From d45f082691abae2410a3102739fdd22db08f2dbd Mon Sep 17 00:00:00 2001
From: Lindsay Stewart <slindsay@amazon.com>
Date: Sat, 8 Jun 2024 15:55:07 -0700
Subject: [PATCH] test: add pcap testing crate

---
 .github/workflows/ci_rust.yml         |  27 ++++
 tests/pcap/.gitignore                 |   2 +
 tests/pcap/Cargo.toml                 |  15 +++
 tests/pcap/data/fragmented_ch.pcap    | Bin 0 -> 19578 bytes
 tests/pcap/data/multiple_hellos.pcap  | Bin 0 -> 16329 bytes
 tests/pcap/data/tls12.pcap            | Bin 0 -> 2575 bytes
 tests/pcap/data/tls13.pcap            | Bin 0 -> 3162 bytes
 tests/pcap/src/capture.rs             |  42 +++++++
 tests/pcap/src/client_hello.rs        |  83 +++++++++++++
 tests/pcap/src/handshake_message.rs   | 171 ++++++++++++++++++++++++++
 tests/pcap/src/lib.rs                 |   3 +
 tests/pcap/tests/s2n_client_hellos.rs |  56 +++++++++
 12 files changed, 399 insertions(+)
 create mode 100644 tests/pcap/.gitignore
 create mode 100644 tests/pcap/Cargo.toml
 create mode 100644 tests/pcap/data/fragmented_ch.pcap
 create mode 100644 tests/pcap/data/multiple_hellos.pcap
 create mode 100644 tests/pcap/data/tls12.pcap
 create mode 100644 tests/pcap/data/tls13.pcap
 create mode 100644 tests/pcap/src/capture.rs
 create mode 100644 tests/pcap/src/client_hello.rs
 create mode 100644 tests/pcap/src/handshake_message.rs
 create mode 100644 tests/pcap/src/lib.rs
 create mode 100644 tests/pcap/tests/s2n_client_hellos.rs

diff --git a/.github/workflows/ci_rust.yml b/.github/workflows/ci_rust.yml
index 39191005f66..607eb12e265 100644
--- a/.github/workflows/ci_rust.yml
+++ b/.github/workflows/ci_rust.yml
@@ -14,6 +14,7 @@ env:
   RUST_NIGHTLY_TOOLCHAIN: nightly-2024-01-01
   ROOT_PATH: bindings/rust
   EXAMPLE_WORKSPACE: bindings/rust-examples
+  PCAP_TEST_PATH: tests/pcap
 
 jobs:
   generate:
@@ -256,3 +257,29 @@ jobs:
       - name: Check MSRV of s2n-tokio
         run: grep "rust-version = \"$(cat ${{env.ROOT_PATH}}/rust-toolchain)\"" ${{env.ROOT_PATH}}/s2n-tls-tokio/Cargo.toml
 
+  pcaps:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Install Rust toolchain
+        id: toolchain
+        run: |
+          rustup toolchain install stable --component clippy
+          rustup override set stable
+
+      - name: Generate bindings
+        working-directory: ${{env.ROOT_PATH}}
+        run: ./generate.sh --skip-tests
+        
+      - name: Run lints
+        working-directory: ${{env.PCAP_TEST_PATH}}
+        run: |
+          cargo fmt --all -- --check
+          cargo clippy --all-targets -- -D warnings
+      
+      - name: Run tests
+        working-directory: ${{env.PCAP_TEST_PATH}}
+        run: cargo test
diff --git a/tests/pcap/.gitignore b/tests/pcap/.gitignore
new file mode 100644
index 00000000000..2c96eb1b651
--- /dev/null
+++ b/tests/pcap/.gitignore
@@ -0,0 +1,2 @@
+target/
+Cargo.lock
diff --git a/tests/pcap/Cargo.toml b/tests/pcap/Cargo.toml
new file mode 100644
index 00000000000..bc5aa1bbc2a
--- /dev/null
+++ b/tests/pcap/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "pcap"
+version = "0.1.0"
+edition = "2021"
+publish = false
+
+[dependencies]
+anyhow = "1.0.86"
+hex = "0.4.3"
+rtshark = "2.7.1"
+
+[dev-dependencies]
+# We want to test against the latest, local version of s2n
+s2n-tls-sys = { path = "../../bindings/rust/s2n-tls-sys" }
+s2n-tls = { path = "../../bindings/rust/s2n-tls", features = ["unstable-fingerprint"] }
diff --git a/tests/pcap/data/fragmented_ch.pcap b/tests/pcap/data/fragmented_ch.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..d5518d8366603055dbf1342a212f23e9a8a9cbe7
GIT binary patch
literal 19578
zcmeI4eLR!vAIGn49%fNWXNVom(>U^2sYxhm&P2^BMWK_Lqd6QT<m9P1LJ==gl%gMs
zLMjK<N)gpw^kA!F^~>{9IZdUNhu?iq>#QfgfBN&fUaxDf+h*_kbHDH1-+!*}>v~XE
zaRLiuz`sKVV30rbhrPBldli8Va*R&t5ijtTxnB$LGwr0`MUK%gN)OD%k^NkN2O1QF
zHX^44=*Xw&lpc7n0sw1nrya19^M4qHP|$hZTgxt(LFq&PGY>n#8#e<0D>K29!Qu&d
zCz{`*?_+Q{d6bNopNb3sO17?+khSctdtb@Q4@Kzxd9x;Ne@;f}60#aXUXGjzozg>`
zc>%XeoViUx{*bvJq3?=T#)5GJBqL@rFG@wTnkguOCt5%}KPPH6bGuQZi|tp5YFI$J
z`H?t^5{WpBRu%@>#^P{f+YQ04a`w)DW?B<M?odgB_?$%Lq}+6^<r^puo;CT+b;;DU
zDkQ#gYhEzh!y&3+OAT-5(ja<l+S@Ltl}nrhi-EohMg^;a;}~&FIrBJXcZ%;6aTGWz
z932jYL*UE?Ilvm2f(hhwD!>RR;BhiI91e@a00MH0<p2q&0yQun=mTBkc<#o_dznuh
zG&&Ntw5j&R)4=w@`iT)ozo(ea3dOm;>lJ|#&<1ny3U~s38eRr3i<gtZ$YSI$IE)NV
z7AJ?IF<2a;XgW{?K!F{wbqm`!AUFi*An#2BSmd{6jJ#ryvjT#GO|-O3cnl3d1JD38
z01ZF`&;T?54L}3X05kv%Km*VKGyn}i1JD3801ZF`&;T?54L}3X05kv%d^ZE=YX3@P
zwg21w141)&wV$3QS?&MOnXoIEL5q)8#<WTG51_04qbSjR>i&TqasPmgggDueK#Lc5
zBz)OFFe>gJ_-<DWLC^p+01ZF`&;T?54L}3X05kv%Km*VKGyn}i1JD3801ZF`&;T?5
z4L}3X05kv%Km*VKH1N3rbhZDNsrv`a#r*@RlGXly`v+LsNdG|X*ZK$82=O>_Ds)N@
z@s0**++LLEA1NVD_7AYMCH({A`##x!0PP<D8>BJc^B5HnFtq>+v4De;xKaY5z9ryy
zWhF2l+3y0K(gPJBqbHn?5?AJam54M@VCQ@kFpjol5OFvVfdwEG*{*;deP->m65=1$
z#mlhCtiJU7Nka}r{2=$RW_hb|wUhsM0|pgjO9K;RX9X-y2H8eIyorL+s_@q6N|skT
zHMou<Xq%PHzLOqc+%LSnAG0pC=1ACV<n$PfD)OqTYwDcc%=9!jZjg;#bajs2Qvd7(
z8zC3@44ZWOq^LN=Zf=^+*pvPXin5(X5$(IVFXK4vJKydapyA%os*<U5!dHo`jTsC3
zW%SNu#o5Z!o>uy&cgfd@E*4lFUfyUNs6P<9fZi;qwvTrYC@kLfdwM7(w`ym>b%FU`
z*N1SxFVao}OM2FzUij0h@CVO1^?dq^Fk1F+g2g5c?dn=xT8uSYPuqnO6CDd0YjYhZ
zaIG)Bo;h#VZOR>2cN26k`71?N;L~%D?sn3OcrKwb(Be^Q?_$4K^Opn{urHq(a%Xi9
zr$*|95J#{ccODJbtgbk8NyIBMwOClzNj2X5yW$4r_z3SuDu$i?Juhsc7~8wcSf#IS
zWbW`@Sg>v^guEZu=5@N4e3;Spc=|@g83zo;6c!#mxWlExcYvBQ-Gt^7&X~P4O~oeF
zvZ85o<IF#N?Wenq?9<jhq~7j&J~ODex$!aZdhZ!<V#oH{{$=qqn8APKGuHE_G3$@q
zEKS_=I>GLt5dj~!GMBnfk+`f#b$V6Bi2YN?RS``Zn$1_1^uENr3(D6q7qRyT`s_BI
zfA(DTp+z+pXm1oZsxlpt{wycxV3p$1EoyVpPKBLa;>=TG-&Q&H!h`DUdVm!!Vh<_3
zv=i+)b5YQIw9GX^y`_1Wr6SD#>7?h_E#Z|_`3Fznnq31rWA-vR+$R_D%P@7v&5k_^
zsdf_HetcH`W{#V};eLHmN^SbXy)zCGPrXeyYr?i2Ww)o@TgUxdgS1&G!viNz;t|L*
z2J1>$zs^fP>J#axIkPNVnbx1OZCmx&V3mNu?Kt5XaaFlA)t468r?d5N)Q+Rk-Sw#_
zgPdpg^fw$A0gE{vvWB<r(>E~BpBk{7F~|=KFx=c!Ih16XQ+%HLoLxLX_CbHEF-6M5
zSqHIy{`j-jYHA{}*63_zGk=!ekL0#@-C&RB1o2(QJ^mX0-SttJp9qziyGge$8kXj*
z)w%jZXkFhhmX-mMMi_>g3-UY-PABV(6Kve(Sw-@<n(`A?7=r_y9XAqs3bz*gHaat8
zmZHmhzY)Ifu9x&R5%vFF9&>7Dd6nq>4K&5V5#{!Ee+9j9Ve&-w<tyk!bCHYoo+yp?
