forked from wolfSSL/wolfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsniffer-gen.sh
More file actions
executable file
·131 lines (114 loc) · 6.51 KB
/
Copy pathsniffer-gen.sh
File metadata and controls
executable file
·131 lines (114 loc) · 6.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/usr/bin/env bash
#set -x
# if we can, isolate the network namespace to eliminate port collisions.
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
export NETWORK_UNSHARE_HELPER_CALLED=yes
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --cap-add ALL --unshare-net --dev-bind / / "$0" "$@"
fi
unset AM_BWRAPPED
fi
# Run this script from the wolfSSL root
if [ ! -f wolfssl/ssl.h ]; then
echo "Run from the wolfssl root"
exit 1
fi
server_pid=0
tcpdump_pid=0
cleanup() {
if [ "$server_pid" -ne 0 ]; then kill $server_pid; server_pid=0; fi
if [ "$tcpdump_pid" -ne 0 ]; then sleep 1; kill -15 $tcpdump_pid; tcpdump_pid=0; fi
}
trap cleanup EXIT INT TERM HUP
set -o pipefail
prepend() { # Usage: cmd 2>&1 | prepend "sometext "
while read line; do echo "${1}${line}"; done
}
run_test() { # Usage: run_test <cipher> [serverArgs [clientArgs]]
echo "Running test $1"
CIPHER=$1
if [ "$CIPHER" != "" ]; then
CIPHER="-l $CIPHER"
fi
stdbuf -oL -eL ./examples/server/server -i -x $CIPHER $2 2>&1 | prepend "[server] " &
server_pid=$!
((server_pid--)) # Get the first PID in the pipe
sleep 0.1
stdbuf -oL -eL ./examples/client/client $CIPHER $3 2>&1 | prepend "[client] "
RET=$?
if [ "$RET" != 0 ]; then
echo "Error in test: $RET"
exit $RET
fi
kill $server_pid; server_pid=0
echo "Test passed: $1"
}
run_sequence() {
if [ "$1" == "tls13-dh" ] || [ "$1" == "tls13-ecc" ] || [ "$1" == "tls13-keylog" ]; then # TLS v1.3
run_test "TLS13-AES128-GCM-SHA256" "-v 4" "-v 4"
run_test "TLS13-AES256-GCM-SHA384" "-v 4" "-v 4"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4" "-v 4"
elif [ "$1" == "tls12" ] || [ "$1" == "tls12-keylog" ]; then # TLS v1.2
run_test "ECDHE-ECDSA-AES128-GCM-SHA256" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
run_test "ECDHE-ECDSA-AES256-GCM-SHA384" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
elif [ "$1" == "tls13-dh-resume" ] || [ "$1" == "tls13-ecc-resume" ]; then # TLS v1.3 Resumption
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r" "-v 4 -r"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r" "-v 4 -r"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r" "-v 4 -r"
elif [ "$1" == "tls13-x25519" ]; then # TLS v1.3
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
elif [ "$1" == "tls13-x25519-resume" ]; then # TLS v1.3 x25519 Resumption
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
elif [ "$1" == "tls13-hrr" ]; then # TLS v1.3 Hello Retry Request
run_test "" "-v 4 -g" "-v 4 -J"
else
echo "Invalid test"
exit 1
fi
}
run_capture() {
local config_flags=()
echo -e "\nconfiguring and building wolfssl ($1)..."
# Add default flags
config_flags+=(--enable-sniffer)
# If additional arguments are provided, add them to the array
if [ -n "$2" ]; then
# Convert string into an array, respecting quoted strings as a single element
eval "config_flags+=($2)"
fi
./configure "${config_flags[@]}" 1>/dev/null || exit $?
make 1>/dev/null || exit $?
if [[ "$1" == "tls12-keylog" || "$1" == "tls13-keylog" ]]; then
rm -f ./sslkeylog.log
fi
echo "starting capture"
tcpdump -i lo -n port 11111 -w ./scripts/sniffer-${1}.pcap -U &
tcpdump_pid=$!
run_sequence $1
sleep 1
kill -15 $tcpdump_pid; tcpdump_pid=0
if [[ "$1" == "tls12-keylog" || "$1" == "tls13-keylog" ]]; then
cp ./sslkeylog.log ./scripts/sniffer-${1}.sslkeylog
fi
}
run_capture "tls12" ""
run_capture "tls12-keylog" "--enable-enc-then-mac=no --enable-keylog-export CFLAGS='-Wno-cpp -DWOLFSSL_SNIFFER_KEYLOGFILE'"
run_capture "tls13-keylog" "--enable-keylog-export CFLAGS='-Wno-cpp -DWOLFSSL_SNIFFER_KEYLOGFILE'"
run_capture "tls13-ecc" ""
run_capture "tls13-ecc-resume" "--enable-session-ticket"
run_capture "tls13-dh" "--disable-ecc"
run_capture "tls13-dh-resume" "--disable-ecc --enable-session-ticket"
run_capture "tls13-x25519" "--enable-curve25519 --disable-dh --disable-ecc"
run_capture "tls13-x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
run_capture "tls13-hrr" "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
echo "Tests passed in $SECONDS seconds"