diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-01-29 23:19:48 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-01-31 06:46:45 +0000 |
| commit | 58fb6e1acd67957eefa27de96c8ddb7de612e1e7 (patch) | |
| tree | 8aee66a27fa2d9fea1b89d13708a809bbeb98d5a /test | |
| parent | d4e3975ee7e5a2b826af988764c78c7d507d320d (diff) | |
| download | wireshark-58fb6e1acd67957eefa27de96c8ddb7de612e1e7.tar.gz wireshark-58fb6e1acd67957eefa27de96c8ddb7de612e1e7.tar.bz2 wireshark-58fb6e1acd67957eefa27de96c8ddb7de612e1e7.zip | |
test: add (D)TLS test for AEAD ciphers
TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).
The decryption suite passes these tests on:
* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
so tests that depend on RSA keys fail here (but the new tests pass).
Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/captures/dtls12-aes128ccm8.pcap | bin | 0 -> 1535 bytes | |||
| -rw-r--r-- | test/captures/tls12-aes128ccm.pcap | bin | 0 -> 2057 bytes | |||
| -rw-r--r-- | test/captures/tls12-aes256gcm.pcap | bin | 0 -> 2064 bytes | |||
| -rwxr-xr-x | test/suite-decryption.sh | 45 |
4 files changed, 45 insertions, 0 deletions
diff --git a/test/captures/dtls12-aes128ccm8.pcap b/test/captures/dtls12-aes128ccm8.pcap Binary files differnew file mode 100644 index 0000000000..3e293c1458 --- /dev/null +++ b/test/captures/dtls12-aes128ccm8.pcap diff --git a/test/captures/tls12-aes128ccm.pcap b/test/captures/tls12-aes128ccm.pcap Binary files differnew file mode 100644 index 0000000000..6f032a70c2 --- /dev/null +++ b/test/captures/tls12-aes128ccm.pcap diff --git a/test/captures/tls12-aes256gcm.pcap b/test/captures/tls12-aes256gcm.pcap Binary files differnew file mode 100644 index 0000000000..576739c852 --- /dev/null +++ b/test/captures/tls12-aes256gcm.pcap diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh index 8e9e6546f6..7545b47ed0 100755 --- a/test/suite-decryption.sh +++ b/test/suite-decryption.sh @@ -162,6 +162,20 @@ decryption_step_dtls() { test_step_ok } +# DTLS 1.2 with PSK, AES-128-CCM-8 +decryption_step_dtls_psk_aes128ccm8() { + output=$($TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \ + -odtls.psk:ca19e028a8a372ad2d325f950fcaceed \ + -r "$CAPTURE_DIR/dtls12-aes128ccm8.pcap" -x) + one='DTLS1.2 test usi*ng GnuTLS 3.5.8.' + two='Works for me!.' + if [[ "$output" != *${one}*${one}*${two}*${two}* ]]; then + test_step_failed "Failed to decrypt DTLS 1.2 (PSK AES-128-CCM-8)" + return + fi + test_step_ok +} + # IPsec ESP # https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12671 decryption_step_ipsec_esp() { @@ -260,6 +274,34 @@ decryption_step_ssl_renegotiation() { test_step_ok } +# TLS 1.2 with PSK, AES-128-CCM +decryption_step_tls_psk_aes128ccm() { + $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -q \ + -ossl.psk:ca19e028a8a372ad2d325f950fcaceed \ + -r "$CAPTURE_DIR/tls12-aes128ccm.pcap" -z follow,ssl,ascii,0 \ + | grep -q http://www.gnu.org/software/gnutls + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Failed to decrypt TLS 1.2 (PSK AES-128-CCM)" + return + fi + test_step_ok +} + +# TLS 1.2 with PSK, AES-256-GCM +decryption_step_tls_psk_aes256gcm() { + $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -q \ + -ossl.psk:ca19e028a8a372ad2d325f950fcaceed \ + -r "$CAPTURE_DIR/tls12-aes256gcm.pcap" -z follow,ssl,ascii,0 \ + | grep -q http://www.gnu.org/software/gnutls + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Failed to decrypt TLS 1.2 (PSK AES-256-GCM)" + return + fi + test_step_ok +} + # ZigBee # https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7022 decryption_step_zigbee() { @@ -531,12 +573,15 @@ tshark_decryption_suite() { test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap test_step_add "IEEE 802.11 WPA TDLS Decryption" decryption_step_80211_wpa_tdls test_step_add "DTLS Decryption" decryption_step_dtls + test_step_add "DTLS 1.2 Decryption (PSK AES-128-CCM-8)" decryption_step_dtls_psk_aes128ccm8 test_step_add "IPsec ESP Decryption" decryption_step_ipsec_esp test_step_add "SSL Decryption (private key)" decryption_step_ssl test_step_add "SSL Decryption (RSA private key with p smaller than q)" decryption_step_ssl_rsa_pq test_step_add "SSL Decryption (private key with password)" decryption_step_ssl_with_password test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret test_step_add "SSL Decryption (renegotiation)" decryption_step_ssl_renegotiation + test_step_add "TLS 1.2 Decryption (PSK AES-128-CCM)" decryption_step_tls_psk_aes128ccm + test_step_add "TLS 1.2 Decryption (PSK AES-256-GCM)" decryption_step_tls_psk_aes256gcm test_step_add "ZigBee Decryption" decryption_step_zigbee test_step_add "ANSI C12.22 Decryption" decryption_step_c1222 test_step_add "DVB-CI Decryption" decryption_step_dvb_ci |