zt)~1=leY5E9`!S6y-t?P-o5l(+d@tbBl;&UwL*(h0#ZW0-POhI6W36_q=bB^p;1?|
z3Vo5HB$BGiXbBldi6@Clz!9lN=#(Dfs%*vW7ZY2)N<@m%xXH(&G=UN)s{+b3IX_iW
z;R12_Op$OW%V(i)FoU)4)BS5&3=r-FO0+?U8AwEQN)K_;c<z8W>0Sx(!?o`dUptyK
zLXs3Ewit--Lx59h%=4z;yfvK@XZDe)ip)XdG;L=E4X^eJ?zNRAT05Nr(yJH$Eo^P1
zRLsxyJ{NQ~&`B5lrb=>5PKdc6ZQRHdqsm}k8`bWAfo7DiR03qAn4(j9pcyeL!i8wY
zpGzefrLLM6jbxmV|1#ra-s_y#n(jNpS1oYOxT8$|Ct@vQUj3pcsk-4?F69+usUGH=
z@RXCsk^{3nJw&gg;@wK@ncHW@HI8@O3-rTcOP<?C#9gBr=2I+_Zbc0qOFkX?D9L`*
z*wmp(;obP!O+HP#>k5xp3|fh@H1BVm!Rd1$gpn`&9Xhyt^r6=3<^1Hpq(l+3&e4Es
zHlV%h?SItAmiqW@JGJduN{)FZ@BEe@LRHJlS_;%!Ly`@YuO72*V5!vwvm@%~948Y5
zQC;qpW)J99RFl<DHsu-|sfbHC_fNZxH7}0gT2_t<bDCP1rC3<Wr^1S8$j{{4!a6Lc
z`QGS>$@Fj)wE9y9OP$r40y&ZANIN}SU;TRbX2j5|+Oyl-d<HPr^$bJ1^w{z>)P$hd
zMr=~M7imfF+P+48hYqYQC7&IQa~I|Zb^kDt$5zmO6U#T-L@y&}ZsglHWC$|bDX}8g
zQ;*k=24?Qi{Aa^7-=nVC!rjCJL)fJEt@B2Y1elX6jJ(bK?{<-@sxSEzl&~6Nn5Oc>
zzul-V+WOSta)?dXt48&5mtWSbIQ{r}#_DCxBw_48$<vzawlx$-+qTQuTZ;7smu^+u
zQ_v2R&Aq1e<Cq01Y#SnMiV83&ehNO@%ZkOjl2xq#<#W|yfD)fgNfa(ZiS+%S-hyI%
z@hzAsz0=g>bA=K;FHD*7xj5qk3Gu^|ie{ule}fo0B~iFooH0>CoP4f|DM&{C*RJ}1
DaYff5

literal 0
HcmV?d00001

diff --git a/tests/pcap/data/multiple_hellos.pcap b/tests/pcap/data/multiple_hellos.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..dd124cbe3ea0c7310d382c6fc02413811a63e1c6
GIT binary patch
literal 16329
zcmdU#cRbeL|Nk$S%O-nd3)wpv*?Uzsk-aw&qKqheWM^k*W+XE!*_4EgvLZVno8Rko
zm7;g~{PX?icW$>=H(lv|p6BsA=XuWKI<JA2vL{do4D!3dAPB%;V&9mW-)_W&C;&f$
z&&h@gk%mBo=+nd?V#vf~-Vg`^__V^P#P;i+Nr1nZ4m}z=<b*(=u%jUu6cyd1PsbJf
z903s#1ti};lMI1?WTBd4GL={>tXA=PGC-G1$2;o!lMK?2$>9JQ3;`Yn*yYa#kNFaP
zIy~kJ$K;<eO9J#19~>y;kP(Ox;YYk66^ym8851H8NCG}58%RXBLjMFL5|RFuNCJf%
zahxU+AtE3^0n#BN;tf#`{v8QVivf-=#t^xt$-CtD4*Xl9NIDH8p3j`e-lX2>Gq`;n
zkFxSys1{b;P^+p<>yXYvi+~T5d3uxk2oIeh7x5ABq4<c6ER7tEtc{%APrLIP(Hij^
zX&V_D(HjXM$q*q32jmFoE&{>=K|@7^AtE9|5fLEh5L5^<gaSegA%XBfE<)&lpQ&wL
z()2PS*Pst5xwfNwzo&i3hK;hi!q*<%PZVYuUxEq2f?R-5qoSdrqhg@KP?1oPVF*YF
z$OwoCFhnFoWDt!2MFb=|2f>6u&}<z{jBG6(oLwNaz-Jf`aMWzTp9ny&@afeC2>b6;
z?W}>qO1wE1_U9x>*{>^A@WDYi{9CHpIx!(Uz+48OlMPH2jDF`ENEG?_S0a!qDCw_M
zxr50kLPUgkKp_xUM8xOR9t9ijDv^uwiZ^n0>$c84kZd-;Q(<Iuj;v+#BU$|aOcg#b
zcy=HMP(&CYI9%@Xngtu8Z12tUmChqn*J;Y5Ha<f=CX#0IWkdsLHbT7#fbJ0xh=D(e
zX9qv-Aa^W!ylA9yGQx;P^vn#H%xTjE{tX(UMc1aS$RkCl>C{G#%-0sO;6AywzaxDk
z@Tipk<#+x-Mieo8l1YN~tentwrD)X6!YQMpkCqSc=QggqUZ%#L-LAzM*xbU|T25|e
zLKl-9vZg2@FXL{1uFc(6_Zodl%O<6!dP%5~!j@bUBI`)bl-x2+%#A@c?RQa`6JPk!
zVA_EyvSZ(KESE7Rv;1bVszJlx7~PoE>i73^pG>OaqYJrq+H_9(Q6yr%CQF@f6dq71
zOz_At8DqvvK)6Fgc2{4RTv^0VjwDOoBh`scfK(!QzN|urPwj&MtO{Df`{k|&q0z<O
zmRqK?$UAO%4DqS*A$&nGg^S%p4<bGrMwBTcYFcT2@3^OZkE6v%^9xe%kw9pamo0R*
zkJRl61X;ElhE{!%znx&kZuXIo?3)iSJ2UNh&~I`YAo3;lCx(yo@;<RR#0!#4{%S<(
zbM!Xe{)rw%7=A04tO1ecI_}+d+)zqYGU>>95z%;AD%y*9V{ble-W<2EXz&`BRL|D0
z7|tevsi?`sGG6trbQ>%m3XsN;4Di5mp?FZmOrFpE#YWtdYVgQvi#F}TRV(EO9qJsb
zgQkqqAxzA4Zr}CXNwyRuc*P>|u3)HP5!MH{s0FQ8n#FB0J$dI>NUb8Um#Uma*Xk&f
zyiO+f&Lr-rB1jwmnO419qDJyi%%p;656rN;R-IEmoHjbDQnAeIFhJu=;Le+Ce)p-c
z81hI7zsqklEhgN8G12+YHt$Zq4f6Hpw4PW~fAnt22FA0Z+f+MUL5a>BzbL-xMx;T{
z#<6q13?(fTg95rPahTj2pJhtO6M(>tM=VX9$tqqIqB2*`8l6C0)^b^lFH8hYT!~u$
zjT_xTl(qOkawRxdebvv6C0!QfX?RLG_Q?&~<I3!Y^zAELL^9{tw+Ss5S2i(5ODU9|
zQL(ler&pMdx|au#VVe`_-ge8odnf_DnQPB)?(I{4EhH}ug+=eP4E`Nw7o&>?TN}y>
zxUCbMk90o|$8S8>*BmO#2-qwvH)H)gR(ZW5AZ`v}S9jQ9&n@255sZQtH$F{aYC7y|
zP)y@fEbS;_W8rW2Lv`QA3fQ4R2dPW^g7+i!`>-V~%Ir`bNp6o=seV)GVgalDC{RNF
zU6klE;QI&laS8dcf0QcJDprRBMQP_mQ36YdJ4oDqg9(uXsuB2{Z15dPkUkSmJpWfB
zP?QeYe-$MUkoco2fLt6$tTQ6rS%;U;-ec~M@>v}YluzY9cDhV}>j4s}0AdUfBKVwa
z@JJuhXMseb?qlN5u`9#J4o2$nD^ie{3C}}O1qoE_E3dN@pTX5TAFF+~8`oE{{7k7T
zG*z!Wm~BEiyoVHR-Nj`4S+<O#bjRWl_siwBeei$cC+-k8qC{~meQ889;QZ!l`c;D!
