]>
Commit | Line | Data |
---|---|---|
453dfd8d | 1 | /* |
4333b89f | 2 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
453dfd8d | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
440e5d80 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
453dfd8d | 7 | * https://www.openssl.org/source/license.html |
453dfd8d EK |
8 | */ |
9 | ||
ae4186b0 DMSP |
10 | #ifndef OSSL_TEST_SSL_TEST_CTX_H |
11 | #define OSSL_TEST_SSL_TEST_CTX_H | |
453dfd8d EK |
12 | |
13 | #include <openssl/conf.h> | |
14 | #include <openssl/ssl.h> | |
15 | ||
16 | typedef enum { | |
a263f320 | 17 | SSL_TEST_SUCCESS = 0, /* Default */ |
453dfd8d EK |
18 | SSL_TEST_SERVER_FAIL, |
19 | SSL_TEST_CLIENT_FAIL, | |
590ed3d7 EK |
20 | SSL_TEST_INTERNAL_ERROR, |
21 | /* Couldn't test resumption/renegotiation: original handshake failed. */ | |
22 | SSL_TEST_FIRST_HANDSHAKE_FAILED | |
453dfd8d EK |
23 | } ssl_test_result_t; |
24 | ||
a263f320 EK |
25 | typedef enum { |
26 | SSL_TEST_VERIFY_NONE = 0, /* Default */ | |
27 | SSL_TEST_VERIFY_ACCEPT_ALL, | |
0c3eb279 | 28 | SSL_TEST_VERIFY_RETRY_ONCE, |
a263f320 EK |
29 | SSL_TEST_VERIFY_REJECT_ALL |
30 | } ssl_verify_callback_t; | |
31 | ||
5c753de6 | 32 | typedef enum { |
81fc33c9 EK |
33 | SSL_TEST_SERVERNAME_NONE = 0, /* Default */ |
34 | SSL_TEST_SERVERNAME_SERVER1, | |
d2b23cd2 EK |
35 | SSL_TEST_SERVERNAME_SERVER2, |
36 | SSL_TEST_SERVERNAME_INVALID | |
5c753de6 TS |
37 | } ssl_servername_t; |
38 | ||
d2b23cd2 EK |
39 | typedef enum { |
40 | SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ | |
41 | SSL_TEST_SERVERNAME_IGNORE_MISMATCH, | |
80de0c59 | 42 | SSL_TEST_SERVERNAME_REJECT_MISMATCH, |
a9c0d8be DB |
43 | SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH, |
44 | SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH, | |
45 | SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12 | |
d2b23cd2 EK |
46 | } ssl_servername_callback_t; |
47 | ||
5c753de6 TS |
48 | typedef enum { |
49 | SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ | |
50 | SSL_TEST_SESSION_TICKET_YES, | |
51 | SSL_TEST_SESSION_TICKET_NO, | |
d3b64b89 | 52 | SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ |
81fc33c9 | 53 | } ssl_session_ticket_t; |
5c753de6 | 54 | |
439db0c9 MC |
55 | typedef enum { |
56 | SSL_TEST_COMPRESSION_NO = 0, /* Default */ | |
57 | SSL_TEST_COMPRESSION_YES | |
58 | } ssl_compression_t; | |
59 | ||
a84e5c9a TS |
60 | typedef enum { |
61 | SSL_TEST_SESSION_ID_IGNORE = 0, /* Default */ | |
62 | SSL_TEST_SESSION_ID_YES, | |
63 | SSL_TEST_SESSION_ID_NO | |
64 | } ssl_session_id_t; | |
65 | ||
74726750 EK |
66 | typedef enum { |
67 | SSL_TEST_METHOD_TLS = 0, /* Default */ | |
08e49012 TM |
68 | SSL_TEST_METHOD_DTLS, |
69 | SSL_TEST_METHOD_QUIC | |
74726750 EK |
70 | } ssl_test_method_t; |
71 | ||
590ed3d7 EK |
72 | typedef enum { |
73 | SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ | |
74 | SSL_TEST_HANDSHAKE_RESUME, | |
fe7dd553 | 75 | SSL_TEST_HANDSHAKE_RENEG_SERVER, |
9b92f161 MC |
76 | SSL_TEST_HANDSHAKE_RENEG_CLIENT, |
77 | SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER, | |
9d75dce3 TS |
78 | SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT, |
79 | SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH | |
590ed3d7 EK |
80 | } ssl_handshake_mode_t; |
81 | ||
da085d27 EK |
82 | typedef enum { |
83 | SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */ | |
84 | SSL_TEST_CT_VALIDATION_PERMISSIVE, | |
85 | SSL_TEST_CT_VALIDATION_STRICT | |
86 | } ssl_ct_validation_t; | |
767ccc3b MC |
87 | |
88 | typedef enum { | |
89 | SSL_TEST_CERT_STATUS_NONE = 0, /* Default */ | |
90 | SSL_TEST_CERT_STATUS_GOOD_RESPONSE, | |
91 | SSL_TEST_CERT_STATUS_BAD_RESPONSE | |
92 | } ssl_cert_status_t; | |
ea1ecd98 | 93 | |
9f48bbac EK |
94 | /* |
95 | * Server/client settings that aren't supported by the SSL CONF library, | |
96 | * such as callbacks. | |
97 | */ | |
98 | typedef struct { | |
99 | /* One of a number of predefined custom callbacks. */ | |
