Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
999 Commits
61 Branches
23 Tags
511 MiB
Tag: Branch: Tree: 14aa0de18f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '14aa0de18f'
${ noResults }
boringssl/ssl/test/test_config.h

221 lines
7.5 KiB
Raw Normal View History Unescape

acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef HEADER_TEST_CONFIG
#define HEADER_TEST_CONFIG
#include <string>
Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
5 years ago
#include <utility>
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
#include <vector>
#include <openssl/base.h>
#include <openssl/x509.h>
#include "test_state.h"
struct TestConfig {
int port = 0;
bool is_server = false;
bool is_dtls = false;
bool is_quic = false;
int resume_count = 0;
std::string write_settings;
bool fallback_scsv = false;
Use uint16_t in TestConfig and enable -Wformat-signedness. This silences a pile of -Wformat-signedness warnings. We still need casts in a few places where the API gives int but really wanted uint16_t. There I cast to unsigned instead of uint16_t for the sake of not losing information. With that, we should be -Wformat-signedness-clean on GCC, so enable the warning. Bug: 450 Change-Id: I3ab10348bb47d398b8b9b39acf360284a8ab04d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50771 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
3 years ago
std::vector<uint16_t> signing_prefs;
std::vector<uint16_t> verify_prefs;
std::vector<uint16_t> expect_peer_verify_prefs;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
std::vector<int> curves;
std::string key_file;
std::string cert_file;
std::string expect_server_name;
Implement GREASE for ECH (draft-ietf-tls-esni-08). Bug: 275 Change-Id: I4927c0886e3acf5b39104e3d89ed51d67520a343 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40204 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
5 years ago
bool enable_ech_grease = false;
Add ECH server (draft-ietf-tls-esni-09). This CL adds an initial implementation of the ECH server, with pieces of the client in BoGo as necessary for testing. In particular, the server supports ClientHelloInner compression with ech_outer_extensions. When ECH decryption fails, it can send retry_configs back to the client. This server passes the "ech-accept" and "ech-reject" test cases in tls-interop-runner[0] when tested against both the cloudflare-go and nss clients. For reproducibility, I started with the main branch at commit 707604c262d8bcf3e944ed1d5a675077304732ce and updated the endpoint's script to pass the server's ECHConfig and private key to the boringssl tool. Follow-up CLs will update HPKE to the latest draft and catch us up to draft-10. [0]: https://github.com/xvzcf/tls-interop-runner Bug: 275 Change-Id: I49be35af46d1fd5dd9c62252f07d0bae179381ab Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45285 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
4 years ago
std::vector<std::string> ech_server_configs;
std::vector<std::string> ech_server_keys;
std::vector<int> ech_is_retry_config;
Add SSL_ech_accepted API and ech_is_required alerts. The first thing any deployment will want to monitor is whether ECH was actually used. Also it's useful if the command-line tool can output this. (The alert is how the client signals it discarded the connection due to ECH reject.) This also disables ECH with the handoff mechanism for now. (The immediate cause being that ech_accept isn't serialized.) We'll probably need to make some decisions around the ordering here, since ECH affects where the true ClientHello is available. Bug: 275 Change-Id: Ie4559733290e653a514fcd94431090bf86bc3172 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47911 Reviewed-by: Adam Langley <agl@google.com>
4 years ago
bool expect_ech_accept = false;
Implement ClientHelloOuter handshakes. If a client offers ECH, but the server rejects it, the client completes the handshake with ClientHelloOuter in order to authenticate retry keys. Implement this flow. This is largely allowing the existing handshake to proceed, but with some changes: - Certificate verification uses the other name. This CL routes this up to the built-in verifier and adds SSL_get0_ech_name_override for the callback. - We need to disable False Start to pick up server Finished in TLS 1.2. - Client certificates, notably in TLS 1.3 where they're encrypted, should only be revealed to the true server. Fortunately, not sending client certs is always an option, so do that. Channel ID has a similar issue. I've just omitted the extension in ClientHelloOuter because it's deprecated and is unlikely to be used with ECH at this point. ALPS may be worth some pondering but, the way it's currently used, is not sensitive. (Possibly we should change the draft to terminate the handshake before even sending that flight...) - The session is never offered in ClientHelloOuter, but our internal book-keeping doesn't quite notice. I had to replace ech_accept with a tri-state ech_status to correctly handle an edge case in SSL_get0_ech_name_override: when ECH + 0-RTT + reverify_on_resume are all enabled, the first certificate verification is for the 0-RTT session and should be against the true name, yet we have selected_ech_config && !ech_accept. A tri-state tracks when ECH is actually rejected. I've maintained this on the server as well, though the server never actually cares. Bug: 275 Change-Id: Ie55966ca3dc4ffcc8c381479f0fe9bcacd34d0f8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48135 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
