mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wolfssl/scripts/sniffer-gen.sh

164 lines
8.7 KiB
Bash
Raw Normal View History

Framework for new TLS v1.3 sniffer tests.
2020-07-17 15:56:56 -07:00
#!/bin/bash
# Run these configures and the example server/client below
# Script to generate wireshark trace for sniffer-tls13-ecc.pcap
#./configure --enable-sniffer --enable-session-ticket && make
# Script to generate wireshark trace for sniffer-tls13-dh.pcap
#./configure --enable-sniffer --enable-session-ticket --disable-ecc && make
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) * Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
2021-08-31 16:28:24 -07:00
# Run: with dh or ecc
if [ "$1" == "dh" ] || [ "$1" == "ecc" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 &
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 &
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 &
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r &
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r &
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r &
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r
fi
# Script to generate wireshark trace for sniffer-tls13-x25519.pcap
#./configure --enable-sniffer --enable-session-ticket --enable-curve25519 --disable-dh --disable-ecc && make
# Run: with x25519
if [ "$1" == "x25519" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
fi
Added test case for TLS v1.3 with HRR (hello_retry_request)
2020-11-06 14:55:00 -08:00
# TLS v1.3 Hello Retry Request (save this as sniffer-tls13-hrr.pcap)
# ./configure --enable-sniffer CFLAGS="-DWOLFSSL_SNIFFER_WATCH" --disable-dh && make
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) * Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
2021-08-31 16:28:24 -07:00
# Run ./scripts/sniffer-tls13-gen.sh hrr
if [ "$1" == "hrr" ]; then
script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace.
2022-03-09 12:28:22 -06:00
# TLS v1.3 Hello Retry Request
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) * Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
2021-08-31 16:28:24 -07:00
./examples/server/server -v 4 -i -x -g &
sleep 0.1
Fixes for whitespace, script bug and bit-field type.
2022-03-23 09:31:04 -07:00
fi
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) * Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
2021-08-31 16:28:24 -07:00
Sniffer asynchronous support. * Adds stateful handling of DH shared secret computation in `SetupKeys`. * Improved the decrypt handling to use internal functions and avoid generating alerts on failures. * Fix for sniffer resume due to missing `sessionIDSz` broken in #4807. * Fix sniffer test cases to split resume (session_ticket) tests. * Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
# Run this script from the wolfSSL root
if [ ! -f wolfssl/ssl.h ]; then
echo "Run from the wolfssl root"
fixups for warnings from gcc-12: src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44); fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN); src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation; scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
exit 1
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) * Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
2021-08-31 16:28:24 -07:00
fi
Sniffer asynchronous support. * Adds stateful handling of DH shared secret computation in `SetupKeys`. * Improved the decrypt handling to use internal functions and avoid generating alerts on failures. * Fix for sniffer resume due to missing `sessionIDSz` broken in #4807. * Fix sniffer test cases to split resume (session_ticket) tests. * Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
run_sequence() {
if [ "$1" == "dh" ] || [ "$1" == "ecc" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
fi
if [ "$1" == "dh-resume" ] || [ "$1" == "ecc-resume" ]; then
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r
fi
if [ "$1" == "x25519" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
fi
# Run: with x25519_resume
if [ "$1" == "x25519-resume" ]; then
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
fi
# TLS v1.3 Hello Retry Request
if [ "$1" == "hrr" ]; then
# TLS v1.3 Hello Retry Request
./examples/server/server -v 4 -i -x -g &
sleep 0.1
./examples/client/client -v 4 -J
fi
sleep 1
}
run_capture(){
echo "configuring and building wolfssl..."
./configure --enable-sniffer $2 1>/dev/null || exit $?
make 1>/dev/null || exit $?
echo "starting capture"
tcpdump -i lo0 -nn port 11111 -w ./scripts/sniffer-tls13-$1.pcap &
tcpdump_pid=$!
run_sequence $1
kill $tcpdump_pid
}
run_capture "ecc" ""
run_capture "ecc-resume" "--enable-session-ticket"
run_capture "dh" "--disable-ecc"
run_capture "dh-resume" "--disable-ecc --enable-session-ticket"
run_capture "x25519" "--enable-curve25519 --disable-dh --disable-ecc"
run_capture "x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
run_capture "hrr" "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
Reference in New Issue Copy Permalink