diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-08-17 00:36:55 +0200 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2018-08-17 07:28:56 +0000 |
| commit | 62874e37789272afdcf97d25339428b60b2c84b0 (patch) | |
| tree | 69ac5a9b06404ab056b85da472632ac1341bd05e /test/suite_decryption.py | |
| parent | fd7ec355ec4bf1f7c8129ff01135bb1387959a7e (diff) | |
TLS13: add final tests for RFC 8446
Add TLS 1.3 tests that verify decryption of handshake, application and
early data. Add another test that shows that early data is properly
skipped. This completes TLS 1.3 (RFC 8446) decryption support.
The trace was created using boringssl c4131a4a23a1.
Bug: 12779
Change-Id: Iddd266ecd3f428c95aa3f69616ce55e75d4ccca0
Reviewed-on: https://code.wireshark.org/review/29170
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'test/suite_decryption.py')
| -rw-r--r-- | test/suite_decryption.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 33a3eb197f..875a1cc02a 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -259,6 +259,58 @@ class case_decrypt_tls(subprocesstest.SubprocessTestCase): env=config.test_env) self.assertTrue(self.grepOutput('TLS13-CHACHA20-POLY1305-SHA256')) + def test_tls13_rfc8446(self): + '''TLS 1.3 (normal session, then early data followed by normal data).''' + if not config.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + capture_file = os.path.join(config.capture_dir, 'tls13-rfc8446.pcap') + key_file = os.path.join(config.key_dir, 'tls13-rfc8446.keys') + proc = self.runProcess((config.cmd_tshark, + '-r', capture_file, + '-ossl.keylog_file:{}'.format(key_file), + '-Y', 'http', + '-Tfields', + '-e', 'frame.number', + '-e', 'http.request.uri', + '-e', 'http.file_data', + '-E', 'separator=|', + ), + env=config.test_env) + self.assertEqual([ + r'5|/first|', + r'6||Request for /first, version TLSv1.3, Early data: no\n', + r'8|/early|', + r'10||Request for /early, version TLSv1.3, Early data: yes\n', + r'12|/second|', + r'13||Request for /second, version TLSv1.3, Early data: yes\n', + ], proc.stdout_str.splitlines()) + + def test_tls13_rfc8446_noearly(self): + '''TLS 1.3 (with undecryptable early data).''' + if not config.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + capture_file = os.path.join(config.capture_dir, 'tls13-rfc8446.pcap') + key_file = os.path.join(config.key_dir, 'tls13-rfc8446-noearly.keys') + proc = self.runProcess((config.cmd_tshark, + '-r', capture_file, + '-ossl.keylog_file:{}'.format(key_file), + '-Y', 'http', + '-Tfields', + '-e', 'frame.number', + '-e', 'http.request.uri', + '-e', 'http.file_data', + '-E', 'separator=|', + ), + env=config.test_env) + self.assertEqual([ + r'5|/first|', + r'6||Request for /first, version TLSv1.3, Early data: no\n', + r'10||Request for /early, version TLSv1.3, Early data: yes\n', + r'12|/second|', + r'13||Request for /second, version TLSv1.3, Early data: yes\n', + ], proc.stdout_str.splitlines()) + + class case_decrypt_zigbee(subprocesstest.SubprocessTestCase): def test_zigbee(self): '''ZigBee''' |