This is the software implementing our differential fuzz test approach for the TLS handshake as presented in our manuscript "Exploiting Dissent: Towards Fuzzing-based Differential Black-Box Testing of TLS Implementations". The paper will soon appear in IEEE Transactions on Dependable and Secure Computing (TDSC). A preprint is available from our institute's homepage.
The software consists of two main components:
- A shell script ("tls-server-batch") allowing to set up the five TLS server implementations we used in our paper (OpenSSL, MatrixSSL, wolfSSL, mbedTLS and BoringSSL).
- A C++ framework and some Python scripts ("tls-diff-testing") for generating TLS test messages, stimulating the five TLS servers, and for analyzing and visualizing data.
Please note: our software is evolving and is likely going to be subject to refactoring and restructuring. We cannot guarantee API stability in any form.
In order to use our software:
- Download and build cryptopp
Our software uses the Crypto++ Cryptographic Library for cryptographic operations. You need to download and build Crypto++ before building our software. Everything is condensed in the shell script setup_cryptopp.sh:
# Download and build cryptopp
./setup_cryptopp.sh- Setup TLS implementations (servers). Some of them might require additional software/libraries to be installed.
pushd tls-server-batch
# Download and build OpenSSL, MatrixSSL, wolfSSL, mbedTLS and BoringSSL
./setup.sh
popd- Build tls-diff-testing components
pushd tls-diff-testing
# Build tls-diff-testing components
make- Generate test input (TLS ClientHello messages)
pushd generator
# Run input generation tool multiple times (adapt parameters to your needs within shell script)
./macros/generate_multi.sh
popd
popd- Send test input to TLS servers
pushd tls-server-batch
# Launch servers (20 instances per implementation, adapt the number "20" to the performance of your machine)
# You will need the "screen" tool for that.
./launch.sh 20
popd
pushd tls-diff-testing/apps/stimulator
# Stimulate TLS servers (adapt "-s20" to the number chosen above)
for fin in $(ls ../../generator/iteration-*/stimuli.hex); do
./stimulator -S5 -s20 $fin | tee ${fin}.responses
done
popd- Plot data. You need to have Python 2.7.x and Matplotlib for Python installed.
pushd tls-diff-testing/apps/python_plot_urs
# Read response data and plot (adapt paths within Python script before)
./plot_urs.py
popdIn case you have any questions or suggestions regarding our approach or our software tools, please contact: Andreas Walz [[email protected]].
This software is licensed under the 3-clause BSD license. This license gives everyone the right to use and distribute the code, either in binary or source code format, as long as the copyright license is retained in the source code.
Copyright (C) 2017
Andreas Walz [[email protected]]
Offenburg University of Applied Sciences
Institute of Reliable Embedded Systems and Communications Electronics (ivESK)
[https://ivesk.hs-offenburg.de/]
All rights reserved.