFFIC_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 d0e75f1d0258d3bc425810c3a37e23bf3f1c56aedd09b29607a992129e09f1825def227be7bb9946292af64b37ec05dc +EXPORTER_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 8ea1a409523e030ea42dc4a2ad3b330cf5a9a9d642805dca761ae7fbd5e2df0948b6cd02a910332e42005b7ccecdc5a3 +SERVER_TRAFFIC_SECRET_0 e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 c82e5d1dac049bb110583a5d98912dda61c5fcd4e91c1fed2cd998945c8511beef2c38414ca663095da3debd539c061f +CLIENT_TRAFFIC_SECRET_0 e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 d3c9121a8b35397d7e22d96bcedd2b177ede2f22c15db12f99a2e22df05068890762cde7832f3914f5206b4c6e8fa793 +SERVER_HANDSHAKE_TRAFFIC_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 2bfcce11ccf325ebd2870e6523c8c56cdaa168222462455977055f94ff5c50d5be47a5596592cde4bb1f624770fd5335 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 6f34919b76405f35a67a809efac15666ab4bf9c6781833f48a242fe04c583be49109a8eedd5d54a4eaed2be050237ad7 +EXPORTER_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 15e38ab7d8e3673f8580b81206159f7d78f70af2eaefb141815591393f13509583ff347bcfc9d44db37754909cdf740f +SERVER_TRAFFIC_SECRET_0 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 5298effad90d9b540ed6de508cb8c4d43cd528dacdf80cba71164297eae417655ceacb5b4dd2f5e5b59b00d88f95fcb2 +CLIENT_TRAFFIC_SECRET_0 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd f01e2a0ef3c63dd26f57381bb10cc0ae70be494e1e33ac37d2b283e78221089d2ec9c7352740f1fbcaf19afbc235dfc5 +SERVER_HANDSHAKE_TRAFFIC_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 9bd3e024537ceb19a39783336b715f1d2777edc934dd618602a87c4f393024ed46a660a72d91ef56e9cc0ab7f81485ec +CLIENT_HANDSHAKE_TRAFFIC_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb a88826a872250233457a75f83d5ab05446707989e9861b4f12ab860350a6e6d9c80ca417bd85e00ef76d9216d989d017 +EXPORTER_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 229e5b39a020532844c3a8bd0adc1a46c9b50e557b52815894795ac9f636d62f08a3d101bc36bd026369b8efb0001980 +SERVER_TRAFFIC_SECRET_0 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 9ea9a9d7db955c196d7805789d2eedba1691456916dad090f3a16b549c1c3d4349573dcd79e74443bf250fa6087b6057 +CLIENT_TRAFFIC_SECRET_0 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb f9067986d7e4b6af3e1f7d23a3f8970391e0ce2920a2e02ecd4c8914a78280bfc05ddeb855339a362648bda479716bd4 +SERVER_HANDSHAKE_TRAFFIC_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e d2747e8fa163a3f72e2ce5070d84c0924a46184edd441f80b1d549077ad2fe3a9f470c81b9c9e8b94261c5d3b63ecc0d +CLIENT_HANDSHAKE_TRAFFIC_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 973779693ea48ecf9ff6f824ddc58e714ed2e8c714eb1a14df9de9bac39ce32f769cdb7038475e3b3133b14269c01778 +EXPORTER_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 45a877e512e1e1e73d8fcea15f7046545e01ad394a0fffc97caf3426f74db4dc00530e048360f581f98a962237bec140 +SERVER_TRAFFIC_SECRET_0 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e ce52b3dbee9e95972ab9ec445991652d483af153779fea2906af1af2831891329400670d7be73e6a2aee711c4e45ae44 +CLIENT_TRAFFIC_SECRET_0 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 3c607941064ff1862a3f8867c017cbe4d226879356d1535f246654d0e2c6b3d61b41b3f5ed0d3732ae9931aab16e29fd +SERVER_HANDSHAKE_TRAFFIC_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd ffa1732e4c5f3bb32349f8de7b0703b5e148c8e8bef6142acdf95969d43f0b84baaf3b06e2a81d80f3c8969414d1c35f +CLIENT_HANDSHAKE_TRAFFIC_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd 11c542a1400615a428c852cd8603ac7981c206234b9057a3184e60903c7aa6fa043c382e88846917170c546ed2cc058f +EXPORTER_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd d8cd815f494f1302a27f270c00ea7294180cf125db28c9d58770cc02b907317d73262400fbac1ac70b2176682baa9415 +SERVER_TRAFFIC_SECRET_0 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd 47fc262605996243c02d61e28cca22d115418536202116278f374490947ff0ba4b90401bab51bdc645bf2eae36904d4a +CLIENT_TRAFFIC_SECRET_0 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd e623d1db6f6cab44067ad3cda3ff9e61183df455b04ec89ace64e204497e8117125110fe0aee2a9aa2b40dc29ebd77a3 +SERVER_HANDSHAKE_TRAFFIC_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 00038b8356a81113f1701b2e2115c6b9db8e56a8a17cde6d0db049f307d1aecfd668bd25e8576a37f387b81c07bc5391 +CLIENT_HANDSHAKE_TRAFFIC_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 30885506395e0f0c3fea37db14855e620aec4ec8e1e8681fd3b73b7d0541727d482eabd08ab504780b3f1f62af4ba156 +EXPORTER_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 2978fec2ed11b0c2fb4f812b04d9853bd42a925bd98bc30d044338c7ea43680426fb1233a16ef46fd8414f5052c38d8e +SERVER_TRAFFIC_SECRET_0 a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c c41d1ef1ee370d400734c80b588895fdc1bbe94d46e572f437410173743f4abec3113855109ffbfb011828b56bed6215 +CLIENT_TRAFFIC_SECRET_0 a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 57be0e0741a651f6ff5a6e7fcef7b520df9547d3bfaa015c1234f73d9f84ae61fb4bac773591345771683039bb14c35d +SERVER_HANDSHAKE_TRAFFIC_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 c5a9ef00030d51c5b96522034ac05ab8fe1c02faac4d5a3f892f1bf7faad6eb2f016b84ea55372fb1d7f9c0dbea6235e +CLIENT_HANDSHAKE_TRAFFIC_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 ee143b434e31604067d74d628008016380396d2dbccf220f9c8791c3581457d8ada05cac78e50b9fd9898acaf02f0964 +EXPORTER_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 0659abb3c386966f96c44e82533cfcdb323aaf0b23ddaa374f81cc07d8472c97f0adcc3f2bd7bad01f43a5a356248cae +SERVER_TRAFFIC_SECRET_0 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 70ca7dcb37242b515433a5a318b635fa68fda7165b08c79ed5171f058fc3d3fc7b5acbc6e191378ab1569088589f6131 +CLIENT_TRAFFIC_SECRET_0 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 2ac52e1da0e26d7ca254875075110aa9e04db416dade43c9e2a1480181a71730aadd4609b15fb87f6429bfcd3394b271 +SERVER_HANDSHAKE_TRAFFIC_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 ab7ec2ec609a33f0e9c01bfd12cc6e26d2231ec6bf45f16c67bb52095bfaf6e1ce9043d1a6369b558c4a9433f5bec83f +CLIENT_HANDSHAKE_TRAFFIC_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 7a46d9524be63795d31ec54b72d2ea503d17d19229931efcb815658c037b49eba5faa255b7b863723ee519f037fc4a20 +EXPORTER_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 e562a08f4686b48b68ecdccc4daf79e72b4c5353c2233720a2366e3bebf11ad4c9d4a74c531bcc40068dd74d06ba825b +SERVER_TRAFFIC_SECRET_0 db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 2a78159b4fb5c2da594cb7e73e21f67e8a4016f07ab746ed079c301a664dfe3ef8db43dfb79131ecad9ca9d4f3e0febd +CLIENT_TRAFFIC_SECRET_0 db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 c6b2447b57b49d327c37025d7a1e0f36fd9ada12ca68c6ba76acfb78cbed2972ca12b4f4db28313ef5cd53158f7b2f1a +SERVER_HANDSHAKE_TRAFFIC_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 001c8c10eaee916829b22feb1e152ac11b93430e3cd438e181cf742b2c9977ff7ff8af062c69ef129f5783636967a63f +CLIENT_HANDSHAKE_TRAFFIC_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 ab1a96c708a12c613247651e24764bce2de1fa2885f69f22f673cb2d58d66de1c820573998e4ecff25593e5bb1c80bf4 +EXPORTER_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 e8ff868de3f22a393c0ba82ec49e2ef3093f8695fafa47e3fc6779e20745a00045714140f8c6ce6641c1850ca25e9281 +SERVER_TRAFFIC_SECRET_0 d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 5763288aa48d60bec99b2b75a99b936d48c176498b42ee85cd6dc8db0eba44c626d9004c41452d5ad3ed5d373718f456 +CLIENT_TRAFFIC_SECRET_0 d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 69a30983b177d2951c1bd6f6fdbe0a1711b004885dcd05f4a3f9ec04634c1a3ecb39c4fc472983330caa6d5fbd05d99e +SERVER_HANDSHAKE_TRAFFIC_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 8e40973e9be126761f05507189f010e30aeeb684c93e5760fc5ec7fc19f3bb924b2063621786e96020450d5041d91def +CLIENT_HANDSHAKE_TRAFFIC_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 326551b4cfc6c84bd7844a4d2b508bb5fe0522daebcd8c31dec5970475f64ea6a2376506c567943d996c5e02b4bc608d +EXPORTER_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 265c19673daa66b51db0325f829ebc6db4c352052baa1623fcb3761f148aa0d91f2a81789a890544499eb265e7e0d77f +SERVER_TRAFFIC_SECRET_0 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 0b1bf8569acd1ebf5008c2ce5ed203e23139b3d79d38d7e2a3606a3729297ae5bd1c1ced4e266b60b3edf19bad7b045b +CLIENT_TRAFFIC_SECRET_0 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 ec61a4ad8ba705e7ffa343367e8064a8df4815c2b8c23b5aae50a0d2564acfe7033c88f968f815ded1161585256b1ee0 +SERVER_HANDSHAKE_TRAFFIC_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 4a1ae4d915fc9826ccc807f97f081ad99a79eb98139c056dc9274267ba6a224d1558ee6cf3581dc483cfb5852bc91bc7 +CLIENT_HANDSHAKE_TRAFFIC_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 8a70efc48146ea6af38d9bb7a8363f82e46045316ba0ec6c59cb707bbf1be5e3ab408d97337cc4a82e736c3409953772 +EXPORTER_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 1439a653754f895c77953fdbdfa46235c497a7880a646ef2a86e65b2cfa8d5a7b5bd44938a1db880bac8e731e4b87b19 +SERVER_TRAFFIC_SECRET_0 d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 a9e08db93bf547c9757f13494e94b1abfebb3728f4cb8bc3018ad015619ade89ef4bc5bed47b1e3bdfe7dbcaf9b08309 +CLIENT_TRAFFIC_SECRET_0 d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 afa8935b84fc53df879e3855ce400a57ff3bb530dc26532de62aae9a1bc0cd0b36e514c119efcc1a03b139320c972088 +SERVER_HANDSHAKE_TRAFFIC_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 3c28a8b494311a317428f303ad763149c73619c139f66c5c6e0be08b63028e676323a54e071f19512d77f9cbb10c3b15 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 8d0e1e7eb2066f13204133ff553b3188803933657d05ac63b002b558572250acde46645fb42415293712b54a5a061b44 +EXPORTER_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 532002162c67ad2b1301100845f45bbb6a2b2857809b8a8f11aa0b3326d8b48de4aa7d35b340bc196abf072c9ca34a47 +SERVER_TRAFFIC_SECRET_0 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 e2238c1567491e3400803e459ad179796993d3b529b1bc68a11a97ccdd9b67eeb6fdea2a12d897952f6e6536f6b68bae +CLIENT_TRAFFIC_SECRET_0 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 02dca56d4a09b2fb1104f9664082710ae073b04cad9dba39fc49501b8a31984fa6f0d37861e2d6a65b810851ec47fe92 +SERVER_HANDSHAKE_TRAFFIC_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 af2ce6ac735f5832ce0791678a147611cee25ba9579fd92882bb03ce33327adfa8416b5360331065815ad43feeef5111 +CLIENT_HANDSHAKE_TRAFFIC_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 0fdc494cbc70e0a77d3d37b26e7d90e4176d1916da827ff2d89c3c50563e9f3580f23d24ab26c3ef58d7397bbe6e9046 +EXPORTER_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 c2164a2b2556dde26805c7d29067f0075331933bc28ddd545e59c26f18f8e661dbecb6e49814b0aba66170b31b62fc4e +SERVER_TRAFFIC_SECRET_0 d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 03975fda853826f23adda673975957c66e8a6047b9d5057673f3a7780fd02b3d253701ef0555933af0b8a1894e81b248 +CLIENT_TRAFFIC_SECRET_0 d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 ba3f1c9e1b8fba8873322c2966c67a0005e44cc2c10d81eded978a428c6a7aba3fda361e738757f4738670b5d3872b5a +SERVER_HANDSHAKE_TRAFFIC_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 0a412535cf590a239779cac8835e33dccc0ff939235dc104fbeb0a65bd3f3e9167c0eda41e460837d17e1a8e324e41a9 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 67d18320d88059dbcc16bcb01e8426625480734ad32359595272843cb9aafda92bf10545097f97dc2bc0545f9a91761a +EXPORTER_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 a1c172df6ea144d89ac35b9d26d5bbc93010e3d788d44a2eb18b88dc48990ed06607121100dd1ae19559b3bce3151dfe +SERVER_TRAFFIC_SECRET_0 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 2a0cf6458a6179f8f6b6774c51a7e39227783874f5b8f4b3762f0d5d7d0811ef167e8c552afe6e30ec90f9c986daa9e3 +CLIENT_TRAFFIC_SECRET_0 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 3b8de68294d741f9ad6b3a061f98140a99b2e1da2eab05952f3605a1a00dbebca26ec8c5d0b86a1688c9cd04fa31ee53 +SERVER_HANDSHAKE_TRAFFIC_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 8ffa799f8036834fe798397933774423c6ff7d775153be709e4393116f91bccb8124f1ab3272cf8b3ee6d492fd5f2aea +CLIENT_HANDSHAKE_TRAFFIC_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 9907b615896c8e6ac98be0a716ac671784951541d23a0ce7174232a9c319848eeb309db3aa2ba74e2606e0ce331348ac +EXPORTER_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 fd25c46614c4ec58e9fd7332a617a3a0b95a6aebdaa962b85c2fee3b196cd8e62127d6a03b91b1048cd2feb199d03e8c +SERVER_TRAFFIC_SECRET_0 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 6fb2e686fb016f76b34b20ac600ba1643ff758f5b3fc41ff2691636644546ca5029dd66b23454bbf10200091e9313c65 +CLIENT_TRAFFIC_SECRET_0 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 dbd4b3fc8b3544d4e85330fa8b5d7df6851ba39d1298a1c2d2889b004e6f34c2905bcc356c950bb531d8cf84287feb39 +SERVER_HANDSHAKE_TRAFFIC_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 6077e13b2427563adf13496e4735958ddf7011aac693f17404190633132c4ae4322cafeba5362bb8800cd8f3a42e31a9 +CLIENT_HANDSHAKE_TRAFFIC_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 633ee7d0bd1e105ae8756674ba786d5422774614f50009030266a6b52cd8ba5cc1f8bdc93947a9a95e6f889f3bdafcde +EXPORTER_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c cd9dfcbcb4aefe47964aceadbf9d22ba0aef0975869b12f157804d4fa6813f38d44fc033249c9cb22ae11a754f65986e +SERVER_TRAFFIC_SECRET_0 f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 4d4dd92fb0194b8298257b5ad6e0cec029456ee35aa025f1e9fcd592d3e63dcf657313d1d51fc2671d0472f9bc11a63e +CLIENT_TRAFFIC_SECRET_0 f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 099966319f13070681e2fdc889951ed04b5de5af5bd870da7e2406a5708f2e4cd07be298f24a1f75eb9e49d12fd121e8 +SERVER_HANDSHAKE_TRAFFIC_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 873b363dec1a6b03b675d593a870116e9a12e21254484bddde2ada942a713400508db3b1c8c0d36039e59e853589de9c +CLIENT_HANDSHAKE_TRAFFIC_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 a17abdaf0c35fe86ca9ab816a3f502d2770a0c1c7b3c4554574e537f730153f9263a416e5533e6600ee04ca1671d21d4 +EXPORTER_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 7d5bbfaa54615a009bb83753f1a2b069a52241da63ead3c71f568d80a13418141fec1fec9ef28f882e8926b185ce0dad +SERVER_TRAFFIC_SECRET_0 e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 11367316c1a97048df2d70a1acae99357a03deea03efd9f064ec36fcf2672d9ad0a2018522a175585163a609750c4639 +CLIENT_TRAFFIC_SECRET_0 e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 53ee68787d5129c87b23f421db61ce132b7e3e63fa80f9e1d5870fbbb63c15107b999ce695700c828460490eea130fa5 +SERVER_HANDSHAKE_TRAFFIC_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 ed3999eb3e1e0b4d3314c2597e990503c33ee396fc014af365f4fe8e6c59f2e2a986355a95640c237f27106cf1dd29bd +CLIENT_HANDSHAKE_TRAFFIC_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 195ebdc9cafee2bc3ee2856f3aa604f5c7d7cf04d3c2843fdfa4ba18ff527be5520f69205b68aff3be8ea2b53518df14 +EXPORTER_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 375e645651e81ee9e1963a3fc66efbf5f9cada69e0b469a4c005082cea60ce80a45f7e2fe0b8c80c5d9b4bc55cda9fa4 +SERVER_TRAFFIC_SECRET_0 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 3661f7b9c5fcbfdca08bc783e9ec8200a640320a9c94f98b2290b15abd462cefd2f21dcc52d05c0ddaf85a3e1a1a7b5a +CLIENT_TRAFFIC_SECRET_0 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 95abd1b96d8b222b4c443898e82f584a13f3ed47f4e976423f06c50138a4b9ddb80ed5b19f9809e2a5c48c7c30693fdb +SERVER_HANDSHAKE_TRAFFIC_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c 68ec2db7e51a1b57f09e33e4aeb10025ee238ac4627746b6c2d2914fc1abe795470764362aab1d05f37eed5255d2953e +CLIENT_HANDSHAKE_TRAFFIC_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c 684b2327ddd94c40e13426584f54d1a9b528d17d1f9bd7426ba7bd8ddeda98829b1c4585434bf6e1ba03a858b40c3efe +EXPORTER_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c d5da49a7c3aa113835dfcaf4446c6da31595d93166be6f187b975f1a11b2cee3b75dbc5194643b86061f9e056bfd6f27 +SERVER_TRAFFIC_SECRET_0 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c fe48361e4fbac31f1dee4375f096a06755ed5f43dd688e7993dbe96d3b77ae9ba5d3029b1ca2ca0ae28bd11c976baa59 +CLIENT_TRAFFIC_SECRET_0 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c a227da2a5ab1aa34221ddbeb6c4fdd7d6716f8be5fcd09d98552d285cc01616f22e785e65b9c5ff321b7d3f3c8986c9f +SERVER_HANDSHAKE_TRAFFIC_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 901589e627832045545f33259411701b9af5a5c9840b66eee7a3ead37119623df254cfb072b1036996a579b0c6347d75 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 d5d19dc69f2751fb43424fbd96ddfbd4890b8dda7a9cb4cc1641bf0e5155fd2088cdc51d3d0e3ae685280925c9d0bf3d +EXPORTER_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 4b3a40c58c0754af6df77093a42133d60ed7141b15ae56c0b9a067a31ed4d8f064c2be9740dc114ce6ade9909d463d05 +SERVER_TRAFFIC_SECRET_0 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 e5f3e6fb12eed9e50004a5bfb372354bc7dadadd5e481417bf4abb3febc043a45a76584912446b2abc2a9b479b70beca +CLIENT_TRAFFIC_SECRET_0 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 b7c35ad24aed16963da9326e18d7f3dcc811942bf6086029d16368419e074a348dafec106295832977ee688102610b67 +SERVER_HANDSHAKE_TRAFFIC_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 239c2901fac5b07b49680872a0e3cca9c150f2fb92d908f1f27086b59912bcac989c7f225e6e76c5228687a48fb6c899 +CLIENT_HANDSHAKE_TRAFFIC_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e fbe7dc3eb607bb0183a00104441027d5db80721a42ed17c5ee7458f539c0c8e1e996c79f1fc1dcf9791b53b0fcd934f1 +EXPORTER_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e c43232be2135f4c217fae0e963e91a05a5053fa205ec9912ea2aa395381bb95570004e044da2a11245e97f23095429f9 +SERVER_TRAFFIC_SECRET_0 b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 75b073c41ca2618525a29ae1d35879b40d5466c2faf79e62dab0e9536dc0b84a620492efd124da1db2effe438424f3fd +CLIENT_TRAFFIC_SECRET_0 b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 7bc971f04177b778e1186e3efca96018e85dec2000651e7ec93a7475a4d38db8fc808c43a9616a1b31e781687147be79 +SERVER_HANDSHAKE_TRAFFIC_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 88904a4816ddfa5e2a0d16eed0f55a4d3b0ce8c889d7a7f7db589085f53e72fc +CLIENT_HANDSHAKE_TRAFFIC_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 7cdb5f2b3dad33efe1617efcba04a2d92e0b6e5a65cedeb8a837dee395e6c085 +EXPORTER_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 c7b13c68943998598e2ee60e615efc5904a943bf48ea007c05759f4f6b2395e2 +SERVER_TRAFFIC_SECRET_0 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 1094947db3f6fe2370e5aa81fc3a30a8c85b83b5950a8d9dbd101f6c5ecc16ec +CLIENT_TRAFFIC_SECRET_0 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 574ca7d87618738edcf11fe6937338b3eb58c31ee49dcda2f7284fdc4dfcdf56 +SERVER_HANDSHAKE_TRAFFIC_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 182ed636bf590c245fea0ad4b04d9b2304bb30279e1a2f7bfef16861d13e2462 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 1e4ad1aaddf8a4f64f35859461df54d193d1cd081845a422ef44d71f5ca71f71 +EXPORTER_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 23136badd3a8975b1ceea1b4d9523055cbe296dfe75596b1e90ab6f0b7100350 +SERVER_TRAFFIC_SECRET_0 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 e15200b68d7f703abe7b04165c8885566d90c4dd509c7d174dc4c2cf130cf4d2 +CLIENT_TRAFFIC_SECRET_0 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 c5fef93efea3e4a24499a408af7e3de26411738cf25063c9efaad9b8d045487d +SERVER_HANDSHAKE_TRAFFIC_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 f57367d19017ecbf85a2b2b16840452685a6ccc96bb269976374662c45a442e3781976c63829b74519b9ff0ddfa775b1 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 6e13477063c742a800cce3a59994158e51b0fb324410a316a3d2977c6f41a276a323f22770667e563ad1525e5db3dcd2 +EXPORTER_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 6a3e9a5b09e243c90d99d7519ca983bd4bd595f53e40de974a601081073160ba9f41a85d6f8d1e39584ca66c053806ad +SERVER_TRAFFIC_SECRET_0 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 435989df8c9c5e83bdbafbf82198bb8a5bfee5d972dfe5b893b549defb899f1e7baed8c9cafa3e6816aab80428f127b7 +CLIENT_TRAFFIC_SECRET_0 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 79202c8c9ab63aa7fb6b94f237397bf7063a51784405309f51428a1c1b5c3a813099252eea22f6ad0284f443a8594ea6 +SERVER_HANDSHAKE_TRAFFIC_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 20cc50c46d802b17ef8b2619d473500c8f970cbc5e84656de2742f1473874ca696abc05f63dbc28f81a239ce5230eaa8 +CLIENT_HANDSHAKE_TRAFFIC_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed c7334c9a3d174754fc282deab4d074a8af681656eb1d116778560f336eb5165acd4b8c236092362168fa19c29170eca9 +EXPORTER_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 3c38b92da4194ad31d356e8bf7d48e14aad46af8d30eb164b3cb628f96b54a4cdc6f58406834864ce27885d766ab69ee +SERVER_TRAFFIC_SECRET_0 b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 1db7bfe15206432b36de2412d5bac549632f7d796b6f14259a6762202886559a7c9de75d6650c7743cb3b28a631e8847 +CLIENT_TRAFFIC_SECRET_0 b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed f925e39221a1e0af51c842fbf5f7f3b81d515e81f1f616a2684e7dc33699b4be8784d379d2c28c6496cbedbf9b060048 +SERVER_HANDSHAKE_TRAFFIC_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 22e8aa7eda51ffccda0a6425c79432370e299acf9d9d484bf17d3c2c0bfb9fe0 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f a2fe0dd7f22162b3c0c8c28f1c87366268bef27a4854268f9fa3c6425c55eac6 +EXPORTER_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 3191a28e731defa7eabca0bf3cfdbf94aa0a5e361cbf99c70674293ef3a2fd34 +SERVER_TRAFFIC_SECRET_0 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f fdfd73a8fb41ceabc7dc6ee1422e0e99c19f7a5c2fe291a1b8268bc6edc673ee +CLIENT_TRAFFIC_SECRET_0 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 7ac1dfda09a9552f18d354bd9ee7fbede1b098e955d25872f9499f3ac7cc6aae +SERVER_HANDSHAKE_TRAFFIC_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 1952044bcd496831f0fff4e07b45d418d12858c99db1224823b796e3e201feede3af8517e44fcbe170c809313672e673 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 6e12ea4fb6e483999c7e506fe79f20bf1729b7cbc067fc550954d48b0a067d7f919b365fe27a1951d45bc04af0aa195d +EXPORTER_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 8bcbc5371d8658f7c6914e1fcf67b9bdd0851355ef5fab90e84a6e8529d2d882d8874aab4b5bcb4b1ce5ed43bb408687 +SERVER_TRAFFIC_SECRET_0 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 907ace566debefd423c3f66b62e544a1602816e7e0336e0c017916792818a8c6dfc4cce1e76de025a2571d4630c9c753 +CLIENT_TRAFFIC_SECRET_0 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 ec78712410c873158c52583b3bd7f95216400d14a473a96402efde819268a8bee1a9c5e92b2eb12a5bbb7246ddcaf5e3 +SERVER_HANDSHAKE_TRAFFIC_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec ec90888e7e8063f8cdf21791d5da805a90eabc99ce98cc1cd19aa6337ef7306ca27844bef2e5e8351e9956fafa3ca70a +CLIENT_HANDSHAKE_TRAFFIC_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 6fee3f0cc4c02cef4c391f0bd963bafbab9c718b2e532a26656f55b9048461789594078a604cb100c1562d24c156fe27 +EXPORTER_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec fb05a6ce3b7fa64c673376dbf696866dee3ad5650149c63a8c728ccba3da6fa1a93d452d54503ce4de1617a49ad74133 +SERVER_TRAFFIC_SECRET_0 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 4a329814c248187c9f2b1016f0852b998168ba8af5555a0ba181e344eb679318ae142c366e6258012a098cf18618534d +CLIENT_TRAFFIC_SECRET_0 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 3e4ea5a39212649282f9918193b6de5ab59ddc38043294ce056cd404e2d3c22ab7c3f1399fe5c70cd28c2b10576045ac +SERVER_HANDSHAKE_TRAFFIC_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac d8ed82fe7e70a93f353f7380c77c4f390685e4a651e52788c1078afea5b8f0c5 +CLIENT_HANDSHAKE_TRAFFIC_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 6ca30da4679fdec76fbff8c56ab34e6b8a0b614449f1ac3686429edafbc063f7 +EXPORTER_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 00dd5747a6cce10577b7913573a1515a4771f7b93cc67b426b7231754981f541 +SERVER_TRAFFIC_SECRET_0 e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 72b07b2120e80254d17d4db7c8ce46bc64a02eea2ac09d07899a0504889f0765 +CLIENT_TRAFFIC_SECRET_0 e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac ef22fc4f576b358c3bf77c526e3830811d25608b8c32d3b8d4accabc02b034d3 +SERVER_HANDSHAKE_TRAFFIC_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 9eb2c91bcc6e0864c364858e0864d041c52f41ca3ce396d128d4fb5dc386ac00 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 8577431055b2a50669270c3bf08aaf32dc7dd66a7e9a5efbeb93677db231fd72 +EXPORTER_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 6a58ac33631d88787f62a919a8f0d2b6c0f8d03075aeb04b880ce2330cb9b2fc +SERVER_TRAFFIC_SECRET_0 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 243d0b750befa5d25af82ea4d5eaacf7f52c5343dc260f75344dcaadc69544b3 +CLIENT_TRAFFIC_SECRET_0 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 0a921480912454ce03a14c5eeb75ae44c7c9a82a883eb632e7279cbdab3d1188 +SERVER_HANDSHAKE_TRAFFIC_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 aa87c1bd965ea9e1361d15e7fd671792980da373f34e4eefe1fd21effbd65a80 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 533b0dcc030ecac8feace33031a405f5e05ecd0d7c7e64a6e30fa7bbee9bb813 +EXPORTER_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 027a31d81dfa560205e25a50740b13dc7ce6f5c18004dac45e2b68517c0a75e1 +SERVER_TRAFFIC_SECRET_0 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 15f1d79f92d5b5cc15a1ebb67c39bfc4cce4934aac2722fb89a0e055c81c562e +CLIENT_TRAFFIC_SECRET_0 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 e7cd79a7d0bd712d966261ddc5a7eec31b1e9d5cff667843eafa7e01348d1dcc +SERVER_HANDSHAKE_TRAFFIC_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 28cebb1404b17be90013e1b68e85e1edcdb987684b6a3627bd6f9388faa43b15ae4c2ab0ff21464af2a5c50a129cfdd0 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 