|  | /* | 
|  | *  Common code library for SSL test programs. | 
|  | * | 
|  | *  In addition to the functions in this file, there is shared source code | 
|  | *  that cannot be compiled separately in "ssl_test_common_source.c". | 
|  | * | 
|  | *  Copyright The Mbed TLS Contributors | 
|  | *  SPDX-License-Identifier: Apache-2.0 | 
|  | * | 
|  | *  Licensed under the Apache License, Version 2.0 (the "License"); you may | 
|  | *  not use this file except in compliance with the License. | 
|  | *  You may obtain a copy of the License at | 
|  | * | 
|  | *  http://www.apache.org/licenses/LICENSE-2.0 | 
|  | * | 
|  | *  Unless required by applicable law or agreed to in writing, software | 
|  | *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | 
|  | *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | *  See the License for the specific language governing permissions and | 
|  | *  limitations under the License. | 
|  | */ | 
|  |  | 
|  | #define MBEDTLS_ALLOW_PRIVATE_ACCESS | 
|  |  | 
|  | #include "ssl_test_lib.h" | 
|  |  | 
|  | #if defined(MBEDTLS_TEST_HOOKS) | 
|  | #include "test/helpers.h" | 
|  | #endif | 
|  |  | 
|  | #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) | 
|  |  | 
|  | void my_debug( void *ctx, int level, | 
|  | const char *file, int line, | 
|  | const char *str ) | 
|  | { | 
|  | const char *p, *basename; | 
|  |  | 
|  | /* Extract basename from file */ | 
|  | for( p = basename = file; *p != '\0'; p++ ) | 
|  | if( *p == '/' || *p == '\\' ) | 
|  | basename = p + 1; | 
|  |  | 
|  | mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", | 
|  | basename, line, level, str ); | 
|  | fflush( (FILE *) ctx  ); | 
|  | } | 
|  |  | 
|  | mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) | 
|  | { | 
|  | (void) time; | 
|  | return 0x5af2a056; | 
|  | } | 
|  |  | 
|  | #if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) | 
|  | static int dummy_entropy( void *data, unsigned char *output, size_t len ) | 
|  | { | 
|  | size_t i; | 
|  | int ret; | 
|  | (void) data; | 
|  |  | 
|  | ret = mbedtls_entropy_func( data, output, len ); | 
|  | for( i = 0; i < len; i++ ) | 
|  | { | 
|  | //replace result with pseudo random | 
|  | output[i] = (unsigned char) rand(); | 
|  | } | 
|  | return ret ; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | void rng_init( rng_context_t *rng ) | 
|  | { | 
|  | #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) | 
|  | (void) rng; | 
|  | psa_crypto_init( ); | 
|  | #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  |  | 
|  | #if defined(MBEDTLS_CTR_DRBG_C) | 
|  | mbedtls_ctr_drbg_init( &rng->drbg ); | 
|  | #elif defined(MBEDTLS_HMAC_DRBG_C) | 
|  | mbedtls_hmac_drbg_init( &rng->drbg ); | 
|  | #else | 
|  | #error "No DRBG available" | 
|  | #endif | 
|  |  | 
|  | mbedtls_entropy_init( &rng->entropy ); | 
|  | #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  | } | 
|  |  | 
|  | int rng_seed( rng_context_t *rng, int reproducible, const char *pers ) | 
|  | { | 
|  | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 
|  | if( reproducible ) | 
|  | { | 
|  | mbedtls_fprintf( stderr, | 
|  | "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" ); | 
|  | return -1 ; | 
|  | } | 
|  | #endif | 
|  | #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) | 
|  | /* The PSA crypto RNG does its own seeding. */ | 
|  | (void) rng; | 
|  | (void) pers; | 
|  | if( reproducible ) | 
|  | { | 
|  | mbedtls_fprintf( stderr, | 
|  | "The PSA RNG does not support reproducible mode.\n" ); | 
|  | return -1 ; | 
|  | } | 
|  | return 0 ; | 
|  | #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  | int ( *f_entropy )( void *, unsigned char *, size_t ) = | 
