]>
Commit | Line | Data |
---|---|---|
453dfd8d EK |
1 | /* |
2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
440e5d80 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
453dfd8d | 7 | * https://www.openssl.org/source/license.html |
453dfd8d EK |
8 | */ |
9 | ||
10 | #ifndef HEADER_SSL_TEST_CTX_H | |
11 | #define HEADER_SSL_TEST_CTX_H | |
12 | ||
13 | #include <openssl/conf.h> | |
14 | #include <openssl/ssl.h> | |
15 | ||
16 | typedef enum { | |
a263f320 | 17 | SSL_TEST_SUCCESS = 0, /* Default */ |
453dfd8d EK |
18 | SSL_TEST_SERVER_FAIL, |
19 | SSL_TEST_CLIENT_FAIL, | |
590ed3d7 EK |
20 | SSL_TEST_INTERNAL_ERROR, |
21 | /* Couldn't test resumption/renegotiation: original handshake failed. */ | |
22 | SSL_TEST_FIRST_HANDSHAKE_FAILED | |
453dfd8d EK |
23 | } ssl_test_result_t; |
24 | ||
a263f320 EK |
25 | typedef enum { |
26 | SSL_TEST_VERIFY_NONE = 0, /* Default */ | |
27 | SSL_TEST_VERIFY_ACCEPT_ALL, | |
28 | SSL_TEST_VERIFY_REJECT_ALL | |
29 | } ssl_verify_callback_t; | |
30 | ||
5c753de6 | 31 | typedef enum { |
81fc33c9 EK |
32 | SSL_TEST_SERVERNAME_NONE = 0, /* Default */ |
33 | SSL_TEST_SERVERNAME_SERVER1, | |
d2b23cd2 EK |
34 | SSL_TEST_SERVERNAME_SERVER2, |
35 | SSL_TEST_SERVERNAME_INVALID | |
5c753de6 TS |
36 | } ssl_servername_t; |
37 | ||
d2b23cd2 EK |
38 | typedef enum { |
39 | SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ | |
40 | SSL_TEST_SERVERNAME_IGNORE_MISMATCH, | |
41 | SSL_TEST_SERVERNAME_REJECT_MISMATCH | |
42 | } ssl_servername_callback_t; | |
43 | ||
5c753de6 TS |
44 | typedef enum { |
45 | SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ | |
46 | SSL_TEST_SESSION_TICKET_YES, | |
47 | SSL_TEST_SESSION_TICKET_NO, | |
d3b64b89 | 48 | SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ |
81fc33c9 | 49 | } ssl_session_ticket_t; |
5c753de6 | 50 | |
74726750 EK |
51 | typedef enum { |
52 | SSL_TEST_METHOD_TLS = 0, /* Default */ | |
d3b64b89 | 53 | SSL_TEST_METHOD_DTLS |
74726750 EK |
54 | } ssl_test_method_t; |
55 | ||
590ed3d7 EK |
56 | typedef enum { |
57 | SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ | |
58 | SSL_TEST_HANDSHAKE_RESUME, | |
fe7dd553 MC |
59 | SSL_TEST_HANDSHAKE_RENEG_SERVER, |
60 | SSL_TEST_HANDSHAKE_RENEG_CLIENT | |
590ed3d7 EK |
61 | } ssl_handshake_mode_t; |
62 | ||
da085d27 EK |
63 | typedef enum { |
64 | SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */ | |
65 | SSL_TEST_CT_VALIDATION_PERMISSIVE, | |
66 | SSL_TEST_CT_VALIDATION_STRICT | |
67 | } ssl_ct_validation_t; | |
767ccc3b MC |
68 | |
69 | typedef enum { | |
70 | SSL_TEST_CERT_STATUS_NONE = 0, /* Default */ | |
71 | SSL_TEST_CERT_STATUS_GOOD_RESPONSE, | |
72 | SSL_TEST_CERT_STATUS_BAD_RESPONSE | |
73 | } ssl_cert_status_t; | |
9f48bbac EK |
74 | /* |
75 | * Server/client settings that aren't supported by the SSL CONF library, | |
76 | * such as callbacks. | |
77 | */ | |
78 | typedef struct { | |
79 | /* One of a number of predefined custom callbacks. */ | |
80 | ssl_verify_callback_t verify_callback; | |
81 | /* One of a number of predefined server names use by the client */ | |
82 | ssl_servername_t servername; | |
83 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
84 | char *npn_protocols; | |
85 | char *alpn_protocols; | |
da085d27 | 86 | ssl_ct_validation_t ct_validation; |
9f48bbac EK |
87 | } SSL_TEST_CLIENT_CONF; |
88 | ||
89 | typedef struct { | |
90 | /* SNI callback (server-side). */ | |
91 | ssl_servername_callback_t servername_callback; | |
92 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
93 | char *npn_protocols; | |
94 | char *alpn_protocols; | |
95 | /* Whether to set a broken session ticket callback. */ | |
96 | int broken_session_ticket; | |
767ccc3b MC |
97 | /* Should we send a CertStatus message? */ |
98 | ssl_cert_status_t cert_status; | |
9f48bbac EK |
99 | } SSL_TEST_SERVER_CONF; |
100 | ||
101 | typedef struct { | |
102 | SSL_TEST_CLIENT_CONF client; | |
103 | SSL_TEST_SERVER_CONF server; | |
104 | SSL_TEST_SERVER_CONF server2; | |
