1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
21
22 #include "ssl_test_lib.h"
23
24 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
25 #include "test/psa_crypto_helpers.h"
26 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
27
28 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)29 int main( void )
30 {
31 mbedtls_printf( MBEDTLS_SSL_TEST_IMPOSSIBLE );
32 mbedtls_exit( 0 );
33 }
34 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)35 int main( void )
36 {
37 mbedtls_printf( "MBEDTLS_SSL_CLI_C not defined.\n" );
38 mbedtls_exit( 0 );
39 }
40 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
41
42 /* Size of memory to be allocated for the heap, when using the library's memory
43 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
44 #define MEMORY_HEAP_SIZE 120000
45
46 #define MAX_REQUEST_SIZE 20000
47 #define MAX_REQUEST_SIZE_STR "20000"
48
49 #define DFL_SERVER_NAME "localhost"
50 #define DFL_SERVER_ADDR NULL
51 #define DFL_SERVER_PORT "4433"
52 #define DFL_REQUEST_PAGE "/"
53 #define DFL_REQUEST_SIZE -1
54 #define DFL_DEBUG_LEVEL 0
55 #define DFL_CONTEXT_CRT_CB 0
56 #define DFL_NBIO 0
57 #define DFL_EVENT 0
58 #define DFL_READ_TIMEOUT 0
59 #define DFL_MAX_RESEND 0
60 #define DFL_CA_FILE ""
61 #define DFL_CA_PATH ""
62 #define DFL_CRT_FILE ""
63 #define DFL_KEY_FILE ""
64 #define DFL_KEY_OPAQUE 0
65 #define DFL_KEY_PWD ""
66 #define DFL_PSK ""
67 #define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED
68 #define DFL_PSK_OPAQUE 0
69 #define DFL_PSK_IDENTITY "Client_identity"
70 #define DFL_ECJPAKE_PW NULL
71 #define DFL_EC_MAX_OPS -1
72 #define DFL_FORCE_CIPHER 0
73 #define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
74 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
75 #define DFL_ALLOW_LEGACY -2
76 #define DFL_RENEGOTIATE 0
77 #define DFL_EXCHANGES 1
78 #define DFL_MIN_VERSION -1
79 #define DFL_MAX_VERSION -1
80 #define DFL_SHA1 -1
81 #define DFL_AUTH_MODE -1
82 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
83 #define DFL_TRUNC_HMAC -1
84 #define DFL_RECSPLIT -1
85 #define DFL_DHMLEN -1
86 #define DFL_RECONNECT 0
87 #define DFL_RECO_SERVER_NAME NULL
88 #define DFL_RECO_DELAY 0
89 #define DFL_RECO_MODE 1
90 #define DFL_CID_ENABLED 0
91 #define DFL_CID_VALUE ""
92 #define DFL_CID_ENABLED_RENEGO -1
93 #define DFL_CID_VALUE_RENEGO NULL
94 #define DFL_RECONNECT_HARD 0
95 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
96 #define DFL_ALPN_STRING NULL
97 #define DFL_CURVES NULL
98 #define DFL_SIG_ALGS NULL
99 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
100 #define DFL_HS_TO_MIN 0
101 #define DFL_HS_TO_MAX 0
102 #define DFL_DTLS_MTU -1
103 #define DFL_DGRAM_PACKING 1
104 #define DFL_FALLBACK -1
105 #define DFL_EXTENDED_MS -1
106 #define DFL_ETM -1
107 #define DFL_SERIALIZE 0
108 #define DFL_CONTEXT_FILE ""
109 #define DFL_EXTENDED_MS_ENFORCE -1
110 #define DFL_CA_CALLBACK 0
111 #define DFL_EAP_TLS 0
112 #define DFL_REPRODUCIBLE 0
113 #define DFL_NSS_KEYLOG 0
114 #define DFL_NSS_KEYLOG_FILE NULL
115 #define DFL_SKIP_CLOSE_NOTIFY 0
116 #define DFL_QUERY_CONFIG_MODE 0
117 #define DFL_USE_SRTP 0
118 #define DFL_SRTP_FORCE_PROFILE 0
119 #define DFL_SRTP_MKI ""
120 #define DFL_KEY_OPAQUE_ALG "none"
121
122 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
123 #define GET_REQUEST_END "\r\n\r\n"
124
125 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
126 #define USAGE_CONTEXT_CRT_CB \
127 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
128 " to the SSL configuration of the SSL context.\n" \
129 " Possible values:\n"\
130 " - 0 (default): Use CRT callback bound to configuration\n" \
131 " - 1: Use CRT callback bound to SSL context\n"
132 #else
133 #define USAGE_CONTEXT_CRT_CB ""
134 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
135 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
136 #if defined(MBEDTLS_FS_IO)
137 #define USAGE_IO \
138 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
139 " default: \"\" (pre-loaded)\n" \
140 " use \"none\" to skip loading any top-level CAs.\n" \
141 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
142 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
143 " use \"none\" to skip loading any top-level CAs.\n" \
144 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
145 " default: \"\" (pre-loaded)\n" \
146 " key_file=%%s default: \"\" (pre-loaded)\n"\
147 " key_pwd=%%s Password for key specified by key_file argument\n"\
148 " default: none\n"
149 #else
150 #define USAGE_IO \
151 " No file operations available (MBEDTLS_FS_IO not defined)\n"
152 #endif /* MBEDTLS_FS_IO */
153 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
154 #define USAGE_IO ""
155 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
156 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
157 #define USAGE_KEY_OPAQUE \
158 " key_opaque=%%d Handle your private key as if it were opaque\n" \
159 " default: 0 (disabled)\n"
160 #else
161 #define USAGE_KEY_OPAQUE ""
162 #endif
163
164 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
165 #define USAGE_CID \
166 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
167 " default: 0 (disabled)\n" \
168 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
169 " default: same as 'cid' parameter\n" \
170 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
171 " default: \"\"\n" \
172 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
173 " default: same as 'cid_val' parameter\n"
174 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
175 #define USAGE_CID ""
176 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
177
178 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
179 #define USAGE_PSK_RAW \
180 " psk=%%s default: \"\" (disabled)\n" \
181 " The PSK values are in hex, without 0x.\n" \
182 " psk_identity=%%s default: \"Client_identity\"\n"
183 #if defined(MBEDTLS_USE_PSA_CRYPTO)
184 #define USAGE_PSK_SLOT \
185 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
186 " Enable this to store the PSK configured through command line\n" \
187 " parameter `psk` in a PSA-based key slot.\n" \
188 " Note: Currently only supported in conjunction with\n" \
189 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
190 " to force a particular PSK-only ciphersuite.\n" \
191 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
192 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
193 " with prepopulated key slots instead of importing raw key material.\n"
194 #else
195 #define USAGE_PSK_SLOT ""
196 #endif /* MBEDTLS_USE_PSA_CRYPTO */
197 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
198 #else
199 #define USAGE_PSK ""
200 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
201
202 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
203 #define USAGE_CA_CALLBACK \
204 " ca_callback=%%d default: 0 (disabled)\n" \
205 " Enable this to use the trusted certificate callback function\n"
206 #else
207 #define USAGE_CA_CALLBACK ""
208 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
209
210 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
211 #define USAGE_TICKETS \
212 " tickets=%%d default: 1 (enabled)\n"
213 #else
214 #define USAGE_TICKETS ""
215 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
216
217 #define USAGE_EAP_TLS \
218 " eap_tls=%%d default: 0 (disabled)\n"
219 #define USAGE_NSS_KEYLOG \
220 " nss_keylog=%%d default: 0 (disabled)\n" \
221 " This cannot be used with eap_tls=1\n"
222 #define USAGE_NSS_KEYLOG_FILE \
223 " nss_keylog_file=%%s\n"
224 #if defined(MBEDTLS_SSL_DTLS_SRTP)
225 #define USAGE_SRTP \
226 " use_srtp=%%d default: 0 (disabled)\n" \
227 " This cannot be used with eap_tls=1 or "\
228 " nss_keylog=1\n" \
229 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
230 " available profiles:\n" \
231 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
232 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
233 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
234 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
235 " mki=%%s default: \"\" (in hex, without 0x)\n"
236 #else /* MBEDTLS_SSL_DTLS_SRTP */
237 #define USAGE_SRTP ""
238 #endif
239
240 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
241 #define USAGE_MAX_FRAG_LEN \
242 " max_frag_len=%%d default: 16384 (tls default)\n" \
243 " options: 512, 1024, 2048, 4096\n"
244 #else
245 #define USAGE_MAX_FRAG_LEN ""
246 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
247
248 #if defined(MBEDTLS_DHM_C)
249 #define USAGE_DHMLEN \
250 " dhmlen=%%d default: (library default: 1024 bits)\n"
251 #else
252 #define USAGE_DHMLEN
253 #endif
254
255 #if defined(MBEDTLS_SSL_ALPN)
256 #define USAGE_ALPN \
257 " alpn=%%s default: \"\" (disabled)\n" \
258 " example: spdy/1,http/1.1\n"
259 #else
260 #define USAGE_ALPN ""
261 #endif /* MBEDTLS_SSL_ALPN */
262
263 #if defined(MBEDTLS_ECP_C)
264 #define USAGE_CURVES \
265 " curves=a,b,c,d default: \"default\" (library default)\n" \
266 " example: \"secp521r1,brainpoolP512r1\"\n" \
267 " - use \"none\" for empty list\n" \
268 " - see mbedtls_ecp_curve_list()\n" \
269 " for acceptable curve names\n"
270 #else
271 #define USAGE_CURVES ""
272 #endif
273
274 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
275 #define USAGE_SIG_ALGS \
276 " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
277 " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
278 #else
279 #define USAGE_SIG_ALGS ""
280 #endif
281
282 #if defined(MBEDTLS_SSL_PROTO_DTLS)
283 #define USAGE_DTLS \
284 " dtls=%%d default: 0 (TLS)\n" \
285 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
286 " range of DTLS handshake timeouts in millisecs\n" \
287 " mtu=%%d default: (library default: unlimited)\n" \
288 " dgram_packing=%%d default: 1 (allowed)\n" \
289 " allow or forbid packing of multiple\n" \
290 " records within a single datgram.\n"
291 #else
292 #define USAGE_DTLS ""
293 #endif
294
295 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
296 #define USAGE_EMS \
297 " extended_ms=0/1 default: (library default: on)\n"
298 #else
299 #define USAGE_EMS ""
300 #endif
301
302 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
303 #define USAGE_ETM \
304 " etm=0/1 default: (library default: on)\n"
305 #else
306 #define USAGE_ETM ""
307 #endif
308
309 #define USAGE_REPRODUCIBLE \
310 " reproducible=0/1 default: 0 (disabled)\n"
311
312 #if defined(MBEDTLS_SSL_RENEGOTIATION)
313 #define USAGE_RENEGO \
314 " renegotiation=%%d default: 0 (disabled)\n" \
315 " renegotiate=%%d default: 0 (disabled)\n"
316 #else
317 #define USAGE_RENEGO ""
318 #endif
319
320 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
321 #define USAGE_ECJPAKE \
322 " ecjpake_pw=%%s default: none (disabled)\n"
323 #else
324 #define USAGE_ECJPAKE ""
325 #endif
326
327 #if defined(MBEDTLS_ECP_RESTARTABLE)
328 #define USAGE_ECRESTART \
329 " ec_max_ops=%%s default: library default (restart disabled)\n"
330 #else
331 #define USAGE_ECRESTART ""
332 #endif
333
334 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
335 #define USAGE_SERIALIZATION \
336 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
337 " options: 1 (serialize)\n" \
338 " 2 (serialize with re-initialization)\n" \
339 " context_file=%%s The file path to write a serialized connection\n"\