zjFIo`QE$LU-E$n{iBV_#Wz?A<@jF1|0?IS^oNVy@opxsvB#Mv!l?d+dz-IRI#PDm>
z3zNirGpQE>uSs#T4!^Q~#F0`i%OQafcBB{ny45l{q*byrfdmrbCeXphgiUcC$2db~
z{r$_7m)=wwwbFs|URUKVGJgwXQZA(&%i=$J<eBbM(9u>iN>pY=XZ9TNn|^5`zq90K
zAWBiVD*s%wtzR@V-`C5j4oobXk|JtT8t1u8(4UbK<<nxKcj9W=`uDJ~F?~y1;Z(#%
zR*Axvw3ZRO*C&Nd@p5#_oz19gZB>$6V#BWSHp6)G)?v{I_7z7(BDLU=HJ)}voII_{
zL`d{DnR%n+q*&$}7BcTOkumLuSqRUBvGUF3P3AxW#hlI*@H<?<vC{(9+yf?JhR?qQ
zgx;#&_;g_uRqT5Y%XF2#_6O!24r-BtCe{jiK@Z#bK9L)NZFeR*jClDv!e(c-gpISf
zJ?DJlJa4{BxSpL6{&?j9&j#@ltDVAVm>J{UY^|!`tyspW$5>x;7p*PJn|f4gi$=q%
zKHe8!a=v2AF(V;Amb`(1UAnZcb;aH*iDLHcF5T7_WOuFV95c^A)$c+?72Jbuwd5P*
z&FT}v`I4E|1L?*VRV;pH!TVSQ^x78}llXLGuJs{5PDMfg)ao;&UBTS!r$}-n_SPa3
zmF5bU@!s_9j;{s$E=j@tKA&NQVdqjwjS<sAUh;zi>Hq?sQFF3E0f{M&1^l`0GHMlT
zZT~f=+X12uFqy&UWP`6{rJXJKDk(cA{#Yfow#O+s6#MU-#;1}==xgERCaAJ~#^Cwk
zdXDyn1sMCcGh^S`hWFI*M^FCno^Vf{x8bV?By!z4Q;i(B8sx{s6KXv0`3LdZnZ%tP
zc#Q4G#Gh(B0AkGio4#>Cj05fGAR>UU;B&G)95+1IZ3{ug6+8JU@be$F1%fciJv9d$
z!pY(RT65W1KFb_lcLxcN<7>sF5;JE_-UWO3ug@|DClcIef#kPmk|7Xq<fnWV=Cs6X
zVt~H)U!P?xVbW(T0s1VE{0Sicd(N7}=j`C`Ed7Xi51^Br*7OGzBz`Z)gjfJNfzQbX
zufsRY;dvkU{)Y-bh+rAHdOT-;5J8_sjQ~L)M?{>HNl2ffUz~*w=ENct?M@ZpuUrcn
z3tPxjj}9rfp?gDJv{XrIXHY|eWERLq{kW&5_KGf6a2zoK!+=64P6-b&L<DqM_z0lK
zf~0{it2-a`T#(d8x<*Eb4d}NZ7I4QU0QxWBgr5R<FJZua@&5E*v48=B0q1!rV7-VS
z1aRv`2{{iT0YU@~A>g6lHi-xrIk2MuR*M<J_`_DAqM)Mw#dIMeA|OIxP$Vca6z~;D
zFwoom^jE(eo%3+4`?W#Y$y>V_H`SX)6DUg;5b%V|B#`A28(-nKxPY>wRGgK_hWFqU
zxw~{MJFqywDMDh-no51zh5b%sc`YVH9B^RZbFzVngz+>Cf<*Vf6M;lRe_3#2DR9D_
zaAEJhMNB5+(h}a3YDOl<(8joTDH^R>j@<J?|J>N+?k=PMnMi!-e_U8W_()(!QIdA*
zqOdo@vXqX9R78s0hk~vNfsEJ=%>45wT$q{xJ3;@b={gen_r9BHJnFefZsRcB3gEN?
z4Y@D>CTc!Ru({;oDjF-fzqM~t>t)Qh_%EHq=k7#`UT=|<-!S`1o3KAzj-uw|Lc=Ok
zb^G<9c6v{o*sWAzUd?^2ZTaf+3Ox9NYhnQ=TUe+wQzBg-ahOH4<}kLa*h4dBI-c`!
z26G_3qRqba;p_g?%F-9pZ?aCi4-*Jb-?Yvl%GK|wSyk_?)g(UnuA%yU7a12B#u-r$
z^?3Lu@Wwjs#tO52r?GV!GKc@WLlui{mqS>!-3+FF&N;+4#5?LKK6gspRtebR;_D72
z&5P?k(^nx~d4$}T-NHXgFsjVD!E}AbCMiu|A$8`3fdoc)@MsA_sFVW>!8z)qJNUMj
zpfXc(^&`E|o18eM>lq9C_k=Jv2Cm_RF5jR!V!av(Q;L!)ICpd*mfS<QAHTV5S!^;W
zoJuK-F%vEAP>*WsK!ZbC8gbXqQ4#IFNb+J-MgRHUvJU?ZrN{QuFG@>P=3ie(k}k{W
zFp$DJ=Y!4hsrs%rA?9`Uh$l_Cds0>3@~00uL`(_hg)x}?N@*6nUXZtwyuYbXbU-)6
zrTSrcUHm-rOMO0;=b>pG3aOD=oApw-Lb0yMmM%B0e|S2vh3F~Eazm{$CKay~CC(0i
zhiD6j?D`8tyr-cE;~1pA73`Jlfx%qyCafj9mD8PwtJgKjo~un#-LlE#8QZk@y5R4a
zNF#COBUj0&6)CDu4nn=@3ZA*bjAph%vZ07%W|zBj4=&}kwlJ7G8LRE}8qAk6`Aq6>
z*%`bytGA#?F%&`R5#EYPzQw*>lpn{X1+*^(T98rg1tk?K5ngyS{??YmTe^Q(OpinK
z6;H1<?+_tFi&K|(`{JQ@21+ucB<szf0S$>D3=&gzYcoQD#Orh5>Dl|?xwj7kaJSc6
zEO`jn<eCVmb+Tqy-VY_aC8x1jnxa!nzt4Alwo_oa`iX@A)mqQ&$+s)+5*B><j^&>X
z_aA&NQE5$y%;nhNptGK`#==9NgXVC>FD6*puh(AXmfNo|rE09{ob6Gxza?NU-cH8)
zUA{9zBZ16;NGh@Z&Ah2O7=!fda&4XQ1i9WMy>@SA$5l^t`<H^~rE^Z0rq{&t74jB3
zl({kpzr1&&LKNJ1PZ)~Kd4ZjZ1QXrN@!Z77>jrr_s*$*W&tQq_01C<(drdA_PzHa0
z0|(!0QmLmUI*CtvGI&9e0*StDn2;!-Hi6H{20tJ9o9BVV_rFdpKX%-oM4&_+y8qg1
zWPuVT^}9w$hh!HQ6v7NcB(M0ES}V49$X<KSweUoCT8#1;;>uMu89fi*7F03G0_-J;
ze3N%h9L*aSHlHIauI3_!tzZ``3BP~ZCc6$sDAW!VQD7$opOX!~8}c*^ff0Hxo-WIs
zz|NiO2tQOa{EAQxh)@>H$1Zl6K`nkYM;%QC_qne~0axpuL3|G<$CSjg>`~rz?B`a#
zyeVHmUz>yyp8C{lgY7%N1+DzDo1X8j_e1^h@{@KsCRpYP%@s04rT!Lm-tT%mwS3ZU
zJjjTPCUtcscL>?*;hCe|E3*_E)9p}cw1cQ|>flCdD7u9_{9@l3gkqgeMLN0H<Czuy
zl<x^~RND>q^O~V^_sqgVuRnMip@b#kUOM=|=aLF>TeQPwM}L3}=I*0sxF+IJ*xBN7
za_$1!OQrRz!$THReBOaubUms(qs>ZnoE4>hh)tR!5jS#OFLSS7uEVOiR>jAzX!tbA
zjh~47V;NqADN@1%P|!PP3pxxJbm6q1T|{RJ>Mu9LtMg%7@R79u9XHxDKTZAaOWs^0
zvzOEG#4;x;OXsEcSAzDD7?Vxj^5hp9Z*px0s^#U>Oys5o)Rn<DhOH-*P(3hL;)c{7
zyh(Ge!3k_)x<L1GSJU4&=^<nR;acKN^K8H3kTrAKJ1K(!T#uEC)dkxc*<E_W_S(bt
z7!%pn)||QIwc3@~Ydm#61YikA?I8K<cGE1IPcx^<-FHbQVh$arc*;-kNGb37n??%x
znni(w>J$b1sSHn-E&dmxM{bW^ZD&_u+(Dqu`BwIsY&n)#sP<CXlKn8YuUhn%F<#pG
zt}XMyZYk|+J@`Uqfuh{59B79<-K?OXW*uj)%BS#ENpdXc&o$&YEzwQ*#|aRep>hcT
zv2qvftaY9bClddac<SVD27LGOgGjN5c7_jX_y7{`p8Sd#INWp-0!eoQSJ7`D1QN~M
z!BvD`qif6X!tq`0AaQ!^CZXTE$gzuH?A$<4mw|-}J|`Qzq5wx4uqUBk-^Tn@!wLLN
zW#E|9z7ByT0+d_8P0YV<T<kqSO0VcI1<0wyOgZHbLCSxffK4O#Ie1<N$v$V2f5vz6
z#)X_A^0@#&Kl-l|uxT{uvuQjghXLe&S7&=qc+4_?#C!zM1y9d|A5<{b=TO)gH!k*f
zL1K@{Ux}a-_;urA(*(wO;>HE)oU75VVjv;heV?NA6P8+7Q*9hnDryYRdUCg9#dLu>
zs$PaMar%~jLNWS9)Y#7}!B*r<qzaJ+spQe0bY#l2{*P~5((xhv-Y&(<=>g-KHu3JW
zJ%dt#q092l^L6Bm$}%q~|1WP`Kw;YeVgH>fRUJ^+1&d>0fwMk12?R|!6_HP$_2I%c
zfy4%M7=#;`z~FPT!O!}1s=6R?*7dJM@T`CSc$>0m0aDd;;;irFrYqHm9Pr6fO5N+|
zV2J?B9gT=Uq+o`_O1njv{Tu9mrs^*@F3vh3Aujb(J<IuMK{M>Knu6j@rKL`>&ENSq
zma-Nzq<`<@#50WYnYEZU0=H673O4K%Z6-J5<+pW{feHW(84zgqRi<7gfr@BxU49(>
zrh#bI^~p<!Wsx_p`t8B_JAMI&O<H?7hN<5+y%rpijJO;1{8*VD6gfCm`?1&@98CsO
z*_f!-p|h9XKpnBayE}b^C9T1tJ=x&vC6i#+q9;n+w{i8}YhgjlybJu1?{P6Nqh76#
zQq9@FgJd+&SUq7I|3rjc`~hk{m0=!qRY}`0$>)<uGil+a+TH;gbfi7Gj5;)?=rM(k
z^M`fAI|NDT2z_SCQs-UBGGF3)T3r~4+N^T!*}jAuV`^cN)b>Q7Gw3d@X-=MYB>%l+
z!59ZRUPSzJhT~mXP90AsG%a3#U93>y#cxG8D1Rfu?Tx~|TOp9@MKo0FB2`d8trc2(
zvl?IIOYII1quC4*=R>U{0;x|=`b$g#htM|<9=#yC|J94P=Aiv+-jEb$&dsC*o#zg!
