]>
Commit | Line | Data |
---|---|---|
453dfd8d | 1 | /* |
6738bf14 | 2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
453dfd8d | 3 | * |
440e5d80 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
453dfd8d | 7 | * https://www.openssl.org/source/license.html |
453dfd8d EK |
8 | */ |
9 | ||
10 | #ifndef HEADER_SSL_TEST_CTX_H | |
11 | #define HEADER_SSL_TEST_CTX_H | |
12 | ||
13 | #include <openssl/conf.h> | |
14 | #include <openssl/ssl.h> | |
15 | ||
16 | typedef enum { | |
a263f320 | 17 | SSL_TEST_SUCCESS = 0, /* Default */ |
453dfd8d EK |
18 | SSL_TEST_SERVER_FAIL, |
19 | SSL_TEST_CLIENT_FAIL, | |
590ed3d7 EK |
20 | SSL_TEST_INTERNAL_ERROR, |
21 | /* Couldn't test resumption/renegotiation: original handshake failed. */ | |
22 | SSL_TEST_FIRST_HANDSHAKE_FAILED | |
453dfd8d EK |
23 | } ssl_test_result_t; |
24 | ||
a263f320 EK |
25 | typedef enum { |
26 | SSL_TEST_VERIFY_NONE = 0, /* Default */ | |
27 | SSL_TEST_VERIFY_ACCEPT_ALL, | |
28 | SSL_TEST_VERIFY_REJECT_ALL | |
29 | } ssl_verify_callback_t; | |
30 | ||
5c753de6 | 31 | typedef enum { |
81fc33c9 EK |
32 | SSL_TEST_SERVERNAME_NONE = 0, /* Default */ |
33 | SSL_TEST_SERVERNAME_SERVER1, | |
d2b23cd2 EK |
34 | SSL_TEST_SERVERNAME_SERVER2, |
35 | SSL_TEST_SERVERNAME_INVALID | |
5c753de6 TS |
36 | } ssl_servername_t; |
37 | ||
d2b23cd2 EK |
38 | typedef enum { |
39 | SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ | |
40 | SSL_TEST_SERVERNAME_IGNORE_MISMATCH, | |
80de0c59 | 41 | SSL_TEST_SERVERNAME_REJECT_MISMATCH, |
a9c0d8be DB |
42 | SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH, |
43 | SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH, | |
44 | SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12 | |
d2b23cd2 EK |
45 | } ssl_servername_callback_t; |
46 | ||
5c753de6 TS |
47 | typedef enum { |
48 | SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ | |
49 | SSL_TEST_SESSION_TICKET_YES, | |
50 | SSL_TEST_SESSION_TICKET_NO, | |
d3b64b89 | 51 | SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ |
81fc33c9 | 52 | } ssl_session_ticket_t; |
5c753de6 | 53 | |
439db0c9 MC |
54 | typedef enum { |
55 | SSL_TEST_COMPRESSION_NO = 0, /* Default */ | |
56 | SSL_TEST_COMPRESSION_YES | |
57 | } ssl_compression_t; | |
58 | ||
a84e5c9a TS |
59 | typedef enum { |
60 | SSL_TEST_SESSION_ID_IGNORE = 0, /* Default */ | |
61 | SSL_TEST_SESSION_ID_YES, | |
62 | SSL_TEST_SESSION_ID_NO | |
63 | } ssl_session_id_t; | |
64 | ||
74726750 EK |
65 | typedef enum { |
66 | SSL_TEST_METHOD_TLS = 0, /* Default */ | |
d3b64b89 | 67 | SSL_TEST_METHOD_DTLS |
74726750 EK |
68 | } ssl_test_method_t; |
69 | ||
590ed3d7 EK |
70 | typedef enum { |
71 | SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ | |
72 | SSL_TEST_HANDSHAKE_RESUME, | |
fe7dd553 | 73 | SSL_TEST_HANDSHAKE_RENEG_SERVER, |
9b92f161 MC |
74 | SSL_TEST_HANDSHAKE_RENEG_CLIENT, |
75 | SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER, | |
9d75dce3 TS |
76 | SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT, |
77 | SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH | |
590ed3d7 EK |
78 | } ssl_handshake_mode_t; |
79 | ||
da085d27 EK |
80 | typedef enum { |
81 | SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */ | |
82 | SSL_TEST_CT_VALIDATION_PERMISSIVE, | |
83 | SSL_TEST_CT_VALIDATION_STRICT | |
84 | } ssl_ct_validation_t; | |
767ccc3b MC |
85 | |
86 | typedef enum { | |
87 | SSL_TEST_CERT_STATUS_NONE = 0, /* Default */ | |
88 | SSL_TEST_CERT_STATUS_GOOD_RESPONSE, | |
89 | SSL_TEST_CERT_STATUS_BAD_RESPONSE | |
90 | } ssl_cert_status_t; | |
ea1ecd98 | 91 | |
9f48bbac EK |
92 | /* |
93 | * Server/client settings that aren't supported by the SSL CONF library, | |
94 | * such as callbacks. | |
95 | */ | |
96 | typedef struct { | |