340 " in the form of base64 code (serialize option\n" \
341 " must be set)\n" \
342 " default: \"\" (do nothing)\n" \
343 " option: a file path\n"
344 #else
345 #define USAGE_SERIALIZATION ""
346 #endif
347
348 #if defined(MBEDTLS_SSL_EARLY_DATA)
349 #define USAGE_EARLY_DATA \
350 " early_data=%%d default: 0 (disabled)\n" \
351 " options: 0 (disabled), 1 (enabled)\n"
352 #else
353 #define USAGE_EARLY_DATA ""
354 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
355
356 #define USAGE_KEY_OPAQUE_ALGS \
357 " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
358 " comma-separated pair of values among the following:\n" \
359 " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
360 " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
361 " ecdsa-sign, ecdh, none (only acceptable for\n" \
362 " the second value).\n" \
363
364 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
365 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
366 " tls13_kex_modes=%%s default: all\n" \
367 " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
368 #else
369 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
370 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
371
372 /* USAGE is arbitrarily split to stay under the portable string literal
373 * length limit: 4095 bytes in C99. */
374 #define USAGE1 \
375 "\n usage: ssl_client2 param=<>...\n" \
376 "\n acceptable parameters:\n" \
377 " server_name=%%s default: localhost\n" \
378 " server_addr=%%s default: given by name\n" \
379 " server_port=%%d default: 4433\n" \
380 " request_page=%%s default: \".\"\n" \
381 " request_size=%%d default: about 34 (basic request)\n" \
382 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
383 " If 0, in the first exchange only an empty\n" \
384 " application data message is sent followed by\n" \
385 " a second non-empty message before attempting\n" \
386 " to read a response from the server\n" \
387 " debug_level=%%d default: 0 (disabled)\n" \
388 " build_version=%%d default: none (disabled)\n" \
389 " option: 1 (print build version only and stop)\n" \
390 " nbio=%%d default: 0 (blocking I/O)\n" \
391 " options: 1 (non-blocking), 2 (added delays)\n" \
392 " event=%%d default: 0 (loop)\n" \
393 " options: 1 (level-triggered, implies nbio=1),\n" \
394 " read_timeout=%%d default: 0 ms (no timeout)\n" \
395 " max_resend=%%d default: 0 (no resend on timeout)\n" \
396 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
397 "\n" \
398 USAGE_DTLS \
399 USAGE_CID \
400 USAGE_SRTP \
401 "\n"
402 #define USAGE2 \
403 " auth_mode=%%s default: (library default: none)\n" \
404 " options: none, optional, required\n" \
405 USAGE_IO \
406 USAGE_KEY_OPAQUE \
407 USAGE_CA_CALLBACK \
408 "\n" \
409 USAGE_PSK \
410 USAGE_ECJPAKE \
411 USAGE_ECRESTART \
412 "\n"
413 #define USAGE3 \
414 " allow_legacy=%%d default: (library default: no)\n" \
415 USAGE_RENEGO \
416 " exchanges=%%d default: 1\n" \
417 " reconnect=%%d number of reconnections using session resumption\n" \
418 " default: 0 (disabled)\n" \
419 " reco_server_name=%%s default: NULL\n" \
420 " reco_delay=%%d default: 0 seconds\n" \
421 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
422 " default: 1\n" \
423 " reconnect_hard=%%d default: 0 (disabled)\n" \
424 USAGE_TICKETS \
425 USAGE_EAP_TLS \
426 USAGE_MAX_FRAG_LEN \
427 USAGE_CONTEXT_CRT_CB \
428 USAGE_ALPN \
429 USAGE_EMS \
430 USAGE_ETM \
431 USAGE_REPRODUCIBLE \
432 USAGE_CURVES \
433 USAGE_SIG_ALGS \
434 USAGE_EARLY_DATA \
435 USAGE_DHMLEN \
436 USAGE_KEY_OPAQUE_ALGS \
437 "\n"
438
439 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
440 #define TLS1_3_VERSION_OPTIONS ", tls13"
441 #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
442 #define TLS1_3_VERSION_OPTIONS ""
443 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
444
445 #define USAGE4 \
446 " allow_sha1=%%d default: 0\n" \
447 " min_version=%%s default: (library default: tls12)\n" \
448 " max_version=%%s default: (library default: tls12)\n" \
449 " force_version=%%s default: \"\" (none)\n" \
450 " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
451 "\n\n" \
452 " force_ciphersuite=<name> default: all enabled\n" \
453 USAGE_TLS1_3_KEY_EXCHANGE_MODES \
454 " query_config=<name> return 0 if the specified\n" \
455 " configuration macro is defined and 1\n" \
456 " otherwise. The expansion of the macro\n" \
457 " is printed if it is defined\n" \
458 USAGE_SERIALIZATION \
459 " acceptable ciphersuite names:\n"
460
461 #define ALPN_LIST_SIZE 10
462 #define CURVE_LIST_SIZE 20
463 #define SIG_ALG_LIST_SIZE 5
464
465 /*
466 * global options
467 */
468 struct options
469 {
470 const char *server_name; /* hostname of the server (client only) */
471 const char *server_addr; /* address of the server (client only) */
472 const char *server_port; /* port on which the ssl service runs */
473 int debug_level; /* level of debugging */
474 int nbio; /* should I/O be blocking? */
475 int event; /* loop or event-driven IO? level or edge triggered? */
476 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
477 int max_resend; /* DTLS times to resend on read timeout */
478 const char *request_page; /* page on server to request */
479 int request_size; /* pad request with header to requested size */
480 const char *ca_file; /* the file with the CA certificate(s) */
481 const char *ca_path; /* the path with the CA certificate(s) reside */
482 const char *crt_file; /* the file with the client certificate */
483 const char *key_file; /* the file with the client key */
484 int key_opaque; /* handle private key as if it were opaque */
485 #if defined(MBEDTLS_USE_PSA_CRYPTO)
486 int psk_opaque;
487 #endif
488 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
489 int ca_callback; /* Use callback for trusted certificate list */
490 #endif
491 const char *key_pwd; /* the password for the client key */
492 const char *psk; /* the pre-shared key */
493 const char *psk_identity; /* the pre-shared key identity */
494 const char *ecjpake_pw; /* the EC J-PAKE password */
495 int ec_max_ops; /* EC consecutive operations limit */
496 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
497 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
498 int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
499 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
500 int renegotiation; /* enable / disable renegotiation */
501 int allow_legacy; /* allow legacy renegotiation */
502 int renegotiate; /* attempt renegotiation? */
503 int renego_delay; /* delay before enforcing renegotiation */
504 int exchanges; /* number of data exchanges */
505 int min_version; /* minimum protocol version accepted */
506 int max_version; /* maximum protocol version accepted */
507 int allow_sha1; /* flag for SHA-1 support */
508 int auth_mode; /* verify mode for connection */
509 unsigned char mfl_code; /* code for maximum fragment length */
510 int trunc_hmac; /* negotiate truncated hmac or not */
511 int recsplit; /* enable record splitting? */
512 int dhmlen; /* minimum DHM params len in bits */
513 int reconnect; /* attempt to resume session */
514 const char *reco_server_name; /* hostname of the server (re-connect) */
515 int reco_delay; /* delay in seconds before resuming session */
516 int reco_mode; /* how to keep the session around */
517 int reconnect_hard; /* unexpectedly reconnect from the same port */
518 int tickets; /* enable / disable session tickets */
519 const char *curves; /* list of supported elliptic curves */
520 const char *sig_algs; /* supported TLS 1.3 signature algorithms */
521 const char *alpn_string; /* ALPN supported protocols */
522 int transport; /* TLS or DTLS? */
523 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
524 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
525 int dtls_mtu; /* UDP Maximum transport unit for DTLS */
526 int fallback; /* is this a fallback connection? */
527 int dgram_packing; /* allow/forbid datagram packing */
528 int extended_ms; /* negotiate extended master secret? */
529 int etm; /* negotiate encrypt then mac? */
530 int context_crt_cb; /* use context-specific CRT verify callback */
531 int eap_tls; /* derive EAP-TLS keying material? */
532 int nss_keylog; /* export NSS key log material */
533 const char *nss_keylog_file; /* NSS key log file */
534 int cid_enabled; /* whether to use the CID extension or not */
535 int cid_enabled_renego; /* whether to use the CID extension or not
536 * during renegotiation */
537 const char *cid_val; /* the CID to use for incoming messages */
538 int serialize; /* serialize/deserialize connection */
539 const char *context_file; /* the file to write a serialized connection
540 * in the form of base64 code (serialize
541 * option must be set) */
542 const char *cid_val_renego; /* the CID to use for incoming messages
543 * after renegotiation */
544 int reproducible; /* make communication reproducible */
545 int skip_close_notify; /* skip sending the close_notify alert */
546 #if defined(MBEDTLS_SSL_EARLY_DATA)
547 int early_data; /* support for early data */
548 #endif
549 int query_config_mode; /* whether to read config */
550 int use_srtp; /* Support SRTP */
551 int force_srtp_profile; /* SRTP protection profile to use or all */
552 const char *mki; /* The dtls mki value to use */
553 const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
554 const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
555 } opt;
556
557 #include "ssl_test_common_source.c"
558
559 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
560 static unsigned char peer_crt_info[1024];
561
562 /*
563 * Enabled if debug_level > 1 in code below
564 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)565 static int my_verify( void *data, mbedtls_x509_crt *crt,
566 int depth, uint32_t *flags )
567 {
568 char buf[1024];
569 ((void) data);
570
571 mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
572
573 #if !defined(MBEDTLS_X509_REMOVE_INFO)
574 mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
575 if( depth == 0 )
576 memcpy( peer_crt_info, buf, sizeof( buf ) );
577
578 if( opt.debug_level == 0 )
579 return( 0 );
580
581 mbedtls_printf( "%s", buf );
582 #else
583 ((void) crt);
584 ((void) depth);
585 #endif
586
587 if ( ( *flags ) == 0 )
588 mbedtls_printf( " This certificate has no flags\n" );
589 else
590 {
591 x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
592 mbedtls_printf( "%s\n", buf );
593 }
594
595 return( 0 );
596 }
597 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
598
599 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)600 int report_cid_usage( mbedtls_ssl_context *ssl,
601 const char *additional_description )
602 {
603 int ret;
604 unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
605 size_t peer_cid_len;
606 int cid_negotiated;
607
608 if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
609 return( 0 );
610
611 /* Check if the use of a CID has been negotiated,
612 * but don't ask for the CID value and length.
613 *
614 * Note: Here and below, we're demonstrating the various ways
615 * in which mbedtls_ssl_get_peer_cid() can be called,
616 * depending on whether or not the length/value of the
617 * peer's CID is needed.
