Blame - ap/lib/libssl/openssl-1.1.1o/test/ssl_test_ctx.h - R306

blob: 7e670c946806bd7f755ec9d87d90d3f2ca6c8d85 [file] [log] [blame]

yuezonghe	824eb0c	2024-06-27 02:32:26 -0700	[diff] [blame]	1	/*
				2	* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
				3	*
				4	* Licensed under the OpenSSL license (the "License"). You may not use
				5	* this file except in compliance with the License. You can obtain a copy
				6	* in the file LICENSE in the source distribution or at
				7	* https://www.openssl.org/source/license.html
				8	*/
				9
				10	#ifndef OSSL_TEST_SSL_TEST_CTX_H
				11	#define OSSL_TEST_SSL_TEST_CTX_H
				12
				13	#include <openssl/conf.h>
				14	#include <openssl/ssl.h>
				15
				16	typedef enum {
				17	SSL_TEST_SUCCESS = 0, /* Default */
				18	SSL_TEST_SERVER_FAIL,
				19	SSL_TEST_CLIENT_FAIL,
				20	SSL_TEST_INTERNAL_ERROR,
				21	/* Couldn't test resumption/renegotiation: original handshake failed. */
				22	SSL_TEST_FIRST_HANDSHAKE_FAILED
				23	} ssl_test_result_t;
				24
				25	typedef enum {
				26	SSL_TEST_VERIFY_NONE = 0, /* Default */
				27	SSL_TEST_VERIFY_ACCEPT_ALL,
				28	SSL_TEST_VERIFY_REJECT_ALL
				29	} ssl_verify_callback_t;
				30
				31	typedef enum {
				32	SSL_TEST_SERVERNAME_NONE = 0, /* Default */
				33	SSL_TEST_SERVERNAME_SERVER1,
				34	SSL_TEST_SERVERNAME_SERVER2,
				35	SSL_TEST_SERVERNAME_INVALID
				36	} ssl_servername_t;
				37
				38	typedef enum {
				39	SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */
				40	SSL_TEST_SERVERNAME_IGNORE_MISMATCH,
				41	SSL_TEST_SERVERNAME_REJECT_MISMATCH,
				42	SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH,
				43	SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH,
				44	SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12
				45	} ssl_servername_callback_t;
				46
				47	typedef enum {
				48	SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
				49	SSL_TEST_SESSION_TICKET_YES,
				50	SSL_TEST_SESSION_TICKET_NO,
				51	SSL_TEST_SESSION_TICKET_BROKEN /* Special test */
				52	} ssl_session_ticket_t;
				53
				54	typedef enum {
				55	SSL_TEST_COMPRESSION_NO = 0, /* Default */
				56	SSL_TEST_COMPRESSION_YES
				57	} ssl_compression_t;
				58
				59	typedef enum {
				60	SSL_TEST_SESSION_ID_IGNORE = 0, /* Default */
				61	SSL_TEST_SESSION_ID_YES,
				62	SSL_TEST_SESSION_ID_NO
				63	} ssl_session_id_t;
				64
				65	typedef enum {
				66	SSL_TEST_METHOD_TLS = 0, /* Default */
				67	SSL_TEST_METHOD_DTLS
				68	} ssl_test_method_t;
				69
				70	typedef enum {
				71	SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */
				72	SSL_TEST_HANDSHAKE_RESUME,
				73	SSL_TEST_HANDSHAKE_RENEG_SERVER,
				74	SSL_TEST_HANDSHAKE_RENEG_CLIENT,
				75	SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER,
				76	SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT,
				77	SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH
				78	} ssl_handshake_mode_t;
				79
				80	typedef enum {
				81	SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */
				82	SSL_TEST_CT_VALIDATION_PERMISSIVE,
				83	SSL_TEST_CT_VALIDATION_STRICT
				84	} ssl_ct_validation_t;
				85
				86	typedef enum {
				87	SSL_TEST_CERT_STATUS_NONE = 0, /* Default */
				88	SSL_TEST_CERT_STATUS_GOOD_RESPONSE,
				89	SSL_TEST_CERT_STATUS_BAD_RESPONSE
				90	} ssl_cert_status_t;
				91
				92	/*
				93	* Server/client settings that aren't supported by the SSL CONF library,
				94	* such as callbacks.
				95	*/
				96	typedef struct {
				97	/* One of a number of predefined custom callbacks. */
				98	ssl_verify_callback_t verify_callback;
				99	/* One of a number of predefined server names use by the client */
				100	ssl_servername_t servername;
				101	/* Maximum Fragment Length extension mode */
				102	int max_fragment_len_mode;
				103	/* Supported NPN and ALPN protocols. A comma-separated list. */
				104	char *npn_protocols;
				105	char *alpn_protocols;
				106	ssl_ct_validation_t ct_validation;
				107	/* Ciphersuites to set on a renegotiation */
				108	char *reneg_ciphers;
				109	char *srp_user;
				110	char *srp_password;
				111	/* PHA enabled */
				112	int enable_pha;
				113	} SSL_TEST_CLIENT_CONF;
				114
				115	typedef struct {
				116	/* SNI callback (server-side). */
				117	ssl_servername_callback_t servername_callback;
				118	/* Supported NPN and ALPN protocols. A comma-separated list. */
				119	char *npn_protocols;
				120	char *alpn_protocols;
				121	/* Whether to set a broken session ticket callback. */
				122	int broken_session_ticket;
				123	/* Should we send a CertStatus message? */
				124	ssl_cert_status_t cert_status;
				125	/* An SRP user known to the server. */
				126	char *srp_user;
				127	char *srp_password;
				128	/* Forced PHA */
				129	int force_pha;
				130	char *session_ticket_app_data;
				131	} SSL_TEST_SERVER_CONF;
				132
				133	typedef struct {
				134	SSL_TEST_CLIENT_CONF client;
				135	SSL_TEST_SERVER_CONF server;
				136	SSL_TEST_SERVER_CONF server2;
				137	} SSL_TEST_EXTRA_CONF;
				138
				139	typedef struct {
				140	/*
				141	* Global test configuration. Does not change between handshakes.
