Adding tls1.3 decryption support

This commit is contained in:
Vishwa Pravin 2023-03-11 10:33:19 +05:30
parent adb49668c0
commit beb4dc134b
19 changed files with 905 additions and 95 deletions

257
samples/log.txt Normal file
View file

@ -0,0 +1,257 @@
SERVER_HANDSHAKE_TRAFFIC_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 f1ea21905d642416d45baf557d45e0c9ab60df273c2f0c9366f84a91d7b886a1e9f8b544fa9dc2afc019799c042d2ee4
CLIENT_HANDSHAKE_TRAFFIC_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 8384d76d250a7b9c8a20665d056902ea605fbec8e1130ced6fdbb6e1bf11368165f6c8a77f425bdb0c7339dda42e8feb
EXPORTER_SECRET c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 95aff990e7ab00e6bf1c837e677b5fde3a371f79554046d0576faf00b3b8410693424cd1eed3b174d1794b8b18501184
SERVER_TRAFFIC_SECRET_0 c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 80bddec16045070e74b34053380fe07656451c293a5aef07e237698510efcd42f1276b75500eb1be7c82db10ab17446c
CLIENT_TRAFFIC_SECRET_0 c209772f370f8d8fc8a6313d379ae082a3cb877358d9d36650b5168a12ba6c90 5d7aa51a77b269e4515dbf8c7a12d18a4d4695d12b4fbe0824903ee016b8912851666a218e13676ae9e68c8f07047d49
SERVER_HANDSHAKE_TRAFFIC_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 491889e2602dce15b2bd6d9c97ef3cf4a9619a91981b1ca1b757f469ba6b296d3a67a7bf1e57fcb2139d73dd76d6eb42
CLIENT_HANDSHAKE_TRAFFIC_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 5b1fb10febd3290acc8d52ff4965e2122212777c4504347d3615e2ae7d1bdbd94880458eefee4b1e76d99d6d4d7615b6
EXPORTER_SECRET ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a abb9d5d6977721538016924baf1bcbaa775d6d4a8c2bbcf95e56a70dd2bb5e0d00b0aede51c3ea2bcbebea0cdaf0ca37
SERVER_TRAFFIC_SECRET_0 ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a 212122dac8d55337e4328017b24636e265a58374a67358d314d9d04d648d9137ba368910f3137d706376675c24edb614
CLIENT_TRAFFIC_SECRET_0 ed786f6320232cc06879b08eed0555b3cf1b73996ad99efa0fab2fd04db3261a d42814aceb92901b53121e7360977e6b800c9361019690787b608bbd236221121f475c8640b0da2f885b9e8d4de65a83
SERVER_HANDSHAKE_TRAFFIC_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 03c6ebb0c72c901b8e7e2560d7a779ddb193670a91fece021c994ad05173be1d25f8b790f73b0efb5efeaaa667b839b2
CLIENT_HANDSHAKE_TRAFFIC_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 d3762c34c01832e9742e59757acdf5152a32f81e013820a15a58d09c42f836fde33b11f5a5b46717e674a45652c6ad7e
EXPORTER_SECRET 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 f9cb1f6e3fd795d5b6a98cfa3d6c14be5afff180a49da65820441486dfa13f4c65374f0e978d15072495b964dcf91f2f
SERVER_TRAFFIC_SECRET_0 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 e76d4c2be886bc95fc610fa043037e7a1353be6874d2ba48e0bfe39e2e1ae9fcc340ea3a40e23e47076888288e78b8ab
CLIENT_TRAFFIC_SECRET_0 3095b9ed781e2e4bf55f9f52a3ab2b5e5cf4cc7637476cbb773d675f3f543933 76bbf106d61accf2898e1ac39f2c180a246dc5bb195b4c7dbcf2075b345b561c2a5329b3b607547c395a40499fba91ef
CLIENT_RANDOM 4c7540ab66eeb36607f45d1bf39556fa911b2b8987e09ac470ca6a6bb89cc067 f9d31873bb7236b6de64df5cb5332b40a73e7f7aa0ed6f904f09bd0acfa2e057519c0e3353698ef8dc597341d4203bbd
CLIENT_RANDOM e508d7e8af016d142e771e423b89e4badd50f9218c133f94a51fa0f331f6d6f0 98525781eeb33f9bbba8d1f6736635f7a8d585eea5a8609e583e7d5df01f7bf32704004fe8b28130fd14fcbd8581dd41
CLIENT_RANDOM 431483723659efb64c534a68fcf8c431ebd116c5901fbb7b6450dade0132f5f1 374ae1fbd2e1bfadb2a296699c2e505805ecfb9477f5313766dea4cac0d042798d23f6b4b26978c1b81b3d623572892d
CLIENT_RANDOM 532eea4473553fb90fbd4f55e96209e9af0284813675afe05d45b7bc0792f356 f6d96be8d360ad0531809f3e970908387578a44bd89597c6055288e9c2c49eba4f8944180de4fbb4f14a44feebfd4eb7
CLIENT_RANDOM 208dd4e770e625284e02ec114c0a581955ad2390b1ae16867772eb9c24223a54 0cc15de80101a5812bc1866e2db9d57563d96f616560485337a3662a9ad40d9cb65e5274980d4301f6c59eedb59e2011
SERVER_HANDSHAKE_TRAFFIC_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 0aec7e7e6338bf3f3365813e8ccc57f282a591069bb9df53806aece17116eb41735ad1c92d6559462817e703d03b56d9
CLIENT_HANDSHAKE_TRAFFIC_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 29ec8ccb3969271d3c396f1b6f69a9fb21b0a1c092ec885357574aa419f429ca31f4d5faba1c773d65cb8e5247674709
EXPORTER_SECRET 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b 155129466c93e7e521b20dfeaab4c13ce81db5db5883d0d482c73186b9fad5be9520be2a60fd6b19a90f241e4208da94
SERVER_TRAFFIC_SECRET_0 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b ce8247fe6ee7ad0771be7d78feea579e36abaab1a5eaf15126d4bc6c3f9b305d8211fbe2ed256fd93852036bc59b890c
CLIENT_TRAFFIC_SECRET_0 7ca8d967bf880622b678102c9403c056f1d02a818d6c7fbe2c37bbffa2a84c7b f8b89fbaee709d96f812f5de52514ecfa90186a9163b2c682bfdbcb7b803c66465ee6fb893d4d2adacc151ac368cf95c
SERVER_HANDSHAKE_TRAFFIC_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 b16fcac17c6995d2f6bdf776caec8d995ed622484bccb1e0a9b8bf04b3e511d67afdf4514fc17dddede6dbae854979bd
CLIENT_HANDSHAKE_TRAFFIC_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 0a4c4177774b560d33ffecd1481a80607cb9879c1439e16ddff823db59dfcb2a9c9de5cda41dc231c0da8b1e587d6a53
EXPORTER_SECRET ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 b8da25ec874c0e02dedfc2381797d451744df5316db81648400cb7d3faf5748b15ae6b30d6f7a0704f6e0ae1df812150
SERVER_TRAFFIC_SECRET_0 ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 745e4564d0fdb4ea808cb27b5c93b561eb831f685bea16fbba93b7671a4373f3094846d6b85eaeded7e3eec262262a08
CLIENT_TRAFFIC_SECRET_0 ad2e8c1e1498d712bc7fc64a8801ce7d836487b8173d695bfb35907442328194 95c94469093f6a3db2ad4a9c71ee3d430f4b2156a67bc5c8853c4e62a0bead9b4a3182244c64b8d9b7c713b51c1aa594
SERVER_HANDSHAKE_TRAFFIC_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 a0c6152223baf9046f2b829ce88b489a9004b87f27b2b05d8995907399b44fc3b8621c3c8ee5f2e98f8d27ed20b8ad96
CLIENT_HANDSHAKE_TRAFFIC_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 25aef5cd4ff1205789989b46fc8fcd55706d4aa779e73ff081a842845101dacbaef19831c083ffcc31377d77f3ea65b8
EXPORTER_SECRET c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 979a3b06f56ff0f7695c3195c037acb392ddc9ad411ee248a4dfebad0293dd1f727aea585cbb07adb17dae8c7ebc8c52
SERVER_TRAFFIC_SECRET_0 c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 d9803a512639d0b15a419d4601678c9cc81a770a299cd43fc57e94506302cb2712fa2124c5208c1500540a7e0cef2bb2
CLIENT_TRAFFIC_SECRET_0 c82afc20053a5c6e36428604760ca380b7967bcc6930fcfb40848312c661dfb4 d8932395c083441cb9f797b398750e50abc0d6f62bc7d31baf6b5141e9650bdf9231fab42b50f7cf4a0f2f044c9bc057
SERVER_HANDSHAKE_TRAFFIC_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 9fef2405b1d6417a6c4296d1c34e5bae4b9be0a873470f66038f6a0240475809bdc7258672700506877bb886231f901d
CLIENT_HANDSHAKE_TRAFFIC_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 5ba0498b149e2f4a88ef10f539deacbf37512916c84f05a31fb3c286d7d8a62fc372ced1f8944d0622af0b8a409667e8
EXPORTER_SECRET 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 b24e413022bc1534ba085eb9f8f0c27009164b6c8004cd81a1a7082e02a696022b814f26a5d8d2b607440617189d8da9
SERVER_TRAFFIC_SECRET_0 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 fd00511b44573b9aad40b352da4b3881378c5f3b07fc06ff4891b7e9690eaf758c13a3b34c5c7c14f9f43b1d3472753b
CLIENT_TRAFFIC_SECRET_0 1becf381fd2cac334c7f0db9fdb2b22aa184d7eeb3034ff252e6e6ac7a8d4622 56f356d630824780cb82ee0a1bc7da81fefe318b8039e92edfffc76efc064b02642c565d0d5c900846c87c9c2b9c1b68
SERVER_HANDSHAKE_TRAFFIC_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 64f529b9491a85c407d5b4fdb5ada88167cd8aac3cd8cd29999277127b785c52dff6a4406748e7e5ca1b4754c673c1a7
CLIENT_HANDSHAKE_TRAFFIC_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 d0e75f1d0258d3bc425810c3a37e23bf3f1c56aedd09b29607a992129e09f1825def227be7bb9946292af64b37ec05dc
EXPORTER_SECRET e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 8ea1a409523e030ea42dc4a2ad3b330cf5a9a9d642805dca761ae7fbd5e2df0948b6cd02a910332e42005b7ccecdc5a3
SERVER_TRAFFIC_SECRET_0 e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 c82e5d1dac049bb110583a5d98912dda61c5fcd4e91c1fed2cd998945c8511beef2c38414ca663095da3debd539c061f
CLIENT_TRAFFIC_SECRET_0 e23aab10af40630cf3bac826e2453af6a18163930a98941af94ca9c45a0633a9 d3c9121a8b35397d7e22d96bcedd2b177ede2f22c15db12f99a2e22df05068890762cde7832f3914f5206b4c6e8fa793
SERVER_HANDSHAKE_TRAFFIC_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 2bfcce11ccf325ebd2870e6523c8c56cdaa168222462455977055f94ff5c50d5be47a5596592cde4bb1f624770fd5335
CLIENT_HANDSHAKE_TRAFFIC_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 6f34919b76405f35a67a809efac15666ab4bf9c6781833f48a242fe04c583be49109a8eedd5d54a4eaed2be050237ad7
EXPORTER_SECRET 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 15e38ab7d8e3673f8580b81206159f7d78f70af2eaefb141815591393f13509583ff347bcfc9d44db37754909cdf740f
SERVER_TRAFFIC_SECRET_0 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd 5298effad90d9b540ed6de508cb8c4d43cd528dacdf80cba71164297eae417655ceacb5b4dd2f5e5b59b00d88f95fcb2
CLIENT_TRAFFIC_SECRET_0 452e358e5fba511d65e80c284d57c3bfb6409080aadd86df46f95b35a43f0cbd f01e2a0ef3c63dd26f57381bb10cc0ae70be494e1e33ac37d2b283e78221089d2ec9c7352740f1fbcaf19afbc235dfc5
SERVER_HANDSHAKE_TRAFFIC_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 9bd3e024537ceb19a39783336b715f1d2777edc934dd618602a87c4f393024ed46a660a72d91ef56e9cc0ab7f81485ec
CLIENT_HANDSHAKE_TRAFFIC_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb a88826a872250233457a75f83d5ab05446707989e9861b4f12ab860350a6e6d9c80ca417bd85e00ef76d9216d989d017
EXPORTER_SECRET 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 229e5b39a020532844c3a8bd0adc1a46c9b50e557b52815894795ac9f636d62f08a3d101bc36bd026369b8efb0001980
SERVER_TRAFFIC_SECRET_0 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb 9ea9a9d7db955c196d7805789d2eedba1691456916dad090f3a16b549c1c3d4349573dcd79e74443bf250fa6087b6057
CLIENT_TRAFFIC_SECRET_0 5e41320b56e65ef64b1cdd43772ac23f7b6911cc094fac846ec31f18ca271fbb f9067986d7e4b6af3e1f7d23a3f8970391e0ce2920a2e02ecd4c8914a78280bfc05ddeb855339a362648bda479716bd4
SERVER_HANDSHAKE_TRAFFIC_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e d2747e8fa163a3f72e2ce5070d84c0924a46184edd441f80b1d549077ad2fe3a9f470c81b9c9e8b94261c5d3b63ecc0d
CLIENT_HANDSHAKE_TRAFFIC_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 973779693ea48ecf9ff6f824ddc58e714ed2e8c714eb1a14df9de9bac39ce32f769cdb7038475e3b3133b14269c01778
EXPORTER_SECRET 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 45a877e512e1e1e73d8fcea15f7046545e01ad394a0fffc97caf3426f74db4dc00530e048360f581f98a962237bec140
SERVER_TRAFFIC_SECRET_0 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e ce52b3dbee9e95972ab9ec445991652d483af153779fea2906af1af2831891329400670d7be73e6a2aee711c4e45ae44
CLIENT_TRAFFIC_SECRET_0 1b2c90def2fa139e9b726a3463c248ab220a8c3c2916781d95d5d7fbf9082a4e 3c607941064ff1862a3f8867c017cbe4d226879356d1535f246654d0e2c6b3d61b41b3f5ed0d3732ae9931aab16e29fd
SERVER_HANDSHAKE_TRAFFIC_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd ffa1732e4c5f3bb32349f8de7b0703b5e148c8e8bef6142acdf95969d43f0b84baaf3b06e2a81d80f3c8969414d1c35f
CLIENT_HANDSHAKE_TRAFFIC_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd 11c542a1400615a428c852cd8603ac7981c206234b9057a3184e60903c7aa6fa043c382e88846917170c546ed2cc058f
EXPORTER_SECRET 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd d8cd815f494f1302a27f270c00ea7294180cf125db28c9d58770cc02b907317d73262400fbac1ac70b2176682baa9415
SERVER_TRAFFIC_SECRET_0 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd 47fc262605996243c02d61e28cca22d115418536202116278f374490947ff0ba4b90401bab51bdc645bf2eae36904d4a
CLIENT_TRAFFIC_SECRET_0 1589a5776a0e2f538e6a133e594f24fbcb05e82cfa56322a6132a6ec3531f9dd e623d1db6f6cab44067ad3cda3ff9e61183df455b04ec89ace64e204497e8117125110fe0aee2a9aa2b40dc29ebd77a3
SERVER_HANDSHAKE_TRAFFIC_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 00038b8356a81113f1701b2e2115c6b9db8e56a8a17cde6d0db049f307d1aecfd668bd25e8576a37f387b81c07bc5391
CLIENT_HANDSHAKE_TRAFFIC_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 30885506395e0f0c3fea37db14855e620aec4ec8e1e8681fd3b73b7d0541727d482eabd08ab504780b3f1f62af4ba156
EXPORTER_SECRET a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 2978fec2ed11b0c2fb4f812b04d9853bd42a925bd98bc30d044338c7ea43680426fb1233a16ef46fd8414f5052c38d8e
SERVER_TRAFFIC_SECRET_0 a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c c41d1ef1ee370d400734c80b588895fdc1bbe94d46e572f437410173743f4abec3113855109ffbfb011828b56bed6215
CLIENT_TRAFFIC_SECRET_0 a4b36bb85899fa874525c0ac6ab4aac6a0602686a9949ac2f561c778bd96d73c 57be0e0741a651f6ff5a6e7fcef7b520df9547d3bfaa015c1234f73d9f84ae61fb4bac773591345771683039bb14c35d
SERVER_HANDSHAKE_TRAFFIC_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 c5a9ef00030d51c5b96522034ac05ab8fe1c02faac4d5a3f892f1bf7faad6eb2f016b84ea55372fb1d7f9c0dbea6235e
CLIENT_HANDSHAKE_TRAFFIC_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 ee143b434e31604067d74d628008016380396d2dbccf220f9c8791c3581457d8ada05cac78e50b9fd9898acaf02f0964
EXPORTER_SECRET 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 0659abb3c386966f96c44e82533cfcdb323aaf0b23ddaa374f81cc07d8472c97f0adcc3f2bd7bad01f43a5a356248cae
SERVER_TRAFFIC_SECRET_0 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 70ca7dcb37242b515433a5a318b635fa68fda7165b08c79ed5171f058fc3d3fc7b5acbc6e191378ab1569088589f6131
CLIENT_TRAFFIC_SECRET_0 448ba07bcfb54b8455f2e0d46b4335f8d96b65248d8f0f8661d6fb290e7ae5a6 2ac52e1da0e26d7ca254875075110aa9e04db416dade43c9e2a1480181a71730aadd4609b15fb87f6429bfcd3394b271
SERVER_HANDSHAKE_TRAFFIC_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 ab7ec2ec609a33f0e9c01bfd12cc6e26d2231ec6bf45f16c67bb52095bfaf6e1ce9043d1a6369b558c4a9433f5bec83f
CLIENT_HANDSHAKE_TRAFFIC_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 7a46d9524be63795d31ec54b72d2ea503d17d19229931efcb815658c037b49eba5faa255b7b863723ee519f037fc4a20
EXPORTER_SECRET db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 e562a08f4686b48b68ecdccc4daf79e72b4c5353c2233720a2366e3bebf11ad4c9d4a74c531bcc40068dd74d06ba825b
SERVER_TRAFFIC_SECRET_0 db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 2a78159b4fb5c2da594cb7e73e21f67e8a4016f07ab746ed079c301a664dfe3ef8db43dfb79131ecad9ca9d4f3e0febd
CLIENT_TRAFFIC_SECRET_0 db757d42168448f28549990522e30c95dabe006ecb4e2f63411d86a97d034575 c6b2447b57b49d327c37025d7a1e0f36fd9ada12ca68c6ba76acfb78cbed2972ca12b4f4db28313ef5cd53158f7b2f1a
SERVER_HANDSHAKE_TRAFFIC_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 001c8c10eaee916829b22feb1e152ac11b93430e3cd438e181cf742b2c9977ff7ff8af062c69ef129f5783636967a63f
CLIENT_HANDSHAKE_TRAFFIC_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 ab1a96c708a12c613247651e24764bce2de1fa2885f69f22f673cb2d58d66de1c820573998e4ecff25593e5bb1c80bf4
EXPORTER_SECRET d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 e8ff868de3f22a393c0ba82ec49e2ef3093f8695fafa47e3fc6779e20745a00045714140f8c6ce6641c1850ca25e9281
SERVER_TRAFFIC_SECRET_0 d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 5763288aa48d60bec99b2b75a99b936d48c176498b42ee85cd6dc8db0eba44c626d9004c41452d5ad3ed5d373718f456
CLIENT_TRAFFIC_SECRET_0 d15807c7c9404d2ea822228215f415102e2d9b157eda08bc1febb6ed21a15e38 69a30983b177d2951c1bd6f6fdbe0a1711b004885dcd05f4a3f9ec04634c1a3ecb39c4fc472983330caa6d5fbd05d99e
SERVER_HANDSHAKE_TRAFFIC_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 8e40973e9be126761f05507189f010e30aeeb684c93e5760fc5ec7fc19f3bb924b2063621786e96020450d5041d91def
CLIENT_HANDSHAKE_TRAFFIC_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 326551b4cfc6c84bd7844a4d2b508bb5fe0522daebcd8c31dec5970475f64ea6a2376506c567943d996c5e02b4bc608d
EXPORTER_SECRET 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 265c19673daa66b51db0325f829ebc6db4c352052baa1623fcb3761f148aa0d91f2a81789a890544499eb265e7e0d77f
SERVER_TRAFFIC_SECRET_0 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 0b1bf8569acd1ebf5008c2ce5ed203e23139b3d79d38d7e2a3606a3729297ae5bd1c1ced4e266b60b3edf19bad7b045b
CLIENT_TRAFFIC_SECRET_0 46f27cf3f8732b6c172a85859d184bc52be63611e447bfbbe02f0a967dc6e6f8 ec61a4ad8ba705e7ffa343367e8064a8df4815c2b8c23b5aae50a0d2564acfe7033c88f968f815ded1161585256b1ee0
SERVER_HANDSHAKE_TRAFFIC_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 4a1ae4d915fc9826ccc807f97f081ad99a79eb98139c056dc9274267ba6a224d1558ee6cf3581dc483cfb5852bc91bc7
CLIENT_HANDSHAKE_TRAFFIC_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 8a70efc48146ea6af38d9bb7a8363f82e46045316ba0ec6c59cb707bbf1be5e3ab408d97337cc4a82e736c3409953772
EXPORTER_SECRET d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 1439a653754f895c77953fdbdfa46235c497a7880a646ef2a86e65b2cfa8d5a7b5bd44938a1db880bac8e731e4b87b19
SERVER_TRAFFIC_SECRET_0 d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 a9e08db93bf547c9757f13494e94b1abfebb3728f4cb8bc3018ad015619ade89ef4bc5bed47b1e3bdfe7dbcaf9b08309
CLIENT_TRAFFIC_SECRET_0 d46f97e262a631c410f0578370361e864013d14de7486e7a03f39df51ceeaec5 afa8935b84fc53df879e3855ce400a57ff3bb530dc26532de62aae9a1bc0cd0b36e514c119efcc1a03b139320c972088
SERVER_HANDSHAKE_TRAFFIC_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 3c28a8b494311a317428f303ad763149c73619c139f66c5c6e0be08b63028e676323a54e071f19512d77f9cbb10c3b15
CLIENT_HANDSHAKE_TRAFFIC_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 8d0e1e7eb2066f13204133ff553b3188803933657d05ac63b002b558572250acde46645fb42415293712b54a5a061b44
EXPORTER_SECRET 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 532002162c67ad2b1301100845f45bbb6a2b2857809b8a8f11aa0b3326d8b48de4aa7d35b340bc196abf072c9ca34a47
SERVER_TRAFFIC_SECRET_0 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 e2238c1567491e3400803e459ad179796993d3b529b1bc68a11a97ccdd9b67eeb6fdea2a12d897952f6e6536f6b68bae
CLIENT_TRAFFIC_SECRET_0 14e3e927896aae3825aa1f9dcb7b54bf44f3526e636c79200f43d6fa5574e325 02dca56d4a09b2fb1104f9664082710ae073b04cad9dba39fc49501b8a31984fa6f0d37861e2d6a65b810851ec47fe92
SERVER_HANDSHAKE_TRAFFIC_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 af2ce6ac735f5832ce0791678a147611cee25ba9579fd92882bb03ce33327adfa8416b5360331065815ad43feeef5111
CLIENT_HANDSHAKE_TRAFFIC_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 0fdc494cbc70e0a77d3d37b26e7d90e4176d1916da827ff2d89c3c50563e9f3580f23d24ab26c3ef58d7397bbe6e9046
EXPORTER_SECRET d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 c2164a2b2556dde26805c7d29067f0075331933bc28ddd545e59c26f18f8e661dbecb6e49814b0aba66170b31b62fc4e
SERVER_TRAFFIC_SECRET_0 d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 03975fda853826f23adda673975957c66e8a6047b9d5057673f3a7780fd02b3d253701ef0555933af0b8a1894e81b248
CLIENT_TRAFFIC_SECRET_0 d6d4b7a3ac1f8ece057c185b11074aead3de89e5a11ea7a1b89b6393e412a167 ba3f1c9e1b8fba8873322c2966c67a0005e44cc2c10d81eded978a428c6a7aba3fda361e738757f4738670b5d3872b5a
SERVER_HANDSHAKE_TRAFFIC_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 0a412535cf590a239779cac8835e33dccc0ff939235dc104fbeb0a65bd3f3e9167c0eda41e460837d17e1a8e324e41a9
CLIENT_HANDSHAKE_TRAFFIC_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 67d18320d88059dbcc16bcb01e8426625480734ad32359595272843cb9aafda92bf10545097f97dc2bc0545f9a91761a
EXPORTER_SECRET 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 a1c172df6ea144d89ac35b9d26d5bbc93010e3d788d44a2eb18b88dc48990ed06607121100dd1ae19559b3bce3151dfe
SERVER_TRAFFIC_SECRET_0 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 2a0cf6458a6179f8f6b6774c51a7e39227783874f5b8f4b3762f0d5d7d0811ef167e8c552afe6e30ec90f9c986daa9e3
CLIENT_TRAFFIC_SECRET_0 87f194f136faa69c6c7505b7e12b480496b3f0b77130c31c8923fdce22868431 3b8de68294d741f9ad6b3a061f98140a99b2e1da2eab05952f3605a1a00dbebca26ec8c5d0b86a1688c9cd04fa31ee53
SERVER_HANDSHAKE_TRAFFIC_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 8ffa799f8036834fe798397933774423c6ff7d775153be709e4393116f91bccb8124f1ab3272cf8b3ee6d492fd5f2aea
CLIENT_HANDSHAKE_TRAFFIC_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 9907b615896c8e6ac98be0a716ac671784951541d23a0ce7174232a9c319848eeb309db3aa2ba74e2606e0ce331348ac
EXPORTER_SECRET 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 fd25c46614c4ec58e9fd7332a617a3a0b95a6aebdaa962b85c2fee3b196cd8e62127d6a03b91b1048cd2feb199d03e8c
SERVER_TRAFFIC_SECRET_0 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 6fb2e686fb016f76b34b20ac600ba1643ff758f5b3fc41ff2691636644546ca5029dd66b23454bbf10200091e9313c65
CLIENT_TRAFFIC_SECRET_0 7d9008e8e75260cd628639262b3b8a4b3bfbbeb9c1aa10e02847c78288080810 dbd4b3fc8b3544d4e85330fa8b5d7df6851ba39d1298a1c2d2889b004e6f34c2905bcc356c950bb531d8cf84287feb39
SERVER_HANDSHAKE_TRAFFIC_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 6077e13b2427563adf13496e4735958ddf7011aac693f17404190633132c4ae4322cafeba5362bb8800cd8f3a42e31a9
CLIENT_HANDSHAKE_TRAFFIC_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 633ee7d0bd1e105ae8756674ba786d5422774614f50009030266a6b52cd8ba5cc1f8bdc93947a9a95e6f889f3bdafcde
EXPORTER_SECRET f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c cd9dfcbcb4aefe47964aceadbf9d22ba0aef0975869b12f157804d4fa6813f38d44fc033249c9cb22ae11a754f65986e
SERVER_TRAFFIC_SECRET_0 f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 4d4dd92fb0194b8298257b5ad6e0cec029456ee35aa025f1e9fcd592d3e63dcf657313d1d51fc2671d0472f9bc11a63e
CLIENT_TRAFFIC_SECRET_0 f44632915f4a422f8d91f7100a63795e9c071156ee9361df65375e65b7a0265c 099966319f13070681e2fdc889951ed04b5de5af5bd870da7e2406a5708f2e4cd07be298f24a1f75eb9e49d12fd121e8
SERVER_HANDSHAKE_TRAFFIC_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 873b363dec1a6b03b675d593a870116e9a12e21254484bddde2ada942a713400508db3b1c8c0d36039e59e853589de9c
CLIENT_HANDSHAKE_TRAFFIC_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 a17abdaf0c35fe86ca9ab816a3f502d2770a0c1c7b3c4554574e537f730153f9263a416e5533e6600ee04ca1671d21d4
EXPORTER_SECRET e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 7d5bbfaa54615a009bb83753f1a2b069a52241da63ead3c71f568d80a13418141fec1fec9ef28f882e8926b185ce0dad
SERVER_TRAFFIC_SECRET_0 e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 11367316c1a97048df2d70a1acae99357a03deea03efd9f064ec36fcf2672d9ad0a2018522a175585163a609750c4639
