aboutsummaryrefslogtreecommitdiffstats
path: root/src/extra_tests
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-01 07:42:09 -0400
committerJack Lloyd <[email protected]>2017-09-02 05:18:11 -0400
commit6693454c7cfd40b733520b90f9fbb5737faab069 (patch)
treee70d700d06ae96f9c2f624493460d17cfd2aad45 /src/extra_tests
parentdc672bf97fb3ffa582fe66ba20ab483df05e01ae (diff)
Add a script for running TLS-Attacker, remove old shell scripts
[ci skip]
Diffstat (limited to 'src/extra_tests')
-rw-r--r--src/extra_tests/tls-attacker/README.md35
-rw-r--r--src/extra_tests/tls-attacker/fuzzing/config.xml14
-rwxr-xr-xsrc/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh8
-rwxr-xr-xsrc/extra_tests/tls-attacker/fuzzing/setup.sh31
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/server_policytest.sh17
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/server_testsuite.sh17
-rwxr-xr-xsrc/extra_tests/tls-attacker/testsuite/setup.sh21
-rw-r--r--src/extra_tests/tls_scanner/policy.txt19
-rw-r--r--src/extra_tests/tls_scanner/readme.txt5
-rwxr-xr-xsrc/extra_tests/tls_scanner/tls_scanner.py60
-rw-r--r--src/extra_tests/tls_scanner/urls.txt61
11 files changed, 0 insertions, 288 deletions
diff --git a/src/extra_tests/tls-attacker/README.md b/src/extra_tests/tls-attacker/README.md
deleted file mode 100644
index abff9b2c3..000000000
--- a/src/extra_tests/tls-attacker/README.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# TLS-Attacker testsuite and fuzzing
-
-Extended Botan library tests with TLS-Attacker. https://github.com/RUB-NDS/TLS-Attacker
-
-## Testsuite
-Contains a testsuite to validate correct TLS server behavior.
-
-Run
-```bash
-setup.sh
-```
-to download and build the recent TLS-Attacker version, and generate RSA key pairs.
-
-Run
-```bash
-server_testsuite.sh
-server_policytest.sh
-```
-to run the tests. Testsuite executes specific TLS handshakes with the Botan server and verifies that the server correctly handles specific TLS versions and cipher suites. The policy test instantiates the Botan server with a specific policy and verifies that the server behaves according to this policy.
-
-
-## Fuzzing
-Starts the TLS-Attacker fuzzer against the Botan server.
-
-Run
-```bash
-setup.sh
-```
-to download and build the recent TLS-Attacker version, generate RSA key pairs, and re-compile Botan with Address Sanitizer.
-
-Run
-```bash
-server_fuzzer.sh
-```
-to start the fuzzer. The fuzzer config is located in `config.xml`. Per default, one Botan server is started on port 55020, with the generated RSA keys.` \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/config.xml b/src/extra_tests/tls-attacker/fuzzing/config.xml
deleted file mode 100644
index 5ae1c829a..000000000
--- a/src/extra_tests/tls-attacker/fuzzing/config.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<startupCommandsHolder>
- <serverCommand>../../../../botan </serverCommand>
- <serverPort>55020</serverPort>
- <workflowFolder>../TLS-Attacker/resources/fuzzing/workflows</workflowFolder>
- <modifiedVariableTypes>TLS_CONSTANT,LENGTH,COUNT,PUBLIC_KEY,PADDING,SIGNATURE,PLAIN_PROTOCOL_MESSAGE</modifiedVariableTypes>
- <outputFolder>output/</outputFolder>
- <startupCommandsList>
- <startupCommands>
- <fuzzerCommand>simple_fuzzer -connect localhost:$PORT</fuzzerCommand>
- <serverCommandParameters>tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=$PORT </serverCommandParameters>
- <shortName>botan-rsa</shortName>
- </startupCommands>
- </startupCommandsList>
-</startupCommandsHolder> \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh b/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh
deleted file mode 100755
index 9e23aee89..000000000
--- a/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-if [ -d tls-testsuite ]
-then
- cd tls-testsuite
-fi
-
-java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel ERROR multi_fuzzer -startup_command_file config.xml \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/fuzzing/setup.sh b/src/extra_tests/tls-attacker/fuzzing/setup.sh
deleted file mode 100755
index 8c83f6eff..000000000
--- a/src/extra_tests/tls-attacker/fuzzing/setup.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-if [ ! -d output ]
-then
- mkdir output
-fi
-
-cd ..
