2
0

sniffer-testsuite.test 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
  1. #!/bin/bash
  2. #sniffer-testsuite.test
  3. # if we can, isolate the network namespace to eliminate port collisions.
  4. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
  5. if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
  6. export NETWORK_UNSHARE_HELPER_CALLED=yes
  7. exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
  8. fi
  9. elif [ "${AM_BWRAPPED-}" != "yes" ]; then
  10. bwrap_path="$(command -v bwrap)"
  11. if [ -n "$bwrap_path" ]; then
  12. export AM_BWRAPPED=yes
  13. exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
  14. fi
  15. unset AM_BWRAPPED
  16. fi
  17. has_tlsv13=no
  18. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v13 '
  19. if [ $? -eq 0 ]; then
  20. has_tlsv13=yes
  21. fi
  22. has_tlsv12=no
  23. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v12 '
  24. if [ $? -eq 0 ]; then
  25. has_tlsv12=yes
  26. fi
  27. has_rsa=no
  28. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa '
  29. if [ $? -eq 0 ]; then
  30. has_rsa=yes
  31. fi
  32. has_ecc=no
  33. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'ecc '
  34. if [ $? -eq 0 ]; then
  35. has_ecc=yes
  36. fi
  37. has_x25519=no
  38. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'x22519 '
  39. if [ $? -eq 0 ]; then
  40. has_x25519=yes
  41. fi
  42. has_dh=no
  43. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'dh '
  44. if [ $? -eq 0 ]; then
  45. has_dh=yes
  46. fi
  47. # ./configure --enable-sniffer [--enable-session-ticket]
  48. # Resumption tests require "--enable-session-ticket"
  49. session_ticket=no
  50. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'session_ticket '
  51. if [ $? -eq 0 ]; then
  52. session_ticket=yes
  53. fi
  54. has_static_rsa=no
  55. ./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa_static '
  56. if [ $? -eq 0 ]; then
  57. has_static_rsa=yes
  58. fi
  59. RESULT=0
  60. # TLS v1.2 Static RSA Test
  61. if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
  62. then
  63. echo -e "\nStaring snifftest on testsuite.pcap...\n"
  64. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-static-rsa.pcap ./certs/server-key.pem 127.0.0.1 11111
  65. RESULT=$?
  66. [ $RESULT -ne 0 ] && echo -e "\nsnifftest static RSA failed\n" && exit 1
  67. fi
  68. # TLS v1.2 Static RSA Test (IPv6)
  69. if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
  70. then
  71. echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n"
  72. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-ipv6.pcap ./certs/server-key.pem ::1 11111
  73. RESULT=$?
  74. [ $RESULT -ne 0 ] && echo -e "\nsnifftest (ipv6) failed\n" && exit 1
  75. fi
  76. # TLS v1.3 sniffer test ECC
  77. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
  78. then
  79. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
  80. RESULT=$?
  81. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
  82. fi
  83. # TLS v1.3 sniffer test DH
  84. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes
  85. then
  86. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
  87. RESULT=$?
  88. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
  89. fi
  90. # TLS v1.3 sniffer test X25519
  91. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes
  92. then
  93. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
  94. RESULT=$?
  95. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
  96. fi
  97. # TLS v1.3 sniffer test ECC resumption
  98. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes && test $session_ticket == yes
  99. then
  100. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc-resume.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
  101. RESULT=$?
  102. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
  103. fi
  104. # TLS v1.3 sniffer test DH
  105. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes && test $session_ticket == yes
  106. then
  107. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh-resume.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
  108. RESULT=$?
  109. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
  110. fi
  111. # TLS v1.3 sniffer test X25519
  112. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes && test $session_ticket == yes
  113. then
  114. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519-resume.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
  115. RESULT=$?
  116. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
  117. fi
  118. # TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE
  119. if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
  120. then
  121. ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-hrr.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
  122. RESULT=$?
  123. [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 HRR failed\n" && exit 1
  124. fi
  125. echo -e "\nSuccess!\n"
  126. exit 0