|  | ( reproducible ? dummy_entropy : mbedtls_entropy_func ); | 
|  |  | 
|  | if ( reproducible ) | 
|  | srand( 1 ); | 
|  |  | 
|  | #if defined(MBEDTLS_CTR_DRBG_C) | 
|  | int ret = mbedtls_ctr_drbg_seed( &rng->drbg, | 
|  | f_entropy, &rng->entropy, | 
|  | (const unsigned char *) pers, | 
|  | strlen( pers ) ); | 
|  | #elif defined(MBEDTLS_HMAC_DRBG_C) | 
|  | #if defined(MBEDTLS_SHA256_C) | 
|  | const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; | 
|  | #elif defined(MBEDTLS_SHA512_C) | 
|  | const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512; | 
|  | #else | 
|  | #error "No message digest available for HMAC_DRBG" | 
|  | #endif | 
|  | int ret = mbedtls_hmac_drbg_seed( &rng->drbg, | 
|  | mbedtls_md_info_from_type( md_type ), | 
|  | f_entropy, &rng->entropy, | 
|  | (const unsigned char *) pers, | 
|  | strlen( pers ) ); | 
|  | #else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ | 
|  | #error "No DRBG available" | 
|  | #endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ | 
|  |  | 
|  | if( ret != 0 ) | 
|  | { | 
|  | mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned -0x%x\n", | 
|  | (unsigned int) -ret ); | 
|  | return ret ; | 
|  | } | 
|  | #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  |  | 
|  | return 0 ; | 
|  | } | 
|  |  | 
|  | void rng_free( rng_context_t *rng ) | 
|  | { | 
|  | #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) | 
|  | (void) rng; | 
|  | /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs. | 
|  | * This is ok because none of our applications try to do any crypto after | 
|  | * deinitializing the RNG. */ | 
|  | mbedtls_psa_crypto_free( ); | 
|  | #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  |  | 
|  | #if defined(MBEDTLS_CTR_DRBG_C) | 
|  | mbedtls_ctr_drbg_free( &rng->drbg ); | 
|  | #elif defined(MBEDTLS_HMAC_DRBG_C) | 
|  | mbedtls_hmac_drbg_free( &rng->drbg ); | 
|  | #else | 
|  | #error "No DRBG available" | 
|  | #endif | 
|  |  | 
|  | mbedtls_entropy_free( &rng->entropy ); | 
|  | #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  | } | 
|  |  | 
|  | int rng_get( void *p_rng, unsigned char *output, size_t output_len ) | 
|  | { | 
|  | #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) | 
|  | (void) p_rng; | 
|  | return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, | 
|  | output, output_len ) ); | 
|  | #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  | rng_context_t *rng = p_rng; | 
|  |  | 
|  | #if defined(MBEDTLS_CTR_DRBG_C) | 
|  | return mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) ; | 
|  | #elif defined(MBEDTLS_HMAC_DRBG_C) | 
|  | return mbedtls_hmac_drbg_random( &rng->drbg, output, output_len ) ; | 
|  | #else | 
|  | #error "No DRBG available" | 
|  | #endif | 
|  |  | 
|  | #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ | 
|  | } | 
|  |  | 
|  | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) | 
|  | int ca_callback( void *data, mbedtls_x509_crt const *child, | 
|  | mbedtls_x509_crt **candidates ) | 
|  | { | 
|  | int ret = 0; | 
|  | mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; | 
|  | mbedtls_x509_crt *first; | 
|  |  | 
|  | /* This is a test-only implementation of the CA callback | 
|  | * which always returns the entire list of trusted certificates. | 
|  | * Production implementations managing a large number of CAs | 
|  | * should use an efficient presentation and lookup for the | 
|  | * set of trusted certificates (such as a hashtable) and only | 
|  | * return those trusted certificates which satisfy basic | 
|  | * parental checks, such as the matching of child `Issuer` | 
|  | * and parent `Subject` field or matching key identifiers. */ | 
|  | ((void) child); | 
|  |  | 
