Framework for new TLS v1.3 sniffer tests.

2020-07-17 15:56:56 -07:00 · 2020-07-17 15:56:56 -07:00 · 23a3ead758
commit 23a3ead758
parent 9409d8682f
6 changed files with 46 additions and 1 deletions
--- a/scripts/include.am
+++ b/scripts/include.am
@ -85,6 +85,9 @@ endif

 EXTRA_DIST +=  scripts/testsuite.pcap \
               scripts/sniffer-ipv6.pcap \
+               scripts/sniffer-tls13-dh.pcap \
+               scripts/sniffer-tls13-ecc.pcap \
+               scripts/sniffer-tls13-gen.sh \
               scripts/ping.test

 # leave openssl.test as extra until non bash works
--- a/scripts/sniffer-testsuite.test
+++ b/scripts/sniffer-testsuite.test
@ -8,7 +8,25 @@ echo -e "\nStaring snifftest on testsuite.pcap...\n"
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1

+# TLS v1.3 sniffer test ECC (and resumption)
+if test $# -ne 0
+then
+    ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111

+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC\n" && exit 1
+fi
+
+# TLS v1.3 sniffer test DH (and resumption)
+if test $# -ne 0
+then
+    ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
+
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH\n" && exit 1
+fi
+
+# IPv6
 if test $# -ne 0 && test "x$1" = "x-6";
 then
    echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n"
--- a/scripts/sniffer-tls13-dh.pcap
+++ b/scripts/sniffer-tls13-dh.pcap
--- a/scripts/sniffer-tls13-ecc.pcap
+++ b/scripts/sniffer-tls13-ecc.pcap
--- a/scripts/sniffer-tls13-gen.sh
+++ b/scripts/sniffer-tls13-gen.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Run these configures and the example server/client below
+# Script to generate wireshark trace for sniffer-tls13-ecc.pcap
+#./configure --enable-sniffer --enable-session-ticket && make
+
+# Script to generate wireshark trace for sniffer-tls13-dh.pcap
+#./configure --enable-sniffer --enable-session-ticket --disable-ecc && make
+
+# TLS v1.3
+./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 &
+./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256
+./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 &
+./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384
+./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 &
+./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
+
+# TLS v1.3 Resumption
+./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r &
+./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r
+./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r &
+./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r
+./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r &
+./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@ -521,7 +521,7 @@ int main(int argc, char** argv)
    else {
        /* usage error */
        printf( "usage: ./snifftest or ./snifftest dump pemKey"
-                " [server] [port] [password]\n");
+                " [server] [port] [password] [isEphemeral]\n");
        exit(EXIT_FAILURE);
    }