618 *
619 * An actual application, however, should use
620 * just one call to mbedtls_ssl_get_peer_cid(). */
621 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
622 NULL, NULL );
623 if( ret != 0 )
624 {
625 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
626 (unsigned int) -ret );
627 return( ret );
628 }
629
630 if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
631 {
632 if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
633 {
634 mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
635 additional_description );
636 }
637 }
638 else
639 {
640 size_t idx=0;
641 mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
642 additional_description );
643
644 /* Ask for just the length of the peer's CID. */
645 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
646 NULL, &peer_cid_len );
647 if( ret != 0 )
648 {
649 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
650 (unsigned int) -ret );
651 return( ret );
652 }
653
654 /* Ask for just length + value of the peer's CID. */
655 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
656 peer_cid, &peer_cid_len );
657 if( ret != 0 )
658 {
659 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
660 (unsigned int) -ret );
661 return( ret );
662 }
663 mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
664 additional_description,
665 (unsigned) peer_cid_len );
666 while( idx < peer_cid_len )
667 {
668 mbedtls_printf( "%02x ", peer_cid[ idx ] );
669 idx++;
670 }
671 mbedtls_printf( "\n" );
672 }
673
674 return( 0 );
675 }
676 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
677
ssl_save_session_serialize(mbedtls_ssl_context * ssl,unsigned char ** session_data,size_t * session_data_len)678 static int ssl_save_session_serialize( mbedtls_ssl_context *ssl,
679 unsigned char **session_data,
680 size_t *session_data_len )
681 {
682 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
683 mbedtls_ssl_session exported_session;
684
685 /* free any previously saved data */
686 if( *session_data != NULL )
687 {
688 mbedtls_platform_zeroize( *session_data, *session_data_len );
689 mbedtls_free( *session_data );
690 *session_data = NULL;
691 *session_data_len = 0;
692 }
693
694 mbedtls_ssl_session_init( &exported_session );
695 ret = mbedtls_ssl_get_session( ssl, &exported_session );
696 if( ret != 0 )
697 {
698 mbedtls_printf(
699 "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
700 (unsigned) -ret );
701 goto exit;
702 }
703
704 /* get size of the buffer needed */
705 mbedtls_ssl_session_save( &exported_session, NULL, 0, session_data_len );
706 *session_data = mbedtls_calloc( 1, *session_data_len );
707 if( *session_data == NULL )
708 {
709 mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
710 (unsigned) *session_data_len );
711 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
712 goto exit;
713 }
714
715 /* actually save session data */
716 if( ( ret = mbedtls_ssl_session_save( &exported_session,
717 *session_data, *session_data_len,
718 session_data_len ) ) != 0 )
719 {
720 mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
721 (unsigned int) -ret );
722 goto exit;
723 }
724
725 exit:
726 mbedtls_ssl_session_free( &exported_session );
727 return( ret );
728 }
729
main(int argc,char * argv[])730 int main( int argc, char *argv[] )
731 {
732 int ret = 0, len, tail_len, i, written, frags, retry_left;
733 int query_config_ret = 0;
734 mbedtls_net_context server_fd;
735 io_ctx_t io_ctx;
736
737 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
738 uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
739 #endif
740
741 unsigned char buf[MAX_REQUEST_SIZE + 1];
742
743 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
744 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
745 size_t psk_len = 0;
746 #endif
747
748 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
749 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
750 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
751 size_t cid_len = 0;
752 size_t cid_renego_len = 0;
753 #endif
754
755 #if defined(MBEDTLS_SSL_ALPN)
756 const char *alpn_list[ALPN_LIST_SIZE];
757 #endif
758
759 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
760 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
761 #endif
762
763 #if defined(MBEDTLS_ECP_C)
764 uint16_t group_list[CURVE_LIST_SIZE];
765 const mbedtls_ecp_curve_info *curve_cur;
766 #endif
767 #if defined(MBEDTLS_SSL_DTLS_SRTP)
768 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
769 size_t mki_len=0;
770 #endif
771
772 const char *pers = "ssl_client2";
773
774 #if defined(MBEDTLS_USE_PSA_CRYPTO)
775 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
776 mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
777 psa_algorithm_t alg = 0;
778 psa_key_attributes_t key_attributes;
779 #endif
780 psa_status_t status;
781 #elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
782 psa_status_t status;
783 #endif
784
785 rng_context_t rng;
786 mbedtls_ssl_context ssl;
787 mbedtls_ssl_config conf;
788 mbedtls_ssl_session saved_session;
789 unsigned char *session_data = NULL;
790 size_t session_data_len = 0;
791 #if defined(MBEDTLS_TIMING_C)
792 mbedtls_timing_delay_context timer;
793 #endif
794 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
795 uint32_t flags;
796 mbedtls_x509_crt cacert;
797 mbedtls_x509_crt clicert;
798 mbedtls_pk_context pkey;
799 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
800 #if defined(MBEDTLS_USE_PSA_CRYPTO)
801 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
802 #endif
803 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
804 char *p, *q;
805 const int *list;
806 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
807 unsigned char *context_buf = NULL;
808 size_t context_buf_len;
809 #endif
810 unsigned char eap_tls_keymaterial[16];
811 unsigned char eap_tls_iv[8];
812 const char* eap_tls_label = "client EAP encryption";
813 eap_tls_keys eap_tls_keying;
814 #if defined( MBEDTLS_SSL_DTLS_SRTP )
815 /*! master keys and master salt for SRTP generated during handshake */
816 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
817 const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
818 dtls_srtp_keys dtls_srtp_keying;
819 const mbedtls_ssl_srtp_profile default_profiles[] = {
820 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
821 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
822 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
823 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
824 MBEDTLS_TLS_SRTP_UNSET
825 };
826 #endif /* MBEDTLS_SSL_DTLS_SRTP */
827
828 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
829 mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
830 #endif
831
832 #if defined(MBEDTLS_TEST_HOOKS)
833 test_hooks_init( );
834 #endif /* MBEDTLS_TEST_HOOKS */
835
836 /*
837 * Make sure memory references are valid.
838 */
839 mbedtls_net_init( &server_fd );
840 mbedtls_ssl_init( &ssl );
841 mbedtls_ssl_config_init( &conf );
842 memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
843 rng_init( &rng );
844 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
845 mbedtls_x509_crt_init( &cacert );
846 mbedtls_x509_crt_init( &clicert );
847 mbedtls_pk_init( &pkey );
848 #endif
849 #if defined(MBEDTLS_SSL_ALPN)
850 memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
851 #endif
852
853 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
854 status = psa_crypto_init();
855 if( status != PSA_SUCCESS )
856 {
857 mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
858 (int) status );
859 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
860 goto exit;
861 }
862 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
863 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
864 mbedtls_test_enable_insecure_external_rng( );
865 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
866
867 if( argc == 0 )
868 {
869 usage:
870 if( ret == 0 )
871 ret = 1;
872
873 mbedtls_printf( USAGE1 );
874 mbedtls_printf( USAGE2 );
875 mbedtls_printf( USAGE3 );
876 mbedtls_printf( USAGE4 );
877
878 list = mbedtls_ssl_list_ciphersuites();
879 while( *list )
880 {
881 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
882 list++;
883 if( !*list )
884 break;
885 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
886 list++;
887 }
888 mbedtls_printf("\n");
889 goto exit;
890 }
891
892 opt.server_name = DFL_SERVER_NAME;
893 opt.server_addr = DFL_SERVER_ADDR;
894 opt.server_port = DFL_SERVER_PORT;
895 opt.debug_level = DFL_DEBUG_LEVEL;
896 opt.cid_enabled = DFL_CID_ENABLED;
897 opt.cid_val = DFL_CID_VALUE;
898 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
899 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
900 opt.nbio = DFL_NBIO;
901 opt.event = DFL_EVENT;
902 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
903 opt.read_timeout = DFL_READ_TIMEOUT;
904 opt.max_resend = DFL_MAX_RESEND;
905 opt.request_page = DFL_REQUEST_PAGE;
906 opt.request_size = DFL_REQUEST_SIZE;
907 opt.ca_file = DFL_CA_FILE;
908 opt.ca_path = DFL_CA_PATH;
909 opt.crt_file = DFL_CRT_FILE;
910 opt.key_file = DFL_KEY_FILE;
911 opt.key_opaque = DFL_KEY_OPAQUE;
912 opt.key_pwd = DFL_KEY_PWD;
913 opt.psk = DFL_PSK;
914 #if defined(MBEDTLS_USE_PSA_CRYPTO)
915 opt.psk_opaque = DFL_PSK_OPAQUE;
916 #endif
917 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
918 opt.ca_callback = DFL_CA_CALLBACK;
919 #endif
920 opt.psk_identity = DFL_PSK_IDENTITY;
921 opt.ecjpake_pw = DFL_ECJPAKE_PW;
922 opt.ec_max_ops = DFL_EC_MAX_OPS;
923 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
924 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
925 opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
926 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
927 opt.renegotiation = DFL_RENEGOTIATION;
928 opt.allow_legacy = DFL_ALLOW_LEGACY;
929 opt.renegotiate = DFL_RENEGOTIATE;
930 opt.exchanges = DFL_EXCHANGES;
931 opt.min_version = DFL_MIN_VERSION;
932 opt.max_version = DFL_MAX_VERSION;
933 opt.allow_sha1 = DFL_SHA1;
934 opt.auth_mode = DFL_AUTH_MODE;
935 opt.mfl_code = DFL_MFL_CODE;
936 opt.trunc_hmac = DFL_TRUNC_HMAC;
937 opt.recsplit = DFL_RECSPLIT;
938 opt.dhmlen = DFL_DHMLEN;
939 opt.reconnect = DFL_RECONNECT;
940 opt.reco_server_name = DFL_RECO_SERVER_NAME;
941 opt.reco_delay = DFL_RECO_DELAY;
942 opt.reco_mode = DFL_RECO_MODE;
943 opt.reconnect_hard = DFL_RECONNECT_HARD;
944 opt.tickets = DFL_TICKETS;
945 opt.alpn_string = DFL_ALPN_STRING;
946 opt.curves = DFL_CURVES;
947 opt.sig_algs = DFL_SIG_ALGS;
948 #if defined(MBEDTLS_SSL_EARLY_DATA)
949 opt.early_data = DFL_EARLY_DATA;
950 #endif
951 opt.transport = DFL_TRANSPORT;
952 opt.hs_to_min = DFL_HS_TO_MIN;
953 opt.hs_to_max = DFL_HS_TO_MAX;
954 opt.dtls_mtu = DFL_DTLS_MTU;
955 opt.fallback = DFL_FALLBACK;
956 opt.extended_ms = DFL_EXTENDED_MS;
957 opt.etm = DFL_ETM;
958 opt.dgram_packing = DFL_DGRAM_PACKING;
959 opt.serialize = DFL_SERIALIZE;
960 opt.context_file = DFL_CONTEXT_FILE;
961 opt.eap_tls = DFL_EAP_TLS;
962 opt.reproducible = DFL_REPRODUCIBLE;
963 opt.nss_keylog = DFL_NSS_KEYLOG;
964 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
965 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
966 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
967 opt.use_srtp = DFL_USE_SRTP;
968 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
969 opt.mki = DFL_SRTP_MKI;
970 opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
971 opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
972
973 for( i = 1; i < argc; i++ )
974 {
975 p = argv[i];
976 if( ( q = strchr( p, '=' ) ) == NULL )
977 goto usage;
978 *q++ = '\0';
979
980 if( strcmp( p, "server_name" ) == 0 )
981 opt.server_name = q;
982 else if( strcmp( p, "server_addr" ) == 0 )
983 opt.server_addr = q;
984 else if( strcmp( p, "server_port" ) == 0 )
985 opt.server_port = q;
986 else if( strcmp( p, "dtls" ) == 0 )
987 {
988 int t = atoi( q );
989 if( t == 0 )
990 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
991 else if( t == 1 )
992 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
993 else
994 goto usage;
995 }
996 else if( strcmp( p, "debug_level" ) == 0 )
997 {
998 opt.debug_level = atoi( q );
999 if( opt.debug_level < 0 || opt.debug_level > 65535 )
1000 goto usage;
1001 }
1002 else if( strcmp( p, "build_version" ) == 0 )
1003 {
1004 if( strcmp( q, "1" ) == 0 )
1005 {
1006 mbedtls_printf( "build version: %s (build %d)\n",
1007 MBEDTLS_VERSION_STRING_FULL,
1008 MBEDTLS_VERSION_NUMBER );
1009 goto exit;
1010 }
1011 }
1012 else if( strcmp( p, "context_crt_cb" ) == 0 )
1013 {
1014 opt.context_crt_cb = atoi( q );
1015 if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
1016 goto usage;
1017 }
1018 else if( strcmp( p, "nbio" ) == 0 )
1019 {
1020 opt.nbio = atoi( q );
1021 if( opt.nbio < 0 || opt.nbio > 2 )
1022 goto usage;
1023 }
1024 else if( strcmp( p, "event" ) == 0 )
1025 {
1026 opt.event = atoi( q );
1027 if( opt.event < 0 || opt.event > 2 )
1028 goto usage;
1029 }
1030 else if( strcmp( p, "read_timeout" ) == 0 )
1031 opt.read_timeout = atoi( q );
1032 else if( strcmp( p, "max_resend" ) == 0 )
1033 {
1034 opt.max_resend = atoi( q );
1035 if( opt.max_resend < 0 )
1036 goto usage;
1037 }
1038 else if( strcmp( p, "request_page" ) == 0 )
1039 opt.request_page = q;
1040 else if( strcmp( p, "request_size" ) == 0 )
1041 {
1042 opt.request_size = atoi( q );
1043 if( opt.request_size < 0 ||
1044 opt.request_size > MAX_REQUEST_SIZE )
1045 goto usage;
1046 }
1047 else if( strcmp( p, "ca_file" ) == 0 )
1048 opt.ca_file = q;
1049 else if( strcmp( p, "ca_path" ) == 0 )
1050 opt.ca_path = q;
1051 else if( strcmp( p, "crt_file" ) == 0 )
1052 opt.crt_file = q;
1053 else if( strcmp( p, "key_file" ) == 0 )
1054 opt.key_file = q;
1055 else if( strcmp( p, "key_pwd" ) == 0 )
1056 opt.key_pwd = q;
1057 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1058 else if( strcmp( p, "key_opaque" ) == 0 )
1059 opt.key_opaque = atoi( q );
1060 #endif
1061 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1062 else if( strcmp( p, "cid" ) == 0 )
1063 {
1064 opt.cid_enabled = atoi( q );
1065 if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
1066 goto usage;
1067 }
1068 else if( strcmp( p, "cid_renego" ) == 0 )
1069 {
1070 opt.cid_enabled_renego = atoi( q );
1071 if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
1072 goto usage;
1073 }
1074 else if( strcmp( p, "cid_val" ) == 0 )
1075 {
1076 opt.cid_val = q;
1077 }
1078 else if( strcmp( p, "cid_val_renego" ) == 0 )
1079 {
1080 opt.cid_val_renego = q;
1081 }
1082 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1083 else if( strcmp( p, "psk" ) == 0 )
1084 opt.psk = q;
1085 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1086 else if( strcmp( p, "psk_opaque" ) == 0 )
1087 opt.psk_opaque = atoi( q );
1088 #endif
1089 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1090 else if( strcmp( p, "ca_callback" ) == 0)
1091 opt.ca_callback = atoi( q );
1092 #endif
1093 else if( strcmp( p, "psk_identity" ) == 0 )
1094 opt.psk_identity = q;
1095 else if( strcmp( p, "ecjpake_pw" ) == 0 )
1096 opt.ecjpake_pw = q;
1097 else if( strcmp( p, "ec_max_ops" ) == 0 )
1098 opt.ec_max_ops = atoi( q );
1099 else if( strcmp( p, "force_ciphersuite" ) == 0 )
1100 {
1101 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
1102
1103 if( opt.force_ciphersuite[0] == 0 )
1104 {
1105 ret = 2;
1106 goto usage;
1107 }
1108 opt.force_ciphersuite[1] = 0;
1109 }
1110 else if( strcmp( p, "renegotiation" ) == 0 )
1111 {
1112 opt.renegotiation = (atoi( q )) ?