std::string expect_ech_name_override;
bool expect_no_ech_name_override = false;
std::string expect_ech_retry_configs;
bool expect_no_ech_retry_configs = false;
Add most of an ECH client implementation. Based on an initial implementation by Dan McArdle at https://boringssl-review.googlesource.com/c/boringssl/+/46784 This CL contains most of a client implementation for draft-ietf-tls-esni-10. The pieces missing so far, which will be done in follow-up CLs are: 1. While the ClientHelloInner is padded, the server Certificate message is not. I'll add that once we resolve the spec discussions on how to do that. (We were originally going to use TLS record-level padding, but that doesn't work well with QUIC.) 2. The client should check the public name is a valid DNS name before copying it into ClientHelloOuter.server_name. 3. The ClientHelloOuter handshake flow is not yet implemented. This CL can detect when the server selects ClientHelloOuter, but for now the handshake immediately fails. A follow-up CL will remove that logic and instead add the APIs and extra checks needed. Otherwise, this should be complete, including padding and compression. The main interesting point design-wise is that we run through ClientHello construction multiple times. We need to construct ClientHelloInner and ClientHelloOuter. Then each of those has slight variants: EncodedClientHelloInner is the compressed form, and ClientHelloOuterAAD just has the ECH extension erased to avoid a circular dependency. I've computed ClientHelloInner and EncodedClientHelloInner concurrently because the compression scheme requires shifting the extensions around to be contiguous. However, I've computed ClientHelloOuterAAD and ClientHelloOuter by running through the logic twice. This probably can be done better, but the next draft revises the construction anyway, so I'm thinking I'll rework it then. (In the next draft, we use a placeholder payload of the same length, so we can construct the ClientHello once and fill in the payload.) Additionally, now that we have a client available in ssl_test, this adds a threading test to confirm that SSL_CTX_set1_ech_keys is properly synchronized. (Confirmed that, if I drop the lock in SSL_CTX_set1_ech_keys, TSan notices.) Change-Id: Icaff68b595035bdcc73c468ff638e67c84239ef4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48004 Reviewed-by: Adam Langley <agl@google.com>
4 years ago
std::string ech_config_list;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
std::string expect_certificate_types;
bool require_any_client_certificate = false;
std::string advertise_npn;
std::string expect_next_proto;
bool false_start = false;
std::string select_next_proto;
bool async = false;
bool write_different_record_sizes = false;
bool cbc_record_splitting = false;
bool partial_write = false;
bool no_tls13 = false;
bool no_tls12 = false;
bool no_tls11 = false;
bool no_tls1 = false;
bool no_ticket = false;
std::string expect_channel_id;
bool enable_channel_id = false;
std::string send_channel_id;
bool shim_writes_first = false;
std::string host_name;
std::string advertise_alpn;
std::string expect_alpn;
std::string expect_late_alpn;
std::string expect_advertised_alpn;
std::string select_alpn;
bool decline_alpn = false;
Honor SSL_TLSEXT_ERR_ALERT_FATAL in the ALPN callback. This aligns with OpenSSL's behavior. RFC7301 says servers should return no_application_protocol if the client supported ALPN but no common protocol was found. We currently interpret all values as SSL_TLSEXT_ERR_NOACK. Instead, implement both modes and give guidance on whne to use each. (NOACK is still useful because the callback may be shared across multiple configurations, some of which don't support ALPN at all. Those would want to return NOACK to ignore the list.) To match upstream, I've also switched SSL_R_MISSING_ALPN, added for QUIC, to SSL_R_NO_APPLICATION_PROTOCOL. Update-Note: Callers that return SSL_TLSEXT_ERR_ALERT_FATAL from the ALPN callback will change behavior. The old behavior may be restored by returning SSL_TLSEXT_ERR_NOACK, though see the documentation for new recommendations on return values. Change-Id: Ib7917b5f8a098571bed764c79aa7a4ce0f728297 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
