1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef tls_agent_h_ 8 #define tls_agent_h_ 9 10 #include "prio.h" 11 #include "ssl.h" 12 #include "sslproto.h" 13 14 #include <functional> 15 #include <iostream> 16 17 #include "nss_policy.h" 18 #include "test_io.h" 19 20 #define GTEST_HAS_RTTI 0 21 #include "gtest/gtest.h" 22 #include "nss_scoped_ptrs.h" 23 #include "scoped_ptrs_ssl.h" 24 25 extern bool g_ssl_gtest_verbose; 26 27 namespace nss_test { 28 29 #define LOG(msg) std::cerr << role_str() << ": " << msg << std::endl 30 #define LOGV(msg) \ 31 do { \ 32 if (g_ssl_gtest_verbose) LOG(msg); \ 33 } while (false) 34 35 enum SessionResumptionMode { 36 RESUME_NONE = 0, 37 RESUME_SESSIONID = 1, 38 RESUME_TICKET = 2, 39 RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET 40 }; 41 42 class PacketFilter; 43 class TlsAgent; 44 class TlsCipherSpec; 45 struct TlsRecord; 46 47 const extern std::vector<SSLNamedGroup> kAllDHEGroups; 48 const extern std::vector<SSLNamedGroup> kECDHEGroups; 49 const extern std::vector<SSLNamedGroup> kFFDHEGroups; 50 const extern std::vector<SSLNamedGroup> kFasterDHEGroups; 51 52 // These functions are called from callbacks. They use bare pointers because 53 // TlsAgent sets up the callback and it doesn't know who owns it. 54 typedef std::function<SECStatus(TlsAgent* agent, bool checksig, bool isServer)> 55 AuthCertificateCallbackFunction; 56 57 typedef std::function<void(TlsAgent* agent)> HandshakeCallbackFunction; 58 59 typedef std::function<int32_t(TlsAgent* agent, const SECItem* srvNameArr, 60 PRUint32 srvNameArrSize)> 61 SniCallbackFunction; 62 63 class TlsAgent : public PollTarget { 64 public: 65 enum Role { CLIENT, SERVER }; 66 enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR }; 67 68 static const std::string kClient; // the client key is sign only 69 static const std::string kRsa2048; // bigger sign and encrypt for either 70 static const std::string kRsa8192; // biggest sign and encrypt for either 71 static const std::string kServerRsa; // both sign and encrypt 72 static const std::string kServerRsaSign; 73 static const std::string kServerRsaPss; 74 static const std::string kServerRsaDecrypt; 75 static const std::string kServerEcdsa256; 76 static const std::string kServerEcdsa384; 77 static const std::string kServerEcdsa521; 78 static const std::string kServerEcdhEcdsa; 79 static const std::string kServerEcdhRsa; 80 static const std::string kServerDsa; 81 static const std::string kDelegatorEcdsa256; // draft-ietf-tls-subcerts 82 static const std::string kDelegatorRsae2048; // draft-ietf-tls-subcerts 83 static const std::string kDelegatorRsaPss2048; // draft-ietf-tls-subcerts 84 85 TlsAgent(const std::string& name, Role role, SSLProtocolVariant variant); 86 virtual ~TlsAgent(); 87 SetPeer(std::shared_ptr<TlsAgent> & peer)88 void SetPeer(std::shared_ptr<TlsAgent>& peer) { 89 adapter_->SetPeer(peer->adapter_); 90 } 91 SetFilter(std::shared_ptr<PacketFilter> filter)92 void SetFilter(std::shared_ptr<PacketFilter> filter) { 93 adapter_->SetPacketFilter(filter); 94 } ClearFilter()95 void ClearFilter() { adapter_->SetPacketFilter(nullptr); } 96 97 void StartConnect(PRFileDesc* model = nullptr); 98 void CheckKEA(SSLKEAType kea_type, SSLNamedGroup group, 99 size_t kea_size = 0) const; 100 void CheckOriginalKEA(SSLNamedGroup kea_group) const; 101 void CheckAuthType(SSLAuthType auth_type, 102 SSLSignatureScheme sig_scheme) const; 103 104 void DisableAllCiphers(); 105 void EnableCiphersByAuthType(SSLAuthType authType); 106 void EnableCiphersByKeyExchange(SSLKEAType kea); 107 void EnableGroupsByKeyExchange(SSLKEAType kea); 108 void EnableGroupsByAuthType(SSLAuthType authType); 109 void EnableSingleCipher(uint16_t cipher); 110 111 void Handshake(); 112 // Marks the internal state as CONNECTING in anticipation of renegotiation. 