1113 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1114 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1115 }
1116 else if( strcmp( p, "allow_legacy" ) == 0 )
1117 {
1118 switch( atoi( q ) )
1119 {
1120 case -1:
1121 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1122 break;
1123 case 0:
1124 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1125 break;
1126 case 1:
1127 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1128 break;
1129 default: goto usage;
1130 }
1131 }
1132 else if( strcmp( p, "renegotiate" ) == 0 )
1133 {
1134 opt.renegotiate = atoi( q );
1135 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
1136 goto usage;
1137 }
1138 else if( strcmp( p, "exchanges" ) == 0 )
1139 {
1140 opt.exchanges = atoi( q );
1141 if( opt.exchanges < 1 )
1142 goto usage;
1143 }
1144 else if( strcmp( p, "reconnect" ) == 0 )
1145 {
1146 opt.reconnect = atoi( q );
1147 if( opt.reconnect < 0 || opt.reconnect > 2 )
1148 goto usage;
1149 }
1150 else if( strcmp( p, "reco_server_name" ) == 0 )
1151 opt.reco_server_name = q;
1152 else if( strcmp( p, "reco_delay" ) == 0 )
1153 {
1154 opt.reco_delay = atoi( q );
1155 if( opt.reco_delay < 0 )
1156 goto usage;
1157 }
1158 else if( strcmp( p, "reco_mode" ) == 0 )
1159 {
1160 opt.reco_mode = atoi( q );
1161 if( opt.reco_mode < 0 )
1162 goto usage;
1163 }
1164 else if( strcmp( p, "reconnect_hard" ) == 0 )
1165 {
1166 opt.reconnect_hard = atoi( q );
1167 if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
1168 goto usage;
1169 }
1170 else if( strcmp( p, "tickets" ) == 0 )
1171 {
1172 opt.tickets = atoi( q );
1173 if( opt.tickets < 0 )
1174 goto usage;
1175 }
1176 else if( strcmp( p, "alpn" ) == 0 )
1177 {
1178 opt.alpn_string = q;
1179 }
1180 else if( strcmp( p, "extended_ms" ) == 0 )
1181 {
1182 switch( atoi( q ) )
1183 {
1184 case 0:
1185 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1186 break;
1187 case 1:
1188 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1189 break;
1190 default: goto usage;
1191 }
1192 }
1193 else if( strcmp( p, "curves" ) == 0 )
1194 opt.curves = q;
1195 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1196 else if( strcmp( p, "sig_algs" ) == 0 )
1197 opt.sig_algs = q;
1198 #endif
1199 else if( strcmp( p, "etm" ) == 0 )
1200 {
1201 switch( atoi( q ) )
1202 {
1203 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1204 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1205 default: goto usage;
1206 }
1207 }
1208
1209 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1210 #if defined(MBEDTLS_SSL_EARLY_DATA)
1211 else if( strcmp( p, "early_data" ) == 0 )
1212 {
1213 switch( atoi( q ) )
1214 {
1215 case 0:
1216 opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
1217 break;
1218 case 1:
1219 opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
1220 break;
1221 default: goto usage;
1222 }
1223 }
1224 #endif /* MBEDTLS_SSL_EARLY_DATA */
1225
1226 else if( strcmp( p, "tls13_kex_modes" ) == 0 )
1227 {
1228 if( strcmp( q, "psk" ) == 0 )
1229 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1230 else if( strcmp(q, "psk_ephemeral" ) == 0 )
1231 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1232 else if( strcmp(q, "ephemeral" ) == 0 )
1233 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1234 else if( strcmp(q, "ephemeral_all" ) == 0 )
1235 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
1236 else if( strcmp( q, "psk_all" ) == 0 )
1237 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
1238 else if( strcmp( q, "all" ) == 0 )
1239 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
1240 else goto usage;
1241 }
1242 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1243 else if( strcmp( p, "min_version" ) == 0 )
1244 {
1245 if( strcmp( q, "tls12" ) == 0 ||
1246 strcmp( q, "dtls12" ) == 0 )
1247 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1248 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1249 else if( strcmp( q, "tls13" ) == 0 )
1250 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1251 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1252 else
1253 goto usage;
1254 }
1255 else if( strcmp( p, "max_version" ) == 0 )
1256 {
1257 if( strcmp( q, "tls12" ) == 0 ||
1258 strcmp( q, "dtls12" ) == 0 )
1259 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1260 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1261 else if( strcmp( q, "tls13" ) == 0 )
1262 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1263 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1264 else
1265 goto usage;
1266 }
1267 else if( strcmp( p, "allow_sha1" ) == 0 )
1268 {
1269 switch( atoi( q ) )
1270 {
1271 case 0: opt.allow_sha1 = 0; break;
1272 case 1: opt.allow_sha1 = 1; break;
1273 default: goto usage;
1274 }
1275 }
1276 else if( strcmp( p, "force_version" ) == 0 )
1277 {
1278 if( strcmp( q, "tls12" ) == 0 )
1279 {
1280 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1281 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1282 }
1283 else if( strcmp( q, "dtls12" ) == 0 )
1284 {
1285 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1286 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1287 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1288 }
1289 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1290 else if( strcmp( q, "tls13" ) == 0 )
1291 {
1292 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1293 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1294 }
1295 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1296 else
1297 goto usage;
1298 }
1299 else if( strcmp( p, "auth_mode" ) == 0 )
1300 {
1301 if( strcmp( q, "none" ) == 0 )
1302 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1303 else if( strcmp( q, "optional" ) == 0 )
1304 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1305 else if( strcmp( q, "required" ) == 0 )
1306 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1307 else
1308 goto usage;
1309 }
1310 else if( strcmp( p, "max_frag_len" ) == 0 )
1311 {
1312 if( strcmp( q, "512" ) == 0 )
1313 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1314 else if( strcmp( q, "1024" ) == 0 )
1315 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1316 else if( strcmp( q, "2048" ) == 0 )
1317 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1318 else if( strcmp( q, "4096" ) == 0 )
1319 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1320 else
1321 goto usage;
1322 }
1323 else if( strcmp( p, "trunc_hmac" ) == 0 )
1324 {
1325 switch( atoi( q ) )
1326 {
1327 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1328 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1329 default: goto usage;
1330 }
1331 }
1332 else if( strcmp( p, "hs_timeout" ) == 0 )
1333 {
1334 if( ( p = strchr( q, '-' ) ) == NULL )
1335 goto usage;
1336 *p++ = '\0';
1337 opt.hs_to_min = atoi( q );
1338 opt.hs_to_max = atoi( p );
1339 if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
1340 goto usage;
1341 }
1342 else if( strcmp( p, "mtu" ) == 0 )
1343 {
1344 opt.dtls_mtu = atoi( q );
1345 if( opt.dtls_mtu < 0 )
1346 goto usage;
1347 }
1348 else if( strcmp( p, "dgram_packing" ) == 0 )
1349 {
1350 opt.dgram_packing = atoi( q );
1351 if( opt.dgram_packing != 0 &&
1352 opt.dgram_packing != 1 )
1353 {
1354 goto usage;
1355 }
1356 }
1357 else if( strcmp( p, "recsplit" ) == 0 )
1358 {
1359 opt.recsplit = atoi( q );
1360 if( opt.recsplit < 0 || opt.recsplit > 1 )
1361 goto usage;
1362 }
1363 else if( strcmp( p, "dhmlen" ) == 0 )
1364 {
1365 opt.dhmlen = atoi( q );
1366 if( opt.dhmlen < 0 )
1367 goto usage;
1368 }
1369 else if( strcmp( p, "query_config" ) == 0 )
1370 {
1371 opt.query_config_mode = 1;
1372 query_config_ret = query_config( q );
1373 goto exit;
1374 }
1375 else if( strcmp( p, "serialize") == 0 )
1376 {
1377 opt.serialize = atoi( q );
1378 if( opt.serialize < 0 || opt.serialize > 2)
1379 goto usage;
1380 }
1381 else if( strcmp( p, "context_file") == 0 )
1382 {
1383 opt.context_file = q;
1384 }
1385 else if( strcmp( p, "eap_tls" ) == 0 )
1386 {
1387 opt.eap_tls = atoi( q );
1388 if( opt.eap_tls < 0 || opt.eap_tls > 1 )
1389 goto usage;
1390 }
1391 else if( strcmp( p, "reproducible" ) == 0 )
1392 {
1393 opt.reproducible = 1;
1394 }
1395 else if( strcmp( p, "nss_keylog" ) == 0 )
1396 {
1397 opt.nss_keylog = atoi( q );
1398 if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
1399 goto usage;
1400 }
1401 else if( strcmp( p, "nss_keylog_file" ) == 0 )
1402 {
1403 opt.nss_keylog_file = q;
1404 }
1405 else if( strcmp( p, "skip_close_notify" ) == 0 )
1406 {
1407 opt.skip_close_notify = atoi( q );
1408 if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
1409 goto usage;
1410 }
1411 else if( strcmp( p, "use_srtp" ) == 0 )
1412 {
1413 opt.use_srtp = atoi ( q );
1414 }
1415 else if( strcmp( p, "srtp_force_profile" ) == 0 )
1416 {
1417 opt.force_srtp_profile = atoi( q );
1418 }
1419 else if( strcmp( p, "mki" ) == 0 )
1420 {
1421 opt.mki = q;
1422 }
1423 else if( strcmp( p, "key_opaque_algs" ) == 0 )
1424 {
1425 if( key_opaque_alg_parse( q, &opt.key_opaque_alg1,
1426 &opt.key_opaque_alg2 ) != 0 )
1427 goto usage;
1428 }
1429 else
1430 goto usage;
1431 }
1432
1433 if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
1434 {
1435 mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
1436 goto usage;
1437 }
1438
1439 /* Event-driven IO is incompatible with the above custom
1440 * receive and send functions, as the polling builds on
1441 * refers to the underlying net_context. */
1442 if( opt.event == 1 && opt.nbio != 1 )
1443 {
1444 mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
1445 opt.nbio = 1;
1446 }
1447
1448 #if defined(MBEDTLS_DEBUG_C)
1449 mbedtls_debug_set_threshold( opt.debug_level );
1450 #endif
1451
1452 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1453 /*
1454 * Unhexify the pre-shared key if any is given
1455 */
1456 if( strlen( opt.psk ) )
1457 {
1458 if( mbedtls_test_unhexify( psk, sizeof( psk ),
1459 opt.psk, &psk_len ) != 0 )
1460 {
1461 mbedtls_printf( "pre-shared key not valid\n" );
1462 goto exit;
1463 }
1464 }
1465 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1466
1467 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1468 if( opt.psk_opaque != 0 )
1469 {
1470 if( opt.psk == NULL )
1471 {
1472 mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
1473 ret = 2;
1474 goto usage;
1475 }
1476
1477 if( opt.force_ciphersuite[0] <= 0 )
1478 {
1479 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1480 ret = 2;
1481 goto usage;
1482 }
1483 }
1484 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1485
1486 if( opt.force_ciphersuite[0] > 0 )
1487 {
1488 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1489 ciphersuite_info =
1490 mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
1491
1492 if( opt.max_version != -1 &&
1493 ciphersuite_info->min_tls_version > opt.max_version )
1494 {
1495 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1496 ret = 2;
1497 goto usage;
1498 }
1499 if( opt.min_version != -1 &&
1500 ciphersuite_info->max_tls_version < opt.min_version )
1501 {
1502 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1503 ret = 2;
1504 goto usage;
1505 }
1506
1507 /* If the server selects a version that's not supported by
1508 * this suite, then there will be no common ciphersuite... */
1509 if( opt.max_version == -1 ||
1510 opt.max_version > ciphersuite_info->max_tls_version )
1511 {
1512 opt.max_version = ciphersuite_info->max_tls_version;
1513 }
1514 if( opt.min_version < ciphersuite_info->min_tls_version )
1515 {
1516 opt.min_version = ciphersuite_info->min_tls_version;
1517 /* DTLS starts with TLS 1.2 */
1518 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1519 opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2 )
1520 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1521 }
1522
1523 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1524 #if defined (MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1525 if( opt.psk_opaque != 0 )
1526 {
1527 /* Determine KDF algorithm the opaque PSK will be used in. */
1528 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1529 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
1530 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1531 else
1532 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1533 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1534 }
1535 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1536 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1537 }
1538
1539 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1540 if( mbedtls_test_unhexify( cid, sizeof( cid ),
1541 opt.cid_val, &cid_len ) != 0 )
1542 {
1543 mbedtls_printf( "CID not valid\n" );
1544 goto exit;
1545 }
1546
1547 /* Keep CID settings for renegotiation unless
1548 * specified otherwise. */
1549 if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