6c7257cd7d2a548b845b0965454a7dafcdc26bda58fd34cc4acb60a0ee1334627a246556a811c4c4659e092eebf20143 +EXPORTER_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 eaafed694970e1e45c203b9b72673d4f5fb8a5ab8aa85232ad8844cff5add6ac707de526348b06337f95d8702b26e2f4 +SERVER_TRAFFIC_SECRET_0 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 8c41a6763a2d5ae32ac3301025201eaab784e89536eb086848d124d09dc33c2358e4455e09f267f3389ebf488ed0971b +CLIENT_TRAFFIC_SECRET_0 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 307973c6a786e6226ecd9cefe8a60a976f8488efd0d27b7a4b21cff823db90aa2b0c0a2ccc3e867e798d85e34054e136 +SERVER_HANDSHAKE_TRAFFIC_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 475411cbf1975c3a02e52b9add7e82657c986de14ba5711096adb2bcc7ec9c7b27bb5259a6d22f667ff28bb9f0823e95 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 0745a8590c3c01105975e8d4d46b16a59e4fe35a7ae6042bb7af8008e38bc6834e1c8404b17cf145d5885e257d41f723 +EXPORTER_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c eedf5b47e7ecc48241ddad2d2280c6a5f6502a82a5a88f2748b1aa6203833aadbc7c4266e8101975484d20867bb70f00 +SERVER_TRAFFIC_SECRET_0 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c b4e5db43a0e7b92ffec3708650b013d5ae3434b389172ed1f6eb5c5b28c7e92921431c6628e1354a219c25bf64108d80 +CLIENT_TRAFFIC_SECRET_0 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 641adb6a6298096359f586c44fd11608857a4ce27140c63d4e3d0e24ff3fb883fe9ec26eca6a3c7a61e2920c62c40ebf +SERVER_HANDSHAKE_TRAFFIC_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 f564a762eff57f31001eee9996aebc5bd480889f1bc5e5f410775887b4ddd1d365e6218f1065979134c458ad413674a6 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 8a3544d148c7d8e43c0608a9e7b67d803973c38518e4bf5ed14580c57073a236a250f0a65d0d18e27bcfb47005bb393d +EXPORTER_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 1cfcc37cf34a944d699ae339e7fdb450509e70f55f62df0edef3af88721d15aaade82ee0ffb7f7cce9ce3403a95a6833 +SERVER_TRAFFIC_SECRET_0 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 60f6308216dad40d6a8c383b3f98a11ed4d4046645bbabf242a187332f2631a837df196aafd2f54230ebe5adfd2a21d0 +CLIENT_TRAFFIC_SECRET_0 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 f6888064defe7395c0f9b108b56eda7fa3a54dbaec5d58fe396cbc19aa7f9ee6f7d2edf23514583310a9fd6a3e6d2411 +SERVER_HANDSHAKE_TRAFFIC_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b bd8bca6d44de0a1e4e08eedb0bd4aeb62903568347d7f35413cbf5e7ae2588ddbf41db901b7cc2079be3ef993b21246c +CLIENT_HANDSHAKE_TRAFFIC_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b f54ab51e681825cfb5171acb142f44cbc0379ef7248d18185a298fbe6b8ddd255bd365b4dce0b645a37bfa3346f5a333 +EXPORTER_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b f86bac4e964eb075fe479058fb83cd201079c498f984c2f708e047067358d0f6e76773c1df6a6e60dc9281914619d9b0 +SERVER_TRAFFIC_SECRET_0 a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b 449116c8c865bf1309c0e20ab7d60c536dab15bb30a94a30316694cdbb7e502cce6992e7c3b30ffd9fb7b6f37d0de6a0 +CLIENT_TRAFFIC_SECRET_0 a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b 37c131d7de3c529defaaeed4efb74403b0ca623ad447ae06f7527668f12e86326a052040bf5f849eddcba33349d82d2e +SERVER_HANDSHAKE_TRAFFIC_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 0c0c62997bdd46ad7af2796ee214b6fcefcfd0b05fe2d91f38b34bd99487d7b99c976bb88cd25b069fafc40540106cf8 +CLIENT_HANDSHAKE_TRAFFIC_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 9b0425f2d9ef2307c4f6c03a87843a60d0b4a452bf1357aa67cdb335e28ace0ef7e0c9fbb2aeeea0a227f3397b5d29b9 +EXPORTER_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 db4f74c17d322d963191022388fd447c82e2fce8d0ce0a21a958a2e3d908ea34b6772433950a696d2a4c0e6463ee9aaf +SERVER_TRAFFIC_SECRET_0 ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 cb145ee586f889a50952297402dc135485ab1c63bc29cab98844e6591547af810dfad2fe0ecdda7df23736bd3482b0bd +CLIENT_TRAFFIC_SECRET_0 ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 ab6c0da35947d5988980b44eb01aaaf1c9fce074b925e4830f021ec95ea39e353676ce7c789a65d3a865277d54d616fb +SERVER_HANDSHAKE_TRAFFIC_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 4eefffa3d30e509e1f583097bc0ad1eb9baf573455c66d4c6bb4ec964de97a8e5934f546459914a02dd30d9495a1b37c +CLIENT_HANDSHAKE_TRAFFIC_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 a4c043f9803f8011046198f6bf35914a84afeff8c689d1276a3a395296e7f4cd0c1d89649479292e483630423066c5d2 +EXPORTER_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 e9dd9449b2bf58880b3c49c585c997a37173d9dfd0f01556ed32685b345ad43b7f63d309f20c07d2f6c560baeeef88fa +SERVER_TRAFFIC_SECRET_0 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 3618537e80c8b742f98c8a0089929e9c9792993824b7db5101a80f45190bd107fe04454e083df2fbb69d2bdd7bc9760f +CLIENT_TRAFFIC_SECRET_0 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 120ecb9ba14111a8cc8df1e0b9dc4c550a08d88ba91f16123bb8d89aa23e3f538b15994ae62da0d29a3e1ed1e032f8a6 +SERVER_HANDSHAKE_TRAFFIC_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 91e7f391b276856033a47e458e1d64bf81d08a3292ff30aa582bcbd140d764cc8626c16742ebd6d9a7f500a68aeb5ebb +CLIENT_HANDSHAKE_TRAFFIC_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 ef2ac5e176b3e5713a6c205790e3b58b12b64cc4628fbb6ac0b12273a73be6e6913a0556f823eebe12c4e42199bfbcc6 +EXPORTER_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 ad46dd23b08dd4135c63f3291953254977a7526630d3cc9455d8da59eb5cf712cf671d9970dad31f1c793617a60c6f99 +SERVER_TRAFFIC_SECRET_0 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 3f4de0cda8b51bf7533e12279bebd1062459700be861c1a951e4224652872aec2162bd2b8ae16a3a16fe580aa941e6ff +CLIENT_TRAFFIC_SECRET_0 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 7ea195809a87dc2b3af3f1a1f0317a4f5d51d0e26012e59bc2aeba8c867c0ab735140853234354feb6adc49ea24714b8 +CLIENT_RANDOM ff71dd83376f0a35a8b86e8b9f516d9938a36ec3803e48b5a256fc7cd597528d 6bf5b5d1515d70facf6f2a76c997add2a9464b5712b17ee0273dbfeaa3c1ddc7daf5ff21e552cc1ab09ad45fe815d616 +SERVER_HANDSHAKE_TRAFFIC_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 53f1bfdfbc44559025a6562937995d9406033304bf59a457e1b1eb817f530e16 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 b8412c25f615a5674f51817604e28b8bf70b269007c05cd408b1a24cfaa9a936 +EXPORTER_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 fb2e70cca12d1e15534b3c2b6b67b85a2a148ee4318922451bc2d7cc768a4c91 +SERVER_TRAFFIC_SECRET_0 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 17e8205e0f334bd5c34c9b73e7f791386f3c8e3316d3bdf133d8227380555109 +CLIENT_TRAFFIC_SECRET_0 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 eaedfbfff17ffe92267845cda264104c3ba8da6d6d10a1233ef388bfb8bbbf2d +SERVER_HANDSHAKE_TRAFFIC_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d d42056ad78e6cc6f1fb4a369d5044742a4241f877431bebfbe840a689d81bdd16e2505a3f428f41c00b62985cda19331 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d 6c0902e413aab1fb0113c96387fc11e8b2d42684083429102df0f1730037228f1e225c1e7aa8f559711d572b274c2569 +EXPORTER_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d 2b125c1595eca3737cd16e32b1da984ff697c30f0c6e7369d24e5bc8833fa8797a6847ff6051f61bd81b1e5ddaec7f39 +SERVER_TRAFFIC_SECRET_0 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d de0adf2cced89b5634546421cb4ae2c92d40987abffd83f23cf27a2e2d8f2e4645abb3d7a26980884384e883d0b9437b +CLIENT_TRAFFIC_SECRET_0 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d d1031684006f9e3463e8411afd3926af09717c286445d550ea436c27b009e13d0c02b4bf106ded3175a26e850bddc99d +SERVER_HANDSHAKE_TRAFFIC_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 574e234b9ed1fe38053194bd7641126bde6e0e005ce33162d5743ab34a99327fce670b1fa134caf943dfbc0a5d686ecc +CLIENT_HANDSHAKE_TRAFFIC_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 838049b240d1ae3a80ff4ff0268e248588ec6913f4caae68dfeaf4ea03f330bcab4606d1bee74d299be6c800b2671595 +EXPORTER_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 13965d7ae6d230cee91ebe990c07e7d5ca46ed40a6924a91bf60901618226a88d606fb5467827cd1d3765fa827476a50 +SERVER_TRAFFIC_SECRET_0 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 da4c9bb2d82ce66a35ec5899a9f7bf67e2f24e2b190f9cabc94dd56bfdbf39f54d001da93120554293f711972f03fb16 +CLIENT_TRAFFIC_SECRET_0 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 f7f968b5b7eee2b521cda8575822bfdb2887913764a08e35648a26ab4ff98aad230b192ae6b376701395575a372c1c3e +SERVER_HANDSHAKE_TRAFFIC_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 fcb2538d16f80d242d51c0a35395169944182eb5710fb984d03c7b8df864b181642af07af807a75bc133382641ed8bd3 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 551c476c45b74d91062991523ff7374b211575d497a41eb0902c3d8329382b51c00df6ebc461da6f2bead0a637352c09 +EXPORTER_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 e4c4e35876208551f3f3db9916db2841e2c81b730e9815e52c319ca82e718cad579e351fee75b7a94181419f83d705a2 +SERVER_TRAFFIC_SECRET_0 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 035eed62f0d1ff88326220347fbb3e60e4ee76c99b3a73415f55af9d5cb0d7a2e73e0faa29097acd718fea92c811558e +CLIENT_TRAFFIC_SECRET_0 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 869488a30d316752c049f2704315bd505f2aa59c608f20867bc9adce929aa25a774500214a0bc06c34dc6774add3b82a +SERVER_HANDSHAKE_TRAFFIC_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 783799f80f8d03250acd957dac465e0cb95a5c3b5a1adf4b928a8bceda57246c9d722d02675504a512d7800ebd21f7c0 +EXPORTER_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 363ac8e9af29c6063792ca3e2bc7301b6cbbbfbe646f82254a843528ff708846ea934d55b4e37d8b22797f842c4b5aad +SERVER_TRAFFIC_SECRET_0 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc f5402ccfccbf4a46844be1f356931700bb5881ad4dfd07fe57e7330afdfeac08a753035684ffb2b48f504ae836fca1c5 +CLIENT_HANDSHAKE_TRAFFIC_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc d5f5c7ac89b41eb782181a5d230c8ddf51233f6d3989b4944a95dc95924ee200fe4b1fa02b3e6cf07908c334905a8961 +CLIENT_TRAFFIC_SECRET_0 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 6b37aa85b4698e4d6abfb66933e3fd4283f9fe08faee2a314ce8e1b95a245ceead2f64f4024c27e0cb4fc3c7b20f7ad5 + diff --git a/samples/tls.13_keyupdates_aes256.pcap b/samples/tls.13_keyupdates_aes256.pcap new file mode 100644 index 0000000000000000000000000000000000000000..2282b8bd3d45821bb75238b5004f9486b6c3cea6 GIT binary patch literal 5443 zcmai&2|Sc*8^+&RFeYmlWG7p)FF8`k*gGUG)>8)wO%ahq=8#d=$xf8*MCeemlnzRJ z9aIX1M2KTa+8E3CJ}={pV!p@k>1V0`b=}wfy!Z2}weeam8p1;VEi8nBzc3Z&aBq-7 zLzeL8U^6ZpWCB6@q-;aTkhMiL41!Q#kBsr!4p4DK@HcbN^KEl#5QN6gw_(vZylH-1 z6!<<0gJA>YZl+`i0%ZN0bTY5)$k=eLffh_R$yq!9 zo@MCdMb9QMU7O5B3yG!FwaU~gOy2L!RJYiv?cgFn=v zH4qj9q0kT>B0&6*7$gXZL&A^{3a$}_MqyA`NCy5_1b7R=n-l)2C>FzlVa4Fsa5x-0 z4v$-d!{S(QtXLEaiWLPZK^Qa!3n@cr6bjOWF1RMPDbwKR3J<45_CBAMc74Ie`m zCv)>q>+n1$Gu+-$VF3{0GdRT6+d_!}Ay(ae=mALn*OCY7Bxi)?lA$os)868)g zI1v~*N1+7aKLs(v<(s6W)iKSX)_!4?nU?$6ib=+JEc`R{Rl?qb_A!Tq zu5rxYGPO`xS5H;xtmq!z@{MX&8TBCIe97-(?`v{`3~qn37n{)*iZQUM=iKJk=It(e zKCyLk;IC)RBf_*#Zr3x4->@&SY-(F#2IjjBm)=pLg@M%6dEfqOeUXRT$l_I&)^EBl zsp7rsh-H3`*P9(@<*j!WY#kO7aK1^5dLP_-_9&0&XnkdN@{JDGr!%hutkfM@+Iu~y z_DME@Ih!wb85UL)l=v5rLkS*`3}?I4cIBp2Zs^hBJNo*;#heKqA{Q%F#;xbK2Y#)4 zVx8K4H)DrsExBp9+LnKe$YGdRD3;L^oE_Fs&r!wuM8Vr?-YMR4?duJ!8t=Eh+Qelw5bz`6ymE#%jIUz8qcC-=x@jV?O&x z-)qa93X?Ydw+7$P=^x-A;4@5pFiAe6Ke%l^YU_t+=@ez&tr;}wE?uINFH330p4pE& z*T&O1t~-S}L}UDw$|u*#{c`BLxlS{_WBX@(?<5beg;~YU*Z|L%-bVMT+<4EH%x2ZX zltACty$!7I6dNr(WeN{}86?Nc4bif8Y`Wsz;B%-cLB=3mdBF2zFV}%G=ysW$OF}Er z`{l_tM@f#P1d@50;-6C2qT`kUV*>*23FP}re|B4b>Phf`g z;q!?S7V9R;D#XW6KVwRWfFy!HqDqwN%UdFby7;kY0xTU*wgj))PLGrHydmVZhI`Z*bD zC8earhNEQLwVda|U0PdgZw~F06sWP<{o%+?L2Lb78Mmza;=4!AMHD$Y@3E;c8y#Nn zHUF4bGhg^?oz)-DuCS*?_NX~U7rG`B@>Fk!2izD@0X|LmB!Zvv(mcD@9iTN#H})mJ z4B$Jwe@duTb>{u7(w?Ddhl_zO6iGYJtiQW+IBUG(iTXQg_Ee;cC>+4XB)Qt(*OD4H z+zv)l6Fiz$A9kc1J&C3rt5R1O8#9Zi`Q1|kIR9>F4*DfHB;h{0k1`O zxG><2Pr(EJ%n$c2aF_sy*G$on5qzpWBE>7E%kX2&0ScsaSSR()`Pmu&Ak=jT+>;>w5SJ(8}Y2|iSr_~Ug=dj*bg zm8!ahpWc-$QPq9r@l392v_?f}Db1EG0`IhUk;H#ZBf@%9YWt8y)78xOPNty{)@vO9fY0o8pBVEecXiHyYHuZ>|r@ z=dyT3D}5H?FDW^jJ@k85{|C0sWjkigG*J?Y9*0x!>`-hJh|M7K@~=rV9Lej^Jcn*JFMU(ce<_c*@KRhN-?20f?t@8(b$(vxVTCiCJwrlV$Z+wJKB| z^J*vxg(t>)erTye?`>6d4li|$$~kfH=EL@9Z0ygiYr5z4ZJJc>DxlMJaD=SVV~2Qg z+|uf4FU;Ke#7@33WIvZI>q~ZDWB>KQt{&zPXVBo zbO8_}nfj-kLx}t<62atK=0E8I;=k;-2D>OnOo>tFCXEZJ>6RsejU+ zNLoMq#=~APTx*iPJpTp%7BKO&A^F>oE+IsS?td}=1tRcoOwT{F86*Py z6FP2o@!#Xt+aO$WF6{mTzNgoY6T^l5ff&IE$1MItB&?-hRTkqix zh}~Tfo5Y!7BEM(+_^bBA2ffsiGVILP4v}wpfEr4f*KirBL5Qx%P{WIrYS<1F6}i#O zrcf~;Hq%xlf*O{d;(`fqFp;Nttj*HAWJ_lJ}bxl!N~V-_m}skd+#AaBgZaS>ze+-;HahP5><$thIWlNmr1hmTrfIr0@d6wWjRLlLB=W zDgO!+Ma;RF3=7gz-C-XTeed&kf?a*Vhd53vcplSAyFC9+XBQ&rhynAO>&>$op*Bz{(G;Z z?7uqC#Hro_N>o^hNl;}-P)jp#u`D$>D5>Q^Ehquv6QC;Xy7E=kMre_WajzadB1n& zmtokza>RM+N|q-7l)i#(|~7;+9zpAzfDRzUtak zGNP-=SU3P)a1v_GA~idhy&*OKq9#vhmO;8zvJnN0aiKHL6#egzuQS|Z8ngV)4D|P|$=!YMYQs}mf@CBT5DW?fXJ9}Dfn`wJ zEbtxxdUp2CAMxRz9WVe?9AFfn517CNm;n~xfH{B-kH#O?3f6yTS%yaj$UqMXWfNb?zZnm z;?Ek^(&7@o=*(ZX%JGn`eRuulH-mo7DGiGcF8WE3B<+jM@XfaF95I)*DGW|pI3HWh ziaPOU=H(YB*f89=Ya}Zx_V_)Jl;{%y@K&$Dt|C>?