113 void PrepareForRenegotiate(); 114 // Prepares for renegotiation, then actually triggers it. 115 void StartRenegotiate(); 116 void SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx); 117 118 static bool LoadCertificate(const std::string& name, 119 ScopedCERTCertificate* cert, 120 ScopedSECKEYPrivateKey* priv); 121 static bool LoadKeyPairFromCert(const std::string& name, 122 ScopedSECKEYPublicKey* pub, 123 ScopedSECKEYPrivateKey* priv); 124 125 // Delegated credentials. 126 // 127 // Generate a delegated credential and sign it using the certificate 128 // associated with |name|. 129 static void DelegateCredential(const std::string& name, 130 const ScopedSECKEYPublicKey& dcPub, 131 SSLSignatureScheme dcCertVerifyAlg, 132 PRUint32 dcValidFor, PRTime now, SECItem* dc); 133 // Indicate support for the delegated credentials extension. 134 void EnableDelegatedCredentials(); 135 // Generate and configure a delegated credential to use in the handshake with 136 // clients that support this extension.. 137 void AddDelegatedCredential(const std::string& dc_name, 138 SSLSignatureScheme dcCertVerifyAlg, 139 PRUint32 dcValidFor, PRTime now); 140 void UpdatePreliminaryChannelInfo(); 141 142 bool ConfigServerCert(const std::string& name, bool updateKeyBits = false, 143 const SSLExtraServerCertData* serverCertData = nullptr); 144 bool ConfigServerCertWithChain(const std::string& name); 145 bool EnsureTlsSetup(PRFileDesc* modelSocket = nullptr); 146 147 void SetupClientAuth(); 148 void RequestClientAuth(bool requireAuth); 149 150 void SetOption(int32_t option, int value); 151 void ConfigureSessionCache(SessionResumptionMode mode); 152 void Set0RttEnabled(bool en); 153 void SetFallbackSCSVEnabled(bool en); 154 void SetVersionRange(uint16_t minver, uint16_t maxver); 155 void GetVersionRange(uint16_t* minver, uint16_t* maxver); 156 void CheckPreliminaryInfo(); 157 void ResetPreliminaryInfo(); 158 void SetExpectedVersion(uint16_t version); 159 void SetServerKeyBits(uint16_t bits); 160 void ExpectReadWriteError(); 161 void EnableFalseStart(); 162 void ExpectEch(bool expected = true); GetEchExpected()163 bool GetEchExpected() const { return expect_ech_; } 164 void ExpectPsk(SSLPskType psk = ssl_psk_external); 165 void ExpectResumption(); 166 void SkipVersionChecks(); 167 void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count); 168 void EnableAlpn(const uint8_t* val, size_t len); 169 void CheckAlpn(SSLNextProtoState expected_state, 170 const std::string& expected = "") const; 171 void EnableSrtp(); 172 void CheckSrtp() const; 173 void CheckEpochs(uint16_t expected_read, uint16_t expected_write) const; 174 void CheckErrorCode(int32_t expected) const; 175 void WaitForErrorCode(int32_t expected, uint32_t delay) const; 176 // Send data on the socket, encrypting it. 177 void SendData(size_t bytes, size_t blocksize = 1024); 178 void SendBuffer(const DataBuffer& buf); 179 bool SendEncryptedRecord(const std::shared_ptr<TlsCipherSpec>& spec, 180 uint64_t seq, uint8_t ct, const DataBuffer& buf); 181 // Send data directly to the underlying socket, skipping the TLS layer. 182 void SendDirect(const DataBuffer& buf); 183 void SendRecordDirect(const TlsRecord& record); 184 void AddPsk(const ScopedPK11SymKey& psk, std::string label, SSLHashType hash, 185 uint16_t zeroRttSuite = TLS_NULL_WITH_NULL_NULL); 186 void RemovePsk(std::string label); 187 void ReadBytes(size_t max = 16384U); 188 void ResetSentBytes(size_t bytes = 0); // Hack to test drops. 