1550 opt.cid_enabled_renego = opt.cid_enabled;
1551 if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
1552 opt.cid_val_renego = opt.cid_val;
1553
1554 if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ),
1555 opt.cid_val_renego, &cid_renego_len ) != 0 )
1556 {
1557 mbedtls_printf( "CID not valid\n" );
1558 goto exit;
1559 }
1560 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1561
1562 #if defined(MBEDTLS_ECP_C)
1563 if( opt.curves != NULL )
1564 {
1565 p = (char *) opt.curves;
1566 i = 0;
1567
1568 if( strcmp( p, "none" ) == 0 )
1569 {
1570 group_list[0] = 0;
1571 }
1572 else if( strcmp( p, "default" ) != 0 )
1573 {
1574 /* Leave room for a final NULL in curve list */
1575 while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
1576 {
1577 q = p;
1578
1579 /* Terminate the current string */
1580 while( *p != ',' && *p != '\0' )
1581 p++;
1582 if( *p == ',' )
1583 *p++ = '\0';
1584
1585 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
1586 {
1587 group_list[i++] = curve_cur->tls_id;
1588 }
1589 else
1590 {
1591 mbedtls_printf( "unknown curve %s\n", q );
1592 mbedtls_printf( "supported curves: " );
1593 for( curve_cur = mbedtls_ecp_curve_list();
1594 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
1595 curve_cur++ )
1596 {
1597 mbedtls_printf( "%s ", curve_cur->name );
1598 }
1599 mbedtls_printf( "\n" );
1600 goto exit;
1601 }
1602 }
1603
1604 mbedtls_printf("Number of curves: %d\n", i );
1605
1606 if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
1607 {
1608 mbedtls_printf( "curves list too long, maximum %d",
1609 CURVE_LIST_SIZE - 1 );
1610 goto exit;
1611 }
1612
1613 group_list[i] = 0;
1614 }
1615 }
1616 #endif /* MBEDTLS_ECP_C */
1617
1618 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1619 if( opt.sig_algs != NULL )
1620 {
1621 p = (char *) opt.sig_algs;
1622 i = 0;
1623
1624 /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
1625 while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
1626 {
1627 q = p;
1628
1629 /* Terminate the current string */
1630 while( *p != ',' && *p != '\0' )
1631 p++;
1632 if( *p == ',' )
1633 *p++ = '\0';
1634
1635 if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
1636 {
1637 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
1638 }
1639 else if( strcmp( q, "rsa_pkcs1_sha384" ) == 0 )
1640 {
1641 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
1642 }
1643 else if( strcmp( q, "rsa_pkcs1_sha512" ) == 0 )
1644 {
1645 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
1646 }
1647 else if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
1648 {
1649 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
1650 }
1651 else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
1652 {
1653 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
1654 }
1655 else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
1656 {
1657 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
1658 }
1659 else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
1660 {
1661 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
1662 }
1663 else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 )
1664 {
1665 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
1666 }
1667 else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 )
1668 {
1669 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
1670 }
1671 else if( strcmp( q, "ed25519" ) == 0 )
1672 {
1673 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519;
1674 }
1675 else if( strcmp( q, "ed448" ) == 0 )
1676 {
1677 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448;
1678 }
1679 else if( strcmp( q, "rsa_pss_pss_sha256" ) == 0 )
1680 {
1681 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256;
1682 }
1683 else if( strcmp( q, "rsa_pss_pss_sha384" ) == 0 )
1684 {
1685 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384;
1686 }
1687 else if( strcmp( q, "rsa_pss_pss_sha512" ) == 0 )
1688 {
1689 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512;
1690 }
1691 else if( strcmp( q, "rsa_pkcs1_sha1" ) == 0 )
1692 {
1693 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1;
1694 }
1695 else if( strcmp( q, "ecdsa_sha1" ) == 0 )
1696 {
1697 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1;
1698 }
1699 else
1700 {
1701 ret = -1;
1702 mbedtls_printf( "unknown signature algorithm \"%s\"\n", q );
1703 mbedtls_print_supported_sig_algs();
1704 goto exit;
1705 }
1706 }
1707
1708 if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
1709 {
1710 mbedtls_printf( "signature algorithm list too long, maximum %d",
1711 SIG_ALG_LIST_SIZE - 1 );
1712 goto exit;
1713 }
1714
1715 sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
1716 }
1717 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1718
1719 #if defined(MBEDTLS_SSL_ALPN)
1720 if( opt.alpn_string != NULL )
1721 {
1722 p = (char *) opt.alpn_string;
1723 i = 0;
1724
1725 /* Leave room for a final NULL in alpn_list */
1726 while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
1727 {
1728 alpn_list[i++] = p;
1729
1730 /* Terminate the current string and move on to next one */
1731 while( *p != ',' && *p != '\0' )
1732 p++;
1733 if( *p == ',' )
1734 *p++ = '\0';
1735 }
1736 }
1737 #endif /* MBEDTLS_SSL_ALPN */
1738
1739 mbedtls_printf( "build version: %s (build %d)\n",
1740 MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
1741
1742 /*
1743 * 0. Initialize the RNG and the session data
1744 */
1745 mbedtls_printf( "\n . Seeding the random number generator..." );
1746 fflush( stdout );
1747
1748 ret = rng_seed( &rng, opt.reproducible, pers );
1749 if( ret != 0 )
1750 goto exit;
1751 mbedtls_printf( " ok\n" );
1752
1753 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1754 /*
1755 * 1.1. Load the trusted CA
1756 */
1757 mbedtls_printf( " . Loading the CA root certificate ..." );
1758 fflush( stdout );
1759
1760 if( strcmp( opt.ca_path, "none" ) == 0 ||
1761 strcmp( opt.ca_file, "none" ) == 0 )
1762 {
1763 ret = 0;
1764 }
1765 else
1766 #if defined(MBEDTLS_FS_IO)
1767 if( strlen( opt.ca_path ) )
1768 ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
1769 else if( strlen( opt.ca_file ) )
1770 ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
1771 else
1772 #endif
1773 {
1774 #if defined(MBEDTLS_PEM_PARSE_C)
1775 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
1776 {
1777 ret = mbedtls_x509_crt_parse( &cacert,
1778 (const unsigned char *) mbedtls_test_cas[i],
1779 mbedtls_test_cas_len[i] );
1780 if( ret != 0 )
1781 break;
1782 }
1783 #endif /* MBEDTLS_PEM_PARSE_C */
1784 if( ret == 0 )
1785 {
1786 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
1787 {
1788 ret = mbedtls_x509_crt_parse_der( &cacert,
1789 (const unsigned char *) mbedtls_test_cas_der[i],
1790 mbedtls_test_cas_der_len[i] );
1791 if( ret != 0 )
1792 break;
1793 }
1794 }
1795 }
1796 if( ret < 0 )
1797 {
1798 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1799 (unsigned int) -ret );
1800 goto exit;
1801 }
1802
1803 mbedtls_printf( " ok (%d skipped)\n", ret );
1804
1805 /*
1806 * 1.2. Load own certificate and private key
1807 *
1808 * (can be skipped if client authentication is not required)
1809 */
1810 mbedtls_printf( " . Loading the client cert. and key..." );
1811 fflush( stdout );
1812
1813 if( strcmp( opt.crt_file, "none" ) == 0 )
1814 ret = 0;
1815 else
1816 #if defined(MBEDTLS_FS_IO)
1817 if( strlen( opt.crt_file ) )
1818 ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
1819 else
1820 #endif
1821 ret = mbedtls_x509_crt_parse( &clicert,
1822 (const unsigned char *) mbedtls_test_cli_crt,
1823 mbedtls_test_cli_crt_len );
1824 if( ret != 0 )
1825 {
1826 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1827 (unsigned int) -ret );
1828 goto exit;
1829 }
1830
1831 if( strcmp( opt.key_file, "none" ) == 0 )
1832 ret = 0;
1833 else
1834 #if defined(MBEDTLS_FS_IO)
1835 if( strlen( opt.key_file ) )
1836 ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
1837 else
1838 #endif
1839 ret = mbedtls_pk_parse_key( &pkey,
1840 (const unsigned char *) mbedtls_test_cli_key,
1841 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
1842 if( ret != 0 )
1843 {
1844 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1845 (unsigned int) -ret );
1846 goto exit;
1847 }
1848
1849 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1850 if( opt.key_opaque != 0 )
1851 {
1852 psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
1853 psa_key_usage_t usage = 0;
1854
1855 if( key_opaque_set_alg_usage( opt.key_opaque_alg1,
1856 opt.key_opaque_alg2,
1857 &psa_alg, &psa_alg2,
1858 &usage,
1859 mbedtls_pk_get_type( &pkey ) ) == 0 )
1860 {
1861 ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
1862 usage, psa_alg2 );
1863 if( ret != 0 )
1864 {
1865 mbedtls_printf( " failed\n ! "
1866 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
1867 (unsigned int) -ret );
1868 goto exit;
1869 }
1870 }
1871 }
1872 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1873
1874 mbedtls_printf( " ok (key type: %s)\n",
1875 strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
1876 mbedtls_pk_get_name( &pkey ) : "none" );
1877 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1878
1879 /*
1880 * 2. Setup stuff
1881 */
1882 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
1883 fflush( stdout );
1884
1885 if( ( ret = mbedtls_ssl_config_defaults( &conf,
1886 MBEDTLS_SSL_IS_CLIENT,
1887 opt.transport,
1888 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
1889 {
1890 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1891 (unsigned int) -ret );
1892 goto exit;
1893 }
1894
1895 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1896 /* The default algorithms profile disables SHA-1, but our tests still
1897 rely on it heavily. */
1898 if( opt.allow_sha1 > 0 )
1899 {
1900 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
1901 mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
1902 mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
1903 }
1904 if( opt.context_crt_cb == 0 )
1905 mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
1906
1907 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
1908 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1909
1910 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1911 if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
1912 {
1913 if( opt.cid_enabled == 1 &&
1914 opt.cid_enabled_renego == 1 &&
1915 cid_len != cid_renego_len )
1916 {
1917 mbedtls_printf( "CID length must not change during renegotiation\n" );
1918 goto usage;
1919 }
1920
1921 if( opt.cid_enabled == 1 )
1922 ret = mbedtls_ssl_conf_cid( &conf, cid_len,
1923 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1924 else
1925 ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
1926 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1927
1928 if( ret != 0 )
1929 {
1930 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1931 (unsigned int) -ret );
1932 goto exit;
1933 }
1934 }
1935 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1936
1937 if( opt.auth_mode != DFL_AUTH_MODE )
1938 mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
1939
1940 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1941 if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
1942 mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
1943 opt.hs_to_max );
1944
1945 if( opt.dgram_packing != DFL_DGRAM_PACKING )
1946 mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
1947 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1948
1949 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1950 if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
1951 {
1952 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1953 ret );
1954 goto exit;
1955 }
1956 #endif
1957
1958 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1959 const mbedtls_ssl_srtp_profile forced_profile[] =
1960 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1961 if( opt.use_srtp == 1 )
1962 {
1963 if( opt.force_srtp_profile != 0 )
1964 {
1965 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
1966 }
1967 else
1968 {
1969 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
1970 }
1971
1972 if( ret != 0 )
1973 {
1974 mbedtls_printf( " failed\n ! "
1975 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1976 ret );
1977 goto exit;
1978 }
1979
1980 }
1981 else if( opt.force_srtp_profile != 0 )
1982 {
1983 mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
1984 goto exit;
1985 }
1986 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1987
1988 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1989 if( opt.extended_ms != DFL_EXTENDED_MS )
1990 mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
1991 #endif
1992
1993 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1994 if( opt.etm != DFL_ETM )
1995 mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
1996 #endif
1997
1998 #if defined(MBEDTLS_DHM_C)
