/* Copyright 2014 The BoringSSL Authors * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef HEADER_TEST_CONFIG #define HEADER_TEST_CONFIG #include #include #include #include #include #include #include "test_state.h" enum class CredentialConfigType { kX509, kDelegated, kSPAKE2PlusV1, }; struct CredentialConfig { CredentialConfigType type; std::string cert_file; std::string key_file; std::vector signing_prefs; std::vector delegated_credential; std::vector ocsp_response; std::vector signed_cert_timestamps; std::vector pake_context; std::vector pake_client_id; std::vector pake_server_id; std::vector pake_password; bool wrong_pake_role = false; }; struct TestConfig { int port = 0; bool ipv6 = false; uint64_t shim_id = 0; bool is_server = false; bool is_dtls = false; bool is_quic = false; int resume_count = 0; std::string write_settings; bool fallback_scsv = false; std::vector signing_prefs; std::vector verify_prefs; std::vector expect_peer_verify_prefs; std::vector curves; std::string key_file; std::string cert_file; std::string trust_cert; std::string expect_server_name; bool enable_ech_grease = false; std::vector> ech_server_configs; std::vector> ech_server_keys; std::vector ech_is_retry_config; bool expect_ech_accept = false; std::string expect_ech_name_override; bool expect_no_ech_name_override = false; std::vector expect_ech_retry_configs; bool expect_no_ech_retry_configs = false; std::vector ech_config_list; std::vector expect_certificate_types; bool require_any_client_certificate = false; std::string advertise_npn; bool advertise_empty_npn = false; std::string expect_next_proto; bool expect_no_next_proto = false; bool false_start = false; std::string select_next_proto; bool select_empty_next_proto = false; bool async = false; bool write_different_record_sizes = false; bool cbc_record_splitting = false; bool partial_write = false; bool no_tls13 = false; bool no_tls12 = false; bool no_tls11 = false; bool no_tls1 = false; bool no_ticket = false; std::vector expect_channel_id; bool enable_channel_id = false; std::string send_channel_id; bool shim_writes_first = false; std::string host_name; std::string advertise_alpn; std::string expect_alpn; std::string expect_advertised_alpn; std::string select_alpn; bool decline_alpn = false; bool reject_alpn = false; bool select_empty_alpn = false; bool defer_alps = false; std::vector> application_settings; std::optional expect_peer_application_settings; bool alps_use_new_codepoint = false; std::vector quic_transport_params; std::vector expect_quic_transport_params; // Set quic_use_legacy_codepoint to 0 or 1 to configure, -1 uses default. int quic_use_legacy_codepoint = -1; bool expect_session_miss = false; bool expect_extended_master_secret = false; std::string psk; std::string psk_identity; std::string srtp_profiles; bool enable_ocsp_stapling = false; std::vector expect_ocsp_response; bool enable_signed_cert_timestamps = false; std::vector expect_signed_cert_timestamps; uint16_t min_version = 0; uint16_t max_version = 0; uint16_t expect_version = 0; int mtu = 0; bool implicit_handshake = false; bool use_early_callback = false; bool fail_early_callback = false; bool fail_early_callback_ech_rewind = false; bool install_ddos_callback = false; bool fail_ddos_callback = false; bool fail_cert_callback = false; std::string cipher; bool handshake_never_done = false; int export_keying_material = 0; std::string export_label; std::string export_context; bool use_export_context = false; bool tls_unique = false; bool expect_ticket_renewal = false; bool expect_no_session = false; bool expect_ticket_supports_early_data = false; bool expect_accept_early_data = false; bool expect_reject_early_data = false; bool expect_no_offer_early_data = false; bool expect_no_server_name = false; bool use_ticket_callback = false; bool use_ticket_aead_callback = false; bool renew_ticket = false; bool skip_ticket = false; bool enable_early_data = false; std::vector ocsp_response; bool check_close_notify = false; bool shim_shuts_down = false; bool verify_fail = false; bool verify_peer = false; bool verify_peer_if_no_obc = false; bool expect_verify_result = false; std::vector signed_cert_timestamps; int expect_total_renegotiations = 0; bool renegotiate_once = false; bool renegotiate_freely = false; bool renegotiate_ignore = false; bool renegotiate_explicit = false; bool forbid_renegotiation_after_handshake = false; uint16_t expect_peer_signature_algorithm = 0; uint16_t expect_curve_id = 0; bool use_old_client_cert_callback = false; int initial_timeout_duration_ms = 0; std::string use_client_ca_list; std::string expect_client_ca_list; bool send_alert = false; bool peek_then_read = false; bool enable_grease = false; bool permute_extensions = false; int max_cert_list = 0; std::vector ticket_key; bool use_exporter_between_reads = false; uint16_t expect_cipher_aes = 0; uint16_t expect_cipher_no_aes = 0; uint16_t expect_cipher = 0; std::string expect_peer_cert_file; int resumption_delay = 0; bool retain_only_sha256_client_cert = false; bool expect_sha256_client_cert = false; bool read_with_unfinished_write = false; bool expect_secure_renegotiation = false; bool expect_no_secure_renegotiation = false; int max_send_fragment = 0; int read_size = 0; bool expect_session_id = false; bool expect_no_session_id = false; int expect_ticket_age_skew = 0; bool no_op_extra_handshake = false; bool handshake_twice = false; bool allow_unknown_alpn_protos = false; bool use_custom_verify_callback = false; std::string expect_msg_callback; bool allow_false_start_without_alpn = false; bool handoff = false; bool handshake_hints = false; bool allow_hint_mismatch = false; bool use_ocsp_callback = false; bool set_ocsp_in_callback = false; bool decline_ocsp_callback = false; bool fail_ocsp_callback = false; bool install_cert_compression_algs = false; int install_one_cert_compression_alg = 0; bool reverify_on_resume = false; bool ignore_rsa_key_usage = false; bool expect_key_usage_invalid = false; bool is_handshaker_supported = false; bool handshaker_resume = false; std::string handshaker_path; bool jdk11_workaround = false; bool server_preference = false; bool export_traffic_secrets = false; bool key_update = false; bool key_update_before_read = false; std::string expect_early_data_reason; bool expect_hrr = false; bool expect_no_hrr = false; bool wait_for_debugger = false; std::string quic_early_data_context; int early_write_after_message = 0; bool fips_202205 = false; bool wpa_202304 = false; bool cnsa_202407 = false; bool no_check_client_certificate_type = false; bool no_check_ecdsa_curve = false; std::optional expect_selected_credential; std::vector credentials; int private_key_delay_ms = 0; std::vector handshaker_args; bssl::UniquePtr SetupCtx(SSL_CTX *old_ctx) const; bssl::UniquePtr NewSSL(SSL_CTX *ssl_ctx, SSL_SESSION *session, std::unique_ptr test_state) const; }; bool ParseConfig(int argc, char **argv, bool is_shim, TestConfig *out_initial, TestConfig *out_resume, TestConfig *out_retry); bool SetTestConfig(SSL *ssl, const TestConfig *config); const TestConfig *GetTestConfig(const SSL *ssl); bool LoadCertificate(bssl::UniquePtr *out_x509, bssl::UniquePtr *out_chain, const std::string &file); bssl::UniquePtr LoadPrivateKey(const std::string &file); #endif // HEADER_TEST_CONFIG