<Bzn2lV0_x?#N-`g8Lrw2xMUsv{3g_%tn!goHn(E zaZ7Ctq0OY`Jpw=w%VU%h%MiM1jiEt@n+utswAFcVFAHI$-UE0Dsov(*a6gJ{UQBz5CXd0Zle{fNlh1i&&FLe!c? z22mjW0TIi!6HySYCtY(t+VF7uIh!H7Jt601KlR4>r>q=Vkz%!eSN8dDt`xR8S-Ut0 z7M;Ih+Mu7AGWYxWD%a=AxiNQ}tUfUd9V}c^O+32xqw5j_%lM4-ISB@h0}*4*e^=Sf zbqFn6RiB%Y?-clDaAQMZ_%l&z(jYII6L5rGJxt%6BMt2C7=9YgwK(;l=-xb+gox~y ze`EwQRda@HZ_ZeKd~4pD+qacZ++8cudwh7KODnS;8}1b`LYA-aQ#^cN`g~N}alkP+ zyLKSP&X`fG+~e%Qr0g$B|1N-97GRagy}C`oJ+|ND7TfZa(xv5*Fs*mj;a@U&vuXN= zx;xhqyUV5NWp`RF^X`-&Lv5g;x>sbTB16=oUeS0g-MHcwBj%J?k}C>@#16fgAO!9P zwPumA4B!Bgcv>rw4TJ8ZUQwX}EuFkUtGC&1%x;MD=so(YJh!;UMKA5SiJ{0JO?v{T z>DDi;BqPR9PaBVz5fettXL7{Qv_b_UF4Uh+zqE>s*ek6>bX!f*U#KAUOV}Q@&&!u| zwQ-UvUlc~&igT9n7ReLPG%lQ`TR#UQ-D*}(oABQU`foqk|8f1{kjT151!8DCYRw}3 z_vcVZVu@BF((kSIzqA-Rg7h%0RVZS}JKXkJFXjo}6BBnv&XHYk4%_8Nml%6B)S8639`JS5cON)_wMt0H0&SOGO zz=~t17M!ZdZEp`6K$G&O)y~05qkdLTny@|;S})Y4{pz$tX$|Ryp_(}1hLCi_7;1m} z^YEP;)a%o^!J(2Gr`}9RqbOOI8<&MqyR+>SYQcyb4h(2YQExMxI>u%Pp7$|7 zgLW3<%DWRJ060x~mxeQ#Vka_0RJKq?f}+-n*7DYqvIVlm;O{bP86Rwu@nrMB78z4!2m~^1nE`MFh2SV~ z1FpasECx!LAOhB^2Xp|?ws&w@M8ZFNzydS^)(n{NdnPag#=soB4@>|L?&ZKRhM@~= z0iQ-_5p;qvi@{)MGnfn(gT~Ne&}o2nSd-EXtNzX(7DtY~T>#fis)Cy1zYnwAI^$9|epyao|D1OYs8 z0Ne;-uxS4vz2t#aS4tA|8g`>(uIZBxtHy%$fB*5fM?W^z3W01P07g(fsGnLZqz%*s zQt(0+!1Do~18^z18~-c08+%bq;24e@hF)zh*tFVkzBJWrS@^`^z8t~ON|H%u*zQ@? z=0+oMGSr?$YSW2e8r=Z*47N8QXQK;-4l_s;9cdRN-XxB+w1H5$9 zxcq;nmK=fg%%YmaF}l_Q2@UWF$sRaPy6y*uUD;ta5@R!vnwuM+5##1uu_eQ)TPH;a@_pb_G>Het#ujwO>Dzy;*1IZ9e9yh4jKE}Q=>ej{O9e_Ux{9ZXZZ7# zx`X|BJ%;Vhl{VWQY3x|{aZ$Lv#3S#H(68#b34fR4MuAfvcqKX=dT;R&9VbI{&goEkBR-AIl!xP>qW&WJCD1|jxMqMx>4jiv{%=of`D@%la%}g<~=bIA={cW z9`^0=fJV%rKDF8SkE+aQ)1S-s4i4DKeo120M3hzX4dQ!-6M19tF7kl;yx_Uje5aF- zXxauz^M~qjPu+zL1$B#FHYblHe;Q}izj>g;HT%5>o%Eh71ut$s&rFg>D6;ijGs8-G z86h9V#*bc4@eY|7Ki#(4yK&ZSW?YvZDxIbWZ!~oGhrql4-Sb2qM@{em_1!-?!7Wl0 z;Xhcwc`~dqPte_8gNPgNu|N@|qtIN`GvPaVJT<`wrX`{Yo-s8~Y7r3?Yr_V>lG{|- z_cG}phx59d3cV-d*BZ4nyuZFs*T(l|6mY4#z9rNU?!+*(pU)9y9a>-MiM3yt$8)#4 zWN?D+IPT){aVS6in4?YNjVoc{Ufx!T9(}0XSXl161rR)?2I^yVxswC+2Mah*yWV<) zp>k^xvGgGeSi_lyLUU1%Fpl6EB4Xpy5}^P}=9B<+h=>|G3EvpX0GPuC#ozAmlyuKE zOs~1@l~5TPS^2o*Z@;$Zhpl4akJH)TckYq-=-ydlw8OoT`v*l{?uLgG z&KQ5rmS&jg@_M6Y&-0h=S}{*yGSVk~HtsMMR8WE4xj>FyXD>F2ZyE4d+}{z~+9Ao% zaA9Z5(w2W(i7jpg6zr?d!@56^-|aYeW_5d?6lcs)=B>IfTDULp;Bx9A^gYz<-7d%z zsAITBt(oc=b}7OeFnA1=8pjZ6R+kA~_##;gY=iQn&|K6p+$a}QMC)mZ=okj7T__Ji zL}TcJwdz>mwi}0E94}fX6pki4hprD^=XldvS^poW%%t?RYbbRhO#SX=1V2+p>XAD2 zj7g(+unq>s|? zfjXti5nJd8@69Gq$_r(P_|1$>2ox0Yt#|5%N#g%BaiNTALgk1h+qyHUK5^)~;f987 zdiEiWzeF_ppp;oNHX+|Z>E@?yLgfSxI^jQE69*yjP!?kbS>!t@qVKfC+0cop*LT?g zBnu+;LEKNbvQyOOGJfZDGGBcNtTjjM&X1*i(@MiS)y!Z zD3K|ZlPt-W`Wl*ORSMtpyiAQge2?EfKfE*l`dVa=SPk4~XFBA_5%z<96q$ zYmPb|n8M#taV`?r41f+JLJ#P1`)Py#fJ2oXBy2^^^A8a;z?xb z(Z(|Le;k3pgUCg5k^w+uoeDNt*eW~7m&e5c(nZrmCK$hx5uHuG0m%li6DrPyXA=l2oJ`WK#jOby@-mmF4n+)KjK=rY|(z7uqKR^`4fe8ppfw}|$9{}@KtzNf$CHz?hcma_B zaCkrl;y?_@012=NNC8P4e1AARj({Tq1^6m)SWqG0hgYSE1TF$Mfy6^1k>-)eBwiAc z#6{vJ;<#|!IG_p$cmffq13V4~G=MTtgiu+_?v0;Ui>lHXJ-CGLQlzkXpE?ZwbCY_E z@v;2qbH9Ss$iOwwz}X{V@gM`Y{u;I;HO~hhDuf&7hy)o}frxs#cn}2lEGo{0A|dW) zkq~i92s@Ig?K4S)k>Fi_L{f!_;sgQ+!~<}MK$y@Ta~8gfx20Z?IbBPx4EZR0aJ0+g zK+kB-K7mbETcrMPBrp)L9D0SU(wMa95n~#rYSVjWk^SM|m+_7YR=AA7|`RGyCCm0Ma4w76!qk!{-jSK;N# z6#1hcXI^rm^d!azFaxeC-f7vkeFNp5`?5ic%J4fQvU|MSxl12i%+=dd?JLGyxK}z^ z`uWRfk2OnAoLk;&7rv!wK{-uX$KFBHR?%C<`r-yz?tZu2+Ox;pQV!C@(_U-eYVJ}x zqVak`F5O+@&rkB+y?y#CSdIJM3>gnaXIKmfs|BXnM1x_f!>2a~>}@lz!fwMqFkS z{V-(P(+(-Bq@bV|r8XwMWF5tD!%4yQOB9}_oJmhFmh@Tb_D6)fSZbD7wtvfz5o^BL z;*r#jKNhFdRV|S0@2sS8IpsKp-FRafSF^Q=m>&B=>x#X$Xu3HV&V3x4j}tI|%KGLe zu5n3gua8T8eW#yGwf(S9NL-#3rL$V2U7UNT$mQRADm_uf+TGutzR<{j&8?8F~ z%1Kj$rWBK8G~h}hw(mLLEU6wEt5%-YeQ3qk{GQ;O_ivd-(p3yPj5?ndU)wFVLN4UR z#v{4(0Q19l?5g~a2C#A-h$=KmDTarqzYbWGrtKq>YZ4NzEB2;TaimMgs(Sx5?U2kI z>BGTNFX&PWSCL!w)%|y~mYWOO9(>?+IHT^wsk0Zi_wME={8siW%j|WIG1$ zUBUx$PMu&zzU+${JBfl04xIJu zSu}az_~3nc+!Nt+`@%8Z&@8G#MCr|Va2$>`RGbSt!v17Xu>)shMk1VUu9$E9S30}rlG&yhG6X66m_~lSVif$odD!vTBEvX;StsMdJdU8VrxIy+}10&uU}!~ zt;R~*mHOI7ui?*fD1$3>voWG}#7DZ94;B z9*=Oi?It+3-H%AV&K(Ia7D+vuI2p1>I2Q8sNUBlDSR^K!d7_q$EH}TdEE-@qwCl2~ zc2;-!NUrj*aXYz${UQ;ryMDU~1`K7IO!AUFaFLu8vDJOTmm~ZEhyz1Mx9otp9d^F{+e=%(>ur&=- zf2e1)@sr)kapw(*_KOuu^?Dm6Lq3%jD7_vZb1HPPSG`{3757b~*@3Dhg||0si?rH# zPvM0O{TW_z+_(&$jH9miVYfLx z<$S2y)>3x2$qnF1fg8Yi`lr0JMtZc9j))40bLnUCW5nbciD;7j)Q=G{{qYv+^~xPL zgmpy|9&E3CxY8^8*n&oV7u0Pn>^8f8#%av0Uv5`?oPBvbW2gI%>94s5i8hb&z(htQ<-c0oOK}Twk{`owy`=W&+hTmGR#R=pOT6dnTsm=Y4dila$ zv#VzbU|wDO#j9B8e!z71QLp|!M8r4GrJf}?qx+M@|54xHhpA_lSr~2_67iODzPXH8 zYI8Z=If^F%^%8}>W>?RM!<<^hRzJ1(1EBYpXHw6A#D?bpI6>1p`C<`@v0h`S(pCyD@Rm5&Kwe>GU z^Uq9|kD4(v5K*ZM00*cW73ad_o3VsvG=GwaRNO)}Mja*UYBfcTOTp1k+x?CQi9ggSjCLwg0$>{^>@= zoNh4AU>e2QL=KI$q0`;SME+uKq_|l;a9!ZOvI(eUqz6mx>hi8ZZq&g}n$U1moD1_E YDnp%gn%JGDwAZ3%TEd%2Sz`eH3$4)ALjV8( literal 0 HcmV?d00001 diff --git a/samples/tls1.3_aes256gcm.pcap b/samples/tls1.3_aes256gcm.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3b3a10159b6115166e02fe74aca06a82fd741d7e GIT binary patch literal 5363 zcmai&2|Sc*8^+&RFtTN7(3nz0j5XO+C|Ns_Qd${FnwZXH-%XOrQnGX`CFCQgk3^&< zB!ozjBqc@GY+0h>d!Lu-j1KcXevco9|8+greLwe$rt-WSXb21av#<~f{v>(^eYA0a z6EcH82Ag%^AR`FUqqgfq`kc>N10e_ncAu-D72b(&E%?q9^z7>y6$nCOXJ2E{xMdfr zv@O8bQ5XytAirfxh9E%JD`t`ft@>OiW%P$(x>SnLZ0+x4KxdLa!em2O32fGdc-~0; zfOzg;lIJ~3!Ss=!QL@wyK&<_;C{YXz%@TeQ zcK{+DgMtQOQXdARcU-_dz69bK56{w^T}9#NCF66u_Vs7= zXDE~FEc!ROy{P>pQkB24#Vf#z_k_S*V_66%j26ZSqo7$B_!sPrAL4}|Zq*H%N-FT1 zD#Qa}F%Sw3Eralo2t3&lbYnA?Cv&E?pJ|4TKnI$qaG6;3Ie^etgh!)C@~mK!`g4(PEMl zx(N3z*sKeb1?$f^4T!!RixT0oplQF#VhMAaipRtPEX#+9h+D#G)jU@Fyy5qH_#^Ogi zj|Qnb1}TldPU$$chwy`Y#Z-jj20P`1V0CW&W(tjy!&~CaLFmU`LSc@A+DQDjpOSq| zcVDWXl)t@ACj32l7dh>d?dOnG&G4Y+6g!zWmz<=t&F@qwO(q$d2JbNzv^`#sV!Y27 zLr8M}Zx=^a=fy_e?i7`8UXhby2PPBpuIL$|!hfjTyQe zKc9bv>UV$LmK{V_HCj!HboyHR^s!vaxZ6J*n*PH@bPOB6ow6mOFuoMu?OD#vN!kA_ z#)1zwnN`y=rF-iz>C6}N$`h#a#OD3mtY~OL#t~wyo{_`N=Z3Z;g*ACtEf{TbF3ta-A|pyR@@)%*M# zFFG2&n}zx+o|g=jNqdjW=pX1c*1S?-xqkV8-MhV8r^ga@wb>kOmoxW537cp}m6NLc zxjv+z>l=(iTd${avt|!!0oHUK&)<)$Kh38~z#zwc2)ko!pY-m>8_sHG84W}uAE-GEzUmi zVMuUmox8Kgv!C>!fTL5^wq{R)o%t|dt6rVeoeBCmS|AoO3|+EM75PNi=+j4(8wr#r zKQEw)ohvXq_U=SA#=KGM5^?gR;?)O24DEUcZh`0w#Zf2V)95SDLl4ibm9ZBMc~)Pp zn~L)|L?){DU-o#~AnHagf9KdH&85I=Fdkzz6?46$J@;Zl)6tAR6?^Q&WUD~wg#Qsc z>nJA_7)=iFXj*#MQ9mNjpmyeHntKNE<0oZ|bl_q4jb+$@(PRmTO|zU(G(6?NW?jfr zErj|BAx17rgooXX*RNq`1&IGl8>6nSVS4@()b|q_v-vp6`S||e0SWDdAEDy(hGwJt zYgYEnWIp=w@xSzg?_HjqUawUYm*X;}s$0=~QHbGu)5? zzk}&;ZonJqzyto+Z_i!e&WF%NeY*XQim67~_O$0Sxp#su2$A-yzcfD{Ega=l72gza5hF6YJ!q#cm%d1U z3G{aBS=S?JSE?ckdhQlKOBz%5!#@eWX8&*vwqKc@mOk@ZB5-q4YTaMJWE zPd^LuwOXcjvPDJ&E?WgzQ+rKH)b+!co-3`O7i`*6qQl!O+8FJb5Y~L=oLEWQ!8^T& zEvv>J=JF+0k|e7dD!a3?ZpJi+i|=r>9?FuaunM{nj;VIA4cY6(y{huVbFQtKV^8Jd zHe4n@vqB%uO66^t`0VtqDESkuw7yk_W3Lm+SLLw-rk~5I)4{!VQh}!W3?e*Ve|Zdwt^# z+EA%%OVVX-f=Y(OA8Ng6ddFoYmD{hSHR$D5kRGGnH+<-xy)Eiz{F5$U5!2KD$EJ4N z&XV(6YQ@Aa2X5|HIXb5H^PbDL!^=i3#d3^9RXpdRk>U8AFMc39M_h5E0t1=?58l~08kb-8B1&jI-iH)v{Ws4K`R<5Y=BAn?fjt>xcMUDS9qFps;Ga~A z38pw*8=@bwJXy)>&!Z@KWgW@kimY;M`zodW33pL{{n_%fw<(}R$?Qwig_Nj`8R$PH zGS>R-*CeDwaWHZ7ECxCZUmvhp7cx0^Qa>Zal0}JP@GoB5n77D80o+S)i$o_<*I+z4 zjsDL6a_d#AEg{G@bi;=tBWIv?3|3pZ#TcGIEzpdqHrEiwT5vS-1+FfFn^I2cGPbf9jr(wRH{aWFy+y>O5+4`q;BWeBi7Y{#u zQpR}q!u(AXf&Z&8@kk8^bO;U}Y}SS3Z%OSzh>w{5=PNo#1pc=&^WRAWMBpDk_*Urg zJyfRNsyy8meNWU|^1}Fm*iITCro%)s>>F&> zh1lOs?M3VtF^Ti`laWAxeG^vuJ88f^feVUC;~VO@N%c%L>)U@a>xS=lqjV*2*WeyG zpm>x08GMj47&8@F&cIme46oUifZ>Y}NsAKyRf4%Q;5$--5_%1ZDd^Yfcpv(Jce$=< zc;Zc9e~_(xY9A8VYo^$IU<^1g>QeS`wd_j3@I&mcV-n{Bp~6LF1T9qp=?Exq6YaEl zjk-~jH|;^{y8$ha<@}$YNq^V^&aeztT)K^@{m2=bnTjlDh+6CnNiebh3lF;~G=LEA zFG>Vw_;riz(?Me*x46|X!!M`I|Nh(B?(y%+N%gWuMrAx@MnH{okcW+bhChi;m$XL^Q&}-#bIn3Y;(li6B!b_EXn% z!wfM$sp3pFRmWDkEb!_8uO1NN+Q3eX5x8hr*>L=0NW=abc|h!h86sAHxce;WD&6i< z2~jBXyPdUsfa;FT6d)!6i?Qj|A>?E)f6HnN&Z=@@R&!!0FtNvuhh0{~2=U&c#06RX zDf!Djp&-Y{e>#wt@}xTA-GSQ5=VFfh#)?2J+nxv74-ZzbSr;;2Ef_&aR&q?S`BtsO zI|&FNS?M$9D-ior5@aQeKR>lRW8YuSA>rHWDY0wnq*lcMr7~EFO;97qu^O04b4?{6 z00;GcVNi2QfH=k0J9QKx7A{HzK`rLpwb)~tzm{YC>Z`KY?*h?fdkSrVk^q^VcSbOh Yl0H*uKBf0?O0q#Bu+p!8>dkroAB!2Wpa1{> literal 0 HcmV?d00001 diff --git a/samples/tls1.3_ccm.pcap b/samples/tls1.3_ccm.pcap new file mode 100644 index 0000000000000000000000000000000000000000..6154860fbf23c90dfa6ca39f03a8918ef013db32 GIT binary patch literal 3990 zcmai%2|Sc*8^)hmjIoSEqah-UU3Q}E6-6g&q(qDCJ24>)6)NW-OF6<2DiJzbj?zJ> zC{Y+HYoaKQFG`~M-e;JO`tUt|_xv#9e_yWadGF_a+wNb_MFTAOcVPhv`N8xFI83tu zzzq2w*5ZW+#sKIN{0)I2PT4F902HkB>wH$$=yf>wNgA3#|E2-}8q1(#(Rj|JcjLF< z?@<^GJ0usaNCp6sbt_q9KCATWM4BNNLT9I~Vl@3shIAIW3?XkuI>B1Jn3^>R0Zh$S zEb@Y8c7)DN_(wRk}yicAQEM5TjE5(UwKA@H4e8xlzv z6c|BBLm12sOaggItuo=1eo1ueKT)LU!PZl8H*M4ne-}%O>WK^x8yzgZ(*EY7Gf(C$ zPnhsu2ep*D?-12)b8WvArcu?h8wapNEMOq83`7?X;0Az0RZUAt1^H41TmXv!C^X;% zB)|_ufB+B$Yk(jM`TtO86b6L_WaO_%NFfRV0eN>V7Q=?YVessDJe~v3iRZ#&@oab; z7R83bp@0IwpfOmW2+$}LPzTaL5`l_&UsLVAb-LAf;xg&TOW}Yw?1SV0|fv zA+d(MBoT=O?fgBGN=PJOFdz&KKnMoYp2QcQrkR(s&C;*&O@C0WL&(_c)tj|-T)kBy zA|Cv5?EglB1Ok*0ub@@x^A;KDM?QbalT~@(>8w?XlhKLQnli%xN2d-v|S zl=mpFV?ZG%N#=-cij2B~kLS>IZn1l^2H;s_0h9G+Z8107U@)nJdXwJijskL z@?okRjZ`IEnYivh`?lSyVEBgb@l77rTs2gsGEU8ZN?+X*QD@HE+-K?ID`BQDPI!Hz z@1%ZRyNs~DQLuB5l!XyG6C61_(PICsC>Wh)>wS|^XHC11_R%Htf+RLnWGL=L=)Tg@ zRaY&rf|IEMvc77zIoCTG10i2Daymuou6-U9t=nJgN$B!$_mF>jh!|`$b+*ZtucUvi zo&ir%%0(|QM{DTf)~={nFW*pO?I9Q$8yfjZOImBV-ua7V=GvOPpoiz zu^TRKRfjt|KTK5brkiH5bFYm)=GcR-fQULd4b+{k=>4yA=mfvMvbxIO)^D1bpre%@ z+%>!EkjTJ{^K}-zs!3Sw-;!7qudYWD?{j>p?Z)#!tY+?1>f0ynThq*k$IKF3O~Tyc z%3IR)4cv~^ytpRX>#6O!alP3ZMxlR{1lD8DEMvOeH(HD;v)PgT#*h%Te3*MCqOkAb z$)T^c2l#s86O!h-|8O{Sz{MpU3e_CB?$tpWk*m;%v`fxT+Tg7hoLm}4Z4V9Z^teK4 zxDiFy*5Wb#;O)xEaVa@T$VEr?%2@U$IE#o5D@`{-5c9yXV9lb11LqTww$%igZqtjV z8=OUzkQm|uKnyb0U@czEBkTy_2$RUOBoUcz-`u}Xw<<{dcf4rwa-KFA7*C3MEEVwL zFXi`+2LC+R$6Hche)!hpi~@LRc<*Fj1n%uSku>U@I$Oyjzck_rg$bxA9Z|Hx1b1Oh z@O>;r^Amili8Wem!%v4QR8$3tg{~_dsuWj9tn*%y_~W65LS972=d*V{vYcgsb?YFlB>L6%KZe zTNGNNi4nCy9u;VAqh3iaykPo=m_=S$T6T&2#_(pTv5;*a#vkR~usc`SFGKr`o3Y(s zZkH0~qwxN@$e~(`q2t1O*YGvCO;z5b*;!$Ax1Ojuo_m3wG-7w5QZ>$`{GzQ_Ch-{8 zyD3ibC}-@A3$Fz>>(Vkv2|3WfBE-PuBOwGcH_1+xf%Dr=Yy**Itch$p#-eTaJ(9MS zBXMI!;>9A)hit6L40*XoNS3oHW!n-Oc3+zcP`F!HjX$2RI%h|gQvIUi-!|PCjjb;y zGp^e2aDG>#snMz_KG3cAd{bxcgi;TmYGerUo9A72P61uR@uxy0vaS2ZjJCL@Z5SOL zJ>o8VYxZE5;sb<4A8fqMm29;v&!A>J{q#;k&d0wZBC6X(93n2Zp7G9+c<^9pMzr`tV-{RfVdRoEyzPSpRsH z!*0`LNK`3bNk7GdNz`4E2q)PO`lrcE{fggmD>DstH64un-KpAIDAG^%bwdJK9d=Vk zx-GAtaFprRPme2N)o-S;M!WF95iuUt;>Gmef)L6iDzWr0Bsx!o`nN3j zKf<;XIs)~Rg3*?pv$ifmfk*wG64Tw}v$2ugiq5c^1JZ1H`4ms4S-V-y7VI}f?DzS> ze%K5tNK8eD$el8?{zv|=6fY)Ge@P;gZ@5T4LWJ^(Zl+12-k7@Wis#ENYnKs z0%b|;(9sR(b&N>lMdW2|i;)39WP`$4vhencdHoKZWJrIOEHYg+pN#0UWGW<^!b)gz z4_vbjvl-XiF-!iU`5C11GKC0$qXac#GkOsfY1L@w1DenhG`R;NVhYR_L@XRxkSIw2 z(-L2a`iMv+VxSk2x`@Q(zb5OrM!L#>XW!8kI&S0X$a*k#WChVl!CX?PK+(NI*8fRL zbH5;Vqtfc`vWEI_H|G+jmVNa0lVu9k;<7Iby#Ps+2TVg)BGk1E2mrvRsimi`0lzc> zKOhkSMgU6y6^MbAKmy1BDIkf#&xa8(B1QrV@V}^VLWN){{Obx5k%veoQg|s83Lj+& zg`YyA@KDGkj0YoQU@agLh$Nr}2p9&mfg)H1p|U9h+p|Z`mIm(-nuu6=WL0VFkL8zt zsE!W&tigN!w@({Qkb#?^f!~gV+JOvQ-7;(7m#}$@X9CT zkK2s)m;2I()9w}Z>HXhGU?4ypdWEdgp0P-L@~%%u#{PFA)^40Nk?}gE&$DS)Gp&W} z>=RQv)qE_(V0jFafZqiz^d#2i4b)`$-1&2}V(=088sVnwPtjehV>DK-RvnM8!U=zw zu`Rm~mxeP^bJHV752gxi`Yc}_$2^l?E@9Q-P)vVyyDrkrDPqgk{D%I!J#9&1gzu9a zEi}U!HPg~3Lrt`r94~ly)Rmv!V^^=O`=t4SGn?nWLR5^bXqlPmFIs;72f{_t^fmp@ zO1*x5Jo0=#-Tp?IE}NX~7iuis#W_`-ElxdWBRzcFFsk}dPpp<{Zn&I?d8SwF35%ix z(#WL8Pu_3KDTW_;qC~GVrn}Q3(jRXLIlR2?YL3fAlifxSY3z2=)=BCbJ+qh^i5F7s ziFzvDxm^^Y zjmnE5|2p<=1FsS-f6dZMM#EkA+xQLb%UrgMoUDGGxV$8_I9%Y(JK=nGGmv3&T27c(+QAOKr7RxxjE7A$)qQXD zF6<~Pi#osv@9o}I^}dhh-^un94_k$`X#C8I9NTN^FRrK?Rn~E_h^;zE`IAk2Q#Ti%SX`1@!-h_ zn}>gNhop8moci7KkoKhDxm|7RBhILK-jR1F94is_^gXYA+UN7fu))UQk4}3WvXm>^ z{`&!~;47~LXr=!0gzIO1DoK^OoU=OU6;(Ld_}0Mbqw=>^bVb&SPdC(Ad);J{M}qCP zvVGU~@r?$&rG4+XBQ;R?icFl0S%|XxBf4*VqFso7mtol-)|(w$6Q)e81LJ*u6sq$5 zbN|j_#?T5WQA&9%bw^9w=}I>mt5Im<-nYJ%xli+H?#<7IQVbPCG9Q)g8yOE!T5@er zr9NIVBcU*z`Vt9L%NTATr(960c=Y_Jo#UutZ!V$8So0Uyyv3+VcT}MAS z*ZxDB@p;s1-oak;?e4{F#SfIW*L|C&hO2xHeW0B%VqXg=U2m zs>$o8XwWmm9G~6KSG{+z5GmOTm3;fNQ9JR@+%&6XrZcnUU}qkgcUU4Nc(0#=L}hp) zp~*e)!*V&b3lUfSZ$TnDECuI$HWQRsd&#h@>NZ=(@jK+8Ws1}`tGaDL{$U1{RZ{6? zZUp;`hX>bWP6__Ly=HQ)d_h=_wbhhJZ4~QVa^kx#`sgj6o;JOwn%Cs(9@DeFs_*@|W5zB_dv&fDH{b4aPk@cP$@C*O`}ul0u^HNGMG0GrbX)Q2V@CQ@1ip>Y|(N zc)O`ZexQW$25CLZovubf?vVp0_IoxZI)%x&gwUPI37Um}sz!|49n3Ur{~^($j9=U( zTgWZ@xxk=OxKqSy8}hy8eGa3vpybBXCCa8YS5%vC1zedNOSvOjBw_xbexO7EMS)E$ z76r2%Uld;t$uG-nq~D>J0+-n|*E0JWg#sil5=A#2#mBi(^iuF}zZFIEV2kDT*Scx# zg4sI7?3Gw)vSB&vjw$Aom{uCAw*RJboF%I<&N1;n@^32wg$AoOFL}JpoF_0hKKhuI zrJBI|!P_-aXI^YRl$|;BbC#snbbihCJr!5P=+|g5i7nSDy$ttS%0}Lb-)=HrIiy?- zw90w=#&-BpPI^#UwsQOurFp5~X$MLSFUg{>!gr$Hn7I z)s^H_UR72EZt7FY@{sZI8uU*~=2L4ldXYMDLNih!{3s_+)wTGEi)_`!93bZEmz+`K zUEuXc;fU*aRw2(7@YUKf=BTg5?65qz)rXw(BvNYj^E70 zpI2B<7bHr;Cm@5_T@fCQ_8Hn0g7HN0z)wrxTxvbUD88@x1XVGHRTkOJJ@{^JoUJmm zn|lX~Y2EW4eNmP0Xhb}|sBS77Cq7w_h&t83x?>O#*B$8Gtdi?oD?9x%mYH54j;i=A zs+);-q50R0Zr*-}KH^-z!%>x(F-Uw?w+zss(P(lH+;2-J-i7A-{e_5h!