1 /*
2  *  Common code for SSL test programs
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
21 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
22 
23 #include "mbedtls/build_info.h"
24 
25 #include "mbedtls/platform.h"
26 
27 #undef HAVE_RNG
28 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&         \
29     (defined(MBEDTLS_USE_PSA_CRYPTO) ||                \
30     defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
31 #define HAVE_RNG
32 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
33 #define HAVE_RNG
34 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) &&     \
35     (defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C))
36 #define HAVE_RNG
37 #endif
38 
39 #if !defined(MBEDTLS_NET_C) ||                              \
40     !defined(MBEDTLS_SSL_TLS_C)
41 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
42     "MBEDTLS_NET_C and/or "                                 \
43     "MBEDTLS_SSL_TLS_C not defined."
44 #elif !defined(HAVE_RNG)
45 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
46     "No random generator is available.\n"
47 #else
48 #undef MBEDTLS_SSL_TEST_IMPOSSIBLE
49 
50 #undef HAVE_RNG
51 
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 
56 #include "mbedtls/net_sockets.h"
57 #include "mbedtls/ssl.h"
58 #include "mbedtls/ssl_ciphersuites.h"
59 #include "mbedtls/entropy.h"
60 #include "mbedtls/ctr_drbg.h"
61 #include "mbedtls/hmac_drbg.h"
62 #include "mbedtls/x509.h"
63 #include "mbedtls/error.h"
64 #include "mbedtls/debug.h"
65 #include "mbedtls/timing.h"
66 #include "mbedtls/base64.h"
67 #include "test/certs.h"
68 
69 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
70 #include "psa/crypto.h"
71 #include "mbedtls/psa_util.h"
72 #endif
73 
74 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
75 #include "mbedtls/memory_buffer_alloc.h"
76 #endif
77 
78 #include <test/helpers.h>
79 
80 #include "../test/query_config.h"
81 
82 typedef struct eap_tls_keys {
83     unsigned char master_secret[48];
84     unsigned char randbytes[64];
85     mbedtls_tls_prf_types tls_prf_type;
86 } eap_tls_keys;
87 
88 #if defined(MBEDTLS_SSL_DTLS_SRTP)
89 
90 /* Supported SRTP mode needs a maximum of :
91  * - 16 bytes for key (AES-128)
92  * - 14 bytes SALT
93  * One for sender, one for receiver context
94  */
95 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH    60
96 
97 typedef struct dtls_srtp_keys {
98     unsigned char master_secret[48];
99     unsigned char randbytes[64];
100     mbedtls_tls_prf_types tls_prf_type;
101 } dtls_srtp_keys;
102 
103 #endif /* MBEDTLS_SSL_DTLS_SRTP */
104 
105 typedef struct {
106     mbedtls_ssl_context *ssl;
107     mbedtls_net_context *net;
108 } io_ctx_t;
109 
110 void my_debug(void *ctx, int level,
111               const char *file, int line,
112               const char *str);
113 
114 #if defined(MBEDTLS_HAVE_TIME)
115 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
116 #endif
117 
118 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
119 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
120  * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
121  *
122  * The constraints are:
123  * - Without the entropy module, the PSA RNG is the only option.
124  * - Without at least one of the DRBG modules, the PSA RNG is the only option.
125  * - The PSA RNG does not support explicit seeding, so it is incompatible with
126  *   the reproducible mode used by test programs.
127  * - For good overall test coverage, there should be at least one configuration
128  *   where the test programs use the PSA RNG while the PSA RNG is itself based
129  *   on entropy+DRBG, and at least one configuration where the test programs
130  *   do not use the PSA RNG even though it's there.
131  *
132  * A simple choice that meets the constraints is to use the PSA RNG whenever
133  * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
134  * choice to use the PSA RNG in the test programs and the choice to use
135  * PSA crypto when TLS code needs crypto have to be tied together, but it
136  * happens to be a good match. It's also a good match from an application
137  * perspective: either PSA is preferred for TLS (both for crypto and for
138  * random generation) or it isn't.
139  */
140 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
141 #endif
142 
143 /** A context for random number generation (RNG).
144  */
145 typedef struct {
146 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
147     unsigned char dummy;
148 #else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
149     mbedtls_entropy_context entropy;
150 #if defined(MBEDTLS_CTR_DRBG_C)
151     mbedtls_ctr_drbg_context drbg;
152 #elif defined(MBEDTLS_HMAC_DRBG_C)
153     mbedtls_hmac_drbg_context drbg;
154 #else
155 #error "No DRBG available"
156 #endif
157 #endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
158 } rng_context_t;
159 
160 /** Initialize the RNG.
161  *
162  * This function only initializes the memory used by the RNG context.
163  * Before using the RNG, it must be seeded with rng_seed().
164  */
165 void rng_init(rng_context_t *rng);
166 
167 /* Seed the random number generator.
168  *
169  * \param rng           The RNG context to use. It must have been initialized
170  *                      with rng_init().
171  * \param reproducible  If zero, seed the RNG from entropy.
