Skip to content

Commit

Permalink
Extend tlsfuzzer coverage
Browse files Browse the repository at this point in the history 
Signed-off-by: Jakub Jelen <[email protected]>
  • Loading branch information
@Jakuje
Jakuje committed Dec 17, 2024
1 parent f2fc43c commit 5e89432
Show file tree
Hide file tree
Showing 6 changed files with 109 additions and 19 deletions.
4 changes: 3 additions & 1 deletion .reuse/dep5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@ Files: .github/*
tools/openssl*.cnf
tests/*.pem
tests/cert.json.in
tests/cert.json.part.in
tests/cert.json.rsa.in
tests/cert.json.ecdsa.in
tests/cert.json.eddsa.in
scripts/clean-dist.sh
Copyright: (C) 2022 - 2024 Simo Sorce <[email protected]>
License: Apache-2.0
Expand Down
41 changes: 41 additions & 0 deletions tests/cert.json.ecdsa.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
,
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
"comment": "Run test with @PRIURI@ without certificate verify",
"environment": {"PYTHONPATH" : "."},
"server_hostname": "localhost",
"server_port": @PORT@,
"common_arguments": ["-p", "@PORT@"],
"tests" : [
{"name" : "test-tls13-conversation.py"},
{"name" : "test-conversation.py",
"arguments" : ["-d"]},
{"name" : "test-ecdsa-sig-flexibility.py",
"arguments" : [
"-n", "0",
"-e", "connect with ecdsa_brainpoolP256r1tls13_sha256 only",
"-e", "connect with ecdsa_brainpoolP384r1tls13_sha384 only",
"-e", "connect with ecdsa_brainpoolP512r1tls13_sha512 only",
"-e", "connect with sha1+ecdsa only"
]
},
{"name" : "test-signature-algorithms.py",
"arguments" : [
"-n", "0", "--ecdsa", "-g", "secp384r1",
"-x", "sanity", "-X", "handshake_failure",
"-x", "explicit SHA-256+RSA or ECDSA", "-X", "handshake_failure",
"sanity", "explicit SHA-256+RSA or ECDSA"
]
},
{"name" : "test-tls13-ecdsa-support.py",
"arguments" : [
"-n", "0",
"-x", "Test with ecdsa_secp384r1_sha384", "-X", "handshake_failure",
"-x", "Test with ecdsa_secp521r1_sha512", "-X", "handshake_failure",
"-x", "Test with ecdsa_brainpoolP256r1tls13_sha256", "-X", "handshake_failure",
"-x", "Test with ecdsa_brainpoolP384r1tls13_sha384", "-X", "handshake_failure",
"-x", "Test with ecdsa_brainpoolP512r1tls13_sha512", "-X", "handshake_failure"
]
}
]
}

23 changes: 23 additions & 0 deletions tests/cert.json.eddsa.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
,
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
"comment": "Run test with @PRIURI@ without certificate verify",
"environment": {"PYTHONPATH" : "."},
"server_hostname": "localhost",
"server_port": @PORT@,
"common_arguments": ["-p", "@PORT@"],
"tests" : [
{"name" : "test-tls13-conversation.py"},
{"name" : "test-conversation.py",
"arguments" : ["-d"]},
{"name" : "test-signature-algorithms.py",
"arguments" : [
"--ecdsa", "-x", "implicit SHA-1 check",
"-X", "handshake_failure", "sanity", "implicit SHA-1 check"
]
},
{"name" : "test-tls13-eddsa.py",
"arguments" : ["-x", "ed448 only", "-X", "handshake_failure"]
}
]
}

15 changes: 0 additions & 15 deletions tests/cert.json.part.in
View file

This file was deleted.

39 changes: 39 additions & 0 deletions tests/cert.json.rsa.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
,
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
"comment": "Run test with @PRIURI@ without certificate verify",
"environment": {"PYTHONPATH" : "."},
"server_hostname": "localhost",
"server_port": @PORT@,
"common_arguments": ["-p", "@PORT@"],
"tests" : [
{"name" : "test-tls13-conversation.py"},
{"name" : "test-conversation.py",
"arguments" : ["-d"]},
{"name" : "test-dhe-rsa-key-exchange-signatures.py",
"arguments" : [
"-n", "0",
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha1 signature", "-X", "handshake_failure",
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", "-X", "handshake_failure",
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha256 signature", "-X", "handshake_failure",
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha384 signature", "-X", "handshake_failure",
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha512 signature", "-X", "handshake_failure",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha1 signature",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha1 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha1 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha1 signature"
]
},
{"name" : "test-sig-algs.py",
"arguments" : [
"-n", "0",
"-x", "rsa_pss_pss_sha256 only", "-X", "handshake_failure",
"-x", "rsa_pss_pss_sha384 only", "-X", "handshake_failure",
"-x", "rsa_pss_pss_sha512 only", "-X", "handshake_failure"
]
},
{"name" : "test-tls13-rsa-signatures.py"},
{"name" : "test-tls13-signature-algorithms.py",
"arguments" : ["-n", "0"]}
]
}

6 changes: 3 additions & 3 deletions tests/ttlsfuzzer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,14 @@ run_tests() {
prepare_test cert.json.in "$PRIURI" "$CRTURI"

title PARA "Prepare test for RSA"
prepare_test cert.json.part.in "$PRIURI" "$CRTURI"
prepare_test cert.json.rsa.in "$PRIURI" "$CRTURI"

title PARA "Prepare test for ECDSA"
prepare_test cert.json.part.in "$ECPRIURI" "$ECCRTURI"
prepare_test cert.json.ecdsa.in "$ECPRIURI" "$ECCRTURI"

if [[ -n "$EDBASEURI" ]]; then
title PARA "Prepare test for EdDSA"
prepare_test cert.json.part.in "$EDPRIURI" "$EDCRTURI"
prepare_test cert.json.eddsa.in "$EDPRIURI" "$EDCRTURI"
fi

# the missing closing brace
Expand Down

0 comments on commit 5e89432

Please sign in to comment.