CLIENT_TRAFFIC_SECRET_0 e3899c4dcfbbb415ba4d856f4253c34959c4531622e4105dfec451ed248ffc80 53ee68787d5129c87b23f421db61ce132b7e3e63fa80f9e1d5870fbbb63c15107b999ce695700c828460490eea130fa5
SERVER_HANDSHAKE_TRAFFIC_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 ed3999eb3e1e0b4d3314c2597e990503c33ee396fc014af365f4fe8e6c59f2e2a986355a95640c237f27106cf1dd29bd
CLIENT_HANDSHAKE_TRAFFIC_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 195ebdc9cafee2bc3ee2856f3aa604f5c7d7cf04d3c2843fdfa4ba18ff527be5520f69205b68aff3be8ea2b53518df14
EXPORTER_SECRET 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 375e645651e81ee9e1963a3fc66efbf5f9cada69e0b469a4c005082cea60ce80a45f7e2fe0b8c80c5d9b4bc55cda9fa4
SERVER_TRAFFIC_SECRET_0 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 3661f7b9c5fcbfdca08bc783e9ec8200a640320a9c94f98b2290b15abd462cefd2f21dcc52d05c0ddaf85a3e1a1a7b5a
CLIENT_TRAFFIC_SECRET_0 58cfa2b2f47f6a19e80ef6a378c658e2691b0645432e2882170740b6a0c25061 95abd1b96d8b222b4c443898e82f584a13f3ed47f4e976423f06c50138a4b9ddb80ed5b19f9809e2a5c48c7c30693fdb
SERVER_HANDSHAKE_TRAFFIC_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c 68ec2db7e51a1b57f09e33e4aeb10025ee238ac4627746b6c2d2914fc1abe795470764362aab1d05f37eed5255d2953e
CLIENT_HANDSHAKE_TRAFFIC_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c 684b2327ddd94c40e13426584f54d1a9b528d17d1f9bd7426ba7bd8ddeda98829b1c4585434bf6e1ba03a858b40c3efe
EXPORTER_SECRET 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c d5da49a7c3aa113835dfcaf4446c6da31595d93166be6f187b975f1a11b2cee3b75dbc5194643b86061f9e056bfd6f27
SERVER_TRAFFIC_SECRET_0 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c fe48361e4fbac31f1dee4375f096a06755ed5f43dd688e7993dbe96d3b77ae9ba5d3029b1ca2ca0ae28bd11c976baa59
CLIENT_TRAFFIC_SECRET_0 8e67bc86c77efe4a0bdd6610d2b283b2d41a590a52c6be00c14e19e8a2216a5c a227da2a5ab1aa34221ddbeb6c4fdd7d6716f8be5fcd09d98552d285cc01616f22e785e65b9c5ff321b7d3f3c8986c9f
SERVER_HANDSHAKE_TRAFFIC_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 901589e627832045545f33259411701b9af5a5c9840b66eee7a3ead37119623df254cfb072b1036996a579b0c6347d75
CLIENT_HANDSHAKE_TRAFFIC_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 d5d19dc69f2751fb43424fbd96ddfbd4890b8dda7a9cb4cc1641bf0e5155fd2088cdc51d3d0e3ae685280925c9d0bf3d
EXPORTER_SECRET 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 4b3a40c58c0754af6df77093a42133d60ed7141b15ae56c0b9a067a31ed4d8f064c2be9740dc114ce6ade9909d463d05
SERVER_TRAFFIC_SECRET_0 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 e5f3e6fb12eed9e50004a5bfb372354bc7dadadd5e481417bf4abb3febc043a45a76584912446b2abc2a9b479b70beca
CLIENT_TRAFFIC_SECRET_0 009ccdad7f30d6efd59b098ad6c2007c87fbc99205af96457790c0ecf17521a0 b7c35ad24aed16963da9326e18d7f3dcc811942bf6086029d16368419e074a348dafec106295832977ee688102610b67
SERVER_HANDSHAKE_TRAFFIC_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 239c2901fac5b07b49680872a0e3cca9c150f2fb92d908f1f27086b59912bcac989c7f225e6e76c5228687a48fb6c899
CLIENT_HANDSHAKE_TRAFFIC_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e fbe7dc3eb607bb0183a00104441027d5db80721a42ed17c5ee7458f539c0c8e1e996c79f1fc1dcf9791b53b0fcd934f1
EXPORTER_SECRET b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e c43232be2135f4c217fae0e963e91a05a5053fa205ec9912ea2aa395381bb95570004e044da2a11245e97f23095429f9
SERVER_TRAFFIC_SECRET_0 b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 75b073c41ca2618525a29ae1d35879b40d5466c2faf79e62dab0e9536dc0b84a620492efd124da1db2effe438424f3fd
CLIENT_TRAFFIC_SECRET_0 b41b59e34d1abbbd7de0d44209e05b403ce0a03dc4e3bf25729dac0addb74d3e 7bc971f04177b778e1186e3efca96018e85dec2000651e7ec93a7475a4d38db8fc808c43a9616a1b31e781687147be79
SERVER_HANDSHAKE_TRAFFIC_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 88904a4816ddfa5e2a0d16eed0f55a4d3b0ce8c889d7a7f7db589085f53e72fc
CLIENT_HANDSHAKE_TRAFFIC_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 7cdb5f2b3dad33efe1617efcba04a2d92e0b6e5a65cedeb8a837dee395e6c085
EXPORTER_SECRET 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 c7b13c68943998598e2ee60e615efc5904a943bf48ea007c05759f4f6b2395e2
SERVER_TRAFFIC_SECRET_0 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 1094947db3f6fe2370e5aa81fc3a30a8c85b83b5950a8d9dbd101f6c5ecc16ec
CLIENT_TRAFFIC_SECRET_0 3c20ea9ea4054044f75512da39064f98544fa006c3c12ee5239a4c5a31320540 574ca7d87618738edcf11fe6937338b3eb58c31ee49dcda2f7284fdc4dfcdf56
SERVER_HANDSHAKE_TRAFFIC_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 182ed636bf590c245fea0ad4b04d9b2304bb30279e1a2f7bfef16861d13e2462
CLIENT_HANDSHAKE_TRAFFIC_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 1e4ad1aaddf8a4f64f35859461df54d193d1cd081845a422ef44d71f5ca71f71
EXPORTER_SECRET 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 23136badd3a8975b1ceea1b4d9523055cbe296dfe75596b1e90ab6f0b7100350
SERVER_TRAFFIC_SECRET_0 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 e15200b68d7f703abe7b04165c8885566d90c4dd509c7d174dc4c2cf130cf4d2
CLIENT_TRAFFIC_SECRET_0 169637b581d83e615cee48ae69fd0d810f24e8855dac989600b48fac970c36d9 c5fef93efea3e4a24499a408af7e3de26411738cf25063c9efaad9b8d045487d
SERVER_HANDSHAKE_TRAFFIC_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 f57367d19017ecbf85a2b2b16840452685a6ccc96bb269976374662c45a442e3781976c63829b74519b9ff0ddfa775b1
CLIENT_HANDSHAKE_TRAFFIC_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 6e13477063c742a800cce3a59994158e51b0fb324410a316a3d2977c6f41a276a323f22770667e563ad1525e5db3dcd2
EXPORTER_SECRET 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 6a3e9a5b09e243c90d99d7519ca983bd4bd595f53e40de974a601081073160ba9f41a85d6f8d1e39584ca66c053806ad
SERVER_TRAFFIC_SECRET_0 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 435989df8c9c5e83bdbafbf82198bb8a5bfee5d972dfe5b893b549defb899f1e7baed8c9cafa3e6816aab80428f127b7
CLIENT_TRAFFIC_SECRET_0 27c30a115134f44650c60dee4d44978aefd02c47ce11f453a0de8192fa4aea92 79202c8c9ab63aa7fb6b94f237397bf7063a51784405309f51428a1c1b5c3a813099252eea22f6ad0284f443a8594ea6
SERVER_HANDSHAKE_TRAFFIC_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 20cc50c46d802b17ef8b2619d473500c8f970cbc5e84656de2742f1473874ca696abc05f63dbc28f81a239ce5230eaa8
CLIENT_HANDSHAKE_TRAFFIC_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed c7334c9a3d174754fc282deab4d074a8af681656eb1d116778560f336eb5165acd4b8c236092362168fa19c29170eca9
EXPORTER_SECRET b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 3c38b92da4194ad31d356e8bf7d48e14aad46af8d30eb164b3cb628f96b54a4cdc6f58406834864ce27885d766ab69ee
SERVER_TRAFFIC_SECRET_0 b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed 1db7bfe15206432b36de2412d5bac549632f7d796b6f14259a6762202886559a7c9de75d6650c7743cb3b28a631e8847
CLIENT_TRAFFIC_SECRET_0 b0470796569b4f1ca61e1287dfa61a808ac0c491fd51559cec0d2ad4cde10fed f925e39221a1e0af51c842fbf5f7f3b81d515e81f1f616a2684e7dc33699b4be8784d379d2c28c6496cbedbf9b060048
SERVER_HANDSHAKE_TRAFFIC_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 22e8aa7eda51ffccda0a6425c79432370e299acf9d9d484bf17d3c2c0bfb9fe0
CLIENT_HANDSHAKE_TRAFFIC_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f a2fe0dd7f22162b3c0c8c28f1c87366268bef27a4854268f9fa3c6425c55eac6
EXPORTER_SECRET 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 3191a28e731defa7eabca0bf3cfdbf94aa0a5e361cbf99c70674293ef3a2fd34
SERVER_TRAFFIC_SECRET_0 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f fdfd73a8fb41ceabc7dc6ee1422e0e99c19f7a5c2fe291a1b8268bc6edc673ee
CLIENT_TRAFFIC_SECRET_0 97eae75a36290fde86bf2ff48c8039cf2c0a8f36cb727897b954dc60e0d6cb4f 7ac1dfda09a9552f18d354bd9ee7fbede1b098e955d25872f9499f3ac7cc6aae
SERVER_HANDSHAKE_TRAFFIC_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 1952044bcd496831f0fff4e07b45d418d12858c99db1224823b796e3e201feede3af8517e44fcbe170c809313672e673
CLIENT_HANDSHAKE_TRAFFIC_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 6e12ea4fb6e483999c7e506fe79f20bf1729b7cbc067fc550954d48b0a067d7f919b365fe27a1951d45bc04af0aa195d
EXPORTER_SECRET 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 8bcbc5371d8658f7c6914e1fcf67b9bdd0851355ef5fab90e84a6e8529d2d882d8874aab4b5bcb4b1ce5ed43bb408687
SERVER_TRAFFIC_SECRET_0 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 907ace566debefd423c3f66b62e544a1602816e7e0336e0c017916792818a8c6dfc4cce1e76de025a2571d4630c9c753
CLIENT_TRAFFIC_SECRET_0 897fdc7e6097f8d59e66cc656efa4f1738c41e28905c3877f10d52935335a4c5 ec78712410c873158c52583b3bd7f95216400d14a473a96402efde819268a8bee1a9c5e92b2eb12a5bbb7246ddcaf5e3
SERVER_HANDSHAKE_TRAFFIC_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec ec90888e7e8063f8cdf21791d5da805a90eabc99ce98cc1cd19aa6337ef7306ca27844bef2e5e8351e9956fafa3ca70a
CLIENT_HANDSHAKE_TRAFFIC_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 6fee3f0cc4c02cef4c391f0bd963bafbab9c718b2e532a26656f55b9048461789594078a604cb100c1562d24c156fe27
EXPORTER_SECRET 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec fb05a6ce3b7fa64c673376dbf696866dee3ad5650149c63a8c728ccba3da6fa1a93d452d54503ce4de1617a49ad74133
SERVER_TRAFFIC_SECRET_0 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 4a329814c248187c9f2b1016f0852b998168ba8af5555a0ba181e344eb679318ae142c366e6258012a098cf18618534d
CLIENT_TRAFFIC_SECRET_0 8add6459527b417ba0c689ffe3a7bc34a460d85811322870c93e83d998ee91ec 3e4ea5a39212649282f9918193b6de5ab59ddc38043294ce056cd404e2d3c22ab7c3f1399fe5c70cd28c2b10576045ac
SERVER_HANDSHAKE_TRAFFIC_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac d8ed82fe7e70a93f353f7380c77c4f390685e4a651e52788c1078afea5b8f0c5
CLIENT_HANDSHAKE_TRAFFIC_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 6ca30da4679fdec76fbff8c56ab34e6b8a0b614449f1ac3686429edafbc063f7
EXPORTER_SECRET e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 00dd5747a6cce10577b7913573a1515a4771f7b93cc67b426b7231754981f541
SERVER_TRAFFIC_SECRET_0 e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac 72b07b2120e80254d17d4db7c8ce46bc64a02eea2ac09d07899a0504889f0765
CLIENT_TRAFFIC_SECRET_0 e8fc4d4e916c503f0ab28b4c64068f9cb05cad6cd10f3da7768eef0ecc0804ac ef22fc4f576b358c3bf77c526e3830811d25608b8c32d3b8d4accabc02b034d3
SERVER_HANDSHAKE_TRAFFIC_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 9eb2c91bcc6e0864c364858e0864d041c52f41ca3ce396d128d4fb5dc386ac00
CLIENT_HANDSHAKE_TRAFFIC_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 8577431055b2a50669270c3bf08aaf32dc7dd66a7e9a5efbeb93677db231fd72
EXPORTER_SECRET 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 6a58ac33631d88787f62a919a8f0d2b6c0f8d03075aeb04b880ce2330cb9b2fc
SERVER_TRAFFIC_SECRET_0 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 243d0b750befa5d25af82ea4d5eaacf7f52c5343dc260f75344dcaadc69544b3
CLIENT_TRAFFIC_SECRET_0 4b038c23f532ba8c893ead81d1f07f1681e4d18987b65333408e20957fde7e71 0a921480912454ce03a14c5eeb75ae44c7c9a82a883eb632e7279cbdab3d1188
SERVER_HANDSHAKE_TRAFFIC_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 aa87c1bd965ea9e1361d15e7fd671792980da373f34e4eefe1fd21effbd65a80
CLIENT_HANDSHAKE_TRAFFIC_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 533b0dcc030ecac8feace33031a405f5e05ecd0d7c7e64a6e30fa7bbee9bb813
