|
@@ -72,7 +72,7 @@ RESULT=0
|
|
|
# TLS v1.2 Static RSA Test
|
|
|
if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-static-rsa.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-static-rsa.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-static-rsa.pcap -key ./certs/server-key.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -82,45 +82,53 @@ fi
|
|
|
# TLS v1.2 Static RSA Test (IPv6)
|
|
|
if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-ipv6.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-ipv6.pcap -key ./certs/server-key.pem -server ::1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
|
[ $RESULT -ne 0 ] && echo -e "\nsnifftest (ipv6) failed\n" && exit 1
|
|
|
fi
|
|
|
|
|
|
-# TLS v1.2 sniffer keylog file test: runs sniffer on pcap and associated keylog file and compares decrypted traffic with known good output.
|
|
|
+# TLS v1.2 and v1.3 sniffer keylog file test: runs sniffer on pcap and associated keylog file and compares decrypted traffic with known good output.
|
|
|
# To regenerate the known good output, run `scripts/sniffer-gen.sh` to regenerate the pcap and keylog file, then run the sniffer on it
|
|
|
# with the same arguments as in the test below, but redirect output to `./scripts/sniffer-tls12-keylog.out`.
|
|
|
-if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_keylog == yes
|
|
|
+if test $RESULT -eq 0 && test $has_keylog == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls12-keylog.pcap...\n"
|
|
|
+ for tlsver in tls12 tls13
|
|
|
+ do
|
|
|
+ # skip tls versions we don't have compiled-in support for
|
|
|
+ [[ $tlsver == "tls12" && $has_tlsv12 == "no" ]] && continue
|
|
|
+ [[ $tlsver == "tls13" && $has_tlsv13 == "no" ]] && continue
|
|
|
|
|
|
- TMPFILE=$(mktemp)
|
|
|
- RESULT=$?
|
|
|
- [ $RESULT -ne 0 ] && echo -e "\nsnifftest keylog test failed: unable to create tmpfile\n" && rm $TMPFILE && exit 1
|
|
|
+ echo -e "\nStarting snifftest on sniffer-$tlsver-keylog.pcap...\n"
|
|
|
|
|
|
- ./sslSniffer/sslSnifferTest/snifftest \
|
|
|
- -pcap scripts/sniffer-tls12-keylog.pcap \
|
|
|
- -keylogfile scripts/sniffer-tls12-keylog.sslkeylog \
|
|
|
- -server 127.0.0.1 -port 11111 > $TMPFILE
|
|
|
+ TMPFILE=$(mktemp)
|
|
|
+ RESULT=$?
|
|
|
+ [ $RESULT -ne 0 ] && echo -e "\n$tlsver snifftest keylog test failed: unable to create tmpfile\n" && rm $TMPFILE && exit 1
|
|
|
|
|
|
- RESULT=$?
|
|
|
- [ $RESULT -ne 0 ] && echo -e "\nsnifftest keylog test failed: snifftest returned $RESULT\n" && rm $TMPFILE && exit 1
|
|
|
+ ./sslSniffer/sslSnifferTest/snifftest \
|
|
|
+ -pcap scripts/sniffer-$tlsver-keylog.pcap \
|
|
|
+ -keylogfile scripts/sniffer-$tlsver-keylog.sslkeylog \
|
|
|
+ -server 127.0.0.1 -port 11111 | tee $TMPFILE
|
|
|
|
|
|
- # sed '1d' strips out first line, which contains wolfSSL version
|
|
|
- sed '1d' $TMPFILE | diff - <(sed '1d' scripts/sniffer-tls12-keylog.out)
|
|
|
+ RESULT=$?
|
|
|
+ [ $RESULT -ne 0 ] && echo -e "\n$tlsver snifftest keylog test failed: snifftest returned $RESULT\n" && rm $TMPFILE && exit 1
|
|
|
|
|
|
- RESULT=$?
|
|
|
- [ $RESULT -ne 0 ] && echo -e "\nsnifftest keylog test failed: snifftest diff returned $RESULT\n" && rm $TMPFILE && exit 1
|
|
|
+ # use grep to only compare against decrypted output
|
|
|
+ SEARCH_STRING="SSL App Data"
|
|
|
+ grep "$SEARCH_STRING" $TMPFILE | diff - <(grep "$SEARCH_STRING" scripts/sniffer-$tlsver-keylog.out)
|
|
|
+
|
|
|
+ RESULT=$?
|
|
|
+ [ $RESULT -ne 0 ] && echo -e "\n$tlsver snifftest keylog test failed: snifftest diff returned $RESULT\n" && rm $TMPFILE && exit 1
|
|
|
|
|
|
- rm $TMPFILE
|
|
|
+ rm $TMPFILE
|
|
|
+ done
|
|
|
fi
|
|
|
|
|
|
# TLS v1.3 sniffer test ECC
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-ecc.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-ecc.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-ecc.pcap -key ./certs/statickeys/ecc-secp256r1.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -130,7 +138,7 @@ fi
|
|
|
# TLS v1.3 sniffer test DH
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-dh.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-dh.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-dh.pcap -key ./certs/statickeys/dh-ffdhe2048.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -140,7 +148,7 @@ fi
|
|
|
# TLS v1.3 sniffer test X25519
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-x25519.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-x25519.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-x25519.pcap -key ./certs/statickeys/x25519.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -150,7 +158,7 @@ fi
|
|
|
# TLS v1.3 sniffer test ECC resumption
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes && test $session_ticket == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-ecc-resume.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-ecc-resume.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-ecc-resume.pcap -key ./certs/statickeys/ecc-secp256r1.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -160,7 +168,7 @@ fi
|
|
|
# TLS v1.3 sniffer test DH
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes && test $session_ticket == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-dh-resume.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-dh-resume.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-dh-resume.pcap -key ./certs/statickeys/dh-ffdhe2048.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -170,7 +178,7 @@ fi
|
|
|
# TLS v1.3 sniffer test X25519
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes && test $session_ticket == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-x25519-resume.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-x25519-resume.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-x25519-resume.pcap -key ./certs/statickeys/x25519.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|
|
@@ -180,7 +188,7 @@ fi
|
|
|
# TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE
|
|
|
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
|
|
|
then
|
|
|
- echo -e "\nStaring snifftest on sniffer-tls13-hrr.pcap...\n"
|
|
|
+ echo -e "\nStarting snifftest on sniffer-tls13-hrr.pcap...\n"
|
|
|
./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-hrr.pcap -key ./certs/statickeys/ecc-secp256r1.pem -server 127.0.0.1 -port 11111
|
|
|
|
|
|
RESULT=$?
|