diff --git a/scripts/include.am b/scripts/include.am index 195dae78a..50eeed9a3 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -85,6 +85,9 @@ endif EXTRA_DIST += scripts/testsuite.pcap \ scripts/sniffer-ipv6.pcap \ + scripts/sniffer-tls13-dh.pcap \ + scripts/sniffer-tls13-ecc.pcap \ + scripts/sniffer-tls13-gen.sh \ scripts/ping.test # leave openssl.test as extra until non bash works diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test index 491c1197e..312549921 100755 --- a/scripts/sniffer-testsuite.test +++ b/scripts/sniffer-testsuite.test @@ -8,7 +8,25 @@ echo -e "\nStaring snifftest on testsuite.pcap...\n" RESULT=$? [ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1 +# TLS v1.3 sniffer test ECC (and resumption) +if test $# -ne 0 +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC\n" && exit 1 +fi + +# TLS v1.3 sniffer test DH (and resumption) +if test $# -ne 0 +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH\n" && exit 1 +fi + +# IPv6 if test $# -ne 0 && test "x$1" = "x-6"; then echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n" diff --git a/scripts/sniffer-tls13-dh.pcap b/scripts/sniffer-tls13-dh.pcap new file mode 100644 index 000000000..e1ca556a0 Binary files /dev/null and b/scripts/sniffer-tls13-dh.pcap differ diff --git a/scripts/sniffer-tls13-ecc.pcap b/scripts/sniffer-tls13-ecc.pcap new file mode 100644 index 000000000..371eec3dd Binary files /dev/null and b/scripts/sniffer-tls13-ecc.pcap differ diff --git a/scripts/sniffer-tls13-gen.sh b/scripts/sniffer-tls13-gen.sh new file mode 100755 index 000000000..7f7f537c9 --- /dev/null +++ b/scripts/sniffer-tls13-gen.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Run these configures and the example server/client below +# Script to generate wireshark trace for sniffer-tls13-ecc.pcap +#./configure --enable-sniffer --enable-session-ticket && make + +# Script to generate wireshark trace for sniffer-tls13-dh.pcap +#./configure --enable-sniffer --enable-session-ticket --disable-ecc && make + +# TLS v1.3 +./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 & +./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 +./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 & +./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 +./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 & +./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 + +# TLS v1.3 Resumption +./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r & +./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r +./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r & +./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r +./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r & +./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 7d42f0bd1..e0cc0c939 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -521,7 +521,7 @@ int main(int argc, char** argv) else { /* usage error */ printf( "usage: ./snifftest or ./snifftest dump pemKey" - " [server] [port] [password]\n"); + " [server] [port] [password] [isEphemeral]\n"); exit(EXIT_FAILURE); }