tests/suite/tls-fuzzer/gnutls-nocert-tls13.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

[
    {"server_command": ["@SERVER@", "--http",
                 "--x509keyfile", "tests/serverX509Key.pem",
                 "--x509certfile", "tests/serverX509Cert.pem",
                 "--x509keyfile", "tests/serverRSAPSSKey.pem",
                 "--x509certfile", "tests/serverRSAPSSCert.pem",
                 "--x509keyfile", "tests/serverECKey.pem",
                 "--x509certfile", "tests/serverECCert.pem",
                 "--x509keyfile", "tests/serverP384ECKey.pem",
                 "--x509certfile", "tests/serverP384ECCert.pem",
                 "--x509keyfile", "tests/serverP521ECKey.pem",
                 "--x509certfile", "tests/serverP521ECCert.pem",
                 "--debug=6",
                 "--httpdata=../http.dat",
                 "--priority=@PRIORITY@",
                 "--disable-client-cert", "--port=@PORT@"],
     "server_hostname": "localhost",
     "server_port": @PORT@,
     "tests" : [
         {"name" : "test-record-size-limit.py",
          "comment" : "changed extension after HRR is not supported #617",
          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
                         "--minimal-size", "512",
                         "-e", "change size in TLS 1.2 resumption",
                         "-e", "check if server accepts maximum size in TLS 1.0",
                         "-e", "check if server accepts maximum size in TLS 1.1",
                         "-e", "check if server accepts maximum size in TLS 1.2",
                         "-e", "check if server accepts minimal size in TLS 1.0",
                         "-e", "check if server accepts minimal size in TLS 1.1",
                         "-e", "check if server accepts minimal size in TLS 1.2",
                         "-e", "check interaction with sha256 prf",
                         "-e", "check interaction with sha384 prf",
                         "-e", "check server sent size in TLS 1.0",
                         "-e", "check server sent size in TLS 1.1",
                         "-e", "check server sent size in TLS 1.2",
                         "-e", "drop extension in TLS 1.2 resumption",
                         "-e", "modified extension in 2nd CH in HRR handshake",
                         "-e", "renegotiation with changed limit",
                         "-e", "renegotiation with dropped extension",
                         "-e", "added extension in 2nd CH in HRR handshake",
                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
                         "-e", "check server sent size in TLS 1.1 with max_fragment_length",
                         "-e", "check server sent size in TLS 1.2 with max_fragment_length",
                         "-e", "removed extension in 2nd CH in HRR handshake"] },
	 {"name" : "test-tls13-0rtt-garbage.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-ccs.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-crfg-curves.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-conversation.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-count-tickets.py",
	  "arguments": ["-p", "@PORT@", "-t", "2"]},
	 {"name" : "test-tls13-dhe-shared-secret-padding.py",
	  "comment": "We do not support x448",
	  "arguments": ["-p", "@PORT@",
	                "-e", "TLS 1.3 with x448",
	                "-n", "4"]},
	 {"name" : "test-tls13-ecdhe-curves.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-ecdsa-support.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-empty-alert.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-ffdhe-groups.py",
	  "comment" : "We do not check for duplicate entries",
	  "arguments": ["-p", "@PORT@",
			"-e", "ffdhe2048 - duplicated key share entry",
			"-e", "ffdhe3072 - duplicated key share entry",
			"-e", "ffdhe4096 - duplicated key share entry",
			"-e", "ffdhe6144 - duplicated key share entry",
			"-e", "ffdhe8192 - duplicated key share entry"]},
	 {"name" : "test-tls13-ffdhe-sanity.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-finished.py",
	  "comment" : "the disabled tests timeout very often due to slow tls-fuzzer implementation",
	  "arguments": ["-p", "@PORT@", "-n", "5",
			"-e", "padding - cipher TLS_AES_128_GCM_SHA256, pad_byte 0, pad_left 0, pad_right 16777183",
			"-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]},
	 {"name" : "test-tls13-hrr.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-invalid-ciphers.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-keyshare-omitted.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-keyupdate.py",
	  "comment" : "we have limits that prohibit the running multiple messages test; app data split timeouts waiting for new session ticket",
	  "arguments": ["-p", "@PORT@",
	                "-e", "app data split, conversation with KeyUpdate msg",
	                "-e", "multiple KeyUpdate messages"]},
	 {"name" : "test-tls13-large-number-of-extensions.py",
	  "comment" : "This test assumes that 22 (EtM) is unassigned which is incorrect - see #632",
	  "arguments": ["-p", "@PORT@",
	                "-e", "empty unassigned extensions, ids in range from 2 to 4118",
	                "-e", "unassigned extensions with random payload, ids in range from 2 to 1046"]},
	 {"name" : "test-tls13-legacy-version.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-nociphers.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-non-support.py",
	  "arguments": ["-p", "@PORT@"],
	  "exp_pass" : false},
	 {"name" : "test-tls13-pkcs-signature.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-record-padding.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-rsapss-signatures.py",
	  "arguments": ["-p", "@PORT@", "-b"]},
	 {"name" : "test-tls13-rsa-signatures.py",
	  "arguments": ["-p", "@PORT@", "-b"]},
	 {"name" : "test-tls13-session-resumption.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-serverhello-random.py",
	  "arguments": ["-p", "@PORT@",
			"-e", "TLS 1.3 with x448"]},
	 {"name" : "test-tls13-signature-algorithms.py",
          "comment" : "gnutls doesn't handle well duplicated signature algorithms; this is not an issue in practice",
	  "arguments": ["-p", "@PORT@",
	                "-e", "213 invalid schemes",
	                "-e", "2353 invalid schemes",
	                "-e", "8130 invalid schemes",
	                "-e", "23752 invalid schemes",
	                "-e", "32715 invalid schemes"]},
	 {"name" : "test-tls13-symetric-ciphers.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-unrecognised-groups.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-version-negotiation.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-zero-length-data.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-downgrade-protection.py",
	  "comment" : "1/n-1 splitting in TLS 1.0 is not supported",
	  "arguments": ["-p", "@PORT@", "--server-max-protocol", "TLSv1.3",
			"-e", "TLS 1.3 downgrade check for Protocol (3, 1)"]}
     ]
    }
]