testing tls
play

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 - PowerPoint PPT Presentation

Jan 25, 2023 •222 likes •774 views

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55 OpenSSL CCS bug 24-10-2015 4/55 gotofail 24-10-2015 5/55 Certifjcate handling 24-10-2015 6/55 CVE-2014-6321 in schannel a.k.a. Winshock

  1. Testing TLS Hubert Kario Quality Engineer 24-10-2015

  2. 2014

  3. Heartbleed 24-10-2015 3/55

  4. OpenSSL CCS bug 24-10-2015 4/55

  5. gotofail 24-10-2015 5/55

  6. Certifjcate handling 24-10-2015 6/55

  7. CVE-2014-6321 in schannel a.k.a. Winshock 24-10-2015 7/55

  8. POODLE 24-10-2015 8/55

  9. 2015

  10. FREAK 24-10-2015 10/55

  11. LOGJAM 24-10-2015 11/55

  12. State of testing

  13. OSS projects w/test plans <20% No testing No plan Source: Farooq & Quadri, 2011 24-10-2015 13/55

  14. OSS projects w/test tools 40% No testing No tooling Source: Farooq & Quadri, 2011 24-10-2015 14/55

  15. Code coverage tools No testing <50% No coverage Source: Farooq & Quadri, 2011 24-10-2015 15/55

  16. Bad error handling Incorrect 8% 92% Missing Source: Yan, Luo, Zhuang, Rodrigues, et al, 2014 24-10-2015 16/55

  17. Unit tests vs bugs No testing 77% Reproducible in unit testing Source: Yan, Luo, Zhuang, Rodrigues, et al, 2014 24-10-2015 17/55

  18. OSS TLS libraries OpenSSL NSS GnuTLS Framework N° tests 100-200 >7000 100-200 Negative tests 24-10-2015 18/55

  19. Test coverage 120 100 80 Tests/LOC 60 40 20 0 OpenSSL GnuTLS NSS “decent” sqlite 24-10-2015 19/55

  20. Test coverage 12 10 8 Tests/LOC 6 4 2 0 OpenSSL GnuTLS NSS “decent” sqlite 24-10-2015 20/55

  21. Test coverage 1.2 1 0.8 Tests/LOC 0.6 0.4 0.2 0 OpenSSL GnuTLS NSS “decent” sqlite 24-10-2015 21/55

  22. Why is that?

  23. Libraries and bad data 24-10-2015 23/55

  24. Invisible bugs 24-10-2015 24/55

  25. Fuzzy testing 24-10-2015 25/55

  26. Compatibility fears 24-10-2015 26/55

  27. Fears of untested code 24-10-2015 27/55

  28. Fixing the problem

  29. Duplication of effort 24-10-2015 29/55

  30. Full TLS handshake ClientHello --------> ServerHello Certificate ServerKeyExchange CertificateRequest <-------- ServerHelloDone Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished --------> ChangeCipherSpec <-------- Finished ApplicationData < --------> ApplicationData 24-10-2015 30/55

  31. Existing fuzzers 24-10-2015 31/55

  32. TLS testing (and fuzzing) 24-10-2015 32/55

  33. Timing information 24-10-2015 33/55

  34. Tlsfuzzer (and tlslite-ng)

  35. Use cases 1. Manual run (setup) 2. Automated run 24-10-2015 35/55

  36. Architecture generator tlslite-ng fuzzer OpenSSL NSS GnuTLS executor etc. 24-10-2015 36/55

  37. Generator architecture templates scanner generator conversation 24-10-2015 37/55

  38. Fuzzer architecture conversation fuzz verify conversation 24-10-2015 38/55

  39. Runner architecture expect conversation generate command 24-10-2015 39/55

  40. Architecture generator tlslite-ng fuzzer OpenSSL NSS GnuTLS executor etc. 24-10-2015 40/55

  41. Correct run $ openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www >/dev/null 2>&1 $ PYTHONPATH=. python scripts/test-interleaved-application-data-and- fragmented-handshakes-in-renegotiation.py Application data inside Finished... OK Application data inside Client Key Exchange... OK Application data inside Client Hello... OK Test end successful: 3 failed: 0 24-10-2015 41/55

  42. Failing run $ openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www >/dev/null 2>&1 $ PYTHONPATH=. python scripts/test-interleaved-application-data-and- fragmented-handshakes-in-renegotiation.py (...snip...) Application data inside Client Hello... Error encountered while processing node <tlsfuzzer.expect.ExpectServerHello object at 0x7f0ac61d3310> with last message being: <tlslite.messages.Message object at 0x7f0ac5f36a50> (...snip...) AssertionError: Unexpected message from peer: Alert(fatal, unexpected_message) Test end successful: 1 failed: 2 24-10-2015 42/55

  43. Example test case conversation = Connect("localhost", 4433) node = conversation ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] node = node.add_child(ClientHelloGenerator(ciphers)) node = node.add_child(ExpectServerHello()) node = node.add_child(ExpectCertificate()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) node = node.add_child(FinishedGenerator()) node = node.add_child(ExpectChangeCipherSpec()) node = node.add_child(ExpectFinished()) node = node.add_child(ApplicationDataGenerator( bytearray(b"hello server!\n"))) node = node.add_child(AlertGenerator( AlertLevel.warning, AlertDescription.close_notify)) node = node.add_child(ExpectAlert()) node.next_sibling = ExpectClose() 24-10-2015 43/55

  44. Example test case conversation = Connect("localhost", 4433) node = conversation ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] node = node.add_child(ClientHelloGenerator(ciphers)) node = node.add_child(ExpectServerHello()) node = node.add_child(ExpectCertificate()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) node = node.add_child(FinishedGenerator()) node = node.add_child(ExpectChangeCipherSpec()) node = node.add_child(ExpectFinished()) node = node.add_child(ApplicationDataGenerator( bytearray(b"hello server!\n"))) node = node.add_child(AlertGenerator( AlertLevel.warning, AlertDescription.close_notify)) node = node.add_child(ExpectAlert()) node.next_sibling = ExpectClose() 24-10-2015 44/55

  45. Decision tree Connect ClientHelloGenerator ExpectServerHello AlertGenerator ExpectAlert ExpectClose 24-10-2015 45/55

  46. Invalid extension test case conversation = Connect("localhost", 4433) node = conversation ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] ext = {0 : # server_name extension ID lambda _: TLSExtension().create(0, bytearray(b'\xff'*4))} node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error)) alert_node = node node = node.add_child(ExpectCose()) alert_node.next_sibling = ExpectClose() 24-10-2015 46/55

  47. Handshake message format Byte + 0 Byte + 1 Byte + 3 Byte + 4 Message Bytes 0..4 Message length type Bytes 5..8 Version Random (32 bytes) Session_ID ... Session_ID (0-32 bytes) length 24-10-2015 47/55

  48. Truncated message test case conversation = Connect("localhost", 4433) node = conversation ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] node = node.add_child(truncate_handshake( ClientHelloGenerator(ciphers), 1)) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error)) alert_node = node node = node.add_child(ExpectCose()) alert_node.next_sibling = ExpectClose() 24-10-2015 48/55

  49. Padded message test case conversation = Connect("localhost", 4433) node = conversation ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] node = node.add_child(pad_handshake(ClientHelloGenerator(ciphers), pad=bytearay(b'\xff\xff')) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error)) alert_node = node node = node.add_child(ExpectCose()) alert_node.next_sibling = ExpectClose() 24-10-2015 49/55

  50. Features ● SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 ● AES-CBC, AES-GCM, 3DES, RC4 and NULL ciphers ● MD5, SHA1, SHA256 and SHA384 HMAC ● RSA, SRP, SRP_RSA, DHE and DH_anon key exchange ● Encrypt-then-MAC ● TACK certifjcate pinning ● Client certifjcates ● Secure renegotiation ● TLS_FALLBACK_SCSV ● Next Protocol Negotiation ● ChaCha20/Poly1305 (soon™) ● ECDHE (soon™) 24-10-2015 50/55

  51. Missing stuff ● Drafts of TLSv1.3 ● Extended master secret ● PSK key exchange ● ALPN ● AES-CCM ● CAMELLIA (CBC and GCM) ● ECDSA, DSA certifjcates ● Drafts of Curve25519 ● Raw keys, GPG keys ● Heartbeat protocol ● Kerberos 24-10-2015 51/55

  52. Missing stuff ● Test cases! 24-10-2015 52/55

  53. Results 24-10-2015 53/55

  54. Contributing ● https://github.com/tomato42/tlsfuzzer ● https://github.com/tomato42/tlslite-ng ● GPLv2 for tlsfuzzer ● LGPLv2 for tlslite-ng ● Tags review request and help wanted 24-10-2015 54/55

  55. Questions? Contact: hkario@redhat.com Project: https://github.com/tomato42/tlsfuzzer

Recommend

Testing Terminology System testing Types of errors Function testing Structure

Testing Terminology System testing Types of errors Function testing Structure

Outline Testing Terminology System testing Types of errors Function testing Structure Testing Dealing with errors Performance testing Quality assurance vs Acceptance testing Testing Installation testing

396 views • 11 slides
Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test principles 4. Fundamental test process 5. The psychology of testing 1. Why is testing necessary 1.1 Software system context 1.2 Causes of

568 views • 36 slides
Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing Testing of individual components Integration testing Testing to expose problems arising from the combination of components System

173 views • 15 slides
Software Testing Software testing 1 V model Software testing 2 Program testing goals To

Software Testing Software testing 1 V model Software testing 2 Program testing goals To

Software Testing Software testing 1 V model Software testing 2 Program testing goals To demonstrate to the developer and the customer that the software meets its requirements. =&gt; leads to validation testing To discover situations

264 views • 11 slides
Lecture 8 Purpose of testing Kinds of testing Testing Heuristics for good test

Lecture 8 Purpose of testing Kinds of testing Testing Heuristics for good test

CSE 331 Outline Software Design and Implementation Why correct software matters Motivates testing and more than testing, but now seems like a fine time for the discussion Testing principles and strategies Lecture 8 Purpose