105 | } SSL_TEST_EXTRA_CONF; | |
106 | ||
107 | typedef struct { | |
108 | /* | |
109 | * Global test configuration. Does not change between handshakes. | |
110 | */ | |
111 | /* Whether the server/client CTX should use DTLS or TLS. */ | |
112 | ssl_test_method_t method; | |
113 | /* Whether to test a resumed/renegotiated handshake. */ | |
114 | ssl_handshake_mode_t handshake_mode; | |
e0421bd8 EK |
115 | /* |
116 | * How much application data to exchange (default is 256 bytes). | |
117 | * Both peers will send |app_data_size| bytes interleaved. | |
118 | */ | |
119 | int app_data_size; | |
6dc99745 EK |
120 | /* Maximum send fragment size. */ |
121 | int max_fragment_size; | |
9f48bbac EK |
122 | |
123 | /* | |
124 | * Extra server/client configurations. Per-handshake. | |
125 | */ | |
126 | /* First handshake. */ | |
127 | SSL_TEST_EXTRA_CONF extra; | |
128 | /* Resumed handshake. */ | |
129 | SSL_TEST_EXTRA_CONF resume_extra; | |
130 | ||
131 | /* | |
132 | * Test expectations. These apply to the LAST handshake. | |
133 | */ | |
453dfd8d EK |
134 | /* Defaults to SUCCESS. */ |
135 | ssl_test_result_t expected_result; | |
136 | /* Alerts. 0 if no expectation. */ | |
137 | /* See ssl.h for alert codes. */ | |
138 | /* Alert sent by the client / received by the server. */ | |
9f48bbac | 139 | int expected_client_alert; |
453dfd8d | 140 | /* Alert sent by the server / received by the client. */ |
9f48bbac | 141 | int expected_server_alert; |
453dfd8d EK |
142 | /* Negotiated protocol version. 0 if no expectation. */ |
143 | /* See ssl.h for protocol versions. */ | |
9f48bbac | 144 | int expected_protocol; |
d2b23cd2 EK |
145 | /* |
146 | * The expected SNI context to use. | |
147 | * We test server-side that the server switched to the expected context. | |
148 | * Set by the callback upon success, so if the callback wasn't called or | |
149 | * terminated with an alert, the servername will match with | |
150 | * SSL_TEST_SERVERNAME_NONE. | |
151 | * Note: in the event that the servername was accepted, the client should | |
152 | * also receive an empty SNI extension back but we have no way of probing | |
153 | * client-side via the API that this was the case. | |
154 | */ | |
155 | ssl_servername_t expected_servername; | |
81fc33c9 | 156 | ssl_session_ticket_t session_ticket_expected; |
9f48bbac | 157 | /* The expected NPN/ALPN protocol to negotiate. */ |
ce2cdac2 | 158 | char *expected_npn_protocol; |
ce2cdac2 | 159 | char *expected_alpn_protocol; |
590ed3d7 EK |
160 | /* Whether the second handshake is resumed or a full handshake (boolean). */ |
161 | int resumption_expected; | |
453dfd8d EK |
162 | } SSL_TEST_CTX; |
163 | ||
a263f320 | 164 | const char *ssl_test_result_name(ssl_test_result_t result); |
453dfd8d EK |
165 | const char *ssl_alert_name(int alert); |
166 | const char *ssl_protocol_name(int protocol); | |
a263f320 | 167 | const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); |
5c753de6 | 168 | const char *ssl_servername_name(ssl_servername_t server); |
d2b23cd2 EK |
169 | const char *ssl_servername_callback_name(ssl_servername_callback_t |
170 | servername_callback); | |
81fc33c9 | 171 | const char *ssl_session_ticket_name(ssl_session_ticket_t server); |
74726750 | 172 | const char *ssl_test_method_name(ssl_test_method_t method); |
590ed3d7 | 173 | const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); |
da085d27 | 174 | const char *ssl_ct_validation_name(ssl_ct_validation_t mode); |
767ccc3b | 175 | const char *ssl_certstatus_name(ssl_cert_status_t cert_status); |
453dfd8d EK |
176 | |
177 | /* | |
178 | * Load the test case context from |conf|. | |
9f48bbac | 179 | * See test/README.ssltest.md for details on the conf file format. |
453dfd8d EK |
180 | */ |
181 | SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); | |
182 | ||
183 | SSL_TEST_CTX *SSL_TEST_CTX_new(void); | |
184 | ||
185 | void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); | |
186 | ||
187 | #endif /* HEADER_SSL_TEST_CTX_H */ |