]>
Commit | Line | Data |
---|---|---|
453dfd8d EK |
1 | /* |
2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
440e5d80 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
453dfd8d | 7 | * https://www.openssl.org/source/license.html |
453dfd8d EK |
8 | */ |
9 | ||
10 | #ifndef HEADER_SSL_TEST_CTX_H | |
11 | #define HEADER_SSL_TEST_CTX_H | |
12 | ||
13 | #include <openssl/conf.h> | |
14 | #include <openssl/ssl.h> | |
15 | ||
16 | typedef enum { | |
a263f320 | 17 | SSL_TEST_SUCCESS = 0, /* Default */ |
453dfd8d EK |
18 | SSL_TEST_SERVER_FAIL, |
19 | SSL_TEST_CLIENT_FAIL, | |
590ed3d7 EK |
20 | SSL_TEST_INTERNAL_ERROR, |
21 | /* Couldn't test resumption/renegotiation: original handshake failed. */ | |
22 | SSL_TEST_FIRST_HANDSHAKE_FAILED | |
453dfd8d EK |
23 | } ssl_test_result_t; |
24 | ||
a263f320 EK |
25 | typedef enum { |
26 | SSL_TEST_VERIFY_NONE = 0, /* Default */ | |
27 | SSL_TEST_VERIFY_ACCEPT_ALL, | |
28 | SSL_TEST_VERIFY_REJECT_ALL | |
29 | } ssl_verify_callback_t; | |
30 | ||
5c753de6 | 31 | typedef enum { |
81fc33c9 EK |
32 | SSL_TEST_SERVERNAME_NONE = 0, /* Default */ |
33 | SSL_TEST_SERVERNAME_SERVER1, | |
d2b23cd2 EK |
34 | SSL_TEST_SERVERNAME_SERVER2, |
35 | SSL_TEST_SERVERNAME_INVALID | |
5c753de6 TS |
36 | } ssl_servername_t; |
37 | ||
d2b23cd2 EK |
38 | typedef enum { |
39 | SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ | |
40 | SSL_TEST_SERVERNAME_IGNORE_MISMATCH, | |
80de0c59 BK |
41 | SSL_TEST_SERVERNAME_REJECT_MISMATCH, |
42 | SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH, | |
43 | SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH, | |
44 | SSL_TEST_SERVERNAME_EARLY_NO_V12 | |
d2b23cd2 EK |
45 | } ssl_servername_callback_t; |
46 | ||
5c753de6 TS |
47 | typedef enum { |
48 | SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ | |
49 | SSL_TEST_SESSION_TICKET_YES, | |
50 | SSL_TEST_SESSION_TICKET_NO, | |
d3b64b89 | 51 | SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ |
81fc33c9 | 52 | } ssl_session_ticket_t; |
5c753de6 | 53 | |
439db0c9 MC |
54 | typedef enum { |
55 | SSL_TEST_COMPRESSION_NO = 0, /* Default */ | |
56 | SSL_TEST_COMPRESSION_YES | |
57 | } ssl_compression_t; | |
58 | ||
74726750 EK |
59 | typedef enum { |
60 | SSL_TEST_METHOD_TLS = 0, /* Default */ | |
d3b64b89 | 61 | SSL_TEST_METHOD_DTLS |
74726750 EK |
62 | } ssl_test_method_t; |
63 | ||
590ed3d7 EK |
64 | typedef enum { |
65 | SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ | |
66 | SSL_TEST_HANDSHAKE_RESUME, | |
fe7dd553 | 67 | SSL_TEST_HANDSHAKE_RENEG_SERVER, |
9b92f161 MC |
68 | SSL_TEST_HANDSHAKE_RENEG_CLIENT, |
69 | SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER, | |
70 | SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT | |
590ed3d7 EK |
71 | } ssl_handshake_mode_t; |
72 | ||
da085d27 EK |
73 | typedef enum { |
74 | SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */ | |
75 | SSL_TEST_CT_VALIDATION_PERMISSIVE, | |
76 | SSL_TEST_CT_VALIDATION_STRICT | |
77 | } ssl_ct_validation_t; | |
767ccc3b MC |
78 | |
79 | typedef enum { | |
80 | SSL_TEST_CERT_STATUS_NONE = 0, /* Default */ | |
81 | SSL_TEST_CERT_STATUS_GOOD_RESPONSE, | |
82 | SSL_TEST_CERT_STATUS_BAD_RESPONSE | |
83 | } ssl_cert_status_t; | |
ea1ecd98 | 84 | |
9f48bbac EK |
85 | /* |
86 | * Server/client settings that aren't supported by the SSL CONF library, | |
