1 /* Copyright (c) 2014, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #ifndef HEADER_TEST_CONFIG 16 #define HEADER_TEST_CONFIG 17 18 #include <string> 19 #include <utility> 20 #include <vector> 21 22 #include <openssl/base.h> 23 #include <openssl/x509.h> 24 25 #include "test_state.h" 26 27 enum class CredentialConfigType { kX509, kDelegated }; 28 29 struct CredentialConfig { 30 CredentialConfigType type; 31 std::string cert_file; 32 std::string key_file; 33 std::vector<uint16_t> signing_prefs; 34 std::string delegated_credential; 35 std::string ocsp_response; 36 std::string signed_cert_timestamps; 37 }; 38 39 struct TestConfig { 40 int port = 0; 41 bool ipv6 = false; 42 uint64_t shim_id = 0; 43 bool is_server = false; 44 bool is_dtls = false; 45 bool is_quic = false; 46 int resume_count = 0; 47 std::string write_settings; 48 bool fallback_scsv = false; 49 std::vector<uint16_t> signing_prefs; 50 std::vector<uint16_t> verify_prefs; 51 std::vector<uint16_t> expect_peer_verify_prefs; 52 std::vector<uint16_t> curves; 53 std::string key_file; 54 std::string cert_file; 55 std::string trust_cert; 56 std::string expect_server_name; 57 bool enable_ech_grease = false; 58 std::vector<std::string> ech_server_configs; 59 std::vector<std::string> ech_server_keys; 60 std::vector<int> ech_is_retry_config; 61 bool expect_ech_accept = false; 62 std::string expect_ech_name_override; 63 bool expect_no_ech_name_override = false; 64 std::string expect_ech_retry_configs; 65 bool expect_no_ech_retry_configs = false; 66 std::string ech_config_list; 67 std::string expect_certificate_types; 68 bool require_any_client_certificate = false; 69 std::string advertise_npn; 70 bool advertise_empty_npn = false; 71 std::string expect_next_proto; 72 bool expect_no_next_proto = false; 73 bool false_start = false; 74 std::string select_next_proto; 75 bool select_empty_next_proto = false; 76 bool async = false; 77 bool write_different_record_sizes = false; 78 bool cbc_record_splitting = false; 79 bool partial_write = false; 80 bool no_tls13 = false; 81 bool no_tls12 = false; 82 bool no_tls11 = false; 83 bool no_tls1 = false; 84 bool no_ticket = false; 85 std::string expect_channel_id; 86 bool enable_channel_id = false; 87 std::string send_channel_id; 88 bool shim_writes_first = false; 89 std::string host_name; 90 std::string advertise_alpn; 91 std::string expect_alpn; 92 std::string expect_advertised_alpn; 93 std::string select_alpn; 94 bool decline_alpn = false; 95 bool reject_alpn = false; 96 bool select_empty_alpn = false; 97 bool defer_alps = false; 98 std::vector<std::pair<std::string, std::string>> application_settings; 99 std::unique_ptr<std::string> expect_peer_application_settings; 100 bool alps_use_new_codepoint = false; 101 std::string quic_transport_params; 102 std::string expect_quic_transport_params; 103 // Set quic_use_legacy_codepoint to 0 or 1 to configure, -1 uses default. 104 int quic_use_legacy_codepoint = -1; 105 bool expect_session_miss = false; 106 bool expect_extended_master_secret = false; 107 std::string psk; 108 std::string psk_identity; 109 std::string srtp_profiles; 110 bool enable_ocsp_stapling = false; 111 std::string expect_ocsp_response; 112 bool enable_signed_cert_timestamps = false; 113 std::string expect_signed_cert_timestamps; 114 uint16_t min_version = 0; 115 uint16_t max_version = 0; 116 uint16_t expect_version = 0; 117 int mtu = 0; 118 bool implicit_handshake = false; 119 bool use_early_callback = false; 120 bool fail_early_callback = false; 121 bool fail_early_callback_ech_rewind = false; 122 bool install_ddos_callback = false; 123 bool fail_ddos_callback = false; 124 bool fail_cert_callback = false; 125 std::string cipher; 126 bool handshake_never_done = false; 127 int export_keying_material = 0; 128 std::string export_label; 129 std::string export_context; 130 bool use_export_context = false; 131 bool tls_unique = false; 132 bool expect_ticket_renewal = false; 133 bool expect_no_session = false; 134 bool expect_ticket_supports_early_data = false; 