159 lines
5.4 KiB
C++
159 lines
5.4 KiB
C++
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0 OR ISC
|
|
|
|
//
|
|
// Created by Smith, Justin on 6/13/25.
|
|
//
|
|
|
|
#ifndef SSL_TEST_H
|
|
#define SSL_TEST_H
|
|
#include "internal.h"
|
|
#include "openssl/base.h"
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
BSSL_NAMESPACE_BEGIN
|
|
|
|
#define TRACED_CALL(code) \
|
|
do { \
|
|
SCOPED_TRACE("<- called from here"); \
|
|
code; \
|
|
if (::testing::Test::HasFatalFailure()) { \
|
|
return; \
|
|
} \
|
|
} while (false)
|
|
|
|
extern UniquePtr<SSL_SESSION> g_last_session;
|
|
|
|
bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out);
|
|
|
|
struct VersionParam {
|
|
uint16_t version;
|
|
enum { is_tls, is_dtls } ssl_method;
|
|
// This field is used to generate custom test name suffixes
|
|
// based on the test parameters.
|
|
const char name[20];
|
|
// SSL transfer: the sever SSL is encoded into bytes, and then decoded to
|
|
// another SSL. After transfer, the encoded SSL is freed. The decoded one is
|
|
// used to exchange data. This flag is to replay existing tests with the
|
|
// transferred SSL. If false, the tests use the original server SSL. If true,
|
|
// the tests are replayed with the transferred server SSL. Note: SSL transfer
|
|
// works only with either TLS 1.2 or TLS 1.3 after handshake finished and all
|
|
// post-handshake messages have been flushed.
|
|
bool transfer_ssl;
|
|
};
|
|
|
|
struct SSLTestParam {
|
|
// SSL transfer: the sever SSL is encoded into bytes, and then decoded to
|
|
// another SSL. After transfer, the encoded SSL is freed. The decoded one is
|
|
// used to exchange data. This flag is to replay existing tests with the
|
|
// transferred SSL. If false, the tests use the original server SSL. If true,
|
|
// the tests are replayed with the transferred server SSL. Note: SSL transfer
|
|
// works only with either TLS 1.2 or TLS 1.3 after handshake finished and all
|
|
// post-handshake messages have been flushed.
|
|
bool transfer_ssl;
|
|
};
|
|
|
|
// If true, after handshake finished, the test uses the transferred SSL.
|
|
static const bool TRANSFER_SSL = true;
|
|
|
|
static const SSLTestParam kSSLTestParams[] = {
|
|
{!TRANSFER_SSL},
|
|
{TRANSFER_SSL},
|
|
};
|
|
|
|
static const VersionParam kAllVersions[] = {
|
|
{TLS1_VERSION, VersionParam::is_tls, "TLS1", !TRANSFER_SSL},
|
|
{TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1", !TRANSFER_SSL},
|
|
{TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2", !TRANSFER_SSL},
|
|
{TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3", !TRANSFER_SSL},
|
|
{DTLS1_VERSION, VersionParam::is_dtls, "DTLS1", !TRANSFER_SSL},
|
|
{DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2", !TRANSFER_SSL},
|
|
{TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2_SSL_TRANSFER", TRANSFER_SSL},
|
|
{TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3_SSL_TRANSFER", TRANSFER_SSL},
|
|
};
|
|
|
|
uint16_t EpochFromSequence(uint64_t seq);
|
|
|
|
|
|
struct ClientConfig {
|
|
SSL_SESSION *session = nullptr;
|
|
std::string servername;
|
|
std::string verify_hostname;
|
|
unsigned hostflags = 0;
|
|
bool early_data = false;
|
|
};
|
|
|
|
void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
|
|
SSL_SESSION *session, bool want_reused);
|
|
|
|
UniquePtr<SSL_SESSION> CreateClientSession(
|
|
SSL_CTX *client_ctx, SSL_CTX *server_ctx,
|
|
const ClientConfig &config = ClientConfig());
|
|
|
|
void TransferSSL(bssl::UniquePtr<SSL> *in, SSL_CTX *in_ctx,
|
|
bssl::UniquePtr<SSL> *out, bool free_in=true);
|
|
|
|
bool ConnectClientAndServer(UniquePtr<SSL> *out_client,
|
|
UniquePtr<SSL> *out_server, SSL_CTX *client_ctx,
|
|
SSL_CTX *server_ctx,
|
|
const ClientConfig &config = ClientConfig(),
|
|
bool shed_handshake_config = true);
|
|
|
|
bool FlushNewSessionTickets(SSL *client, SSL *server);
|
|
|
|
UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer();
|
|
UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer();
|
|
UniquePtr<X509> GetECDSATestCertificate();
|
|
UniquePtr<EVP_PKEY> GetECDSATestKey();
|
|
UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer();
|
|
UniquePtr<X509> GetChainTestCertificate();
|
|
UniquePtr<EVP_PKEY> GetChainTestKey();
|
|
UniquePtr<X509> GetChainTestIntermediate();
|
|
|
|
UniquePtr<X509> GetLeafSecret();
|
|
UniquePtr<X509> GetLeafPublic();
|
|
UniquePtr<EVP_PKEY> GetLeafKey();
|
|
UniquePtr<X509> GetLeafRoot();
|
|
|
|
UniquePtr<X509> GetED25519TestCertificate();
|
|
UniquePtr<EVP_PKEY> GetED25519TestKey();
|
|
|
|
bool ExpectSingleError(int lib, int reason);
|
|
|
|
UniquePtr<X509> X509FromBuffer(UniquePtr<CRYPTO_BUFFER> buffer);
|
|
|
|
const char *GetVersionName(uint16_t version);
|
|
|
|
void FrozenTimeCallback(const SSL *ssl, timeval *out_clock);
|
|
|
|
bool ChainsEqual(STACK_OF(X509) *chain, const std::vector<X509 *> &expected);
|
|
|
|
int SaveLastSession(SSL *ssl, SSL_SESSION *session);
|
|
|
|
class SSLTest : public testing::TestWithParam<SSLTestParam> {};
|
|
|
|
UniquePtr<SSL_CTX> CreateContextWithTestCertificate(const SSL_METHOD *method);
|
|
|
|
void SetUpExpectedNewCodePoint(SSL_CTX *ctx);
|
|
|
|
UniquePtr<X509> GetTestCertificate();
|
|
|
|
UniquePtr<EVP_PKEY> GetTestKey();
|
|
|
|
UniquePtr<EVP_PKEY> KeyFromPEM(const char *pem);
|
|
|
|
bool CreateClientAndServer(bssl::UniquePtr<SSL> *out_client,
|
|
bssl::UniquePtr<SSL> *out_server,
|
|
SSL_CTX *client_ctx, SSL_CTX *server_ctx);
|
|
|
|
bool CompleteHandshakes(SSL *client, SSL *server);
|
|
|
|
void SetUpExpectedOldCodePoint(SSL_CTX *ctx);
|
|
|
|
UniquePtr<EVP_PKEY> KeyFromPEM(const char *pem);
|
|
|
|
BSSL_NAMESPACE_END
|
|
|
|
#endif // SSL_TEST_H
|