>h{7B_MJT z5s~htBQLh->PHm(lE%^S$54$fSYr{ldvR~x%=M;^2;G*N+dEN>$U#KZtzS$vwQnJ} zzYyoD9zsN1wcK*gq)ffozTym>swz}t6Rh!V)l9r8u)eO5nYG<51-%xZryA85!m0to zXcuuYBEITa4YNMXAqsO}xH91RI77^Y#2qj;G`RZ z9tXs5z!Lcy*5X41rU2+s@P@#UyX95{02o+pj>2|SV&NY6o7q@)J4+1!ES}wt#}au* z92$n;&oMY00g`=JBm)4+dKDb9uw9#DBc3{j&>gZ@v0J_-Lpp~XgpiGqPOugqRP$B} z7pl3ELtfDAfY8Syg|L97glNRf>xERP^|&|=s3VrZT6`c8BS+ze#O8;~5+$&JExwc} zhQok&2x$O^lg?WcsX?3U2{?T}MrBY}Sj1za>p6q`?1L_^qjPPwEo6uIlV4|lD!W~O zNiEMi?WK*4{*Ay;g(UIeWM&JK{ZbO($vD79U}=ah0l)_UkGh7Isv7d44oCox0~jpe z1!6!1tO4R+Esz8f807!MU@^hoC59BD5bz_9O5<@{IBpz~KqL}*h`dA+5l`eI za^o>v7;X$u1~@DZ4^#jag8^HBB9KR*vOoD9Zn@~XFYt!wl?P@byr~J%KO3h^+>03f z@0{n`pejXZAQdt2+mX;Kpn+Zlj)4ndk5h?7=8-}e)^d@QtiypYWM*M4J}?rz51j^y z`@cl8gos3f_4pFWFbr7?hXbKl0D^G1m`+{6asNlr3V(W%ErSB=eC5`z%CfbH!{4>) z==Kig`oEDNfdEy+D`?f0d5a2YHpU-ym0}&wQ2W~FJa*K-+LL&pw~b@UZ~k(II|0vsG`~pZ zw=w<7^eeOcB~Nr&VS~wovNFGU36DytHx_C)RY~Ynm8-k5kHpT@>2*Yfw-M^PYKWKK zY8OXJ=^rcI|7(tQ!jo|8w$om_n$83STuF?$q!aGTTk9Dp5F~)NjiLva^w0h;X=}Sm ztC9QekW7tR>_j;qw`UmX?z6mMJ|8yxezrNR%SyzUJ*c8z;;@>nz1z`o9WX$mxhGSbdxQQf5^cfbLYXO1n*55+*sXzYwK>+S#zWA$>|Wjigwa!=Sv@- zS!EX5WB*W1xsY%^f}l*QXdbN`V%XawPp(1}45~Md-%nYQLTb7%1E3( z`2Mo)_npiLOY*i|O*MYkS5pGs&S|De``*=j*ci*d&m?46H{{yMneEr?dY|?F7DfNIFW}b zl_YzXr;0>w6Q7R$5w&CQ&Ua1zB?TrLQ+M(;E6)0F7 zkN0`1-5<5dW}jAn8@#t7vFwG)i9v@qsy!8~^=kzuee4cCVR8d~qb-uRRr-VroXn_y zj@%%XUT`jTjr2L%QI@l3;%0-#7-Nn^5D>DU-ILAa-{9qUt~PhzjfimbK_6=L)O+3M zE^a%kNlkSUE#<01U9XRHGY>bM84iO&HQj4Z3c0NtoVn^@#+|12Lotia$U5FFndfKg zvzcV5#n^YCn{?f@RMONvwc8@H^m@Z7gOICmyZwdiqHk|E3IV-vzFcMV7fz9RBffky zvfZW@Z8x}!h9U8(G7dx`YYo=ogI-|)6e3Ct;q1#LL}a_MyuWO>5lH-Jy=Ydik}#>y ztj?LsUPadN+2qlx*w5G<(a}3$`Ca+`q^5PZuUk)j#2PvK2OAtK9U+g{bY$F_g^Gp| zMc@7(>6PdP=i(@u-?!zPkqsXA)ujp*jX+}G=9Mm0`dvu$6kV3M^ioBMFu`}}X*+|h z@?XE@cIyx|{g4r_Z3mnRLyIl|=CQ0^VNd3c({40|DTDl4jQS5;`|N z{kbwc<5jGGb)h4v{BTBmkphR0>gy)9vm zuGB$xL;kM?WQk2w;z^2bqCm;SwR2jz2d=90yHgKfGscTp>I@$oRY=3Ksf%2t#IHl* z!lh(Vr_a->b(_+$Vtb+-Y9$7O2EJoL0|yWTza0sM2OW|-90M1IB(4!(A%%<`d(qg9 zaw1u;vSK7vXe1&W;(W*zQfSCaBZ0(GG?Ek6XD|C7lH4C{Ep{@*Jz#wVR#B?%*FZ+| zzIH+!`(p4WS$a=&-v_6HR@2Du)a44~jBd`1u`PUx760Scu!-6uW$m$}=8)Vrv%GSi zmo*2+yY}wx+|2ijT0CaMU|zf4iAr-^=$;cozC~OL7q@ShIB+<8szWt(Us6IwSE2&O z)oV!3sU_@^zu?rs6mC31=}^A+sR|MI?wf>>SlL_)7q)zb4nfjBb!&Y70}bwJ2^D94 z>t~OwSp{10`@PpNPe+=}RTsMcu_igj?yN%U(`>zDgIff$dqk;uIK?66ZjydVpx`!b zg-X={2^fhyV&Dpq@S>62<{0=-BsAWyUgw|&_9Ddfc6i`|tN>Vx54s6#DI}DbzARA! zdF5on*#wVyIFX3c#I_MMGyIO1Opley-pYy~(-;oy>2%ml7wPtG{q$KFBj;+uUw+vAqduxqdP!-(_=KbKRPuoo5SwSxQiQ1`)CUMV8(-(BiH z?A4|Si6bkjr`Im){ygzt>f01i^*7Y-6unb^`?xiMyWg#d-k0V4z*isk!X~ezo+5xc zRmxGnF#C5A?+uqzKY$ReGBLmzF&)<8gL-d65k!e8%MzjbA35Il_CPe7gGxa#y!pbNddJ|oElHuFT9tziCr)G8LI*}~`>BIb82l@FWs_CR7fLUcrQ!&-b$ z`PTHhWzC-_LivVYaD6diyH5Qx!#&=U;rrKe_o&fp!Y9a6UdDY9Do6m@1K7J09AX7g!KL6-GmDy zKm-8brl8;l@FR{{mf^pwl;K|h#o_~402HDstjq83|3JLIK%AYO!A)&!Of8K;3~j7F zo&$Z5PyRER@(P`!90RVo0 z6L<*G2layv)H*n_(?I(0PQT4UdV6bq-;8&1zz5m)xg`06{!WJcAVZ;dh`*SB zt=OOaV#d+*ctpXq61V^f;Bh&E zO8l*jKy>ONDsF8J$0`j4%jW<@VmOD;8qd33RG(^MUufx~62OZLj0}Pd)J5Gz56B!V z9xECv>7weQ17viObWs2-x`?~T0j6EhT_^yKE~qYK023e`kOts+Uttyi9pLR?`iJ@0%BLu8tfpfP%oZM_1MUAaQIX#{wC{WS zXJ_jKXOUwGdxNS?1Z+C3i1DNA({i}(RjLUmzN#Neg>t{A1TY9F%KPv@K-IRFz+>qO%c|20GoU8h(X0 zyOP7ZSzl@Z>JuU3cg-2+G;4ub^g7U8xdDcn@iKM_jk2t5%E=cOEg3@v;V-BQEzg38dkeyCn$bHHGYn z12R`bb;qhKI}$h(g+`p;?3fmYzB>| zmEW)VY3;8}Zr@H)z)V6EsNSEmCB1jNv9C6vsJ9R)n&0OiV+|;z?{)CBV`|lT@^;m2 zHkA6+b_3ZITq9O zX}uzQ@E(C@)c{M>eBtQ0h!gE*WZ>(I>o-=@nrsWt4G>nUbjFMuPL~7^p2S*Gi|3_> zXOz$3yTPq(eoH%IEjuf#59TRe_fbrd(N>tcgr=s05pg93GcsHG<7$F>DcuP3z5*bZ z_GpJz!BrqY-dJMtrzxPlUc}3*6ry)G`EtTi-s5(wy3#kv3SvFkZ!Ok{q7!^gJU^4Y zUi_FSE^J1-U;Hn{tX(INX`ZVC6cB5&7|Rm0S1rnUUh^TJD&yv&?O%L0I^J$g`n=7A z_BW3jq1KgbgB4#83*NwL;MbP}7S+P~Q5#mtz}Acv&tfJPexyfBdYYPJAnv)J3=LEj(UJcczXD%t`KcLWkzsejLupKbOPAfy=3+CNUR0iLlOIMZ zhuq-NijW`(D#UVSk4{HWH6Ck)ioz$S!ovC77bDYu-q|C8kn+AFzk7KG#_tG z2{Tq}rsg>C#u4|GfFMM|Dd$dF=7v<#7KH|C?Q{AhTQ*t|nat2zn!sF;-(+)nlP`VxG%E1x# zu!n&RkG7hfmeYvSouJ2v37xOJvnDVkl2F;rC$)P;dz7g)=&!o;$473Gg|l}+L5q4#`j&;RqX9(^rhQyWNz7);G3jigw5^+D7?AAK4 z+qfACtjQ9!8ZoDg$9Q34i$a2v^>&=k49L05&^eu$)QP4+L(rW3Au!_%CtIU^CLAcT z)b{CQX>?-i^Hu0;pT)Ud-CTmElu=#n&M)MQG#9589~j~PyprnL}>7Wb0_)e72W}4RQr4{=EaNhWhHYbxj zHroTf9D?hCj2H8GGIAC*ZSIonmE96LOx~9YcwjFZf*6HTB%o_5CB;f_^}x+<9#J&SbT>h&Bfo}Fr1njbT@z+g450pfl!fQjN10nR=8%(QTwwKKIPX{%`{W7l znoBKV`?Xdz(gIXu9(X!zxzt{|F|lR!7|>{&k(WAEl1Yv>MxB5t#E z9Gp283vDAs#|&Zd3pf<#l_zrmL_*~f4$mXV;9{1Wb46iTvb+w*GqQ2=28bG7W-t|# ze(*I>I7LlyA@MbEXV{IH{aQn*5>4A!5IR*=%nV>Z7Ux}J;1WN`DlfTA*=L`DT!QxP zN?9}g6YC?w5_a`b+UntO-o|eXLqwv|S;k zULN9{>b871C}=nD8$CwVHiLBmijv~ri!QQUtR1S)wpRKqcDdO+Vo%FG5k;*yy7&IY|~fv-O@KarLPVbm+=4G~=vN zI3IW{#ND@z8w56670cqMYf#ipC@c*HK|p~1Nb+aSGyA24+y5HvJ_+kCMUgL<>4uD{ zQNNiKDr~}*QCG`zz?#A(cQ6^?LH2lODKJgo?Bn-Xt}3ip7?(k2=;jP7$iDm;vQ=&OPCM8)mEfffoeuM##}!k zO5HqCllzig8fY=ho9?TXR6Z~YA@?0`b`4rMBm6ppW%2js_W}ZX2vz;nDp>xk5Mrxb zO|I?Kc!^$wT1l%6`AP(!>kZ<5uL667RUr3z>2Y-D&)vdKs@JsAR9NCo`PU0@Gz zk?VHIc$+nc3p#inFETD&q5zD|{HfV0LcsvaxPgFq%IzH)+c(POSlcDIs$xnTuFR(3f*miHfYhQMs6HONcm7#Ey zq;Ktrp?xS2!ig8c)~-R4g{&gf5KsqE1(k>cwQ>z&Lb^`X7F;B*iyS(N>a454r~C`h z`0{2*ldSq^D?Y1Q*NOc|&rXlF8-shAq}sY?{a7>5m4;Ts$9u(;DaBhFrgzYKwW zk?`SRz#^0Vp-gYv_OO-Hk7)186Kxc_bz|I@I#%vy3as)&K{n!sVi~q&QXnQigRF#PFsj^e`c^0s1WI_q568BJ$6z zS^k4oJ%UxRQA%F|7m9Vd!7KN%#ks@wO|-5#rflH&;5}SrezK23s)vSVy-3c=XNgZZ zPMTZwGuz`_DuZpI?0=6yCxq|%X>xOKVz{vQu8?}qTB_VIR$~yibH88X82cdbF>d{_3PaxqzL}jev zjVE%;qGV2ufZc^)l?DisI`>Jti*)i}&*#fxYJgJ+_^u&eGc-T;?&>L+qcW&b?tQOu z9-Mzj13W9*WMirXrR=2>{2oODk+UW|-O``Qv4D2Dh zu2E`ph!D+8BTZ|WvPxyHjil8J&=|`n;kua|uNH`&0hLLttt)~(tfL}oK(J3NWxOD~ zPfu4GdvfZg7kks4tKt@+GxUA6zR4q~0x#v1&j)>g=qVT8t9cWox+s>hAKpzSTuP-s zc9$KUG02!egi^f-UCZhbzL1QRC>$u3Grwln7%8NHB+g)Cev`*{t;V4$VXeE)LFeM33h)(yhJb8)hp*b=wXSQ6J%du>~kl2ek; zYQXh+bxEY+Vqs>Qq+Gjj(T_*I*z~|q?|2$>af}g)5(C5XeqIan>(QQt#f2`#9#$XqK0j}oF`BRuWjhpAc|<# zYX!5-%JcmhlD#ON?cJCCS82Z9bTX>ON0JG=!EKPa>a zVCI;4gO1*Dc79#cG$hpia4wQQoQroW=Og~Sb8!FnP6Mm{yNh%5KX&5<v`iG7**+-R<;4@XEX3+;^=X z@o$3TarFKOKKzH^;(rN#pXXnm@WsCb<1to#KT#lJRn?V;+2T5}y&IrU#{{*Fv_Zm= z(ZqfJP{~0ev_?1~;6C59*w!2hBh7pC8S-%+j8s!8tGW=}_Ym1LKpUu?zi#oy-onC@ zCk-tg>-#R%K}SLJhh(`x5WvX05BCv&<>+6+Kiom!wuPRL8avzgM~w}uR31XVuQ6C1 z-@j^XVq5A0@?8(G$QDhAi<_{PyL)#Fl5}5}?oi+SsiVbk(Qt!hJiN=$E0~~j*;@O! zXeC-ZmbJ)U@qn_Py1Js?-kp>gpRrP0L#4R{Z5!Gory^KLGR*`?fABbn1Hkf11msN@ zJm~hgs`=Ro5ntdkRA+oDC};oyx0XS>?7KWnZP^J*K6v}(F5T!92Zs}REmS?q^)FiY z%Kh;;JA1T{Vi6P%ncrB=dYL;9*y!SE_J)M!L7k@o2pu|{9CPXJ3L4HpCQ;VVsditi zM?s5`ZC?giJ!R=uJLAT%>$<6&`#;}S@pOG z(;lS(%Q4upeX<8=)(nysaZ-kix4V;F$9YKh^)IHHm5?KD{LnPCuE|`u4DD85a_=Ox z9Ss66*ZEzCSU&S6AfllSFwGLiLX$y%T2A~yotnecsl(ua$)%J9LK*~?Bl3+X1*a>4 zTYQlngCXanZ=h(R4p%0X9GD%pJN8n{5p5mz{*Euh6ihc}XT}I|Z;#u73_?|-*@M+h zrx~@h@7lai>Omt_Kc?kwN%B!>qD+M9PiCv%abf8-3<^K$?w)0)EEm{u45wC04SO9n z2Hd&usgDOJho-j|Q-jU!lckUBmS)znQ`?0oS6S; zQyoI@G;qkjpP0A*>kLMCKRqTsY9-;FsQ(W8h<_t0;u!oPQvSWX|BLu>9_jw8yb(W$ zA2YSpsN40tnzw{Nuy|fP^gce-LS-|4-ukiIqF@-^4QS590eSfXJe97G#1MAtce> zW4{arut#ObT@D5~nQhsww3L?W^EbiH)?7ieZQ(>O!z$V&4x<9J76vYPza#gXmIe^t z+S8Pvk{Ar`KiG_8k1*K5TTyMy_XEM9P)|KLM7pf}Zn(B}Bq?E0MBcQ;-2mO>GVj{f zMI0)z=}Iv`;=mqkOu*2ncdbLNxS^rqlLZZ;!AfyP&Yk!b1aH}(Ov@cQu8@O~k{G@o zDS#M|sYbVzJmBXlVg{M%)!GA%OWXzq-XkBSr--v$o`K34w#!)c_Mr3MZ(BNW+Ia~@vYnQg5eUSYVI5ruu?-o z%F@MB;){}9g=PZsK(3E~CwOe5dOEbO|3p(nnmY7o)#G|P+!HEdyn-R#mQ z0{77D>JA^GZb$#(M60NC&qj0`$&2YVq{2+g`BffGx}>^s4Mg9 z8d6r$j!Bg!i?wiJwbNXVS#AI+^MM)+w zlm`(HX2$(@l@h)8e?Q`%Rf>k9GVoEQY5(Xta`*kI`}Zo1A^5i{1+({2uO?2GwwKid z9+RfPPg6#ub-1e8_s5p$nH`@e+)d9n^c;D~6G)(*Jv;4^gKTwADpy3hZm;VWJi`pV z6sP+(-B!RL6l)`>yD-CLqZ9^b1x5V2ptB{te>zUJDHPxl9l=5;&(9a2X;}mU(HtmY7|0a$6HU&5*Aoq z9!Q?%)L!h$O#URIO#1n~`vpjWbUKwt%t)8ULzv4}UocA4rmYr(* z<=KIq>seP=>=QhJ#_fz9k{nxLWW!GE`~(x{k&ZC#s1tS{V|8o8Y)8Z1O;`A--Jlnt zf~$mrJxWZ0E^?7mKhYaWj+bUmlab=MnR8>pOz3O;bb-$ymQ3kB^ABSPo+5C;fyRKR z@~lk;J1pZOtBm7f3ny_VSzalJ*i?lcPnyh-y{vUq4R87q!3thZw4iaiLC&jIFtfGD z&%Km-+|nHdW#9p3(6l|ZkUcQ0x6YppomF9CZHltOm)&z2B8X{a#zUTI?C~oV?vLDB)j=dt|u9 zf}Blw(HC}Qx zhTW=0-H=Pm{QF!y^q**vvoSbY*F+o>{2noq&WO(hp%bsBmw%}S> z&u^yF9lx7lD$S|A8>cK^f?L0mVYGmQf9@c*hNaye@0K8zdnLLiXzRfPeVr$-Y&D+7 z0dl;CKIlY(Dr*og;DFIt;tf4j0O<(Mzpy;CKU+nh`HFNhlQ;5(O@M^$XLAMCljwdc zLzo`@g2VP&xQzZios^9QpT;TkW2~9N%{kB(BHDBo!?w=y3C%#O^?~+p+zPO-rtp05 z@%}4`o?$q^M+(7ds_ieNN=)QvD#RJ+^|@z?T;z@^_<5l>P&$n=B>;g9@{vU$Ql%Zx zK*n#>EEu@lqv6UB4Ofjg{lbC0uS;Zo*IeNB0*?;!U`lQAOChBkizoVM>S8|4NhWqd z0qIes&C!NlmW6Lr`k9GTQC(H#mApMSa~m0{qo7f^ba!7EH6+u>>=%bL35Nav5QsAcS| z;ae1Jw-s~>Cms$<*7J{Vyf{hY=gO78^SlM8*6(Fnp1*dOq%f0##N8FN0=0=Fkf!%w zGO@bM35qAIIcKz#UWQ51NLxU`9iGsuyNVqZxkr1L`jLHJP6m0u9f8@4gEP5wlK-5C zAb3#uYExTLm4J`la9M{RvoxtyNq+xb(y5@C@O7FZtJO4fVhz0`p_WmM`ca#uKU)G#Dq%H5Q?I=`$^w5g0&hXSkXHX_?6;&T%xPxj)#<6S(EB|Z9(GTaER z!I*q(neVx0`f8I7B2IB0)}x7$?(%M2Ode$1e6M*;ZLRI^YLYOc7M8*K0*SdaEhkmP zwgB_QCT&KNgQ45BgKL>7!=wwJ{wt5+fwQ_Q)dm?ZiYK_xr}PxCJRZOzAw;qRn*6aj zOij=NVSVO%{U=7kabU<}R_XW);7k5zzoc)?leE+Dp-OTTd;+i$PPUOX3rHvX1>@CP zU`N=uqS-Z0>MR8E8{upJJc{IDPS#Cy8bja1W{)A#%YbbNVxdwm`@RE@y(Io2HT%hN zK{4wh0wwUIWGoBYxX)NCS_dqPf`(xVcEiJC@s`JOY%0|yECKzHPQQiScOPwrqO7g& zVshW0FhX>cTeHMr*-(j-?agN&B`QxJ&6vj79u3kGrOrtD{V4W$qJ=4LzLfEkwYUT+ zE2@~}PsqRcl|{J8p`^ia)n#;oTSshq^n}|h8Vo`h&jE_q9TO>Vds0r+F@W?Gb2D5| zr&G;}anuC3$a@?t2fy`_*A5}ERKEnGXMtD*cGZ4vtTflcjq{(JS@|B;m>!yWISU*W ze69EPeN%W*L?VUPg2BLCqQ@w{#dXnPQ853U3*~xDD{+s*9VELHGfqFL*+D$FQh}I^ zq5mb8HQ80g9Sed6);8wQ-vZ=HTdaJW0j!hV_g6NIvL<*tt#ld8r-jiyTdY*Hp-%pYE! z$!q&0^jI7=$gjhZ_+%;-pD9&{B%l~6&%>qFEYa$BL<eQ1}8>?9UCA||6Vz^#7>(HswJ=aqoj8dDtx*Fe- z4#=VR;ZS?44yH+y&~Ad2+S#1!^K<+&IwuewjJxU?UV7J@D!10f6(k-y4$dCgYbDe0 zciQF{*TS2j0}A(_;xJaX>cA{a&f;t(g9i==PCZbSGZ;THhPTSBg+sU{t6zAp_XxLP z)}J4LK#vin7TU~`%<+obw{?m2qs+;kA8_Q;?fX!Ld)%m@E;HvlLdO_kP60tANv0V9 zl8z}16-8qPsdg{tI_0uxFYL_LXc4r0G;hwyYOnhUGrKBqK`v}HkMt8~o1#(^mn8M* zmR_F7-~q6zPzAL*0Fo_6WbwVGeRBpWCQkVtiaIUKyj4}4 zRU^X0>Sr99#;4Pn$%0uHz4EmNwx3^BUJt^+y%N`HMXyv}gd9iUit=P;-Si=0EJ*~w z;RkeZky+Ouzuu?!LfILVsJ8ct6?`dKKzqp!h(|!ii4p*oryeC`D^ZPMrE8}`AczmLkhm97UH#%FhQcet_tLpR-+W@ zt4t-4)4Y)}WbH`>%F{!61cgd{kAjD)uMKxT_Te=&h|Q%>M__96poA2;YN6s!g5}tA z*vYaw#KLrrW|20r5#@n=16RxTMI`3)TFo17R$`ify?hwF#15H?&KcEF7vW9~y`u$0 zbO8)DRN)}8?q|4&JJtMr>43^Klp|0T1hee0lUBA{G0|`}hdAt}V>jX|qhxb}%AAET*)6G(eJa4jwA6 zHXg$h*UPPAIZx>*+P-2w=O%uc)qUVAz5O)V)1882*{03}Ke2b53pO8_Z$J0)6;X4Q zt5Hb9XCEx2Y~b^(R#-uK`}Y~U6_8bf8kFaZaPZ~#9>7}{5- z#KX}Zt`UW*+gE=t_j!4P+s1`i-j24xU2(d20#iC*cw%ZV069xe!4c}Pi$YnkKjp4k zJTFpy&MJg&{OX$#c;h6*1bVW4wXp_RQp;}3L=R5aHKiiSd@{t76PF>i%(eEG5ugn@0eP)C=^3P!6BlvZ4Je> z8SQ5ANjR(OZ%<~TsGdOo*%z;4|`ft{r7qIbS~h^>tQ9v{^B@v(cB3|_!9 zfsz7H0O-|1zgnPfR{Q!;G5vr5#o_}Fd|AI9Q=#3=Lc)Am3Wy_k1l$jpaGfT@9BUgO zkBjGni%`I+3B$s)Z~k`796+Gq0~2#KG3d8SN0o2K z(^yCYSuEEypA{Lj_32O}1z4cW0Lff4s}&?=sy`Jks3DD!?wBF)p{A|5jgq@9 zx|%`{YV06k|HZ;6_)A*?D{uU?<{)9qlY-T}kK2icuF0t88}$<;>ZjHK_XsZs6-5!)+g|>V*j)@;yPbMxa8!> zp?#a-6jN{3^C));wOlZfR);{U+ZA~zcKxyA(msh-l#MV;I)fhsvFa`Nd9m2UyPQHAdvL!vK93z3l$jf9lvOgTm#TMG$1`4TZpNJ453hZ zgSU6`-AFDe)h7{ z9T|S)(KbWUL~52C;ss=!Xy0+vYlP)YhqvQvgaejUH{}6WDFR!7y6+E*TypJvMzBg)aG^%zujE$Rn(|Ooq`Q7Dh+hV z3W*WZ2dO?K|GUw(N-PGb)hitrO-Yx6_##;VINHu<={>Ai6;R&+IMz$;EJ_)35=xY4 z*r|-MN&TIEmdh$XiriQiX^8QrA=i7kp%wfCYHkyUer-xsaq~-T^2nfbFz!8gVD);3 z_MK#W!%NOoWK(l!gG}~vk1io65CjY$%|y@+C?e{(&VvufSpU7R^B;OoMt^!wqW|7| z;_mx<@9DDJ_qojbgJ|-fiN=43BL7ZQ$a^QQ{Z9w*e~9jc&;Ujlz@PZ1s|`b<^4?ow z1uwYxd+$jh@4vfQ!Sw%!tL@o*k9dTUOH34FE`!_8NpJXv(pFA%( zd&EU;=I_?v5-4HH*x0~_rxn22C5avSj^gzC(^#4_UQGSe?c}^CHE*#h*sR2n8cK(z zJ{dO%vWz|fA9w_2XM-VJA9jGXG^{N~OX%`a3>|_vB~g`q?weXOkFJrCK75A2?`8>H z=Ti3Uys&3$C(R^E5$XO(e!Zfc%yTAy#!}z%?PX7mm&J=lah5CP)9xE~ehOTVNb?*Y zwm2a=#|THmoOLUfWe#muOvpT{Ok zXmc*+tAaR>24C#+!s$6gl@o&yCy9%f!BF$3QCEpz_xe65gyI zVClu4Ez)f<@s0fq`TEK6iL|SoP(-2jKk(5mq~XUM;$pg^Rj^Bd=|oE?yX2Iv|k@+41^hYT0{7 zN{6|d;avwi0-i?sHT~)}ja^j>!{5kS%K^eq6!yY6KEXCSvkhEm2tsxDBq>;~8%riO z3n=fBWY(ZPv=}C-B-S{n*-<|q0y{lNkrD-%rzT?D^LJR?cO8^0Re+O=bBN?rXR(q2 z|B0`8YWKkcpnyzld(Fkz@3P>xJl`HB5fr5AlT-EHa&VshFeI>7WS7yUcVlHaLUlUG zM0IPf6;~{`<*Qqfx13t5a3-cdsW(Q*pX7xj?znAe}faMq`oEu}TWF73v z=#nyswv4*Z35g2fFYEO#rs$?N`gq!F-7NP4F3b~R>)9=k2*JB^dJcz5HWL+UQyQP+ z8zD@I>7IXKKd#7b_w;U=;hsnkjyGd8@-C3)Txvwr$xI=QwO*EBQE(T=n|zrmos+Jj zxF2EYH4AKUi?eA#81q1^@Ss9xpQ+M7<7RoBO@O8ZP z?1I_i-D%C87!zTzd`9w9;b+utYvXYf3Kf$>pwoa+)bT-{lBlX|25r#70fG7}??ND)}kN&WL$0Sjq}Te&c2Gb8u`2 zL(sP@>{0YBCFnxa0}4_LJXhCPMcY7aU+PkH6|BesA}=)s$h{>~^P&>Z4YZL3%qiJA zil2A7tTeySS0<*de}mmPJ<+P0yWS;Ugc>;my0@c;;xO=FV@mNcV>nCB`*`Dx3-Kiy z-GIwE2h)Rt;7KHZ$trEj=3NsonBm|Hrcf8#GtQIGaFKi!{2ieYDQ*|*ka5vE)pn_J zf89lUXjI0h#b}&{kE_p$Lw=1g<%W*lZ-d^$c`_emgZ`sLxitdfl-w)LE>VRj!F+mH zQoR-*U{5tsXc`1Hm!_O>U33(CzA`LFv(l!*24`nlCKW32$Oe&-5>w}t@;Tq2-&^>6 zO~=eSWBP`>Q`!yGsS4hNOy%7GJEENF8bzlO3DO4HHITGWoX4Ywd)sh+Ntz+-tTA>4|9%!aM5ThO$SDMt z5aZ>NhZ8D-J^6SY2kVh;yWZSoRA5|v^IMVes~3ALh9f()>(P;_)ey%$4=HO3mkqj<@)JcSL>cATTdjQH}W;I z_JmEEs+@l}zbJ}YofurAZcQnzK8h?Vo{;Z}-HCE>o$M@vVv#P5M75@fcO93cyXg9D zyfyxdm=qlK>s#Tjm|ORk0ml)DUPo}z>Q*16PBuhaG_?8Gv*kVYj2ssbW}Xi71uHbv z6l-5OsUDq7-G^Y1(Eg0`2}aV-zC@a!8Na2rEPLp^A*#larv}B5IvFX()%BjY?xaJe2DU2DR={){i=vD-4^)O%Y2rmHY1 zdl;oqPgzBVRwusF%MmYGK%OgiE{EsC8)LyWln5L#eDA0<&gG98r~3@W%1A<^_gP!< zQ~o#svMZHK0)O(RX}eN;B^T#Xtq|t+O;iux=a3VkvOozqTS+tuB6Vyn$*DXQVuAhW z)z^?uLqT|iX{6$#q0WBAr$)aMwK=d{7IQsFOFT307kWmud8~vc&8vV?hrRltpzdnc zpSz09Z00!?rTU+ofR@l8Q+vwH zxYNX%xE2%njnV0W$H80&z^f zAe%)J(4HJtNvjwQnzTdcJt=ypKG!K$dCxgn0_w@j#|aGV_uhsN!fto_Ek}U|;b>77 zD-8!NkQu=xLJu7?A9r%^_Z#$oxaFJtxswb3`<+}n?)