Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/scripts/base/protocols/ssl/tls13.test
Florian Wilkens 2d950ffde9 ssl: rudimentary decryption for TLS 1.2 
Several limitations still apply:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the only supported cipher suite
- Some tests are broken due to a failing assertion regarding bytestring
- No newly written tests for decryption (the patch was tested extensively for our paper)
- Several small open technical questions marked with FIXME
- Architecture in the ssl module might not be optimal
2021-04-19 17:38:02 +02:00

53 lines
2.2 KiB
Text
Raw Blame History

# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary-aborted.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT
# @TEST-EXEC: cat ssl.log > ssl-out.log
# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13draft16-ff52.a01-aborted.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13draft16-ff52.a01.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13_psk_succesfull.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "hrr.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/hrr.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: btest-diff ssl-out.log
# @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl
redef SSL::disable_analyzer_after_detection=F;
event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec)
{
print "key_share", c$id, is_orig;
for ( i in curves )
{
print SSL::ec_curves[curves[i]];
}
}
event ssl_established(c: connection)
{
print "established", c$id;
}
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count, payload: string)
{
print "encrypted", c$id, is_orig, SSL::version_strings[record_version], content_type;
}
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
{
print "client", SSL::version_strings[record_version], SSL::version_strings[version];
}
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
{
print "server", SSL::version_strings[record_version], SSL::version_strings[version];
}
Reference in a new issue View git blame Copy permalink