zMDMSg4%aIh3a-LhzG5Y6){RecByg1Nzg$hcqLd_q^&z;i%8>cv)6a#Ul_nQ%)of-I
zQ8x24X>V)L`EPcscdpDB_|277naad9r;sYv1@*$>HS>C7EohUwZVNMvN@BCWaKOru
zB(v9R>-VYL+i*0JE5KQ9u(QY=W-8ykZCvtks()@~SdE1HmSBAAWS8Vxa-f*p6Pd`l
zg{an95+ZEYr$kGWn=@Sf4r)(>K5=%n>OAs5^I$L-^h8=xu>anYYh%Zfvbm0F>1jTN
zo#1|%*iA7U8^W>KR@mlbrRP?t`V7`h7ZAxf7?6%)#Js0@d*+4t!)V0hqIGYk&r}W$
zujN8e5ESOQ74zJTc_+2}@>ycZpM<8$D!He}1huuAKj9>JmeIkK;t}+S#!)XgrJi&R
zUy#rvh4nl1e!!u?SO!0ys3v_Q{G9EBB6qiCj$Zle-j_^m*MKh4ECV?$*g2i9kM~uk
zpM2`FZ8y7#Z!i<n9b;UBsqW)<5PH{27)8Q$0fi?y(97Xdv)vN$dEWLAm$bq@$iUSR
z98qq2^VJj|Q_p#0imYW<2b7Yei)_lMut<07s3(ifrdM_hUpN}o6id}1?_U-3wE?$9
zUh=8Rc<Vz~%>g|Yqlw&rijvME9p$ii49J0Z1LR@lKsNt2wwL&4!%SmNJhPObXu6lk
zgkxX@82~ECziX2HJ^1z^bzDJO;ai>}GDBoF^XbDqyn?iVL>gS!85b`0UT~uDUy0zR
z|LelV<`qzrT7DD-kX!ovtVmUF!mFp*G51IHtY!wPC*~g;-73I+1rqB3;=eCk?7cx^
z&(~w(&#_~|#|}p7@vC}*#8r46zVZY@<m$5xu||i@89Cx9W(S|W+l{_C?X=W<&GT^+
z&Qk_9vd?uxS;f>rq}4lw=#`nuR9^6d&By!2wqr*K{l&Ojk5Gd#L^KiSz!*Ev9<?5P
z)TYNVo*1?MUq-zO5<M$nXI!|b>Vw32m%kFh?fut<i_Nc5FC66eklm8!<)h;J_)P;T
zR72ps7jdspre=v9KWb+G09!V3#Y47vGHnPQR^*XQu#-cp6Av1VX_Srbvl@)?$Q;VR
zuRBo<38o^C7M*wEN=$;{YzA;iTXiY(Suy0TIvdzKQcMX+rbX#*+!A=cab=m{jte`%
zzRHYI@*JmfE>jj=hIk(KK!}5l!I4pe(yr+!Qg*`{dP@)YK4r4`quU2|(OK#OiS(q5
z22!R8A2JU_gaziqIq5Qk)a!}LCsf;;6dtiun-O16qsm$h&iXbu_c4A&1DRA>)A#vJ
zHs?BAp~*dzRbkJNt6QLe9cK$@02k2tw173|fr+Sp`oiUefFHf6t}<wvil3Jw?nkFI
zS>tjbz3N9cSf8rAUsWdubKhs*^&KK3t_@*)JeVx@dF26acmyTBEN7lR%FZhae(~7)
zwp7lhkZ0b?n`WriYs6Mi*|64YU#zHfvP*`lCnA;K8Z;(p$Qn)D<C7%St!=96`;e$U
zht<wPZN?Czd?}JzgB8_uPbQcn2fe6pwTPm+%y0XG(6h2v{5}|QHy*YV4i`we<Gm%h
zmt<MR&oAdT-N0vtMvOaL7p0Ke-jmax5xF*0vcPLp+ihdwimK90S8P(=7w%<gDAGLa
z+`mS4L8LpSZ^W)*3=b4=4iNB+n&Sfs*eiZ4;LmlZ&k$LQ`mZ^C{RQj{qoHaDUnTO#
z#2>4q7WFtKzm3N4l;9KSf3845e!!X=uI@33WGHrI9|&JPKu`aUUDXKQli?pdQNw#W
zWs-jM1QMU0NwoKct08twJfQ~7=?j<N#GW&Ws>bjb4UUOF)t~`lH29moNkELrT*zk_
zBg!(6NQrt(Y-Oer8<`0MD*4}xkt09&IcQ%%a>1Eo2m~abx*}nYaeDLxpmY4!7&-Er
z^f~e$ldA#pzcWQy4v!i8kC-_C`uu4Xeo(<!CwY+1Fh-OWAdv#)uSBqN{xU{Ch$oEE
zHfO-9<>Ls$sbR&ciTWTvUF<|>H9Yk-ty|Deyn1>kY8bwFpE>u_k8zx@1h^78gg+G(
z2^y{3e^zYW`6_ShJi`C6F<Lg(Dkv4rSKZMa2~2D<uoZk{_~q8)Ls0|kY%${p5m^71
z#t0O49T4{4sXBlgBhiz_2%H4-BQxQbPaC7(sj9nze8#J22XJF_<@Rx^fF<yo2&4*1
zdc3te3W8JWgfV&~)U-hvkUJ4dWJ{z8J$$~QnI36dRol;|`DwQ>$dvJars^-oNK|!|
zg#P@d0fMZx0&z55|JH<ve={@F)qBwJzFKW<%@f9`Aqu_w&N-L;$1QiiFu6tanSQBr
zWn-#=8>7jngoVM`$T<8pU&3`^pGm_DAM?dZF3%hDr@KPPY2V=^BwEy998hsg#WQYi
zmDpGaBs=q!5+W57YgqW_hdz{Nw$*Nk>$`c!XLQwk3U?nd3%9^wBj(!24&A&@ke3AC
z<?eYP=ib{G)uS#v-!le7eEFoWP%>bD#M1w31CHpfIu%~9>!>*PGl7Tf6{Vg@G)wYV
z^i$%kOKr4~&DIT8SXYA+3z4SSrNx{CE=Im)YaUSVB{eIYyk%CVou?OD{?^<L!O=IF
zf9g?jZ>bTZxMwZRJX!ayjV1lkHP2TxrOt}37pue)L<f5@sS)ZsmUqt)Cw1#Ovfp)G
zt07%<y4@D@NiiFiGv-#(F`ZaoOJe{F`-mhtVMDi1ygqs_b&R#3WPxVkx}>b@5*dx=
zQbA&O%XYgcR<Xx2^NXiQlKO0-yCGcm&9oZ1UDC^8jRa5FjW$Gv@5LO|q&J}O`x55i
zj@}g?#UtX<aK62!E^Bh>J}PX|Eq6TTC|a#0!VcDbm&*9w?snVly9VxgoL;2y#JSC{
zOng3yJ>j7&<298~id!!7ym@V<c){EgZ~Fc)MZb-EU7KFc+QZGuy{$OLsn>#Unlbud
zJDas#&BGO}F@Fk~>zmEC3*LCwNT`l&g?4}3XQ_A{@5@#09uv!W6~uC>o|s3xmD3(w
z;|j*(NM<yu>0#~dc;Ps@BNz_&^d&jhSH5y^HIQbc=O!WvVfxsxS$ph1rf2LxR?~Eh
zUdah%>2@89*tmj04RIH(nU8W*=zKQyQ65uH?Q6(f0{!E|si$#DDsR!TrfEeARc{W5
zB@wxiX$P0f=-bHXXB3|^shE~Vc^~H2GTJrJ?W%%JIvi5qOR#Fujtib>efyOUv>0U_
zI_V3cMQZCeR&1i6TzXl<4Z+qWmUql%GiLTj{QbEFo8t&;``CpI(StG;b$dQ}-&wT9