^@F`M>VuJ^y{nKl#sh^07a6 z^0U9+$+hGD`!7xY&pWwZ7^aR|mcq?R5=1z;GoVrgY?o@w+qs16_IWgn?VLUsx(O0s zx4Q_E(7$azvMhs+1N_xeNul`Dnt0fYT)5aCHiap_g^L0P;bt&+h7CkhR5q6?a`~Lg!|JiJK|8RR13IrMRlkn13q^!!q1#wp@+&y!ov!dOpEe{|=U-x0Hd2 zW+M5~Tz8la_iR@NzBQm=C~Ie$%iE{g5H~9HSk`8um3!@0f-_)Ls4jh#*TABQ->gO- zbg39QLKfSs8mIS(0U@z5JZcj75nXJhLo<%3EoKJQGqH$=Uo?spw~to&iQvXzDmw3Q zuZot8Nlz+@n~i+>RC+uP#tCT!d2ry`t-_&GlB&;l%1HZ3EIkFlCw}ff+&u5Y^MG`& zEa%I$K~od#MbXNN>&l+yQWj(la_qV@Ev53R^M;gz=N-}bNXbg2#C<@V!#_s?(+?>k zd7uzo*o+jK1P$RJB|QVoQ}?M6(O4Odpti2?v6FEF=+H0^HB*ve!>7cpMV@{6a{%V^ zXzmf12!0;T!$4NSFd8P{(_Kn&JBKH;>0`*5%n3E4QxIZSj;$b0gk;<93JSl5e)QrV zw3@AW0OW;ZvkhMY1&ql#}5r2LQ+Ktqofx-OJQzW#okp__1%DAYanJv&|4cYBG#YEwmrNr zlg!z9b-x)HN%If;JJ3Q_eQPJ-jnNkE`FLA0TtdjJZ^m@{-oDrvz6l?MCW0`yG7eog zl$~|OjAiJ?;rWBCMc>O{!0($+)g>0PE?rX}02@S+hvg5j)awUig2BCe`G5Mls;D}bE{VH41W#~x zg1fsOAb1XPAh^rHEx5ZA+%>qnyKAuE!3j1=X8xJEbN{&y{nTq!@9(9mR(0?Fk&Qp@ zJ3D|W5m>gPr9AVAJ31zSO|n^5E}7RF)X(J}OsX`xjWv>_u|He(Y8iimog2G8u5Esg zSm%TBXm%ylg;nd}k>=*rPGEof052{lZIG^C31hz_-3rB0-WygQVL8qP#s8k@%Zs%} zUa4%9t&jbcbwsV+);G=Ohq9H0F zWYg~5d8Eo&a#hZP5>DwJ9-1MPd60ZdZlp*P0qQ5CbesN^&mM%=%g>b?mBSm^v2v;g zX1o+=j~C(wvHI&A=La2|g5%?wd~Xso-Y!n)jCFXEODSt*>GulU*Qe;{yL>D*l z^dFtpMs7vcWR6J9H_tcVeYi_XPgc|u8M^cEGcDydx&ptVQ3QM^Mxo*fzjBIl*gzpZ zI^2o!pUE4A#~Ff4Rl=>5dZ&f)l;!Kzh|AUU`Bdkp9sR?yhI4~nxKNRUFZ#E)XBZDo z^v+pr6>Di#*~`}nwY)h6&+Fn+nQwvF&m&3e`KHAdULCM~+Y4xj*rk_zFPX4;y)y`?JCH8#q={;A?yyX6!u} zO>Pt=Z8m0Vpi{lKbwOmXYBcb*IasEP)`6@{5+jtBPls z9*o>>>B;UdL^L;x8Xo>MduFIA6X;)Sv$yOK-wOgekT`jCDq>{wSkq^+<(5c7+=APn zR(4iR1?7Jx94rr029({&d8)*nn7sE$Op!9#^7Ak&dE&odOVeAIO3pZfluZ>aQlBsp z>l)rp=~p(ZJe!KN-$b`4y4U4SpXI<-O1^CwS+bcuDUyTu!5luMci z?PX1J8n|2k&wkdi+1LjkC0XmsC{oBgsWKm@FbCo+Hma90 zCN;)t4a27pg7I+-G4Dh}^N3HIk9%Z+r(sed0oVmBS8rj*BQEe_yp}&(%BU$m^jYzl zv@wy8cni2%+OpzGPcs!SP~uj;HGt)3O+V3%4f}TeTx7U7lM-MnK&MwrqY_t7tXP;6 z0C#Uvqm#8&sV?+HJ8lh;={%yq7g2z%=?0k=(_TMX0U{0S`yx7-OVl9McGC}haI79L zp&|WTeYqS>U1*SX2%4T@lD7%Hvx)+YI7uei6|}myKf_4ew<-P_@bM+=9;+9P{P^SM zhQETZkus&-u?!$1_Rzl|=*DEEMVLktk4P6Tf&1YxeN)g&rgwV3h^a^Mp_T`-<9)vE z%Yv0Cr>cCVW69C7B{e*PW<(@iB`lGY6|hOuRO?u3At~y^>Wu#bptlo!+UwTX7-KO_ z`kp)PxxtfgPy>BA)S#Y!_v+aT^Kck+)pA*9wcU3vgug#S>F@<=S@NXC8e3DNPeWIB zM09H>$A%#vAcz|LGeKMWW+n%%KCrwWokEpsFN{w$KG#Uc3O>vP zI2I#NnAffbS+{6duKPqM*9)r;nAtHL_;f>{q+_2{tw4d8QHdB8TWfjrSUqds*8z*;lKT3emND z1R`hsvJW}sxi-rD(>GTk^gSNF{&{TD(wf^5vv4k!Gw(t<{x0 zS%yKZ-OHJ{F(!$(C8H6UIv`=XKfx5D8$(yRg-bgNXWJ4f&gV=^9iT`b-(ytu3pleb z*gvwIzJ%zHrxSt{QdYgOVN!N|Oy1wHc@c=wKSh4S?(Ip^LOJ3lceZ>AM$ur~_fa{e z(zQh?KHl^iu;rLkt4YV0!mSPz$5}tDGyWkYte3>3Enfe6=4FRb$S46oa!nmDD*-3F zCs4Nx!J0$Dz9{1LjAu75M?HlX+G~E4;}X~sa`X2uy=1{he_c^_FX?vek$MSNl2YZU zBnaoI&x7llf}LPWJ1jR3{O!pv{@Ih8|MBGFfA{1Tf&ZT;$A9~eIr+pNPk!=OPi_(T zZ*p?q|LW0zb!7WF6CrFlNmr{2*Rsiz!z(x3zPichnyNF@^I#WWjiq)*R?H2pD3X;$ zWj(DzQ{Jv%HJdgYRlM5b!*KnRfw^?921dfzw8`otc=Ue5XISI0_@$VL7u-rfz_z9| z#2(yetDtQUi$vVUFwYK#MVsoT5LR0yZio;@M+tr zu(z&N$uGQKZ(B4RIv+Y@PA6m@F*B31H=kA7`9;-JgcMuW>@@R79`(&|S_we(CoYcz zn_5n}`_|fmBxFsIuao{IcNp1KAhh1e_HSeIfU2>{+ns00FCG~K+eljAg{mGq)7vmD+c(?k_p zy5w-(+%g$}oZVO>9A4JYE&E=FeCh3=v*Q?%irLNM+O$}(wI(C?vZxAHbdUR|-1Ta$pYn4V`e?2}Y>kSVm2VLU)Dv?@dXBoQYCqrZ>j z2+wilp_O;+IBN;jeYNOOJiM7gvgcnxYzT4Vnn-xG*zZP|Wn{qW@)q!5b+og_*7kL6 zd_WIl!jXai*BZ4NdY?Xi+5-{m>4r^XS)G?fA?R_g-xiy}|9CCpEy(31eS?gO-<J9+jZ-I8+pSWfS+ANv(^folvX6r6Mw5eQtkvWm$Jfq{@T_*d*gO__b^~cawtok(2DzF{V*q3XJxEX|p@4 zBCu=RRO2>q4!l{f+J*{T7>MYfl*74({B5$(LCk9K^$|BtxMOTPmSGPRecze|&d#@I#m(0&RV2n5L~kZ)wtlzN?ty!4FFIE*(g2`l4t6SP z8vGh$P)wyhTz;b_un?f@ll|O2nkpD<(&ri8$dQ>uYhyM#<#$CGjJxs-5R8uVK^AMr zmFMQYmss#g!Mp0lzk65xnDk1ENb5<-U<2Ej-L9KEm>@X9w4k)UK-APy)v^YfyCilk z*GYT?m(WECB`L2V1~BW4YYJeolGw$D(N9enVP}GT-~gu=-IDfX&-KWMzAd9qUAMbp zc^<0TnNRsSZC^cU^ovfbw0W-CE}C9~5?}bAc_Hr|l@##wKFM4H+-s|lOuS4k?CiOa zGaXIsh=D^u#z&`f1*_CXl=Ngs8O{ka+p<>o$BG zlz%)qfrTP8tAy*26y?>HEcseRJ}f4xvNd3l5!pezqFz-YZz;2D;9<%!<pW8id2fK+AvwjwzHA_VSz z6vau2Mp6xssw&0Ca|V!JQfIUy9Z4PH7xP0#hAzD(9*qdSC@PCp=R=UO%YOWE6zDFe z1F+dPGgJS5oEj}~FDifx5c+BS+vLM~=v@4U!AI|?TlwRqEkoxeCZtfv=PDO2l<1Dw z4}{@%B~RnmOSmr!_uaeYXGxC3;d2$h^qcgy)htF+6l*;E_; z;ugByl1U67ElWw7^Y3C;qipgOTIM_Eg~H$D_h0anE4Ml^&0bUY?QG%!!hfa~=q6@+ zkt*!lxDg?*D*hO^6Tf(r`OMorBbq861w`4ECo%f))w~w&e!Nr9SEOhVwWovc;bNG7 z>E#YrWABODF8IhCZ8X$9WeISXG36M+E?|ol%5?0Aq$yAwG2vw6WsO&t)J}Z;Ek0@8 z@@sOmb}S>(f|afOz;eapS+$nOMHO^~v1H{47gN^A_YRpmymM|#9?*gvx>MQ+pf_^F zD)ltZ3b;7C#`i)3bVUiB)38sygb9W<)qyg3Yj5Qr9FM9UOh~C;jb9wu+}&V2diaPU zSesJQo)KM8B|}XQ)J=03+;wv=ym@vn6Vicla!MLQ4Q6HX{91Nz|S$qO* zY>z9yRT#|YhTG`)FHZ!c_Z&hGoPsV(&MV9Fdh=uwl$10^x>$G)&Y1pFI8i`P~7cWj3#7uhquLF-@hYn zn(T6KiB7ojq!Gn8IZN^A*hKx@Q>}81D;4|sP5OP$7qL~l#X5A;-cH0%ZXAGlezWcE zfJ+U_1~G8&sGItohDq4?Jq%N3?Y&Ld>~g$GOb2vZle}`VVnDN&Crj#}Q#`NbjDHoOzTE}w{bK*z~dhOX#n^oIJRgv)`Wl zw}Wnhh4{1n?@JTd@`b724w}*AuMXPL>0haKyUKsRH2EI~&C(Yp+hpUEx$VMSZL1We zRVm*D?p5|z7iD9nFD9l${waMsieMHr^xDVKC%qeec95XDKXm?cJO??Snu@X|+8jbco`X(ihg2h|D_Pk*% zwzE>(Bu_NZHPou$bi9)te&E+`!@HMVP6%|&I?85Tp{%O}<;mbc^R@%kLg7MZl#9V{ zbQ)6GL0eEUz3XV-tl#S88G~$_aGAM@ag6{4+0??hI>>M4z;?{$(&l~eOj=1`-*J>xpKs@PYu+Y9RKNhOqbvB$*aDF34(Ahg@ zs~Ufvl|72fbIjUL;i^=?!4BkMzW&I~?1^EU6GHgj6V1R&IMTZv7>n5&_49nm0S{z=;D-o3+G+zk!cR=(-39#l| zWn1^6F@5M=E47xF?b@dt_DPecjpJ+CvLij%NETq29p^r9&bgQ*b)9PR^3)xw5DQ*c z&wvkaNjlVY$M8Pni7`beI!Ua=F`|oNo^xfYbmRJ%>a)HZ?fitiQQ&YmbDZVbaN|-f zO4PxuGdt3eA~DjxW>yv07O7r6ui>!mB;K7}k9}eHLx}TG&`kZv4n)F9NPt*h zwtT^-pi?e-XaC-RJALrVIpXW)Z01kjud7}$4UsD&2hklGV;@Fd3O1+ia#~@GJSkio zm^$Ezo;`wQ7ABoBG#9gf%@AU?P0J6Hg%B;PGMEr1rp<%vDPo9r?Tm>)mQM_{ol=Z; zHekc@&7d0A5zf%#-!HK%Bqh~>?GWM5(foS3k>lC;wy&K2w3%f?#76pPMz_qn-P32% zudtSH_f$N~on56M&u6}PSKnv*md?x(ag1fA9J;MWQW!T$5d zym18wtV65$-Zk`Go%K|*`>}lq@=!FL_}j>FfT@!rxj9N5g3UI2r+?z!+~aG&$0hRu z9#t-*a7!93tweYuzTyuoB#g;$Bp)(n_s?u^T63$rtdT!AITOnH0^HYh3i>7EyKeAY z*f@+xq_xeZZz*rNo%?ypnnO4)mzis;6=3JeCN0|V(V31=an(Lm-xYe_z^zef zA5fVqgI;WBsP76_JC-lbqnqxMHd1=U6{Dls4LFX8CgXn=upY;+H4vD@M*5TTmu~B# z!8Mt5JmSl!l1}gcATn}_Whs(XJTOPWDFaJ)ofpkJc=BOHgSb0BPvEV*Nd{+0AOZ9RV!SZDD=!K=QvTHt zXX*OHX;ZHWkS2}IEpvwg&Dsx$a8Rrn4{?yr@0b4MRqe3Q%YX~*D5dI%)aO+fIvC?8 zYb*T_4}6XxlJC1RsK_AaGaGW)#(uAu8X8IR2E>oKCXITe#;_gm%ITPhRlXCc;8dB2 zYcg{v>)NFl7B(SUM$^z6pTHPpSs+$=DUpzgkNum;iGMNqKiqg){7F~D{+_NlI{lk; z#rHQN>pvq}{y`M|JEGgkFU0>fUFyg0JJdgjdDKV{F~8L2_xhXK_%BTVQJe6;s*T&p zztkop?C)yxtD_jE?DpOLD*6N_VWFP)RAP7MM*<6`M!xS6N@^prOD+jSW04$?`XNvF z75v+rDlxqdBRN3pA8)^hKk3se@tfLRKqBg=Q+El}!Rk}bGjhJv&H#p3@SA-sBV>N9%NZbAi_S(;3(FAOVOq}q^ z1Af^Iv@MiT1(aZZQ5IP;nqPMva{|-fiwx@_oHAh4Viv`5*mk2cs1~7vqao6wSZ^Np zsc#e?V|Sn?*v;JrTcTc%^@`oHt#&n(y#_;psVa!swnX7Pgr@|`Iv zjT2iALXY#oLyBpFMoEqHb3X#UG=z&)q`rJgQOo@>3;;TCV-4lRLZ%6o_?>GhCyba@ zyqhOcSqMaL8pY!?|3DvQH>WYNKt{j<0P{$(2&y^R&dsH1ie|QAz)%zLAhm}shN9Ti z4B!YHJ{Sz!YrwJ|rzh_PlEHZlu|h~8aD3e2I~%2>m2Yi z@TLb>3FB>(rhUy*<-M-B2YrB+wvJ3_XsjzC#}=jFSeO?Yx{S!wH7A?S6OQzH2K8Cn z;(VFx4&-DftTq%f=EqY&2mQby-0z7V;fX*9+d_jGW(2GHt9|>(Wq3oC_fGcuE5*t5 zD@;V%oxA||KyxlGTBxrL7q|(jG1a1epKXE!f+NxbF`qS0bm|jGf`AUB=$y=8z0xgC z-{WJ4=-j}1LxKE)D25!s;Twto{6-Pv zkMe~<^jm9$+Eyg>jLF)FC%SS8wt_7H-#GOahQ-Bx`kwS|6e5ga+enOF%$3t>S>Fh@eP~oibQjb1rd1;X}$MHFYS+G7xydUo;YXzN_ zBCCwB8v%AX;O)gK^YSG@EH6*sm9$ClVlhVyCYRV5G{fPMG>AAI0Z+1oc;#xO67>Yr z0@)wVEIwJWT>|(6ayNj%Rr$q7n_~ol2F!ZW%+OviF#ofW8lvu}&#O+lxdR4gd-%fS z%_%KH$2;+36R~rysQb+@2+!7xm~+jvBZ!&}yYG%6r%g1tIU84~h0oE{K0Cki69^(4 zXk#kOguTe#$0pfciNQDXmD*92+&QH|V!yX3tA(tlwbk@&tIiwVf2bNj3fV#5cky;J zp8)6-|H9S z|MjOk3dB}_5NZA`;_q2jfd6FtZ}R_%`1@0^)e6LdrP5YoDV1 b$J(v`oFw#rP7>X1{8c;7Uuy6BUHg9k5len,0,data,&d); - P_(P_AD){ + if(NET_print_flags & NET_PRINT_JSON) { + json_object_object_add(jobj, "msg_data", json_object_new_string_len(d.data, d.len)); + } else P_(P_AD) { print_data(ssl,&d); - } - else { + } else { LF; } return(0); @@ -425,8 +426,6 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) ja3s_c_str = calloc(6, 1); snprintf(ja3s_c_str, 6, "%u", ssl->cipher_suite); - ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, - session_id.len); P_(P_HL) LF; SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); @@ -457,6 +456,14 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) ja3s_ex_str[strlen(ja3s_ex_str) - 1] = '\0'; } + if (ssl->version==TLSV13_VERSION){ + // tls version is known in server hello for tls1.3 hence generate keying material here + ssl_tls13_generate_keying_material(ssl,ssl->decoder); + } + + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, + session_id.len); + if(!ja3s_ver_str) { ja3s_ver_str = calloc(1, 1); *ja3s_ver_str = '\0'; @@ -519,18 +526,20 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data) segment *seg; Data *data; { - - - UINT4 len; + UINT4 len,exlen,ex; Data cert; int r; struct json_object *jobj; jobj = ssl->cur_json_st; json_object_object_add(jobj, "handshake_type", json_object_new_string("Certificate")); + extern decoder extension_decoder[]; LF; ssl_update_handshake_messages(ssl,data); + if (ssl->version==TLSV13_VERSION){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate request context",-((1<<7)-1),0, data, NULL); + } SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); json_object_object_add(jobj, "cert_chain", json_object_new_array()); @@ -540,11 +549,95 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data) 0,data,&cert); sslx_print_certificate(ssl,&cert,P_ND); len-=(cert.len + 3); + if (ssl->version==TLSV13_VERSION) { // TLS 1.3 has certificates + SSL_DECODE_UINT16(ssl,"certificate extensions len",0,data,&exlen); + len-=2; + while (exlen) { + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + len -= (2+ex); + if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) { + decode_extension(ssl, dir, seg, data); + P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); } + continue; + } + LF; + } + } } return(0); } + +static int decode_HandshakeType_SessionTicket(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; +{ + int r; + UINT4 exlen, ex, val; + extern decoder extension_decoder[]; + + LF; + SSL_DECODE_UINT32(ssl, "ticket_lifetime",0, data, &val); + explain(ssl, "ticket_lifetime %u\n", val); + SSL_DECODE_UINT32(ssl, "ticket_age_add", 0,data, &val); + explain(ssl, "ticket_age_add %u\n", val); + SSL_DECODE_UINT8(ssl, "ticket_nonce",0,data, &val); + if (val>data->len) { + fprintf(stderr, "Short read: %d bytes available (expecting %d)\n", data->len, val); + ERETURN(R_EOD); + } + CRDUMP("ticket_nonce", data->data, val); + data->data+=val;data->len-=val; + SSL_DECODE_UINT16(ssl, "ticket",0,data, &val); + if (val>data->len) { + fprintf(stderr, "Short read: %d bytes available (expecting %d)\n", data->len, val); + ERETURN(R_EOD); + } + CRDUMP("ticket", data->data, val); + data->data+=val;data->len-=val; + SSL_DECODE_UINT16(ssl, "exlen", 0, data, &exlen); + LF; + if (exlen) { + while (data->len) { + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) { + decode_extension(ssl, dir, seg, data); + P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); } + continue; + } + LF; + } + } +} + +static int decode_HandshakeType_EncryptedExtensions(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int r; + UINT4 exlen, ex; + extern decoder extension_decoder[]; + + SSL_DECODE_UINT16(ssl, 0, 0, data, &exlen); + LF; + if (exlen) { + while (data->len) { + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) { + decode_extension(ssl, dir, seg, data); + P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); } + continue; + } + LF; + } + } + } + static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) ssl_obj *ssl; int dir; @@ -650,6 +743,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) int r; + UINT4 signature_type; struct json_object *jobj; jobj = ssl->cur_json_st; @@ -657,6 +751,9 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) LF; ssl_update_handshake_messages(ssl,data); + if (ssl->version == TLSV13_VERSION) { + SSL_DECODE_UINT16(ssl,"signature_type",P_HL,data,&signature_type); + } SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0); return(0); @@ -732,9 +829,22 @@ static int decode_HandshakeType_Finished(ssl,dir,seg,data) break; } + ssl_process_handshake_finished(ssl,ssl->decoder,data); return (0); } + +static int decode_HandshakeType_KeyUpdate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; +{ + LF; + ssl_tls13_update_keying_material(ssl, ssl->decoder, dir); + return 0; +} + decoder HandshakeType_decoder[]={ { 0, @@ -751,6 +861,16 @@ decoder HandshakeType_decoder[]={ "ServerHello", decode_HandshakeType_ServerHello }, + { + 4, + "SessionTicket", + decode_HandshakeType_SessionTicket + }, + { + 8, + "EncryptedExtensions", + decode_HandshakeType_EncryptedExtensions + }, { 11, "Certificate", @@ -786,6 +906,11 @@ decoder HandshakeType_decoder[]={ "Finished", decode_HandshakeType_Finished }, + { + 24, + "KeyUpdate", + decode_HandshakeType_KeyUpdate + }, {-1} }; @@ -2839,6 +2964,18 @@ static int decode_extension(ssl,dir,seg,data) return(0); } +decoder supported_groups_decoder[] = { + {0x0017,"secp256r1",0}, + {0x0018,"secp384r1",0}, + {0x0019,"secp521r1",0}, + {0x001d,"x25519",0}, + {0x001e,"x448",0}, + {0x0100,"ffdhe2048",0}, + {0x0101,"ffdhe3072",0}, + {0x0102,"ffdhe4096",0}, + {0x0103,"ffdhe6144",0}, + {0x0104,"ffdhe8192",0}, +}; // Extension #10 supported_groups (renamed from "elliptic_curves") static int decode_extension_supported_groups(ssl,dir,seg,data) ssl_obj *ssl; @@ -2856,7 +2993,8 @@ static int decode_extension_supported_groups(ssl,dir,seg,data) LF; while(l) { p=data->len; - SSL_DECODE_UINT16(ssl, "supported group", 0, data, &g); + SSL_DECODE_ENUM(ssl,"supported group",2,supported_groups_decoder,SSL_PRINT_ALL,data,&g); + LF; if(!ja3_ec_str) ja3_ec_str = calloc(7, 1); else @@ -2875,6 +3013,11 @@ static int decode_extension_supported_groups(ssl,dir,seg,data) return(0); } +decoder ec_point_formats_decoder[] = { + {0,"uncompressed",0,}, + {1,"ansiX962_compressed_prime",0,}, + {2,"ansiX962_compressed_char2",0,} +}; // Extension #11 ec_point_formats static int decode_extension_ec_point_formats(ssl,dir,seg,data) ssl_obj *ssl; @@ -2892,7 +3035,8 @@ static int decode_extension_ec_point_formats(ssl,dir,seg,data) LF; while(l) { p=data->len; - SSL_DECODE_UINT8(ssl, "ec point format", 0, data, &f); + SSL_DECODE_ENUM(ssl,"ec point format",1,ec_point_formats_decoder,SSL_PRINT_ALL,data, &f); + LF; if(!ja3_ecp_str) ja3_ecp_str = calloc(5, 1); else @@ -2912,6 +3056,72 @@ static int decode_extension_ec_point_formats(ssl,dir,seg,data) return(0); } +static int decode_extension_supported_versions(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; +{ + int r; + UINT4 len, version; + SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len); + LF; + if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "supported versions length", 0, data, &len);//client sends extension<..