189 void EnableExtendedMasterSecret(); 190 void CheckExtendedMasterSecret(bool expected); 191 void CheckEarlyDataAccepted(bool expected); 192 void CheckEchAccepted(bool expected); 193 void SetDowngradeCheckVersion(uint16_t version); 194 void CheckSecretsDestroyed(); 195 void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups); 196 void DisableECDHEServerKeyReuse(); 197 bool GetPeerChainLength(size_t* count); 198 void CheckCipherSuite(uint16_t cipher_suite); 199 void SetResumptionTokenCallback(); 200 bool MaybeSetResumptionToken(); SetResumptionToken(const std::vector<uint8_t> & resumption_token)201 void SetResumptionToken(const std::vector<uint8_t>& resumption_token) { 202 resumption_token_ = resumption_token; 203 } GetResumptionToken()204 const std::vector<uint8_t>& GetResumptionToken() const { 205 return resumption_token_; 206 } GetTokenInfo(ScopedSSLResumptionTokenInfo & token)207 void GetTokenInfo(ScopedSSLResumptionTokenInfo& token) { 208 SECStatus rv = SSL_GetResumptionTokenInfo( 209 resumption_token_.data(), resumption_token_.size(), token.get(), 210 sizeof(SSLResumptionTokenInfo)); 211 ASSERT_EQ(SECSuccess, rv); 212 } SetResumptionCallbackCalled()213 void SetResumptionCallbackCalled() { resumption_callback_called_ = true; } resumption_callback_called()214 bool resumption_callback_called() const { 215 return resumption_callback_called_; 216 } 217 name()218 const std::string& name() const { return name_; } 219 role()220 Role role() const { return role_; } role_str()221 std::string role_str() const { return role_ == SERVER ? "server" : "client"; } 222 variant()223 SSLProtocolVariant variant() const { return variant_; } 224 state()225 State state() const { return state_; } 226 peer_cert()227 const CERTCertificate* peer_cert() const { 228 return SSL_PeerCertificate(ssl_fd_.get()); 229 } 230 state_str()231 const char* state_str() const { return state_str(state()); } 232 state_str(State state)233 static const char* state_str(State state) { return states[state]; } 234 ssl_fd()235 NssManagedFileDesc ssl_fd() const { 236 return NssManagedFileDesc(ssl_fd_.get(), policy_, option_); 237 } adapter()238 std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; } 239 info()240 const SSLChannelInfo& info() const { 241 EXPECT_EQ(STATE_CONNECTED, state_); 242 return info_; 243 } 244 pre_info()245 const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; } 246 is_compressed()247 bool is_compressed() const { 248 return info().compressionMethod != ssl_compression_null; 249 } server_key_bits()250 uint16_t server_key_bits() const { return server_key_bits_; } min_version()251 uint16_t min_version() const { return vrange_.min; } max_version()252 uint16_t max_version() const { return vrange_.max; } version()253 uint16_t version() const { return info().protocolVersion; } 254 cipher_suite(uint16_t * suite)255 bool cipher_suite(uint16_t* suite) const { 256 if (state_ != STATE_CONNECTED) return false; 257 258 *suite = info_.cipherSuite; 259 return true; 260 } 261 expected_cipher_suite(uint16_t suite)262 void expected_cipher_suite(uint16_t suite) { expected_cipher_suite_ = suite; } 263 cipher_suite_name()264 std::string cipher_suite_name() const { 265 if (state_ != STATE_CONNECTED) return "UNKNOWN"; 266 267 return csinfo_.cipherSuiteName; 268 } 269 session_id()270 std::vector<uint8_t> session_id() const { 271 return std::vector<uint8_t>(info_.sessionID, 272 info_.sessionID + info_.sessionIDLength); 273 } 274 auth_type(SSLAuthType * a)275 bool auth_type(SSLAuthType* a) const { 276 if (state_ != STATE_CONNECTED) return false; 277 278 *a = info_.authType; 279 return true; 280 } 281 kea_type(SSLKEAType * k)282 bool kea_type(SSLKEAType* k) const { 283 if (state_ != STATE_CONNECTED) return false; 284 285 *k = info_.keaType; 286 return true; 287 } 288 received_bytes()289 size_t received_bytes() const { return recv_ctr_; } error_code()290 PRErrorCode error_code() const { return error_code_; } 291 can_falsestart_hook_called()292 bool can_falsestart_hook_called() const { 293 return can_falsestart_hook_called_; 294 } 295 SetHandshakeCallback(HandshakeCallbackFunction handshake_callback)296 void SetHandshakeCallback(HandshakeCallbackFunction handshake_callback) { 297 handshake_callback_ = handshake_callback; 298 } 299 SetAuthCertificateCallback(AuthCertificateCallbackFunction auth_certificate_callback)300 void SetAuthCertificateCallback( 301 AuthCertificateCallbackFunction auth_certificate_callback) { 302 auth_certificate_callback_ = auth_certificate_callback; 303 } 304 SetSniCallback(SniCallbackFunction sni_callback)305 void SetSniCallback(SniCallbackFunction sni_callback) { 306 sni_callback_ = sni_callback; 307 } 308 309 void ExpectReceiveAlert(uint8_t alert, uint8_t level = 0); 310 void ExpectSendAlert(uint8_t alert, uint8_t level = 0); 311 312 std::string alpn_value_to_use_ = ""; 313 // set the given policy before this agent runs SetPolicy(SECOidTag oid,PRUint32 set,PRUint32 clear)314 void SetPolicy(SECOidTag oid, PRUint32 set, PRUint32 clear) { 315 policy_ = NssPolicy(oid, set, clear); 316 } SetNssOption(PRInt32 id,PRInt32 value)317 void SetNssOption(PRInt32 id, PRInt32 value) { 318 option_ = NssOption(id, value); 319 } 320 321 private: 322 const static char* states[]; 323 324 void SetState(State state); 325 void ValidateCipherSpecs(); 326 327 // Dummy auth certificate hook. AuthCertificateHook(void * arg,PRFileDesc * fd,PRBool checksig,PRBool isServer)328 static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, 329 PRBool checksig, PRBool isServer) { 330 TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg); 331 agent->CheckPreliminaryInfo(); 332 agent->auth_certificate_hook_called_ = true; 333 if (agent->auth_certificate_callback_) { 334 return agent->auth_certificate_callback_(agent, checksig ? true : false, 335 isServer ? true : false); 336 } 337 return SECSuccess; 338 } 339 340 // Client auth certificate hook. ClientAuthenticated(void * arg,PRFileDesc * fd,PRBool checksig,PRBool isServer)341 static SECStatus ClientAuthenticated(void* arg, PRFileDesc* fd, 342 PRBool checksig, PRBool isServer) { 343 TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg); 344 EXPECT_TRUE(agent->expect_client_auth_); 345 EXPECT_EQ(PR_TRUE, isServer); 346 if (agent->auth_certificate_callback_) { 347 return agent->auth_certificate_callback_(agent, checksig ? true : false, 348 isServer ? true : false); 349 } 350 return SECSuccess; 351 } 352 353 static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd, 354 CERTDistNames* caNames, 355 CERTCertificate** cert, 356 SECKEYPrivateKey** privKey); 357 ReadableCallback(PollTarget * self,Event event)358 static void ReadableCallback(PollTarget* self, Event event) { 359 TlsAgent* agent = static_cast<TlsAgent*>(self); 360 if (event == TIMER_EVENT) { 361 agent->timer_handle_ = nullptr; 362 } 363 agent->ReadableCallback_int(); 364 } 365 ReadableCallback_int()366 void ReadableCallback_int() { 367 LOGV("Readable"); 368 switch (state_) { 369 case STATE_CONNECTING: 370 