506 views • 13 slides
Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

CPSC 310 Software Engineering Testing Overview Introduction (Proving and Testing) Types of Testing Unit, Integration, Regression, System, Acceptance Testing Tactics Functional (Black Box), Structural (White Box)

982 views • 61 slides
Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive

Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive

Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive software engineering activity It is not unusual to spend 30-40% of total project effort on testing For big and/or life-critical systems

701 views • 47 slides
Overview Objective Types of testing ECE 553: TESTING AND Verification testing

Overview Objective Types of testing ECE 553: TESTING AND Verification testing

9/1/2014 Overview Objective Types of testing ECE 553: TESTING AND Verification testing TESTABLE DESIGN OF Characterization testing Manufacturing testing DIGITAL SYSTES DIGITAL SYSTES Acceptance testing

368 views • 7 slides
Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with

Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with

Outline Object-Oriented Software Engineering Terminology System testing Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with errors ! Performance testing Using UML, Patterns, and Java Quality

425 views • 7 slides
Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional testing Boundary Value Testing Equivalence Class Testing Decision Table-Based Testing What is the common thread among the above methods?

685 views • 33 slides
Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Podcast Ch11-02 Title : Types of Testing Description : Unit Testing, Black Box Testing, White Box Testing, Using Flow Diagrams Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students)

792 views • 8 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important Testing is Important Testing is Hard Testing is Hard Testing is Hard Capture the Important Cases Minimize The Coding Overhead Sorting a list of

1.66k views • 118 slides
Testing a URL Class http://www.askigor.org/status.php?id=sample Query Protocol Host Path 31

Testing a URL Class http://www.askigor.org/status.php?id=sample Query Protocol Host Path 31

Making Programs Fail Andreas Zeller 1 Two Views of Testing Testing means to execute a program with the intent to make it fail. Testing for validation: Finding unknown failures (classical view) Testing for debugging: Finding a

459 views • 17 slides
Structural Testing Also known as glass/white/open box testing Structural testing is based

Structural Testing Also known as glass/white/open box testing Structural testing is based

Path Testing and Test Coverage Chapter 9 Structural Testing Also known as glass/white/open box testing Structural testing is based on using specific knowledge of the program source text to define test cases Contrast with functional

999 views • 60 slides
Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification

Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification

Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification 2019/20 Wishnu Prasetya &amp; Gabriele Keller Plan Partitioning based testing (A&amp;O Ch 4/2 nd Ed Ch. 6). Model based testing Note: black

772 views • 39 slides
Web testing Image by C Watts What is web testing? Testing web applications Applications of which

Web testing Image by C Watts What is web testing? Testing web applications Applications of which

Web testing Image by C Watts What is web testing? Testing web applications Applications of which the client runs in a web browser In this lecture on web testing What to test How to test it What to test Back end Front end HTTP (server)

356 views • 31 slides
Software Testing Outline Software Quality Unit Testing Integration Testing

Software Testing Outline Software Quality Unit Testing Integration Testing

Software Testing Outline Software Quality Unit Testing Integration Testing Acceptance Testing Quality is Hard to Pin Down Concise, clear definition is elusive Not easily quantifiable Many things to many people

513 views • 39 slides
Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing

Click here to review SW Testing Strategies Object Oriented Testing Chapter 23 1 OO Testing Class Testing: Equivalent to unit testing for conventional SW. The concept of a unit changes in the OO context. The class or object is the

304 views • 18 slides
PTC Testing Field Testing, Revenue Service Demonstration, and Interoperability Testing Federal

PTC Testing Field Testing, Revenue Service Demonstration, and Interoperability Testing Federal

PTC Testing Field Testing, Revenue Service Demonstration, and Interoperability Testing Federal Railroad Administration Positive Train Control (PTC) Symposium #2 July 16, 2018 For Discussion Purposes Only Not the Official Position of FRA or

690 views • 43 slides
Testing Eric McCreath Overview In this lecture we will: consider the utility of testing,

Testing Eric McCreath Overview In this lecture we will: consider the utility of testing,

Testing Eric McCreath Overview In this lecture we will: consider the utility of testing, review different types of testing, explain and demo JUnit testing, checkout the code review process, and discuss debugging approaches. 2 Why bother

662 views • 21 slides
Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing using a structured process Validate adherence to interaction requirements Actual users who perform realistic and representative tasks

490 views • 38 slides
SeeTest Continuous Testing Platform 1 Layout (Visual) Testing Integrate visual testing into your

SeeTest Continuous Testing Platform 1 Layout (Visual) Testing Integrate visual testing into your

Layout (Visual) Testing SeeTest Continuous Testing Platform 1 Layout (Visual) Testing Integrate visual testing into your CI/CD flow to detect and fix responsive design issues before production Create automated tests to verify UI responsiveness

621 views • 8 slides
RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing:

RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing:

3/31/17 TOPICS 2 RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing: selection, prioritization T est input generation CS580A5 SPRING 2017 Fault localization SUDIPTO GHOSH Automatic program

276 views • 3 slides

More recommend