z?cqrsk?8uK^W;YKgsPvo%)E~bMwS3!_tp))0~|WedkGx4HRT>E<I05Z2l3IQ*Q3W@
zR%E^)u{=`FDq($`q`TA1AD|Ea!jPBF&M`2o(pfDqNPn+Li?J&AF)5R3>)rF)DAPG^
z1Ld{hQ|4yH!f(Sb-bZ8-w4C!g&~|5f0T!jVKneMGQKEbf-#@U9OUREsFZ^<hQ|!oT
zX9O=Hf*_Gl0{IMQL|F+ZBL9^L`i)=C$WaI=N`gPC0>~Bla#o}VaAzcX(is88E_MVc
zpF)4^bQS<t2qY>1#D6;@$`|mRuKJHih2UccBmL!!96_Q5+!>8<8CC0rxGOfWs`e5o
zujWB$6{6dp-sDR5e(k24N0b`BwQ_sl+2Fb*BE8t%^5Hp}4_J)WaA#zhFd9R7d$fd1
zv#Hv??9(^wH3Kk4owG-+2gWFR(it6(8hBL@i1F7w_m3DsBK<t_8P4bc?u<lEI-}o2
zaDV^hjDC-LVg8bmWv#Mwuw_t~w0Zu(y*o9GO4OaRRnNAAzOD=q$vH3u^(iHUd5*+y
zzFZDjLJog;xorYl{=1o_Riy<(01qWA!L)-OncLAD(vXOU8v>p#IvqPsWZ`+SqvYBT
zJ#vH7T2Kn)Q9lbjXK2o02)l;k7IU=+XSCM~H|JXFsz=(4O(m@hx^nI2+=!5GTQb9k
zOXuw#)S{9nX^1m^HckITrn66z_J;meQOjJ_sP|(mBA7hOm!$`7`{Zs`Os#jUS@noh
zaip3QZf~kzG#r0b;78f6y_{ZAX1z(V*NY^0<&~@v*T6G$t4F4wfR1Mi2zN#zC!G->
zU|a_<5yMYAqZ0xO?0p(~W+!!tUE8c;QqWCf8<V+pu@{zjFN%ktcR;L!Sy=M}SJys&
zKb=DJPXDAeZe$G4$eVT5M+pXVr9nk6uw0}Pqv#uhI*V?L*6U_qNc-z&;_atnx5|o^
z3`F|03Txk~!IH&m_O}T(k{NHrnGB`As<+bNvt%N@;%z#h_0S5V0G~snRsiyqEZwwF
zpEgxksnacj)E?#9v{e^F@?$UQa$NoDwud)yF}i$&ZrKQ#M16Q~Ff6xgewpnpVZLV!
zIeE@gq<-3aYfcZ%k`-phn1fITGSt0r#|PHM7Af{><?@0mJ6w{)K>_0d0ney8RqzUd
z{>Qotk8z5x`q!L30*E@mc^iCAHu%Me(t#m-m7H`&KuY4Pj#Kj68U0QP{@sP~k-V>i
zK1l~=95;m?Ph+Mefw40!oE7^4+!=|UbVguLZ{R(haz?+`qr;g*%4)b8Xn#@T?P+K9
zoA}^N;(;+-jg!s@jPWfHW5nO|O#w#z(dn!!BPkA$xE*{PW6cVc*qG*r6fhJ2y)tr(
z1wRM<3rJo(lMI1?<de>*W<@Wj6%(MR{?{3~#hUcF#U7Kl0rJ0RnG`2H=0|_ToC?sf
zPOI>P3dV}*3_IiHF)1#PxMlNKB3L<py*&1Vc;e-;A%Tg|)q|i8cM3OKkzS4h-@1-w
z5oH$RFyX_Iz}Ir0s4pFACgIi+9z7oK-g#B?<;A>_k(7dr$kA=h{h@c+OW*&$eR*to
zeHEKPWRBbImYLLSg<jxm7HDi2-jeGJ9@J^gC&8|u?394)|4wAHBPhFv%CYQJV(=+~
zHKsYza@se!#evfUB$j!=Ad<jk68M~K@Czm0W+#y7di}3NAdyh!W8dT!4-!xKCK$89
zLc?-F2{A<FerOtY8sA&qT&IJSqgWhg-SeB|qW?3Ie|dS#h9^@1MH_l^6Ym>|(X1Vj
zZyfZ-8xy{FcI--Cj<9%<6TWFmSGUoQlGV!AA=HmpN2Xq0aaSTRg&6Le=4+`%KlLqZ
zFgpbFbmpe?&{PH=e7u{rCcRzZSQJwKVGatz;S<tWJ730ECw1tH!Ai;QcpI|G&Ot5q
zrX`>o^R~bWlDtF8?M&e`mH|dqYWh+uhD5!`i=4r&Y{=;;&pu3adQmP<Y?|ux%f@I3
zKP}MH;;m0rm(-!b*QY6+STdlZyT`(M*~|Ia+eM7`=7cO49kItQ789l|ncmQxo=^>H
zB(!34(Gj2L5AInAs_zV|?<V8&YR>K1YP0sF%bLqctY3QWC~z+O#RkUGm*QDoev7Af
z)vM~<!>3J=-CVRd`G--zpD%nWn1ZH2i=t>YTU?3YnGogk4G9(=*Qd^z=)xwP>!)hS
zei!i@PT{xc;A<~T5G>6caT?zg@B}XVEJdtbAesndkfcy5UlE5CGYEauZ)1xT4SngK
zJ-TWtqI38u$RxifL>d3tN;9FoR|<7a@8xOBA%3DOnpagMb!Nm-Zt2{uahK4r`KGMO
zK*?*M5OGOY=Rlg`B6-|Pp6@BNI6j>g(WdONWm(C7Py)I(E%F84soXum)W^4|HVkdK
z+^D!pu4FWHY6RWc6sUS&bL;X%^=uaA(W~uN-mqRAk);a^Lyhb)d+C@DWP^m)jP&An
z9BXLTulAE{;jTZN-?pVJryH8;r@p5p)nxxXFIikdf|FlWtYKeoV=mQ~2qkBRa59a)
zwAp7}fa{x2=7sE%;&1sQbz>XyIsTocDZJUK7!{K+S8MtFPkVh<9y^-(Rb&1h_gy94
zUmOeTx}HMH1}*=V(L{3j?OlDh)M^H_KtA!^k>sZb<QH-Ibb_x)5L*(>nQ64xjVo3a
z><3sC1Pn;*#Ow?3^e((fAvf3R-%eVTrqOW^g!`s+!w&YrE>&fETiJ~(Wmgkq4`*&N
zp~}p0)7!F9i}_aH&cxUezJtDPAk0|2cij>hg%S9&e2R|a3$(V(D(G1R6We$uQs6w3
z^x{Rs1z8R++5}A%JujTDoq>CM31QkX_RBfEI&YFqyZB$^QnXqM_>rkw5Q*~?887g9
zeyG~8;|HUV{+Nel`;Pae`%`5yt#`&QPIe7i0~t+)K^Isg=V8p4%5j))X|o-Zc@N4(
z=<i0}`4nfC!-?{t#nBB<uDpU0E#yg`DnbreQd)qL^6w%g#SPzWB92SSj~#NPMK7o0
z+-V;LFDdaLvGD=yjMvAcc;LieFDRTMg6_oqSCL8tid6jXDj|JtP$d0^rDwkIQ3;u!
zjoXMII$J=sDXN3R@+Cs-_tavjGjZQJDkarTOn9%opi0ktIe1`0k5ij|Ltl5JXX?Vi
zJUXAj4KTvMhp;nVA8Wn^MtDd0c+5WvbH}+c%~AZ*uaCKb5hjB9*gZ_iCMk0*vrId{
zbuCxi<<+|uyF<2nxw@c)bP<hX48rhs)1XkC_7<&Ajtcz%^K#k!@Gl~KtC|rJsfZ=!
