Base IPMs
TLS-Anvil provides 4 common IPM that specify which parameters are used as input for the combinatorial testing algorithm. The values are determined automatically based on the features the SUT ⓘ supports and the constraints that are applied to restrict the parameter values.
The models are specified inside the TlsModelTypes enum. Which one is used is specified by annotating a test template with the @ModelFromScope annotation.
By default the GENERIC model is used, since the @ModelFromScope annotation is part of the TlsBaseTest base class.
In the following, the 4 base models are listed with their corresponding parameters.
EMPTY- No parameters
GENERICCIPHERSUITE(CipherSuite enum)NAMED_GROUP(NamedGroup enum)RECORD_LENGTH(Integer)TCP_FRAGMENTATION(Boolean)INCLUDE_CHANGE_CIPHER_SPEC(Boolean) (TLS 1.3 only)- Server tests:
INCLUDE_ALPN_EXTENSION(Boolean)INCLUDE_HEARTBEAT_EXTENSION(Boolean)INCLUDE_PADDING_EXTENSION(Boolean)INCLUDE_RENEGOTIATION_EXTENSION(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION(Boolean)INCLUDE_SESSION_TICKET_EXTENSION(Boolean)MAX_FRAGMENT_LENGTH(MaxFragmentLength enum)INCLUDE_ENCRYPT_THEN_MAC_EXTENSION(Boolean)INCLUDE_PSK_EXCHANGE_MODES_EXTENSION(Boolean, TLS 1.3 only)INCLUDE_GREASE_CIPHER_SUITES(Boolean)INCLUDE_GREASE_NAMED_GROUPS(Boolean)INCLUDE_GREASE_SIG_HASH_ALGORITHMS(Boolean)- Client tests:
INCLUDE_ENCRYPT_THEN_MAC_EXTENSION(Boolean)INCLUDE_EXTENDED_MASTER_SECRET_EXTENSION(Boolean)
CERTIFICATE- Same as generic
- Client tests:
CERTIFICATE(Certificates with different keys)SIG_HASH_ALGORITHM(SignatureAndHashAlgorithm enum)
LENGTHFIELD- Same as
CERTIFICATE
- Same as
Beside those parameters, many more are available that are specified inside the TlsParameterType enum.
For each parameter, a separate class exists inside the derivationParameter package that defines how the parameter value is applied to the TLS-Attacker configuration.
How additional parameters and/or parameter values are used, is described on the next page.