Handshake(); 371 break; 372 case STATE_CONNECTED: 373 ReadBytes(); 374 break; 375 default: 376 break; 377 } 378 } 379 SniHook(PRFileDesc * fd,const SECItem * srvNameArr,PRUint32 srvNameArrSize,void * arg)380 static PRInt32 SniHook(PRFileDesc* fd, const SECItem* srvNameArr, 381 PRUint32 srvNameArrSize, void* arg) { 382 TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg); 383 agent->CheckPreliminaryInfo(); 384 agent->sni_hook_called_ = true; 385 EXPECT_EQ(1UL, srvNameArrSize); 386 if (agent->sni_callback_) { 387 return agent->sni_callback_(agent, srvNameArr, srvNameArrSize); 388 } 389 return 0; // First configuration. 390 } 391 CanFalseStartCallback(PRFileDesc * fd,void * arg,PRBool * canFalseStart)392 static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg, 393 PRBool* canFalseStart) { 394 TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg); 395 agent->CheckPreliminaryInfo(); 396 EXPECT_TRUE(agent->falsestart_enabled_); 397 EXPECT_FALSE(agent->can_falsestart_hook_called_); 398 agent->can_falsestart_hook_called_ = true; 399 *canFalseStart = true; 400 return SECSuccess; 401 } 402 403 void CheckAlert(bool sent, const SSLAlert* alert); 404 AlertReceivedCallback(const PRFileDesc * fd,void * arg,const SSLAlert * alert)405 static void AlertReceivedCallback(const PRFileDesc* fd, void* arg, 406 const SSLAlert* alert) { 407 reinterpret_cast<TlsAgent*>(arg)->CheckAlert(false, alert); 408 } 409 AlertSentCallback(const PRFileDesc * fd,void * arg,const SSLAlert * alert)410 static void AlertSentCallback(const PRFileDesc* fd, void* arg, 411 const SSLAlert* alert) { 412 reinterpret_cast<TlsAgent*>(arg)->CheckAlert(true, alert); 413 } 414 HandshakeCallback(PRFileDesc * fd,void * arg)415 static void HandshakeCallback(PRFileDesc* fd, void* arg) { 416 TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg); 417 agent->handshake_callback_called_ = true; 418 agent->Connected(); 419 if (agent->handshake_callback_) { 420 agent->handshake_callback_(agent); 421 } 422 } 423 424 void DisableLameGroups(); 425 void ConfigStrongECGroups(bool en); 426 void ConfigAllDHGroups(bool en); 427 void CheckCallbacks() const; 428 void Connected(); 429 430 const std::string name_; 431 SSLProtocolVariant variant_; 432 Role role_; 433 uint16_t server_key_bits_; 434 std::shared_ptr<DummyPrSocket> adapter_; 435 ScopedPRFileDesc ssl_fd_; 436 State state_; 437 std::shared_ptr<Poller::Timer> timer_handle_; 438 bool falsestart_enabled_; 439 uint16_t expected_version_; 440 uint16_t expected_cipher_suite_; 441 bool expect_client_auth_; 442 bool expect_ech_; 443 SSLPskType expect_psk_; 444 bool can_falsestart_hook_called_; 445 bool sni_hook_called_; 446 bool auth_certificate_hook_called_; 447 uint8_t expected_received_alert_; 448 uint8_t expected_received_alert_level_; 449 uint8_t expected_sent_alert_; 450 uint8_t expected_sent_alert_level_; 451 bool handshake_callback_called_; 452 bool resumption_callback_called_; 453 SSLChannelInfo info_; 454 SSLPreliminaryChannelInfo pre_info_; 455 SSLCipherSuiteInfo csinfo_; 456 SSLVersionRange vrange_; 457 PRErrorCode error_code_; 458 size_t send_ctr_; 459 size_t recv_ctr_; 460 bool expect_readwrite_error_; 461 HandshakeCallbackFunction handshake_callback_; 462 AuthCertificateCallbackFunction auth_certificate_callback_; 463 SniCallbackFunction sni_callback_; 464 bool skip_version_checks_; 465 std::vector<uint8_t> resumption_token_; 466 NssPolicy policy_; 467 NssOption option_; 468 }; 469 470 inline std::ostream& operator<<(std::ostream& stream, 471 const TlsAgent::State& state) { 472 return stream << TlsAgent::state_str(state); 473 } 474 475 class TlsAgentTestBase : public ::testing::Test { 476 public: 477 static ::testing::internal::ParamGenerator<std::string> kTlsRolesAll; 478 479 TlsAgentTestBase(TlsAgent::Role role, SSLProtocolVariant variant, 480 uint16_t version = 0) agent_(nullptr)481 : agent_(nullptr), 482 role_(role), 483 variant_(variant), 484 version_(version), 485 sink_adapter_(new DummyPrSocket("sink", variant)) {} ~TlsAgentTestBase()486 virtual ~TlsAgentTestBase() {} 487 488 void SetUp(); 489 void TearDown(); 490 491 void ExpectAlert(uint8_t alert); 492 493 static void MakeRecord(SSLProtocolVariant variant, uint8_t type, 494 uint16_t version, const uint8_t* buf, size_t len, 495 DataBuffer* out, uint64_t seq_num = 0); 496 void MakeRecord(uint8_t type, uint16_t version, const uint8_t* buf, 497 size_t len, DataBuffer* out, uint64_t seq_num = 0) const; 498 void MakeHandshakeMessage(uint8_t hs_type, const uint8_t* data, size_t hs_len, 499 DataBuffer* out, uint64_t seq_num = 0) const; 500 void MakeHandshakeMessageFragment(uint8_t hs_type, const uint8_t* data, 501 size_t hs_len, DataBuffer* out, 502 uint64_t seq_num, uint32_t fragment_offset, 503 uint32_t fragment_length) const; 504 DataBuffer MakeCannedTls13ServerHello(); 505 static void MakeTrivialHandshakeRecord(uint8_t hs_type, size_t hs_len, 506 DataBuffer* out); ToRole(const std::string & str)507 static inline TlsAgent::Role ToRole(const std::string& str) { 508 return str == "CLIENT" ? TlsAgent::CLIENT : TlsAgent::SERVER; 509 } 510 511 void Init(const std::string& server_name = TlsAgent::kServerRsa); 512 void Reset(const std::string& server_name = TlsAgent::kServerRsa); 513 514 protected: 515 void EnsureInit(); 516 void ProcessMessage(const DataBuffer& buffer, TlsAgent::State expected_state, 517 int32_t error_code = 0); 518 519 std::shared_ptr<TlsAgent> agent_; 520 TlsAgent::Role role_; 521 SSLProtocolVariant variant_; 522 uint16_t version_; 523 // This adapter is here just to accept packets from this agent. 524 std::shared_ptr<DummyPrSocket> sink_adapter_; 525 }; 526 527 class TlsAgentTest 528 : public TlsAgentTestBase, 529 public ::testing::WithParamInterface< 530 std::tuple<std::string, SSLProtocolVariant, uint16_t>> { 531 public: TlsAgentTest()532 TlsAgentTest() 533 : TlsAgentTestBase(ToRole(std::get<0>(GetParam())), 534 std::get<1>(GetParam()), std::get<2>(GetParam())) {} 535 }; 536 537 class TlsAgentTestClient : public TlsAgentTestBase, 538 public ::testing::WithParamInterface< 539 std::tuple<SSLProtocolVariant, uint16_t>> { 540 public: TlsAgentTestClient()541 TlsAgentTestClient() 542 : TlsAgentTestBase(TlsAgent::CLIENT, std::get<0>(GetParam()), 543 std::get<1>(GetParam())) {} 544 }; 545 546 class TlsAgentTestClient13 : public TlsAgentTestClient {}; 547 548 class TlsAgentStreamTestClient : public TlsAgentTestBase { 549 public: TlsAgentStreamTestClient()550 TlsAgentStreamTestClient() 551 : TlsAgentTestBase(TlsAgent::CLIENT, ssl_variant_stream) {} 552 }; 553 554 class TlsAgentStreamTestServer : public TlsAgentTestBase { 555 public: TlsAgentStreamTestServer()556 TlsAgentStreamTestServer() 557 : TlsAgentTestBase(TlsAgent::SERVER, ssl_variant_stream) {} 558 }; 559 560 class TlsAgentDgramTestClient : public TlsAgentTestBase { 561 public: TlsAgentDgramTestClient()562 TlsAgentDgramTestClient() 563 : TlsAgentTestBase(TlsAgent::CLIENT, ssl_variant_datagram) {} 564 }; 565 566 inline bool operator==(const SSLVersionRange& vr1, const SSLVersionRange& vr2) { 567 return vr1.min == vr2.min && vr1.max == vr2.max; 568 } 569 570 } // namespace nss_test 571 572 #endif 573