135 bool expect_accept_early_data = false; 136 bool expect_reject_early_data = false; 137 bool expect_no_offer_early_data = false; 138 bool expect_no_server_name = false; 139 bool use_ticket_callback = false; 140 bool renew_ticket = false; 141 bool enable_early_data = false; 142 std::string ocsp_response; 143 bool check_close_notify = false; 144 bool shim_shuts_down = false; 145 bool verify_fail = false; 146 bool verify_peer = false; 147 bool verify_peer_if_no_obc = false; 148 bool expect_verify_result = false; 149 std::string signed_cert_timestamps; 150 int expect_total_renegotiations = 0; 151 bool renegotiate_once = false; 152 bool renegotiate_freely = false; 153 bool renegotiate_ignore = false; 154 bool renegotiate_explicit = false; 155 bool forbid_renegotiation_after_handshake = false; 156 uint16_t expect_peer_signature_algorithm = 0; 157 uint16_t expect_curve_id = 0; 158 bool use_old_client_cert_callback = false; 159 int initial_timeout_duration_ms = 0; 160 std::string use_client_ca_list; 161 std::string expect_client_ca_list; 162 bool send_alert = false; 163 bool peek_then_read = false; 164 bool enable_grease = false; 165 bool permute_extensions = false; 166 int max_cert_list = 0; 167 std::string ticket_key; 168 bool use_exporter_between_reads = false; 169 uint16_t expect_cipher_aes = 0; 170 uint16_t expect_cipher_no_aes = 0; 171 uint16_t expect_cipher = 0; 172 std::string expect_peer_cert_file; 173 int resumption_delay = 0; 174 bool retain_only_sha256_client_cert = false; 175 bool expect_sha256_client_cert = false; 176 bool read_with_unfinished_write = false; 177 bool expect_secure_renegotiation = false; 178 bool expect_no_secure_renegotiation = false; 179 int max_send_fragment = 0; 180 int read_size = 0; 181 bool expect_session_id = false; 182 bool expect_no_session_id = false; 183 int expect_ticket_age_skew = 0; 184 bool no_op_extra_handshake = false; 185 bool handshake_twice = false; 186 bool allow_unknown_alpn_protos = false; 187 bool use_custom_verify_callback = false; 188 std::string expect_msg_callback; 189 bool allow_false_start_without_alpn = false; 190 bool handoff = false; 191 bool handshake_hints = false; 192 bool allow_hint_mismatch = false; 193 bool use_ocsp_callback = false; 194 bool set_ocsp_in_callback = false; 195 bool decline_ocsp_callback = false; 196 bool fail_ocsp_callback = false; 197 bool install_cert_compression_algs = false; 198 int install_one_cert_compression_alg = 0; 199 bool reverify_on_resume = false; 200 bool ignore_rsa_key_usage = false; 201 bool expect_key_usage_invalid = false; 202 bool is_handshaker_supported = false; 203 bool handshaker_resume = false; 204 std::string handshaker_path; 205 bool jdk11_workaround = false; 206 bool server_preference = false; 207 bool export_traffic_secrets = false; 208 bool key_update = false; 209 std::string expect_early_data_reason; 210 bool expect_hrr = false; 211 bool expect_no_hrr = false; 212 bool wait_for_debugger = false; 213 std::string quic_early_data_context; 214 int early_write_after_message = 0; 215 bool fips_202205 = false; 216 bool wpa_202304 = false; 217 bool no_check_client_certificate_type = false; 218 bool no_check_ecdsa_curve = false; 219 int expect_selected_credential = -1; 220 std::vector<CredentialConfig> credentials; 221 222 std::vector<const char*> handshaker_args; 223 224 bssl::UniquePtr<SSL_CTX> SetupCtx(SSL_CTX *old_ctx) const; 225 226 bssl::UniquePtr<SSL> NewSSL(SSL_CTX *ssl_ctx, SSL_SESSION *session, 227 std::unique_ptr<TestState> test_state) const; 228 }; 229 230 bool ParseConfig(int argc, char **argv, bool is_shim, TestConfig *out_initial, 231 TestConfig *out_resume, TestConfig *out_retry); 232 233 bool SetTestConfig(SSL *ssl, const TestConfig *config); 234 235 const TestConfig *GetTestConfig(const SSL *ssl); 236 237 bool LoadCertificate(bssl::UniquePtr<X509> *out_x509, 238 bssl::UniquePtr<STACK_OF(X509)> *out_chain, 239 const std::string &file); 240 241 bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file); 242 243 #endif // HEADER_TEST_CONFIG 244