1999 if( opt.dhmlen != DFL_DHMLEN )
2000 mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
2001 #endif
2002
2003 #if defined(MBEDTLS_SSL_ALPN)
2004 if( opt.alpn_string != NULL )
2005 if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
2006 {
2007 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
2008 ret );
2009 goto exit;
2010 }
2011 #endif
2012
2013 if (opt.reproducible)
2014 {
2015 #if defined(MBEDTLS_HAVE_TIME)
2016 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
2017 mbedtls_platform_set_time( dummy_constant_time );
2018 #else
2019 fprintf( stderr, "Warning: reproducible option used without constant time\n" );
2020 #endif
2021 #endif /* MBEDTLS_HAVE_TIME */
2022 }
2023 mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
2024 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
2025
2026 mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
2027
2028 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2029 mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
2030 #endif
2031
2032 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
2033 mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
2034
2035 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
2036 mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
2037 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
2038
2039 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
2040 mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
2041 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2042 mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
2043 #endif
2044
2045 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2046 if( strcmp( opt.ca_path, "none" ) != 0 &&
2047 strcmp( opt.ca_file, "none" ) != 0 )
2048 {
2049 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2050 if( opt.ca_callback != 0 )
2051 mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert );
2052 else
2053 #endif
2054 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
2055 }
2056 if( strcmp( opt.crt_file, "none" ) != 0 &&
2057 strcmp( opt.key_file, "none" ) != 0 )
2058 {
2059 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
2060 {
2061 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
2062 ret );
2063 goto exit;
2064 }
2065 }
2066 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2067
2068 #if defined(MBEDTLS_ECP_C)
2069 if( opt.curves != NULL &&
2070 strcmp( opt.curves, "default" ) != 0 )
2071 {
2072 mbedtls_ssl_conf_groups( &conf, group_list );
2073 }
2074 #endif
2075
2076 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2077 if( opt.sig_algs != NULL )
2078 mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
2079 #endif
2080
2081 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
2082 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2083 if( opt.psk_opaque != 0 )
2084 {
2085 key_attributes = psa_key_attributes_init();
2086 psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
2087 psa_set_key_algorithm( &key_attributes, alg );
2088 psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
2089
2090 status = psa_import_key( &key_attributes, psk, psk_len, &slot );
2091 if( status != PSA_SUCCESS )
2092 {
2093 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2094 goto exit;
2095 }
2096
2097 if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, slot,
2098 (const unsigned char *) opt.psk_identity,
2099 strlen( opt.psk_identity ) ) ) != 0 )
2100 {
2101 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
2102 ret );
2103 goto exit;
2104 }
2105 }
2106 else
2107 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2108 if( psk_len > 0 )
2109 {
2110 ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
2111 (const unsigned char *) opt.psk_identity,
2112 strlen( opt.psk_identity ) );
2113 if( ret != 0 )
2114 {
2115 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
2116 goto exit;
2117 }
2118 }
2119 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
2120
2121 if( opt.min_version != DFL_MIN_VERSION )
2122 mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
2123
2124 if( opt.max_version != DFL_MAX_VERSION )
2125 mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
2126
2127 #if defined(MBEDTLS_SSL_EARLY_DATA)
2128 mbedtls_ssl_tls13_conf_early_data( &conf, opt.early_data );
2129 #endif /* MBEDTLS_SSL_EARLY_DATA */
2130
2131 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
2132 {
2133 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
2134 (unsigned int) -ret );
2135 goto exit;
2136 }
2137
2138 if( opt.eap_tls != 0 )
2139 {
2140 mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
2141 &eap_tls_keying );
2142 }
2143 else if( opt.nss_keylog != 0 )
2144 {
2145 mbedtls_ssl_set_export_keys_cb( &ssl,
2146 nss_keylog_export,
2147 NULL );
2148 }
2149 #if defined( MBEDTLS_SSL_DTLS_SRTP )
2150 else if( opt.use_srtp != 0 )
2151 {
2152 mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
2153 &dtls_srtp_keying );
2154 }
2155 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2156
2157 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2158 if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
2159 {
2160 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
2161 ret );
2162 goto exit;
2163 }
2164 #endif
2165
2166 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2167 if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
2168 {
2169 if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
2170 (const unsigned char *) opt.ecjpake_pw,
2171 strlen( opt.ecjpake_pw ) ) ) != 0 )
2172 {
2173 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
2174 ret );
2175 goto exit;
2176 }
2177 }
2178 #endif
2179
2180 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2181 if( opt.context_crt_cb == 1 )
2182 mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
2183 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2184
2185 io_ctx.ssl = &ssl;
2186 io_ctx.net = &server_fd;
2187 mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
2188 opt.nbio == 0 ? recv_timeout_cb : NULL );
2189
2190 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2191 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2192 {
2193 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
2194 cid, cid_len ) ) != 0 )
2195 {
2196 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2197 ret );
2198 goto exit;
2199 }
2200 }
2201 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2202
2203 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2204 if( opt.dtls_mtu != DFL_DTLS_MTU )
2205 mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
2206 #endif
2207
2208 #if defined(MBEDTLS_TIMING_C)
2209 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
2210 mbedtls_timing_get_delay );
2211 #endif
2212
2213 #if defined(MBEDTLS_ECP_RESTARTABLE)
2214 if( opt.ec_max_ops != DFL_EC_MAX_OPS )
2215 mbedtls_ecp_set_max_ops( opt.ec_max_ops );
2216 #endif
2217
2218 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2219 if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 )
2220 {
2221 if( mbedtls_test_unhexify( mki, sizeof( mki ),
2222 opt.mki,&mki_len ) != 0 )
2223 {
2224 mbedtls_printf( "mki value not valid hex\n" );
2225 goto exit;
2226 }
2227
2228 mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
2229 if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
2230 (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 )
2231 {
2232 mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
2233 goto exit;
2234 }
2235 }
2236 #endif
2237
2238 mbedtls_printf( " ok\n" );
2239
2240 /*
2241 * 3. Start the connection
2242 */
2243 if( opt.server_addr == NULL)
2244 opt.server_addr = opt.server_name;
2245
2246 mbedtls_printf( " . Connecting to %s/%s/%s...",
2247 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2248 opt.server_addr, opt.server_port );
2249 fflush( stdout );
2250
2251 if( ( ret = mbedtls_net_connect( &server_fd,
2252 opt.server_addr, opt.server_port,
2253 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2254 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2255 {
2256 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2257 (unsigned int) -ret );
2258 goto exit;
2259 }
2260
2261 if( opt.nbio > 0 )
2262 ret = mbedtls_net_set_nonblock( &server_fd );
2263 else
2264 ret = mbedtls_net_set_block( &server_fd );
2265 if( ret != 0 )
2266 {
2267 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
2268 (unsigned int) -ret );
2269 goto exit;
2270 }
2271
2272 mbedtls_printf( " ok\n" );
2273
2274 /*
2275 * 4. Handshake
2276 */
2277 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
2278 fflush( stdout );
2279
2280 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2281 {
2282 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2283 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2284 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2285 {
2286 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
2287 (unsigned int) -ret );
2288 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2289 mbedtls_printf(
2290 " Unable to verify the server's certificate. "
2291 "Either it is invalid,\n"
2292 " or you didn't set ca_file or ca_path "
2293 "to an appropriate value.\n"
2294 " Alternatively, you may want to use "
2295 "auth_mode=optional for testing purposes if "
2296 "not using TLS 1.3.\n"
2297 " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
2298 "or other folder that has root certificates\n" );
2299 mbedtls_printf( "\n" );
2300 goto exit;
2301 }
2302
2303 #if defined(MBEDTLS_ECP_RESTARTABLE)
2304 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2305 continue;
2306 #endif
2307
2308 /* For event-driven IO, wait for socket to become available */
2309 if( opt.event == 1 /* level triggered IO */ )
2310 {
2311 #if defined(MBEDTLS_TIMING_C)
2312 ret = idle( &server_fd, &timer, ret );
2313 #else
2314 ret = idle( &server_fd, ret );
2315 #endif
2316 if( ret != 0 )
2317 goto exit;
2318 }
2319 }
2320
2321 {
2322 int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl );
2323 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2324 ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
2325
2326 mbedtls_printf( " ok\n [ Protocol is %s ]\n"
2327 " [ Ciphersuite is %s ]\n"
2328 " [ Key size is %u ]\n",
2329 mbedtls_ssl_get_version( &ssl ),
2330 mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ),
2331 (unsigned int)
2332 mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) );
2333 }
2334
2335 if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
2336 mbedtls_printf( " [ Record expansion is %d ]\n", ret );
2337 else
2338 mbedtls_printf( " [ Record expansion is unknown ]\n" );
2339
2340 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2341 mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
2342 (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
2343 mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
2344 (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
2345 #endif
2346
2347 #if defined(MBEDTLS_SSL_ALPN)
2348 if( opt.alpn_string != NULL )
2349 {
2350 const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
2351 mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
2352 alp ? alp : "(none)" );
2353 }
2354 #endif
2355
2356 if( opt.eap_tls != 0 )
2357 {
2358 size_t j = 0;
2359
2360 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
2361 eap_tls_keying.master_secret,
2362 sizeof( eap_tls_keying.master_secret ),
2363 eap_tls_label,
2364 eap_tls_keying.randbytes,
2365 sizeof( eap_tls_keying.randbytes ),
2366 eap_tls_keymaterial,
2367 sizeof( eap_tls_keymaterial ) ) )
2368 != 0 )
2369 {
2370 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2371 (unsigned int) -ret );
2372 goto exit;
2373 }
2374
2375 mbedtls_printf( " EAP-TLS key material is:" );
2376 for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
2377 {
2378 if( j % 8 == 0 )
2379 mbedtls_printf("\n ");
2380 mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
2381 }
2382 mbedtls_printf("\n");
2383
2384 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
2385 eap_tls_label,
2386 eap_tls_keying.randbytes,
2387 sizeof( eap_tls_keying.randbytes ),
2388 eap_tls_iv,
2389 sizeof( eap_tls_iv ) ) ) != 0 )
2390 {
2391 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2392 (unsigned int) -ret );
2393 goto exit;
2394 }
2395
2396 mbedtls_printf( " EAP-TLS IV is:" );
2397 for( j = 0; j < sizeof( eap_tls_iv ); j++ )
2398 {
2399 if( j % 8 == 0 )
2400 mbedtls_printf("\n ");
2401 mbedtls_printf("%02x ", eap_tls_iv[j] );
2402 }
2403 mbedtls_printf("\n");
2404 }
2405
2406 #if defined( MBEDTLS_SSL_DTLS_SRTP )
2407 else if( opt.use_srtp != 0 )
2408 {
2409 size_t j = 0;
2410 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2411 mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result );
2412
2413 if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2414 == MBEDTLS_TLS_SRTP_UNSET )
2415 {