100 | ssl_verify_callback_t verify_callback; | |
101 | /* One of a number of predefined server names use by the client */ | |
102 | ssl_servername_t servername; | |
cf72c757 F |
103 | /* Maximum Fragment Length extension mode */ |
104 | int max_fragment_len_mode; | |
9f48bbac EK |
105 | /* Supported NPN and ALPN protocols. A comma-separated list. */ |
106 | char *npn_protocols; | |
107 | char *alpn_protocols; | |
da085d27 | 108 | ssl_ct_validation_t ct_validation; |
cc22cd54 MC |
109 | /* Ciphersuites to set on a renegotiation */ |
110 | char *reneg_ciphers; | |
ea1ecd98 EK |
111 | char *srp_user; |
112 | char *srp_password; | |
32097b33 MC |
113 | /* PHA enabled */ |
114 | int enable_pha; | |
cd4afec6 TM |
115 | /* Do not send extms on renegotiation */ |
116 | int no_extms_on_reneg; | |
9f48bbac EK |
117 | } SSL_TEST_CLIENT_CONF; |
118 | ||
119 | typedef struct { | |
120 | /* SNI callback (server-side). */ | |
121 | ssl_servername_callback_t servername_callback; | |
122 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
123 | char *npn_protocols; | |
124 | char *alpn_protocols; | |
125 | /* Whether to set a broken session ticket callback. */ | |
126 | int broken_session_ticket; | |
767ccc3b MC |
127 | /* Should we send a CertStatus message? */ |
128 | ssl_cert_status_t cert_status; | |
ea1ecd98 EK |
129 | /* An SRP user known to the server. */ |
130 | char *srp_user; | |
131 | char *srp_password; | |
9d75dce3 TS |
132 | /* Forced PHA */ |
133 | int force_pha; | |
df0fed9a | 134 | char *session_ticket_app_data; |
9f48bbac EK |
135 | } SSL_TEST_SERVER_CONF; |
136 | ||
137 | typedef struct { | |
138 | SSL_TEST_CLIENT_CONF client; | |
139 | SSL_TEST_SERVER_CONF server; | |
140 | SSL_TEST_SERVER_CONF server2; | |
141 | } SSL_TEST_EXTRA_CONF; | |
142 | ||
143 | typedef struct { | |
144 | /* | |
145 | * Global test configuration. Does not change between handshakes. | |
146 | */ | |
147 | /* Whether the server/client CTX should use DTLS or TLS. */ | |
148 | ssl_test_method_t method; | |
149 | /* Whether to test a resumed/renegotiated handshake. */ | |
150 | ssl_handshake_mode_t handshake_mode; | |
e0421bd8 EK |
151 | /* |
152 | * How much application data to exchange (default is 256 bytes). | |
153 | * Both peers will send |app_data_size| bytes interleaved. | |
154 | */ | |
155 | int app_data_size; | |
6dc99745 EK |
156 | /* Maximum send fragment size. */ |
157 | int max_fragment_size; | |
9b92f161 | 158 | /* KeyUpdate type */ |
4fbfe86a | 159 | int key_update_type; |
9f48bbac EK |
160 | |
161 | /* | |
162 | * Extra server/client configurations. Per-handshake. | |
163 | */ | |
164 | /* First handshake. */ | |
165 | SSL_TEST_EXTRA_CONF extra; | |
166 | /* Resumed handshake. */ | |
167 | SSL_TEST_EXTRA_CONF resume_extra; | |
168 | ||
169 | /* | |
170 | * Test expectations. These apply to the LAST handshake. | |
171 | */ | |
453dfd8d EK |
172 | /* Defaults to SUCCESS. */ |
173 | ssl_test_result_t expected_result; | |
174 | /* Alerts. 0 if no expectation. */ | |
175 | /* See ssl.h for alert codes. */ | |
176 | /* Alert sent by the client / received by the server. */ | |
9f48bbac | 177 | int expected_client_alert; |
453dfd8d | 178 | /* Alert sent by the server / received by the client. */ |
9f48bbac | 179 | int expected_server_alert; |
453dfd8d EK |
180 | /* Negotiated protocol version. 0 if no expectation. */ |
181 | /* See ssl.h for protocol versions. */ | |
9f48bbac | 182 | int expected_protocol; |
d2b23cd2 EK |
183 | /* |
184 | * The expected SNI context to use. | |
185 | * We test server-side that the server switched to the expected context. | |
186 | * Set by the callback upon success, so if the callback wasn't called or | |
187 | * terminated with an alert, the servername will match with | |
188 | * SSL_TEST_SERVERNAME_NONE. | |
189 | * Note: in the event that the servername was accepted, the client should | |
190 | * also receive an empty SNI extension back but we have no way of probing | |
