1 /*
2 * Common code library for SSL test programs.
3 *
4 * In addition to the functions in this file, there is shared source code
5 * that cannot be compiled separately in "ssl_test_common_source.c".
6 *
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 */
22
23 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
24
25 #include "ssl_test_lib.h"
26
27 #if defined(MBEDTLS_TEST_HOOKS)
28 #include "test/helpers.h"
29 #endif
30
31 #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
32
my_debug(void * ctx,int level,const char * file,int line,const char * str)33 void my_debug(void *ctx, int level,
34 const char *file, int line,
35 const char *str)
36 {
37 const char *p, *basename;
38
39 /* Extract basename from file */
40 for (p = basename = file; *p != '\0'; p++) {
41 if (*p == '/' || *p == '\\') {
42 basename = p + 1;
43 }
44 }
45
46 mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
47 basename, line, level, str);
48 fflush((FILE *) ctx);
49 }
50
51 #if defined(MBEDTLS_HAVE_TIME)
dummy_constant_time(mbedtls_time_t * time)52 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
53 {
54 (void) time;
55 return 0x5af2a056;
56 }
57 #endif
58
59 #if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
dummy_entropy(void * data,unsigned char * output,size_t len)60 static int dummy_entropy(void *data, unsigned char *output, size_t len)
61 {
62 size_t i;
63 int ret;
64 (void) data;
65
66 ret = mbedtls_entropy_func(data, output, len);
67 for (i = 0; i < len; i++) {
68 //replace result with pseudo random
69 output[i] = (unsigned char) rand();
70 }
71 return ret;
72 }
73 #endif
74
rng_init(rng_context_t * rng)75 void rng_init(rng_context_t *rng)
76 {
77 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
78 (void) rng;
79 psa_crypto_init();
80 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
81
82 #if defined(MBEDTLS_CTR_DRBG_C)
83 mbedtls_ctr_drbg_init(&rng->drbg);
84 #elif defined(MBEDTLS_HMAC_DRBG_C)
85 mbedtls_hmac_drbg_init(&rng->drbg);
86 #else
87 #error "No DRBG available"
88 #endif
89
90 mbedtls_entropy_init(&rng->entropy);
91 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
92 }
93
rng_seed(rng_context_t * rng,int reproducible,const char * pers)94 int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
95 {
96 #if defined(MBEDTLS_USE_PSA_CRYPTO)
97 if (reproducible) {
98 mbedtls_fprintf(stderr,
99 "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
100 return -1;
101 }
102 #endif
103 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
104 /* The PSA crypto RNG does its own seeding. */
105 (void) rng;
106 (void) pers;
107 if (reproducible) {
108 mbedtls_fprintf(stderr,
109 "The PSA RNG does not support reproducible mode.\n");
110 return -1;
111 }
112 return 0;
113 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
114 int (*f_entropy)(void *, unsigned char *, size_t) =
115 (reproducible ? dummy_entropy : mbedtls_entropy_func);
116
117 if (reproducible) {
118 srand(1);
119 }
120
121 #if defined(MBEDTLS_CTR_DRBG_C)
122 int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
123 f_entropy, &rng->entropy,
124 (const unsigned char *) pers,
125 strlen(pers));
126 #elif defined(MBEDTLS_HMAC_DRBG_C)
127 #if defined(MBEDTLS_SHA256_C)
128 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
129 #elif defined(MBEDTLS_SHA512_C)
130 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
131 #else
132 #error "No message digest available for HMAC_DRBG"
133 #endif
134 int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
135 mbedtls_md_info_from_type(md_type),
136 f_entropy, &rng->entropy,
137 (const unsigned char *) pers,
138 strlen(pers));
139 #else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
140 #error "No DRBG available"
141 #endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
142
143 if (ret != 0) {
144 mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
145 (unsigned int) -ret);
146 return ret;
147 }
148 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
149
150 return 0;
151 }
152
rng_free(rng_context_t * rng)153 void rng_free(rng_context_t *rng)
154 {
155 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
156 (void) rng;
157 /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
158 * This is ok because none of our applications try to do any crypto after
159 * deinitializing the RNG. */
160 mbedtls_psa_crypto_free();
161 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
162
163 #if defined(MBEDTLS_CTR_DRBG_C)
164 mbedtls_ctr_drbg_free(&rng->drbg);
165 #elif defined(MBEDTLS_HMAC_DRBG_C)
166 mbedtls_hmac_drbg_free(&rng->drbg);
167 #else
168 #error "No DRBG available"
169 #endif
170
171 mbedtls_entropy_free(&rng->entropy);
172 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
173 }
174