EXPORTER_SECRET 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 027a31d81dfa560205e25a50740b13dc7ce6f5c18004dac45e2b68517c0a75e1
SERVER_TRAFFIC_SECRET_0 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 15f1d79f92d5b5cc15a1ebb67c39bfc4cce4934aac2722fb89a0e055c81c562e
CLIENT_TRAFFIC_SECRET_0 1ba4a034638a63221f55e3e684fa4e6a5bbbb9f9711c035e23441810b82667c8 e7cd79a7d0bd712d966261ddc5a7eec31b1e9d5cff667843eafa7e01348d1dcc
SERVER_HANDSHAKE_TRAFFIC_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 28cebb1404b17be90013e1b68e85e1edcdb987684b6a3627bd6f9388faa43b15ae4c2ab0ff21464af2a5c50a129cfdd0
CLIENT_HANDSHAKE_TRAFFIC_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 6c7257cd7d2a548b845b0965454a7dafcdc26bda58fd34cc4acb60a0ee1334627a246556a811c4c4659e092eebf20143
EXPORTER_SECRET 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 eaafed694970e1e45c203b9b72673d4f5fb8a5ab8aa85232ad8844cff5add6ac707de526348b06337f95d8702b26e2f4
SERVER_TRAFFIC_SECRET_0 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 8c41a6763a2d5ae32ac3301025201eaab784e89536eb086848d124d09dc33c2358e4455e09f267f3389ebf488ed0971b
CLIENT_TRAFFIC_SECRET_0 7e2c0186c249512d260b171732055c9ac9ed32a9a5d52eceb68f103dc9cefdb9 307973c6a786e6226ecd9cefe8a60a976f8488efd0d27b7a4b21cff823db90aa2b0c0a2ccc3e867e798d85e34054e136
SERVER_HANDSHAKE_TRAFFIC_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 475411cbf1975c3a02e52b9add7e82657c986de14ba5711096adb2bcc7ec9c7b27bb5259a6d22f667ff28bb9f0823e95
CLIENT_HANDSHAKE_TRAFFIC_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 0745a8590c3c01105975e8d4d46b16a59e4fe35a7ae6042bb7af8008e38bc6834e1c8404b17cf145d5885e257d41f723
EXPORTER_SECRET 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c eedf5b47e7ecc48241ddad2d2280c6a5f6502a82a5a88f2748b1aa6203833aadbc7c4266e8101975484d20867bb70f00
SERVER_TRAFFIC_SECRET_0 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c b4e5db43a0e7b92ffec3708650b013d5ae3434b389172ed1f6eb5c5b28c7e92921431c6628e1354a219c25bf64108d80
CLIENT_TRAFFIC_SECRET_0 6c357174384538a3c2e267279248533ad0343c68b88904ccd9153bcd4e13242c 641adb6a6298096359f586c44fd11608857a4ce27140c63d4e3d0e24ff3fb883fe9ec26eca6a3c7a61e2920c62c40ebf
SERVER_HANDSHAKE_TRAFFIC_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 f564a762eff57f31001eee9996aebc5bd480889f1bc5e5f410775887b4ddd1d365e6218f1065979134c458ad413674a6
CLIENT_HANDSHAKE_TRAFFIC_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 8a3544d148c7d8e43c0608a9e7b67d803973c38518e4bf5ed14580c57073a236a250f0a65d0d18e27bcfb47005bb393d
EXPORTER_SECRET 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 1cfcc37cf34a944d699ae339e7fdb450509e70f55f62df0edef3af88721d15aaade82ee0ffb7f7cce9ce3403a95a6833
SERVER_TRAFFIC_SECRET_0 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 60f6308216dad40d6a8c383b3f98a11ed4d4046645bbabf242a187332f2631a837df196aafd2f54230ebe5adfd2a21d0
CLIENT_TRAFFIC_SECRET_0 4faf16f6b06718630097c50a65b3f09b91df212c3b2f336ac5aa3b33befaee57 f6888064defe7395c0f9b108b56eda7fa3a54dbaec5d58fe396cbc19aa7f9ee6f7d2edf23514583310a9fd6a3e6d2411
SERVER_HANDSHAKE_TRAFFIC_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b bd8bca6d44de0a1e4e08eedb0bd4aeb62903568347d7f35413cbf5e7ae2588ddbf41db901b7cc2079be3ef993b21246c
CLIENT_HANDSHAKE_TRAFFIC_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b f54ab51e681825cfb5171acb142f44cbc0379ef7248d18185a298fbe6b8ddd255bd365b4dce0b645a37bfa3346f5a333
EXPORTER_SECRET a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b f86bac4e964eb075fe479058fb83cd201079c498f984c2f708e047067358d0f6e76773c1df6a6e60dc9281914619d9b0
SERVER_TRAFFIC_SECRET_0 a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b 449116c8c865bf1309c0e20ab7d60c536dab15bb30a94a30316694cdbb7e502cce6992e7c3b30ffd9fb7b6f37d0de6a0
CLIENT_TRAFFIC_SECRET_0 a3b4da6a6952237f519b9b7bdc975663484a7d5257724ccf636ee13831d69e2b 37c131d7de3c529defaaeed4efb74403b0ca623ad447ae06f7527668f12e86326a052040bf5f849eddcba33349d82d2e
SERVER_HANDSHAKE_TRAFFIC_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 0c0c62997bdd46ad7af2796ee214b6fcefcfd0b05fe2d91f38b34bd99487d7b99c976bb88cd25b069fafc40540106cf8
CLIENT_HANDSHAKE_TRAFFIC_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 9b0425f2d9ef2307c4f6c03a87843a60d0b4a452bf1357aa67cdb335e28ace0ef7e0c9fbb2aeeea0a227f3397b5d29b9
EXPORTER_SECRET ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 db4f74c17d322d963191022388fd447c82e2fce8d0ce0a21a958a2e3d908ea34b6772433950a696d2a4c0e6463ee9aaf
SERVER_TRAFFIC_SECRET_0 ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 cb145ee586f889a50952297402dc135485ab1c63bc29cab98844e6591547af810dfad2fe0ecdda7df23736bd3482b0bd
CLIENT_TRAFFIC_SECRET_0 ddb0c305ae061b5de9f15e88f7e14b15263dfc49c929d192aa814c51558dc913 ab6c0da35947d5988980b44eb01aaaf1c9fce074b925e4830f021ec95ea39e353676ce7c789a65d3a865277d54d616fb
SERVER_HANDSHAKE_TRAFFIC_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 4eefffa3d30e509e1f583097bc0ad1eb9baf573455c66d4c6bb4ec964de97a8e5934f546459914a02dd30d9495a1b37c
CLIENT_HANDSHAKE_TRAFFIC_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 a4c043f9803f8011046198f6bf35914a84afeff8c689d1276a3a395296e7f4cd0c1d89649479292e483630423066c5d2
EXPORTER_SECRET 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 e9dd9449b2bf58880b3c49c585c997a37173d9dfd0f01556ed32685b345ad43b7f63d309f20c07d2f6c560baeeef88fa
SERVER_TRAFFIC_SECRET_0 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 3618537e80c8b742f98c8a0089929e9c9792993824b7db5101a80f45190bd107fe04454e083df2fbb69d2bdd7bc9760f
CLIENT_TRAFFIC_SECRET_0 0bf0490aff6c8dfeb88a87e473d1dc49c14c3053f8029a6be49c3604ea088466 120ecb9ba14111a8cc8df1e0b9dc4c550a08d88ba91f16123bb8d89aa23e3f538b15994ae62da0d29a3e1ed1e032f8a6
SERVER_HANDSHAKE_TRAFFIC_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 91e7f391b276856033a47e458e1d64bf81d08a3292ff30aa582bcbd140d764cc8626c16742ebd6d9a7f500a68aeb5ebb
CLIENT_HANDSHAKE_TRAFFIC_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 ef2ac5e176b3e5713a6c205790e3b58b12b64cc4628fbb6ac0b12273a73be6e6913a0556f823eebe12c4e42199bfbcc6
EXPORTER_SECRET 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 ad46dd23b08dd4135c63f3291953254977a7526630d3cc9455d8da59eb5cf712cf671d9970dad31f1c793617a60c6f99
SERVER_TRAFFIC_SECRET_0 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 3f4de0cda8b51bf7533e12279bebd1062459700be861c1a951e4224652872aec2162bd2b8ae16a3a16fe580aa941e6ff
CLIENT_TRAFFIC_SECRET_0 2e78ab0ab702be305ae81cf0886bc93d09967eb60d9a1d837677c0af52b88c89 7ea195809a87dc2b3af3f1a1f0317a4f5d51d0e26012e59bc2aeba8c867c0ab735140853234354feb6adc49ea24714b8
CLIENT_RANDOM ff71dd83376f0a35a8b86e8b9f516d9938a36ec3803e48b5a256fc7cd597528d 6bf5b5d1515d70facf6f2a76c997add2a9464b5712b17ee0273dbfeaa3c1ddc7daf5ff21e552cc1ab09ad45fe815d616
SERVER_HANDSHAKE_TRAFFIC_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 53f1bfdfbc44559025a6562937995d9406033304bf59a457e1b1eb817f530e16
CLIENT_HANDSHAKE_TRAFFIC_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 b8412c25f615a5674f51817604e28b8bf70b269007c05cd408b1a24cfaa9a936
EXPORTER_SECRET 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 fb2e70cca12d1e15534b3c2b6b67b85a2a148ee4318922451bc2d7cc768a4c91
SERVER_TRAFFIC_SECRET_0 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 17e8205e0f334bd5c34c9b73e7f791386f3c8e3316d3bdf133d8227380555109
CLIENT_TRAFFIC_SECRET_0 1ca51d8032bbf6e0748bc3852de83b111463295f913ea8a0695ee384a4503848 eaedfbfff17ffe92267845cda264104c3ba8da6d6d10a1233ef388bfb8bbbf2d
SERVER_HANDSHAKE_TRAFFIC_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d d42056ad78e6cc6f1fb4a369d5044742a4241f877431bebfbe840a689d81bdd16e2505a3f428f41c00b62985cda19331
CLIENT_HANDSHAKE_TRAFFIC_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d 6c0902e413aab1fb0113c96387fc11e8b2d42684083429102df0f1730037228f1e225c1e7aa8f559711d572b274c2569
EXPORTER_SECRET 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d 2b125c1595eca3737cd16e32b1da984ff697c30f0c6e7369d24e5bc8833fa8797a6847ff6051f61bd81b1e5ddaec7f39
SERVER_TRAFFIC_SECRET_0 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d de0adf2cced89b5634546421cb4ae2c92d40987abffd83f23cf27a2e2d8f2e4645abb3d7a26980884384e883d0b9437b
CLIENT_TRAFFIC_SECRET_0 453873a2ebc5c814d8d457df0b880569df7a12c88d6668429214cfbdd1d2689d d1031684006f9e3463e8411afd3926af09717c286445d550ea436c27b009e13d0c02b4bf106ded3175a26e850bddc99d
SERVER_HANDSHAKE_TRAFFIC_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 574e234b9ed1fe38053194bd7641126bde6e0e005ce33162d5743ab34a99327fce670b1fa134caf943dfbc0a5d686ecc
CLIENT_HANDSHAKE_TRAFFIC_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 838049b240d1ae3a80ff4ff0268e248588ec6913f4caae68dfeaf4ea03f330bcab4606d1bee74d299be6c800b2671595
EXPORTER_SECRET 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 13965d7ae6d230cee91ebe990c07e7d5ca46ed40a6924a91bf60901618226a88d606fb5467827cd1d3765fa827476a50
SERVER_TRAFFIC_SECRET_0 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 da4c9bb2d82ce66a35ec5899a9f7bf67e2f24e2b190f9cabc94dd56bfdbf39f54d001da93120554293f711972f03fb16
CLIENT_TRAFFIC_SECRET_0 172f0e36bede6f9f78157e8e338ee8b5d501a0c264a7c248d4d2092283badd19 f7f968b5b7eee2b521cda8575822bfdb2887913764a08e35648a26ab4ff98aad230b192ae6b376701395575a372c1c3e
SERVER_HANDSHAKE_TRAFFIC_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 fcb2538d16f80d242d51c0a35395169944182eb5710fb984d03c7b8df864b181642af07af807a75bc133382641ed8bd3
CLIENT_HANDSHAKE_TRAFFIC_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 551c476c45b74d91062991523ff7374b211575d497a41eb0902c3d8329382b51c00df6ebc461da6f2bead0a637352c09
EXPORTER_SECRET 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 e4c4e35876208551f3f3db9916db2841e2c81b730e9815e52c319ca82e718cad579e351fee75b7a94181419f83d705a2
SERVER_TRAFFIC_SECRET_0 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 035eed62f0d1ff88326220347fbb3e60e4ee76c99b3a73415f55af9d5cb0d7a2e73e0faa29097acd718fea92c811558e
CLIENT_TRAFFIC_SECRET_0 3c5b65efb7b4424f2f1bb4d263befa34af2fbb14058f16428ba0187586ee6973 869488a30d316752c049f2704315bd505f2aa59c608f20867bc9adce929aa25a774500214a0bc06c34dc6774add3b82a
SERVER_HANDSHAKE_TRAFFIC_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 783799f80f8d03250acd957dac465e0cb95a5c3b5a1adf4b928a8bceda57246c9d722d02675504a512d7800ebd21f7c0
EXPORTER_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 363ac8e9af29c6063792ca3e2bc7301b6cbbbfbe646f82254a843528ff708846ea934d55b4e37d8b22797f842c4b5aad
SERVER_TRAFFIC_SECRET_0 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc f5402ccfccbf4a46844be1f356931700bb5881ad4dfd07fe57e7330afdfeac08a753035684ffb2b48f504ae836fca1c5
CLIENT_HANDSHAKE_TRAFFIC_SECRET 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc d5f5c7ac89b41eb782181a5d230c8ddf51233f6d3989b4944a95dc95924ee200fe4b1fa02b3e6cf07908c334905a8961
CLIENT_TRAFFIC_SECRET_0 86c98dd9032df8ef2e6f74b4396c2c2acd8da6f35406412400f9da8d2b48ffbc 6b37aa85b4698e4d6abfb66933e3fd4283f9fe08faee2a314ce8e1b95a245ceead2f64f4024c27e0cb4fc3c7b20f7ad5

