1 /*
2 * Common code library for SSL test programs.
3 *
4 * In addition to the functions in this file, there is shared source code
5 * that cannot be compiled separately in "ssl_test_common_source.c".
6 *
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
11 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
12
13 #include "ssl_test_lib.h"
14
15 #if defined(MBEDTLS_TEST_HOOKS)
16 #include "test/helpers.h"
17 #endif
18
19 #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
20
21 #define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0]))
22
my_debug(void * ctx,int level,const char * file,int line,const char * str)23 void my_debug(void *ctx, int level,
24 const char *file, int line,
25 const char *str)
26 {
27 const char *p, *basename;
28
29 /* Extract basename from file */
30 for (p = basename = file; *p != '\0'; p++) {
31 if (*p == '/' || *p == '\\') {
32 basename = p + 1;
33 }
34 }
35
36 mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
37 basename, line, level, str);
38 fflush((FILE *) ctx);
39 }
40
41 #if defined(MBEDTLS_HAVE_TIME)
dummy_constant_time(mbedtls_time_t * time)42 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
43 {
44 (void) time;
45 return 0x5af2a056;
46 }
47 #endif
48
49 #if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
dummy_entropy(void * data,unsigned char * output,size_t len)50 static int dummy_entropy(void *data, unsigned char *output, size_t len)
51 {
52 size_t i;
53 int ret;
54 (void) data;
55
56 ret = mbedtls_entropy_func(data, output, len);
57 for (i = 0; i < len; i++) {
58 //replace result with pseudo random
59 output[i] = (unsigned char) rand();
60 }
61 return ret;
62 }
63 #endif
64
rng_init(rng_context_t * rng)65 void rng_init(rng_context_t *rng)
66 {
67 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
68 (void) rng;
69 psa_crypto_init();
70 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
71
72 #if defined(MBEDTLS_CTR_DRBG_C)
73 mbedtls_ctr_drbg_init(&rng->drbg);
74 #elif defined(MBEDTLS_HMAC_DRBG_C)
75 mbedtls_hmac_drbg_init(&rng->drbg);
76 #else
77 #error "No DRBG available"
78 #endif
79
80 mbedtls_entropy_init(&rng->entropy);
81 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
82 }
83
rng_seed(rng_context_t * rng,int reproducible,const char * pers)84 int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
85 {
86 #if defined(MBEDTLS_USE_PSA_CRYPTO)
87 if (reproducible) {
88 mbedtls_fprintf(stderr,
89 "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
90 return -1;
91 }
92 #endif
93 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
94 /* The PSA crypto RNG does its own seeding. */
95 (void) rng;
96 (void) pers;
97 if (reproducible) {
98 mbedtls_fprintf(stderr,
99 "The PSA RNG does not support reproducible mode.\n");
100 return -1;
101 }
102 return 0;
103 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
104 int (*f_entropy)(void *, unsigned char *, size_t) =
105 (reproducible ? dummy_entropy : mbedtls_entropy_func);
106
107 if (reproducible) {
108 srand(1);
109 }
110
111 #if defined(MBEDTLS_CTR_DRBG_C)
112 int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
113 f_entropy, &rng->entropy,
114 (const unsigned char *) pers,
115 strlen(pers));
116 #elif defined(MBEDTLS_HMAC_DRBG_C)
117 #if defined(MBEDTLS_MD_CAN_SHA256)
118 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
119 #elif defined(MBEDTLS_MD_CAN_SHA512)
120 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
121 #else
122 #error "No message digest available for HMAC_DRBG"
123 #endif
124 int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
125 mbedtls_md_info_from_type(md_type),
126 f_entropy, &rng->entropy,
127 (const unsigned char *) pers,
128 strlen(pers));
129 #else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
130 #error "No DRBG available"
131 #endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
132
133 if (ret != 0) {
134 mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
135 (unsigned int) -ret);
136 return ret;
137 }
138 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
139
140 return 0;
141 }
142
rng_free(rng_context_t * rng)143 void rng_free(rng_context_t *rng)
144 {
145 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
146 (void) rng;
147 /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
148 * This is ok because none of our applications try to do any crypto after
149 * deinitializing the RNG. */
150 mbedtls_psa_crypto_free();
151 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
152
153 #if defined(MBEDTLS_CTR_DRBG_C)
154 mbedtls_ctr_drbg_free(&rng->drbg);
155 #elif defined(MBEDTLS_HMAC_DRBG_C)
156 mbedtls_hmac_drbg_free(&rng->drbg);
157 #else
158 #error "No DRBG available"
159 #endif
160
161 mbedtls_entropy_free(&rng->entropy);
162 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
163 }
164
