Base IPMs
TLS-Anvil provides four common IPMs that specify which parameters are used as input for the combinatorial testing algorithm. These values are determined automatically based on the features supported by the SUT ⓘ and the constraints applied to restrict parameter values.
The models are defined in the TlsModelTypes enum. The specific model used is specified by annotating a test template with the @ModelFromScope annotation.
By default, the GENERIC model is used, since the @ModelFromScope annotation is part of the TlsBaseTest base class.
Below, the four base models are listed along with their corresponding parameters:
EMPTY- No parameters
GENERICCIPHERSUITE(CipherSuite enum)NAMED_GROUP(NamedGroup enum)RECORD_LENGTH(Integer)TCP_FRAGMENTATION(Boolean)INCLUDE_CHANGE_CIPHER_SPEC(Boolean) (TLS 1.3 only)- Server tests:
INCLUDE_ALPN_EXTENSION(Boolean)INCLUDE_HEARTBEAT_EXTENSION(Boolean)INCLUDE_PADDING_EXTENSION(Boolean)INCLUDE_RENEGOTIATION_EXTENSION(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION(Boolean)INCLUDE_SESSION_TICKET_EXTENSION(Boolean)MAX_FRAGMENT_LENGTH(MaxFragmentLength enum)INCLUDE_ENCRYPT_THEN_MAC_EXTENSION(Boolean)INCLUDE_PSK_EXCHANGE_MODES_EXTENSION(Boolean, TLS 1.3 only)INCLUDE_GREASE_CIPHER_SUITES(Boolean)INCLUDE_GREASE_NAMED_GROUPS(Boolean)INCLUDE_GREASE_SIG_HASH_ALGORITHMS(Boolean)
- Client tests:
INCLUDE_ENCRYPT_THEN_MAC_EXTENSION(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION(Boolean)
CERTIFICATE- Same parameters as
GENERIC - Client tests:
CERTIFICATE(Certificates with different keys)SIG_HASH_ALGORITHM(SignatureAndHashAlgorithm enum)
- Same parameters as
LENGTHFIELD- Same parameters as
CERTIFICATE
- Same parameters as
In addition to these parameters, many more are available and defined in the TlsParameterType enum.
For each parameter, a corresponding class exists within the derivationParameter package, which defines how the parameter value is applied to the TLS-Attacker configuration.
Details on how additional parameters and/or parameter values are utilized are described on the next page.