4 years ago
bool reject_alpn = false;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool select_empty_alpn = false;
Test that ALPS can be deferred to the ALPN callback. This wasn't the cause of the bug, but I noticed we never tested it, so fill that in. Change-Id: Ib38bc08309e69f43c1995ba2a387643c0a7bae99 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44984 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
bool defer_alps = false;
Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
5 years ago
std::vector<std::pair<std::string, std::string>> application_settings;
std::unique_ptr<std::string> expect_peer_application_settings;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
std::string quic_transport_params;
std::string expect_quic_transport_params;
Add support for the new QUIC TLS extension codepoint IETF QUIC draft 33 is replacing the TLS extension codepoint for QUIC transport parameters from 0xffa5 to 57. To support multiple versions of Chrome, we need to support both codepoints in BoringSSL. This CL adds support for the new codepoint in a way that can be enabled on individual connections. Note that when BoringSSL is not in QUIC mode, it will error if it sees the new codepoint as a server but it will ignore the legacy codepoint as that could be a different private usage of that codepoint. Change-Id: I314f8f0b169cedd96eeccc42b44153e97044388c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44704 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>
4 years ago
// Set quic_use_legacy_codepoint to 0 or 1 to configure, -1 uses default.
int quic_use_legacy_codepoint = -1;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool expect_session_miss = false;
bool expect_extended_master_secret = false;
std::string psk;
std::string psk_identity;
std::string srtp_profiles;
bool enable_ocsp_stapling = false;
std::string expect_ocsp_response;
bool enable_signed_cert_timestamps = false;
std::string expect_signed_cert_timestamps;
Use uint16_t in TestConfig and enable -Wformat-signedness. This silences a pile of -Wformat-signedness warnings. We still need casts in a few places where the API gives int but really wanted uint16_t. There I cast to unsigned instead of uint16_t for the sake of not losing information. With that, we should be -Wformat-signedness-clean on GCC, so enable the warning. Bug: 450 Change-Id: I3ab10348bb47d398b8b9b39acf360284a8ab04d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50771 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
3 years ago
uint16_t min_version = 0;
uint16_t max_version = 0;
uint16_t expect_version = 0;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
int mtu = 0;
bool implicit_handshake = false;
bool use_early_callback = false;
bool fail_early_callback = false;
bool install_ddos_callback = false;
bool fail_ddos_callback = false;
bool fail_cert_callback = false;
std::string cipher;
bool handshake_never_done = false;
int export_keying_material = 0;
std::string export_label;
std::string export_context;
bool use_export_context = false;
bool tls_unique = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
bool expect_ticket_supports_early_data = false;
bool expect_accept_early_data = false;
bool expect_reject_early_data = false;
bool expect_no_offer_early_data = false;
bool use_ticket_callback = false;
bool renew_ticket = false;
bool enable_early_data = false;
std::string ocsp_response;
bool check_close_notify = false;
bool shim_shuts_down = false;
bool verify_fail = false;
bool verify_peer = false;
bool verify_peer_if_no_obc = false;
bool expect_verify_result = false;
std::string signed_cert_timestamps;
int expect_total_renegotiations = 0;
bool renegotiate_once = false;
bool renegotiate_freely = false;
bool renegotiate_ignore = false;
bool renegotiate_explicit = false;
bool forbid_renegotiation_after_handshake = false;
Use uint16_t in TestConfig and enable -Wformat-signedness. This silences a pile of -Wformat-signedness warnings. We still need casts in a few places where the API gives int but really wanted uint16_t. There I cast to unsigned instead of uint16_t for the sake of not losing information. With that, we should be -Wformat-signedness-clean on GCC, so enable the warning. Bug: 450 Change-Id: I3ab10348bb47d398b8b9b39acf360284a8ab04d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50771 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
3 years ago
uint16_t expect_peer_signature_algorithm = 0;
uint16_t expect_curve_id = 0;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool use_old_client_cert_callback = false;
int initial_timeout_duration_ms = 0;
std::string use_client_ca_list;
std::string expect_client_ca_list;
bool send_alert = false;
