tls/random: add tests for bug 6989

diff --git a/tests/tls/tls-random-6989/README.md b/tests/tls/tls-random-6989/README.md
new file mode 100644 (file)
index 0000000..c57998a
--- /dev/null
+++ b/tests/tls/tls-random-6989/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+This test demonstrates that the TLS random buffer should match the correct direction.
+
+## PCAP
+
+Comes from the redmine ticket below.
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6989

diff --git a/tests/tls/tls-random-6989/input.pcap b/tests/tls/tls-random-6989/input.pcap
new file mode 100644 (file)
index 0000000..0378830
Binary files /dev/null and b/tests/tls/tls-random-6989/input.pcap differ

diff --git a/tests/tls/tls-random-6989/test.rules b/tests/tls/tls-random-6989/test.rules
new file mode 100644 (file)
index 0000000..fe419c9
--- /dev/null
+++ b/tests/tls/tls-random-6989/test.rules
@@ -0,0 +1,4 @@
+alert tls any any -> any any (msg:"CLIENT HELLO DATA - to_server"; flow:established,to_server; tls.random_time; content:"|54 b4 c9 7b|"; sid:1;)
+alert tls any any -> any any (msg:"CLIENT HELLO DATA - to_client"; flow:established,to_client; tls.random_time; content:"|54 b4 c9 7b|"; sid:2;)
+alert tls any any -> any any (msg:"SERVER HELLO DATA - to_server"; flow:established,to_server; tls.random_time; content:"|54 b8 f7 73|"; sid:3;)
+alert tls any any -> any any (msg:"SERVER HELLO DATA - to_client"; flow:established,to_client; tls.random_time; content:"|54 b8 f7 73|"; sid:4;)

diff --git a/tests/tls/tls-random-6989/test.yaml b/tests/tls/tls-random-6989/test.yaml
new file mode 100644 (file)
index 0000000..69bbb23
--- /dev/null
+++ b/tests/tls/tls-random-6989/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      alert.signature_id: 1
+      event_type: alert
+- filter:
+    count: 1
+    match:
+      alert.signature_id: 4
+      event_type: alert