test/suite-decryption.sh

   1 #!/bin/bash
   2 #
   3 # Test decryption capabilities of the Wireshark tools
   4 #
   5 # $Id$
   6 #
   7 # Wireshark - Network traffic analyzer
   8 # By Gerald Combs <gerald@wireshark.org>
   9 # Copyright 2005 Ulf Lamping
  10 #
  11 # This program is free software; you can redistribute it and/or
  12 # modify it under the terms of the GNU General Public License
  13 # as published by the Free Software Foundation; either version 2
  14 # of the License, or (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program; if not, write to the Free Software
  23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24 #
  25
  26 # To do:
  27 #   ANSI C12.22
  28 #   DVB-CI
  29 #   IEEE 802.15.4
  30 #   IPsec / ESP
  31 #   ISAKMP / IKEv2
  32 #   PKCS#12
  33 #   SNMP
  34 #   DCERPC NETLOGON
  35 #   Kerberos
  36 #   KINK
  37 #   LDAP
  38 #   NTLMSSP
  39 #   SPNEGO
  40
  41 # common exit status values
  42 EXIT_OK=0
  43 EXIT_COMMAND_LINE=1
  44 EXIT_ERROR=2
  45
  46 UAT_FILES="
  47         80211_keys
  48         dtlsdecrypttablefile
  49         ssl_keys
  50 "
  51
  52 TEST_KEYS_DIR="$PWD/keys/"
  53 if [ "$WS_SYSTEM" == "Windows" ] ; then
  54     TEST_KEYS_DIR="`cygpath -w $TEST_KEYS_DIR`"
  55 fi
  56
  57 #TS_ARGS="-Tfields -e frame.number -e frame.time_epoch -e frame.time_delta"
  58 TS_DC_ARGS=""
  59 TS_DC_ENV="${HOME_ENV}=${TEST_HOME}"
  60
  61 DIFF_OUT=./diff-output.txt
  62
  63 # We create UATs in the source directory. Add a unique ID so we can avoid
  64 # deleting files we shouldn't.
  65 DC_ID="suite-decryption.sh-$$"
  66
  67
  68 # WPA PSK
  69 # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=wpa-Induction.pcap
  70 decryption_step_80211_wpa_psk() {
  71         env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
  72                 -o "wlan.enable_decryption: TRUE" \
  73                 -Tfields -e http.request.uri \
  74                 -r captures/wpa-Induction.pcap.gz \
  75                 -R http \
  76                 | grep favicon.ico > /dev/null 2>&1
  77         RETURNVALUE=$?
  78         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  79                 test_step_failed "Failed to decrypt IEEE 802.11 WPA PSK"
  80                 return
  81         fi
  82         test_step_ok
  83 }
  84
  85 # DTLS
  86 # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil.tgz
  87 decryption_step_dtls() {
  88         env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
  89                 -Tfields -e data.data \
  90                 -r captures/snakeoil-dtls.pcap -R http \
  91                 | grep "69:74:20:77:6f:72:6b:20:21:0a" > /dev/null 2>&1
  92         RETURNVALUE=$?
  93         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  94                 test_step_failed "Failed to decrypt DTLS"
  95                 return
  96         fi
  97         test_step_ok
  98 }
  99
 100 # SSL
 101 # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
 102 decryption_step_ssl() {
 103         env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri -r captures/rsasnakeoil2.pcap -R http | grep favicon.ico > /dev/null 2>&1
 104         RETURNVALUE=$?
 105         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 106                 test_step_failed "Failed to decrypt SSL"
 107                 return
 108         fi
 109         test_step_ok
 110 }
 111
 112 # ZigBee
 113 # https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7022
 114 decryption_step_zigbee() {
 115         env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
 116                 -r captures/sample_control4_2012-03-24.pcap \
 117                 -Tfields -e data.data \
 118                 -R zbee.aps \
 119                 | grep "30:67:63:63:38:65:20:63:34:2e:64:6d:2e:74:76:20" > /dev/null 2>&1
 120         RETURNVALUE=$?
 121         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 122                 test_step_failed "Failed to decrypt ZigBee"
 123                 return
 124         fi
 125         test_step_ok
 126 }
 127
 128 tshark_decryption_suite() {
 129         test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
 130         test_step_add "DTLS Decryption" decryption_step_dtls
 131         test_step_add "SSL Decryption" decryption_step_ssl
 132         test_step_add "ZigBee Decryption" decryption_step_zigbee
 133 }
 134
 135 decryption_cleanup_step() {
 136         for UAT in $UAT_FILES ; do
 137                 grep $DC_ID $WS_BIN_PATH/$UAT > /dev/null 2>&1
 138                 RETURNVALUE=$?
 139                 if [ $RETURNVALUE -eq $EXIT_OK ]; then
 140                         rm -f $WS_BIN_PATH/$UAT
 141                 fi
 142         done
 143         rm -rf fakehome
 144 }
 145
 146 decryption_prep_step() {
 147         decryption_cleanup_step
 148         mkdir fakehome
 149
 150         for UAT in $UAT_FILES ; do
 151                 if [ -f $WS_BIN_PATH/$UAT ] ; then
 152                         test_remark_add "$WS_BIN_PATH/$UAT exists. One or more tests may fail."
 153                 else
 154                         echo "# Created by $DC_ID" > $WS_BIN_PATH/$UAT
 155                         sed -e "s|TEST_KEYS_DIR|${TEST_KEYS_DIR//\\/\\\\x5c}|" < ./config/$UAT.tmpl >> $WS_BIN_PATH/$UAT
 156                 fi
 157         done
 158 }
 159
 160 decryption_suite() {
 161         test_step_set_pre decryption_prep_step
 162         test_step_set_post decryption_cleanup_step
 163         test_suite_add "TShark decryption" tshark_decryption_suite
 164 }
 165
 166 # Editor modelines
 167 #
 168 # Local Variables:
 169 # sh-basic-offset: 8
 170 # tab-width: 8
 171 # indent-tabs-mode: t
 172 # End:
 173 #
 174 # ex: set shiftwidth=8 tabstop=8 noexpandtab:
 175 # :indentSize=8:tabSize=8:noTabs=false: