include(AwsTestHarness) enable_testing() # See PKCS11.md for instructions on running these tests option(ENABLE_PKCS11_TESTS "Build and run PKCS#11 tests" OFF) file(GLOB TEST_SRC "*.c") file(GLOB TEST_HDRS "*.h") file(GLOB TESTS ${TEST_HDRS} ${TEST_SRC}) # Each pipe test runs in 2 different configurations macro(add_pipe_test_case name) add_test_case("${name}") add_test_case("${name}_2loops") endmacro() add_test_case(io_library_init) add_test_case(io_library_init_cleanup_init_cleanup) add_pipe_test_case(pipe_open_close) add_pipe_test_case(pipe_read_write) add_pipe_test_case(pipe_read_write_large_buffer) add_pipe_test_case(pipe_readable_event_sent_after_write) add_pipe_test_case(pipe_readable_event_sent_once) add_pipe_test_case(pipe_readable_event_sent_on_subscribe_if_data_present) add_pipe_test_case(pipe_readable_event_sent_on_resubscribe_if_data_present) add_pipe_test_case(pipe_readable_event_sent_again_after_all_data_read) add_pipe_test_case(pipe_error_event_sent_after_write_end_closed) add_pipe_test_case(pipe_error_event_sent_on_subscribe_if_write_end_already_closed) add_pipe_test_case(pipe_writes_are_fifo) add_pipe_test_case(pipe_clean_up_cancels_pending_writes) add_test_case(event_loop_xthread_scheduled_tasks_execute) add_test_case(event_loop_canceled_tasks_run_in_el_thread) if (USE_IO_COMPLETION_PORTS) add_test_case(event_loop_completion_events) else () add_test_case(event_loop_subscribe_unsubscribe) add_test_case(event_loop_writable_event_on_subscribe) add_test_case(event_loop_no_readable_event_before_write) add_test_case(event_loop_readable_event_after_write) add_test_case(event_loop_readable_event_on_subscribe_if_data_present) add_test_case(event_loop_readable_event_on_2nd_time_readable) add_test_case(event_loop_no_events_after_unsubscribe) endif () add_test_case(event_loop_stop_then_restart) add_test_case(event_loop_multiple_stops) add_test_case(event_loop_group_setup_and_shutdown) add_test_case(event_loop_group_setup_and_shutdown_async) add_test_case(numa_aware_event_loop_group_setup_and_shutdown) add_test_case(io_testing_channel) add_test_case(local_socket_communication) add_net_test_case(tcp_socket_communication) add_net_test_case(udp_socket_communication) add_test_case(udp_bind_connect_communication) add_net_test_case(connect_timeout) add_net_test_case(connect_timeout_cancelation) if (USE_VSOCK) add_test_case(vsock_loopback_socket_communication) endif () add_test_case(outgoing_local_sock_errors) add_test_case(outgoing_tcp_sock_error) add_test_case(incoming_tcp_sock_errors) add_test_case(incoming_duplicate_tcp_bind_errors) add_net_test_case(bind_on_zero_port_tcp_ipv4) add_net_test_case(bind_on_zero_port_udp_ipv4) add_test_case(incoming_udp_sock_errors) add_test_case(wrong_thread_read_write_fails) add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode) add_test_case(cleanup_in_accept_doesnt_explode) add_test_case(cleanup_in_write_cb_doesnt_explode) add_test_case(sock_write_cb_is_async) if (WIN32) add_test_case(local_socket_pipe_connected_race) endif() add_test_case(channel_setup) add_test_case(channel_single_slot_cleans_up) add_test_case(channel_slots_clean_up) add_test_case(channel_refcount_delays_clean_up) add_test_case(channel_tasks_run) add_test_case(channel_tasks_serialized_run) add_test_case(channel_rejects_post_shutdown_tasks) add_test_case(channel_cancels_pending_tasks) add_test_case(channel_duplicate_shutdown) add_net_test_case(channel_connect_some_hosts_timeout) add_net_test_case(test_default_with_ipv6_lookup) add_test_case(test_resolver_ipv6_address_lookup) add_net_test_case(test_default_with_multiple_lookups) add_test_case(test_resolver_ipv4_address_lookup) add_net_test_case(test_default_with_ipv4_only_lookup) add_test_case(test_resolver_ttls) add_test_case(test_resolver_connect_failure_recording) add_test_case(test_resolver_ttl_refreshes_on_resolve) add_net_test_case(test_resolver_listener_create_destroy) #add_net_test_case(test_resolver_add_listener_before_host) #add_net_test_case(test_resolver_add_listener_after_host) #add_net_test_case(test_resolver_add_multiple_listeners_fn) add_net_test_case(test_resolver_listener_host_re_add_fn) add_net_test_case(test_resolver_listener_multiple_results) add_net_test_case(test_resolver_listener_address_expired_fn) add_net_test_case(test_resolver_pinned_host_entry) add_net_test_case(test_resolver_unpinned_host_entry) add_net_test_case(test_resolver_address_promote_demote_listener_callbacks) add_test_case(test_pem_single_cert_parse) add_test_case(test_pem_private_key_parse) add_test_case(test_pem_cert_chain_parse) add_test_case(test_pem_cert_parse_from_file) add_test_case(test_pem_private_key_parse_from_file) add_test_case(test_pem_cert_chain_comments_and_whitespace) add_test_case(test_pem_invalid_parse) add_test_case(test_pem_valid_data_invalid_parse) add_test_case(test_pem_invalid_in_chain_parse) add_test_case(pem_sanitize_comments_around_pem_object_removed) add_test_case(pem_sanitize_empty_file_rejected) add_test_case(pem_sanitize_wrong_format_rejected) add_test_case(socket_handler_echo_and_backpressure) add_test_case(socket_handler_close) add_test_case(socket_pinned_event_loop) if (NOT BYO_CRYPTO) # Badssl-based tests (https://badssl.com/dashboard/) - use remote endpoints for now, later transition to # internal hosting using the bad ssl container/server setup and dns redirects per # https://github.com/chromium/badssl.com # # We don't use the interception suite since that's a host configuration issue # We also don't check the domain security policy suite: # 1. s2n does not support revocation checks and we do not currently enable any revocation checks # in windows or osx, although we may add configurable support to those platforms(off-by-default) at a # later date # 2. s2n does not support public key pinning and, given its deprecated and http-centric position, there are no # plans to add support nor investigate osx/windows support as well. # Badssl - Certificate Validation endpoint suite # For each failure case, we also include a positive test that verifies success when peer verification is disabled add_net_test_case(tls_client_channel_negotiation_error_expired) add_net_test_case(tls_client_channel_negotiation_error_wrong_host) add_net_test_case(tls_client_channel_negotiation_error_wrong_host_with_ca_override) add_net_test_case(tls_client_channel_negotiation_error_self_signed) add_net_test_case(tls_client_channel_negotiation_error_untrusted_root) add_net_test_case(tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override) add_net_test_case(tls_client_channel_negotiation_no_verify_expired) add_net_test_case(tls_client_channel_negotiation_no_verify_wrong_host) add_net_test_case(tls_client_channel_negotiation_no_verify_self_signed) add_net_test_case(tls_client_channel_negotiation_no_verify_untrusted_root) # Badssl - Broken Crypto endpoint suite # We don't include dh1024 as it succeeds on the windows baseline configuration and there does not seem # to be a way to disable it add_net_test_case(tls_client_channel_negotiation_error_broken_crypto_rc4) add_net_test_case(tls_client_channel_negotiation_error_broken_crypto_rc4_md5) add_net_test_case(tls_client_channel_negotiation_error_broken_crypto_dh480) add_net_test_case(tls_client_channel_negotiation_error_broken_crypto_dh512) add_net_test_case(tls_client_channel_negotiation_error_broken_crypto_null) # Badssl - Legacy crypto suite, includes both negative and positive tests, with override checks where appropriate # Our current baseline/default is platform-specific, whereas badssl expects a baseline of 1.2 # Linux - tls1.1 # Windows - system default (1.0 is the only thing we could reasonable fixate to given win7 support) # Mac - system default # We skip the cbc and 3des checks, as a positive connection result there does not yet represent a security risk # We don't include dh2048 as it succeeds on the windows baseline configuration and there does not seem # to be a way to disable it if(NOT (WIN32 AND NOT CMAKE_SYSTEM_VERSION MATCHES "10\.0\.1.*")) # Skip TLS 1.0 and TLS 1.1 test for windows later than windows server 2022, as they droped old TLS add_net_test_case(tls_client_channel_negotiation_error_legacy_crypto_tls10) add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10) add_net_test_case(tls_client_channel_negotiation_error_override_legacy_crypto_tls11) add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11) endif() # Badssl - Secure uncommon suite # We skip 10000san for now as its unclear the point or relevance especially with respect to the OS-based # TLS implementations # We skip 1000san, sha384 and sha512 because the public badssl certificate is expired and we haven't migrated to # internal hosting yet # We also defer the incomplete chain test for now until we can do some further study on how to get it to # properly fail on windows and osx. # add_net_test_case(tls_client_channel_negotiation_success_sha384) # add_net_test_case(tls_client_channel_negotiation_success_sha512) add_net_test_case(tls_client_channel_negotiation_success_rsa8192) add_net_test_case(tls_client_channel_negotiation_error_no_subject) add_net_test_case(tls_client_channel_negotiation_success_no_verify_no_subject) add_net_test_case(tls_client_channel_negotiation_error_no_common_name) add_net_test_case(tls_client_channel_negotiation_success_no_verify_no_common_name) add_net_test_case(tls_client_channel_negotiation_success_no_verify_incomplete_chain) # Badssl - Secure common suite, all of these should succeed add_net_test_case(tls_client_channel_negotiation_success_tls12) add_net_test_case(tls_client_channel_negotiation_success_sha256) add_net_test_case(tls_client_channel_negotiation_success_rsa2048) add_net_test_case(tls_client_channel_negotiation_success_ecc256) add_net_test_case(tls_client_channel_negotiation_success_ecc384) # add_net_test_case(tls_client_channel_negotiation_success_extended_validation) test disabled until badssl updates cert (expired 2022.08.10) add_net_test_case(tls_client_channel_negotiation_success_mozilla_modern) # Misc non-badssl tls tests add_net_test_case(test_concurrent_cert_import) add_test_case(tls_channel_echo_and_backpressure_test) add_net_test_case(tls_client_channel_negotiation_error_socket_closed) add_net_test_case(tls_client_channel_negotiation_success) add_net_test_case(tls_server_multiple_connections) add_net_test_case(tls_server_hangup_during_negotiation) add_net_test_case(tls_client_channel_no_verify) add_net_test_case(test_tls_negotiation_timeout) add_net_test_case(alpn_successfully_negotiates) add_net_test_case(alpn_no_protocol_message) add_net_test_case(test_ecc_cert_import) add_test_case(alpn_error_creating_handler) add_test_case(tls_destroy_null_context) add_test_case(tls_channel_statistics_test) add_test_case(tls_certificate_chain_test) else() add_test_case(byo_tls_handler_test) endif() add_test_case(test_input_stream_memory_simple) add_test_case(test_input_stream_memory_iterate) add_test_case(test_input_stream_memory_seek_beginning) add_test_case(test_input_stream_memory_seek_end) add_test_case(test_input_stream_memory_seek_multiple_times) add_test_case(test_input_stream_memory_seek_past_end) add_test_case(test_input_stream_memory_seek_before_start) add_test_case(test_input_stream_file_simple) add_test_case(test_input_stream_file_iterate) add_test_case(test_input_stream_file_seek_beginning) add_test_case(test_input_stream_file_seek_end) add_test_case(test_input_stream_memory_length) add_test_case(test_input_stream_file_length) add_test_case(test_input_stream_binary) add_test_case(open_channel_statistics_test) add_test_case(shared_library_open_failure) if (BUILD_SHARED_LIBS) add_test_case(shared_library_open_success) add_test_case(shared_library_find_function_failure) add_test_case(shared_library_find_function_success) endif() add_test_case(test_exponential_backoff_retry_too_many_retries_no_jitter) add_test_case(test_exponential_backoff_retry_too_many_retries_full_jitter) add_test_case(test_exponential_backoff_retry_too_many_retries_decorrelated_jitter) add_test_case(test_exponential_backoff_retry_too_many_retries_default_jitter) add_test_case(test_exponential_backoff_retry_client_errors_do_not_count) add_test_case(test_exponential_backoff_retry_no_jitter_time_taken) add_test_case(test_exponential_backoff_retry_invalid_options) add_test_case(test_standard_retry_strategy_setup_shutdown) add_test_case(test_standard_retry_strategy_failure_exhausts_bucket) add_test_case(test_standard_retry_strategy_failure_recovers) # See PKCS11.md for instructions on running these tests if (ENABLE_PKCS11_TESTS) add_test_case(pkcs11_lib_sanity_check) add_test_case(pkcs11_lib_behavior_default) add_test_case(pkcs11_lib_behavior_omit_initialize) add_test_case(pkcs11_lib_behavior_strict_initialize_finalize) add_test_case(pkcs11_find_private_key) add_test_case(pkcs11_find_private_key_for_different_rsa_types) add_test_case(pkcs11_find_private_key_for_ec) add_test_case(pkcs11_find_multiple_private_key) add_test_case(pkcs11_sign_rsa_sha1) add_test_case(pkcs11_sign_rsa_sha224) add_test_case(pkcs11_sign_rsa_sha256) add_test_case(pkcs11_sign_rsa_sha384) add_test_case(pkcs11_sign_rsa_sha512) add_test_case(pkcs11_asn1_bigint) add_test_case(pkcs11_sign_ec_256) add_test_case(pkcs11_rsa_decrypt) add_test_case(pkcs11_find_slot) add_test_case(pkcs11_find_slot_many_tokens) add_test_case(pkcs11_session_tests) add_test_case(pkcs11_login_tests) # TLS with PKCS#11 not currently supported on every platform if (USE_S2N) add_test_case(pkcs11_tls_rsa_negotiation_succeeds) add_test_case(pkcs11_tls_ec_negotiation_succeeds) endif() endif() set(TEST_BINARY_NAME ${PROJECT_NAME}-tests) generate_test_driver(${TEST_BINARY_NAME}) #SSL certificates to use for testing. add_custom_command(TARGET ${TEST_BINARY_NAME} PRE_BUILD COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_SOURCE_DIR}/resources $)