Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/protocols/ssl/keyexchange.test
Johanna Amann 84c4d53a4e Spicy TLS - full test suite pass 
With this commit, the entire Zeek test suite passes using spicy TLS.
Tests that either use a SSLv2 handshake, or DTLS are skipped, as the
parser currently does not support either.

Similarly, tests that rely on behavior we cannot replicate (baseline,
hooks, exact error messages) are passed. Other than that, all the
TLS-based tests pass with 100% the exact same baseline results.

This necessitated a couple of small tweaks to the spicy file - the
testcases uncovered several small problems.

This commit also enables cirrus tests for Spicy SSL/TLS.
2024-08-13 14:41:37 +01:00

127 lines
4 KiB
Text
Raw Blame History

# Does not work in spicy version, due to missing DTLS and SSLv2 handshake support
# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h
# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
# @TEST-EXEC: cat ssl.log > ssl-all.log
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: btest-diff ssl-all.log
# Test the new client and server key exchange events.
@load base/protocols/ssl
@load base/files/x509
module SSL;
export {
redef record Info += {
# ClientHello
client_record_version: string &log &optional;
client_random: string &log &optional;
client_cipher_suites: string &log &optional;
# ServerHello
server_record_version: string &log &optional;
server_random: string &log &optional;
# ServerKeyExchange
server_dh_p: string &log &optional;
server_dh_q: string &log &optional;
server_dh_Ys: string &log &optional;
server_ecdh_point: string &log &optional;
server_signature_sig_alg: count &log &optional;
server_signature_hash_alg: count &log &optional;
server_signature: string &log &optional;
# ServerCertificate
server_cert_sha1: string &log &optional;
# ClientKeyExchange
client_rsa_pms: string &log &optional;
client_dh_Yc: string &log &optional;
client_ecdh_point: string &log &optional;
};
}
event ssl_established(c: connection) &priority=5
{
if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 ||
! c$ssl$cert_chain[0]?$x509 )
return;
c$ssl$server_cert_sha1 = c$ssl$cert_chain[0]$sha1;
}
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
{
set_session(c);
c$ssl$client_random = bytestring_to_hexstr(client_random);
c$ssl$client_record_version = SSL::version_strings[record_version];
local ciphers_str = "";
for (i in ciphers)
{
ciphers_str += cipher_desc[ciphers[i]];
if ( i != |ciphers|-1)
{
ciphers_str += ",";
}
}
c$ssl$client_cipher_suites = ciphers_str;
}
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
{
set_session(c);
c$ssl$server_random = bytestring_to_hexstr(server_random);
c$ssl$server_record_version = SSL::version_strings[record_version];
}
event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &priority=5
{
set_session(c);
c$ssl$server_dh_p = bytestring_to_hexstr(p);
c$ssl$server_dh_q = bytestring_to_hexstr(q);
c$ssl$server_dh_Ys = bytestring_to_hexstr(Ys);
}
event ssl_ecdh_server_params(c: connection, curve: count, point: string) &priority=5
{
set_session(c);
c$ssl$server_ecdh_point = bytestring_to_hexstr(point);
}
event ssl_server_signature(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string) &priority=5
{
set_session(c);
c$ssl$server_signature_sig_alg = signature_and_hashalgorithm$SignatureAlgorithm;
c$ssl$server_signature_hash_alg = signature_and_hashalgorithm$HashAlgorithm;
c$ssl$server_signature = bytestring_to_hexstr(signature);
}
event ssl_rsa_client_pms(c: connection, pms: string) &priority=5
{
set_session(c);
c$ssl$client_rsa_pms = bytestring_to_hexstr(pms);
}
event ssl_dh_client_params(c: connection, Yc: string) &priority=5
{
set_session(c);
c$ssl$client_dh_Yc = bytestring_to_hexstr(Yc);
}
event ssl_ecdh_client_params(c: connection, point: string) &priority=5
{
set_session(c);
c$ssl$client_ecdh_point = bytestring_to_hexstr(point);
}
Reference in a new issue View git blame Copy permalink