191 | * client-side via the API that this was the case. | |
192 | */ | |
193 | ssl_servername_t expected_servername; | |
81fc33c9 | 194 | ssl_session_ticket_t session_ticket_expected; |
b6611753 | 195 | int compression_expected; |
9f48bbac | 196 | /* The expected NPN/ALPN protocol to negotiate. */ |
ce2cdac2 | 197 | char *expected_npn_protocol; |
ce2cdac2 | 198 | char *expected_alpn_protocol; |
590ed3d7 EK |
199 | /* Whether the second handshake is resumed or a full handshake (boolean). */ |
200 | int resumption_expected; | |
b93ad05d DSH |
201 | /* Expected temporary key type */ |
202 | int expected_tmp_key_type; | |
7f5f35af DSH |
203 | /* Expected server certificate key type */ |
204 | int expected_server_cert_type; | |
ee5b6a42 DSH |
205 | /* Expected server signing hash */ |
206 | int expected_server_sign_hash; | |
54b7f2a5 DSH |
207 | /* Expected server signature type */ |
208 | int expected_server_sign_type; | |
f15b50c4 DSH |
209 | /* Expected server CA names */ |
210 | STACK_OF(X509_NAME) *expected_server_ca_names; | |
7f5f35af DSH |
211 | /* Expected client certificate key type */ |
212 | int expected_client_cert_type; | |
ee5b6a42 DSH |
213 | /* Expected client signing hash */ |
214 | int expected_client_sign_hash; | |
54b7f2a5 DSH |
215 | /* Expected client signature type */ |
216 | int expected_client_sign_type; | |
2e21539b DSH |
217 | /* Expected CA names for client auth */ |
218 | STACK_OF(X509_NAME) *expected_client_ca_names; | |
83964ca0 MC |
219 | /* Whether to use SCTP for the transport */ |
220 | int use_sctp; | |
b67cb09f TS |
221 | /* Whether to pre-compress server certificates */ |
222 | int compress_certificates; | |
09d62b33 MT |
223 | /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */ |
224 | int enable_client_sctp_label_bug; | |
225 | /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */ | |
226 | int enable_server_sctp_label_bug; | |
a84e5c9a TS |
227 | /* Whether to expect a session id from the server */ |
228 | ssl_session_id_t session_id_expected; | |
e1c7871d | 229 | char *expected_cipher; |
df0fed9a TS |
230 | /* Expected Session Ticket Application Data */ |
231 | char *expected_session_ticket_app_data; | |
6725682d | 232 | |
b4250010 | 233 | OSSL_LIB_CTX *libctx; |
4454c20f P |
234 | |
235 | /* FIPS version string to check for compatibility */ | |
236 | char *fips_version; | |
453dfd8d EK |
237 | } SSL_TEST_CTX; |
238 | ||
a263f320 | 239 | const char *ssl_test_result_name(ssl_test_result_t result); |
453dfd8d EK |
240 | const char *ssl_alert_name(int alert); |
241 | const char *ssl_protocol_name(int protocol); | |
a263f320 | 242 | const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); |
5c753de6 | 243 | const char *ssl_servername_name(ssl_servername_t server); |
d2b23cd2 EK |
244 | const char *ssl_servername_callback_name(ssl_servername_callback_t |
245 | servername_callback); | |
81fc33c9 | 246 | const char *ssl_session_ticket_name(ssl_session_ticket_t server); |
a84e5c9a | 247 | const char *ssl_session_id_name(ssl_session_id_t server); |
74726750 | 248 | const char *ssl_test_method_name(ssl_test_method_t method); |
590ed3d7 | 249 | const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); |
da085d27 | 250 | const char *ssl_ct_validation_name(ssl_ct_validation_t mode); |
767ccc3b | 251 | const char *ssl_certstatus_name(ssl_cert_status_t cert_status); |
cf72c757 | 252 | const char *ssl_max_fragment_len_name(int MFL_mode); |
453dfd8d EK |
253 | |
254 | /* | |
255 | * Load the test case context from |conf|. | |
9f48bbac | 256 | * See test/README.ssltest.md for details on the conf file format. |
453dfd8d | 257 | */ |
6725682d | 258 | SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section, |
b4250010 | 259 | OSSL_LIB_CTX *libctx); |
453dfd8d | 260 | |
b4250010 | 261 | SSL_TEST_CTX *SSL_TEST_CTX_new(OSSL_LIB_CTX *libctx); |
453dfd8d EK |
262 | |
263 | void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); | |
264 | ||
ae4186b0 | 265 | #endif /* OSSL_TEST_SSL_TEST_CTX_H */ |