-
-openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048
-openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de"
-
-if [ ! -d TLS-Attacker ]
-then
- git clone https://github.com/RUB-NDS/TLS-Attacker.git
-fi
-
-cd TLS-Attacker
-git checkout .
-git pull
-./mvnw clean package -DskipTests=true
-
-cd ../../../../
-make clean
-export ASAN_OPTIONS=check_initialization_order=true
-if [ -n "$CC" ]
- then ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib --cc="$CC" --cc-bin="$CXX"
- else ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib
-fi
-
-make -j4 \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/server_policytest.sh b/src/extra_tests/tls-attacker/testsuite/server_policytest.sh
deleted file mode 100755
index 1237a2c1e..000000000
--- a/src/extra_tests/tls-attacker/testsuite/server_policytest.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4434 --policy=../../../tests/data/tls-policy/bsi.txt > output/server_policytest.log 2>&1 &
-botan_pid=$!
-
-java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testtls_server -policy ../../../tests/data/tls-policy/bsi.txt -connect localhost:4434 -tls_timeout 1000
-rc=$?
-
-if [ $rc -eq 0 ]; then
- echo Policy tests finished without failures
-else
- echo '\n\nPolicy tests failed. See the recent error and the server log output.'
-# cat output/server_policytest.log
-fi
-
-kill $botan_pid
-exit $rc \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh b/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh
deleted file mode 100755
index e26d71e1a..000000000
--- a/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4433 > output/server_testsuite.log 2>&1 &
-botan_pid=$!
-
-java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testsuite_server -folder ../TLS-Attacker/resources/testsuite -tls_timeout 1000
-rc=$?
-
-if [ $rc -eq 0 ]; then
- echo Tests finished without failures
-else
- echo '\n\nTests failed. See the recent error and the server log output.'
-# cat output/server_testsuite.log
-fi
-
-kill $botan_pid
-exit $rc \ No newline at end of file
diff --git a/src/extra_tests/tls-attacker/testsuite/setup.sh b/src/extra_tests/tls-attacker/testsuite/setup.sh
deleted file mode 100755
index f528cd1da..000000000
--- a/src/extra_tests/tls-attacker/testsuite/setup.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh
-
-if [ ! -d output ]
-then
- mkdir output
-fi
-
-cd ..
-
-openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048
-openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de"
-
-if [ ! -d TLS-Attacker ]
-then
- git clone https://github.com/RUB-NDS/TLS-Attacker.git
-fi
-
-cd TLS-Attacker
-git checkout .
-git pull
-./mvnw clean package -DskipTests=true
diff --git a/src/extra_tests/tls_scanner/policy.txt b/src/extra_tests/tls_scanner/policy.txt
deleted file mode 100644
index a9854ee54..000000000
--- a/src/extra_tests/tls_scanner/policy.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-allow_tls10=true
-allow_tls11=true
-allow_tls12=true
-allow_dtls10=false
-allow_dtls12=false
-
-# Camellia first just to see if there is anyone out there who will negotiate it with us
-ciphers=Camellia-128 Camellia-256 Camellia-128/GCM Camellia-256/GCM ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256 AES-128
-signature_hashes=SHA-384 SHA-256 SHA-1
-macs=AEAD SHA-384 SHA-256 SHA-1
-key_exchange_methods=CECPQ1 ECDH DH RSA
-signature_methods=ECDSA RSA DSA
-ecc_curves=x25519 secp256r1 secp384r1
-minimum_dh_group_size=1024
-minimum_ecdh_group_size=255
-minimum_rsa_bits=2048
-
-allow_insecure_renegotiation=false
-allow_server_initiated_renegotiation=false
diff --git a/src/extra_tests/tls_scanner/readme.txt b/src/extra_tests/tls_scanner/readme.txt
deleted file mode 100644
index a4754b02d..000000000
--- a/src/extra_tests/tls_scanner/readme.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-
-Simple script to scan hosts to check basic TLS client compatability.