z1_G?a9Q~N}I0e%YNyh$5i+%*$Yjw(A6Uc}y?z%U#u9k9sUC)T8NiZkmj^eagykq+E
zEq^)}tuQK&nvSBR*{fM)box(Ecog(~&5F%J-m#&rp+4*xvWAXR_6<D|8H)*F%T6nk
zbe+gvnj_Dky7WSY#UKBgHqOpIf#~A=0#_GbuLy6a3T3vordx&lPWc$BAHkPt0#|ho
z{D4P%hkI^4<wFvAljzIta}#=!60^wFkMEDlH9FaldmDp-4xcTkGhEO=_N7i>r~8kf
zNxuX|E8kc4$4`*LQb^nEojLlvI&0T}RKDGfljcxqg6CSQ;m#YmBwB0STU$tJ%^FrM
zrnRnXrKe?I!(z-6IbbEie{NU%yl0B~WYleY^ak^Z4uhgV)7V#sTKqz`y+YsI#TT|n
zQutnay?0TrGQ`4@B4lkf>W#iT&=(tE7c5Ss#pcZ;{b;kODJYt0_uWkQZ2CCe`<LoX
zGSuW5qETYP{1YX&hQrILMG2R7{9Rn8ccEbz-fbiv+J%C}1_6|GYVxT(YMA#KnYOEa
z+doiU%v)7K!yrQ$p`xmNE5jir#mct2({=vU1KV_(?-qtj<GvpU)o`!ldg5s~fr7RM
zoVhA5!PijO@eKX3hDP!Aa=QMwO?86{nhFpJwGhr)=e%%Y=wFGa&i@`|V2VIu5J3F5
zcWHJ3i5|Si#2>4u3pfFf5}ba03?zD#fvX7LswgN(O6}eazty(oh)<$62qF<+Pw7BU
e;HzWcbF#r*(tlnb`>6&2_?zJCW7JX*$o~Tu1)drJ

literal 0
HcmV?d00001

diff --git a/tests/pcap/data/tls12.pcap b/tests/pcap/data/tls12.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..41b61cae468feeca458e4d9d1d8fe13e766e1697
GIT binary patch
literal 2575
zcmcJRdsNd$7RT@Jk>nQ=Fa`+Wodr}Xs1rb_2m;mzPakDzsg?DyRb)jWAn4JxM0CSL
zz*?%vs)&k+?9weD*sboKY&RBdBhX;0v@1gKpvzLlgYwWL*_lY%*yZrwPR{+E%={*w
z`Odv}?&Rh_8&1=}!q1Hb3U@R=uG@SkSPaqlJ2A_~!BT(_O@26p^P81902Hwf<Q~3V
zH^L_~D{14caRflK##=1SSydkFxJ$+<h7l0*z?5VFLJs-NOm+|NK+R*@o?yD5QfmC_
zmt;aWlb>VqV!RSD%VyFXpeZnEe%(x-&@908r)mie<K9>!^-?dPnzSwyLlSlgG0R4X
z)JjbuAvU>8N|e)JeB)K3jG-tQ1(cLwvWGk82L!h5jcs=eeZFkpaOKwIs~TTN_sCu8
ze}56W*j=&rwX%_x8&~$!7GI5f_tyUW<TB};PqSjfcFBjG6fr|xu*jCSWo#*}uNJ{6
z{RMrEzE<m_od*?KFReFh)p}}YL9*6LYX=LoLai<M!$~*+p%4P|VICOqh7N)VSOzE>
ztU!#-6&%0~96=7Ac&{>S4%n<=Hh8lPkKr?%fa5qJXT^y)mg8}Jmf}%-?0kk|XqM*D
zd>VX!$1*I#z#O0{3NJbnyf9etr0YiinGPFg=XEv6$+h_Rm;W>nel)x8LcQRk-{+5)
zZ6MBOLZ%9zzMVKb?XlU}6N&M3yKdA&EuqFI3t#eLF`Q$-WWNj_Q>Oo#5L1gMCF1Z=
zML&hFha`jyZ!3ZZ2xXZ5!Gr}bN-w>remgt$&%)egaFnSiD-Jq7w0us4|BmJ3p!Ef?
z$4<s>HanR(6+0AD=$#^<Gl5PAdK=26Q&2ATu#%xEnzr+|ciPj}m{k`Wb+W7e^K~-<
z)0bXAR(x)@CbBh@WoWccDMCU%lfd$A>4bQ5hZECpM<^x8hP)Ao1@W6U?AVdINjVK!
zlMyR1KVsX4-D%sEVhqCrA~BQcw_Pbk64GPD!ql|iZb;pdmbn8d9IXA2(hmiop!rJV
zw?;nA5BHQxC7Kxc|4YcmvIM3b(-fcQvyTN2W+Sj)R{Y@h=$*XPwtv0ks1q8i1p(!D
z=Qf_~yvi@kbx!A27L?nZj^5&N_F6;R(y#v}@2i}CqUAtAG`GvALbMm@K0B;6yq~`e
zROjdK>mEe!+3e10_384?v`c3_(?8-@`J7Eb$;cHu#MOqCv34JB92C6Qm(y@!)u(5g
zzFk{Yj(Tj6J9+KN%8^Vx`Gjd?f-OZESsud2-H7bSz;xCciE@QXzo5AYf0ULXWl{ib
zrj=0SlCR<i$LY0qQ|}&D9C2AaE7ZC?>Bx}p<xat`YZpR_wB}l!#IbbA+{FhEz(XDW
z$$_V?ZpVdfO^d|;Xj<i@KbgJ7w>N_~eBZ5TEbPJk^(7fGlD5{<5g)XF`LRc!DkzL(
zaH$yJ5Cg7?0#;S@(NJDUR>Q21`yP#c8_>cUYz!B<hDLSXxjTaQacM|KoA4^n-W>ZR
zZ-3Iv-jchcZS6%rNMm0_7lsWzs)~P{=nZeJ@SG*Ptt>eeaXp@{k6Yv9OryXcsq-%G
z!^p8(PoJ^o<MzshM?UDOy55p-F(!KVz!EQ=^^N~Lk)236zob7PG--1e(Z$-}^Fhi$
z4nDL~RPlr4&^8B}5ADk;KI+jtrb@(R;F(1kAcwYx5c{IUa0=6jSvJ$Xa9C4Bh)uUA
zCE_wL{)eB+KrbN@u`?t9zf!1bBr%s`*Vw9#?Y~zylJYOdLuX3P$7VT?^*jo^9j`-n
zcqXp+`01Ts`%U)4#IV45hM86D@c4Sov70-W{}{aDj^WO=`}elAUG$C8(fO$(M6Oqi
z7`$-dAZFQ2myS$tAac{J&2nGXK~*BIgE?w)=~%rYx0ftmi|_bq02c*R)~Jt`hkR1I
zGS3*(I$km3N#oxB&ex4Kp3@9+>uSZ^!iH1fZNGU<;Zfo8-QZ4b7(M6BZq?cE+rMvl
zH~glo=|SK1ce?pU^^!=3`q`xg2G6a5XXAc1_uri(_DzZ&d6n>Z&j9$B@wR1jW+wUX
zl(Kt{G^%25Xs&pb{ZXiT9Cs<|3;6=q%OX|ml>w2gdi9<fMPkz0*;d>agA0t`tQsv}
zZ{f2@q4B%^);D@&9)CGze@}Y7)NnhxExP`zx7MzG4$smKHOq894t0y7h|gRfOqn#r
zrlbil`)nd<a+=37f?vJ*Z;Ek<dkZmfbsRNS8kU%d{*w}?TmG5oZZs3=6;l!Q9j3TG
sG!tLOH6s|uRjvLXVs|6aIDJZ@=8#FFpP4wZYc<~W!dG`qG<G-s7jGR1?f?J)

literal 0
HcmV?d00001

diff --git a/tests/pcap/data/tls13.pcap b/tests/pcap/data/tls13.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..7c88292794c464cd2b6f1ffe76268e576d172efd
GIT binary patch
literal 3162
zcmai$2Ut_t630(+6B0TI#z<3&5Sl>=MMR2-JXnw-MG(OTf{ITR+0YgXigb`BD+(ea
z^-)%OF;Y|nQ4ncCr6^61B1`Dmdr_WopUa!?n|wF-Cciu9KWAo6YfZsjG{AuGh5;z}
zOYxYav&TFhXu;Qrv)Z+{hcT}!0G?lm^)7sk{E^jAMU3DkfCs_|jXBN@jNqq;vl<@g
z1E4wHtOIn|jEDST3gWS(O*$l=dlASllhMrfWhDU67-l;Ljps-XjV?y+qaX-}ka;K8
zA_IVsHOp4Xn{;AH8Ja;|Fg-GP9kb!@WQ4v-7KO>X;Wr`9YAZ2Q##>fm9$zJYi#Zae
z(=YO&!7>Ss5%o1*go?z9ndAnCV4V<WHH3&V9e<4we|h~=A`uOkdOs2g5DG;=0n|DO
z(ls&aSFH1+DwJ2N<;>>w4rT;>cx7V8Hs`Z5#?#hcd$UZR`a7U!{~O-`{jD`FpzyOG
zRr&FCy`*6gTw1WW)}KI204)FsplAv-C6LsZ(U{(tNt36M!5x|ujRa27Bxy3>1dW3x
z2zJoeX#zkQ+y;qY7tjPMfDD-Mf<gc%z(4?n1{{D3c2Teah=GlO2qfXP5@6o|J2#L6
zBn*Uw*dRO(kH@p)Iq;l#3?7ST!=SJzHduTJ1)(u$ESe1s<N+1~VIT-70yGK*zf>AX
z!QjnF;Tj%U7B}O}*QulutMzrtxGrxrh|+GioIy|b-!|Hbh`k;b`=8U-QiF)?y1Xj(
zw~aw3@uX&5<U=k0EPcwe+&~wu7Q|T%NgqbJr4}JN{hSD=5B+^Zlp-5~058iM4S**E
z)%xA;#Hi+`hc8KrgM*-K?scZuzU=pI{cdmi3KA~3{@?Toz?`kHT4)FZi?kw<npUfQ
zeQ<bPP@-Y<Wbr;pm9PV?{XND9U&hjV$9(6^1>x7DP#fUS4bs~}`W^>*7c6|~d2n)n
z6yfP1!#73Fr{QPl5G%hq?*k3?5~6txoE%5)4Ads#^*A}>ZDJNFj0LBfR_YFuFVZ18
zi4CJ_DY*-2PDIg!B$eaK{gTfVBz1Ve3$?f=7ZvMwlY8tL9a)K0{od0P%sev<Y^YhF
zgI<#_eV@qHhV=Q<dY5@GcoT!0Qz)6dV!Wgs-UA$71Brtn<&+~(<FvJGyxxl`@`bd{
z!U4!`LGfZCdlZP)q&h}FwdZV-<DKK4D^jJ1_eY&_A65v`t4WVAi)A;Sc>9^*PB`!1
z+{(eIa?n;Fb;Js}R>t44oocu>;*jrx*B$J(EC?(+tp4f1MDRx;j~7K;i=;z#P+rf-
zAtwo{@Pm*2L$NW#g3>p$!@;%<Cf)a&{_xFRS8RCQmG4GdLjTG4n#~5sE!Usb8s<8<
zkGRu?JS32M?G>1n)4(~++%KhAEcBkX3$V&gN)7pS+b}vmAj|@Yz2)QAdNo%u`!R5s
z+INBXK!}mtJM))&iyW-t_R-`idnhVCo}qHjP1P<ZOf#q=^E#!$6}xdl(n|~h@6277
zQsYam6osh%XUMsvJuK_I7g>O-_6b#@`$30{hU_Uf8%5du-Jzp@7KfiJ_><o%6yMxS
z=sFrf7VDZWjC68u)Z!I>AhpYKtX@9mAy@oz*IkDrl9(tdQ`F!U^GNE!Gg$nWH_?_#
z$(I*0x93B&Ca<858e<>v<YDcM8UFDP4@6Qm>|{p?X~FMZVvg?KZg9=1<*G}(>Lcp~
zLg~1?Py2iTML0dqPUdz1Wc|fMbaU-w<<?R0-t%#O_n-6h@}Er!TFMMPEa;V6srq}h
zV8EVHLo-O_-u}mX2lG6W#Y~EML~g6wH;x<|&3ZQ`5R;d$bS}`J)cuBT^Kc2-tNu^V
z8md1sbbMfNGFc+*Ouzt<bE@H-#I<hnG56nd1Y--;MgoO%7Y`NFr$*f#N3>qIvM#q!
