1 /*
2  *  Common code for SSL test programs
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
21 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
22 
23 #include "mbedtls/build_info.h"
24 
25 #include "mbedtls/platform.h"
26 
27 #undef HAVE_RNG
28 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&         \
29     ( defined(MBEDTLS_USE_PSA_CRYPTO) ||                \
30       defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
31 #define HAVE_RNG
32 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
33 #define HAVE_RNG
34 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) &&     \
35     ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
36 #define HAVE_RNG
37 #endif
38 
39 #if !defined(MBEDTLS_NET_C) ||                              \
40     !defined(MBEDTLS_SSL_TLS_C)
41 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
42     "MBEDTLS_NET_C and/or "                                 \
43     "MBEDTLS_SSL_TLS_C not defined."
44 #elif !defined(HAVE_RNG)
45 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
46     "No random generator is available.\n"
47 #else
48 #undef MBEDTLS_SSL_TEST_IMPOSSIBLE
49 
50 #undef HAVE_RNG
51 
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 
56 #include "mbedtls/net_sockets.h"
57 #include "mbedtls/ssl.h"
58 #include "mbedtls/ssl_ciphersuites.h"
59 #include "mbedtls/entropy.h"
60 #include "mbedtls/ctr_drbg.h"
61 #include "mbedtls/hmac_drbg.h"
62 #include "mbedtls/x509.h"
63 #include "mbedtls/error.h"
64 #include "mbedtls/debug.h"
65 #include "mbedtls/timing.h"
66 #include "mbedtls/base64.h"
67 #include "test/certs.h"
68 
69 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
70 #include "psa/crypto.h"
71 #include "mbedtls/psa_util.h"
72 #endif
73 
74 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
75 #include "mbedtls/memory_buffer_alloc.h"
76 #endif
77 
78 #include <test/helpers.h>
79 
80 #include "../test/query_config.h"
81 
82 typedef struct eap_tls_keys
83 {
84     unsigned char master_secret[48];
85     unsigned char randbytes[64];
86     mbedtls_tls_prf_types tls_prf_type;
87 } eap_tls_keys;
88 
89 #if defined( MBEDTLS_SSL_DTLS_SRTP )
90 
91 /* Supported SRTP mode needs a maximum of :
92  * - 16 bytes for key (AES-128)
93  * - 14 bytes SALT
94  * One for sender, one for receiver context
95  */
96 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH    60
97 
98 typedef struct dtls_srtp_keys
99 {
100     unsigned char master_secret[48];
101     unsigned char randbytes[64];
102     mbedtls_tls_prf_types tls_prf_type;
103 } dtls_srtp_keys;
104 
105 #endif /* MBEDTLS_SSL_DTLS_SRTP */
106 
107 typedef struct
108 {
109     mbedtls_ssl_context *ssl;
110     mbedtls_net_context *net;
111 } io_ctx_t;
112 
113 void my_debug( void *ctx, int level,
114                const char *file, int line,
115                const char *str );
116 
117 #if defined(MBEDTLS_HAVE_TIME)
118 mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
119 #endif
120 
121 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
122 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
123  * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
124  *
125  * The constraints are:
126  * - Without the entropy module, the PSA RNG is the only option.
127  * - Without at least one of the DRBG modules, the PSA RNG is the only option.
128  * - The PSA RNG does not support explicit seeding, so it is incompatible with
129  *   the reproducible mode used by test programs.
130  * - For good overall test coverage, there should be at least one configuration
131  *   where the test programs use the PSA RNG while the PSA RNG is itself based
132  *   on entropy+DRBG, and at least one configuration where the test programs
133  *   do not use the PSA RNG even though it's there.
134  *
135  * A simple choice that meets the constraints is to use the PSA RNG whenever
136  * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
137  * choice to use the PSA RNG in the test programs and the choice to use
138  * PSA crypto when TLS code needs crypto have to be tied together, but it
139  * happens to be a good match. It's also a good match from an application
140  * perspective: either PSA is preferred for TLS (both for crypto and for
141  * random generation) or it isn't.
142  */
143 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
144 #endif
145 
146 /** A context for random number generation (RNG).
147  */
148 typedef struct
149 {
150 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
151     unsigned char dummy;
152 #else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
153     mbedtls_entropy_context entropy;
154 #if defined(MBEDTLS_CTR_DRBG_C)
155     mbedtls_ctr_drbg_context drbg;
156 #elif defined(MBEDTLS_HMAC_DRBG_C)
157     mbedtls_hmac_drbg_context drbg;
158 #else
159 #error "No DRBG available"
160 #endif
161 #endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
162 } rng_context_t;
163 
164 /** Initialize the RNG.
165  *
166  * This function only initializes the memory used by the RNG context.
167  * Before using the RNG, it must be seeded with rng_seed().
168  */
169 void rng_init( rng_context_t *rng );
170 
171 /* Seed the random number generator.
172  *
173  * \param rng           The RNG context to use. It must have been initialized
174  *                      with rng_init().
175  * \param reproducible  If zero, seed the RNG from entropy.
