1 /*
2  *  Common code for SSL test programs
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
9 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
10 
11 #include "mbedtls/build_info.h"
12 
13 #include "mbedtls/platform.h"
14 #include "mbedtls/md.h"
15 
16 #undef HAVE_RNG
17 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&         \
18     (defined(MBEDTLS_USE_PSA_CRYPTO) ||                \
19     defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
20 #define HAVE_RNG
21 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
22 #define HAVE_RNG
23 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) &&     \
24     (defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA512))
25 #define HAVE_RNG
26 #endif
27 
28 #if !defined(MBEDTLS_NET_C) ||                              \
29     !defined(MBEDTLS_SSL_TLS_C)
30 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
31     "MBEDTLS_NET_C and/or "                                 \
32     "MBEDTLS_SSL_TLS_C not defined."
33 #elif !defined(HAVE_RNG)
34 #define MBEDTLS_SSL_TEST_IMPOSSIBLE                         \
35     "No random generator is available.\n"
36 #else
37 #undef MBEDTLS_SSL_TEST_IMPOSSIBLE
38 
39 #undef HAVE_RNG
40 
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 
45 #include "mbedtls/net_sockets.h"
46 #include "mbedtls/ssl.h"
47 #include "mbedtls/ssl_ciphersuites.h"
48 #include "mbedtls/entropy.h"
49 #include "mbedtls/ctr_drbg.h"
50 #include "mbedtls/hmac_drbg.h"
51 #include "mbedtls/x509.h"
52 #include "mbedtls/error.h"
53 #include "mbedtls/debug.h"
54 #include "mbedtls/timing.h"
55 #include "mbedtls/base64.h"
56 #include "test/certs.h"
57 
58 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
59 #include "psa/crypto.h"
60 #include "mbedtls/psa_util.h"
61 #endif
62 
63 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
64 #include "mbedtls/memory_buffer_alloc.h"
65 #endif
66 
67 #include <test/helpers.h>
68 
69 #include "../test/query_config.h"
70 
71 #define ALPN_LIST_SIZE    10
72 #define GROUP_LIST_SIZE   25
73 #define SIG_ALG_LIST_SIZE  5
74 
75 typedef struct eap_tls_keys {
76     unsigned char master_secret[48];
77     unsigned char randbytes[64];
78     mbedtls_tls_prf_types tls_prf_type;
79 } eap_tls_keys;
80 
81 #if defined(MBEDTLS_SSL_DTLS_SRTP)
82 
83 /* Supported SRTP mode needs a maximum of :
84  * - 16 bytes for key (AES-128)
85  * - 14 bytes SALT
86  * One for sender, one for receiver context
87  */
88 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH    60
89 
90 typedef struct dtls_srtp_keys {
91     unsigned char master_secret[48];
92     unsigned char randbytes[64];
93     mbedtls_tls_prf_types tls_prf_type;
94 } dtls_srtp_keys;
95 
96 #endif /* MBEDTLS_SSL_DTLS_SRTP */
97 
98 typedef struct {
99     mbedtls_ssl_context *ssl;
100     mbedtls_net_context *net;
101 } io_ctx_t;
102 
103 void my_debug(void *ctx, int level,
104               const char *file, int line,
105               const char *str);
106 
107 #if defined(MBEDTLS_HAVE_TIME)
108 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
109 #endif
110 
111 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
112 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
113  * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
114  *
115  * The constraints are:
116  * - Without the entropy module, the PSA RNG is the only option.
117  * - Without at least one of the DRBG modules, the PSA RNG is the only option.
118  * - The PSA RNG does not support explicit seeding, so it is incompatible with
119  *   the reproducible mode used by test programs.
120  * - For good overall test coverage, there should be at least one configuration
121  *   where the test programs use the PSA RNG while the PSA RNG is itself based
122  *   on entropy+DRBG, and at least one configuration where the test programs
123  *   do not use the PSA RNG even though it's there.
124  *
125  * A simple choice that meets the constraints is to use the PSA RNG whenever
126  * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
127  * choice to use the PSA RNG in the test programs and the choice to use
128  * PSA crypto when TLS code needs crypto have to be tied together, but it
129  * happens to be a good match. It's also a good match from an application
130  * perspective: either PSA is preferred for TLS (both for crypto and for
131  * random generation) or it isn't.
132  */
133 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
134 #endif
135 
136 /** A context for random number generation (RNG).
137  */
138 typedef struct {
139 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
140     unsigned char dummy;
141 #else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
142     mbedtls_entropy_context entropy;
143 #if defined(MBEDTLS_CTR_DRBG_C)
144     mbedtls_ctr_drbg_context drbg;
145 #elif defined(MBEDTLS_HMAC_DRBG_C)
146     mbedtls_hmac_drbg_context drbg;
147 #else
148 #error "No DRBG available"
149 #endif
150 #endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
151 } rng_context_t;
152 
153 /** Initialize the RNG.
154  *
155  * This function only initializes the memory used by the RNG context.
156  * Before using the RNG, it must be seeded with rng_seed().
157  */
158 void rng_init(rng_context_t *rng);
159 
160 /* Seed the random number generator.
161  *
162  * \param rng           The RNG context to use. It must have been initialized
163  *                      with rng_init().
