From 1fcc365d9e04568235e7a0dd6ff249586c6ad818 Mon Sep 17 00:00:00 2001
From: c65722 <53181351+c65722@users.noreply.github.com>
Date: Sat, 20 Jul 2019 07:58:33 -0700
Subject: [PATCH] Add Parse TLS record operation
---
src/core/config/Categories.json | 1 +
src/core/lib/Protocol.mjs | 3 +
src/core/operations/ParseTLSRecord.mjs | 884 +++++++++
tests/operations/index.mjs | 1 +
tests/operations/tests/ParseTLSRecord.mjs | 2045 +++++++++++++++++++++
5 files changed, 2934 insertions(+)
create mode 100644 src/core/operations/ParseTLSRecord.mjs
create mode 100644 tests/operations/tests/ParseTLSRecord.mjs
diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json
index bebdd6a5e2..bd29dcb2df 100644
--- a/src/core/config/Categories.json
+++ b/src/core/config/Categories.json
@@ -235,6 +235,7 @@
"Parse IPv6 address",
"Parse IPv4 header",
"Parse TCP",
+ "Parse TLS record",
"Parse UDP",
"Parse SSH Host Key",
"Parse URI",
diff --git a/src/core/lib/Protocol.mjs b/src/core/lib/Protocol.mjs
index 57d2374a88..dfb8b19771 100644
--- a/src/core/lib/Protocol.mjs
+++ b/src/core/lib/Protocol.mjs
@@ -26,6 +26,9 @@ export function objToTable(obj, nested=false) {
`;
for (const key in obj) {
+ if (typeof obj[key] === "function")
+ continue;
+
html += `
${key} | `;
if (typeof obj[key] === "object")
html += `${objToTable(obj[key], true)} | `;
diff --git a/src/core/operations/ParseTLSRecord.mjs b/src/core/operations/ParseTLSRecord.mjs
new file mode 100644
index 0000000000..57a339a84c
--- /dev/null
+++ b/src/core/operations/ParseTLSRecord.mjs
@@ -0,0 +1,884 @@
+/**
+ * @author c65722 []
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import {toHexFast} from "../lib/Hex.mjs";
+import {objToTable} from "../lib/Protocol.mjs";
+import Stream from "../lib/Stream.mjs";
+
+/**
+ * Parse TLS record operation.
+ */
+class ParseTLSRecord extends Operation {
+
+ /**
+ * ParseTLSRecord constructor.
+ */
+ constructor() {
+ super();
+
+ this.name = "Parse TLS record";
+ this.module = "Default";
+ this.description = "Parses one or more TLS records";
+ this.infoURL = "https://wikipedia.org/wiki/Transport_Layer_Security";
+ this.inputType = "ArrayBuffer";
+ this.outputType = "json";
+ this.presentType = "html";
+ this.args = [];
+ this._handshakeParser = new HandshakeParser();
+ this._contentTypes = new Map();
+
+ for (const key in ContentType) {
+ this._contentTypes[ContentType[key]] = key.toString().toLocaleLowerCase();
+ }
+ }
+
+ /**
+ * @param {ArrayBuffer} input - Stream, containing one or more raw TLS Records.
+ * @param {Object[]} args
+ * @returns {Object[]} Array of Object representations of TLS Records contained within input.
+ */
+ run(input, args) {
+ const s = new Stream(new Uint8Array(input));
+
+ const output = [];
+
+ while (s.hasMore()) {
+ const record = this._readRecord(s);
+ if (record) {
+ output.push(record);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads a TLS Record from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw TLS Record.
+ * @returns {Object} Object representation of TLS Record.
+ */
+ _readRecord(input) {
+ const RECORD_HEADER_LEN = 5;
+
+ if (input.position + RECORD_HEADER_LEN > input.length) {
+ input.moveTo(input.length);
+
+ return null;
+ }
+
+ const type = input.readInt(1);
+ const typeString = this._contentTypes[type] ?? type.toString();
+ const version = "0x" + toHexFast(input.getBytes(2));
+ const length = input.readInt(2);
+ const content = input.getBytes(length);
+ const truncated = content.length < length;
+
+ const recordHeader = new RecordHeader(typeString, version, length, truncated);
+
+ if (!content.length) {
+ return {...recordHeader};
+ }
+
+ if (type === ContentType.HANDSHAKE) {
+ return this._handshakeParser.parse(new Stream(content), recordHeader);
+ }
+
+ const record = {...recordHeader};
+ record.value = "0x" + toHexFast(content);
+
+ return record;
+ }
+
+ /**
+ * Displays the parsed TLS Records in a tabular style.
+ *
+ * @param {Object[]} data - Array of Object representations of the TLS Records.
+ * @returns {html} HTML representation of TLS Records contained within data.
+ */
+ present(data) {
+ return data.map(r => objToTable(r)).join("\n\n");
+ }
+}
+
+export default ParseTLSRecord;
+
+/**
+ * Repesents the known values of type field of a TLS Record header.
+ */
+const ContentType = Object.freeze({
+ CHANGE_CIPHER_SPEC: 20,
+ ALERT: 21,
+ HANDSHAKE: 22,
+ APPLICATION_DATA: 23,
+});
+
+/**
+ * Represents a TLS Record header
+ */
+class RecordHeader {
+ /**
+ * RecordHeader cosntructor.
+ *
+ * @param {string} type - String representation of TLS Record type field.
+ * @param {string} version - Hex representation of TLS Record version field.
+ * @param {int} length - Length of TLS Record.
+ * @param {bool} truncated - Is TLS Record truncated.
+ */
+ constructor(type, version, length, truncated) {
+ this.type = type;
+ this.version = version;
+ this.length = length;
+
+ if (truncated) {
+ this.truncated = true;
+ }
+ }
+}
+
+/**
+ * Parses TLS Handshake messages.
+ */
+class HandshakeParser {
+
+ /**
+ * HandshakeParser constructor.
+ */
+ constructor() {
+ this._clientHelloParser = new ClientHelloParser();
+ this._serverHelloParser = new ServerHelloParser();
+ this._newSessionTicketParser = new NewSessionTicketParser();
+ this._certificateParser = new CertificateParser();
+ this._certificateRequestParser = new CertificateRequestParser();
+ this._certificateVerifyParser = new CertificateVerifyParser();
+ this._handshakeTypes = new Map();
+
+ for (const key in HandshakeType) {
+ this._handshakeTypes[HandshakeType[key]] = key.toString().toLowerCase();
+ }
+ }
+
+ /**
+ * Parses a single TLS handshake message.
+ *
+ * @param {Stream} input - Stream, containing a raw Handshake message.
+ * @param {RecordHeader} recordHeader - TLS Record header.
+ * @returns {Object} Object representation of Handshake.
+ */
+ parse(input, recordHeader) {
+ const output = {...recordHeader};
+
+ if (!input.hasMore()) {
+ return output;
+ }
+
+ const handshakeType = input.readInt(1);
+ output.handshakeType = this._handshakeTypes[handshakeType] ?? handshakeType.toString();
+
+ if (input.position + 3 > input.length) {
+ input.moveTo(input.length);
+
+ return output;
+ }
+
+ const handshakeLength = input.readInt(3);
+
+ if (handshakeLength + 4 !== recordHeader.length) {
+ input.moveTo(0);
+
+ output.handshakeType = this._handshakeTypes[HandshakeType.FINISHED];
+ output.handshakeValue = "0x" + toHexFast(input.bytes);
+
+ return output;
+ }
+
+ const content = input.getBytes(handshakeLength);
+ if (!content.length) {
+ return output;
+ }
+
+ switch (handshakeType) {
+ case HandshakeType.CLIENT_HELLO:
+ return {...output, ...this._clientHelloParser.parse(new Stream(content))};
+ case HandshakeType.SERVER_HELLO:
+ return {...output, ...this._serverHelloParser.parse(new Stream(content))};
+ case HandshakeType.NEW_SESSION_TICKET:
+ return {...output, ...this._newSessionTicketParser.parse(new Stream(content))};
+ case HandshakeType.CERTIFICATE:
+ return {...output, ...this._certificateParser.parse(new Stream(content))};
+ case HandshakeType.CERTIFICATE_REQUEST:
+ return {...output, ...this._certificateRequestParser.parse(new Stream(content))};
+ case HandshakeType.CERTIFICATE_VERIFY:
+ return {...output, ...this._certificateVerifyParser.parse(new Stream(content))};
+ default:
+ output.handshakeValue = "0x" + toHexFast(content);
+ }
+
+ return output;
+ }
+}
+
+/**
+ * Represents the known values of the msg_type field of a TLS Handshake message.
+ */
+const HandshakeType = Object.freeze({
+ HELLO_REQUEST: 0,
+ CLIENT_HELLO: 1,
+ SERVER_HELLO: 2,
+ NEW_SESSION_TICKET: 4,
+ CERTIFICATE: 11,
+ SERVER_KEY_EXCHANGE: 12,
+ CERTIFICATE_REQUEST: 13,
+ SERVER_HELLO_DONE: 14,
+ CERTIFICATE_VERIFY: 15,
+ CLIENT_KEY_EXCHANGE: 16,
+ FINISHED: 20,
+});
+
+/**
+ * Parses TLS Handshake ClientHello messages.
+ */
+class ClientHelloParser {
+
+ /**
+ * ClientHelloParser constructor.
+ */
+ constructor() {
+ this._extensionsParser = new ExtensionsParser();
+ }
+
+ /**
+ * Parses a single TLS Handshake ClientHello message.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message.
+ * @returns {Object} Object representation of ClientHello.
+ */
+ parse(input) {
+ const output = {};
+
+ output.clientVersion = this._readClientVersion(input);
+ output.random = this._readRandom(input);
+
+ const sessionID = this._readSessionID(input);
+ if (sessionID) {
+ output.sessionID = sessionID;
+ }
+
+ output.cipherSuites = this._readCipherSuites(input);
+ output.compressionMethods = this._readCompressionMethods(input);
+ output.extensions = this._readExtensions(input);
+
+ return output;
+ }
+
+ /**
+ * Reads the client_version field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before client_version field.
+ * @returns {string} Hex representation of client_version.
+ */
+ _readClientVersion(input) {
+ return readBytesAsHex(input, 2);
+ }
+
+ /**
+ * Reads the random field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before random field.
+ * @returns {string} Hex representation of random.
+ */
+ _readRandom(input) {
+ return readBytesAsHex(input, 32);
+ }
+
+ /**
+ * Reads the session_id field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before session_id length field.
+ * @returns {string} Hex representation of session_id, or empty string if session_id not present.
+ */
+ _readSessionID(input) {
+ return readSizePrefixedBytesAsHex(input, 1);
+ }
+
+ /**
+ * Reads the cipher_suites field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before cipher_suites length field.
+ * @returns {Object} Object represention of cipher_suites field.
+ */
+ _readCipherSuites(input) {
+ const output = {};
+
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return {};
+ }
+
+ const cipherSuites = new Stream(input.getBytes(output.length));
+ if (cipherSuites.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (cipherSuites.hasMore()) {
+ const cipherSuite = readBytesAsHex(cipherSuites, 2);
+ if (cipherSuite) {
+ output.values.push(cipherSuite);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads the compression_methods field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before compression_methods length field.
+ * @returns {Object} Object representation of compression_methods field.
+ */
+ _readCompressionMethods(input) {
+ const output = {};
+
+ output.length = input.readInt(1);
+ if (!output.length) {
+ return {};
+ }
+
+ const compressionMethods = new Stream(input.getBytes(output.length));
+ if (compressionMethods.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (compressionMethods.hasMore()) {
+ const compressionMethod = readBytesAsHex(compressionMethods, 1);
+ if (compressionMethod) {
+ output.values.push(compressionMethod);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads the extensions field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ClientHello message, with position before extensions length field.
+ * @returns {Object} Object representations of extensions field.
+ */
+ _readExtensions(input) {
+ const output = {};
+
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return {};
+ }
+
+ const extensions = new Stream(input.getBytes(output.length));
+ if (extensions.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = this._extensionsParser.parse(extensions);
+
+ return output;
+ }
+}
+
+/**
+ * Parses TLS Handshake ServeHello messages.
+ */
+class ServerHelloParser {
+
+ /**
+ * ServerHelloParser constructor.
+ */
+ constructor() {
+ this._extensionsParser = new ExtensionsParser();
+ }
+
+ /**
+ * Parses a single TLS Handshake ServerHello message.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message.
+ * @return {Object} Object representation of ServerHello.
+ */
+ parse(input) {
+ const output = {};
+
+ output.serverVersion = this._readServerVersion(input);
+ output.random = this._readRandom(input);
+
+ const sessionID = this._readSessionID(input);
+ if (sessionID) {
+ output.sessionID = sessionID;
+ }
+
+ output.cipherSuite = this._readCipherSuite(input);
+ output.compressionMethod = this._readCompressionMethod(input);
+ output.extensions = this._readExtensions(input);
+
+ return output;
+ }
+
+ /**
+ * Reads the server_version field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message, with position before server_version field.
+ * @returns {string} Hex representation of server_version.
+ */
+ _readServerVersion(input) {
+ return readBytesAsHex(input, 2);
+ }
+
+ /**
+ * Reads the random field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message, with position before random field.
+ * @returns {string} Hex representation of random.
+ */
+ _readRandom(input) {
+ return readBytesAsHex(input, 32);
+ }
+
+ /**
+ * Reads the session_id field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServertHello message, with position before session_id length field.
+ * @returns {string} Hex representation of session_id, or empty string if session_id not present.
+ */
+ _readSessionID(input) {
+ return readSizePrefixedBytesAsHex(input, 1);
+ }
+
+ /**
+ * Reads the cipher_suite field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message, with position before cipher_suite field.
+ * @returns {string} Hex represention of cipher_suite.
+ */
+ _readCipherSuite(input) {
+ return readBytesAsHex(input, 2);
+ }
+
+ /**
+ * Reads the compression_method field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message, with position before compression_method field.
+ * @returns {string} Hex represention of compression_method.
+ */
+ _readCompressionMethod(input) {
+ return readBytesAsHex(input, 1);
+ }
+
+ /**
+ * Reads the extensions field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw ServerHello message, with position before extensions length field.
+ * @returns {Object} Object representation of extensions field.
+ */
+ _readExtensions(input) {
+ const output = {};
+
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return {};
+ }
+
+ const extensions = new Stream(input.getBytes(output.length));
+ if (extensions.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = this._extensionsParser.parse(extensions);
+
+ return output;
+ }
+}
+
+/**
+ * Parses TLS Handshake Hello Extensions.
+ */
+class ExtensionsParser {
+
+ /**
+ * Parses a stream of TLS Handshake Hello Extensions.
+ *
+ * @param {Stream} input - Stream, containing multiple raw Extensions, with position before first extension length field.
+ * @returns {Object[]} Array of Object representations of Extensions contained within input.
+ */
+ parse(input) {
+ const output = [];
+
+ while (input.hasMore()) {
+ const extension = this._readExtension(input);
+ if (extension) {
+ output.push(extension);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads a single Extension from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a list of Extensions, with position before the length field of the next Extension.
+ * @returns {Object} Object representation of Extension.
+ */
+ _readExtension(input) {
+ const output = {};
+
+ if (input.position + 4 > input.length) {
+ input.moveTo(input.length);
+ return null;
+ }
+
+ output.type = "0x" + toHexFast(input.getBytes(2));
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return output;
+ }
+
+ const value = input.getBytes(output.length);
+ if (!value || value.length !== output.length) {
+ output.truncated = true;
+ }
+
+ if (value && value.length) {
+ output.value = "0x" + toHexFast(value);
+ }
+
+ return output;
+ }
+}
+
+/**
+ * Parses TLS Handshake NewSessionTicket messages.
+ */
+class NewSessionTicketParser {
+
+ /**
+ * Parses a single TLS Handshake NewSessionTicket message.
+ *
+ * @param {Stream} input - Stream, containing a raw NewSessionTicket message.
+ * @returns {Object} Object representation of NewSessionTicket.
+ */
+ parse(input) {
+ return {
+ ticketLifetimeHint: this._readTicketLifetimeHint(input),
+ ticket: this._readTicket(input),
+ };
+ }
+
+ /**
+ * Reads the ticket_lifetime_hint field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw NewSessionTicket message, with position before ticket_lifetime_hint field.
+ * @returns {string} Lifetime hint, in seconds.
+ */
+ _readTicketLifetimeHint(input) {
+ if (input.position + 4 > input.length) {
+ input.moveTo(input.length);
+ return "";
+ }
+
+ return input.readInt(4) + "s";
+ }
+
+ /**
+ * Reads the ticket field fromt the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw NewSessionTicket message, with position before ticket length field.
+ * @returns {string} Hex representation of ticket.
+ */
+ _readTicket(input) {
+ return readSizePrefixedBytesAsHex(input, 2);
+ }
+}
+
+/**
+ * Parses TLS Handshake Certificate messages.
+ */
+class CertificateParser {
+
+ /**
+ * Parses a single TLS Handshake Certificate message.
+ *
+ * @param {Stream} input - Stream, containing a raw Certificate message.
+ * @returns {Object} Object representation of Certificate.
+ */
+ parse(input) {
+ const output = {};
+
+ output.certificateList = this._readCertificateList(input);
+
+ return output;
+ }
+
+ /**
+ * Reads the certificate_list field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw Certificate message, with position before certificate_list length field.
+ * @returns {string[]} Array of strings, each containing a hex representation of a value within the certificate_list field.
+ */
+ _readCertificateList(input) {
+ const output = {};
+
+ if (input.position + 3 > input.length) {
+ input.moveTo(input.length);
+ return output;
+ }
+
+ output.length = input.readInt(3);
+ if (!output.length) {
+ return output;
+ }
+
+ const certificates = new Stream(input.getBytes(output.length));
+ if (certificates.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (certificates.hasMore()) {
+ const certificate = this._readCertificate(certificates);
+ if (certificate) {
+ output.values.push(certificate);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads a single certificate from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a list of certificicates, with position before the length field of the next certificate.
+ * @returns {string} Hex representation of certificate.
+ */
+ _readCertificate(input) {
+ return readSizePrefixedBytesAsHex(input, 3);
+ }
+}
+
+/**
+ * Parses TLS Handshake CertificateRequest messages.
+ */
+class CertificateRequestParser {
+
+ /**
+ * Parses a single TLS Handshake CertificateRequest message.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateRequest message.
+ * @return {Object} Object representation of CertificateRequest.
+ */
+ parse(input) {
+ const output = {};
+
+ output.certificateTypes = this._readCertificateTypes(input);
+ output.supportedSignatureAlgorithms = this._readSupportedSignatureAlgorithms(input);
+
+ const certificateAuthorities = this._readCertificateAuthorities(input);
+ if (certificateAuthorities.length) {
+ output.certificateAuthorities = certificateAuthorities;
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads the certificate_types field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateRequest message, with position before certificate_types length field.
+ * @return {string[]} Array of strings, each containing a hex representation of a value within the certificate_types field.
+ */
+ _readCertificateTypes(input) {
+ const output = {};
+
+ output.length = input.readInt(1);
+ if (!output.length) {
+ return {};
+ }
+
+ const certificateTypes = new Stream(input.getBytes(output.length));
+ if (certificateTypes.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (certificateTypes.hasMore()) {
+ const certificateType = readBytesAsHex(certificateTypes, 1);
+ if (certificateType) {
+ output.values.push(certificateType);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads the supported_signature_algorithms field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateRequest message, with position before supported_signature_algorithms length field.
+ * @returns {string[]} Array of strings, each containing a hex representation of a value within the supported_signature_algorithms field.
+ */
+ _readSupportedSignatureAlgorithms(input) {
+ const output = {};
+
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return {};
+ }
+
+ const signatureAlgorithms = new Stream(input.getBytes(output.length));
+ if (signatureAlgorithms.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (signatureAlgorithms.hasMore()) {
+ const signatureAlgorithm = readBytesAsHex(signatureAlgorithms, 2);
+ if (signatureAlgorithm) {
+ output.values.push(signatureAlgorithm);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads the certificate_authorities field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateRequest message, with position before certificate_authorities length field.
+ * @returns {string[]} Array of strings, each containing a hex representation of a value within the certificate_authorities field.
+ */
+ _readCertificateAuthorities(input) {
+ const output = {};
+
+ output.length = input.readInt(2);
+ if (!output.length) {
+ return {};
+ }
+
+ const certificateAuthorities = new Stream(input.getBytes(output.length));
+ if (certificateAuthorities.length < output.length) {
+ output.truncated = true;
+ }
+
+ output.values = [];
+
+ while (certificateAuthorities.hasMore()) {
+ const certificateAuthority = this._readCertificateAuthority(certificateAuthorities);
+ if (certificateAuthority) {
+ output.values.push(certificateAuthority);
+ }
+ }
+
+ return output;
+ }
+
+ /**
+ * Reads a single certificate authority from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a list of raw certificate authorities, with position before the length field of the next certificate authority.
+ * @returns {string} Hex representation of certificate authority.
+ */
+ _readCertificateAuthority(input) {
+ return readSizePrefixedBytesAsHex(input, 2);
+ }
+}
+
+/**
+ * Parses TLS Handshake CertificateVerify messages.
+ */
+class CertificateVerifyParser {
+
+ /**
+ * Parses a single CertificateVerify Message.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateVerify message.
+ * @returns {Object} Object representation of CertificateVerify.
+ */
+ parse(input) {
+ return {
+ algorithmHash: this._readAlgorithmHash(input),
+ algorithmSignature: this._readAlgorithmSignature(input),
+ signature: this._readSignature(input),
+ };
+ }
+
+ /**
+ * Reads the algorithm.hash field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateVerify message, with position before algorithm.hash field.
+ * @return {string} Hex representation of hash algorithm.
+ */
+ _readAlgorithmHash(input) {
+ return readBytesAsHex(input, 1);
+ }
+
+ /**
+ * Reads the algorithm.signature field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateVerify message, with position before algorithm.signature field.
+ * @return {string} Hex representation of signature algorithm.
+ */
+ _readAlgorithmSignature(input) {
+ return readBytesAsHex(input, 1);
+ }
+
+ /**
+ * Reads the signature field from the following bytes in the provided Stream.
+ *
+ * @param {Stream} input - Stream, containing a raw CertificateVerify message, with position before signature field.
+ * @return {string} Hex representation of signature.
+ */
+ _readSignature(input) {
+ return readSizePrefixedBytesAsHex(input, 2);
+ }
+}
+
+/**
+ * Read the following size prefixed bytes from the provided Stream, and reuturn as a hex string.
+ *
+ * @param {Stream} input - Stream to read from.
+ * @param {int} sizePrefixLength - Length of the size prefix field.
+ * @returns {string} Hex representation of bytes read from Stream, empty string is returned if
+ * field cannot be read in full.
+ */
+function readSizePrefixedBytesAsHex(input, sizePrefixLength) {
+ const length = input.readInt(sizePrefixLength);
+ if (!length) {
+ return "";
+ }
+
+ return readBytesAsHex(input, length);
+}
+
+/**
+ * Read n bytes from the provided Stream, and return as a hex string.
+ *
+ * @param {Stream} input - Stream to read from.
+ * @param {int} n - Number of bytes to read.
+ * @returns {string} Hex representation of bytes read from Stream, or empty string if field cannot
+ * be read in full.
+ */
+function readBytesAsHex(input, n) {
+ const bytes = input.getBytes(n);
+ if (!bytes || bytes.length !== n) {
+ return "";
+ }
+
+ return "0x" + toHexFast(bytes);
+}
diff --git a/tests/operations/index.mjs b/tests/operations/index.mjs
index 40ce7a2ee6..40b510a02c 100644
--- a/tests/operations/index.mjs
+++ b/tests/operations/index.mjs
@@ -115,6 +115,7 @@ import "./tests/ParseObjectIDTimestamp.mjs";
import "./tests/ParseQRCode.mjs";
import "./tests/ParseSSHHostKey.mjs";
import "./tests/ParseTCP.mjs";
+import "./tests/ParseTLSRecord.mjs";
import "./tests/ParseTLV.mjs";
import "./tests/ParseUDP.mjs";
import "./tests/PEMtoHex.mjs";
diff --git a/tests/operations/tests/ParseTLSRecord.mjs b/tests/operations/tests/ParseTLSRecord.mjs
new file mode 100644
index 0000000000..86db2f2ca9
--- /dev/null
+++ b/tests/operations/tests/ParseTLSRecord.mjs
@@ -0,0 +1,2045 @@
+/**
+ * Parse TLS record tests.
+ *
+ * @auther c65722
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+ {
+ name: "Parse TLS record: Truncated header",
+ input: "16030300",
+ expectedOutput: "[]",
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Change Cipher Spec",
+ input: "140303000101",
+ expectedOutput: '[{"type":"change_cipher_spec","version":"0x0303","length":1,"value":"0x01"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Change Cipher Spec - Truncated before content",
+ input: "1403030001",
+ expectedOutput: '[{"type":"change_cipher_spec","version":"0x0303","length":1,"truncated":true}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Alert",
+ input: "150303001411770b5b5d11078535823266ec79671ed402bced",
+ expectedOutput: '[{"type":"alert","version":"0x0303","length":20,"value":"0x11770b5b5d11078535823266ec79671ed402bced"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Alert - Truncated within content",
+ input: "150303001411770b5b5d1107853582",
+ expectedOutput: '[{"type":"alert","version":"0x0303","length":20,"truncated":true,"value":"0x11770b5b5d1107853582"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Alert - Truncated before content",
+ input: "1503030014",
+ expectedOutput: '[{"type":"alert","version":"0x0303","length":20,"truncated":true}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Truncated within length",
+ input: "1603030032010000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Truncated before length",
+ input: "160303003201",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Truncated before msg type",
+ input: "1603030032",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Hello Request",
+ input: "160303000400000000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":4,"handshakeType":"hello_request"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076000004123443210200010000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before extensions length",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107600000412344321020001",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated within compression methods",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076000004123443210200",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"truncated":true,"values":["0x00"]},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before compression methods",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd0510760000041234432102",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"truncated":true,"values":[]},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before compression methods length",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107600000412344321",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated within cipher suite value",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076000004123443",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"truncated":true,"values":["0x1234"]},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated within cipher suites",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd0510760000041234",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"truncated":true,"values":["0x1234"]},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before cipher suites",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076000004",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{"length":4,"truncated":true,"values":[]},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before cipher suites length",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd0510760000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before session id length",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107600",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated within random",
+ input: "16030300320100002e030345cd3a31beaebd2934dd4ec2a151d7a0",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before random",
+ input: "16030300320100002e0303",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated within client version",
+ input: "16030300320100002e03",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello","clientVersion":"","random":"","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, No session ID, No extensions - Truncated before client version",
+ input: "16030300320100002e",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":50,"truncated":true,"handshakeType":"client_hello"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, No extensions",
+ input: "16030300520100004e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae0004123443210200010000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":82,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, No extensions - Truncated within session id",
+ input: "16030300520100004e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":82,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, No extensions - Truncated before session id",
+ input: "16030300520100004e030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":82,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","cipherSuites":{},"compressionMethods":{},"extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d00000010000e00000b6578616d706c652e636f6d00170000ff01000100",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"values":[{"type":"0x0000","length":16,"value":"0x000e00000b6578616d706c652e636f6d"},{"type":"0x0017","length":0},{"type":"0xff01","length":1,"value":"0x00"}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated within extension value",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d00000010000e00000b657861",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[{"type":"0x0000","length":16,"truncated":true,"value":"0x000e00000b657861"}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated before extension value",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d00000010",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[{"type":"0x0000","length":16,"truncated":true}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated within extension length",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d000000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated before extension length",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d0000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated within extension type",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d00",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Hello, Session ID, Extensions - Truncated before extension type",
+ input: "160303006f0100006b030345cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd05107620dc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae000412344321020001001d",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":111,"truncated":true,"handshakeType":"client_hello","clientVersion":"0x0303","random":"0x45cd3a31beaebd2934dd4ec2a151d7a054eab8bc0e4e5b9d4b9abdaacd051076","sessionID":"0xdc78c85fdcee405ebb7963543771005a3d1b7dbf88fb9f8df12e4f7ea525e1ae","cipherSuites":{"length":4,"values":["0x1234","0x4321"]},"compressionMethods":{"length":2,"values":["0x00","0x01"]},"extensions":{"length":29,"truncated":true,"values":[]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132004321010000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before extensions length",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113200432101",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before compression method",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132004321",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"0x4321","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated within cipher suite",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b011320043",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before cipher suite",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113200",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before session id length",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated within random",
+ input: "160303002c02000028030309684ab9c0f6e739e308cd42a18a73d9a",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before random",
+ input: "160303002c0200002803030",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated within server version",
+ input: "160303002c0200002803",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello","serverVersion":"","random":"","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, No session ID, No extensions - Truncated before server version",
+ input: "160303002c02000028",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":44,"truncated":true,"handshakeType":"server_hello"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, No extension",
+ input: "160303004c02000048030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b95984321010000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":76,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, No extension - Truncated within session id",
+ input: "160303004c02000048030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df7",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":76,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, No extension - Truncated before session id",
+ input: "160303004c02000048030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":76,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","cipherSuite":"","compressionMethod":"","extensions":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000ff0100010000170000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"values":[{"type":"0x0000","length":0},{"type":"0xff01","length":1,"value":"0x00"},{"type":"0x0017","length":0}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions - Truncated before extension value",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000ff010001",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"truncated":true,"values":[{"type":"0x0000","length":0},{"type":"0xff01","length":1,"truncated":true}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions - Truncated within extension length",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000ff0100",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"truncated":true,"values":[{"type":"0x0000","length":0}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions - Truncated before extension length",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000ff01",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"truncated":true,"values":[{"type":"0x0000","length":0}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions - Truncated within extension type",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000ff",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"truncated":true,"values":[{"type":"0x0000","length":0}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello, Session ID, Extensions - Truncated before extension type",
+ input: "160303005902000055030309684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b0113220a4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598432101000d00000000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":89,"truncated":true,"handshakeType":"server_hello","serverVersion":"0x0303","random":"0x09684ab9c0f6e739e308cd42a18a73d9adc579378aa6b4228df7ecc422b01132","sessionID":"0xa4fe3d1e9a7dc5ce3d9341b4d48a2df755a0fd83876d0330018306707c9b9598","cipherSuite":"0x4321","compressionMethod":"0x01","extensions":{"length":13,"truncated":true,"values":[{"type":"0x0000","length":0}]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket",
+ input: "16030300ca040000c60000070800c0626f6889ce97edae08b0870505f9251e1d0713438ed014ac8f5e6969cf9e500aaba6080dfed5474ec85ff48d882d526cdae7f21d51b4beeb0be83fb822f18d22d2086b7519b29114364af034ac9a6915562ba686b81917bcb89fc4a750284470e7d67d8d33647e245e5e789f547d6a1be91ef0985bbfcf3b88760586b8f02570e0b7e8547fdad75530bc0261756ec994dfc725c8551c762f26e105e62290cd43773ea9e8a42ac8ac21467053240a29ef93c2e34c2f13ce8ff494d8c64f727248",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"handshakeType":"new_session_ticket","ticketLifetimeHint":"1800s","ticket":"0x626f6889ce97edae08b0870505f9251e1d0713438ed014ac8f5e6969cf9e500aaba6080dfed5474ec85ff48d882d526cdae7f21d51b4beeb0be83fb822f18d22d2086b7519b29114364af034ac9a6915562ba686b81917bcb89fc4a750284470e7d67d8d33647e245e5e789f547d6a1be91ef0985bbfcf3b88760586b8f02570e0b7e8547fdad75530bc0261756ec994dfc725c8551c762f26e105e62290cd43773ea9e8a42ac8ac21467053240a29ef93c2e34c2f13ce8ff494d8c64f727248"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated within ticket",
+ input: "16030300ca040000c60000070800c0626f6889ce97edae08b0870505f9251e1d0713438ed014ac8f5e6969cf9e500aaba6080dfed5474ec85ff48d882d526cdae7f21d51b4beeb0be83fb822f18d22d2086b7519b29114364af034ac9a6915562ba686b81917bcb89fc4a750284470",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket","ticketLifetimeHint":"1800s","ticket":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated before ticket",
+ input: "16030300ca040000c60000070800c0",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket","ticketLifetimeHint":"1800s","ticket":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated within ticket length",
+ input: "16030300ca040000c60000070800",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket","ticketLifetimeHint":"1800s","ticket":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated before ticket length",
+ input: "16030300ca040000c600000708",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket","ticketLifetimeHint":"1800s","ticket":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated within ticket lifetime hint",
+ input: "16030300ca040000c6000007",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket","ticketLifetimeHint":"","ticket":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - New Session Ticket - Truncated before ticket lifetime hint",
+ input: "16030300ca040000c6",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":202,"truncated":true,"handshakeType":"new_session_ticket"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate",
+ input: "1603030acf0b000acb000ac80002923082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf00029430820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d000599308205953082037da00302010202141521d02e945395325d99051e616ad01c97627ee2300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d3020170d3234303932323130303232325a180f32313234303832393130303232325a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bd7c65b5c2c7027e4eb77722f84d7dc9b45f9fae45c59dd0035340b3d8fec5ea644ac4563c4260b2c078880bf81ffec0e4cd9193b708ded6431c0e7d9e8f45d595712b733262f8f62f1b4c3ae69f1f39bc68a39b1b5699adddfd7c51b83f59479fe5ffe0faef6376b1c5cea434aa9db85e792f989b5977c6fda87f7c00f79e67e417d826c1ab1fa304163414fc6321790f07cffede43170718536e5fe3128f6d101de82a7b1de37f89e61d822f09eef7304213d41998a49e5ab6b1a7eb1ab4ece21f005061828567047aaf640cff2f87c85eefc2d3a91ebf48aaa893e59451acbea894975df2587b203302fb39755f2e21e012d1fc89df86ec53723df497318d8b44eee9334a2699ad403a7df6719747bc37429d3c47ada354308380b09bb6d76e21dc1735a1479470c94c0282bbbdf5e2e6af60cf1f2e9b8dad20e45307729813eaaf584b31984e036d5452dfae47a4b8640bdf4c02ecf4ce4240d64d2ab895cbf512558712533cd3fc6838bfd24a2a588b9f1b1848bb0d6b1cd77345add6e9dc547a7b95b027bb18e96f30c4f9cd780c96984472b70ea39a7acdff9c649ac4a59e12a5a72d436036b31fa130f6a72c717b3df403113ee3b3d1605f76e57e96b83e501ed5fe9200e2ea9aefa797fa0c8b6c5d8f12e4bea7359be03d3ca35d3e22e20639fc7e03c990a494402268a08fb1589dc086995b0ba3c9ffe255b6b7cf0203010001a3533051301d0603551d0e041604143e8bac5b946c2eff6a8cb337081fa4fe6ce07312301f0603551d230418301680143e8bac5b946c2eff6a8cb337081fa4fe6ce07312300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010081ad7acd39e5cc60682c962d367a84d32191e5b465ed531f617daf5fd33394a3ac9a42116d34211708ada0d9bd2cbf1d4a4175d67c87116c7495ed372c585ae6bdfe0bc713aa1afd0cc3f025c322dc45be0c3be982918dea938deaaa9e5bfd1fccb3eb8a111aec0498f64bdb16f6cb07bcecd85f6b9e445cf596d85596b4f0d7147d73cbc26000d374085e9c69f56262827fa3d5a037cf1d2cfe0f0eca779b101da08a8d732ecf584a193d93449697ee24ed6f41f9735ea3a3f206f8e6b5bf0b0ff3488a31d0feaccd701a144d35c265dc32d2e650f855debbfa5bd2d9dc2d80a1b8f81013f8049bd7be83a3ec5ae554c19fd4241a6686d4094ff073022d1f16afa5a0297e54a9b56fd469b44c6904d2b542f83ff0cf6af3b649f408f72f7cb49be5583ec4b1d912a677ae1fd81779506af9b688d8b753fdb0451925752fba8efcdaedf935f2a264caa1f4fe746ac6c339cca647b25f0bd2139205e67b6e90987da8b993b85037931443a6652426ab779db090cf08b28fed862a0ccdde1568bd930bf2d39ab7b850f97925e9bda13a6ee5166e48959711065c054bdf5ff04e4b8d5120caabca40c7707da3bb10f2ae7a00a6e56b012a6c00daaec5ddf0b63f61622aeeb81a71a5aa17508e5471e777bed8d09023c24280495adc38ffc3615dd20b139d32d7cc30b0690ab7f3e47a0131fa3d81929e64c6b9c6b363da410f6e5e",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"handshakeType":"certificate","certificateList":{"length":2760,"values":["0x3082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf","0x30820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d","0x308205953082037da00302010202141521d02e945395325d99051e616ad01c97627ee2300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d3020170d3234303932323130303232325a180f32313234303832393130303232325a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bd7c65b5c2c7027e4eb77722f84d7dc9b45f9fae45c59dd0035340b3d8fec5ea644ac4563c4260b2c078880bf81ffec0e4cd9193b708ded6431c0e7d9e8f45d595712b733262f8f62f1b4c3ae69f1f39bc68a39b1b5699adddfd7c51b83f59479fe5ffe0faef6376b1c5cea434aa9db85e792f989b5977c6fda87f7c00f79e67e417d826c1ab1fa304163414fc6321790f07cffede43170718536e5fe3128f6d101de82a7b1de37f89e61d822f09eef7304213d41998a49e5ab6b1a7eb1ab4ece21f005061828567047aaf640cff2f87c85eefc2d3a91ebf48aaa893e59451acbea894975df2587b203302fb39755f2e21e012d1fc89df86ec53723df497318d8b44eee9334a2699ad403a7df6719747bc37429d3c47ada354308380b09bb6d76e21dc1735a1479470c94c0282bbbdf5e2e6af60cf1f2e9b8dad20e45307729813eaaf584b31984e036d5452dfae47a4b8640bdf4c02ecf4ce4240d64d2ab895cbf512558712533cd3fc6838bfd24a2a588b9f1b1848bb0d6b1cd77345add6e9dc547a7b95b027bb18e96f30c4f9cd780c96984472b70ea39a7acdff9c649ac4a59e12a5a72d436036b31fa130f6a72c717b3df403113ee3b3d1605f76e57e96b83e501ed5fe9200e2ea9aefa797fa0c8b6c5d8f12e4bea7359be03d3ca35d3e22e20639fc7e03c990a494402268a08fb1589dc086995b0ba3c9ffe255b6b7cf0203010001a3533051301d0603551d0e041604143e8bac5b946c2eff6a8cb337081fa4fe6ce07312301f0603551d230418301680143e8bac5b946c2eff6a8cb337081fa4fe6ce07312300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010081ad7acd39e5cc60682c962d367a84d32191e5b465ed531f617daf5fd33394a3ac9a42116d34211708ada0d9bd2cbf1d4a4175d67c87116c7495ed372c585ae6bdfe0bc713aa1afd0cc3f025c322dc45be0c3be982918dea938deaaa9e5bfd1fccb3eb8a111aec0498f64bdb16f6cb07bcecd85f6b9e445cf596d85596b4f0d7147d73cbc26000d374085e9c69f56262827fa3d5a037cf1d2cfe0f0eca779b101da08a8d732ecf584a193d93449697ee24ed6f41f9735ea3a3f206f8e6b5bf0b0ff3488a31d0feaccd701a144d35c265dc32d2e650f855debbfa5bd2d9dc2d80a1b8f81013f8049bd7be83a3ec5ae554c19fd4241a6686d4094ff073022d1f16afa5a0297e54a9b56fd469b44c6904d2b542f83ff0cf6af3b649f408f72f7cb49be5583ec4b1d912a677ae1fd81779506af9b688d8b753fdb0451925752fba8efcdaedf935f2a264caa1f4fe746ac6c339cca647b25f0bd2139205e67b6e90987da8b993b85037931443a6652426ab779db090cf08b28fed862a0ccdde1568bd930bf2d39ab7b850f97925e9bda13a6ee5166e48959711065c054bdf5ff04e4b8d5120caabca40c7707da3bb10f2ae7a00a6e56b012a6c00daaec5ddf0b63f61622aeeb81a71a5aa17508e5471e777bed8d09023c24280495adc38ffc3615dd20b139d32d7cc30b0690ab7f3e47a0131fa3d81929e64c6b9c6b363da410f6e5e"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated within certificate",
+ input: "1603030acf0b000acb000ac80002923082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf00029430820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d0005990x308205953082037da00302010202141521d02e945395325d99051e616ad01c97627ee2300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d3020170d3234303932323130303232325a180f32313234303832393130303232325a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65332e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bd7c65b5c2c7027e4eb77722f84d7dc9b45f9fae45c59dd0035340b3d8fec5ea644ac4563c4260b2c078880bf81ffec0e4cd9193b708ded6431c0e7d9e8f45d595712b733262f8f62f1b4c3ae69f1f39bc68a39b1b5699adddfd7c51b83f59479fe5ffe0faef6376b1c5cea434aa9db85e792f989b5977c6fda87f7c00f79e67e417d826c1ab1fa304163414fc6321790f07cffede43170718536e5fe3128f6d101de82a7b1de37f89e61d822f09eef7304213d41998a49e5ab6b1a7eb1ab4ece21f005061828567047aaf640cff2f87c85eefc2d3a91ebf48aaa893e59451acbea894975df2587b203302fb39755f2e21e012d1fc89df86ec53723df497318d8b44eee9334a2699ad403a7df6719747bc37429d3c47ada354308380b09bb6d76e21dc1735a1479470c94c0282bbbdf5e2e6af60cf1f2e9b8dad20e45307729813eaaf584b31984e036d5452dfae47a4b8640bdf4c02ecf4ce4240d64d2ab895cbf512558712533cd3fc6838bfd24a2a588b9f1b1848bb0d6b1cd77345add6e9dc547a7b95b027bb18e96f30c4f9cd780c96984472b70ea39a7acdff9c649ac4a5",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate","certificateList":{"length":2760,"truncated":true,"values":["0x3082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf","0x30820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated before certificate",
+ input: "1603030acf0b000acb000ac80002923082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf00029430820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d000599",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate","certificateList":{"length":2760,"truncated":true,"values":["0x3082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf","0x30820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated within certificate length",
+ input: "1603030acf0b000acb000ac80002923082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf00029430820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d0005",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate","certificateList":{"length":2760,"truncated":true,"values":["0x3082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf","0x30820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated before certificate length",
+ input: "1603030acf0b000acb000ac80002923082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf00029430820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate","certificateList":{"length":2760,"truncated":true,"values":["0x3082028e308201f7a003020102021468f6f88ecf1bf3d14e7503ef2e1b789cb77b86c3300d06092a864886f70d01010b05003058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d3020170d3234303932323039353335385a180f32313234303832393039353335385a3058310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643114301206035504030c0b6578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c3df3e5745f05b3aa220ce4108838107653c3ae9584ace27d7088506ebdc3531afbe6265719278682eaa4fec7ae1f319395d356be79477bc62edbe7207d96f5717e9bd9083fdcc797c1b8e38bcf9fd08df6f101bc2a06101ddce6be2f5a0de80ebc8fdce2538867c1d6a84acef26b2068c5d27771abcee071bcf378899cb32730203010001a3533051301d0603551d0e041604144c9b134c1575c51ae9d03c4020da7541278ad928301f0603551d230418301680144c9b134c1575c51ae9d03c4020da7541278ad928300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000381810012a06cced33d721b1d7912ff0b190b74524ddfdeca103aba0f168f4f15f57212ba7d66328e48b021f32cfec84f65d79821bc1fe9f472f60c094e537160708a48a0898dbf613cece86892cf48fcd598757aa4379e18673626be2f048e35f585086ea7a3766ce50a14ca6f691b369c965e062f40619cde6262ed8019b522e76eaf","0x30820290308201f9a00302010202142a3329f5e2e92940318cecd036ff135525b1d491300d06092a864886f70d01010b05003059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d3020170d3234303932323039353531375a180f32313234303832393039353531375a3059310b30090603550406130258583115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c74643115301306035504030c0c6578616d706c65322e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b27c861d957c49111b4f37f65bc142da564429c74a925e3de6d9add55ccfccf1316a5002b3ed2d35ec9822499e7256f9caaa2191010df354185c63a32c8d080ba49510953d7ec2210685030564be69a9f2262a9da22f3623b2a9b032f3a82b1c31ce11336c288fc3d5f63565aacc8c0f85ebaad6af2cd3505a7cf3945ca2ca690203010001a3533051301d0603551d0e0416041485478b7936ecd417647e9d8582d3f68fc670d839301f0603551d2304183016801485478b7936ecd417647e9d8582d3f68fc670d839300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003818100652656aef44c7a507a376de248cd1b36028fb1b0292593f88eb36b429f7de4c668aef7b0d862c9314e5d870f7c28353022657a7de07ec69505a54e48337ab6ba425bfd8865b720f1f2e86c92edaa261fd73e44856ac45c4d9378c86adb96b6f999f61e5f651cb885e06a3d909b5fa79458941bea36785ea585aeb5025032a18d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated within certificate list length",
+ input: "1603030acf0b000acb000a",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate","certificateList":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate - Truncated before certificate list length",
+ input: "1603030acf0b000acb",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":2767,"truncated":true,"handshakeType":"certificate"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Key Exchange",
+ input: "16030300840c000080a90c12174921d7044303107b6e37523957439b436e57904e82702784bfc261a8f0a7e4143a77144357d29ee322f25e4fce393ac7570ee26c378298a6ad18fd8b87175e472c7c07b97699f72958e0af489df00d34e5e03dde2e09dfe06d448651ee45c07fadc05e0d1585589e3715a04b935e72bc28c34593712acef7883ed69a",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"handshakeType":"server_key_exchange","handshakeValue":"0xa90c12174921d7044303107b6e37523957439b436e57904e82702784bfc261a8f0a7e4143a77144357d29ee322f25e4fce393ac7570ee26c378298a6ad18fd8b87175e472c7c07b97699f72958e0af489df00d34e5e03dde2e09dfe06d448651ee45c07fadc05e0d1585589e3715a04b935e72bc28c34593712acef7883ed69a"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Key Exchange - Truncated within content",
+ input: "16030300840c000080a90c12174921d7044303107b6e37523957439b436e57904e82702784bfc261a8f0a7e4143a77144357d29ee322f25e4fce393ac7570ee26c378298a6ad18fd8b",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"truncated":true,"handshakeType":"server_key_exchange","handshakeValue":"0xa90c12174921d7044303107b6e37523957439b436e57904e82702784bfc261a8f0a7e4143a77144357d29ee322f25e4fce393ac7570ee26c378298a6ad18fd8b"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Key Exchange - Truncated before content",
+ input: "16030300840c000080",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"truncated":true,"handshakeType":"server_key_exchange"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, No certificate authorities",
+ input: "160303001f0d00001b040102030400120601060206030301030203030201020202030000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":31,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202030028000c546bf13f358cf3ddc1eef77d001813b3cdd60a34fc74f2e4ef2344cfd2156924d8d2810e2c86",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]},"certificateAuthorities":{"length":40,"values":["0x546bf13f358cf3ddc1eef77d","0x13b3cdd60a34fc74f2e4ef2344cfd2156924d8d2810e2c86"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within certificate authority",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202030028000c546bf13f358cf3ddc1eef77d001813b3cdd60a34fc74f2e4ef23",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]},"certificateAuthorities":{"length":40,"truncated":true,"values":["0x546bf13f358cf3ddc1eef77d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before certificate authority",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202030028000c546bf13f358cf3ddc1eef77d0018",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]},"certificateAuthorities":{"length":40,"truncated":true,"values":["0x546bf13f358cf3ddc1eef77d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within certificate authority length",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202030028000c546bf13f358cf3ddc1eef77d00",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]},"certificateAuthorities":{"length":40,"truncated":true,"values":["0x546bf13f358cf3ddc1eef77d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before certificate authority length",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202030028000c546bf13f358cf3ddc1eef77d",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]},"certificateAuthorities":{"length":40,"truncated":true,"values":["0x546bf13f358cf3ddc1eef77d"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within certificate authorities length",
+ input: "16030300470d0000430401020304001206010602060303010302030302010202020300",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before certificate authorities length",
+ input: "16030300470d00004304010203040012060106020603030103020303020102020203",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202","0x0203"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within supported signature algorithm",
+ input: "16030300470d000043040102030400120601060206030301030203030201020202",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"truncated":true,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before supported signature algorithm",
+ input: "16030300470d0000430401020304001206010602060303010302030302010202",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{"length":18,"truncated":true,"values":["0x0601","0x0602","0x0603","0x0301","0x0302","0x0303","0x0201","0x0202"]}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within supported signature algorithms length",
+ input: "16030300470d000043040102030400",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before supported signature algorithms length",
+ input: "16030300470d0000430401020304",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"values":["0x01","0x02","0x03","0x04"]},"supportedSignatureAlgorithms":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated within certificate types",
+ input: "16030300470d00004304010203",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"truncated":true,"values":["0x01","0x02","0x03"]},"supportedSignatureAlgorithms":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before certificate types",
+ input: "16030300470d00004304",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request","certificateTypes":{"length":4,"truncated":true,"values":[]},"supportedSignatureAlgorithms":{}}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Request, Certificate authorities - Truncated before certificate types length",
+ input: "16030300470d000043",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":71,"truncated":true,"handshakeType":"certificate_request"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Server Hello Done",
+ input: "16030300040e000000",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":4,"handshakeType":"server_hello_done"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify",
+ input: "16030301080f000104040101009310d3dda84b149a00258f0bb4501e710f7ed70a45cf4f0bab39dac1a456027f0f6167924f08a8221613bcf46c27e91458d05163200fd1bf3673351d74693c08c6640635d4e9f84e9568e39d3346e3ff2f3eacf9887d738935d8b07e42659dd3b212662bf028bcefe98b686a1a83fb2f24aead94cccd3f6b26c9d42ba43254d2a93d1b85ae2d0ee7c7170aac3397fa6de77183d30c99e6bb0e81f925793f64d8b490cb74d051896ebee9086c7606905b21bab6ebd9866a451958f7d839134aeb335b2ad5f9ce89a69321a099c081b5166332cf2bb231dd135b79cf94218e6ada94644eaa09ae6c0ec0164e3cca631c0f4b7b9a2d59fb40909ec88805e61b5917",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"0x01","signature":"0x9310d3dda84b149a00258f0bb4501e710f7ed70a45cf4f0bab39dac1a456027f0f6167924f08a8221613bcf46c27e91458d05163200fd1bf3673351d74693c08c6640635d4e9f84e9568e39d3346e3ff2f3eacf9887d738935d8b07e42659dd3b212662bf028bcefe98b686a1a83fb2f24aead94cccd3f6b26c9d42ba43254d2a93d1b85ae2d0ee7c7170aac3397fa6de77183d30c99e6bb0e81f925793f64d8b490cb74d051896ebee9086c7606905b21bab6ebd9866a451958f7d839134aeb335b2ad5f9ce89a69321a099c081b5166332cf2bb231dd135b79cf94218e6ada94644eaa09ae6c0ec0164e3cca631c0f4b7b9a2d59fb40909ec88805e61b5917"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated within signature",
+ input: "16030301080f000104040101009310d3dda84b149a00258f0bb4501e710f7ed70a45cf4f0bab39dac1a456027f0f6167924f08a8221613bcf46c27e91458d05163200fd1bf3673351d74693c08c6640635d4e9f84e9568e39d3346e3ff2f3eacf9887d738935d8b07e42659dd3b212662bf028bcefe98b686a1a83fb2f24aead94cccd3f6b26c9d42ba43254d2",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"0x01","signature":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated before signature",
+ input: "16030301080f00010404010100",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"0x01","signature":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated within signature length",
+ input: "16030301080f000104040101",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"0x01","signature":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated before signature length",
+ input: "16030301080f0001040401",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"0x01","signature":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated before algorithm.signature",
+ input: "16030301080f00010404",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify","algorithmHash":"0x04","algorithmSignature":"","signature":""}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Certificate Verify - Truncated before algorithm.hash",
+ input: "16030301080f000104",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":264,"truncated":true,"handshakeType":"certificate_verify"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Key Exchange",
+ input: "1603030084100000802b45af77539975e975c9389030193bb6d7841d870e058850a5aac5f8ded75d243ae8bec2bc8ba4e683eba22d5820b555c69f97001aa7d56cba1839588e7f1602ad0b4cb7319fc52694a67f1e381b4d8a581823410920717ee85ef352dea39097e6b131bdfeb3913f0f7eaa3b3882abe4615cc13e2a133558adff159771dfdc8d",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"handshakeType":"client_key_exchange","handshakeValue":"0x2b45af77539975e975c9389030193bb6d7841d870e058850a5aac5f8ded75d243ae8bec2bc8ba4e683eba22d5820b555c69f97001aa7d56cba1839588e7f1602ad0b4cb7319fc52694a67f1e381b4d8a581823410920717ee85ef352dea39097e6b131bdfeb3913f0f7eaa3b3882abe4615cc13e2a133558adff159771dfdc8d"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Key Exchange - Truncated within content",
+ input: "1603030084100000802b45af77539975e975c9389030193bb6d7841d870e058850a5aac5f8ded75d243ae8bec2bc8ba4e683eba22d5820b555c69f97001aa7d56cba1839588e7f1602",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"truncated":true,"handshakeType":"client_key_exchange","handshakeValue":"0x2b45af77539975e975c9389030193bb6d7841d870e058850a5aac5f8ded75d243ae8bec2bc8ba4e683eba22d5820b555c69f97001aa7d56cba1839588e7f1602"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Client Key Exchange - Truncated before content",
+ input: "160303008410000080",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":132,"truncated":true,"handshakeType":"client_key_exchange"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Finished",
+ input: "1603030028ed83078db91b046358065ca3f7ea4494af3deb59bf72f522e15ef9071c52becb0069a093b23994c1",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":40,"handshakeType":"finished","handshakeValue":"0xed83078db91b046358065ca3f7ea4494af3deb59bf72f522e15ef9071c52becb0069a093b23994c1"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Finished - Truncated within ciphertext",
+ input: "1603030028ed83078db91b046358065ca3f7ea4494af3deb59",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":40,"truncated":true,"handshakeType":"finished","handshakeValue":"0xed83078db91b046358065ca3f7ea4494af3deb59"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Unknown",
+ input: "1603030024120000203c210cd33fd2a7379ae02700b208ae7357f98b46a1dea566c4061acfb6e188bc",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":36,"handshakeType":"18","handshakeValue":"0x3c210cd33fd2a7379ae02700b208ae7357f98b46a1dea566c4061acfb6e188bc"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Unknown - Truncated within content",
+ input: "1603030024120000203c210cd33fd2a7379ae02700b208",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":36,"truncated":true,"handshakeType":"18","handshakeValue":"0x3c210cd33fd2a7379ae02700b208"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Handshake - Unknown - Truncated before content",
+ input: "160303002412000020",
+ expectedOutput: '[{"type":"handshake","version":"0x0303","length":36,"truncated":true,"handshakeType":"18"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Application Data",
+ input: "1703030064bbfd70f5d2ae0fe62262830040c264fa578bf2000ea50bb2c92d4837727f5db06b580e43896eaa1a0042b4fc3eb5aca6731705f5d957c481bade800cf1cd066dfd997851af09e820e84ee0b531b4eaccfd8b5f28b74d756a8aeadf78eefb2d26e46b5b69",
+ expectedOutput: '[{"type":"application_data","version":"0x0303","length":100,"value":"0xbbfd70f5d2ae0fe62262830040c264fa578bf2000ea50bb2c92d4837727f5db06b580e43896eaa1a0042b4fc3eb5aca6731705f5d957c481bade800cf1cd066dfd997851af09e820e84ee0b531b4eaccfd8b5f28b74d756a8aeadf78eefb2d26e46b5b69"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Application Data - Truncated within content",
+ input: "1703030064bbfd70f5d2ae0fe62262830040c264fa578bf2000ea50bb2c92d4837727f5db06b580e43896eaa1a0042b4fc3eb5aca67317",
+ expectedOutput: '[{"type":"application_data","version":"0x0303","length":100,"truncated":true,"value":"0xbbfd70f5d2ae0fe62262830040c264fa578bf2000ea50bb2c92d4837727f5db06b580e43896eaa1a0042b4fc3eb5aca67317"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Application Data - Truncated before content",
+ input: "1703030064",
+ expectedOutput: '[{"type":"application_data","version":"0x0303","length":100,"truncated":true}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Unknown",
+ input: "1c03030020c02beaae1dd2e9ec46c4d201d72105457af1f8e92d56ad95f339398e5774cb6f",
+ expectedOutput: '[{"type":"28","version":"0x0303","length":32,"value":"0xc02beaae1dd2e9ec46c4d201d72105457af1f8e92d56ad95f339398e5774cb6f"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Unknown - Truncated within content",
+ input: "1c03030020c02beaae1dd2e9ec46c4d201d7210545",
+ expectedOutput: '[{"type":"28","version":"0x0303","length":32,"truncated":true,"value":"0xc02beaae1dd2e9ec46c4d201d7210545"}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ },
+ {
+ name: "Parse TLS record: Unknown - Truncated before content",
+ input: "1c03030020",
+ expectedOutput: '[{"type":"28","version":"0x0303","length":32,"truncated":true}]',
+ recipeConfig: [
+ {
+ op: "From Hex",
+ args: ["None"]
+ },
+ {
+ op: "Parse TLS record",
+ args: []
+ },
+ {
+ op: "JSON Minify",
+ args: []
+ }
+ ]
+ }
+]);