zh=?axZ0Tqdpbe@zA0J}7YvIoQDl3LlI3R<s)N^~)<()#I*xmD#J^b+wVN>ijq5MG<
zxs(RnUdPCq6L&L&d-a}l`QZzy$wLlE4Eh5t5ZQxtMosR9ZN>$gx7+uN_^Y?|tUvxP
zQuva#q?=jwp!~v@w~Hb2+r)Iq)3JxO>e4Gt&Sm#kr&-}lYF|ch^<J~7L|T*)+))0x
zMUA(vOqj9N7WH+)q-JGkhIPR$YL2BvAq}MzA<~%K;0D~A5NEZOnH4bpW`&seQzG1=
zmZ|@pFy#pGdymkMDs*sbGoX#+>G>oH1}fL`Nt}_i5p0n8tW(*EZ6%8N?vNMC39i#m
z$oqv?X1>pF)8QlHx3fK4nZm|xLT?xr1x&b`AQ4sq9-s@43&dG%Wd<s@)FBbNEUiZP
zwJnFi^E!3mA~FMIeu%If$;W)X#_7ykF73&<)F_jfrhlDdG8O14k9-wvW=3h!%@n1y
zsy|eTrn8UTH#FY#wU3yYVE>IXR>5UU-LYrASsl$>-Q1?s3MH(^3o32jhXJ=&GB%}E
ziUjVqzR6|JIJKGXW1aTWB}6?h{jG^=TK!{}AC=tcI4aYX?*EK_%!lXMjbuSTe={gT
z#Ce>j-G|*)(9isN=)ct-GVV_rIdcX_734V8=jQJoNhx-W<XEmT8Lmm|cJp{$6;dMe
zjK_9Ix|y>i&xLdeC#QLNwq)n3joKkcPw6}OV5v?!)jPe}A1W&sJ@wb7s1J!{&(&z1
z-h#cU=Y92nr{S(mgNUG9s5J$BvLfi>kAjAGt|{n^gO>{We3nmJYM2|<zdYsbIKlmC
zOV8NT88hGbdNHX_?Pa5OL7}Bu9~c^0T?@l^$xk%AaIV4pyrRT3^`h;Y8k2T2oO?^I
zXD2(pm@qY_vu}@7_=L?dl_kzac??@<Yc)bCSGE;xCQotPbF?(!#GTL}GAX+1xzDL8
z51)(v`bctiG(!1PINz*u{vcRzI40{JNe>;Z^59t1i5EJNnll!VebcXg+6spkRJjw|
zCrYSxQ=Kv07AQq;zJG$tDY`^I`U;9)IHGQBMusj$c3pC3*xpK)EjoWbWt7la9N*Jb
zSzBAQ#n6tJ5caX}T4{N0X}+&Kj>8-gbP^VHjjC*0si9A+f_|&Yg$&Jzj=!DzD&QI_
zFN28&jIXCigvx3wRY@6dUm=eCl*rF|l1vm`C1PgRBDOq5h_3Ui#IIEp(E%rY@#6mw
g6Gf321=b{vcdW!Xyh{AG>P2|foj<M`i7`?1FBsH*VgLXD

literal 0
HcmV?d00001

diff --git a/tests/pcap/src/capture.rs b/tests/pcap/src/capture.rs
new file mode 100644
index 00000000000..e68e790c643
--- /dev/null
+++ b/tests/pcap/src/capture.rs
@@ -0,0 +1,42 @@
+use rtshark::Metadata;
+use rtshark::Packet;
+use rtshark::RTShark;
+
+pub(crate) fn read_all(mut tshark: RTShark) -> Vec<Packet> {
+    let mut packets = Vec::new();
+    while let Ok(Some(packet)) = tshark.read() {
+        packets.push(packet)
+    }
+    packets
+}
+
+pub(crate) fn get_metadata<'a>(packet: &'a Packet, key: &'a str) -> Option<&'a str> {
+    let (layer_name, _) = key.split_once('.').expect("key is layer");
+    packet
+        .layer_name(layer_name)
+        .and_then(|layer| layer.metadata(key))
+        .map(Metadata::value)
+}
+
+pub(crate) fn get_all_metadata<'a>(packet: &'a Packet, key: &'a str) -> Vec<&'a str> {
+    let (layer_name, _) = key.split_once('.').expect("key is layer");
+    if let Some(layer) = packet.layer_name(layer_name) {
+        layer
+            .iter()
+            .filter(|metadata| metadata.name() == key)
+            .map(Metadata::value)
+            .collect()
+    } else {
+        Vec::new()
+    }
+}
+
+pub fn all_pcaps() -> impl Iterator<Item = String> {
+    std::fs::read_dir("data")
+        .expect("Missing test pcap file")
+        .filter_map(Result::ok)
+        .filter_map(|entry| {
+            let path = entry.path();
+            path.to_str().map(std::string::ToString::to_string)
+        })
+}
diff --git a/tests/pcap/src/client_hello.rs b/tests/pcap/src/client_hello.rs
new file mode 100644
index 00000000000..f8d9b835b2c
--- /dev/null
+++ b/tests/pcap/src/client_hello.rs
@@ -0,0 +1,83 @@
+use crate::handshake_message::Builder as MessageBuilder;
+use crate::handshake_message::Message;
+use anyhow::*;
+use std::option::Option;
+
+use crate::capture::*;
+
+#[derive(Debug, Clone, Default)]
+pub struct ClientHello {
+    pub message: Message,
+    pub ja3_hash: Option<String>,
+    pub ja3_str: Option<String>,
+}
+
+impl ClientHello {
+    const JA3_HASH: &'static str = "tls.handshake.ja3";
+    const JA3_STR: &'static str = "tls.handshake.ja3_full";
+
+    fn from_message(message: Message) -> Self {
+        let packet = &message.packet;
+        let ja3_hash = get_metadata(packet, Self::JA3_HASH).map(str::to_string);
+        let ja3_str = get_metadata(packet, Self::JA3_STR).map(str::to_string);
+        Self {
+            message,
+            ja3_hash,
+            ja3_str,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct Builder(MessageBuilder);
+
+impl Builder {
+    pub fn inner(&mut self) -> &mut MessageBuilder {
+        &mut self.0
+    }
+
+    pub fn build(mut self) -> Result<Vec<ClientHello>> {
+        self.0.set_type(1);
+
+        let mut client_hellos = Vec::new();
+        for message in self.0.build()? {
+            client_hellos.push(ClientHello::from_message(message));
+        }
+        Ok(client_hellos)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn multiple_hellos() -> Result<()> {
+        let mut builder = Builder::default();
+        builder
+            .inner()
+            .set_capture_file("data/multiple_hellos.pcap");
+        let hellos = builder.build()?;
+        assert_eq!(hellos.len(), 5);
+        Ok(())
+    }
+
+    #[test]
+    fn from_pcaps() -> Result<()> {
+        let pcaps = all_pcaps();
+
+        for pcap in pcaps {
+            let mut builder = Builder::default();
+            builder.inner().set_capture_file(&pcap);
+            let hellos = builder.build().unwrap();
+
+            assert!(!hellos.is_empty());
+            for hello in hellos {
+                assert!(hello.ja3_hash.is_some());
+                assert!(hello.ja3_str.is_some());
+            }
+        }
+
+        Ok(())
+    }
+}
diff --git a/tests/pcap/src/handshake_message.rs b/tests/pcap/src/handshake_message.rs
new file mode 100644
index 00000000000..30bae8dc4e9
--- /dev/null
+++ b/tests/pcap/src/handshake_message.rs
@@ -0,0 +1,171 @@
+use anyhow::*;
+use rtshark::Packet;
+use rtshark::RTSharkBuilder;
+use std::collections::HashSet;
+
+use crate::capture::*;
+
+#[derive(Debug, Clone, Default)]
+pub struct Message {
+    pub message_type: String,
+    pub packet: Packet,
+    pub payloads: Vec<String>,
+    pub frame_num: String,
+}
+
+impl Message {
+    const FRAGMENT: &'static str = "tls.handshake.fragment";
+    const FRAGMENTS_COUNT: &'static str = "tls.handshake.fragment.count";
+
+    pub fn to_bytes(&self) -> Result<Vec<u8>> {
+        let mut bytes = Vec::new();
+        for payload in &self.payloads {
+            let hex = payload.replace(':', "");
+            bytes.extend(&hex::decode(&hex)?[5..]);
+        }
+        Ok(bytes)
+    }
+
+    fn from_packet(packet: Packet, frame_num: String, tcp_payloads: &Vec<Packet>) -> Result<Self> {
+        let message_type = get_metadata(&packet, Builder::MESSAGE_TYPE)
+            .context("Missing handshake message type")?