87 | * such as callbacks. | |
88 | */ | |
89 | typedef struct { | |
90 | /* One of a number of predefined custom callbacks. */ | |
91 | ssl_verify_callback_t verify_callback; | |
92 | /* One of a number of predefined server names use by the client */ | |
93 | ssl_servername_t servername; | |
94 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
95 | char *npn_protocols; | |
96 | char *alpn_protocols; | |
da085d27 | 97 | ssl_ct_validation_t ct_validation; |
cc22cd54 MC |
98 | /* Ciphersuites to set on a renegotiation */ |
99 | char *reneg_ciphers; | |
ea1ecd98 EK |
100 | char *srp_user; |
101 | char *srp_password; | |
9f48bbac EK |
102 | } SSL_TEST_CLIENT_CONF; |
103 | ||
104 | typedef struct { | |
105 | /* SNI callback (server-side). */ | |
106 | ssl_servername_callback_t servername_callback; | |
107 | /* Supported NPN and ALPN protocols. A comma-separated list. */ | |
108 | char *npn_protocols; | |
109 | char *alpn_protocols; | |
110 | /* Whether to set a broken session ticket callback. */ | |
111 | int broken_session_ticket; | |
767ccc3b MC |
112 | /* Should we send a CertStatus message? */ |
113 | ssl_cert_status_t cert_status; | |
ea1ecd98 EK |
114 | /* An SRP user known to the server. */ |
115 | char *srp_user; | |
116 | char *srp_password; | |
9f48bbac EK |
117 | } SSL_TEST_SERVER_CONF; |
118 | ||
119 | typedef struct { | |
120 | SSL_TEST_CLIENT_CONF client; | |
121 | SSL_TEST_SERVER_CONF server; | |
122 | SSL_TEST_SERVER_CONF server2; | |
123 | } SSL_TEST_EXTRA_CONF; | |
124 | ||
125 | typedef struct { | |
126 | /* | |
127 | * Global test configuration. Does not change between handshakes. | |
128 | */ | |
129 | /* Whether the server/client CTX should use DTLS or TLS. */ | |
130 | ssl_test_method_t method; | |
131 | /* Whether to test a resumed/renegotiated handshake. */ | |
132 | ssl_handshake_mode_t handshake_mode; | |
e0421bd8 EK |
133 | /* |
134 | * How much application data to exchange (default is 256 bytes). | |
135 | * Both peers will send |app_data_size| bytes interleaved. | |
136 | */ | |
137 | int app_data_size; | |
6dc99745 EK |
138 | /* Maximum send fragment size. */ |
139 | int max_fragment_size; | |
9b92f161 | 140 | /* KeyUpdate type */ |
4fbfe86a | 141 | int key_update_type; |
9f48bbac EK |
142 | |
143 | /* | |
144 | * Extra server/client configurations. Per-handshake. | |
145 | */ | |
146 | /* First handshake. */ | |
147 | SSL_TEST_EXTRA_CONF extra; | |
148 | /* Resumed handshake. */ | |
149 | SSL_TEST_EXTRA_CONF resume_extra; | |
150 | ||
151 | /* | |
152 | * Test expectations. These apply to the LAST handshake. | |
153 | */ | |
453dfd8d EK |
154 | /* Defaults to SUCCESS. */ |
155 | ssl_test_result_t expected_result; | |
156 | /* Alerts. 0 if no expectation. */ | |
157 | /* See ssl.h for alert codes. */ | |
158 | /* Alert sent by the client / received by the server. */ | |
9f48bbac | 159 | int expected_client_alert; |
453dfd8d | 160 | /* Alert sent by the server / received by the client. */ |
9f48bbac | 161 | int expected_server_alert; |
453dfd8d EK |
162 | /* Negotiated protocol version. 0 if no expectation. */ |
163 | /* See ssl.h for protocol versions. */ | |
9f48bbac | 164 | int expected_protocol; |
d2b23cd2 EK |
165 | /* |
166 | * The expected SNI context to use. | |
167 | * We test server-side that the server switched to the expected context. | |