rng_get(void * p_rng,unsigned char * output,size_t output_len)175 int rng_get(void *p_rng, unsigned char *output, size_t output_len)
176 {
177 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
178 (void) p_rng;
179 return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
180 output, output_len);
181 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
182 rng_context_t *rng = p_rng;
183
184 #if defined(MBEDTLS_CTR_DRBG_C)
185 return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
186 #elif defined(MBEDTLS_HMAC_DRBG_C)
187 return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
188 #else
189 #error "No DRBG available"
190 #endif
191
192 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
193 }
194
key_opaque_alg_parse(const char * arg,const char ** alg1,const char ** alg2)195 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
196 {
197 char *separator;
198 if ((separator = strchr(arg, ',')) == NULL) {
199 return 1;
200 }
201 *separator = '\0';
202
203 *alg1 = arg;
204 *alg2 = separator + 1;
205
206 if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 &&
207 strcmp(*alg1, "rsa-sign-pss") != 0 &&
208 strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
209 strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
210 strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
211 strcmp(*alg1, "rsa-decrypt") != 0 &&
212 strcmp(*alg1, "ecdsa-sign") != 0 &&
213 strcmp(*alg1, "ecdh") != 0) {
214 return 1;
215 }
216
217 if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 &&
218 strcmp(*alg2, "rsa-sign-pss") != 0 &&
219 strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
220 strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
221 strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
222 strcmp(*alg2, "rsa-decrypt") != 0 &&
223 strcmp(*alg2, "ecdsa-sign") != 0 &&
224 strcmp(*alg2, "ecdh") != 0 &&
225 strcmp(*alg2, "none") != 0) {
226 return 1;
227 }
228
229 return 0;
230 }
231
232 #if defined(MBEDTLS_USE_PSA_CRYPTO)
key_opaque_set_alg_usage(const char * alg1,const char * alg2,psa_algorithm_t * psa_alg1,psa_algorithm_t * psa_alg2,psa_key_usage_t * usage,mbedtls_pk_type_t key_type)233 int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
234 psa_algorithm_t *psa_alg1,
235 psa_algorithm_t *psa_alg2,
236 psa_key_usage_t *usage,
237 mbedtls_pk_type_t key_type)
238 {
239 if (strcmp(alg1, "none") != 0) {
240 const char *algs[] = { alg1, alg2 };
241 psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
242
243 for (int i = 0; i < 2; i++) {
244 if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) {
245 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
246 *usage |= PSA_KEY_USAGE_SIGN_HASH;
247 } else if (strcmp(algs[i], "rsa-sign-pss") == 0) {
248 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
249 *usage |= PSA_KEY_USAGE_SIGN_HASH;
250 } else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) {
251 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
252 *usage |= PSA_KEY_USAGE_SIGN_HASH;
253 } else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) {
254 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
255 *usage |= PSA_KEY_USAGE_SIGN_HASH;
256 } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
257 *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
258 *usage |= PSA_KEY_USAGE_SIGN_HASH;
259 } else if (strcmp(algs[i], "rsa-decrypt") == 0) {
260 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
261 *usage |= PSA_KEY_USAGE_DECRYPT;
262 } else if (strcmp(algs[i], "ecdsa-sign") == 0) {
263 *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
264 *usage |= PSA_KEY_USAGE_SIGN_HASH;
265 } else if (strcmp(algs[i], "ecdh") == 0) {
266 *psa_algs[i] = PSA_ALG_ECDH;
267 *usage |= PSA_KEY_USAGE_DERIVE;
268 } else if (strcmp(algs[i], "none") == 0) {
269 *psa_algs[i] = PSA_ALG_NONE;
270 }
271 }
272 } else {
273 if (key_type == MBEDTLS_PK_ECKEY) {
274 *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
275 *psa_alg2 = PSA_ALG_ECDH;
276 *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
277 } else if (key_type == MBEDTLS_PK_RSA) {
278 *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
279 *psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
280 *usage = PSA_KEY_USAGE_SIGN_HASH;
281 } else {
282 return 1;
283 }
284 }
285
286 return 0;
287 }
288 #endif /* MBEDTLS_USE_PSA_CRYPTO */
289
290 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
ca_callback(void * data,mbedtls_x509_crt const * child,mbedtls_x509_crt ** candidates)291 int ca_callback(void *data, mbedtls_x509_crt const *child,
292 mbedtls_x509_crt **candidates)
293 {
294 int ret = 0;
295 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
296 mbedtls_x509_crt *first;
297
298 /* This is a test-only implementation of the CA callback
299 * which always returns the entire list of trusted certificates.
300 * Production implementations managing a large number of CAs
301 * should use an efficient presentation and lookup for the
302 * set of trusted certificates (such as a hashtable) and only
303 * return those trusted certificates which satisfy basic
304 * parental checks, such as the matching of child `Issuer`
305 * and parent `Subject` field or matching key identifiers. */
306 ((void) child);
307
308 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
309 if (first == NULL) {
310 ret = -1;
311 goto exit;
312 }
313 mbedtls_x509_crt_init(first);
314
315 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
316 ret = -1;
317 goto exit;
318 }
319
320 while (ca->next != NULL) {
321 ca = ca->next;
322 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
323 ret = -1;
324 goto exit;
325 }
326 }
327
328 exit:
329
330 if (ret != 0) {
331 mbedtls_x509_crt_free(first);
332 mbedtls_free(first);
333 first = NULL;
334 }
335
336 *candidates = first;
337 return ret;
338 }
339 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
340
delayed_recv(void * ctx,unsigned char * buf,size_t len)341 int delayed_recv(void *ctx, unsigned char *buf, size_t len)
342 {
343 static int first_try = 1;
344 int ret;
345
346 if (first_try) {
347 first_try = 0;
348 return MBEDTLS_ERR_SSL_WANT_READ;
349 }
350
351 ret = mbedtls_net_recv(ctx, buf, len);
352 if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
353 first_try = 1; /* Next call will be a new operation */
354 }
355 return ret;
356 }
357
delayed_send(void * ctx,const unsigned char * buf,size_t len)358 int delayed_send(void *ctx, const unsigned char *buf, size_t len)
359 {
360 static int first_try = 1;
361 int ret;
362
363 if (first_try) {
364 first_try = 0;
365 return MBEDTLS_ERR_SSL_WANT_WRITE;
366 }
367
368 ret = mbedtls_net_send(ctx, buf, len);
369 if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
370 first_try = 1; /* Next call will be a new operation */
371 }
372 return ret;
373 }
374
375 #if !defined(MBEDTLS_TIMING_C)
idle(mbedtls_net_context * fd,int idle_reason)376 int idle(mbedtls_net_context *fd,
377 int idle_reason)
378 #else
379 int idle(mbedtls_net_context *fd,
380 mbedtls_timing_delay_context *timer,
381 int idle_reason)
382 #endif
383 {
384 int ret;
385 int poll_type = 0;
386
387 if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
388 poll_type = MBEDTLS_NET_POLL_WRITE;
389 } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
390 poll_type = MBEDTLS_NET_POLL_READ;
391 }
392 #if !defined(MBEDTLS_TIMING_C)
393 else {
394 return 0;
395 }
396 #endif
397
398 while (1) {
399 /* Check if timer has expired */
400 #if defined(MBEDTLS_TIMING_C)
401 if (timer != NULL &&
402 mbedtls_timing_get_delay(timer) == 2) {
403 break;
404 }
405 #endif /* MBEDTLS_TIMING_C */
406
407 /* Check if underlying transport became available */
408 if (poll_type != 0) {
409 ret = mbedtls_net_poll(fd, poll_type, 0);
410 if (ret < 0) {
411 return ret;
412 }
413 if (ret == poll_type) {
414 break;
415 }
416 }
417 }
418
419 return 0;
420 }
421
422 #if defined(MBEDTLS_TEST_HOOKS)
423
test_hooks_init(void)424 void test_hooks_init(void)
425 {
426 mbedtls_test_info_reset();
427
428 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
429 mbedtls_test_mutex_usage_init();
430 #endif
431 }
432
test_hooks_failure_detected(void)433 int test_hooks_failure_detected(void)
434 {
435 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
436 /* Errors are reported via mbedtls_test_info. */
437 mbedtls_test_mutex_usage_check();
438 #endif
439
440 if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
441 return 1;
442 }
443 return 0;
444 }
445
test_hooks_free(void)446 void test_hooks_free(void)
447 {
448 }
449
450 #endif /* MBEDTLS_TEST_HOOKS */
451
452 #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */
453