2416 mbedtls_printf( " Unable to negotiate "
2417 "the use of DTLS-SRTP\n" );
2418 }
2419 else
2420 {
2421 if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
2422 dtls_srtp_keying.master_secret,
2423 sizeof( dtls_srtp_keying.master_secret ),
2424 dtls_srtp_label,
2425 dtls_srtp_keying.randbytes,
2426 sizeof( dtls_srtp_keying.randbytes ),
2427 dtls_srtp_key_material,
2428 sizeof( dtls_srtp_key_material ) ) )
2429 != 0 )
2430 {
2431 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2432 (unsigned int) -ret );
2433 goto exit;
2434 }
2435
2436 mbedtls_printf( " DTLS-SRTP key material is:" );
2437 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2438 {
2439 if( j % 8 == 0 )
2440 mbedtls_printf( "\n " );
2441 mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
2442 }
2443 mbedtls_printf( "\n" );
2444
2445 /* produce a less readable output used to perform automatic checks
2446 * - compare client and server output
2447 * - interop test with openssl which client produces this kind of output
2448 */
2449 mbedtls_printf( " Keying material: " );
2450 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2451 {
2452 mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
2453 }
2454 mbedtls_printf( "\n" );
2455
2456 if ( dtls_srtp_negotiation_result.mki_len > 0 )
2457 {
2458 mbedtls_printf( " DTLS-SRTP mki value: " );
2459 for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
2460 {
2461 mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
2462 }
2463 }
2464 else
2465 {
2466 mbedtls_printf( " DTLS-SRTP no mki value negotiated" );
2467 }
2468 mbedtls_printf( "\n" );
2469 }
2470 }
2471 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2472 if( opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3 )
2473 {
2474 mbedtls_printf(" . Saving session for reuse..." );
2475 fflush( stdout );
2476
2477 if( opt.reco_mode == 1 )
2478 {
2479 if( ( ret = ssl_save_session_serialize( &ssl,
2480 &session_data, &session_data_len ) ) != 0 )
2481 {
2482 mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2483 (unsigned int) -ret );
2484 goto exit;
2485 }
2486
2487 }
2488 else
2489 {
2490 if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
2491 {
2492 mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2493 (unsigned int) -ret );
2494 goto exit;
2495 }
2496 }
2497
2498 mbedtls_printf( " ok\n" );
2499
2500 if( opt.reco_mode == 1 )
2501 {
2502 mbedtls_printf( " [ Saved %u bytes of session data]\n",
2503 (unsigned) session_data_len );
2504 }
2505 }
2506
2507 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2508 /*
2509 * 5. Verify the server certificate
2510 */
2511 mbedtls_printf( " . Verifying peer X.509 certificate..." );
2512
2513 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
2514 {
2515 char vrfy_buf[512];
2516 mbedtls_printf( " failed\n" );
2517
2518 x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
2519 " ! ", flags );
2520
2521 mbedtls_printf( "%s\n", vrfy_buf );
2522 }
2523 else
2524 mbedtls_printf( " ok\n" );
2525
2526 #if !defined(MBEDTLS_X509_REMOVE_INFO)
2527 mbedtls_printf( " . Peer certificate information ...\n" );
2528 mbedtls_printf( "%s\n", peer_crt_info );
2529 #endif /* !MBEDTLS_X509_REMOVE_INFO */
2530 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2531
2532 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2533 ret = report_cid_usage( &ssl, "initial handshake" );
2534 if( ret != 0 )
2535 goto exit;
2536
2537 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2538 {
2539 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
2540 cid_renego,
2541 cid_renego_len ) ) != 0 )
2542 {
2543 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2544 ret );
2545 goto exit;
2546 }
2547 }
2548 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2549
2550 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2551 if( opt.renegotiate )
2552 {
2553 /*
2554 * Perform renegotiation (this must be done when the server is waiting
2555 * for input from our side).
2556 */
2557 mbedtls_printf( " . Performing renegotiation..." );
2558 fflush( stdout );
2559 while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
2560 {
2561 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2562 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2563 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2564 {
2565 mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2566 ret );
2567 goto exit;
2568 }
2569
2570 #if defined(MBEDTLS_ECP_RESTARTABLE)
2571 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2572 continue;
2573 #endif
2574
2575 /* For event-driven IO, wait for socket to become available */
2576 if( opt.event == 1 /* level triggered IO */ )
2577 {
2578 #if defined(MBEDTLS_TIMING_C)
2579 idle( &server_fd, &timer, ret );
2580 #else
2581 idle( &server_fd, ret );
2582 #endif
2583 }
2584
2585 }
2586 mbedtls_printf( " ok\n" );
2587 }
2588 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2589
2590 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2591 ret = report_cid_usage( &ssl, "after renegotiation" );
2592 if( ret != 0 )
2593 goto exit;
2594 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2595
2596 /*
2597 * 6. Write the GET request
2598 */
2599 retry_left = opt.max_resend;
2600 send_request:
2601 mbedtls_printf( " > Write to server:" );
2602 fflush( stdout );
2603
2604 len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
2605 opt.request_page );
2606 tail_len = (int) strlen( GET_REQUEST_END );
2607
2608 /* Add padding to GET request to reach opt.request_size in length */
2609 if( opt.request_size != DFL_REQUEST_SIZE &&
2610 len + tail_len < opt.request_size )
2611 {
2612 memset( buf + len, 'A', opt.request_size - len - tail_len );
2613 len += opt.request_size - len - tail_len;
2614 }
2615
2616 strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
2617 len += tail_len;
2618
2619 /* Truncate if request size is smaller than the "natural" size */
2620 if( opt.request_size != DFL_REQUEST_SIZE &&
2621 len > opt.request_size )
2622 {
2623 len = opt.request_size;
2624
2625 /* Still end with \r\n unless that's really not possible */
2626 if( len >= 2 ) buf[len - 2] = '\r';
2627 if( len >= 1 ) buf[len - 1] = '\n';
2628 }
2629
2630 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2631 {
2632 written = 0;
2633 frags = 0;
2634
2635 do
2636 {
2637 while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
2638 len - written ) ) < 0 )
2639 {
2640 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2641 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2642 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2643 {
2644 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2645 (unsigned int) -ret );
2646 goto exit;
2647 }
2648
2649 /* For event-driven IO, wait for socket to become available */
2650 if( opt.event == 1 /* level triggered IO */ )
2651 {
2652 #if defined(MBEDTLS_TIMING_C)
2653 idle( &server_fd, &timer, ret );
2654 #else
2655 idle( &server_fd, ret );
2656 #endif
2657 }
2658 }
2659
2660 frags++;
2661 written += ret;
2662 }
2663 while( written < len );
2664 }
2665 else /* Not stream, so datagram */
2666 {
2667 while( 1 )
2668 {
2669 ret = mbedtls_ssl_write( &ssl, buf, len );
2670
2671 #if defined(MBEDTLS_ECP_RESTARTABLE)
2672 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2673 continue;
2674 #endif
2675
2676 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2677 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2678 break;
2679
2680 /* For event-driven IO, wait for socket to become available */
2681 if( opt.event == 1 /* level triggered IO */ )
2682 {
2683 #if defined(MBEDTLS_TIMING_C)
2684 idle( &server_fd, &timer, ret );
2685 #else
2686 idle( &server_fd, ret );
2687 #endif
2688 }
2689 }
2690
2691 if( ret < 0 )
2692 {
2693 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
2694 ret );
2695 goto exit;
2696 }
2697
2698 frags = 1;
2699 written = ret;
2700
2701 if( written < len )
2702 {
2703 mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
2704 "was truncated to size %u", (unsigned) written );
2705 }
2706 }
2707
2708 buf[written] = '\0';
2709 mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
2710 written, frags, (char *) buf );
2711
2712 /* Send a non-empty request if request_size == 0 */
2713 if ( len == 0 )
2714 {
2715 opt.request_size = DFL_REQUEST_SIZE;
2716 goto send_request;
2717 }
2718
2719 /*
2720 * 7. Read the HTTP response
2721 */
2722
2723 /*
2724 * TLS and DTLS need different reading styles (stream vs datagram)
2725 */
2726 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2727 {
2728 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
2729 int ticket_id = 0;
2730 #endif
2731 do
2732 {
2733 len = sizeof( buf ) - 1;
2734 memset( buf, 0, sizeof( buf ) );
2735 ret = mbedtls_ssl_read( &ssl, buf, len );
2736
2737 #if defined(MBEDTLS_ECP_RESTARTABLE)
2738 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2739 continue;
2740 #endif
2741
2742 if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
2743 ret == MBEDTLS_ERR_SSL_WANT_WRITE )
2744 {
2745 /* For event-driven IO, wait for socket to become available */
2746 if( opt.event == 1 /* level triggered IO */ )
2747 {
2748 #if defined(MBEDTLS_TIMING_C)
2749 idle( &server_fd, &timer, ret );
2750 #else
2751 idle( &server_fd, ret );
2752 #endif
2753 }
2754 continue;
2755 }
2756
2757 if( ret <= 0 )
2758 {
2759 switch( ret )
2760 {
2761 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2762 mbedtls_printf( " connection was closed gracefully\n" );
2763 ret = 0;
2764 goto close_notify;
2765
2766 case 0:
2767 case MBEDTLS_ERR_NET_CONN_RESET:
2768 mbedtls_printf( " connection was reset by peer\n" );
2769 ret = 0;
2770 goto reconnect;
2771
2772 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
2773
2774 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2775 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
2776 /* We were waiting for application data but got
2777 * a NewSessionTicket instead. */
2778 mbedtls_printf( " got new session ticket ( %d ).\n",
2779 ticket_id++ );
2780 if( opt.reconnect != 0 )
2781 {
2782 mbedtls_printf(" . Saving session for reuse..." );
2783 fflush( stdout );
2784
2785 if( opt.reco_mode == 1 )
2786 {
2787 if( ( ret = ssl_save_session_serialize( &ssl,
2788 &session_data, &session_data_len ) ) != 0 )
2789 {
2790 mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2791 (unsigned int) -ret );
2792 goto exit;
2793 }
2794 }
2795 else
2796 {
2797 if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
2798 {
2799 mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2800 (unsigned int) -ret );
2801 goto exit;
2802 }
2803 }
2804
2805 mbedtls_printf( " ok\n" );
2806
2807 if( opt.reco_mode == 1 )
2808 {
2809 mbedtls_printf( " [ Saved %u bytes of session data]\n",
2810 (unsigned) session_data_len );
2811 }
2812 }
2813 continue;
2814 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
2815
2816 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
2817
2818 default:
2819 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
2820 (unsigned int) -ret );
2821 goto exit;
2822 }
2823 }
2824
2825 len = ret;
2826 buf[len] = '\0';
2827 mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf );
2828 fflush( stdout );
2829 /* End of message should be detected according to the syntax of the
2830 * application protocol (eg HTTP), just use a dummy test here. */
2831 if( ret > 0 && buf[len-1] == '\n' )
2832 {
2833 ret = 0;
2834 break;
2835 }
2836 }
2837 while( 1 );
2838 }
2839 else /* Not stream, so datagram */
2840 {
2841 len = sizeof( buf ) - 1;
2842 memset( buf, 0, sizeof( buf ) );
2843
2844 while( 1 )
2845 {
2846 ret = mbedtls_ssl_read( &ssl, buf, len );
2847
2848 #if defined(MBEDTLS_ECP_RESTARTABLE)
2849 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2850 continue;
2851 #endif
2852
2853 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2854 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2855 break;
2856
2857 /* For event-driven IO, wait for socket to become available */
2858 if( opt.event == 1 /* level triggered IO */ )
2859 {
2860 #if defined(MBEDTLS_TIMING_C)
2861 idle( &server_fd, &timer, ret );
2862 #else
2863 idle( &server_fd, ret );
2864 #endif
2865 }
2866 }
2867
2868 if( ret <= 0 )
2869 {
2870 switch( ret )
2871 {
2872 case MBEDTLS_ERR_SSL_TIMEOUT:
2873 mbedtls_printf( " timeout\n" );
2874 if( retry_left-- > 0 )
2875 goto send_request;
2876 goto exit;
2877
2878 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2879 mbedtls_printf( " connection was closed gracefully\n" );
2880 ret = 0;
2881 goto close_notify;
2882
2883 default:
2884 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
2885 goto exit;
2886 }
2887 }
2888
2889 len = ret;
2890 buf[len] = '\0';
2891 mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf );
2892 ret = 0;
2893 }
2894
2895 /*
2896 * 7b. Simulate hard reset and reconnect from same port?