bool peek_then_read = false;
bool enable_grease = false;
Add an option to permute ClientHello extension order. Although not permitted by the TLS specification, systems sometimes ossify TLS extension order, or byte offsets of various fields. To keep the ecosystem healthy, add an API to reorder ClientHello extensions. Since ECH, HelloRetryRequest, and HelloVerifyRequest are sensitive to extension order, I've implemented this by per-connection permutation of the indices in the kExtensions structure. This ensures that all ClientHellos within a connection are consistently ordered. As follow-up work, permuting the other messages would also be nice, though any server messages would need to be incorporated in handshake hints. Change-Id: I18ce39b4df5ee376c654943f07ec26a50e0923a9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48045 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
bool permute_extensions = false;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
int max_cert_list = 0;
std::string ticket_key;
bool use_exporter_between_reads = false;
Use uint16_t in TestConfig and enable -Wformat-signedness. This silences a pile of -Wformat-signedness warnings. We still need casts in a few places where the API gives int but really wanted uint16_t. There I cast to unsigned instead of uint16_t for the sake of not losing information. With that, we should be -Wformat-signedness-clean on GCC, so enable the warning. Bug: 450 Change-Id: I3ab10348bb47d398b8b9b39acf360284a8ab04d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50771 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
3 years ago
uint16_t expect_cipher_aes = 0;
uint16_t expect_cipher_no_aes = 0;
uint16_t expect_cipher = 0;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
std::string expect_peer_cert_file;
int resumption_delay = 0;
bool retain_only_sha256_client_cert = false;
bool expect_sha256_client_cert = false;
bool read_with_unfinished_write = false;
bool expect_secure_renegotiation = false;
bool expect_no_secure_renegotiation = false;
int max_send_fragment = 0;
int read_size = 0;
bool expect_session_id = false;
bool expect_no_session_id = false;
int expect_ticket_age_skew = 0;
bool no_op_extra_handshake = false;
bool handshake_twice = false;
bool allow_unknown_alpn_protos = false;
bool use_custom_verify_callback = false;
std::string expect_msg_callback;
bool allow_false_start_without_alpn = false;
bool handoff = false;
Add experimental handshake hints API. See go/handshake-hints (internal). CL originally by Bin Wu <wub@google.com>. I just reworked the tests and tidied it up a bit. This is the start of a replacement for the split handshakes API. For now, only TLS 1.3 is supported. It starts with an initial set of hints, but we can add more later. (In particular, we should probably apply the remote handshaker's extension order to avoid needing to capability protect such changes.) Change-Id: I7b6a6dfaa84c6c6e3436d2a4026c3652b8a79f0f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46535 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
bool handshake_hints = false;
bool allow_hint_mismatch = false;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool use_ocsp_callback = false;
bool set_ocsp_in_callback = false;
bool decline_ocsp_callback = false;
bool fail_ocsp_callback = false;
bool install_cert_compression_algs = false;
Implement a handshake hint for certificate compression. While decompression is deterministic, compression is not. New revisions of the compression algorithm may start using different (hopefully smaller!) compressions. So this doesn't cause hint mismatches, add a certificate compression hint. If the shim's Certificate message matches the handshaker, we'll reuse the already compressed message. This also adds what appears to be a missing test for when the server cannot find compression algorithms in common. Change-Id: Idbedaceb20208463d8f61581ee27971c17fcd126 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48005 Reviewed-by: Adam Langley <agl@google.com>
4 years ago
int install_one_cert_compression_alg = 0;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool reverify_on_resume = false;
Default SSL_set_enforce_rsa_key_usage to enabled. Update-Note: Clients will now require RSA server certificates used in TLS 1.2 and earlier to include the keyEncipherment or digitalSignature bit. keyEncipherment is required if using RSA key exchange. digitalSignature is required if using ECDHE_RSA key exchange. We already required this for each of ECDSA, TLS 1.3, and servers verifying client certificates, so this just fills in the remaining hole. Chrome has also enforced this for some time with publicly-trusted certificates. For now, the SSL_set_enforce_rsa_key_usage API still exists where we need to turn this off. Fixed: 519 Change-Id: Ia440b00b60a224fa608702439aa120d633d81ddc Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54606 Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