97 | /* One of a number of predefined custom callbacks. */ | |
98 | ssl_verify_callback_t verify_callback; | |
99 | /* One of a number of predefined server names use by the client */ | |
100 | ssl_servername_t servername; | |
cf72c757 F |
101 | /* Maximum Fragment Length extension mode */ |
102 | int max_fragment_len_mode; | |
9f48bbac EK |
103 | /* Supported NPN and ALPN protocols. A comma-separated list. */ |
104 | char *npn_protocols; | |
105 | char *alpn_protocols; | |
da085d27 | 106 | ssl_ct_validation_t ct_validation; |
cc22cd54 MC |
107 | /* Ciphersuites to set on a renegotiation */ |
108 | char *reneg_ciphers; | |
ea1ecd98 EK |
109 | char *srp_user; |
110 | char *srp_password; | |
32097b33 MC |
111 | /* PHA enabled */ |
112 | int enable_pha; | |
9f48bbac EK |
113 | } SSL_TEST_CLIENT_CONF; |
114 | ||
115 | typedef struct { | |
116 | /* SNI callback (server-side). */ | |
117 | ssl_servername_callback_t servername_callback; | |
118 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
119 | char *npn_protocols; | |
120 | char *alpn_protocols; | |
121 | /* Whether to set a broken session ticket callback. */ | |
122 | int broken_session_ticket; | |
767ccc3b MC |
123 | /* Should we send a CertStatus message? */ |
124 | ssl_cert_status_t cert_status; | |
ea1ecd98 EK |
125 | /* An SRP user known to the server. */ |
126 | char *srp_user; | |
127 | char *srp_password; | |
9d75dce3 TS |
128 | /* Forced PHA */ |
129 | int force_pha; | |
df0fed9a | 130 | char *session_ticket_app_data; |
9f48bbac EK |
131 | } SSL_TEST_SERVER_CONF; |
132 | ||
133 | typedef struct { | |
134 | SSL_TEST_CLIENT_CONF client; | |
135 | SSL_TEST_SERVER_CONF server; | |
136 | SSL_TEST_SERVER_CONF server2; | |
137 | } SSL_TEST_EXTRA_CONF; | |
138 | ||
139 | typedef struct { | |
140 | /* | |
141 | * Global test configuration. Does not change between handshakes. | |
142 | */ | |
143 | /* Whether the server/client CTX should use DTLS or TLS. */ | |
144 | ssl_test_method_t method; | |
145 | /* Whether to test a resumed/renegotiated handshake. */ | |
146 | ssl_handshake_mode_t handshake_mode; | |
e0421bd8 EK |
147 | /* |
148 | * How much application data to exchange (default is 256 bytes). | |
149 | * Both peers will send |app_data_size| bytes interleaved. | |
150 | */ | |
151 | int app_data_size; | |
6dc99745 EK |
152 | /* Maximum send fragment size. */ |
153 | int max_fragment_size; | |
9b92f161 | 154 | /* KeyUpdate type */ |
4fbfe86a | 155 | int key_update_type; |
9f48bbac EK |
156 | |
157 | /* | |
158 | * Extra server/client configurations. Per-handshake. | |
159 | */ | |
160 | /* First handshake. */ | |
161 | SSL_TEST_EXTRA_CONF extra; | |
162 | /* Resumed handshake. */ | |
163 | SSL_TEST_EXTRA_CONF resume_extra; | |
164 | ||
165 | /* | |
166 | * Test expectations. These apply to the LAST handshake. | |
167 | */ | |
453dfd8d EK |
168 | /* Defaults to SUCCESS. */ |
169 | ssl_test_result_t expected_result; | |
170 | /* Alerts. 0 if no expectation. */ | |
171 | /* See ssl.h for alert codes. */ | |
172 | /* Alert sent by the client / received by the server. */ | |
9f48bbac | 173 | int expected_client_alert; |
453dfd8d | 174 | /* Alert sent by the server / received by the client. */ |
9f48bbac | 175 | int expected_server_alert; |
453dfd8d EK |
176 | /* Negotiated protocol version. 0 if no expectation. */ |
177 | /* See ssl.h for protocol versions. */ | |
9f48bbac | 178 | int expected_protocol; |
d2b23cd2 EK |
179 | /* |
180 | * The expected SNI context to use. | |
181 | * We test server-side that the server switched to the expected context. | |
182 | * Set by the callback upon success, so if the callback wasn't called or | |
183 | * terminated with an alert, the servername will match with | |
184 | * SSL_TEST_SERVERNAME_NONE. | |