				142	*/
				143	/* Whether the server/client CTX should use DTLS or TLS. */
				144	ssl_test_method_t method;
				145	/* Whether to test a resumed/renegotiated handshake. */
				146	ssl_handshake_mode_t handshake_mode;
				147	/*
				148	* How much application data to exchange (default is 256 bytes).
				149	* Both peers will send \|app_data_size\| bytes interleaved.
				150	*/
				151	int app_data_size;
				152	/* Maximum send fragment size. */
				153	int max_fragment_size;
				154	/* KeyUpdate type */
				155	int key_update_type;
				156
				157	/*
				158	* Extra server/client configurations. Per-handshake.
				159	*/
				160	/* First handshake. */
				161	SSL_TEST_EXTRA_CONF extra;
				162	/* Resumed handshake. */
				163	SSL_TEST_EXTRA_CONF resume_extra;
				164
				165	/*
				166	* Test expectations. These apply to the LAST handshake.
				167	*/
				168	/* Defaults to SUCCESS. */
				169	ssl_test_result_t expected_result;
				170	/* Alerts. 0 if no expectation. */
				171	/* See ssl.h for alert codes. */
				172	/* Alert sent by the client / received by the server. */
				173	int expected_client_alert;
				174	/* Alert sent by the server / received by the client. */
				175	int expected_server_alert;
				176	/* Negotiated protocol version. 0 if no expectation. */
				177	/* See ssl.h for protocol versions. */
				178	int expected_protocol;
				179	/*
				180	* The expected SNI context to use.
				181	* We test server-side that the server switched to the expected context.
				182	* Set by the callback upon success, so if the callback wasn't called or
				183	* terminated with an alert, the servername will match with
				184	* SSL_TEST_SERVERNAME_NONE.
				185	* Note: in the event that the servername was accepted, the client should
				186	* also receive an empty SNI extension back but we have no way of probing
				187	* client-side via the API that this was the case.
				188	*/
				189	ssl_servername_t expected_servername;
				190	ssl_session_ticket_t session_ticket_expected;
				191	int compression_expected;
				192	/* The expected NPN/ALPN protocol to negotiate. */
				193	char *expected_npn_protocol;
				194	char *expected_alpn_protocol;
				195	/* Whether the second handshake is resumed or a full handshake (boolean). */
				196	int resumption_expected;
				197	/* Expected temporary key type */
				198	int expected_tmp_key_type;
				199	/* Expected server certificate key type */
				200	int expected_server_cert_type;
				201	/* Expected server signing hash */
				202	int expected_server_sign_hash;
				203	/* Expected server signature type */
				204	int expected_server_sign_type;
				205	/* Expected server CA names */
				206	STACK_OF(X509_NAME) *expected_server_ca_names;
				207	/* Expected client certificate key type */
				208	int expected_client_cert_type;
				209	/* Expected client signing hash */
				210	int expected_client_sign_hash;
				211	/* Expected client signature type */
				212	int expected_client_sign_type;
				213	/* Expected CA names for client auth */
				214	STACK_OF(X509_NAME) *expected_client_ca_names;
				215	/* Whether to use SCTP for the transport */
				216	int use_sctp;
				217	/* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */
				218	int enable_client_sctp_label_bug;
				219	/* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */
				220	int enable_server_sctp_label_bug;
				221	/* Whether to expect a session id from the server */
				222	ssl_session_id_t session_id_expected;
				223	char *expected_cipher;
				224	/* Expected Session Ticket Application Data */
				225	char *expected_session_ticket_app_data;
				226	} SSL_TEST_CTX;
				227
				228	const char *ssl_test_result_name(ssl_test_result_t result);
				229	const char *ssl_alert_name(int alert);
				230	const char *ssl_protocol_name(int protocol);
				231	const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
				232	const char *ssl_servername_name(ssl_servername_t server);
				233	const char *ssl_servername_callback_name(ssl_servername_callback_t
				234	servername_callback);
				235	const char *ssl_session_ticket_name(ssl_session_ticket_t server);
				236	const char *ssl_session_id_name(ssl_session_id_t server);
				237	const char *ssl_test_method_name(ssl_test_method_t method);
				238	const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode);
				239	const char *ssl_ct_validation_name(ssl_ct_validation_t mode);
				240	const char *ssl_certstatus_name(ssl_cert_status_t cert_status);
				241	const char *ssl_max_fragment_len_name(int MFL_mode);
				242
				243	/*
				244	* Load the test case context from \|conf\|.
				245	* See test/README.ssltest.md for details on the conf file format.
				246	*/
				247	SSL_TEST_CTX SSL_TEST_CTX_create(const CONF conf, const char *test_section);
				248
				249	SSL_TEST_CTX *SSL_TEST_CTX_new(void);
				250
				251	void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx);
				252
				253	#endif /* OSSL_TEST_SSL_TEST_CTX_H */