rng_get(void * p_rng,unsigned char * output,size_t output_len)165 int rng_get(void *p_rng, unsigned char *output, size_t output_len)
166 {
167 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
168 (void) p_rng;
169 return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
170 output, output_len);
171 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
172 rng_context_t *rng = p_rng;
173
174 #if defined(MBEDTLS_CTR_DRBG_C)
175 return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
176 #elif defined(MBEDTLS_HMAC_DRBG_C)
177 return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
178 #else
179 #error "No DRBG available"
180 #endif
181
182 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
183 }
184
key_opaque_alg_parse(const char * arg,const char ** alg1,const char ** alg2)185 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
186 {
187 char *separator;
188 if ((separator = strchr(arg, ',')) == NULL) {
189 return 1;
190 }
191 *separator = '\0';
192
193 *alg1 = arg;
194 *alg2 = separator + 1;
195
196 if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 &&
197 strcmp(*alg1, "rsa-sign-pss") != 0 &&
198 strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
199 strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
200 strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
201 strcmp(*alg1, "rsa-decrypt") != 0 &&
202 strcmp(*alg1, "ecdsa-sign") != 0 &&
203 strcmp(*alg1, "ecdh") != 0) {
204 return 1;
205 }
206
207 if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 &&
208 strcmp(*alg2, "rsa-sign-pss") != 0 &&
209 strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
210 strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
211 strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
212 strcmp(*alg2, "rsa-decrypt") != 0 &&
213 strcmp(*alg2, "ecdsa-sign") != 0 &&
214 strcmp(*alg2, "ecdh") != 0 &&
215 strcmp(*alg2, "none") != 0) {
216 return 1;
217 }
218
219 return 0;
220 }
221
222 #if defined(MBEDTLS_USE_PSA_CRYPTO)
key_opaque_set_alg_usage(const char * alg1,const char * alg2,psa_algorithm_t * psa_alg1,psa_algorithm_t * psa_alg2,psa_key_usage_t * usage,mbedtls_pk_type_t key_type)223 int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
224 psa_algorithm_t *psa_alg1,
225 psa_algorithm_t *psa_alg2,
226 psa_key_usage_t *usage,
227 mbedtls_pk_type_t key_type)
228 {
229 if (strcmp(alg1, "none") != 0) {
230 const char *algs[] = { alg1, alg2 };
231 psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
232
233 for (int i = 0; i < 2; i++) {
234 if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) {
235 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
236 *usage |= PSA_KEY_USAGE_SIGN_HASH;
237 } else if (strcmp(algs[i], "rsa-sign-pss") == 0) {
238 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
239 *usage |= PSA_KEY_USAGE_SIGN_HASH;
240 } else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) {
241 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
242 *usage |= PSA_KEY_USAGE_SIGN_HASH;
243 } else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) {
244 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
245 *usage |= PSA_KEY_USAGE_SIGN_HASH;
246 } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
247 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
248 *usage |= PSA_KEY_USAGE_SIGN_HASH;
249 } else if (strcmp(algs[i], "rsa-decrypt") == 0) {
250 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
251 *usage |= PSA_KEY_USAGE_DECRYPT;
252 } else if (strcmp(algs[i], "ecdsa-sign") == 0) {
253 *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
254 *usage |= PSA_KEY_USAGE_SIGN_HASH;
255 } else if (strcmp(algs[i], "ecdh") == 0) {
256 *psa_algs[i] = PSA_ALG_ECDH;
257 *usage |= PSA_KEY_USAGE_DERIVE;
258 } else if (strcmp(algs[i], "none") == 0) {
259 *psa_algs[i] = PSA_ALG_NONE;
260 }
261 }
262 } else {
263 if (key_type == MBEDTLS_PK_ECKEY) {
264 *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
265 *psa_alg2 = PSA_ALG_ECDH;
266 *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
267 } else if (key_type == MBEDTLS_PK_RSA) {
268 *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
269 *psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
270 *usage = PSA_KEY_USAGE_SIGN_HASH;
271 } else {
272 return 1;
273 }
274 }
275
276 return 0;
277 }
278 #endif /* MBEDTLS_USE_PSA_CRYPTO */
279
280 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
ca_callback(void * data,mbedtls_x509_crt const * child,mbedtls_x509_crt ** candidates)281 int ca_callback(void *data, mbedtls_x509_crt const *child,
282 mbedtls_x509_crt **candidates)
283 {
284 int ret = 0;
285 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
286 mbedtls_x509_crt *first;
287
288 /* This is a test-only implementation of the CA callback
289 * which always returns the entire list of trusted certificates.