2897 */
2898 if( opt.reconnect_hard != 0 )
2899 {
2900 opt.reconnect_hard = 0;
2901
2902 mbedtls_printf( " . Restarting connection from same port..." );
2903 fflush( stdout );
2904
2905 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2906 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
2907 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2908
2909 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
2910 {
2911 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2912 (unsigned int) -ret );
2913 goto exit;
2914 }
2915
2916 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2917 {
2918 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2919 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2920 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2921 {
2922 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2923 (unsigned int) -ret );
2924 goto exit;
2925 }
2926
2927 /* For event-driven IO, wait for socket to become available */
2928 if( opt.event == 1 /* level triggered IO */ )
2929 {
2930 #if defined(MBEDTLS_TIMING_C)
2931 idle( &server_fd, &timer, ret );
2932 #else
2933 idle( &server_fd, ret );
2934 #endif
2935 }
2936 }
2937
2938 mbedtls_printf( " ok\n" );
2939
2940 goto send_request;
2941 }
2942
2943 /*
2944 * 7c. Simulate serialize/deserialize and go back to data exchange
2945 */
2946 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2947 if( opt.serialize != 0 )
2948 {
2949 size_t buf_len;
2950
2951 mbedtls_printf( " . Serializing live connection..." );
2952
2953 ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
2954 if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
2955 {
2956 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2957 "-0x%x\n\n", (unsigned int) -ret );
2958
2959 goto exit;
2960 }
2961
2962 if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL )
2963 {
2964 mbedtls_printf( " failed\n ! Couldn't allocate buffer for "
2965 "serialized context" );
2966
2967 goto exit;
2968 }
2969 context_buf_len = buf_len;
2970
2971 if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
2972 buf_len, &buf_len ) ) != 0 )
2973 {
2974 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2975 "-0x%x\n\n", (unsigned int) -ret );
2976
2977 goto exit;
2978 }
2979
2980 mbedtls_printf( " ok\n" );
2981
2982 /* Save serialized context to the 'opt.context_file' as a base64 code */
2983 if( 0 < strlen( opt.context_file ) )
2984 {
2985 FILE *b64_file;
2986 uint8_t *b64_buf;
2987 size_t b64_len;
2988
2989 mbedtls_printf( " . Save serialized context to a file... " );
2990
2991 mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
2992
2993 if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
2994 {
2995 mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
2996 "the base64 code\n" );
2997 goto exit;
2998 }
2999
3000 if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
3001 context_buf, buf_len ) ) != 0 )
3002 {
3003 mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
3004 "-0x%x\n", (unsigned int) -ret );
3005 mbedtls_free( b64_buf );
3006 goto exit;
3007 }
3008
3009 if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
3010 {
3011 mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
3012 opt.context_file );
3013 mbedtls_free( b64_buf );
3014 goto exit;
3015 }
3016
3017 if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
3018 {
3019 mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
3020 (long) b64_len );
3021 mbedtls_free( b64_buf );
3022 fclose( b64_file );
3023 goto exit;
3024 }
3025
3026 mbedtls_free( b64_buf );
3027 fclose( b64_file );
3028
3029 mbedtls_printf( "ok\n" );
3030 }
3031
3032 if( opt.serialize == 1 )
3033 {
3034 /* nothing to do here, done by context_save() already */
3035 mbedtls_printf( " . Context has been reset... ok\n" );
3036 }
3037
3038 if( opt.serialize == 2 )
3039 {
3040 mbedtls_printf( " . Freeing and reinitializing context..." );
3041
3042 mbedtls_ssl_free( &ssl );
3043
3044 mbedtls_ssl_init( &ssl );
3045
3046 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
3047 {
3048 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
3049 "-0x%x\n\n", (unsigned int) -ret );
3050 goto exit;
3051 }
3052
3053 if( opt.nbio == 2 )
3054 mbedtls_ssl_set_bio( &ssl, &server_fd, delayed_send,
3055 delayed_recv, NULL );
3056 else
3057 mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send,
3058 mbedtls_net_recv,
3059 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
3060
3061 #if defined(MBEDTLS_TIMING_C)
3062 mbedtls_ssl_set_timer_cb( &ssl, &timer,
3063 mbedtls_timing_set_delay,
3064 mbedtls_timing_get_delay );
3065 #endif /* MBEDTLS_TIMING_C */
3066
3067 mbedtls_printf( " ok\n" );
3068 }
3069
3070 mbedtls_printf( " . Deserializing connection..." );
3071
3072 if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
3073 buf_len ) ) != 0 )
3074 {
3075 mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
3076 "-0x%x\n\n", (unsigned int) -ret );
3077
3078 goto exit;
3079 }
3080
3081 mbedtls_free( context_buf );
3082 context_buf = NULL;
3083 context_buf_len = 0;
3084
3085 mbedtls_printf( " ok\n" );
3086 }
3087 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
3088
3089 /*
3090 * 7d. Continue doing data exchanges?
3091 */
3092 if( --opt.exchanges > 0 )
3093 goto send_request;
3094
3095 /*
3096 * 8. Done, cleanly close the connection
3097 */
3098 close_notify:
3099 mbedtls_printf( " . Closing the connection..." );
3100 fflush( stdout );
3101
3102 /*
3103 * Most of the time sending a close_notify before closing is the right
3104 * thing to do. However, when the server already knows how many messages
3105 * are expected and closes the connection by itself, this alert becomes
3106 * redundant. Sometimes with DTLS this redundancy becomes a problem by
3107 * leading to a race condition where the server might close the connection
3108 * before seeing the alert, and since UDP is connection-less when the
3109 * alert arrives it will be seen as a new connection, which will fail as
3110 * the alert is clearly not a valid ClientHello. This may cause spurious
3111 * failures in tests that use DTLS and resumption with ssl_server2 in
3112 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
3113 */
3114 if( opt.skip_close_notify == 0 )
3115 {
3116 /* No error checking, the connection might be closed already */
3117 do ret = mbedtls_ssl_close_notify( &ssl );
3118 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3119 ret = 0;
3120 }
3121
3122 mbedtls_printf( " done\n" );
3123
3124 /*
3125 * 9. Reconnect?
3126 */
3127 reconnect:
3128 if( opt.reconnect != 0 )
3129 {
3130 --opt.reconnect;
3131
3132 mbedtls_net_free( &server_fd );
3133
3134 #if defined(MBEDTLS_TIMING_C)
3135 if( opt.reco_delay > 0 )
3136 mbedtls_net_usleep( 1000000 * opt.reco_delay );
3137 #endif
3138
3139 mbedtls_printf( " . Reconnecting with saved session..." );
3140
3141 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
3142 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
3143 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
3144
3145 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
3146 {
3147 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
3148 (unsigned int) -ret );
3149 goto exit;
3150 }
3151
3152 if( opt.reco_mode == 1 )
3153 {
3154 if( ( ret = mbedtls_ssl_session_load( &saved_session,
3155 session_data,
3156 session_data_len ) ) != 0 )
3157 {
3158 mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
3159 (unsigned int) -ret );
3160 goto exit;
3161 }
3162 }
3163
3164 if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
3165 {
3166 mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
3167 (unsigned int) -ret );
3168 goto exit;
3169 }
3170
3171 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3172 if( opt.reco_server_name != NULL &&
3173 ( ret = mbedtls_ssl_set_hostname( &ssl,
3174 opt.reco_server_name ) ) != 0 )
3175 {
3176 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
3177 ret );
3178 goto exit;
3179 }
3180 #endif
3181
3182 if( ( ret = mbedtls_net_connect( &server_fd,
3183 opt.server_addr, opt.server_port,
3184 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
3185 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
3186 {
3187 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
3188 (unsigned int) -ret );
3189 goto exit;
3190 }
3191
3192 if( opt.nbio > 0 )
3193 ret = mbedtls_net_set_nonblock( &server_fd );
3194 else
3195 ret = mbedtls_net_set_block( &server_fd );
3196 if( ret != 0 )
3197 {
3198 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
3199 (unsigned int) -ret );
3200 goto exit;
3201 }
3202
3203 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
3204 {
3205 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
3206 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3207 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
3208 {
3209 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
3210 (unsigned int) -ret );
3211 goto exit;
3212 }
3213 }
3214
3215 mbedtls_printf( " ok\n" );
3216
3217 goto send_request;
3218 }
3219
3220 /*
3221 * Cleanup and exit
3222 */
3223 exit:
3224 #ifdef MBEDTLS_ERROR_C
3225 if( ret != 0 )
3226 {
3227 char error_buf[100];
3228 mbedtls_strerror( ret, error_buf, 100 );
3229 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
3230 }
3231 #endif
3232
3233 mbedtls_net_free( &server_fd );
3234
3235 mbedtls_ssl_free( &ssl );
3236 mbedtls_ssl_config_free( &conf );
3237 mbedtls_ssl_session_free( &saved_session );
3238
3239 if( session_data != NULL )
3240 mbedtls_platform_zeroize( session_data, session_data_len );
3241 mbedtls_free( session_data );
3242 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3243 if( context_buf != NULL )
3244 mbedtls_platform_zeroize( context_buf, context_buf_len );
3245 mbedtls_free( context_buf );
3246 #endif
3247
3248 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
3249 mbedtls_x509_crt_free( &clicert );
3250 mbedtls_x509_crt_free( &cacert );
3251 mbedtls_pk_free( &pkey );
3252 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3253 psa_destroy_key( key_slot );
3254 #endif
3255 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
3256
3257 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
3258 defined(MBEDTLS_USE_PSA_CRYPTO)
3259 if( opt.psk_opaque != 0 )
3260 {
3261 /* This is ok even if the slot hasn't been
3262 * initialized (we might have jumed here
3263 * immediately because of bad cmd line params,
3264 * for example). */
3265 status = psa_destroy_key( slot );
3266 if( ( status != PSA_SUCCESS ) &&
3267 ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
3268 {
3269 mbedtls_printf( "Failed to destroy key slot %u - error was %d",
3270 (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ),
3271 (int) status );
3272 if( ret == 0 )
3273 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3274 }
3275 }
3276 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
3277 MBEDTLS_USE_PSA_CRYPTO */
3278
3279 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
3280 const char* message = mbedtls_test_helper_is_psa_leaking();
3281 if( message )
3282 {
3283 if( ret == 0 )
3284 ret = 1;
3285 mbedtls_printf( "PSA memory leak detected: %s\n", message);
3286 }
3287 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
3288
3289 /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
3290 * resources are freed by rng_free(). */
3291 #if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
3292 !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
3293 mbedtls_psa_crypto_free( );
3294 #endif
3295
3296 rng_free( &rng );
3297
3298 #if defined(MBEDTLS_TEST_HOOKS)
3299 if( test_hooks_failure_detected( ) )
3300 {
3301 if( ret == 0 )
3302 ret = 1;
3303 mbedtls_printf( "Test hooks detected errors.\n" );
3304 }
3305 test_hooks_free( );
3306 #endif /* MBEDTLS_TEST_HOOKS */
3307
3308 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3309 #if defined(MBEDTLS_MEMORY_DEBUG)
3310 mbedtls_memory_buffer_alloc_status();
3311 #endif
3312 mbedtls_memory_buffer_alloc_free();
3313 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
3314
3315 // Shell can not handle large exit numbers -> 1 for errors
3316 if( ret < 0 )
3317 ret = 1;
3318
3319 if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
3320 mbedtls_exit( ret );
3321 else
3322 mbedtls_exit( query_config_ret );
3323 }
3324 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
3325
