Skip to content

Add DTLS 1.2 wolfSSL Client/Server Cert Req / NReq arg files #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Add DTLS 1.2 wolfSSL Client/Server Cert Req / NReq arg files #219

wants to merge 7 commits into from

Conversation

c-southwest
Copy link
Collaborator

Currently, I added wolfSSL DTLS 1.2 Client Cert Req / NReq arg files

I don't know how to name these files, so I use 'x' as a placeholder.

Also, wolfSSL 5.7.6 is the default version, so we don't need to specify version number manually.

And I tested that we can complete handshake with the following tests:

to test wolfSSL 5.7.6 client cert req

java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_client_x_cert_req -test examples/tests/clients/x_cert_req

to test wolfSSL 5.7.6 client cert nreq

java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_client_x_cert_nreq -test examples/tests/clients/x_cert_nreq

@c-southwest
Copy link
Collaborator Author

I added DTLS 1.2 server cert req / nreq arg files.
And I can complete handshake with the follow tests:

to test wolfSSL 5.7.6 server cert req

java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_server_x_cert_req -test examples/tests/servers/x_cert_req

to test wolfSSL 5.7.6 server cert nreq

java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_server_x_cert_nreq -test examples/tests/servers/x_cert_nreq

@c-southwest
Copy link
Collaborator Author

c-southwest commented Jul 21, 2025
edited
Loading

I use the following command:
java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_client_x_cert_req -eqvThreads 8

and I get the following output (about 10 hours for the full learning):
wolfssl-5.7.6_client_x_cert_req.zip

And it costs about 78 minutes to get the last hypothesis.

=== STATISTICS ===
Learning finished: true
Size of the input alphabet: 12
Number of states: 47
Number of hypotheses: 36
Number of inputs: 751261
Number of tests: 49972
Number of learning inputs: 9266
Number of learning tests: 1653
Number of inputs up to last hypothesis: 242769
Number of tests up to last hypothesis: 13437
Time (ms) to learn model: 35502624
Number of inputs when hypothesis was generated: [12, 497, 1268, 1631, 2225, 3104, 3934, 5578, 6378, 7625, 8614, 9868, 10715, 11630, 12379, 13116, 14334, 15403, 16740, 17403, 19294, 21763, 23221, 29284, 30930, 32839, 34081, 41006, 41873, 46228, 51121, 52959, 66478, 108000, 116229, 242769]
Number of tests when hypothesis was generated: [12, 87, 183, 245, 326, 412, 497, 655, 730, 901, 986, 1067, 1143, 1224, 1293, 1358, 1466, 1546, 1666, 1727, 1849, 2004, 2109, 2439, 2541, 2659, 2741, 3119, 3207, 3482, 3768, 3914, 4623, 6700, 7192, 13437]
Time (ms) when hypothesis was generated: [6711, 56981, 116246, 160536, 213025, 263318, 308501, 422415, 476937, 650835, 742950, 809055, 867696, 924122, 978778, 1030479, 1137082, 1198519, 1322278, 1373445, 1457353, 1532807, 1597871, 1709083, 1775579, 1835308, 1897245, 2030633, 2091572, 2192820, 2301088, 2462500, 2646524, 3115076, 3352673, 4702966]
Number of inputs when counterexample was found: [393, 1102, 1481, 2058, 2936, 3787, 5177, 6206, 6920, 8239, 9627, 10493, 11429, 12191, 12943, 13919, 15189, 16239, 17212, 19054, 21553, 23035, 29072, 30715, 32660, 33885, 40739, 41656, 46014, 50892, 52340, 66274, 107777, 115535, 242521]
Number of tests when counterexample was found: [41, 135, 201, 273, 370, 460, 577, 694, 763, 933, 1035, 1102, 1185, 1257, 1326, 1401, 1511, 1592, 1696, 1814, 1969, 2073, 2408, 2513, 2630, 2715, 3088, 3158, 3432, 3726, 3827, 4585, 6675, 7083, 13407]
Time (ms) when counterexample was found: [28253, 71712, 120862, 168848, 221741, 273474, 324997, 435607, 484761, 660820, 755835, 815680, 877139, 934348, 990383, 1042375, 1150063, 1210806, 1329680, 1403392, 1484690, 1555031, 1661010, 1726956, 1794920, 1853143, 1972067, 2040434, 2141386, 2248650, 2323627, 2598955, 3066710, 3194837, 4648763]

Also, after generating PDF I didn't see happy path, so I also added the happy path.

For your convenience, the happy path looks like this:
I checked the DOT file, and only State 15 and State 34 can transition to State 34.
image

@c-southwest
Copy link
Collaborator Author

I got different number of states and hypotheses that you mentioned in email:

FYI: After running for more than 14 hours, I got numbers for DTLS~1.2
client CERT_OPT

They are 35 hypotheses, 32 states, 43761 tests in 493.44 minutes.

I use command:
java -jar target/dtls-fuzzer.jar args/wolfssl/learn_wolfssl_client_x_cert_nreq -eqvThreads 8

I get the following output (about 4.44 hours for the full learning):
wolfssl-5.7.6_client_x_cert_nreq.zip

And it costs about 24.65 minutes to get the last hypothesis.

=== STATISTICS ===
Learning finished: true
Size of the input alphabet: 11
Number of states: 28
Number of hypotheses: 22
Number of inputs: 465296
Number of tests: 29902
Number of learning inputs: 4244
Number of learning tests: 850
Number of inputs up to last hypothesis: 37618
Number of tests up to last hypothesis: 2648
Time (ms) to learn model: 15991458
Number of inputs when hypothesis was generated: [11, 541, 1308, 1909, 2409, 3308, 4282, 4899, 6064, 6830, 7868, 8940, 9903, 10632, 11302, 12655, 13747, 17280, 18363, 23184, 24517, 37618]
Number of tests when hypothesis was generated: [11, 86, 170, 241, 314, 434, 531, 600, 698, 759, 834, 946, 1021, 1082, 1143, 1234, 1310, 1525, 1606, 1891, 1983, 2648]
Time (ms) when hypothesis was generated: [6166, 46191, 108364, 152450, 201212, 310347, 397570, 442777, 526289, 572045, 638965, 747883, 807223, 846191, 887486, 954183, 1005389, 1075793, 1122631, 1260788, 1312237, 1479298]
Number of inputs when counterexample was found: [446, 1160, 1768, 2261, 2898, 3959, 4738, 5764, 6672, 7679, 8540, 9737, 10504, 11164, 12441, 13570, 17151, 18214, 22836, 24374, 37450]
Number of tests when counterexample was found: [44, 127, 200, 267, 348, 470, 562, 649, 734, 807, 869, 984, 1057, 1115, 1206, 1287, 1494, 1577, 1837, 1956, 2627]
Time (ms) when counterexample was found: [19384, 66988, 114871, 160223, 210076, 320637, 403222, 456795, 535295, 596634, 649552, 766584, 816214, 854035, 905591, 965842, 1044299, 1087235, 1180199, 1278101, 1442251]

I also added the happy path, and it looks like:
image

@kostis kostis requested a review from pfg666 July 24, 2025 05:46
@kostis
Copy link
Contributor

kostis commented Jul 24, 2025

Thanks for these results. Indeed, I also get different results (for some configurations) depending on the machine I use, so there seems to be some non-determinism (and sometimes some warnings/crashes) either due to the timeout values used, due to the DTLS 1.2 SUT, or some other unknown issue.

Before we investigate this further, I suggest we first check the files in this PR. I've requested a review from @pfg666 once he finds some time or is back from vacations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pfg666 pfg666 Awaiting requested review from pfg666

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@c-southwest @kostis