Binary file not shown.

Binary file not shown.

BIN
samples/tls1.2_aes256.pcap Normal file

Binary file not shown.

BIN
samples/tls1.3_aes128.pcap Normal file

Binary file not shown.

Binary file not shown.

BIN
samples/tls1.3_ccm.pcap Normal file

Binary file not shown.

BIN
samples/tls1.3_ccm8.pcap Normal file

Binary file not shown.

BIN
samples/tls1.3_chacha.pcap Normal file

Binary file not shown.

Binary file not shown.

View file

@ -154,6 +154,11 @@ static SSL_CipherSuite CipherSuites[]={
{195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
{196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
{197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
{4865,KEX_DH,SIG_NONE,ENC_AES128_GCM,16,128,128,DIG_SHA256,32,0},
{4866,KEX_DH,SIG_NONE,ENC_AES256_GCM,16,256,256,DIG_SHA384,48,0},
{4867,KEX_DH,SIG_NONE,ENC_CHACHA20_POLY1305,64,256,256,DIG_SHA256,32,0},
{4868,KEX_DH,SIG_NONE,ENC_AES128_CCM,16,128,128,DIG_SHA256,32,0},
{4869,KEX_DH,SIG_NONE,ENC_AES128_CCM_8,16,128,128,DIG_SHA256,32,0},
{49153,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0}, {49153,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0},
{49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
{49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0},

View file

@ -138,10 +138,11 @@ static int decode_ContentType_application_data(ssl,dir,seg,data)
SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d); SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d);
P_(P_AD){ if(NET_print_flags & NET_PRINT_JSON) {
json_object_object_add(jobj, "msg_data", json_object_new_string_len(d.data, d.len));
} else P_(P_AD) {
print_data(ssl,&d); print_data(ssl,&d);
} } else {
else {
LF; LF;
} }
return(0); return(0);
@ -425,8 +426,6 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data)
ja3s_c_str = calloc(6, 1); ja3s_c_str = calloc(6, 1);
snprintf(ja3s_c_str, 6, "%u", ssl->cipher_suite); snprintf(ja3s_c_str, 6, "%u", ssl->cipher_suite);
ssl_process_server_session_id(ssl,ssl->decoder,session_id.data,
session_id.len);
P_(P_HL) LF; P_(P_HL) LF;
SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0);
@ -457,6 +456,14 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data)
ja3s_ex_str[strlen(ja3s_ex_str) - 1] = '\0'; ja3s_ex_str[strlen(ja3s_ex_str) - 1] = '\0';
} }
if (ssl->version==TLSV13_VERSION){
// tls version is known in server hello for tls1.3 hence generate keying material here
ssl_tls13_generate_keying_material(ssl,ssl->decoder);
}
ssl_process_server_session_id(ssl,ssl->decoder,session_id.data,
session_id.len);
if(!ja3s_ver_str) { if(!ja3s_ver_str) {
ja3s_ver_str = calloc(1, 1); ja3s_ver_str = calloc(1, 1);
*ja3s_ver_str = '\0'; *ja3s_ver_str = '\0';
@ -519,18 +526,20 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
UINT4 len,exlen,ex;
UINT4 len;
Data cert; Data cert;
int r; int r;
struct json_object *jobj; struct json_object *jobj;
jobj = ssl->cur_json_st; jobj = ssl->cur_json_st;
json_object_object_add(jobj, "handshake_type", json_object_new_string("Certificate")); json_object_object_add(jobj, "handshake_type", json_object_new_string("Certificate"));
extern decoder extension_decoder[];
LF; LF;
ssl_update_handshake_messages(ssl,data); ssl_update_handshake_messages(ssl,data);
if (ssl->version==TLSV13_VERSION){
SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate request context",-((1<<7)-1),0, data, NULL);
}
SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len);
json_object_object_add(jobj, "cert_chain", json_object_new_array()); json_object_object_add(jobj, "cert_chain", json_object_new_array());
@ -540,11 +549,95 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data)
0,data,&cert); 0,data,&cert);
sslx_print_certificate(ssl,&cert,P_ND); sslx_print_certificate(ssl,&cert,P_ND);
len-=(cert.len + 3); len-=(cert.len + 3);
if (ssl->version==TLSV13_VERSION) { // TLS 1.3 has certificates
SSL_DECODE_UINT16(ssl,"certificate extensions len",0,data,&exlen);
len-=2;
while (exlen) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
len -= (2+ex);
if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) {
decode_extension(ssl, dir, seg, data);
P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); }
continue;
}
LF;
}
}
} }
return(0); return(0);
} }
static int decode_HandshakeType_SessionTicket(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int r;
UINT4 exlen, ex, val;
extern decoder extension_decoder[];
LF;
SSL_DECODE_UINT32(ssl, "ticket_lifetime",0, data, &val);
explain(ssl, "ticket_lifetime %u\n", val);
SSL_DECODE_UINT32(ssl, "ticket_age_add", 0,data, &val);
explain(ssl, "ticket_age_add %u\n", val);
SSL_DECODE_UINT8(ssl, "ticket_nonce",0,data, &val);
if (val>data->len) {
fprintf(stderr, "Short read: %d bytes available (expecting %d)\n", data->len, val);
ERETURN(R_EOD);
}
CRDUMP("ticket_nonce", data->data, val);
data->data+=val;data->len-=val;
SSL_DECODE_UINT16(ssl, "ticket",0,data, &val);
if (val>data->len) {
fprintf(stderr, "Short read: %d bytes available (expecting %d)\n", data->len, val);
ERETURN(R_EOD);
}
CRDUMP("ticket", data->data, val);
data->data+=val;data->len-=val;
SSL_DECODE_UINT16(ssl, "exlen", 0, data, &exlen);
LF;
if (exlen) {
while (data->len) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) {
decode_extension(ssl, dir, seg, data);
P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); }
continue;
}
LF;
}
}
}
static int decode_HandshakeType_EncryptedExtensions(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int r;
UINT4 exlen, ex;
extern decoder extension_decoder[];
SSL_DECODE_UINT16(ssl, 0, 0, data, &exlen);
LF;
if (exlen) {
while (data->len) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
if (ssl_decode_switch(ssl, extension_decoder, ex, dir, seg, data) == R_NOT_FOUND) {
decode_extension(ssl, dir, seg, data);
P_(P_RH) { explain(ssl, "Extension type: %u not yet implemented in ssldump\n", ex); }
continue;
}
LF;
}
}
}
static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data)
ssl_obj *ssl; ssl_obj *ssl;
int dir; int dir;
@ -650,6 +743,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
int r; int r;
UINT4 signature_type;
struct json_object *jobj; struct json_object *jobj;
jobj = ssl->cur_json_st; jobj = ssl->cur_json_st;
@ -657,6 +751,9 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
LF; LF;
ssl_update_handshake_messages(ssl,data); ssl_update_handshake_messages(ssl,data);
if (ssl->version == TLSV13_VERSION) {
SSL_DECODE_UINT16(ssl,"signature_type",P_HL,data,&signature_type);
}
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0); SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0);
return(0); return(0);
@ -732,9 +829,22 @@ static int decode_HandshakeType_Finished(ssl,dir,seg,data)
break; break;
} }
ssl_process_handshake_finished(ssl,ssl->decoder,data);
return (0); return (0);
} }
static int decode_HandshakeType_KeyUpdate(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
LF;
ssl_tls13_update_keying_material(ssl, ssl->decoder, dir);
return 0;
}
decoder HandshakeType_decoder[]={ decoder HandshakeType_decoder[]={
{ {
0, 0,
@ -751,6 +861,16 @@ decoder HandshakeType_decoder[]={
"ServerHello", "ServerHello",
decode_HandshakeType_ServerHello decode_HandshakeType_ServerHello
}, },
{
4,
"SessionTicket",
decode_HandshakeType_SessionTicket
},
{
8,
"EncryptedExtensions",
decode_HandshakeType_EncryptedExtensions
},
{ {
11, 11,
"Certificate", "Certificate",
@ -786,6 +906,11 @@ decoder HandshakeType_decoder[]={
"Finished", "Finished",
decode_HandshakeType_Finished decode_HandshakeType_Finished
}, },
{
24,
"KeyUpdate",
decode_HandshakeType_KeyUpdate
},
{-1} {-1}
}; };
@ -2839,6 +2964,18 @@ static int decode_extension(ssl,dir,seg,data)
return(0); return(0);
} }
decoder supported_groups_decoder[] = {
{0x0017,"secp256r1",0},
{0x0018,"secp384r1",0},
{0x0019,"secp521r1",0},
{0x001d,"x25519",0},
{0x001e,"x448",0},
{0x0100,"ffdhe2048",0},
{0x0101,"ffdhe3072",0},
{0x0102,"ffdhe4096",0},
{0x0103,"ffdhe6144",0},
{0x0104,"ffdhe8192",0},
};
// Extension #10 supported_groups (renamed from "elliptic_curves") // Extension #10 supported_groups (renamed from "elliptic_curves")
static int decode_extension_supported_groups(ssl,dir,seg,data) static int decode_extension_supported_groups(ssl,dir,seg,data)
ssl_obj *ssl; ssl_obj *ssl;
@ -2856,7 +2993,8 @@ static int decode_extension_supported_groups(ssl,dir,seg,data)
LF; LF;
while(l) { while(l) {
p=data->len; p=data->len;
SSL_DECODE_UINT16(ssl, "supported group", 0, data, &g); SSL_DECODE_ENUM(ssl,"supported group",2,supported_groups_decoder,SSL_PRINT_ALL,data,&g);
LF;
if(!ja3_ec_str) if(!ja3_ec_str)
ja3_ec_str = calloc(7, 1); ja3_ec_str = calloc(7, 1);
else else
@ -2875,6 +3013,11 @@ static int decode_extension_supported_groups(ssl,dir,seg,data)
return(0); return(0);
} }
decoder ec_point_formats_decoder[] = {
{0,"uncompressed",0,},
{1,"ansiX962_compressed_prime",0,},
{2,"ansiX962_compressed_char2",0,}
};
// Extension #11 ec_point_formats // Extension #11 ec_point_formats
static int decode_extension_ec_point_formats(ssl,dir,seg,data) static int decode_extension_ec_point_formats(ssl,dir,seg,data)
ssl_obj *ssl; ssl_obj *ssl;
@ -2892,7 +3035,8 @@ static int decode_extension_ec_point_formats(ssl,dir,seg,data)
LF; LF;
while(l) { while(l) {
p=data->len; p=data->len;
SSL_DECODE_UINT8(ssl, "ec point format", 0, data, &f); SSL_DECODE_ENUM(ssl,"ec point format",1,ec_point_formats_decoder,SSL_PRINT_ALL,data, &f);
LF;
if(!ja3_ecp_str) if(!ja3_ecp_str)
ja3_ecp_str = calloc(5, 1); ja3_ecp_str = calloc(5, 1);
else else
@ -2912,6 +3056,72 @@ static int decode_extension_ec_point_formats(ssl,dir,seg,data)
return(0); return(0);
} }
static int decode_extension_supported_versions(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int r;
UINT4 len, version;
SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len);
LF;
if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "supported versions length", 0, data, &len);//client sends extension<..>
while (len) {
SSL_DECODE_UINT16(ssl, "supported version", 0, data, &version);
explain(ssl, "version: %u.%u", (version>>8)&0xff, version&0xff);
len -= 2;
if (len) printf("\n");
}
if (dir == DIR_R2I) ssl->version = version; // Server sets the tls version
}
decoder tls13_certificate_types[] = {
{0,"x509",0},
{1,"openpgp",0},
{2,"raw public key",0},
{3,"1609 dot 2",0}
};
static int decode_extension_client_certificate_type(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int r;
UINT4 len, certificate_type;
SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len);
LF;
if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "client certificates length", 0, data, &len);//client sends certificates<..>
while (len) {
SSL_DECODE_ENUM(ssl,"certificate type",1,tls13_certificate_types,SSL_PRINT_ALL,data, &certificate_type);
len -= 1;
data += 1;
if (len) printf("\n");
}
if (dir == DIR_R2I) ssl->extensions->client_certificate_type = certificate_type; // Server sets the client_certificate_type
}
static int decode_extension_server_certificate_type(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int r;
UINT4 len, certificate_type;
SSL_DECODE_UINT16(ssl, "extensions length", 0, data, &len);
LF;
if (dir == DIR_I2R) SSL_DECODE_UINT8(ssl, "server certificates length", 0, data, &len);//client sends certificates<..>
while (len) {
SSL_DECODE_ENUM(ssl,"certificate type",1,tls13_certificate_types,SSL_PRINT_ALL,data, &certificate_type);
len -= 1;
data += 1;
if (len) printf("\n");
}
if (dir == DIR_R2I) ssl->extensions->server_certificate_type = certificate_type; // Server sets the server_certificate_type
}
decoder extension_decoder[] = { decoder extension_decoder[] = {
{ {
0, 0,
@ -3011,12 +3221,12 @@ decoder extension_decoder[] = {
{ {
19, 19,
"client_certificate_type", "client_certificate_type",
decode_extension decode_extension_client_certificate_type
}, },
{ {
20, 20,
"server_certificate_type", "server_certificate_type",
decode_extension decode_extension_server_certificate_type
}, },
{ {
21, 21,
@ -3126,7 +3336,7 @@ decoder extension_decoder[] = {
{ {
43, 43,
"supported_versions", "supported_versions",
decode_extension decode_extension_supported_versions
}, },
{ {
44, 44,
@ -3193,7 +3403,6 @@ decoder extension_decoder[] = {
"renegotiation_info", "renegotiation_info",
decode_extension decode_extension
}, },
{-1} {-1}
}; };

View file

@ -70,6 +70,8 @@ typedef struct d_queue_ {
typedef struct ssl_extensions_ { typedef struct ssl_extensions_ {
int encrypt_then_mac; int encrypt_then_mac;
int extended_master_secret; int extended_master_secret;
int client_certificate_type;
int server_certificate_type;
} ssl_extensions; } ssl_extensions;
typedef struct ssl_obj_ { typedef struct ssl_obj_ {
@ -135,6 +137,7 @@ typedef struct decoder_ {
#define TLSV1_VERSION 0x301 #define TLSV1_VERSION 0x301
#define TLSV11_VERSION 0x302 #define TLSV11_VERSION 0x302
#define TLSV12_VERSION 0x303 #define TLSV12_VERSION 0x303
#define TLSV13_VERSION 0x304
/*State defines*/ /*State defines*/
#define SSL_ST_SENT_NOTHING 0 #define SSL_ST_SENT_NOTHING 0

View file

@ -53,10 +53,12 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h>
#endif #endif
#include "ssldecode.h" #include "ssldecode.h"
#include "ssl_rec.h" #include "ssl_rec.h"
struct ssl_rec_decoder_ { struct ssl_rec_decoder_ {
SSL_CipherSuite *cs; SSL_CipherSuite *cs;
Data *mac_key; Data *mac_key;
@ -65,10 +67,9 @@ struct ssl_rec_decoder_ {
#ifdef OPENSSL #ifdef OPENSSL
EVP_CIPHER_CTX *evp; EVP_CIPHER_CTX *evp;
#endif #endif
UINT4 seq; UINT8 seq;
}; };
char *digests[]={ char *digests[]={
"MD5", "MD5",
"SHA1", "SHA1",
@ -92,7 +93,10 @@ char *ciphers[]={
"SEED", "SEED",
NULL, NULL,
"aes-128-gcm", "aes-128-gcm",
"aes-256-gcm" "aes-256-gcm",
"ChaCha20-Poly1305",
"aes-128-ccm",
"aes-128-ccm", // for ccm 8, uses the same cipher
}; };
@ -100,9 +104,9 @@ static int tls_check_mac PROTO_LIST((ssl_rec_decoder *d,int ct,
int ver,UCHAR *data,UINT4 datalen,UCHAR *iv,UINT4 ivlen,UCHAR *mac)); int ver,UCHAR *data,UINT4 datalen,UCHAR *iv,UINT4 ivlen,UCHAR *mac));
static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf)); static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf));
int ssl_create_rec_decoder(dp,cs,mk,sk,iv) int ssl_create_rec_decoder(dp,ssl,mk,sk,iv)
ssl_rec_decoder **dp; ssl_rec_decoder **dp;
SSL_CipherSuite *cs; ssl_obj *ssl;
UCHAR *mk; UCHAR *mk;
UCHAR *sk; UCHAR *sk;
UCHAR *iv; UCHAR *iv;
@ -111,10 +115,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv)
ssl_rec_decoder *dec=0; ssl_rec_decoder *dec=0;
#ifdef OPENSSL #ifdef OPENSSL
const EVP_CIPHER *ciph=0; const EVP_CIPHER *ciph=0;
int iv_len = ssl->version == TLSV13_VERSION?12:ssl->cs->block;
/* Find the SSLeay cipher */ /* Find the SSLeay cipher */
if(cs->enc!=ENC_NULL){ if(ssl->cs->enc!=ENC_NULL){
ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[ssl->cs->enc-0x30]);
if(!ciph) if(!ciph)
ABORT(R_INTERNAL); ABORT(R_INTERNAL);
} }
@ -125,28 +130,28 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv)
if(!(dec=(ssl_rec_decoder *)calloc(1,sizeof(ssl_rec_decoder)))) if(!(dec=(ssl_rec_decoder *)calloc(1,sizeof(ssl_rec_decoder))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
dec->cs=cs; dec->cs=ssl->cs;
if((r=r_data_alloc(&dec->mac_key,cs->dig_len))) if((r=r_data_alloc(&dec->mac_key,ssl->cs->dig_len)))
ABORT(r); ABORT(r);
if((r=r_data_alloc(&dec->implicit_iv,cs->block))) if((r=r_data_alloc(&dec->implicit_iv,iv_len)))
ABORT(r); ABORT(r);
memcpy(dec->implicit_iv->data,iv,cs->block); memcpy(dec->implicit_iv->data,iv, iv_len);
if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8))) if((r=r_data_create(&dec->write_key,sk,ssl->cs->eff_bits/8)))
ABORT(r); ABORT(r);
/* /*
This is necessary for AEAD ciphers, because we must wait to fully initialize the cipher This is necessary for AEAD ciphers, because we must wait to fully initialize the cipher
in order to include the implicit IV in order to include the implicit IV
*/ */
if(IS_AEAD_CIPHER(cs)){ if(IS_AEAD_CIPHER(ssl->cs)){
sk=NULL; sk=NULL;
iv=NULL; iv=NULL;
} }
else else
memcpy(dec->mac_key->data,mk,cs->dig_len); memcpy(dec->mac_key->data,mk,ssl->cs->dig_len);
if(!(dec->evp=EVP_CIPHER_CTX_new())) if(!(dec->evp=EVP_CIPHER_CTX_new()))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
@ -190,6 +195,95 @@ int ssl_destroy_rec_decoder(dp)
#define MSB(a) ((a>>8)&0xff) #define MSB(a) ((a>>8)&0xff)
#define LSB(a) (a&0xff) #define LSB(a) (a&0xff)
int tls13_update_rec_key(d,newkey,newiv)
ssl_rec_decoder *d;
UCHAR *newkey;
UCHAR *newiv;
{
d->write_key->data = newkey;
d->implicit_iv->data = newiv;
d->seq = 0;
}
int tls13_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ssl_obj *ssl;
ssl_rec_decoder *d;
int ct;
int version;
UCHAR *in;
int inl;
UCHAR *out;
int *outl;
{
int pad,i;
int r,encpadl,x,_status=0;
UCHAR aad[5],aead_nonce[12], *tag;
int taglen = d->cs->enc==ENC_AES128_CCM_8?8:16;
CRDUMP("CipherText",in,inl);
CRDUMPD("KEY",d->write_key);
CRDUMPD("IV",d->implicit_iv);
if (!IS_AEAD_CIPHER(d->cs)){
fprintf(stderr, "Non aead cipher in tls13\n");
ABORT(-1);
}
memcpy(aead_nonce, d->implicit_iv->data, 12);
for (i = 0; i < 8; i++) { // AEAD NONCE according to RFC TLS1.3
aead_nonce[12 - 1 - i] ^= ((d->seq >> (i * 8)) & 0xFF);
}
d->seq++;
CRDUMP("NONCE",aead_nonce,12);
tag = in+(inl-taglen);
CRDUMP("Tag", tag, taglen);
aad[0] = ct;
aad[1] = 0x03;
aad[2] = 0x03;
aad[3] = MSB(inl);
aad[4] = LSB(inl);
CRDUMP("AAD",aad,5);
inl-=taglen;
if (!EVP_CIPHER_CTX_ctrl(d->evp, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)) {
fprintf(stderr, "Unable to set ivlen\n");
ABORT(-1);
}
if (IS_CCM_CIPHER(d->cs) && !EVP_CIPHER_CTX_ctrl(d->evp, EVP_CTRL_AEAD_SET_TAG, taglen, tag)) {
fprintf(stderr, "Unable to set tag for ccm cipher\n");
ABORT(-1);
}
if(!EVP_DecryptInit_ex(d->evp,NULL,NULL,d->write_key->data,aead_nonce)){
fprintf(stderr,"Unable to init evp1\n");
ABORT(-1);
}
if (IS_CCM_CIPHER(d->cs) && !EVP_DecryptUpdate(d->evp,NULL,outl,NULL,inl)){
fprintf(stderr,"Unable to update data length\n");
ABORT(-1);
}
if (!EVP_DecryptUpdate(d->evp,NULL,outl,aad,5)){
fprintf(stderr,"Unable to update aad\n");
ABORT(-1);
}
CRDUMP("Real CipherText", in, inl);
if (!EVP_DecryptUpdate(d->evp,out,outl,in,inl)){
fprintf(stderr,"Unable to update with CipherText\n");
ABORT(-1);
}
if (!IS_CCM_CIPHER(d->cs) && (!EVP_CIPHER_CTX_ctrl(d->evp,EVP_CTRL_GCM_SET_TAG,taglen,tag) || !EVP_DecryptFinal(d->evp,NULL,&x))) {
fprintf(stderr,"BAD MAC\n");
ABORT(SSL_BAD_MAC);
}
abort:
ERR_print_errors_fp(stderr);
return _status;
}
int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ssl_obj *ssl; ssl_obj *ssl;
ssl_rec_decoder *d; ssl_rec_decoder *d;