164  * \param reproducible  If zero, seed the RNG from entropy.
165  *                      If nonzero, use a fixed seed, so that the program
166  *                      will produce the same sequence of random numbers
167  *                      each time it is invoked.
168  * \param pers          A null-terminated string. Different values for this
169  *                      string cause the RNG to emit different output for
170  *                      the same seed.
171  *
172  * return 0 on success, a negative value on error.
173  */
174 int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
175 
176 /** Deinitialize the RNG. Free any embedded resource.
177  *
178  * \param rng           The RNG context to deinitialize. It must have been
179  *                      initialized with rng_init().
180  */
181 void rng_free(rng_context_t *rng);
182 
183 /** Generate random data.
184  *
185  * This function is suitable for use as the \c f_rng argument to Mbed TLS
186  * library functions.
187  *
188  * \param p_rng         The random generator context. This must be a pointer to
189  *                      a #rng_context_t structure.
190  * \param output        The buffer to fill.
191  * \param output_len    The length of the buffer in bytes.
192  *
193  * \return              \c 0 on success.
194  * \return              An Mbed TLS error code on error.
195  */
196 int rng_get(void *p_rng, unsigned char *output, size_t output_len);
197 
198 /** Parse command-line option: key_opaque_algs
199  *
200  *
201  * \param arg           String value of key_opaque_algs
202  *                      Coma-separated pair of values among the following:
203  *                      - "rsa-sign-pkcs1"
204  *                      - "rsa-sign-pss"
205  *                      - "rsa-decrypt"
206  *                      - "ecdsa-sign"
207  *                      - "ecdh"
208  *                      - "none" (only acceptable for the second value).
209  * \param alg1          Address of pointer to alg #1
210  * \param alg2          Address of pointer to alg #2
211  *
212  * \return              \c 0 on success.
213  * \return              \c 1 on parse failure.
214  */
215 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
216 
217 #if defined(MBEDTLS_USE_PSA_CRYPTO)
218 /** Parse given opaque key algorithms to obtain psa algs and usage
219  *  that will be passed to mbedtls_pk_wrap_as_opaque().
220  *
221  *
222  * \param alg1          input string opaque key algorithm #1
223  * \param alg2          input string opaque key algorithm #2
224  * \param psa_alg1      output PSA algorithm #1
225  * \param psa_alg2      output PSA algorithm #2
226  * \param usage         output key usage
227  * \param key_type      key type used to set default psa algorithm/usage
228  *                      when alg1 in "none"
229  *
230  * \return              \c 0 on success.
231  * \return              \c 1 on parse failure.
232  */
233 int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
234                              psa_algorithm_t *psa_alg1,
235                              psa_algorithm_t *psa_alg2,
236                              psa_key_usage_t *usage,
237                              mbedtls_pk_type_t key_type);
238 #endif /* MBEDTLS_USE_PSA_CRYPTO */
239 
240 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
241 /* The test implementation of the PSA external RNG is insecure. When
242  * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
243  * function that makes use of an RNG, you must call
244  * mbedtls_test_enable_insecure_external_rng(). */
245 #include <test/fake_external_rng_for_test.h>
246 #endif
247 
248 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
249 int ca_callback(void *data, mbedtls_x509_crt const *child,
250                 mbedtls_x509_crt **candidates);
251 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
252 
253 /*
254  * Test recv/send functions that make sure each try returns
255  * WANT_READ/WANT_WRITE at least once before succeeding
256  */
257 int delayed_recv(void *ctx, unsigned char *buf, size_t len);
258 int delayed_send(void *ctx, const unsigned char *buf, size_t len);
259 
260 /*
261  * Wait for an event from the underlying transport or the timer
262  * (Used in event-driven IO mode).
263  */
264 int idle(mbedtls_net_context *fd,
265 #if defined(MBEDTLS_TIMING_C)
266          mbedtls_timing_delay_context *timer,
267 #endif
268          int idle_reason);
269 
270 #if defined(MBEDTLS_TEST_HOOKS)
271 /** Initialize whatever test hooks are enabled by the compile-time
272  * configuration and make sense for the TLS test programs. */
273 void test_hooks_init(void);
274 
275 /** Check if any test hooks detected a problem.
276  *
277  * If a problem was detected, it's ok for the calling program to keep going,
278  * but it should ultimately exit with an error status.
279  *
280  * \note When implementing a test hook that detects errors on its own
281  *       (as opposed to e.g. leaving the error for a memory sanitizer to
282  *       report), make sure to print a message to standard error either at
283  *       the time the problem is detected or during the execution of this
284  *       function. This function does not indicate what problem was detected,
285  *       so printing a message is the only way to provide feedback in the
286  *       logs of the calling program.
287  *
288  * \return Nonzero if a problem was detected.
289  *         \c 0 if no problem was detected.
290  */
291 int test_hooks_failure_detected(void);
292 
293 /** Free any resources allocated for the sake of test hooks.
294  *
295  * Call this at the end of the program so that resource leak analyzers
296  * don't complain.
297  */
298 void test_hooks_free(void);
299 
300 #endif /* !MBEDTLS_TEST_HOOKS */
301 
302 /* Helper functions for FFDH groups. */
303 int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len);
304 
305 #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
306 #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */
307