> + while (len) { + SSL_DECODE_UINT16(ssl, "supported version", 0, data, &version); + explain(ssl, "version: %u.%u", (version>>8)&0xff, version&0xff); + len -= 2; + if (len) printf("\n"); + } + if (dir == DIR_R2I) ssl->version = version; // Server sets the tls version +} + +decoder tls13_certificate_types[] = { + {0,"x509",0}, + {1,"openpgp",0}, + {2,"raw public key",0}, + {3,"1609 dot 2",0} +}; +static int decode_extension_client_certificate_type(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; +{ + int r; + UINT4 len, certificate_type; + SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len); + LF; + if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "client certificates length", 0, data, &len);//client sends certificates<..> + while (len) { + SSL_DECODE_ENUM(ssl,"certificate type",1,tls13_certificate_types,SSL_PRINT_ALL,data, &certificate_type); + len -= 1; + data += 1; + if (len) printf("\n"); + } + if (dir == DIR_R2I) ssl->extensions->client_certificate_type = certificate_type; // Server sets the client_certificate_type +} + +static int decode_extension_server_certificate_type(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; +{ + int r; + UINT4 len, certificate_type; + SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len); + LF; + if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "server certificates length", 0, data, &len);//client sends certificates<..> + while (len) { + SSL_DECODE_ENUM(ssl,"certificate type",1,tls13_certificate_types,SSL_PRINT_ALL,data, &certificate_type); + len -= 1; + data += 1; + if (len) printf("\n"); + } + if (dir == DIR_R2I) ssl->extensions->server_certificate_type = certificate_type; // Server sets the server_certificate_type +} + decoder extension_decoder[] = { { 0, @@ -3011,12 +3221,12 @@ decoder extension_decoder[] = { { 19, "client_certificate_type", - decode_extension + decode_extension_client_certificate_type }, { 20, "server_certificate_type", - decode_extension + decode_extension_server_certificate_type }, { 21, @@ -3126,7 +3336,7 @@ decoder extension_decoder[] = { { 43, "supported_versions", - decode_extension + decode_extension_supported_versions }, { 44, @@ -3193,7 +3403,6 @@ decoder extension_decoder[] = { "renegotiation_info", decode_extension }, - {-1} }; diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index ce67b19..c95025e 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -70,6 +70,8 @@ typedef struct d_queue_ { typedef struct ssl_extensions_ { int encrypt_then_mac; int extended_master_secret; + int client_certificate_type; + int server_certificate_type; } ssl_extensions; typedef struct ssl_obj_ { @@ -135,6 +137,7 @@ typedef struct decoder_ { #define TLSV1_VERSION 0x301 #define TLSV11_VERSION 0x302 #define TLSV12_VERSION 0x303 +#define TLSV13_VERSION 0x304 /*State defines*/ #define SSL_ST_SENT_NOTHING 0 diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index 9e4f4c7..2150549 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -53,10 +53,12 @@ #include #include #include +#include #endif #include "ssldecode.h" #include "ssl_rec.h" + struct ssl_rec_decoder_ { SSL_CipherSuite *cs; Data *mac_key; @@ -65,10 +67,9 @@ struct ssl_rec_decoder_ { #ifdef OPENSSL EVP_CIPHER_CTX *evp; #endif - UINT4 seq; + UINT8 seq; }; - char *digests[]={ "MD5", "SHA1", @@ -92,7 +93,10 @@ char *ciphers[]={ "SEED", NULL, "aes-128-gcm", - "aes-256-gcm" + "aes-256-gcm", + "ChaCha20-Poly1305", + "aes-128-ccm", + "aes-128-ccm", // for ccm 8, uses the same cipher }; @@ -100,9 +104,9 @@ static int tls_check_mac PROTO_LIST((ssl_rec_decoder *d,int ct, int ver,UCHAR *data,UINT4 datalen,UCHAR *iv,UINT4 ivlen,UCHAR *mac)); static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf)); -int ssl_create_rec_decoder(dp,cs,mk,sk,iv) +int ssl_create_rec_decoder(dp,ssl,mk,sk,iv) ssl_rec_decoder **dp; - SSL_CipherSuite *cs; + ssl_obj *ssl; UCHAR *mk; UCHAR *sk; UCHAR *iv; @@ -111,10 +115,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv) ssl_rec_decoder *dec=0; #ifdef OPENSSL const EVP_CIPHER *ciph=0; + int iv_len = ssl->version == TLSV13_VERSION?12:ssl->cs->block; /* Find the SSLeay cipher */ - if(cs->enc!=ENC_NULL){ - ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + if(ssl->cs->enc!=ENC_NULL){ + ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[ssl->cs->enc-0x30]); if(!ciph) ABORT(R_INTERNAL); } @@ -125,28 +130,28 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv) if(!(dec=(ssl_rec_decoder *)calloc(1,sizeof(ssl_rec_decoder)))) ABORT(R_NO_MEMORY); - dec->cs=cs; + dec->cs=ssl->cs; - if((r=r_data_alloc(&dec->mac_key,cs->dig_len))) + if((r=r_data_alloc(&dec->mac_key,ssl->cs->dig_len))) ABORT(r); - if((r=r_data_alloc(&dec->implicit_iv,cs->block))) + if((r=r_data_alloc(&dec->implicit_iv,iv_len))) ABORT(r); - memcpy(dec->implicit_iv->data,iv,cs->block); + memcpy(dec->implicit_iv->data,iv, iv_len); - if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8))) + if((r=r_data_create(&dec->write_key,sk,ssl->cs->eff_bits/8))) ABORT(r); /* This is necessary for AEAD ciphers, because we must wait to fully initialize the cipher in order to include the implicit IV */ - if(IS_AEAD_CIPHER(cs)){ + if(IS_AEAD_CIPHER(ssl->cs)){ sk=NULL; iv=NULL; } else - memcpy(dec->mac_key->data,mk,cs->dig_len); + memcpy(dec->mac_key->data,mk,ssl->cs->dig_len); if(!(dec->evp=EVP_CIPHER_CTX_new())) ABORT(R_NO_MEMORY); @@ -190,6 +195,95 @@ int ssl_destroy_rec_decoder(dp) #define MSB(a) ((a>>8)&0xff) #define LSB(a) (a&0xff) +int tls13_update_rec_key(d,newkey,newiv) + ssl_rec_decoder *d; + UCHAR *newkey; + UCHAR *newiv; +{ + d->write_key->data = newkey; + d->implicit_iv->data = newiv; + d->seq = 0; +} + +int tls13_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) + ssl_obj *ssl; + ssl_rec_decoder *d; + int ct; + int version; + UCHAR *in; + int inl; + UCHAR *out; + int *outl; + { + int pad,i; + int r,encpadl,x,_status=0; + UCHAR aad[5],aead_nonce[12], *tag; + int taglen = d->cs->enc==ENC_AES128_CCM_8?8:16; + CRDUMP("CipherText",in,inl); + CRDUMPD("KEY",d->write_key); + CRDUMPD("IV",d->implicit_iv); + if (!IS_AEAD_CIPHER(d->cs)){ + fprintf(stderr, "Non aead cipher in tls13\n"); + ABORT(-1); + } + memcpy(aead_nonce, d->implicit_iv->data, 12); + for (i = 0; i < 8; i++) { // AEAD NONCE according to RFC TLS1.3 + aead_nonce[12 - 1 - i] ^= ((d->seq >> (i * 8)) & 0xFF); + } + d->seq++; + CRDUMP("NONCE",aead_nonce,12); + tag = in+(inl-taglen); + CRDUMP("Tag", tag, taglen); + + aad[0] = ct; + aad[1] = 0x03; + aad[2] = 0x03; + aad[3] = MSB(inl); + aad[4] = LSB(inl); + CRDUMP("AAD",aad,5); + inl-=taglen; + + if (!EVP_CIPHER_CTX_ctrl(d->evp, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)) { + fprintf(stderr, "Unable to set ivlen\n"); + ABORT(-1); + } + + if (IS_CCM_CIPHER(d->cs) && !EVP_CIPHER_CTX_ctrl(d->evp, EVP_CTRL_AEAD_SET_TAG, taglen, tag)) { + fprintf(stderr, "Unable to set tag for ccm cipher\n"); + ABORT(-1); + } + + if(!EVP_DecryptInit_ex(d->evp,NULL,NULL,d->write_key->data,aead_nonce)){ + fprintf(stderr,"Unable to init evp1\n"); + ABORT(-1); + } + + if (IS_CCM_CIPHER(d->cs) && !EVP_DecryptUpdate(d->evp,NULL,outl,NULL,inl)){ + fprintf(stderr,"Unable to update data length\n"); + ABORT(-1); + } + + if (!EVP_DecryptUpdate(d->evp,NULL,outl,aad,5)){ + fprintf(stderr,"Unable to update aad\n"); + ABORT(-1); + } + + CRDUMP("Real CipherText", in, inl); + if (!EVP_DecryptUpdate(d->evp,out,outl,in,inl)){ + fprintf(stderr,"Unable to update with CipherText\n"); + ABORT(-1); + } + + if (!IS_CCM_CIPHER(d->cs) && (!EVP_CIPHER_CTX_ctrl(d->evp,EVP_CTRL_GCM_SET_TAG,taglen,tag) || !EVP_DecryptFinal(d->evp,NULL,&x))) { + fprintf(stderr,"BAD MAC\n"); + ABORT(SSL_BAD_MAC); + } + +abort: + ERR_print_errors_fp(stderr); + return _status; +} + int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) ssl_obj *ssl; ssl_rec_decoder *d; diff --git a/ssl/ssl_rec.h b/ssl/ssl_rec.h index 101ec86..3d2738a 100644 --- a/ssl/ssl_rec.h +++ b/ssl/ssl_rec.h @@ -51,13 +51,16 @@ typedef struct ssl_rec_decoder_ ssl_rec_decoder; int ssl_destroy_rec_decoder PROTO_LIST((ssl_rec_decoder **dp)); int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, - SSL_CipherSuite *cs,UCHAR *mk,UCHAR *sk,UCHAR *iv)); + ssl_obj *ssl,UCHAR *mk,UCHAR *sk,UCHAR *iv)); int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); +int tls13_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); +int tls13_update_rec_key PROTO_LIST((ssl_rec_decoder *d,UCHAR *newkey, UCHAR *newiv)); int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data, UINT4 datalen, UCHAR *mac); -#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c) +#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c||cs->enc==0x3d||cs->enc==0x3e||cs->enc==0x3f) +#define IS_CCM_CIPHER(cs) (cs->enc==0x3e||cs->enc==0x3f) #endif diff --git a/ssl/sslciphers.h b/ssl/sslciphers.h index a41aaf4..9a1cfcc 100644 --- a/ssl/sslciphers.h +++ b/ssl/sslciphers.h @@ -79,6 +79,9 @@ typedef struct SSL_CipherSuite_ { #define ENC_NULL 0x3a #define ENC_AES128_GCM 0x3b #define ENC_AES256_GCM 0x3c +#define ENC_CHACHA20_POLY1305 0x3d +#define ENC_AES128_CCM 0x3e +#define ENC_AES128_CCM_8 0x3f #define DIG_MD5 0x40 #define DIG_SHA 0x41 diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 1f3da1b..5a81834 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -48,6 +48,8 @@ #include "sslprint.h" #include "ssl.enums.h" #ifdef OPENSSL +#include +#include #include #include #include @@ -91,6 +93,10 @@ struct ssl_decoder_ { int ephemeral_rsa; Data *PMS; Data *MS; + Data *SHTS;//Server Handshake traffic secret + Data *CHTS;//Client Handshake traffic secret + Data *STS;//Server traffic Secret + Data *CTS;//Client traffic secret Data *handshake_messages; Data *session_hash; ssl_rec_decoder *c_to_s; @@ -115,7 +121,7 @@ static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl, ssl_decoder *d)); static int ssl_generate_session_hash PROTO_LIST((ssl_obj *ssl, ssl_decoder *d)); -static int ssl_read_key_log_file PROTO_LIST((ssl_decoder *d)); +static int ssl_read_key_log_file PROTO_LIST((ssl_obj* obj,ssl_decoder *d)); #endif static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, @@ -196,6 +202,7 @@ int ssl_decode_ctx_destroy(dp) { #ifdef OPENSSL ssl_decode_ctx *d = *dp; + if (!d) return 0; if(d->ssl_key_log_file) { fclose(d->ssl_key_log_file); } @@ -320,19 +327,23 @@ int ssl_process_server_session_id(ssl,d,msg,len) INIT_DATA(idd,msg,len); - /* First check to see if the client tried to restore */ - if(d->session_id){ - /* Now check to see if we restored */ - if((r=r_data_compare(&idd,d->session_id))) - ABORT(r); + if (ssl->version==TLSV13_VERSION){ + // No need to save/restore session in tls1.3 since the only way of decrypting is through log file + } else { + /* First check to see if the client tried to restore */ + if(d->session_id){ + /* Now check to see if we restored */ + if((r=r_data_compare(&idd,d->session_id))) + ABORT(r); - /* Now try to look up the session. We may not be able - to find it if, for instance, the original session - was initiated with something other than static RSA */ - if((r=ssl_restore_session(ssl,d))) - ABORT(r); + /* Now try to look up the session. We may not be able + to find it if, for instance, the original session + was initiated with something other than static RSA */ + if((r=ssl_restore_session(ssl,d))) + ABORT(r); - restored=1; + restored=1; + } } _status=0; @@ -365,7 +376,7 @@ int ssl_process_client_session_id(ssl,d,msg,len) //todo: better save and destroy only when successfully read key log r_data_destroy(&d->MS); - if(d->ctx->ssl_key_log_file && (ssl_read_key_log_file(d)==0) && d->MS) + if(d->ctx->ssl_key_log_file && (ssl_read_key_log_file(ssl, d)==0) && d->MS) { //we found master secret for session in keylog //try to save session @@ -387,24 +398,37 @@ int ssl_process_client_session_id(ssl,d,msg,len) #endif } +int ssl_process_handshake_finished(ssl_obj* ssl,ssl_decoder *dec, Data *data){ + if (ssl->version==TLSV13_VERSION){ + if (ssl->direction==DIR_I2R){ // Change from handshake decoder to data traffic decoder + dec->c_to_s = dec->c_to_s_n; + dec->c_to_s_n = 0; + } else { + dec->s_to_c = dec->s_to_c_n; + dec->s_to_c_n = 0; + } + } +} + int ssl_process_change_cipher_spec(ssl,d,direction) ssl_obj *ssl; ssl_decoder *d; int direction; { -#ifdef OPENSSL - if(direction==DIR_I2R){ - d->c_to_s=d->c_to_s_n; - d->c_to_s_n=0; - if(d->c_to_s) ssl->process_ciphertext |= direction; +#ifdef OPENSSL + if (ssl->version!