1 // Copyright 2014 The BoringSSL Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef HEADER_TEST_CONFIG 16 #define HEADER_TEST_CONFIG 17 18 #include <optional> 19 #include <string> 20 #include <utility> 21 #include <vector> 22 23 #include <openssl/base.h> 24 #include <openssl/x509.h> 25 26 #include "test_state.h" 27 28 enum class CredentialConfigType { 29 kX509, 30 kDelegated, 31 kSPAKE2PlusV1, 32 }; 33 34 struct CredentialConfig { 35 CredentialConfigType type; 36 std::string cert_file; 37 std::string key_file; 38 std::vector<uint16_t> signing_prefs; 39 std::vector<uint8_t> delegated_credential; 40 std::vector<uint8_t> ocsp_response; 41 std::vector<uint8_t> signed_cert_timestamps; 42 bool must_match_issuer = false; 43 std::vector<uint8_t> pake_context; 44 std::vector<uint8_t> pake_client_id; 45 std::vector<uint8_t> pake_server_id; 46 std::vector<uint8_t> pake_password; 47 std::vector<uint8_t> trust_anchor_id; 48 bool wrong_pake_role = false; 49 }; 50 51 struct TestConfig { 52 int port = 0; 53 bool ipv6 = false; 54 uint64_t shim_id = 0; 55 bool is_server = false; 56 bool is_dtls = false; 57 bool is_quic = false; 58 int resume_count = 0; 59 std::string write_settings; 60 #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) 61 bool fuzzer_mode = false; 62 #endif 63 bool fallback_scsv = false; 64 std::vector<uint16_t> signing_prefs; 65 std::vector<uint16_t> verify_prefs; 66 std::vector<uint16_t> expect_peer_verify_prefs; 67 std::vector<uint16_t> curves; 68 std::string key_file; 69 std::string cert_file; 70 std::string trust_cert; 71 std::string expect_server_name; 72 bool enable_ech_grease = false; 73 std::vector<std::vector<uint8_t>> ech_server_configs; 74 std::vector<std::vector<uint8_t>> ech_server_keys; 75 std::vector<int> ech_is_retry_config; 76 bool expect_ech_accept = false; 77 std::string expect_ech_name_override; 78 bool expect_no_ech_name_override = false; 79 std::vector<uint8_t> expect_ech_retry_configs; 80 bool expect_no_ech_retry_configs = false; 81 std::vector<uint8_t> ech_config_list; 82 std::vector<uint8_t> expect_certificate_types; 83 bool require_any_client_certificate = false; 84 std::string advertise_npn; 85 bool advertise_empty_npn = false; 86 std::string expect_next_proto; 87 bool expect_no_next_proto = false; 88 bool false_start = false; 89 std::string select_next_proto; 90 bool select_empty_next_proto = false; 91 bool async = false; 92 bool write_different_record_sizes = false; 93 bool cbc_record_splitting = false; 94 bool partial_write = false; 95 bool no_tls13 = false; 96 bool no_tls12 = false; 97 bool no_tls11 = false; 98 bool no_tls1 = false; 99 bool no_ticket = false; 100 std::vector<uint8_t> expect_channel_id; 101 bool enable_channel_id = false; 102 std::string send_channel_id; 103 bool shim_writes_first = false; 104 std::string host_name; 105 std::string advertise_alpn; 106 std::string expect_alpn; 107 std::string expect_advertised_alpn; 108 std::string select_alpn; 109 bool decline_alpn = false; 110 bool reject_alpn = false; 111 bool select_empty_alpn = false; 112 bool defer_alps = false; 113 std::vector<std::pair<std::string, std::string>> application_settings; 114 std::optional<std::string> expect_peer_application_settings; 115 int alps_use_new_codepoint = 1; 116 std::vector<uint8_t> quic_transport_params; 117 std::vector<uint8_t> expect_quic_transport_params; 118 // Set quic_use_legacy_codepoint to 0 or 1 to configure, -1 uses default. 119 int quic_use_legacy_codepoint = -1; 120 bool expect_session_miss = false; 121 bool expect_extended_master_secret = false; 122 std::string psk; 123 std::string psk_identity; 124 std::string srtp_profiles; 125 bool enable_ocsp_stapling = false; 126 std::vector<uint8_t> expect_ocsp_response; 127 bool enable_signed_cert_timestamps = false; 128 std::vector<uint8_t> expect_signed_cert_timestamps; 129 uint16_t min_version = 0; 130 uint16_t max_version = 0; 131 uint16_t expect_version = 0; 132 int mtu = 0; 133 bool implicit_handshake = false; 134 bool use_early_callback = false; 135 bool fail_early_callback = false; 136 bool fail_early_callback_ech_rewind = false; 137 bool install_ddos_callback = false; 138 bool fail_ddos_callback = false; 139 bool fail_cert_callback = false; 140 std::string cipher; 141 bool handshake_never_done = false; 142 int export_keying_material = 0; 143 std::string export_label; 144 std::string export_context; 145 bool use_export_context = false; 146 bool tls_unique = false; 147 bool expect_ticket_renewal = false; 148 bool expect_no_session = false; 149 bool expect_ticket_supports_early_data = false; 150 bool expect_accept_early_data = false; 151 bool expect_reject_early_data = false; 152 bool expect_no_offer_early_data = false; 153 bool expect_no_server_name = false; 154 bool use_ticket_callback = false; 155 bool use_ticket_aead_callback = false; 156 bool renew_ticket = false; 157 bool skip_ticket = false; 158 bool enable_early_data = false; 159 std::vector<uint8_t> ocsp_response; 160 bool check_close_notify = false; 161 bool shim_shuts_down = false; 162 bool verify_fail = false; 163 bool verify_peer = false; 164 bool expect_verify_result = false; 165 std::vector<uint8_t> signed_cert_timestamps; 166 int expect_total_renegotiations = 0; 167 bool renegotiate_once = false; 168 bool renegotiate_freely = false; 169 bool renegotiate_ignore = false; 170 bool renegotiate_explicit = false; 171 bool forbid_renegotiation_after_handshake = false; 172 uint16_t expect_peer_signature_algorithm = 0; 173 uint16_t expect_curve_id = 0; 174 bool use_old_client_cert_callback = false; 175 int initial_timeout_duration_ms = 0; 176 std::string use_client_ca_list; 177 std::string expect_client_ca_list; 178 bool send_alert = false; 179 bool peek_then_read = false; 180 bool enable_grease = false; 181 bool permute_extensions = false; 182 int max_cert_list = 0; 183 std::vector<uint8_t> ticket_key; 184 bool use_exporter_between_reads = false; 185 uint16_t expect_cipher_aes = 0; 186 uint16_t expect_cipher_no_aes = 0; 187 uint16_t expect_cipher = 0; 188 std::string expect_peer_cert_file; 189 int resumption_delay = 0; 190 bool retain_only_sha256_client_cert = false; 191 bool expect_sha256_client_cert = false; 192 bool read_with_unfinished_write = false; 193 bool expect_secure_renegotiation = false; 194 bool expect_no_secure_renegotiation = false; 195 int max_send_fragment = 0; 196 int read_size = 0; 197 bool expect_session_id = false; 198 bool expect_no_session_id = false; 199 int expect_ticket_age_skew = 0; 200 bool no_op_extra_handshake = false; 201 bool handshake_twice = false; 202 bool allow_unknown_alpn_protos = false; 203 bool use_custom_verify_callback = false; 204 std::string expect_msg_callback; 205 bool allow_false_start_without_alpn = false; 206 bool handoff = false; 207 bool handshake_hints = false; 208 bool allow_hint_mismatch = false; 209 bool use_ocsp_callback = false; 210 bool set_ocsp_in_callback = false; 211 bool decline_ocsp_callback = false; 212 bool fail_ocsp_callback = false; 213 bool install_cert_compression_algs = false; 214 int install_one_cert_compression_alg = 0; 215 bool reverify_on_resume = false; 216 bool ignore_rsa_key_usage = false; 217 bool expect_key_usage_invalid = false; 218 bool is_handshaker_supported = false; 219 bool handshaker_resume = false; 220 std::string handshaker_path; 221 bool jdk11_workaround = false; 222 bool server_preference = false; 223 bool export_traffic_secrets = false; 224 bool key_update = false; 225 bool key_update_before_read = false; 226 std::string expect_early_data_reason; 227 bool expect_hrr = false; 228 bool expect_no_hrr = false; 229 bool wait_for_debugger = false; 230 std::string quic_early_data_context; 231 int early_write_after_message = 0; 232 bool fips_202205 = false; 233 bool wpa_202304 = false; 234 bool cnsa_202407 = false; 235 std::optional<bool> expect_peer_match_trust_anchor; 236 std::optional<std::vector<uint8_t>> expect_peer_available_trust_anchors; 237 std::optional<std::vector<uint8_t>> requested_trust_anchors; 238 std::optional<int> expect_selected_credential; 239 std::vector<CredentialConfig> credentials; 240 int private_key_delay_ms = 0; 241 bool resumption_across_names_enabled = false; 242 std::optional<bool> expect_resumable_across_names; 243 bool no_server_name_ack = false; 244 245 std::vector<const char *> handshaker_args; 246 247 bssl::UniquePtr<SSL_CTX> SetupCtx(SSL_CTX *old_ctx) const; 248 249 bssl::UniquePtr<SSL> NewSSL(SSL_CTX *ssl_ctx, SSL_SESSION *session, 250 std::unique_ptr<TestState> test_state) const; 251 }; 252 253 bool ParseConfig(int argc, char **argv, bool is_shim, TestConfig *out_initial, 254 TestConfig *out_resume, TestConfig *out_retry); 255 256 bool SetTestConfig(SSL *ssl, const TestConfig *config); 257 258 const TestConfig *GetTestConfig(const SSL *ssl); 259 260 bool LoadCertificate(bssl::UniquePtr<X509> *out_x509, 261 bssl::UniquePtr<STACK_OF(X509)> *out_chain, 262 const std::string &file); 263 264 bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file); 265 266 #endif // HEADER_TEST_CONFIG 267