summaryrefslogtreecommitdiff
path: root/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
blob: 073c14383310ebd3e502d05948a19d0e60d7ace8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
[
    {"server_command": ["@SERVER@", "--http",
                 "--x509keyfile", "tests/serverX509Key.pem",
                 "--x509certfile", "tests/serverX509Cert.pem",
                 "--x509keyfile", "tests/serverRSAPSSKey.pem",
                 "--x509certfile", "tests/serverRSAPSSCert.pem",
                 "--x509keyfile", "../../../certs/ecc256.pem",
                 "--x509certfile", "../../../certs/cert-ecc256.pem",
                 "--debug=3",
                 "--httpdata=../http.dat",
                 "--priority=@PRIORITY@",
                 "--disable-client-cert", "--port=@PORT@"],
     "server_hostname": "localhost",
     "server_port": @PORT@,
     "tests" : [
         {"name" : "test-record-size-limit.py",
          "comment" : "changed extension after HRR is not supported #617",
          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
                         "--minimal-size", "512",
                         "-e", "change size in TLS 1.2 resumption",
                         "-e", "check if server accepts maximum size in TLS 1.0",
                         "-e", "check if server accepts maximum size in TLS 1.1",
                         "-e", "check if server accepts maximum size in TLS 1.2",
                         "-e", "check if server accepts minimal size in TLS 1.0",
                         "-e", "check if server accepts minimal size in TLS 1.1",
                         "-e", "check if server accepts minimal size in TLS 1.2",
                         "-e", "check interaction with sha256 prf",
                         "-e", "check interaction with sha384 prf",
                         "-e", "check server sent size in TLS 1.0",
                         "-e", "check server sent size in TLS 1.1",
                         "-e", "check server sent size in TLS 1.2",
                         "-e", "drop extension in TLS 1.2 resumption",
                         "-e", "modified extension in 2nd CH in HRR handshake",
                         "-e", "renegotiation with changed limit",
                         "-e", "renegotiation with dropped extension",
                         "-e", "added extension in 2nd CH in HRR handshake",
                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
                         "-e", "check server sent size in TLS 1.1 with max_fragment_length",
                         "-e", "check server sent size in TLS 1.2 with max_fragment_length",
                         "-e", "removed extension in 2nd CH in HRR handshake"] },
	 {"name" : "test-tls13-0rtt-garbage.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-ccs.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-crfg-curves.py",
	  "comment": "We do not support x448",
	  "arguments": ["-p", "@PORT@",
	                "-e", "empty x448 key share",
	                "-e", "sanity x448 with compression ansiX962_compressed_char2",
	                "-e", "sanity x448 with compression ansiX962_compressed_prime",
	                "-e", "sanity x448 with compression uncompressed",
	                "-e", "too big x448 key share",
	                "-e", "too small x448 key share",
	                "-e", "x448 key share of \"1\"",
	                "-e", "all zero x448 key share"]},
	 {"name" : "test-tls13-conversation.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-count-tickets.py",
	  "arguments": ["-p", "@PORT@", "-t", "2"]},
	 {"name" : "test-tls13-dhe-shared-secret-padding.py",
	  "comment": "We do not support x448",
	  "arguments": ["-p", "@PORT@",
	                "-e", "TLS 1.3 with x448",
	                "-n", "5"]},
	 {"name" : "test-tls13-empty-alert.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-ffdhe-sanity.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-finished.py",
	  "comment" : "the disabled tests timeout very often due to slow tls-fuzzer implementation",
	  "arguments": ["-p", "@PORT@", "-n", "5",
			"-e", "padding - cipher TLS_AES_128_GCM_SHA256, pad_byte 0, pad_left 0, pad_right 16777183",
			"-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]},
	 {"name" : "test-tls13-hrr.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-invalid-ciphers.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-keyshare-omitted.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-legacy-version.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-nociphers.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-pkcs-signature.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-record-padding.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-rsapss-signatures.py",
	  "arguments": ["-p", "@PORT@", "-b"]},
	 {"name" : "test-tls13-rsa-signatures.py",
	  "arguments": ["-p", "@PORT@", "-b"]},
	 {"name" : "test-tls13-session-resumption.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-serverhello-random.py",
	  "arguments": ["-p", "@PORT@",
			"-e", "TLS 1.3 with x448"]},
	 {"name" : "test-tls13-signature-algorithms.py",
          "comment" : "gnutls doesn't handle well duplicated signature algorithms; this is not an issue in practice",
	  "arguments": ["-p", "@PORT@",
	                "-e", "213 invalid schemes",
	                "-e", "2353 invalid schemes",
	                "-e", "8130 invalid schemes",
	                "-e", "23752 invalid schemes",
	                "-e", "32715 invalid schemes"]},
	 {"name" : "test-tls13-unrecognised-groups.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-version-negotiation.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-tls13-zero-length-data.py",
	  "arguments": ["-p", "@PORT@"]},
	 {"name" : "test-downgrade-protection.py",
	  "comment" : "1/n-1 splitting in TLS 1.0 is not supported",
	  "arguments": ["-p", "@PORT@", "--server-max-protocol", "TLSv1.3",
			"-e", "TLS 1.3 downgrade check for Protocol (3, 1)"]}
     ]
    }
]