=TLSV13_VERSION){ + if(direction==DIR_I2R){ + d->c_to_s=d->c_to_s_n; + d->c_to_s_n=0; + if(d->c_to_s) ssl->process_ciphertext |= direction; + } + else { + d->s_to_c=d->s_to_c_n; + d->s_to_c_n=0; + if(d->s_to_c) ssl->process_ciphertext |= direction; + } } - else{ - d->s_to_c=d->s_to_c_n; - d->s_to_c_n=0; - if(d->s_to_c) ssl->process_ciphertext |= direction; - } - -#endif +#endif return(0); } int ssl_decode_record(ssl,dec,direction,ct,version,d) @@ -426,8 +450,11 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d) else rd=0; state=(direction==DIR_I2R)?ssl->i_state:ssl->r_state; - - if(!rd){ + + if (ssl->version == TLSV13_VERSION && ct != 23) { // Only type 23 is encrypted in tls1.3 + ssl->record_encryption = REC_PLAINTEXT; + return 0; + } else if(!rd){ if(state & SSL_ST_SENT_CHANGE_CIPHER_SPEC){ ssl->record_encryption=REC_CIPHERTEXT; return(SSL_NO_DECRYPT); @@ -443,7 +470,12 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d) if(!(out=(UCHAR *)malloc(d->len))) ABORT(R_NO_MEMORY); - if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){ + if (ssl->version==TLSV13_VERSION){ + r=tls13_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl); + } else { + r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl); + } + if(r) { ABORT(r); } @@ -620,7 +652,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) r_data_destroy(&d->MS); if(!d->ctx->ssl_key_log_file || - ssl_read_key_log_file(d) || + ssl_read_key_log_file(ssl,d) || !d->MS){ if(ssl->cs->kex!=KEX_RSA) return(-1); @@ -1070,10 +1102,10 @@ static int ssl_generate_keying_material(ssl,d) } if((r=ssl_create_rec_decoder(&d->c_to_s_n, - ssl->cs,c_mk,c_wk,c_iv))) + ssl,c_mk,c_wk,c_iv))) ABORT(r); if((r=ssl_create_rec_decoder(&d->s_to_c_n, - ssl->cs,s_mk,s_wk,s_iv))) + ssl,s_mk,s_wk,s_iv))) ABORT(r); @@ -1086,6 +1118,175 @@ static int ssl_generate_keying_material(ssl,d) return(_status); } +static int hkdf_expand_label(ssl,d,secret,label,context,length,out) + ssl_obj *ssl; + ssl_decoder *d; + Data *secret; + char *label; + Data *context; + uint16_t length; + UCHAR **out; + { + int r; + size_t outlen = length; + EVP_PKEY_CTX *pctx; + + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + + Data hkdf_label; + UCHAR *ptr; + + //Construct HkdfLabel + hkdf_label.data = ptr = malloc(512); + *(uint16_t*)ptr = ntohs(length); + ptr+=2; + *(uint8_t*)ptr++ = 6+(label?strlen(label):0); + memcpy(ptr, "tls13 ", 6); + ptr+=6; + if (label) { + memcpy(ptr, label, strlen(label)); + ptr+=strlen(label); + } + *(uint8_t*)ptr++ = context?context->len:0; + if (context) { + memcpy(ptr, context->data, context->len); + ptr+=context->len; + } + hkdf_label.len = ptr - hkdf_label.data; + CRDUMPD("hkdf_label", &hkdf_label); + // Load parameters + *out = malloc(length); + if (EVP_PKEY_derive_init(pctx) <= 0) { + fprintf(stderr, "EVP_PKEY_derive_init failed\n"); + } + /* Error */ + if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)<=0) { + fprintf(stderr, "EVP_PKEY_CTX_hkdf_mode failed\n"); + goto abort; + } + if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_get_digestbyname(digests[ssl->cs->dig-0x40])) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_set_hkdf_md failed\n"); + goto abort; + } + if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret->data, secret->len) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_set_hkdf_md failed\n"); + goto abort; + } + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdf_label.data, hkdf_label.len) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_add1_hkdf_info failed\n"); + goto abort; + } + if (EVP_PKEY_derive(pctx, *out, &outlen) <= 0) { + fprintf(stderr, "EVP_PKEY_derive failed\n"); + goto abort; + } + + CRDUMP("out_hkdf", *out, outlen); + return 0; +abort: + ERR_print_errors_fp(stderr); + return r; + } + +// Will update the keys for the particular direction +int ssl_tls13_update_keying_material(ssl,d,direction) + ssl_obj *ssl; + ssl_decoder *d; + int direction; +{ + Data *secret; + ssl_rec_decoder *decoder; + UCHAR *newsecret; + UCHAR *newkey; + UCHAR *newiv; + + if (direction == DIR_I2R) { + secret = d->CTS; + decoder = d->c_to_s; + } else { + secret = d->STS; + decoder = d->s_to_c; + } + hkdf_expand_label(ssl, d, secret, "traffic upd", NULL, ssl->cs->dig_len, &newsecret); + secret->data = newsecret; + hkdf_expand_label(ssl, d, secret, "key", NULL, ssl->cs->eff_bits/8, &newkey); + hkdf_expand_label(ssl, d, secret, "iv", NULL, 12, &newiv); + tls13_update_rec_key(decoder,newkey,newiv); + + return 0; +} + +int ssl_tls13_generate_keying_material(ssl,d) + ssl_obj* ssl; + ssl_decoder *d; +{ + int r,_status; + Data out; + UCHAR *s_wk_h,*s_iv_h,*c_wk_h,*c_iv_h, + *s_wk,*s_iv,*c_wk,*c_iv; + if (!(d->ctx->ssl_key_log_file && ssl_read_key_log_file(ssl, d)==0 && + d->SHTS && d->CHTS && d->STS && d->CTS)){ + ABORT(-1); + } + // It is 12 for all ciphers + if (hkdf_expand_label(ssl, d, d->SHTS, "key", NULL, ssl->cs->eff_bits/8, &s_wk_h)) { + fprintf(stderr, "s_wk_h hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->SHTS, "iv", NULL, 12, &s_iv_h)) { + fprintf(stderr, "s_iv_h hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->CHTS, "key", NULL, ssl->cs->eff_bits/8, &c_wk_h)) { + fprintf(stderr, "c_wk_h hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->CHTS, "iv", NULL, 12, &c_iv_h)) { + fprintf(stderr, "c_iv_h hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->STS, "key", NULL, ssl->cs->eff_bits/8, &s_wk)) { + fprintf(stderr, "s_wk hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->STS, "iv", NULL, 12, &s_iv)) { + fprintf(stderr, "s_iv hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->CTS, "key", NULL, ssl->cs->eff_bits/8, &c_wk)) { + fprintf(stderr, "c_wk hkdf_expand_label failed\n"); + goto abort; + } + if (hkdf_expand_label(ssl, d, d->CTS, "iv", NULL, 12, &c_iv)) { + fprintf(stderr, "c_iv hkdf_expand_label failed\n"); + goto abort; + } + CRDUMP("Server Handshake Write key", s_wk_h,ssl->cs->eff_bits/8 ); + CRDUMP("Server Handshake IV", s_iv_h, 12); + CRDUMP("Client Handshake Write key", c_wk_h, ssl->cs->eff_bits/8); + CRDUMP("Client Handshake IV", c_iv_h,12); + CRDUMP("Server Write key", s_wk,ssl->cs->eff_bits/8); + CRDUMP("Server IV", s_iv,12); + CRDUMP("Client Write key",c_wk, ssl->cs->eff_bits/8); + CRDUMP("Client IV", c_iv,12); + + if((r=ssl_create_rec_decoder(&d->c_to_s_n, + ssl,NULL,c_wk,c_iv))) + ABORT(r); + if((r=ssl_create_rec_decoder(&d->s_to_c_n, + ssl,NULL,s_wk,s_iv))) + ABORT(r); + if((r=ssl_create_rec_decoder(&d->c_to_s, + ssl,NULL,c_wk_h,c_iv_h))) + ABORT(r); + if((r=ssl_create_rec_decoder(&d->s_to_c, + ssl,NULL,s_wk_h,s_iv_h))) + ABORT(r); + return 0; +abort: + return r; +} + static int ssl_generate_session_hash(ssl,d) ssl_obj *ssl; ssl_decoder *d; @@ -1134,36 +1335,64 @@ static int ssl_generate_session_hash(ssl,d) return(_status); } -static int ssl_read_key_log_file(d) +static int read_hex_string(char *str, UCHAR *buf, int n) { + unsigned int t; + int i; + for (i = 0; i < n; i++) { + if (sscanf(str + i * 2, "%02x", &t) != 1) + return -1; + buf[i] = (char)t; + } + return 0; +} +static int ssl_read_key_log_file(ssl,d) + ssl_obj *ssl; ssl_decoder *d; { int r,_status,n,i; unsigned int t; size_t l=0; - char *line,*label_data; - - while ((n=getline(&line,&l,d->ctx->ssl_key_log_file))!=-1) { - if(n==(d->client_random->len*2)+112 && - !strncmp(line,"CLIENT_RANDOM",13)) { - - if(!(label_data=malloc((d->client_random->len*2)+1))) - ABORT(r); - - for(i=0;iclient_random->len;i++) - if(snprintf(label_data+(i*2),3,"%02x",d->client_random->data[i])!=2) - ABORT(r); - - if(STRNICMP(line+14,label_data,64)) - continue; - - if((r=r_data_alloc(&d->MS,48))) - ABORT(r); - - for(i=0; i < d->MS->len; i++) { - if(sscanf(line+14+65+(i*2),"%2x",&t)!=1) - ABORT(r); - *(d->MS->data+i)=(char)t; - } + char *line, *d_client_random, *label, *client_random, *secret; + if (ssl->version==TLSV13_VERSION && !ssl->cs)// ssl->cs is not set when called from ssl_process_client_session_id + ABORT(r); + if (!(d_client_random = malloc((d->client_random->len * 2) + 1))) + ABORT(r); + for (i = 0; i < d->client_random->len; i++) + if (snprintf(d_client_random + (i * 2), 3, "%02x", d->client_random->data[i]) != 2) + ABORT(r); + while ((n = getline(&line, &l, d->ctx->ssl_key_log_file)) != -1) { + if (line[n-1] =='\n') line[n-1] = '\0'; + if (!(label=strtok(line, " "))) continue; + if (!(client_random=strtok(NULL, " ")) || strlen(client_random)!=64 || STRNICMP(client_random, d_client_random, 64)) continue; + secret=strtok(NULL, " "); + if (!(secret) || strlen(secret)!=(ssl->version==TLSV13_VERSION?ssl->cs->dig_len*2:96)) continue; + if (!strncmp(label, "CLIENT_RANDOM", 13)) { + if ((r=r_data_alloc(&d->MS, 48))) + ABORT(r); + if (read_hex_string(secret, d->MS->data, 48)) + ABORT(r); + } + if (ssl->version!=TLSV13_VERSION) continue; + if (!strncmp(label, "SERVER_HANDSHAKE_TRAFFIC_SECRET", 31)){ + if ((r=r_data_alloc(&d->SHTS, ssl->cs->dig_len))) + ABORT(r); + if (read_hex_string(secret, d->SHTS->data, ssl->cs->dig_len)) + ABORT(r); + } else if (!strncmp(label, "CLIENT_HANDSHAKE_TRAFFIC_SECRET", 31)){ + if ((r=r_data_alloc(&d->CHTS, ssl->cs->dig_len))) + ABORT(r); + if (read_hex_string(secret, d->CHTS->data, ssl->cs->dig_len)) + ABORT(r); + } else if (!strncmp(label, "SERVER_TRAFFIC_SECRET_0", 23)){ + if ((r=r_data_alloc(&d->STS, ssl->cs->dig_len))) + ABORT(r); + if (read_hex_string(secret, d->STS->data, ssl->cs->dig_len)) + ABORT(r); + } else if (!strncmp(label, "CLIENT_TRAFFIC_SECRET_0", 23)){ + if ((r=r_data_alloc(&d->CTS, ssl->cs->dig_len))) + ABORT(r); + if (read_hex_string(secret, d->CTS->data, ssl->cs->dig_len)) + ABORT(r); } /* Eventually add support for other labels defined here: diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index a878716..15566bb 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -73,6 +73,9 @@ int ssl_update_handshake_messages PROTO_LIST((ssl_obj *ssl, Data *data)); int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, int ct,int version,Data *d)); +int ssl_tls13_generate_keying_material PROTO_LIST((ssl_obj *obj,ssl_decoder *dec)); +int ssl_process_handshake_finished PROTO_LIST((ssl_obj* ssl,ssl_decoder *dec, Data *data)); +int ssl_tls13_update_keying_material PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int dir)); #endif diff --git a/ssl/sslprint.c b/ssl/sslprint.c index bd42407..355db29 100644 --- a/ssl/sslprint.c +++ b/ssl/sslprint.c @@ -268,18 +268,16 @@ int ssl_expand_record(ssl,q,direction,data,len) explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len); return(0); } + version = ssl->version ? ssl->version : (vermaj*256+vermin); P_(P_RH){ - explain(ssl," V%d.%d(%d)",vermaj,vermin,length); + explain(ssl," V%d.%d(%d)",(version>>8)&0xff,version&0xff,length); json_object_object_add(jobj, "record_len", json_object_new_int(length)); - snprintf(verstr,8,"%d.%d",vermaj,vermin); + snprintf(verstr,8,"%d.%d",(version>>8)&0xff,version&0xff); json_object_object_add(jobj, "record_ver", json_object_new_string(verstr)); } - version=vermaj*256+vermin; - - r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); - + r = ssl_decode_record(ssl, ssl->decoder, direction, ct, version, &d); if(r==SSL_BAD_MAC){ explain(ssl," bad MAC\n"); return(0); @@ -303,9 +301,15 @@ int ssl_expand_record(ssl,q,direction,data,len) else{ //try to save unencrypted data to logger //we must save record with type "application_data" (this is unencrypted data) - if ((ct == 23) && (logger)) logger->vtbl->data(ssl->logger_obj,d.data,d.len,direction); - - if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) { + if (ct==23){ + if (logger) { + logger->vtbl->data(ssl->logger_obj,d.data,d.len,direction); + } + if (ssl->version==TLSV13_VERSION){ + ct = d.data[--d.len]; // In TLS 1.3 ct is stored in the end for encrypted records + } + } + if((r=ssl_decode_switch(ssl,ContentType_decoder,ct,direction,q, &d))) { if(!(SSL_print_flags & SSL_PRINT_JSON)) printf(" unknown record type: %d\n", ct); ERETURN(r);