Extend tlsfuzzer coverage

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Dec 16, 2024 · 8b80298 · 8b80298
1 parent 924c9de
commit 8b80298
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 19 deletions.
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -29,7 +29,9 @@ Files: .github/*
        tools/openssl*.cnf
        tests/*.pem
        tests/cert.json.in
-       tests/cert.json.part.in
+       tests/cert.json.rsa.in
+       tests/cert.json.ecdsa.in
+       tests/cert.json.eddsa.in
        scripts/clean-dist.sh
 Copyright: (C) 2022 - 2024 Simo Sorce <[email protected]>
 License: Apache-2.0

diff --git a/tests/cert.json.ecdsa.in b/tests/cert.json.ecdsa.in
@@ -0,0 +1,21 @@
+,
+    {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
+     "comment": "Run test with @PRIURI@ without certificate verify",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+       {"name" : "test-tls13-conversation.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-p", "@PORT@", "-d"]},
+       {"name" : "test-signature-algorithms.py",
+        "arguments" : [
+          "-p", "@PORT@", "-n", "0", "--ecdsa", "-g", "secp384r1", "-x", "sanity",
+          "-X", "handshake_failure", "-x", "explicit SHA-256+RSA or ECDSA",
+          "-X", "handshake_failure", "sanity", "explicit SHA-256+RSA or ECDSA"
+        ]
+       }
+     ]
+    }
+
diff --git a/tests/cert.json.eddsa.in b/tests/cert.json.eddsa.in
@@ -0,0 +1,25 @@
+,
+    {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
+     "comment": "Run test with @PRIURI@ without certificate verify",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+       {"name" : "test-tls13-conversation.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-p", "@PORT@", "-d"]},
+       {"name" : "test-signature-algorithms.py",
+        "arguments" : [
+          "-p", "@PORT@", "--ecdsa", "-x", "implicit SHA-1 check",
+          "-X", "handshake_failure", "sanity", "implicit SHA-1 check"
+        ]
+       },
+       {"name" : "test-tls13-eddsa.py",
+        "arguments" : [
+          "-p", "@PORT@", "-x", "ed448 only", "-X", "handshake_failure"
+        ]
+       }
+     ]
+    }
+
diff --git a/tests/cert.json.part.in b/tests/cert.json.part.in
diff --git a/tests/cert.json.rsa.in b/tests/cert.json.rsa.in
@@ -0,0 +1,26 @@
+,
+    {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
+     "comment": "Run test with @PRIURI@ without certificate verify",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+       {"name" : "test-tls13-conversation.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-p", "@PORT@", "-d"]},
+       {"name" : "test-sig-algs.py",
+        "arguments" : [
+          "-p", "@PORT@", "-n", "0",
+          "-x", "rsa_pss_pss_sha256 only", "-X", "handshake_failure",
+          "-x", "rsa_pss_pss_sha384 only", "-X", "handshake_failure",
+          "-x", "rsa_pss_pss_sha512 only", "-X", "handshake_failure"
+        ]
+       },
+       {"name" : "test-tls13-rsa-signatures.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-tls13-signature-algorithms.py",
+        "arguments" : ["-p", "@PORT@", "-n", "0"]}
+     ]
+    }
+
diff --git a/tests/meson.build b/tests/meson.build
@@ -157,6 +157,7 @@ foreach t, extra_args : tests
       env: test_env,
       depends: test_executables,
       is_parallel: false,
+      timeout: 60,
     )
   endforeach
 endforeach
diff --git a/tests/ttlsfuzzer b/tests/ttlsfuzzer
@@ -55,14 +55,14 @@ run_tests() {
     prepare_test cert.json.in "$PRIURI" "$CRTURI"
 
     title PARA "Prepare test for RSA"
-    prepare_test cert.json.part.in "$PRIURI" "$CRTURI"
+    prepare_test cert.json.rsa.in "$PRIURI" "$CRTURI"
 
     title PARA "Prepare test for ECDSA"
-    prepare_test cert.json.part.in "$ECPRIURI" "$ECCRTURI"
+    prepare_test cert.json.ecdsa.in "$ECPRIURI" "$ECCRTURI"
 
     if [[ -n "$EDBASEURI" ]]; then
         title PARA "Prepare test for EdDSA"
-        prepare_test cert.json.part.in "$EDPRIURI" "$EDCRTURI"
+        prepare_test cert.json.eddsa.in "$EDPRIURI" "$EDCRTURI"
     fi
 
     # the missing closing brace