-
-URL list chosen mostly from large tech/software vendors, feel free to
-send suggestions.
diff --git a/src/extra_tests/tls_scanner/tls_scanner.py b/src/extra_tests/tls_scanner/tls_scanner.py
deleted file mode 100755
index 8fdf046ca..000000000
--- a/src/extra_tests/tls_scanner/tls_scanner.py
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/bin/python2
-
-import sys
-import time
-import subprocess
-import re
-
-def format_report(client_output):
- version_re = re.compile('TLS (v1\.[0-2]) using ([A-Z0-9_]+)')
-
- version_match = version_re.search(client_output)
-
- #print client_output
-
- if version_match:
- return "Established %s %s" % (version_match.group(1), version_match.group(2))
- else:
- return client_output
-
-def scanner(args = None):
- if args is None:
- args = sys.argv
-
- if len(args) != 2:
- print "Error: Usage tls_scanner.py host_file"
- return 2
-
- scanners = {}
-
- for url in [s.strip() for s in open(args[1]).readlines()]:
- scanners[url] = subprocess.Popen(['../../../botan', 'tls_client', '--policy=policy.txt', url],
- stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
-
- for url in scanners.keys():
- scanners[url].stdin.close()
-
- report = {}
- timeout = 10
-
- for url in scanners.keys():
- print "waiting for", url
-
- for i in range(timeout):
- scanners[url].poll()
- if scanners[url].returncode != None:
- break
- #print "Waiting %d more seconds for %s" % (timeout-i, url)
- time.sleep(1)
-
- if scanners[url].returncode != None:
- output = scanners[url].stdout.read() + scanners[url].stderr.read()
- report[url] = format_report(output)
-
- for url in report.keys():
- print url, ":", report[url]
-
- return 0
-
-if __name__ == '__main__':
- sys.exit(scanner())
diff --git a/src/extra_tests/tls_scanner/urls.txt b/src/extra_tests/tls_scanner/urls.txt
deleted file mode 100644
index a5bcf349e..000000000
--- a/src/extra_tests/tls_scanner/urls.txt
+++ /dev/null
@@ -1,61 +0,0 @@
-adobe.com
-adp.com
-airbnb.com
-akamai.com
-amazon.com
-apache.org
-apple.com
-bbc.co.uk
-bing.com
-ca.com
-cisco.com
-citrix.com
-cloudflare.com
-craigslist.org
-dell.com
-ebay.com
-facebook.com
-github.com
-gmail.com
-google.com
-hp.com
-huawei.com
-ibm.com
-ietf.org
-intuit.com
-linkedin.com
-medium.com
-microsoft.com
-mikestoolbox.org
-nec.com
-netflix.com
-openssl.org
-oracle.com
-sgi.com
-chase.com
-bankofamerica.com
-citibank.com
-wellsfargo.com
-ebay.com
-paypal.com
-pwc.com
-randombit.net
-reddit.com
-redhat.com
-salesforce.com
-sas.com
-siemens.com
-sony.com
-stripe.com
-symantec.com
-tls.mbed.org
-twitter.com
-uber.com
-vmware.com
-whatsapp.com
-wikipedia.org
-www.iso.org
-www.lg.com
-yahoo.com
-yandex.ru
-youtube.com
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 01:10:54 +0000