172  *                      If nonzero, use a fixed seed, so that the program
173  *                      will produce the same sequence of random numbers
174  *                      each time it is invoked.
175  * \param pers          A null-terminated string. Different values for this
176  *                      string cause the RNG to emit different output for
177  *                      the same seed.
178  *
179  * return 0 on success, a negative value on error.
180  */
181 int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
182 
183 /** Deinitialize the RNG. Free any embedded resource.
184  *
185  * \param rng           The RNG context to deinitialize. It must have been
186  *                      initialized with rng_init().
187  */
188 void rng_free(rng_context_t *rng);
189 
190 /** Generate random data.
191  *
192  * This function is suitable for use as the \c f_rng argument to Mbed TLS
193  * library functions.
194  *
195  * \param p_rng         The random generator context. This must be a pointer to
196  *                      a #rng_context_t structure.
197  * \param output        The buffer to fill.
198  * \param output_len    The length of the buffer in bytes.
199  *
200  * \return              \c 0 on success.
201  * \return              An Mbed TLS error code on error.
202  */
203 int rng_get(void *p_rng, unsigned char *output, size_t output_len);
204 
205 /** Parse command-line option: key_opaque_algs
206  *
207  *
208  * \param arg           String value of key_opaque_algs
209  *                      Coma-separated pair of values among the following:
210  *                      - "rsa-sign-pkcs1"
211  *                      - "rsa-sign-pss"
212  *                      - "rsa-decrypt"
213  *                      - "ecdsa-sign"
214  *                      - "ecdh"
215  *                      - "none" (only acceptable for the second value).
216  * \param alg1          Address of pointer to alg #1
217  * \param alg2          Address of pointer to alg #2
218  *
219  * \return              \c 0 on success.
220  * \return              \c 1 on parse failure.
221  */
222 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
223 
224 #if defined(MBEDTLS_USE_PSA_CRYPTO)
225 /** Parse given opaque key algorithms to obtain psa algs and usage
226  *  that will be passed to mbedtls_pk_wrap_as_opaque().
227  *
228  *
229  * \param alg1          input string opaque key algorithm #1
230  * \param alg2          input string opaque key algorithm #2
231  * \param psa_alg1      output PSA algorithm #1
232  * \param psa_alg2      output PSA algorithm #2
233  * \param usage         output key usage
234  * \param key_type      key type used to set default psa algorithm/usage
235  *                      when alg1 in "none"
236  *
237  * \return              \c 0 on success.
238  * \return              \c 1 on parse failure.
239  */
240 int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
241                              psa_algorithm_t *psa_alg1,
242                              psa_algorithm_t *psa_alg2,
243                              psa_key_usage_t *usage,
244                              mbedtls_pk_type_t key_type);
245 #endif /* MBEDTLS_USE_PSA_CRYPTO */
246 
247 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
248 /* The test implementation of the PSA external RNG is insecure. When
249  * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
250  * function that makes use of an RNG, you must call
251  * mbedtls_test_enable_insecure_external_rng(). */
252 #include <test/fake_external_rng_for_test.h>
253 #endif
254 
255 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
256 int ca_callback(void *data, mbedtls_x509_crt const *child,
257                 mbedtls_x509_crt **candidates);
258 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
259 
260 /*
261  * Test recv/send functions that make sure each try returns
262  * WANT_READ/WANT_WRITE at least once before succeeding
263  */
264 int delayed_recv(void *ctx, unsigned char *buf, size_t len);
265 int delayed_send(void *ctx, const unsigned char *buf, size_t len);
266 
267 /*
268  * Wait for an event from the underlying transport or the timer
269  * (Used in event-driven IO mode).
270  */
271 int idle(mbedtls_net_context *fd,
272 #if defined(MBEDTLS_TIMING_C)
273          mbedtls_timing_delay_context *timer,
274 #endif
275          int idle_reason);
276 
277 #if defined(MBEDTLS_TEST_HOOKS)
278 /** Initialize whatever test hooks are enabled by the compile-time
279  * configuration and make sense for the TLS test programs. */
280 void test_hooks_init(void);
281 
282 /** Check if any test hooks detected a problem.
283  *
284  * If a problem was detected, it's ok for the calling program to keep going,
285  * but it should ultimately exit with an error status.
286  *
287  * \note When implementing a test hook that detects errors on its own
288  *       (as opposed to e.g. leaving the error for a memory sanitizer to
289  *       report), make sure to print a message to standard error either at
290  *       the time the problem is detected or during the execution of this
291  *       function. This function does not indicate what problem was detected,
292  *       so printing a message is the only way to provide feedback in the
293  *       logs of the calling program.
294  *
295  * \return Nonzero if a problem was detected.
296  *         \c 0 if no problem was detected.
297  */
298 int test_hooks_failure_detected(void);
299 
300 /** Free any resources allocated for the sake of test hooks.
301  *
302  * Call this at the end of the program so that resource leak analyzers
303  * don't complain.
304  */
305 void test_hooks_free(void);
306 
307 #endif /* !MBEDTLS_TEST_HOOKS */
308 
309 #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
310 #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */
311