290 * Production implementations managing a large number of CAs
291 * should use an efficient presentation and lookup for the
292 * set of trusted certificates (such as a hashtable) and only
293 * return those trusted certificates which satisfy basic
294 * parental checks, such as the matching of child `Issuer`
295 * and parent `Subject` field or matching key identifiers. */
296 ((void) child);
297
298 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
299 if (first == NULL) {
300 ret = -1;
301 goto exit;
302 }
303 mbedtls_x509_crt_init(first);
304
305 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
306 ret = -1;
307 goto exit;
308 }
309
310 while (ca->next != NULL) {
311 ca = ca->next;
312 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
313 ret = -1;
314 goto exit;
315 }
316 }
317
318 exit:
319
320 if (ret != 0) {
321 mbedtls_x509_crt_free(first);
322 mbedtls_free(first);
323 first = NULL;
324 }
325
326 *candidates = first;
327 return ret;
328 }
329 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
330
delayed_recv(void * ctx,unsigned char * buf,size_t len)331 int delayed_recv(void *ctx, unsigned char *buf, size_t len)
332 {
333 static int first_try = 1;
334 int ret;
335
336 if (first_try) {
337 first_try = 0;
338 return MBEDTLS_ERR_SSL_WANT_READ;
339 }
340
341 ret = mbedtls_net_recv(ctx, buf, len);
342 if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
343 first_try = 1; /* Next call will be a new operation */
344 }
345 return ret;
346 }
347
delayed_send(void * ctx,const unsigned char * buf,size_t len)348 int delayed_send(void *ctx, const unsigned char *buf, size_t len)
349 {
350 static int first_try = 1;
351 int ret;
352
353 if (first_try) {
354 first_try = 0;
355 return MBEDTLS_ERR_SSL_WANT_WRITE;
356 }
357
358 ret = mbedtls_net_send(ctx, buf, len);
359 if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
360 first_try = 1; /* Next call will be a new operation */
361 }
362 return ret;
363 }
364
365 #if !defined(MBEDTLS_TIMING_C)
idle(mbedtls_net_context * fd,int idle_reason)366 int idle(mbedtls_net_context *fd,
367 int idle_reason)
368 #else
369 int idle(mbedtls_net_context *fd,
370 mbedtls_timing_delay_context *timer,
371 int idle_reason)
372 #endif
373 {
374 int ret;
375 int poll_type = 0;
376
377 if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
378 poll_type = MBEDTLS_NET_POLL_WRITE;
379 } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
380 poll_type = MBEDTLS_NET_POLL_READ;
381 }
382 #if !defined(MBEDTLS_TIMING_C)
383 else {
384 return 0;
385 }
386 #endif
387
388 while (1) {
389 /* Check if timer has expired */
390 #if defined(MBEDTLS_TIMING_C)
391 if (timer != NULL &&
392 mbedtls_timing_get_delay(timer) == 2) {
393 break;
394 }
395 #endif /* MBEDTLS_TIMING_C */
396
397 /* Check if underlying transport became available */
398 if (poll_type != 0) {
399 ret = mbedtls_net_poll(fd, poll_type, 0);
400 if (ret < 0) {
401 return ret;
402 }
403 if (ret == poll_type) {
404 break;
405 }
406 }
407 }
408
409 return 0;
410 }
411
412 #if defined(MBEDTLS_TEST_HOOKS)
413
test_hooks_init(void)414 void test_hooks_init(void)
415 {
416 mbedtls_test_info_reset();
417
418 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
419 mbedtls_test_mutex_usage_init();
420 #endif
421 }
422
test_hooks_failure_detected(void)423 int test_hooks_failure_detected(void)
424 {
425 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
426 /* Errors are reported via mbedtls_test_info. */
427 mbedtls_test_mutex_usage_check();
428 #endif
429
430 if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
431 return 1;
432 }
433 return 0;
434 }
435
test_hooks_free(void)436 void test_hooks_free(void)
437 {
438 }
439
440 #endif /* MBEDTLS_TEST_HOOKS */
441
442 static const struct {
443 uint16_t tls_id;
444 const char *name;
445 uint8_t is_supported;
446 } tls_id_group_name_table[] =
447 {
448 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
449 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
450 #else
451 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
452 #endif
453 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
454 { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
455 #else
456 { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
457 #endif
458 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
459 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
460 #else
461 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
462 #endif
463 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
464 { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
465 #else
466 { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
467 #endif
468 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
469 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
470 #else
471 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
472 #endif
473 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
474 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
475 #else
476 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
477 #endif
478 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
479 { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
480 #else
481 { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
482 #endif
483 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
484 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
485 #else
486 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
487 #endif
488 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
489 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
490 #else
491 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
492 #endif
493 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
494 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
495 #else
496 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
497 #endif
498 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
499 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
500 #else
501 { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
502 #endif
503 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
504 { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
505 #else
506 { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
507 #endif
508 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
509 { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
510 #else
511 { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
512 #endif
513 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
514 defined(PSA_WANT_ALG_FFDH)
515 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 },
516 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
517 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
518 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
519 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
520 #else
521 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 },
522 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 },
523 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 },
524 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 },
525 { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 },
526 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
527 { 0, NULL, 0 },
528 };
529
mbedtls_ssl_get_curve_tls_id_from_name(const char * name)530 static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name)
531 {
532 if (name == NULL) {
533 return 0;
534 }
535
536 for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
537 if (strcmp(tls_id_group_name_table[i].name, name) == 0) {
538 return tls_id_group_name_table[i].tls_id;
539 }
540 }
541
542 return 0;
543 }
544
mbedtls_ssl_print_supported_groups_list(void)545 static void mbedtls_ssl_print_supported_groups_list(void)
546 {
547 for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
548 if (tls_id_group_name_table[i].is_supported == 1) {
549 mbedtls_printf("%s ", tls_id_group_name_table[i].name);
550 }
551 }
552 }
553
parse_groups(const char * groups,uint16_t * group_list,size_t group_list_len)554 int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len)
555 {
556 char *p = (char *) groups;
557 char *q = NULL;
558 size_t i = 0;
559
560 if (strcmp(p, "none") == 0) {
561 group_list[0] = 0;
562 } else if (strcmp(p, "default") != 0) {
563 /* Leave room for a final NULL in group list */
564 while (i < group_list_len - 1 && *p != '\0') {
565 uint16_t curve_tls_id;
566 q = p;
567
568 /* Terminate the current string */
569 while (*p != ',' && *p != '\0') {
570 p++;
571 }
572 if (*p == ',') {
573 *p++ = '\0';
574 }
575
576 if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) {
577 group_list[i++] = curve_tls_id;
578 } else {
579 mbedtls_printf("unknown group %s\n", q);
580 mbedtls_printf("supported groups: ");
581 mbedtls_ssl_print_supported_groups_list();
582 mbedtls_printf("\n");
583 return -1;
584 }
585 }
586
587 mbedtls_printf("Number of groups: %u\n", (unsigned int) i);
588
589 if (i == group_list_len - 1 && *p != '\0') {
590 mbedtls_printf("groups list too long, maximum %u",
591 (unsigned int) (group_list_len - 1));
592 return -1;
593 }
594
595 group_list[i] = 0;
596 }
597
598 return 0;
599 }
600
601 #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */
602