+            .to_string();
+
+        let mut payload_frames = get_all_metadata(&packet, Self::FRAGMENT);
+        if payload_frames.is_empty() {
+            payload_frames.push(&frame_num);
+        }
+        let payload_frames: HashSet<&str> = HashSet::from_iter(payload_frames);
+
+        let mut payloads = Vec::new();
+        for packet in tcp_payloads {
+            if let Some(frame) = get_metadata(packet, Builder::FRAME_NUM) {
+                if payload_frames.contains(frame) {
+                    let payload = get_metadata(packet, Builder::TCP_PAYLOAD)
+                        .context("Missing tcp payload")?;
+                    payloads.push(payload.to_string());
+                }
+            }
+        }
+
+        let count = get_metadata(&packet, Self::FRAGMENTS_COUNT).unwrap_or("1");
+        if count != payloads.len().to_string() {
+            bail!("Unable to find all tcp payloads for tls message")
+        }
+
+        Ok(Self {
+            message_type,
+            packet,
+            payloads,
+            frame_num,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct Builder {
+    message_type: Option<u16>,
+    capture_file: Option<String>,
+}
+
+impl Builder {
+    const TCP_PAYLOAD: &'static str = "tcp.payload";
+    const FRAME_NUM: &'static str = "frame.number";
+    const MESSAGE_TYPE: &'static str = "tls.handshake.type";
+
+    pub(crate) fn set_type(&mut self, message_type: u16) -> &mut Self {
+        self.message_type = Some(message_type);
+        self
+    }
+
+    pub fn set_capture_file(&mut self, file: &str) -> &mut Self {
+        self.capture_file = Some(file.to_string());
+        self
+    }
+
+    fn build_from_capture(self, capture: rtshark::RTSharkBuilderReady) -> Result<Vec<Message>> {
+        let tcp_capture = capture
+            .display_filter(Self::TCP_PAYLOAD)
+            .metadata_whitelist(Self::TCP_PAYLOAD)
+            .metadata_whitelist(Self::FRAME_NUM)
+            .spawn()?;
+        let payloads = read_all(tcp_capture);
+
+        let filter = if let Some(message_type) = self.message_type {
+            format!("{} == {}", Self::MESSAGE_TYPE, message_type)
+        } else {
+            Self::MESSAGE_TYPE.to_string()
+        };
+        let message_capture = capture.display_filter(&filter).spawn()?;
+
+        let mut messages = Vec::new();
+        for packet in read_all(message_capture) {
+            let frame_num = get_metadata(&packet, Builder::FRAME_NUM)
+                .context("Missing frame number")?
+                .to_string();
+
+            let context_msg = format!("Failed to parse frame {}", &frame_num);
+            let message =
+                Message::from_packet(packet, frame_num, &payloads).context(context_msg)?;
+
+            messages.push(message);
+        }
+        Ok(messages)
+    }
+
+    pub(crate) fn build(mut self) -> Result<Vec<Message>> {
+        let file = self
+            .capture_file
+            .take()
+            .context("No capture file provided")?;
+        let capture = RTSharkBuilder::builder().input_path(&file);
+        self.build_from_capture(capture)
+            .with_context(|| format!("Failed to parse capture file {}", &file))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn fragmentation() -> Result<()> {
+        let mut builder = Builder::default();
+        builder.set_capture_file("data/fragmented_ch.pcap");
+        let messages = builder.build()?;
+
+        let first = messages.first().unwrap();
+        assert_eq!(first.payloads.len(), 3);
+        let bytes = first.to_bytes()?;
+        // Correct length read from wireshark
+        assert_eq!(bytes.len(), 16262);
+
+        Ok(())
+    }
+
+    #[test]
+    fn multiple_handshakes() -> Result<()> {
+        let mut builder = Builder::default();
+        builder.set_capture_file("data/multiple_hellos.pcap");
+        let messages = builder.build()?;
+        let count = messages.iter().filter(|m| m.message_type == "1").count();
+        assert_eq!(count, 5);
+        Ok(())
+    }
+
+    #[test]
+    fn from_pcaps() -> Result<()> {
+        let pcaps = all_pcaps();
+
+        for pcap in pcaps {
+            let pcap: String = pcap;
+
+            let mut builder = Builder::default();
+            builder.set_capture_file(&pcap);
+            let messages = builder.build().unwrap();
+            assert!(!messages.is_empty())
+        }
+
+        Ok(())
+    }
+}
diff --git a/tests/pcap/src/lib.rs b/tests/pcap/src/lib.rs
new file mode 100644
index 00000000000..cc08faeb16f
--- /dev/null
+++ b/tests/pcap/src/lib.rs
@@ -0,0 +1,3 @@
+pub mod capture;
+pub mod client_hello;
+pub mod handshake_message;
diff --git a/tests/pcap/tests/s2n_client_hellos.rs b/tests/pcap/tests/s2n_client_hellos.rs
new file mode 100644
index 00000000000..6bf3094f742
--- /dev/null
+++ b/tests/pcap/tests/s2n_client_hellos.rs
@@ -0,0 +1,56 @@
+use anyhow::*;
+use pcap::capture::all_pcaps;
+use pcap::client_hello::{Builder as PcapBuilder, ClientHello as PcapHello};
+use s2n_tls::client_hello::{ClientHello as S2NHello, FingerprintType};
+
+fn get_s2n_hello(pcap_hello: &PcapHello) -> Result<Box<S2NHello>> {
+    let bytes = pcap_hello.message.to_bytes()?;
+    Ok(S2NHello::parse_client_hello(&bytes)?)
+}
+
+fn test_all_client_hellos<F>(test_fn: F) -> Result<()>
+where
+    F: FnOnce(PcapHello, Box<S2NHello>) -> Result<()> + Copy,
+{
+    let pcaps = all_pcaps();
+    for pcap in pcaps {
+        let mut builder = PcapBuilder::default();
+        builder.inner().set_capture_file(&pcap);
+        let hellos = builder.build()?;
+
+        for hello in hellos {
+            println!(
+                "Testing ClientHello found in frame {} in {}",
+                hello.message.frame_num, pcap
+            );
+            let s2n_hello = get_s2n_hello(&hello).context("s2n failed to parse ClientHello")?;
+            test_fn(hello, s2n_hello)?;
+        }
+    }
+    Ok(())
+}
+
+#[test]
+fn parsing() -> Result<()> {
+    test_all_client_hellos(|_, _| Ok(()))
+}
+
+#[test]
+fn ja3_fingerprints() -> Result<()> {
+    test_all_client_hellos(|pcap_hello, s2n_hello| {
+        let mut s2n_ja3_hash = Vec::new();
+        s2n_hello
+            .fingerprint_hash(FingerprintType::JA3, &mut s2n_ja3_hash)
+            .context("s2n failed to calculate ja3 hash")?;
+        let s2n_ja3_hash = hex::encode(s2n_ja3_hash);
+
+        let mut s2n_ja3_str = String::with_capacity(1000);
+        s2n_hello
+            .fingerprint_string(FingerprintType::JA3, &mut s2n_ja3_str)
+            .context("s2n failed to calculate ja3 string")?;
+
+        assert_eq!(pcap_hello.ja3_hash, Some(s2n_ja3_hash));
+        assert_eq!(pcap_hello.ja3_str, Some(s2n_ja3_str));
+        Ok(())
+    })
+}