2 years ago
bool no_enforce_rsa_key_usage = false;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
bool is_handshaker_supported = false;
bool handshaker_resume = false;
std::string handshaker_path;
bool jdk11_workaround = false;
bool server_preference = false;
bool export_traffic_secrets = false;
bool key_update = false;
bool expect_delegated_credential_used = false;
std::string delegated_credential;
std::string expect_early_data_reason;
bool expect_hrr = false;
bool expect_no_hrr = false;
bool wait_for_debugger = false;
Make QUIC tests work with early data. This changes the format of the mock QUIC transport to include an explicit encryption level, matching real QUIC a bit better. In particular, we need that extra data to properly skip rejected early data on the shim side. (On the runner, we manage it by synchronizing with the TLS stack. Still, the levels make it a bit more accurate.) Testing sending and receiving of actual early data is not very relevant in QUIC since application I/O is external, but this allows us to more easily run the same tests in TLS and QUIC. Along the way, improve error-reporting in mock_quick_transport.cc so it's easier to diagnose record-level mismatches. Change-Id: I96175a4023134b03d61dac089f8e7ff4eb627933 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44988 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
std::string quic_early_data_context;
Check hs->early_session, not ssl->session, for the early data limit. ServerHello/EncryptedExtensions/Finished is logically one atomic flight that exits the early data state, we have process each message sequentially. Until we've processed Finished, we are still in the early data state and must support writing data. Individual messages *are* processed atomically, so the interesting points are before ServerHello (already tested), after ServerHello, and after EncryptedExtensions. The TLS 1.3 handshake internally clears ssl->session when processing ServerHello, so getting the early data information from ssl->session does not work. Instead, use hs->early_session, which is what other codepaths use. I've tested this with runner rather than ssl_test, so we can test both post-SH and post-EE states. ssl_test would be more self-contained, since we can directly control the API calls, but it cannot test the post-EE state. To reduce record overhead, our production implementation packs EE and Finished into the same record, which means the handshake will process the two atomically. Instead, I've tested this in runner, with a flag to partially drive the handshake before reading early data. I've also tweaked the logic to hopefully be a little clearer. Bug: chromium:1208784 Change-Id: Ia4901042419c5324054f97743bd1aac59ebf8f24 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47485 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
int early_write_after_message = 0;
Add SSL_[CTX_]_set_compliance_policy. These functions aid in meeting specific compliance goals and allows configuration of things like TLS 1.3 cipher suites, which are otherwise not configurable. Change-Id: I668afc734a19ecd4b996eaa23be73ce259b13fa2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52625 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
3 years ago
bool fips_202205 = false;
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
int argc;
char **argv;
bssl::UniquePtr<SSL_CTX> SetupCtx(SSL_CTX *old_ctx) const;
bssl::UniquePtr<SSL> NewSSL(SSL_CTX *ssl_ctx, SSL_SESSION *session,
std::unique_ptr<TestState> test_state) const;
};
Add experimental handshake hints API. See go/handshake-hints (internal). CL originally by Bin Wu <wub@google.com>. I just reworked the tests and tidied it up a bit. This is the start of a replacement for the split handshakes API. For now, only TLS 1.3 is supported. It starts with an initial set of hints, but we can add more later. (In particular, we should probably apply the remote handshaker's extension order to avoid needing to capability protect such changes.) Change-Id: I7b6a6dfaa84c6c6e3436d2a4026c3652b8a79f0f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46535 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
4 years ago
bool ParseConfig(int argc, char **argv, bool is_shim, TestConfig *out_initial,
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
5 years ago
TestConfig *out_resume, TestConfig *out_retry);
bool SetTestConfig(SSL *ssl, const TestConfig *config);
const TestConfig *GetTestConfig(const SSL *ssl);
bool LoadCertificate(bssl::UniquePtr<X509> *out_x509,
bssl::UniquePtr<STACK_OF(X509)> *out_chain,
const std::string &file);
bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file);
#endif // HEADER_TEST_CONFIG