168 | * Set by the callback upon success, so if the callback wasn't called or | |
169 | * terminated with an alert, the servername will match with | |
170 | * SSL_TEST_SERVERNAME_NONE. | |
171 | * Note: in the event that the servername was accepted, the client should | |
172 | * also receive an empty SNI extension back but we have no way of probing | |
173 | * client-side via the API that this was the case. | |
174 | */ | |
175 | ssl_servername_t expected_servername; | |
81fc33c9 | 176 | ssl_session_ticket_t session_ticket_expected; |
b6611753 | 177 | int compression_expected; |
9f48bbac | 178 | /* The expected NPN/ALPN protocol to negotiate. */ |
ce2cdac2 | 179 | char *expected_npn_protocol; |
ce2cdac2 | 180 | char *expected_alpn_protocol; |
590ed3d7 EK |
181 | /* Whether the second handshake is resumed or a full handshake (boolean). */ |
182 | int resumption_expected; | |
b93ad05d DSH |
183 | /* Expected temporary key type */ |
184 | int expected_tmp_key_type; | |
7f5f35af DSH |
185 | /* Expected server certificate key type */ |
186 | int expected_server_cert_type; | |
ee5b6a42 DSH |
187 | /* Expected server signing hash */ |
188 | int expected_server_sign_hash; | |
54b7f2a5 DSH |
189 | /* Expected server signature type */ |
190 | int expected_server_sign_type; | |
f15b50c4 DSH |
191 | /* Expected server CA names */ |
192 | STACK_OF(X509_NAME) *expected_server_ca_names; | |
7f5f35af DSH |
193 | /* Expected client certificate key type */ |
194 | int expected_client_cert_type; | |
ee5b6a42 DSH |
195 | /* Expected client signing hash */ |
196 | int expected_client_sign_hash; | |
54b7f2a5 DSH |
197 | /* Expected client signature type */ |
198 | int expected_client_sign_type; | |
2e21539b DSH |
199 | /* Expected CA names for client auth */ |
200 | STACK_OF(X509_NAME) *expected_client_ca_names; | |
83964ca0 MC |
201 | /* Whether to use SCTP for the transport */ |
202 | int use_sctp; | |
453dfd8d EK |
203 | } SSL_TEST_CTX; |
204 | ||
a263f320 | 205 | const char *ssl_test_result_name(ssl_test_result_t result); |
453dfd8d EK |
206 | const char *ssl_alert_name(int alert); |
207 | const char *ssl_protocol_name(int protocol); | |
a263f320 | 208 | const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); |
5c753de6 | 209 | const char *ssl_servername_name(ssl_servername_t server); |
d2b23cd2 EK |
210 | const char *ssl_servername_callback_name(ssl_servername_callback_t |
211 | servername_callback); | |
81fc33c9 | 212 | const char *ssl_session_ticket_name(ssl_session_ticket_t server); |
74726750 | 213 | const char *ssl_test_method_name(ssl_test_method_t method); |
590ed3d7 | 214 | const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); |
da085d27 | 215 | const char *ssl_ct_validation_name(ssl_ct_validation_t mode); |
767ccc3b | 216 | const char *ssl_certstatus_name(ssl_cert_status_t cert_status); |
453dfd8d EK |
217 | |
218 | /* | |
219 | * Load the test case context from |conf|. | |
9f48bbac | 220 | * See test/README.ssltest.md for details on the conf file format. |
453dfd8d EK |
221 | */ |
222 | SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); | |
223 | ||
224 | SSL_TEST_CTX *SSL_TEST_CTX_new(void); | |
225 | ||
226 | void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); | |
227 | ||
228 | #endif /* HEADER_SSL_TEST_CTX_H */ |