185 | * Note: in the event that the servername was accepted, the client should | |
186 | * also receive an empty SNI extension back but we have no way of probing | |
187 | * client-side via the API that this was the case. | |
188 | */ | |
189 | ssl_servername_t expected_servername; | |
81fc33c9 | 190 | ssl_session_ticket_t session_ticket_expected; |
b6611753 | 191 | int compression_expected; |
9f48bbac | 192 | /* The expected NPN/ALPN protocol to negotiate. */ |
ce2cdac2 | 193 | char *expected_npn_protocol; |
ce2cdac2 | 194 | char *expected_alpn_protocol; |
590ed3d7 EK |
195 | /* Whether the second handshake is resumed or a full handshake (boolean). */ |
196 | int resumption_expected; | |
b93ad05d DSH |
197 | /* Expected temporary key type */ |
198 | int expected_tmp_key_type; | |
7f5f35af DSH |
199 | /* Expected server certificate key type */ |
200 | int expected_server_cert_type; | |
ee5b6a42 DSH |
201 | /* Expected server signing hash */ |
202 | int expected_server_sign_hash; | |
54b7f2a5 DSH |
203 | /* Expected server signature type */ |
204 | int expected_server_sign_type; | |
f15b50c4 DSH |
205 | /* Expected server CA names */ |
206 | STACK_OF(X509_NAME) *expected_server_ca_names; | |
7f5f35af DSH |
207 | /* Expected client certificate key type */ |
208 | int expected_client_cert_type; | |
ee5b6a42 DSH |
209 | /* Expected client signing hash */ |
210 | int expected_client_sign_hash; | |
54b7f2a5 DSH |
211 | /* Expected client signature type */ |
212 | int expected_client_sign_type; | |
2e21539b DSH |
213 | /* Expected CA names for client auth */ |
214 | STACK_OF(X509_NAME) *expected_client_ca_names; | |
83964ca0 MC |
215 | /* Whether to use SCTP for the transport */ |
216 | int use_sctp; | |
243ff51c MT |
217 | /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */ |
218 | int enable_client_sctp_label_bug; | |
219 | /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */ | |
220 | int enable_server_sctp_label_bug; | |
a84e5c9a TS |
221 | /* Whether to expect a session id from the server */ |
222 | ssl_session_id_t session_id_expected; | |
e1c7871d | 223 | char *expected_cipher; |
df0fed9a TS |
224 | /* Expected Session Ticket Application Data */ |
225 | char *expected_session_ticket_app_data; | |
453dfd8d EK |
226 | } SSL_TEST_CTX; |
227 | ||
a263f320 | 228 | const char *ssl_test_result_name(ssl_test_result_t result); |
453dfd8d EK |
229 | const char *ssl_alert_name(int alert); |
230 | const char *ssl_protocol_name(int protocol); | |
a263f320 | 231 | const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); |
5c753de6 | 232 | const char *ssl_servername_name(ssl_servername_t server); |
d2b23cd2 EK |
233 | const char *ssl_servername_callback_name(ssl_servername_callback_t |
234 | servername_callback); | |
81fc33c9 | 235 | const char *ssl_session_ticket_name(ssl_session_ticket_t server); |
a84e5c9a | 236 | const char *ssl_session_id_name(ssl_session_id_t server); |
74726750 | 237 | const char *ssl_test_method_name(ssl_test_method_t method); |
590ed3d7 | 238 | const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); |
da085d27 | 239 | const char *ssl_ct_validation_name(ssl_ct_validation_t mode); |
767ccc3b | 240 | const char *ssl_certstatus_name(ssl_cert_status_t cert_status); |
cf72c757 | 241 | const char *ssl_max_fragment_len_name(int MFL_mode); |
453dfd8d EK |
242 | |
243 | /* | |
244 | * Load the test case context from |conf|. | |
9f48bbac | 245 | * See test/README.ssltest.md for details on the conf file format. |
453dfd8d EK |
246 | */ |
247 | SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); | |
248 | ||
249 | SSL_TEST_CTX *SSL_TEST_CTX_new(void); | |
250 | ||
251 | void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); | |
252 | ||
253 | #endif /* HEADER_SSL_TEST_CTX_H */ |