From ae2a958630cd104f4117bb897481bc86a744b09b Mon Sep 17 00:00:00 2001 From: Juraj Somorovsky Date: Sat, 19 Nov 2016 22:25:40 +0100 Subject: TLS-Attacker testsuite and fuzzing --- src/extra_tests/tls-attacker/README.md | 35 ++++++++++++++++++++++ src/extra_tests/tls-attacker/fuzzing/config.xml | 14 +++++++++ .../tls-attacker/fuzzing/server_fuzzer.sh | 8 +++++ src/extra_tests/tls-attacker/fuzzing/setup.sh | 31 +++++++++++++++++++ .../tls-attacker/testsuite/server_policytest.sh | 17 +++++++++++ .../tls-attacker/testsuite/server_testsuite.sh | 17 +++++++++++ src/extra_tests/tls-attacker/testsuite/setup.sh | 21 +++++++++++++ 7 files changed, 143 insertions(+) create mode 100644 src/extra_tests/tls-attacker/README.md create mode 100644 src/extra_tests/tls-attacker/fuzzing/config.xml create mode 100755 src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh create mode 100755 src/extra_tests/tls-attacker/fuzzing/setup.sh create mode 100755 src/extra_tests/tls-attacker/testsuite/server_policytest.sh create mode 100755 src/extra_tests/tls-attacker/testsuite/server_testsuite.sh create mode 100755 src/extra_tests/tls-attacker/testsuite/setup.sh (limited to 'src/extra_tests') diff --git a/src/extra_tests/tls-attacker/README.md b/src/extra_tests/tls-attacker/README.md new file mode 100644 index 000000000..abff9b2c3 --- /dev/null +++ b/src/extra_tests/tls-attacker/README.md @@ -0,0 +1,35 @@ +# TLS-Attacker testsuite and fuzzing + +Extended Botan library tests with TLS-Attacker. https://github.com/RUB-NDS/TLS-Attacker + +## Testsuite +Contains a testsuite to validate correct TLS server behavior. + +Run +```bash +setup.sh +``` +to download and build the recent TLS-Attacker version, and generate RSA key pairs. + +Run +```bash +server_testsuite.sh +server_policytest.sh +``` +to run the tests. Testsuite executes specific TLS handshakes with the Botan server and verifies that the server correctly handles specific TLS versions and cipher suites. The policy test instantiates the Botan server with a specific policy and verifies that the server behaves according to this policy. + + +## Fuzzing +Starts the TLS-Attacker fuzzer against the Botan server. + +Run +```bash +setup.sh +``` +to download and build the recent TLS-Attacker version, generate RSA key pairs, and re-compile Botan with Address Sanitizer. + +Run +```bash +server_fuzzer.sh +``` +to start the fuzzer. The fuzzer config is located in `config.xml`. Per default, one Botan server is started on port 55020, with the generated RSA keys.` \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/fuzzing/config.xml b/src/extra_tests/tls-attacker/fuzzing/config.xml new file mode 100644 index 000000000..5ae1c829a --- /dev/null +++ b/src/extra_tests/tls-attacker/fuzzing/config.xml @@ -0,0 +1,14 @@ + + ../../../../botan + 55020 + ../TLS-Attacker/resources/fuzzing/workflows + TLS_CONSTANT,LENGTH,COUNT,PUBLIC_KEY,PADDING,SIGNATURE,PLAIN_PROTOCOL_MESSAGE + output/ + + + simple_fuzzer -connect localhost:$PORT + tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=$PORT + botan-rsa + + + \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh b/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh new file mode 100755 index 000000000..9e23aee89 --- /dev/null +++ b/src/extra_tests/tls-attacker/fuzzing/server_fuzzer.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -d tls-testsuite ] +then + cd tls-testsuite +fi + +java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel ERROR multi_fuzzer -startup_command_file config.xml \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/fuzzing/setup.sh b/src/extra_tests/tls-attacker/fuzzing/setup.sh new file mode 100755 index 000000000..8c83f6eff --- /dev/null +++ b/src/extra_tests/tls-attacker/fuzzing/setup.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ ! -d output ] +then + mkdir output +fi + +cd .. + +openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048 +openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de" + +if [ ! -d TLS-Attacker ] +then + git clone https://github.com/RUB-NDS/TLS-Attacker.git +fi + +cd TLS-Attacker +git checkout . +git pull +./mvnw clean package -DskipTests=true + +cd ../../../../ +make clean +export ASAN_OPTIONS=check_initialization_order=true +if [ -n "$CC" ] + then ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib --cc="$CC" --cc-bin="$CXX" + else ./configure.py --with-sanitizers --disable-shared --with-debug-info --with-bzip2 --with-lzma --with-sqlite --with-zlib +fi + +make -j4 \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/testsuite/server_policytest.sh b/src/extra_tests/tls-attacker/testsuite/server_policytest.sh new file mode 100755 index 000000000..5cf78bc66 --- /dev/null +++ b/src/extra_tests/tls-attacker/testsuite/server_policytest.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4434 --policy=../../../../tls-policy/BSI_TR-02102-2.txt > output/server_policytest.log 2>&1 & +botan_pid=$! + +java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testtls_server -policy ../../../../tls-policy/BSI_TR-02102-2.txt -connect localhost:4434 -tls_timeout 1000 +rc=$? + +if [ $rc -eq 0 ]; then + echo Policy tests finished without failures +else + echo '\n\nPolicy tests failed. See the recent error and the server log output.' +# cat output/server_policytest.log +fi + +kill $botan_pid +exit $rc \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh b/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh new file mode 100755 index 000000000..e26d71e1a --- /dev/null +++ b/src/extra_tests/tls-attacker/testsuite/server_testsuite.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +../../../../botan tls_server ../rsa2048cert.pem ../rsa2048key.pem --port=4433 > output/server_testsuite.log 2>&1 & +botan_pid=$! + +java -jar ../TLS-Attacker/Runnable/target/TLS-Attacker-1.2.jar -loglevel INFO testsuite_server -folder ../TLS-Attacker/resources/testsuite -tls_timeout 1000 +rc=$? + +if [ $rc -eq 0 ]; then + echo Tests finished without failures +else + echo '\n\nTests failed. See the recent error and the server log output.' +# cat output/server_testsuite.log +fi + +kill $botan_pid +exit $rc \ No newline at end of file diff --git a/src/extra_tests/tls-attacker/testsuite/setup.sh b/src/extra_tests/tls-attacker/testsuite/setup.sh new file mode 100755 index 000000000..f528cd1da --- /dev/null +++ b/src/extra_tests/tls-attacker/testsuite/setup.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +if [ ! -d output ] +then + mkdir output +fi + +cd .. + +openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048 +openssl req -key rsa2048key.pem -new -x509 -days 365 -out rsa2048cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=TLS-Attacker/CN=tls-attacker.de" + +if [ ! -d TLS-Attacker ] +then + git clone https://github.com/RUB-NDS/TLS-Attacker.git +fi + +cd TLS-Attacker +git checkout . +git pull +./mvnw clean package -DskipTests=true -- cgit v1.2.3