Base IPMs
TLS-Anvil provides 4 common IPM that specify which parameters are used as input for the combinatorial testing algorithm. The values are determined automatically based on the features the SUT ⓘ supports and the constraints that are applied to restrict the parameter values.
The models are specified inside the TlsModelTypes enum. Which one is used is specified by annotating a test template with the @ModelFromScope
annotation.
By default the GENERIC
model is used, since the @ModelFromScope
annotation is part of the TlsBaseTest base class.
In the following, the 4 base models are listed with their corresponding parameters.
EMPTY
- No parameters
GENERIC
CIPHERSUITE
(CipherSuite enum)NAMED_GROUP
(NamedGroup enum)RECORD_LENGTH
(Integer)TCP_FRAGMENTATION
(Boolean)INCLUDE_CHANGE_CIPHER_SPEC
(Boolean) (TLS 1.3 only)- Server tests:
INCLUDE_ALPN_EXTENSION
(Boolean)INCLUDE_HEARTBEAT_EXTENSION
(Boolean)INCLUDE_PADDING_EXTENSION
(Boolean)INCLUDE_RENEGOTIATION_EXTENSION
(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION
(Boolean)INCLUDE_SESSION_TICKET_EXTENSION
(Boolean)MAX_FRAGMENT_LENGTH
(MaxFragmentLength enum)INCLUDE_ENCRYPT_THEN_MAC_EXTENSION
(Boolean)INCLUDE_PSK_EXCHANGE_MODES_EXTENSION
(Boolean, TLS 1.3 only)INCLUDE_GREASE_CIPHER_SUITES
(Boolean)INCLUDE_GREASE_NAMED_GROUPS
(Boolean)INCLUDE_GREASE_SIG_HASH_ALGORITHMS
(Boolean)- Client tests:
INCLUDE_ENCRYPT_THEN_MAC_EXTENSION
(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION
(Boolean)
CERTIFICATE
- Same as generic
- Client tests:
CERTIFICATE
(Certificates with different keys)SIG_HASH_ALGORITHM
(SignatureAndHashAlgorithm enum)
LENGTHFIELD
- Same as
CERTIFICATE
- Same as
Beside those parameters, many more are available that are specified inside the TlsParameterType enum.
For each parameter, a separate class exists inside the derivationParameter package that defines how the parameter value is applied to the TLS-Attacker configuration.
How additional parameters and/or parameter values are used, is described on the next page.