|  | first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); | 
|  | if( first == NULL ) | 
|  | { | 
|  | ret = -1; | 
|  | goto exit; | 
|  | } | 
|  | mbedtls_x509_crt_init( first ); | 
|  |  | 
|  | if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) | 
|  | { | 
|  | ret = -1; | 
|  | goto exit; | 
|  | } | 
|  |  | 
|  | while( ca->next != NULL ) | 
|  | { | 
|  | ca = ca->next; | 
|  | if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) | 
|  | { | 
|  | ret = -1; | 
|  | goto exit; | 
|  | } | 
|  | } | 
|  |  | 
|  | exit: | 
|  |  | 
|  | if( ret != 0 ) | 
|  | { | 
|  | mbedtls_x509_crt_free( first ); | 
|  | mbedtls_free( first ); | 
|  | first = NULL; | 
|  | } | 
|  |  | 
|  | *candidates = first; | 
|  | return ret ; | 
|  | } | 
|  | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ | 
|  |  | 
|  | int delayed_recv( void *ctx, unsigned char *buf, size_t len ) | 
|  | { | 
|  | static int first_try = 1; | 
|  | int ret; | 
|  |  | 
|  | if( first_try ) | 
|  | { | 
|  | first_try = 0; | 
|  | return MBEDTLS_ERR_SSL_WANT_READ ; | 
|  | } | 
|  |  | 
|  | ret = mbedtls_net_recv( ctx, buf, len ); | 
|  | if( ret != MBEDTLS_ERR_SSL_WANT_READ ) | 
|  | first_try = 1; /* Next call will be a new operation */ | 
|  | return ret ; | 
|  | } | 
|  |  | 
|  | int delayed_send( void *ctx, const unsigned char *buf, size_t len ) | 
|  | { | 
|  | static int first_try = 1; | 
|  | int ret; | 
|  |  | 
|  | if( first_try ) | 
|  | { | 
|  | first_try = 0; | 
|  | return MBEDTLS_ERR_SSL_WANT_WRITE ; | 
|  | } | 
|  |  | 
|  | ret = mbedtls_net_send( ctx, buf, len ); | 
|  | if( ret != MBEDTLS_ERR_SSL_WANT_WRITE ) | 
|  | first_try = 1; /* Next call will be a new operation */ | 
|  | return ret ; | 
|  | } | 
|  |  | 
|  | #if !defined(MBEDTLS_TIMING_C) | 
|  | int idle( mbedtls_net_context *fd, | 
|  | int idle_reason ) | 
|  | #else | 
|  | int idle( mbedtls_net_context *fd, | 
|  | mbedtls_timing_delay_context *timer, | 
|  | int idle_reason ) | 
|  | #endif | 
|  | { | 
|  | int ret; | 
|  | int poll_type = 0; | 
|  |  | 
|  | if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) | 
|  | poll_type = MBEDTLS_NET_POLL_WRITE; | 
|  | else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) | 
|  | poll_type = MBEDTLS_NET_POLL_READ; | 
|  | #if !defined(MBEDTLS_TIMING_C) | 
|  | else | 
|  | return 0 ; | 
|  | #endif | 
|  |  | 
|  | while( 1 ) | 
|  | { | 
|  | /* Check if timer has expired */ | 
|  | #if defined(MBEDTLS_TIMING_C) | 
|  | if( timer != NULL && | 
|  | mbedtls_timing_get_delay( timer ) == 2 ) | 
|  | { | 
|  | break; | 
|  | } | 
|  | #endif /* MBEDTLS_TIMING_C */ | 
|  |  | 
|  | /* Check if underlying transport became available */ | 
|  | if( poll_type != 0 ) | 
|  | { | 
|  | ret = mbedtls_net_poll( fd, poll_type, 0 ); | 
|  | if( ret < 0 ) | 
|  | return ret ; | 
|  | if( ret == poll_type ) | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | return 0 ; | 
|  | } | 
|  |  | 
|  | #if defined(MBEDTLS_TEST_HOOKS) | 
|  |  | 
|  | void test_hooks_init( void ) | 
|  | { | 
|  | mbedtls_test_info_reset( ); | 
|  |  | 
|  | #if defined(MBEDTLS_TEST_MUTEX_USAGE) | 
|  | mbedtls_test_mutex_usage_init( ); | 
|  | #endif | 
|  | } | 
|  |  | 
|  | int test_hooks_failure_detected( void ) | 
|  | { | 
|  | #if defined(MBEDTLS_TEST_MUTEX_USAGE) | 
|  | /* Errors are reported via mbedtls_test_info. */ | 
|  | mbedtls_test_mutex_usage_check( ); | 
|  | #endif | 
|  |  | 
|  | if( mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS ) | 
|  | return 1 ; | 
|  | return 0 ; | 
|  | } | 
|  |  | 
|  | void test_hooks_free( void ) | 
|  | { | 
|  | } | 
|  |  | 
|  | #endif /* MBEDTLS_TEST_HOOKS */ | 
|  |  | 
|  | #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ |