TLS13: add final tests for RFC 8446

Add TLS 1.3 tests that verify decryption of handshake, application and
early data. Add another test that shows that early data is properly
skipped. This completes TLS 1.3 (RFC 8446) decryption support.

The trace was created using boringssl c4131a4a23a1.

Bug: 12779
Change-Id: Iddd266ecd3f428c95aa3f69616ce55e75d4ccca0
Reviewed-on: https://code.wireshark.org/review/29170
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

test/keys/tls13-rfc8446-noearly.keys

@@ -0,0 +1,8 @@
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 3a497c91f6e130fbc18fc9f773b92bb0d538dfedc30e964cde0676396f24d0df
+SERVER_HANDSHAKE_TRAFFIC_SECRET 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 1a63b313c605f90e0b3c5717ebbbc62e1da3fe8e2aa66e499409a06b89040783
+CLIENT_TRAFFIC_SECRET_0 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 1ce3e54d6b980d838f79564fd33d43a7664df24ead913c316c379ca3dd349b74
+SERVER_TRAFFIC_SECRET_0 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df befa80156bd5cb23899c23afadd8deb87c4117323b3e184085b57c8f4dc56760
+CLIENT_HANDSHAKE_TRAFFIC_SECRET b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d f4b31725da386891edbf521b96547be8b166487ca56ac197ac8df728c303ee80
+SERVER_HANDSHAKE_TRAFFIC_SECRET b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d ee3a6c64336e7f22214ab8f4b1aba29b0e7c72c84890a240d5c0c451ffceee9a
+CLIENT_TRAFFIC_SECRET_0 b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d ceca66e29c1452990be5d1a439805adb9e582931051e847d8ad676147fd63b13
+SERVER_TRAFFIC_SECRET_0 b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d bf428b9e2e4853bab9c442f23d0dc45a9d552ab31ec96c7b9633ed16694924d0

test/keys/tls13-rfc8446.keys

@@ -0,0 +1,9 @@
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 3a497c91f6e130fbc18fc9f773b92bb0d538dfedc30e964cde0676396f24d0df
+SERVER_HANDSHAKE_TRAFFIC_SECRET 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 1a63b313c605f90e0b3c5717ebbbc62e1da3fe8e2aa66e499409a06b89040783
+CLIENT_TRAFFIC_SECRET_0 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df 1ce3e54d6b980d838f79564fd33d43a7664df24ead913c316c379ca3dd349b74
+SERVER_TRAFFIC_SECRET_0 2635fafc16c49a3e997ef714c303806dc8dbf634a2005b0e0186521c4ad6f9df befa80156bd5cb23899c23afadd8deb87c4117323b3e184085b57c8f4dc56760
+CLIENT_EARLY_TRAFFIC_SECRET b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d 42c0101fad261571cb8799c86a1eb4afe6dcef4a5f88664ac63e4c77452a77ef
+CLIENT_HANDSHAKE_TRAFFIC_SECRET b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d f4b31725da386891edbf521b96547be8b166487ca56ac197ac8df728c303ee80
+SERVER_HANDSHAKE_TRAFFIC_SECRET b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d ee3a6c64336e7f22214ab8f4b1aba29b0e7c72c84890a240d5c0c451ffceee9a
+CLIENT_TRAFFIC_SECRET_0 b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d ceca66e29c1452990be5d1a439805adb9e582931051e847d8ad676147fd63b13
+SERVER_TRAFFIC_SECRET_0 b67947da9d3e4b2ce8acffa975e30aa7ef90f7ec0d39de78db392f38b9a9a41d bf428b9e2e4853bab9c442f23d0dc45a9d552ab31ec96c7b9633ed16694924d0

test/suite_decryption.py

@@ -259,6 +259,58 @@ class case_decrypt_tls(subprocesstest.SubprocessTestCase):
             env=config.test_env)
         self.assertTrue(self.grepOutput('TLS13-CHACHA20-POLY1305-SHA256'))
 
+    def test_tls13_rfc8446(self):
+        '''TLS 1.3 (normal session, then early data followed by normal data).'''
+        if not config.have_libgcrypt16:
+            self.skipTest('Requires GCrypt 1.6 or later.')
+        capture_file = os.path.join(config.capture_dir, 'tls13-rfc8446.pcap')
+        key_file = os.path.join(config.key_dir, 'tls13-rfc8446.keys')
+        proc = self.runProcess((config.cmd_tshark,
+                '-r', capture_file,
+                '-ossl.keylog_file:{}'.format(key_file),
+                '-Y', 'http',
+                '-Tfields',
+                '-e', 'frame.number',
+                '-e', 'http.request.uri',
+                '-e', 'http.file_data',
+                '-E', 'separator=|',
+            ),
+            env=config.test_env)
+        self.assertEqual([
+            r'5|/first|',
+            r'6||Request for /first, version TLSv1.3, Early data: no\n',
+            r'8|/early|',
+            r'10||Request for /early, version TLSv1.3, Early data: yes\n',
+            r'12|/second|',
+            r'13||Request for /second, version TLSv1.3, Early data: yes\n',
+        ], proc.stdout_str.splitlines())
+
+    def test_tls13_rfc8446_noearly(self):
+        '''TLS 1.3 (with undecryptable early data).'''
+        if not config.have_libgcrypt16:
+            self.skipTest('Requires GCrypt 1.6 or later.')
+        capture_file = os.path.join(config.capture_dir, 'tls13-rfc8446.pcap')
+        key_file = os.path.join(config.key_dir, 'tls13-rfc8446-noearly.keys')
+        proc = self.runProcess((config.cmd_tshark,
+                '-r', capture_file,
+                '-ossl.keylog_file:{}'.format(key_file),
+                '-Y', 'http',
+                '-Tfields',
+                '-e', 'frame.number',
+                '-e', 'http.request.uri',
+                '-e', 'http.file_data',
+                '-E', 'separator=|',
+            ),
+            env=config.test_env)
+        self.assertEqual([
+            r'5|/first|',
+            r'6||Request for /first, version TLSv1.3, Early data: no\n',
+            r'10||Request for /early, version TLSv1.3, Early data: yes\n',
+            r'12|/second|',
+            r'13||Request for /second, version TLSv1.3, Early data: yes\n',
+        ], proc.stdout_str.splitlines())
+
+
 class case_decrypt_zigbee(subprocesstest.SubprocessTestCase):
     def test_zigbee(self):
         '''ZigBee'''