From 8b802980ca023cbc4f4f3aa4c38efe5d64c4a9c7 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 16 Dec 2024 18:48:13 +0100 Subject: [PATCH] Extend tlsfuzzer coverage Signed-off-by: Jakub Jelen --- .reuse/dep5 | 4 +++- tests/cert.json.ecdsa.in | 21 +++++++++++++++++++++ tests/cert.json.eddsa.in | 25 +++++++++++++++++++++++++ tests/cert.json.part.in | 15 --------------- tests/cert.json.rsa.in | 26 ++++++++++++++++++++++++++ tests/meson.build | 1 + tests/ttlsfuzzer | 6 +++--- 7 files changed, 79 insertions(+), 19 deletions(-) create mode 100644 tests/cert.json.ecdsa.in create mode 100644 tests/cert.json.eddsa.in delete mode 100644 tests/cert.json.part.in create mode 100644 tests/cert.json.rsa.in diff --git a/.reuse/dep5 b/.reuse/dep5 index cb066372..6a5c8f43 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -29,7 +29,9 @@ Files: .github/* tools/openssl*.cnf tests/*.pem tests/cert.json.in - tests/cert.json.part.in + tests/cert.json.rsa.in + tests/cert.json.ecdsa.in + tests/cert.json.eddsa.in scripts/clean-dist.sh Copyright: (C) 2022 - 2024 Simo Sorce License: Apache-2.0 diff --git a/tests/cert.json.ecdsa.in b/tests/cert.json.ecdsa.in new file mode 100644 index 00000000..0ab1a8bf --- /dev/null +++ b/tests/cert.json.ecdsa.in @@ -0,0 +1,21 @@ +, + {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], + "comment": "Run test with @PRIURI@ without certificate verify", + "environment": {"PYTHONPATH" : "."}, + "server_hostname": "localhost", + "server_port": @PORT@, + "tests" : [ + {"name" : "test-tls13-conversation.py", + "arguments" : ["-p", "@PORT@"]}, + {"name" : "test-conversation.py", + "arguments" : ["-p", "@PORT@", "-d"]}, + {"name" : "test-signature-algorithms.py", + "arguments" : [ + "-p", "@PORT@", "-n", "0", "--ecdsa", "-g", "secp384r1", "-x", "sanity", + "-X", "handshake_failure", "-x", "explicit SHA-256+RSA or ECDSA", + "-X", "handshake_failure", "sanity", "explicit SHA-256+RSA or ECDSA" + ] + } + ] + } + diff --git a/tests/cert.json.eddsa.in b/tests/cert.json.eddsa.in new file mode 100644 index 00000000..b29e6eb3 --- /dev/null +++ b/tests/cert.json.eddsa.in @@ -0,0 +1,25 @@ +, + {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], + "comment": "Run test with @PRIURI@ without certificate verify", + "environment": {"PYTHONPATH" : "."}, + "server_hostname": "localhost", + "server_port": @PORT@, + "tests" : [ + {"name" : "test-tls13-conversation.py", + "arguments" : ["-p", "@PORT@"]}, + {"name" : "test-conversation.py", + "arguments" : ["-p", "@PORT@", "-d"]}, + {"name" : "test-signature-algorithms.py", + "arguments" : [ + "-p", "@PORT@", "--ecdsa", "-x", "implicit SHA-1 check", + "-X", "handshake_failure", "sanity", "implicit SHA-1 check" + ] + }, + {"name" : "test-tls13-eddsa.py", + "arguments" : [ + "-p", "@PORT@", "-x", "ed448 only", "-X", "handshake_failure" + ] + } + ] + } + diff --git a/tests/cert.json.part.in b/tests/cert.json.part.in deleted file mode 100644 index 5e644752..00000000 --- a/tests/cert.json.part.in +++ /dev/null @@ -1,15 +0,0 @@ -, - {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], - "comment": "Run test without certificate verify", - "environment": {"PYTHONPATH" : "."}, - "server_hostname": "localhost", - "server_port": @PORT@, - "tests" : [ - {"name" : "test-tls13-conversation.py", - "arguments" : ["-p", "@PORT@"]}, - {"name" : "test-conversation.py", - "arguments" : ["-p", "@PORT@", - "-d"]} - ] - } - diff --git a/tests/cert.json.rsa.in b/tests/cert.json.rsa.in new file mode 100644 index 00000000..03da7dd9 --- /dev/null +++ b/tests/cert.json.rsa.in @@ -0,0 +1,26 @@ +, + {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], + "comment": "Run test with @PRIURI@ without certificate verify", + "environment": {"PYTHONPATH" : "."}, + "server_hostname": "localhost", + "server_port": @PORT@, + "tests" : [ + {"name" : "test-tls13-conversation.py", + "arguments" : ["-p", "@PORT@"]}, + {"name" : "test-conversation.py", + "arguments" : ["-p", "@PORT@", "-d"]}, + {"name" : "test-sig-algs.py", + "arguments" : [ + "-p", "@PORT@", "-n", "0", + "-x", "rsa_pss_pss_sha256 only", "-X", "handshake_failure", + "-x", "rsa_pss_pss_sha384 only", "-X", "handshake_failure", + "-x", "rsa_pss_pss_sha512 only", "-X", "handshake_failure" + ] + }, + {"name" : "test-tls13-rsa-signatures.py", + "arguments" : ["-p", "@PORT@"]}, + {"name" : "test-tls13-signature-algorithms.py", + "arguments" : ["-p", "@PORT@", "-n", "0"]} + ] + } + diff --git a/tests/meson.build b/tests/meson.build index 3c640638..6e2985fa 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -157,6 +157,7 @@ foreach t, extra_args : tests env: test_env, depends: test_executables, is_parallel: false, + timeout: 60, ) endforeach endforeach diff --git a/tests/ttlsfuzzer b/tests/ttlsfuzzer index de4a5120..11c36e5c 100755 --- a/tests/ttlsfuzzer +++ b/tests/ttlsfuzzer @@ -55,14 +55,14 @@ run_tests() { prepare_test cert.json.in "$PRIURI" "$CRTURI" title PARA "Prepare test for RSA" - prepare_test cert.json.part.in "$PRIURI" "$CRTURI" + prepare_test cert.json.rsa.in "$PRIURI" "$CRTURI" title PARA "Prepare test for ECDSA" - prepare_test cert.json.part.in "$ECPRIURI" "$ECCRTURI" + prepare_test cert.json.ecdsa.in "$ECPRIURI" "$ECCRTURI" if [[ -n "$EDBASEURI" ]]; then title PARA "Prepare test for EdDSA" - prepare_test cert.json.part.in "$EDPRIURI" "$EDCRTURI" + prepare_test cert.json.eddsa.in "$EDPRIURI" "$EDCRTURI" fi # the missing closing brace