176  *                      If nonzero, use a fixed seed, so that the program
177  *                      will produce the same sequence of random numbers
178  *                      each time it is invoked.
179  * \param pers          A null-terminated string. Different values for this
180  *                      string cause the RNG to emit different output for
181  *                      the same seed.
182  *
183  * return 0 on success, a negative value on error.
184  */
185 int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
186 
187 /** Deinitialize the RNG. Free any embedded resource.
188  *
189  * \param rng           The RNG context to deinitialize. It must have been
190  *                      initialized with rng_init().
191  */
192 void rng_free( rng_context_t *rng );
193 
194 /** Generate random data.
195  *
196  * This function is suitable for use as the \c f_rng argument to Mbed TLS
197  * library functions.
198  *
199  * \param p_rng         The random generator context. This must be a pointer to
200  *                      a #rng_context_t structure.
201  * \param output        The buffer to fill.
202  * \param output_len    The length of the buffer in bytes.
203  *
204  * \return              \c 0 on success.
205  * \return              An Mbed TLS error code on error.
206  */
207 int rng_get( void *p_rng, unsigned char *output, size_t output_len );
208 
209 /** Parse command-line option: key_opaque_algs
210  *
211  *
212  * \param arg           String value of key_opaque_algs
213  *                      Coma-separated pair of values among the following:
214  *                      - "rsa-sign-pkcs1"
215  *                      - "rsa-sign-pss"
216  *                      - "rsa-decrypt"
217  *                      - "ecdsa-sign"
218  *                      - "ecdh"
219  *                      - "none" (only acceptable for the second value).
220  * \param alg1          Address of pointer to alg #1
221  * \param alg2          Address of pointer to alg #2
222  *
223  * \return              \c 0 on success.
224  * \return              \c 1 on parse failure.
225  */
226 int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 );
227 
228 #if defined(MBEDTLS_USE_PSA_CRYPTO)
229 /** Parse given opaque key algorithms to obtain psa algs and usage
230  *  that will be passed to mbedtls_pk_wrap_as_opaque().
231  *
232  *
233  * \param alg1          input string opaque key algorithm #1
234  * \param alg2          input string opaque key algorithm #2
235  * \param psa_alg1      output PSA algorithm #1
236  * \param psa_alg2      output PSA algorithm #2
237  * \param usage         output key usage
238  * \param key_type      key type used to set default psa algorithm/usage
239  *                      when alg1 in "none"
240  *
241  * \return              \c 0 on success.
242  * \return              \c 1 on parse failure.
243  */
244 int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
245                               psa_algorithm_t *psa_alg1,
246                               psa_algorithm_t *psa_alg2,
247                               psa_key_usage_t *usage,
248                               mbedtls_pk_type_t key_type );
249 #endif /* MBEDTLS_USE_PSA_CRYPTO */
250 
251 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
252 /* The test implementation of the PSA external RNG is insecure. When
253  * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
254  * function that makes use of an RNG, you must call
255  * mbedtls_test_enable_insecure_external_rng(). */
256 #include <test/fake_external_rng_for_test.h>
257 #endif
258 
259 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
260 int ca_callback( void *data, mbedtls_x509_crt const *child,
261                  mbedtls_x509_crt **candidates );
262 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
263 
264 /*
265  * Test recv/send functions that make sure each try returns
266  * WANT_READ/WANT_WRITE at least once before succeeding
267  */
268 int delayed_recv( void *ctx, unsigned char *buf, size_t len );
269 int delayed_send( void *ctx, const unsigned char *buf, size_t len );
270 
271 /*
272  * Wait for an event from the underlying transport or the timer
273  * (Used in event-driven IO mode).
274  */
275 int idle( mbedtls_net_context *fd,
276 #if defined(MBEDTLS_TIMING_C)
277           mbedtls_timing_delay_context *timer,
278 #endif
279           int idle_reason );
280 
281 #if defined(MBEDTLS_TEST_HOOKS)
282 /** Initialize whatever test hooks are enabled by the compile-time
283  * configuration and make sense for the TLS test programs. */
284 void test_hooks_init( void );
285 
286 /** Check if any test hooks detected a problem.
287  *
288  * If a problem was detected, it's ok for the calling program to keep going,
289  * but it should ultimately exit with an error status.
290  *
291  * \note When implementing a test hook that detects errors on its own
292  *       (as opposed to e.g. leaving the error for a memory sanitizer to
293  *       report), make sure to print a message to standard error either at
294  *       the time the problem is detected or during the execution of this
295  *       function. This function does not indicate what problem was detected,
296  *       so printing a message is the only way to provide feedback in the
297  *       logs of the calling program.
298  *
299  * \return Nonzero if a problem was detected.
300  *         \c 0 if no problem was detected.
301  */
302 int test_hooks_failure_detected( void );
303 
304 /** Free any resources allocated for the sake of test hooks.
305  *
306  * Call this at the end of the program so that resource leak analyzers
307  * don't complain.
308  */
309 void test_hooks_free( void );
310 
311 #endif /* !MBEDTLS_TEST_HOOKS */
312 
313 #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
314 #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */
315