View file

@ -51,13 +51,16 @@ typedef struct ssl_rec_decoder_ ssl_rec_decoder;
int ssl_destroy_rec_decoder PROTO_LIST((ssl_rec_decoder **dp)); int ssl_destroy_rec_decoder PROTO_LIST((ssl_rec_decoder **dp));
int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp,
SSL_CipherSuite *cs,UCHAR *mk,UCHAR *sk,UCHAR *iv)); ssl_obj *ssl,UCHAR *mk,UCHAR *sk,UCHAR *iv));
int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,
int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
int tls13_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
int tls13_update_rec_key PROTO_LIST((ssl_rec_decoder *d,UCHAR *newkey, UCHAR *newiv));
int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data, int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data,
UINT4 datalen, UCHAR *mac); UINT4 datalen, UCHAR *mac);
#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c) #define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c||cs->enc==0x3d||cs->enc==0x3e||cs->enc==0x3f)
#define IS_CCM_CIPHER(cs) (cs->enc==0x3e||cs->enc==0x3f)
#endif #endif

View file

@ -79,6 +79,9 @@ typedef struct SSL_CipherSuite_ {
#define ENC_NULL 0x3a #define ENC_NULL 0x3a
#define ENC_AES128_GCM 0x3b #define ENC_AES128_GCM 0x3b
#define ENC_AES256_GCM 0x3c #define ENC_AES256_GCM 0x3c
#define ENC_CHACHA20_POLY1305 0x3d
#define ENC_AES128_CCM 0x3e
#define ENC_AES128_CCM_8 0x3f
#define DIG_MD5 0x40 #define DIG_MD5 0x40
#define DIG_SHA 0x41 #define DIG_SHA 0x41

