diff options
author | Martin Kaiser <wireshark@kaiser.cx> | 2014-03-11 22:46:25 +0100 |
---|---|---|
committer | Martin Kaiser <wireshark@kaiser.cx> | 2014-03-13 21:42:50 +0000 |
commit | ba32257cb6226d15d310080071c698f2d6903c88 (patch) | |
tree | 5de9d6d24237249ef5fcbee67026a4bdfc814873 /test | |
parent | c9956e35f2d8648a9045d318541ed5c8aef9df20 (diff) |
add a test for SSL/TLS decryption using the master secret
rename the existing SSL test to clarify that it uses the server's
private key for decryption
Change-Id: I13598fc4cf724b144a8f27bfa7a3316acfc78728
Reviewed-on: https://code.wireshark.org/review/640
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/dhe1.pcapng.gz | bin | 0 -> 1180 bytes | |||
-rw-r--r-- | test/keys/dhe1_keylog.dat | 2 | ||||
-rwxr-xr-x | test/suite-decryption.sh | 23 |
3 files changed, 22 insertions, 3 deletions
diff --git a/test/captures/dhe1.pcapng.gz b/test/captures/dhe1.pcapng.gz Binary files differnew file mode 100644 index 0000000000..3811257635 --- /dev/null +++ b/test/captures/dhe1.pcapng.gz diff --git a/test/keys/dhe1_keylog.dat b/test/keys/dhe1_keylog.dat new file mode 100644 index 0000000000..98819f30d1 --- /dev/null +++ b/test/keys/dhe1_keylog.dat @@ -0,0 +1,2 @@ +# the client's random number and the master secret for test/captures/dhe1.pcapng.gz +CLIENT_RANDOM 531f88d114fcf9ce9729b5458f73e1807324459029ee4bea43f8ee4ce06c77c0 3CC9E5068E674393C10E540430F60AB794C028B277CAD9C708758400B803AD4FC81D6796AFD14D8952F7CD9E4268B4DB diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh index 0212bea42a..e8b512a53b 100755 --- a/test/suite-decryption.sh +++ b/test/suite-decryption.sh @@ -90,7 +90,7 @@ decryption_step_dtls() { test_step_ok } -# SSL +# SSL, using the server's private key # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz decryption_step_ssl() { env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \ @@ -98,7 +98,23 @@ decryption_step_ssl() { | grep favicon.ico > /dev/null 2>&1 RETURNVALUE=$? if [ ! $RETURNVALUE -eq $EXIT_OK ]; then - test_step_failed "Failed to decrypt SSL" + test_step_failed "Failed to decrypt SSL using the server's private key" + return + fi + test_step_ok +} + +# SSL, using the master secret +decryption_step_ssl_master_secret() { + env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \ + -o "ssl.keylog_file: $TEST_KEYS_DIR/dhe1_keylog.dat" \ + -o "ssl.desegment_ssl_application_data: FALSE" \ + -o "http.ssl.port: 443" \ + -r "$CAPTURE_DIR/dhe1.pcapng.gz" -Y http \ + | grep test > /dev/null 2>&1 + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Failed to decrypt SSL using the master secret" return fi test_step_ok @@ -159,7 +175,8 @@ decryption_step_dvb_ci() { tshark_decryption_suite() { test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk test_step_add "DTLS Decryption" decryption_step_dtls - test_step_add "SSL Decryption" decryption_step_ssl + test_step_add "SSL Decryption (private key)" decryption_step_ssl + test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret test_step_add "ZigBee Decryption" decryption_step_zigbee test_step_add "ANSI C12.22 Decryption" decryption_step_c1222 test_step_add "DVB-CI Decryption" decryption_step_dvb_ci |