1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef tls_agent_h_
#define tls_agent_h_
#include "prio.h"
#include "ssl.h"
#include <iostream>
#include "test_io.h"
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
namespace nss_test {
#define LOG(msg) std::cerr << name_ << ": " << msg << std::endl
enum SessionResumptionMode {
RESUME_NONE = 0,
RESUME_SESSIONID = 1,
RESUME_TICKET = 2,
RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
};
class TlsAgent : public PollTarget {
public:
enum Role { CLIENT, SERVER };
enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR };
TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea);
virtual ~TlsAgent();
bool Init() {
pr_fd_ = DummyPrSocket::CreateFD(name_, mode_);
if (!pr_fd_) return false;
adapter_ = DummyPrSocket::GetAdapter(pr_fd_);
if (!adapter_) return false;
return true;
}
void SetPeer(TlsAgent* peer) { adapter_->SetPeer(peer->adapter_); }
void SetPacketFilter(PacketFilter* filter) {
adapter_->SetPacketFilter(filter);
}
void StartConnect();
void CheckKEAType(SSLKEAType type) const;
void CheckAuthType(SSLAuthType type) const;
void Handshake();
// Marks the internal state as CONNECTING in anticipation of renegotiation.
void PrepareForRenegotiate();
// Prepares for renegotiation, then actually triggers it.
void StartRenegotiate();
void EnableSomeEcdheCiphers();
void DisableDheCiphers();
bool EnsureTlsSetup();
void ConfigureSessionCache(SessionResumptionMode mode);
void SetSessionTicketsEnabled(bool en);
void SetSessionCacheEnabled(bool en);
void SetVersionRange(uint16_t minver, uint16_t maxver);
void CheckPreliminaryInfo();
void SetExpectedVersion(uint16_t version);
void SetExpectedReadError(bool err);
void EnableFalseStart();
void ExpectResumption();
void EnableAlpn(const uint8_t* val, size_t len);
void CheckAlpn(SSLNextProtoState expected_state,
const std::string& expected) const;
void EnableSrtp();
void CheckSrtp() const;
void CheckErrorCode(int32_t expected) const;
void SendData(size_t bytes, size_t blocksize = 1024);
void ReadBytes();
void ResetSentBytes(); // Hack to test drops.
State state() const { return state_; }
const char* state_str() const { return state_str(state()); }
const char* state_str(State state) const { return states[state]; }
PRFileDesc* ssl_fd() { return ssl_fd_; }
uint16_t min_version() const { return vrange_.min; }
uint16_t max_version() const { return vrange_.max; }
uint16_t version() const {
EXPECT_EQ(STATE_CONNECTED, state_);
return info_.protocolVersion;
}
bool cipher_suite(int16_t* cipher_suite) const {
if (state_ != STATE_CONNECTED) return false;
*cipher_suite = info_.cipherSuite;
return true;
}
std::string cipher_suite_name() const {
if (state_ != STATE_CONNECTED) return "UNKNOWN";
return csinfo_.cipherSuiteName;
}
std::vector<uint8_t> session_id() const {
return std::vector<uint8_t>(info_.sessionID,
info_.sessionID + info_.sessionIDLength);
}
size_t received_bytes() const { return recv_ctr_; }
int32_t error_code() const { return error_code_; }
private:
const static char* states[];
void SetState(State state) {
if (state_ == state) return;
LOG("Changing state from " << state_str(state_) << " to "
<< state_str(state));
state_ = state;
}
// Dummy auth certificate hook.
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
PRBool checksig, PRBool isServer) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->auth_certificate_hook_called_ = true;
return SECSuccess;
}
static void ReadableCallback(PollTarget* self, Event event) {
TlsAgent* agent = static_cast<TlsAgent*>(self);
agent->ReadableCallback_int();
}
void ReadableCallback_int() {
LOG("Readable");
switch (state_) {
case STATE_CONNECTING:
Handshake();
break;
case STATE_CONNECTED:
ReadBytes();
break;
default:
break;
}
}
static PRInt32 SniHook(PRFileDesc *fd, const SECItem *srvNameArr,
PRUint32 srvNameArrSize,
void *arg) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->sni_hook_called_ = true;
return SSL_SNI_CURRENT_CONFIG_IS_USED;
}
static SECStatus CanFalseStartCallback(PRFileDesc *fd, void *arg,
PRBool *canFalseStart) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
EXPECT_TRUE(agent->falsestart_enabled_);
agent->can_falsestart_hook_called_ = true;
*canFalseStart = true;
return SECSuccess;
}
static void HandshakeCallback(PRFileDesc *fd, void *arg) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->handshake_callback_called_ = true;
}
void CheckCallbacks() const;
void Connected();
const std::string name_;
Mode mode_;
SSLKEAType kea_;
PRFileDesc* pr_fd_;
DummyPrSocket* adapter_;
PRFileDesc* ssl_fd_;
Role role_;
State state_;
bool falsestart_enabled_;
uint16_t expected_version_;
uint16_t expected_cipher_suite_;
bool expect_resumption_;
bool can_falsestart_hook_called_;
bool sni_hook_called_;
bool auth_certificate_hook_called_;
bool handshake_callback_called_;
SSLChannelInfo info_;
SSLCipherSuiteInfo csinfo_;
SSLVersionRange vrange_;
int32_t error_code_;
size_t send_ctr_;
size_t recv_ctr_;
bool expected_read_error_;
};
} // namespace nss_test
#endif
|