View file

@ -48,6 +48,8 @@
#include "sslprint.h" #include "sslprint.h"
#include "ssl.enums.h" #include "ssl.enums.h"
#ifdef OPENSSL #ifdef OPENSSL
#include <openssl/err.h>
#include <openssl/kdf.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -91,6 +93,10 @@ struct ssl_decoder_ {
int ephemeral_rsa; int ephemeral_rsa;
Data *PMS; Data *PMS;
Data *MS; Data *MS;
Data *SHTS;//Server Handshake traffic secret
Data *CHTS;//Client Handshake traffic secret
Data *STS;//Server traffic Secret
Data *CTS;//Client traffic secret
Data *handshake_messages; Data *handshake_messages;
Data *session_hash; Data *session_hash;
ssl_rec_decoder *c_to_s; ssl_rec_decoder *c_to_s;
@ -115,7 +121,7 @@ static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl,
ssl_decoder *d)); ssl_decoder *d));
static int ssl_generate_session_hash PROTO_LIST((ssl_obj *ssl, static int ssl_generate_session_hash PROTO_LIST((ssl_obj *ssl,
ssl_decoder *d)); ssl_decoder *d));
static int ssl_read_key_log_file PROTO_LIST((ssl_decoder *d)); static int ssl_read_key_log_file PROTO_LIST((ssl_obj* obj,ssl_decoder *d));
#endif #endif
static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl,
@ -196,6 +202,7 @@ int ssl_decode_ctx_destroy(dp)
{ {
#ifdef OPENSSL #ifdef OPENSSL
ssl_decode_ctx *d = *dp; ssl_decode_ctx *d = *dp;
if (!d) return 0;
if(d->ssl_key_log_file) { if(d->ssl_key_log_file) {
fclose(d->ssl_key_log_file); fclose(d->ssl_key_log_file);
} }
@ -320,19 +327,23 @@ int ssl_process_server_session_id(ssl,d,msg,len)
INIT_DATA(idd,msg,len); INIT_DATA(idd,msg,len);
/* First check to see if the client tried to restore */ if (ssl->version==TLSV13_VERSION){
if(d->session_id){ // No need to save/restore session in tls1.3 since the only way of decrypting is through log file
/* Now check to see if we restored */ } else {
if((r=r_data_compare(&idd,d->session_id))) /* First check to see if the client tried to restore */
ABORT(r); if(d->session_id){
/* Now check to see if we restored */
if((r=r_data_compare(&idd,d->session_id)))
ABORT(r);
/* Now try to look up the session. We may not be able /* Now try to look up the session. We may not be able
to find it if, for instance, the original session to find it if, for instance, the original session
was initiated with something other than static RSA */ was initiated with something other than static RSA */
if((r=ssl_restore_session(ssl,d))) if((r=ssl_restore_session(ssl,d)))
ABORT(r); ABORT(r);
restored=1; restored=1;
}
} }
_status=0; _status=0;
@ -365,7 +376,7 @@ int ssl_process_client_session_id(ssl,d,msg,len)
//todo: better save and destroy only when successfully read key log //todo: better save and destroy only when successfully read key log
r_data_destroy(&d->MS); r_data_destroy(&d->MS);
if(d->ctx->ssl_key_log_file && (ssl_read_key_log_file(d)==0) && d->MS) if(d->ctx->ssl_key_log_file && (ssl_read_key_log_file(ssl, d)==0) && d->MS)
{ {
//we found master secret for session in keylog //we found master secret for session in keylog
//try to save session //try to save session
@ -387,23 +398,36 @@ int ssl_process_client_session_id(ssl,d,msg,len)
#endif #endif
} }
int ssl_process_handshake_finished(ssl_obj* ssl,ssl_decoder *dec, Data *data){
if (ssl->version==TLSV13_VERSION){
if (ssl->direction==DIR_I2R){ // Change from handshake decoder to data traffic decoder
dec->c_to_s = dec->c_to_s_n;
dec->c_to_s_n = 0;
} else {
dec->s_to_c = dec->s_to_c_n;
dec->s_to_c_n = 0;
}
}
}
int ssl_process_change_cipher_spec(ssl,d,direction) int ssl_process_change_cipher_spec(ssl,d,direction)
ssl_obj *ssl; ssl_obj *ssl;
ssl_decoder *d; ssl_decoder *d;
int direction; int direction;
{ {
#ifdef OPENSSL #ifdef OPENSSL
if(direction==DIR_I2R){ if (ssl->version!=TLSV13_VERSION){
d->c_to_s=d->c_to_s_n; if(direction==DIR_I2R){
d->c_to_s_n=0; d->c_to_s=d->c_to_s_n;
if(d->c_to_s) ssl->process_ciphertext |= direction; d->c_to_s_n=0;
if(d->c_to_s) ssl->process_ciphertext |= direction;
}
else {
d->s_to_c=d->s_to_c_n;
d->s_to_c_n=0;
if(d->s_to_c) ssl->process_ciphertext |= direction;
}
} }
else{
d->s_to_c=d->s_to_c_n;
d->s_to_c_n=0;
if(d->s_to_c) ssl->process_ciphertext |= direction;
}
#endif #endif
return(0); return(0);
} }
@ -427,7 +451,10 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d)
rd=0; rd=0;
state=(direction==DIR_I2R)?ssl->i_state:ssl->r_state; state=(direction==DIR_I2R)?ssl->i_state:ssl->r_state;
if(!rd){ if (ssl->version == TLSV13_VERSION && ct != 23) { // Only type 23 is encrypted in tls1.3
ssl->record_encryption = REC_PLAINTEXT;
return 0;
} else if(!rd){
if(state & SSL_ST_SENT_CHANGE_CIPHER_SPEC){ if(state & SSL_ST_SENT_CHANGE_CIPHER_SPEC){
ssl->record_encryption=REC_CIPHERTEXT; ssl->record_encryption=REC_CIPHERTEXT;
return(SSL_NO_DECRYPT); return(SSL_NO_DECRYPT);
@ -443,7 +470,12 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d)
if(!(out=(UCHAR *)malloc(d->len))) if(!(out=(UCHAR *)malloc(d->len)))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){ if (ssl->version==TLSV13_VERSION){
r=tls13_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl);
} else {
r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl);
}
if(r) {
ABORT(r); ABORT(r);
} }
@ -620,7 +652,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
r_data_destroy(&d->MS); r_data_destroy(&d->MS);
if(!d->ctx->ssl_key_log_file || if(!d->ctx->ssl_key_log_file ||
ssl_read_key_log_file(d) || ssl_read_key_log_file(ssl,d) ||
!d->MS){ !d->MS){
if(ssl->cs->kex!=KEX_RSA) if(ssl->cs->kex!=KEX_RSA)
return(-1); return(-1);
@ -1070,10 +1102,10 @@ static int ssl_generate_keying_material(ssl,d)
} }
if((r=ssl_create_rec_decoder(&d->c_to_s_n, if((r=ssl_create_rec_decoder(&d->c_to_s_n,
ssl->cs,c_mk,c_wk,c_iv))) ssl,c_mk,c_wk,c_iv)))
ABORT(r); ABORT(r);
if((r=ssl_create_rec_decoder(&d->s_to_c_n, if((r=ssl_create_rec_decoder(&d->s_to_c_n,
ssl->cs,s_mk,s_wk,s_iv))) ssl,s_mk,s_wk,s_iv)))
ABORT(r); ABORT(r);
@ -1086,6 +1118,175 @@ static int ssl_generate_keying_material(ssl,d)
return(_status); return(_status);
} }
static int hkdf_expand_label(ssl,d,secret,label,context,length,out)
ssl_obj *ssl;
ssl_decoder *d;
Data *secret;
char *label;
Data *context;
uint16_t length;
UCHAR **out;
{
int r;
size_t outlen = length;
EVP_PKEY_CTX *pctx;
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
Data hkdf_label;
UCHAR *ptr;
//Construct HkdfLabel
hkdf_label.data = ptr = malloc(512);
*(uint16_t*)ptr = ntohs(length);
ptr+=2;
*(uint8_t*)ptr++ = 6+(label?strlen(label):0);
memcpy(ptr, "tls13 ", 6);
ptr+=6;
if (label) {
memcpy(ptr, label, strlen(label));
ptr+=strlen(label);
}
*(uint8_t*)ptr++ = context?context->len:0;
if (context) {
memcpy(ptr, context->data, context->len);
ptr+=context->len;
}
hkdf_label.len = ptr - hkdf_label.data;
CRDUMPD("hkdf_label", &hkdf_label);
// Load parameters
*out = malloc(length);
if (EVP_PKEY_derive_init(pctx) <= 0) {
fprintf(stderr, "EVP_PKEY_derive_init failed\n");
}
/* Error */
if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)<=0) {
fprintf(stderr, "EVP_PKEY_CTX_hkdf_mode failed\n");
goto abort;
}
if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_get_digestbyname(digests[ssl->cs->dig-0x40])) <= 0) {
fprintf(stderr, "EVP_PKEY_CTX_set_hkdf_md failed\n");
goto abort;
}
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret->data, secret->len) <= 0) {
fprintf(stderr, "EVP_PKEY_CTX_set_hkdf_md failed\n");
goto abort;
}
if (EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdf_label.data, hkdf_label.len) <= 0) {
fprintf(stderr, "EVP_PKEY_CTX_add1_hkdf_info failed\n");
goto abort;
}
if (EVP_PKEY_derive(pctx, *out, &outlen) <= 0) {
fprintf(stderr, "EVP_PKEY_derive failed\n");
goto abort;
}
CRDUMP("out_hkdf", *out, outlen);
return 0;
abort:
ERR_print_errors_fp(stderr);
return r;
}
// Will update the keys for the particular direction
int ssl_tls13_update_keying_material(ssl,d,direction)
ssl_obj *ssl;
ssl_decoder *d;
int direction;
{
Data *secret;
ssl_rec_decoder *decoder;
UCHAR *newsecret;
UCHAR *newkey;
UCHAR *newiv;
if (direction == DIR_I2R) {
secret = d->CTS;
decoder = d->c_to_s;
} else {
secret = d->STS;
decoder = d->s_to_c;
}
hkdf_expand_label(ssl, d, secret, "traffic upd", NULL, ssl->cs->dig_len, &newsecret);
secret->data = newsecret;
hkdf_expand_label(ssl, d, secret, "key", NULL, ssl->cs->eff_bits/8, &newkey);
hkdf_expand_label(ssl, d, secret, "iv", NULL, 12, &newiv);
tls13_update_rec_key(decoder,newkey,newiv);
return 0;
}
int ssl_tls13_generate_keying_material(ssl,d)
ssl_obj* ssl;
ssl_decoder *d;
{
int r,_status;
Data out;
UCHAR *s_wk_h,*s_iv_h,*c_wk_h,*c_iv_h,
*s_wk,*s_iv,*c_wk,*c_iv;
if (!(d->ctx->ssl_key_log_file && ssl_read_key_log_file(ssl, d)==0 &&
d->SHTS && d->CHTS && d->STS && d->CTS)){
ABORT(-1);
}
// It is 12 for all ciphers
if (hkdf_expand_label(ssl, d, d->SHTS, "key", NULL, ssl->cs->eff_bits/8, &s_wk_h)) {
fprintf(stderr, "s_wk_h hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->SHTS, "iv", NULL, 12, &s_iv_h)) {
fprintf(stderr, "s_iv_h hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->CHTS, "key", NULL, ssl->cs->eff_bits/8, &c_wk_h)) {
fprintf(stderr, "c_wk_h hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->CHTS, "iv", NULL, 12, &c_iv_h)) {
fprintf(stderr, "c_iv_h hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->STS, "key", NULL, ssl->cs->eff_bits/8, &s_wk)) {
fprintf(stderr, "s_wk hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->STS, "iv", NULL, 12, &s_iv)) {
fprintf(stderr, "s_iv hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->CTS, "key", NULL, ssl->cs->eff_bits/8, &c_wk)) {
fprintf(stderr, "c_wk hkdf_expand_label failed\n");
goto abort;
}
if (hkdf_expand_label(ssl, d, d->CTS, "iv", NULL, 12, &c_iv)) {
fprintf(stderr, "c_iv hkdf_expand_label failed\n");
goto abort;
}
CRDUMP("Server Handshake Write key", s_wk_h,ssl->cs->eff_bits/8 );
CRDUMP("Server Handshake IV", s_iv_h, 12);
CRDUMP("Client Handshake Write key", c_wk_h, ssl->cs->eff_bits/8);
CRDUMP("Client Handshake IV", c_iv_h,12);
CRDUMP("Server Write key", s_wk,ssl->cs->eff_bits/8);
CRDUMP("Server IV", s_iv,12);
CRDUMP("Client Write key",c_wk, ssl->cs->eff_bits/8);
CRDUMP("Client IV", c_iv,12);
if((r=ssl_create_rec_decoder(&d->c_to_s_n,
ssl,NULL,c_wk,c_iv)))
ABORT(r);
if((r=ssl_create_rec_decoder(&d->s_to_c_n,
ssl,NULL,s_wk,s_iv)))
ABORT(r);
if((r=ssl_create_rec_decoder(&d->c_to_s,
ssl,NULL,c_wk_h,c_iv_h)))
ABORT(r);
if((r=ssl_create_rec_decoder(&d->s_to_c,
ssl,NULL,s_wk_h,s_iv_h)))
ABORT(r);
return 0;
abort:
return r;
}
static int ssl_generate_session_hash(ssl,d) static int ssl_generate_session_hash(ssl,d)
ssl_obj *ssl; ssl_obj *ssl;
ssl_decoder *d; ssl_decoder *d;
@ -1134,36 +1335,64 @@ static int ssl_generate_session_hash(ssl,d)
return(_status); return(_status);
} }
static int ssl_read_key_log_file(d) static int read_hex_string(char *str, UCHAR *buf, int n) {
unsigned int t;
int i;
for (i = 0; i < n; i++) {
if (sscanf(str + i * 2, "%02x", &t) != 1)
return -1;
buf[i] = (char)t;
}
return 0;
}
static int ssl_read_key_log_file(ssl,d)
ssl_obj *ssl;
ssl_decoder *d; ssl_decoder *d;
{ {
int r,_status,n,i; int r,_status,n,i;
unsigned int t; unsigned int t;
size_t l=0; size_t l=0;
char *line,*label_data; char *line, *d_client_random, *label, *client_random, *secret;
if (ssl->version==TLSV13_VERSION && !ssl->cs)// ssl->cs is not set when called from ssl_process_client_session_id
while ((n=getline(&line,&l,d->ctx->ssl_key_log_file))!=-1) { ABORT(r);
if(n==(d->client_random->len*2)+112 && if (!(d_client_random = malloc((d->client_random->len * 2) + 1)))
!strncmp(line,"CLIENT_RANDOM",13)) { ABORT(r);
for (i = 0; i < d->client_random->len; i++)
if(!(label_data=malloc((d->client_random->len*2)+1))) if (snprintf(d_client_random + (i * 2), 3, "%02x", d->client_random->data[i]) != 2)
ABORT(r); ABORT(r);
while ((n = getline(&line, &l, d->ctx->ssl_key_log_file)) != -1) {
for(i=0;i<d->client_random->len;i++) if (line[n-1] =='\n') line[n-1] = '\0';
if(snprintf(label_data+(i*2),3,"%02x",d->client_random->data[i])!=2) if (!(label=strtok(line, " "))) continue;
ABORT(r); if (!(client_random=strtok(NULL, " ")) || strlen(client_random)!=64 || STRNICMP(client_random, d_client_random, 64)) continue;
secret=strtok(NULL, " ");
if(STRNICMP(line+14,label_data,64)) if (!(secret) || strlen(secret)!=(ssl->version==TLSV13_VERSION?ssl->cs->dig_len*2:96)) continue;
continue; if (!strncmp(label, "CLIENT_RANDOM", 13)) {
if ((r=r_data_alloc(&d->MS, 48)))
if((r=r_data_alloc(&d->MS,48))) ABORT(r);
ABORT(r); if (read_hex_string(secret, d->MS->data, 48))
ABORT(r);
for(i=0; i < d->MS->len; i++) { }
if(sscanf(line+14+65+(i*2),"%2x",&t)!=1) if (ssl->version!=TLSV13_VERSION) continue;
ABORT(r); if (!strncmp(label, "SERVER_HANDSHAKE_TRAFFIC_SECRET", 31)){
*(d->MS->data+i)=(char)t; if ((r=r_data_alloc(&d->SHTS, ssl->cs->dig_len)))
} ABORT(r);
if (read_hex_string(secret, d->SHTS->data, ssl->cs->dig_len))
ABORT(r);
} else if (!strncmp(label, "CLIENT_HANDSHAKE_TRAFFIC_SECRET", 31)){
if ((r=r_data_alloc(&d->CHTS, ssl->cs->dig_len)))
ABORT(r);
if (read_hex_string(secret, d->CHTS->data, ssl->cs->dig_len))
ABORT(r);
} else if (!strncmp(label, "SERVER_TRAFFIC_SECRET_0", 23)){
if ((r=r_data_alloc(&d->STS, ssl->cs->dig_len)))
ABORT(r);
if (read_hex_string(secret, d->STS->data, ssl->cs->dig_len))
ABORT(r);
} else if (!strncmp(label, "CLIENT_TRAFFIC_SECRET_0", 23)){
if ((r=r_data_alloc(&d->CTS, ssl->cs->dig_len)))
ABORT(r);
if (read_hex_string(secret, d->CTS->data, ssl->cs->dig_len))
ABORT(r);
} }
/* /*
Eventually add support for other labels defined here: Eventually add support for other labels defined here:

View file

@ -73,6 +73,9 @@ int ssl_update_handshake_messages PROTO_LIST((ssl_obj *ssl,
Data *data)); Data *data));
int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction,
int ct,int version,Data *d)); int ct,int version,Data *d));
int ssl_tls13_generate_keying_material PROTO_LIST((ssl_obj *obj,ssl_decoder *dec));
int ssl_process_handshake_finished PROTO_LIST((ssl_obj* ssl,ssl_decoder *dec, Data *data));
int ssl_tls13_update_keying_material PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int dir));
#endif #endif

View file

@ -268,18 +268,16 @@ int ssl_expand_record(ssl,q,direction,data,len)
explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len); explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len);
return(0); return(0);
} }
version = ssl->version ? ssl->version : (vermaj*256+vermin);
P_(P_RH){ P_(P_RH){
explain(ssl," V%d.%d(%d)",vermaj,vermin,length); explain(ssl," V%d.%d(%d)",(version>>8)&0xff,version&0xff,length);
json_object_object_add(jobj, "record_len", json_object_new_int(length)); json_object_object_add(jobj, "record_len", json_object_new_int(length));
snprintf(verstr,8,"%d.%d",vermaj,vermin); snprintf(verstr,8,"%d.%d",(version>>8)&0xff,version&0xff);
json_object_object_add(jobj, "record_ver", json_object_new_string(verstr)); json_object_object_add(jobj, "record_ver", json_object_new_string(verstr));
} }
version=vermaj*256+vermin; r = ssl_decode_record(ssl, ssl->decoder, direction, ct, version, &d);
r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d);
if(r==SSL_BAD_MAC){ if(r==SSL_BAD_MAC){
explain(ssl," bad MAC\n"); explain(ssl," bad MAC\n");
return(0); return(0);
@ -303,9 +301,15 @@ int ssl_expand_record(ssl,q,direction,data,len)
else{ else{
//try to save unencrypted data to logger //try to save unencrypted data to logger
//we must save record with type "application_data" (this is unencrypted data) //we must save record with type "application_data" (this is unencrypted data)
if ((ct == 23) && (logger)) logger->vtbl->data(ssl->logger_obj,d.data,d.len,direction); if (ct==23){
if (logger) {
if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) { logger->vtbl->data(ssl->logger_obj,d.data,d.len,direction);
}
if (ssl->version==TLSV13_VERSION){
ct = d.data[--d.len]; // In TLS 1.3 ct is stored in the end for encrypted records
}
}
if((r=ssl_decode_switch(ssl,ContentType_decoder,ct,direction,q, &d))) {
if(!(SSL_print_flags & SSL_PRINT_JSON)) if(!(SSL_print_flags & SSL_PRINT_JSON))
printf(" unknown record type: %d\n", ct); printf(" unknown record type: %d\n", ct);
ERETURN(r); ERETURN(r);