aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuraj Somorovsky <[email protected]>2016-11-19 22:25:40 +0100
committerJuraj Somorovsky <[email protected]>2016-11-19 22:25:40 +0100
commitae2a958630cd104f4117bb897481bc86a744b09b (patch)
tree103d3fed21c732fefcae952c76d49627832b83ee
parentacf1999cb85fc6bca83ac828b66593a6767174f7 (diff)
TLS-Attacker testsuite and fuzzing
-rw-r--r--src/extra_tests/tls-attacker/README.md35
-rw-r--r--src/extra_tests/tls-attacker/fuzzing/config.xml14
-rwxr-xr-xsrc/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh8
-rwxr-xr-xsrc/extra_tests/tls-attacker/fuzzing/setup.sh31
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/server_policytest.sh17
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/server_testsuite.sh17
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/setup.sh21
7 files changed, 143 insertions, 0 deletions
diff --git a/src/extra_tests/tls-attacker/README.md b/src/extra_tests/tls-attacker/README.md
new file mode 100644
index 000000000..abff9b2c3
--- /dev/null
+++ b/src/extra_tests/tls-attacker/README.md
@@ -0,0 +1,35 @@
+# TLS-Attacker testsuite and fuzzing
+
+Extended Botan library tests with TLS-Attacker. https://github.com/RUB-NDS/TLS-Attacker
+
+## Testsuite
+Contains a testsuite to validate correct TLS server behavior.
+
+Run
+```bash
+setup.sh
+```
+to download and build the recent TLS-Attacker version, and generate RSA key pairs.
+
+Run
+```bash
+server_testsuite.sh
+server_policytest.sh
+```
+to run the tests. Testsuite executes specific TLS handshakes with the Botan server and verifies that the server correctly handles specific TLS versions and cipher suites. The policy test instantiates the Botan server with a specific policy and verifies that the server behaves according to this policy.
+
+
+## Fuzzing
+Starts the TLS-Attacker fuzzer against the Botan server.
+
+Run
+```bash
+setup.sh
+```
+to download and build the recent TLS-Attacker version, generate RSA key pairs, and re-compile Botan with Address Sanitizer.
+
+Run
+```bash
+server_fuzzer.sh
+```
+to start the fuzzer. The fuzzer config is located in `config.xml`. Per default, one Botan server is started on port 55020, with the generated RSA keys.` \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/config.xml b/src/extra_tests/tls-attacker/fuzzing/config.xml
new file mode 100644
index 000000000..5ae1c829a
--- /dev/null
+++ b/src/extra_tests/tls-attacker/fuzzing/config.xml
@@ -0,0 +1,14 @@
+<startupCommandsHolder>
+ <serverCommand>../../../../botan </serverCommand>
+ <serverPort>55020</serverPort>
+ <workflowFolder>../TLS-Attacker/resources/fuzzing/workflows</workflowFolder>
+ <modifiedVariableTypes>TLS_CONSTANT,LENGTH,COUNT,PUBLIC_KEY,PADDING,SIGNATURE,PLAIN_PROTOCOL_MESSAGE</modifiedVariableTypes>
+ <outputFolder>output/</outputFolder>
+ <startupCommandsList>
+ <startupCommands>
+ <fuzzerCommand>simple_fuzzer -connect localhost:$PORT</fuzzerCommand>
+ <serverCommandParameters>tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=$PORT </serverCommandParameters>
+ <shortName>botan-rsa</shortName>
+ </startupCommands>
+ </startupCommandsList>
+</startupCommandsHolder> \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh b/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh
new file mode 100755
index 000000000..9e23aee89
--- /dev/null
+++ b/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -d tls-testsuite ]
+then
+ cd tls-testsuite
+fi
+
+java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel ERROR multi_fuzzer -startup_command_file config.xml \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/setup.sh b/src/extra_tests/tls-attacker/fuzzing/setup.sh
new file mode 100755
index 000000000..8c83f6eff
--- /dev/null
+++ b/src/extra_tests/tls-attacker/fuzzing/setup.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ ! -d output ]
+then
+ mkdir output
+fi
+
+cd ..
+
+openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048
+openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de"
+
+if [ ! -d TLS-Attacker ]
+then
+ git clone https://github.com/RUB-NDS/TLS-Attacker.git
+fi
+
+cd TLS-Attacker
+git checkout .
+git pull
+./mvnw clean package -DskipTests=true
+
+cd ../../../../
+make clean
+export ASAN_OPTIONS=check_initialization_order=true
+if [ -n "$CC" ]
+ then ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib --cc="$CC" --cc-bin="$CXX"
+ else ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib
+fi
+
+make -j4 \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/server_policytest.sh b/src/extra_tests/tls-attacker/testsuite/server_policytest.sh
new file mode 100755
index 000000000..5cf78bc66
--- /dev/null
+++ b/src/extra_tests/tls-attacker/testsuite/server_policytest.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4434 --policy=../../../../tls-policy/BSI_TR-02102-2.txt > output/server_policytest.log 2>&1 &
+botan_pid=$!
+
+java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testtls_server -policy ../../../../tls-policy/BSI_TR-02102-2.txt -connect localhost:4434 -tls_timeout 1000
+rc=$?
+
+if [ $rc -eq 0 ]; then
+ echo Policy tests finished without failures
+else
+ echo '\n\nPolicy tests failed. See the recent error and the server log output.'
+# cat output/server_policytest.log
+fi
+
+kill $botan_pid
+exit $rc \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh b/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh
new file mode 100755
index 000000000..e26d71e1a
--- /dev/null
+++ b/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4433 > output/server_testsuite.log 2>&1 &
+botan_pid=$!
+
+java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testsuite_server -folder ../TLS-Attacker/resources/testsuite -tls_timeout 1000
+rc=$?
+
+if [ $rc -eq 0 ]; then
+ echo Tests finished without failures
+else
+ echo '\n\nTests failed. See the recent error and the server log output.'
+# cat output/server_testsuite.log
+fi
+
+kill $botan_pid
+exit $rc \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/setup.sh b/src/extra_tests/tls-attacker/testsuite/setup.sh
new file mode 100755
index 000000000..f528cd1da
--- /dev/null
+++ b/src/extra_tests/tls-attacker/testsuite/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+if [ ! -d output ]
+then
+ mkdir output
+fi
+
+cd ..
+
+openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048
+openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de"
+
+if [ ! -d TLS-Attacker ]
+then
+ git clone https://github.com/RUB-NDS/TLS-Attacker.git
+fi
+
+cd TLS-Attacker
+git checkout .
+git pull
+./mvnw clean package -DskipTests=true