TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 70824f2c9ea28a0c044f14d967ce21899f41441d / . / programs / ssl / ssl_server2.c
blob: d1e45be3c13a8412161c92de28dd43b5c72787eb [file] [log] [blame]
Gilles Peskine70824f22020-02-26 19:05:33 +0100[diff] [blame^]1/*
2 * SSL client with options
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PLATFORM_C)
29#include "mbedtls/platform.h"
30#else
31#include <stdio.h>
32#include <stdlib.h>
33#define mbedtls_calloc calloc
34#define mbedtls_free free
35#define mbedtls_time time
36#define mbedtls_time_t time_t
37#define mbedtls_calloc calloc
38#define mbedtls_fprintf fprintf
39#define mbedtls_printf printf
40#define mbedtls_exit exit
41#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
42#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
43#endif
44
45#if !defined(MBEDTLS_ENTROPY_C) || \
46 !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
47 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
48int main( void )
49{
50 mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
51 "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
52 "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
53 return( 0 );
54}
55#else
56
57#include "mbedtls/net_sockets.h"
58#include "mbedtls/ssl.h"
59#include "mbedtls/entropy.h"
60#include "mbedtls/ctr_drbg.h"
61#include "mbedtls/certs.h"
62#include "mbedtls/x509.h"
63#include "mbedtls/error.h"
64#include "mbedtls/debug.h"
65#include "mbedtls/timing.h"
66
67#if defined(MBEDTLS_USE_PSA_CRYPTO)
68#include "psa/crypto.h"
69#include "mbedtls/psa_util.h"
70#endif
71
72#include <stdio.h>
73#include <stdlib.h>
74#include <string.h>
75#include <stdint.h>
76
77#if !defined(_MSC_VER)
78#include <inttypes.h>
79#endif
80
81#if !defined(_WIN32)
82#include <signal.h>
83#endif
84
85#if defined(MBEDTLS_SSL_CACHE_C)
86#include "mbedtls/ssl_cache.h"
87#endif
88
89#if defined(MBEDTLS_SSL_TICKET_C)
90#include "mbedtls/ssl_ticket.h"
91#endif
92
93#if defined(MBEDTLS_SSL_COOKIE_C)
94#include "mbedtls/ssl_cookie.h"
95#endif
96
97#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
98#include "mbedtls/memory_buffer_alloc.h"
99#endif
100
101#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO)
102#define SNI_OPTION
103#endif
104
105#if defined(_WIN32)
106#include <windows.h>
107#endif
108
109/* Size of memory to be allocated for the heap, when using the library's memory
110 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
111#define MEMORY_HEAP_SIZE 120000
112
113#define DFL_SERVER_ADDR NULL
114#define DFL_SERVER_PORT "4433"
115#define DFL_RESPONSE_SIZE -1
116#define DFL_DEBUG_LEVEL 0
117#define DFL_NBIO 0
118#define DFL_EVENT 0
119#define DFL_READ_TIMEOUT 0
120#define DFL_CA_FILE ""
121#define DFL_CA_PATH ""
122#define DFL_CRT_FILE ""
123#define DFL_KEY_FILE ""
124#define DFL_CRT_FILE2 ""
125#define DFL_KEY_FILE2 ""
126#define DFL_ASYNC_OPERATIONS "-"
127#define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
128#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
129#define DFL_ASYNC_PRIVATE_ERROR ( 0 )
130#define DFL_PSK ""
131#define DFL_PSK_OPAQUE 0
132#define DFL_PSK_LIST_OPAQUE 0
133#define DFL_PSK_IDENTITY "Client_identity"
134#define DFL_ECJPAKE_PW NULL
135#define DFL_PSK_LIST NULL
136#define DFL_FORCE_CIPHER 0
137#define DFL_VERSION_SUITES NULL
138#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
139#define DFL_ALLOW_LEGACY -2
140#define DFL_RENEGOTIATE 0
141#define DFL_RENEGO_DELAY -2
142#define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
143#define DFL_EXCHANGES 1
144#define DFL_MIN_VERSION -1
145#define DFL_MAX_VERSION -1
146#define DFL_ARC4 -1
147#define DFL_SHA1 -1
148#define DFL_AUTH_MODE -1
149#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
150#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
151#define DFL_TRUNC_HMAC -1
152#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
153#define DFL_TICKET_TIMEOUT 86400
154#define DFL_CACHE_MAX -1
155#define DFL_CACHE_TIMEOUT -1
156#define DFL_SNI NULL
157#define DFL_ALPN_STRING NULL
158#define DFL_CURVES NULL
159#define DFL_DHM_FILE NULL
160#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
161#define DFL_COOKIES 1
162#define DFL_ANTI_REPLAY -1
163#define DFL_HS_TO_MIN 0
164#define DFL_HS_TO_MAX 0
165#define DFL_DTLS_MTU -1
166#define DFL_BADMAC_LIMIT -1
167#define DFL_DGRAM_PACKING 1
168#define DFL_EXTENDED_MS -1
169#define DFL_ETM -1
170#define DFL_CA_CALLBACK 0
171
172#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
173 "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
174 "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
175 "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
176 "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
177 "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
178 "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
179
180/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
181 * packets (for fragmentation purposes) */
182#define HTTP_RESPONSE \
183 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
184 "<h2>mbed TLS Test Server</h2>\r\n" \
185 "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
186
187/*
188 * Size of the basic I/O buffer. Able to hold our default response.
189 *
190 * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
191 * if you change this value to something outside the range <= 100 or > 500
192 */
193#define DFL_IO_BUF_LEN 200
194
195#if defined(MBEDTLS_X509_CRT_PARSE_C)
196#if defined(MBEDTLS_FS_IO)
197#define USAGE_IO \
198 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
199 " default: \"\" (pre-loaded)\n" \
200 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
201 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
202 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
203 " default: see note after key_file2\n" \
204 " key_file=%%s default: see note after key_file2\n" \
205 " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
206 " default: see note after key_file2\n" \
207 " key_file2=%%s default: see note below\n" \
208 " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
209 " preloaded certificate(s) and key(s) are used if available\n" \
210 " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
211 " default: preloaded parameters\n"
212#else
213#define USAGE_IO \
214 "\n" \
215 " No file operations available (MBEDTLS_FS_IO not defined)\n" \
216 "\n"
217#endif /* MBEDTLS_FS_IO */
218#else
219#define USAGE_IO ""
220#endif /* MBEDTLS_X509_CRT_PARSE_C */
221
222#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
223#define USAGE_SSL_ASYNC \
224 " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
225 " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
226 " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
227 " default: -1 (not asynchronous)\n" \
228 " async_private_error=%%d Async callback error injection (default=0=none,\n" \
229 " 1=start, 2=cancel, 3=resume, negative=first time only)"
230#else
231#define USAGE_SSL_ASYNC ""
232#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
233
234#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
235#define USAGE_PSK_RAW \
236 " psk=%%s default: \"\" (in hex, without 0x)\n" \
237 " psk_list=%%s default: \"\"\n" \
238 " A list of (PSK identity, PSK value) pairs.\n" \
239 " The PSK values are in hex, without 0x.\n" \
240 " id1,psk1[,id2,psk2[,...]]\n" \
241 " psk_identity=%%s default: \"Client_identity\"\n"
242#if defined(MBEDTLS_USE_PSA_CRYPTO)
243#define USAGE_PSK_SLOT \
244 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
245 " Enable this to store the PSK configured through command line\n" \
246 " parameter `psk` in a PSA-based key slot.\n" \
247 " Note: Currently only supported in conjunction with\n" \
248 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
249 " to force a particular PSK-only ciphersuite.\n" \
250 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
251 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
252 " with prepopulated key slots instead of importing raw key material.\n" \
253 " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \
254 " Enable this to store the list of dynamically chosen PSKs configured\n" \
255 " through the command line parameter `psk_list` in PSA-based key slots.\n" \
256 " Note: Currently only supported in conjunction with\n" \
257 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
258 " to force a particular PSK-only ciphersuite.\n" \
259 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
260 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
261 " with prepopulated key slots instead of importing raw key material.\n"
262#else
263#define USAGE_PSK_SLOT ""
264#endif /* MBEDTLS_USE_PSA_CRYPTO */
265#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
266#else
267#define USAGE_PSK ""
268#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
269#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
270#define USAGE_CA_CALLBACK \
271 " ca_callback=%%d default: 0 (disabled)\n" \
272 " Enable this to use the trusted certificate callback function\n"
273#else
274#define USAGE_CA_CALLBACK ""
275#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
276#if defined(MBEDTLS_SSL_SESSION_TICKETS)
277#define USAGE_TICKETS \
278 " tickets=%%d default: 1 (enabled)\n" \
279 " ticket_timeout=%%d default: 86400 (one day)\n"
280#else
281#define USAGE_TICKETS ""
282#endif /* MBEDTLS_SSL_SESSION_TICKETS */
283
284#if defined(MBEDTLS_SSL_CACHE_C)
285#define USAGE_CACHE \
286 " cache_max=%%d default: cache default (50)\n" \
287 " cache_timeout=%%d default: cache default (1d)\n"
288#else
289#define USAGE_CACHE ""
290#endif /* MBEDTLS_SSL_CACHE_C */
291
292#if defined(SNI_OPTION)
293#define USAGE_SNI \
294 " sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \
295 " default: disabled\n"
296#else
297#define USAGE_SNI ""
298#endif /* SNI_OPTION */
299
300#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
301#define USAGE_MAX_FRAG_LEN \
302 " max_frag_len=%%d default: 16384 (tls default)\n" \
303 " options: 512, 1024, 2048, 4096\n"
304#else
305#define USAGE_MAX_FRAG_LEN ""
306#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
307
308#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
309#define USAGE_TRUNC_HMAC \
310 " trunc_hmac=%%d default: library default\n"
311#else
312#define USAGE_TRUNC_HMAC ""
313#endif
314
315#if defined(MBEDTLS_SSL_ALPN)
316#define USAGE_ALPN \
317 " alpn=%%s default: \"\" (disabled)\n" \
318 " example: spdy/1,http/1.1\n"
319#else
320#define USAGE_ALPN ""
321#endif /* MBEDTLS_SSL_ALPN */
322
323#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
324#define USAGE_COOKIES \
325 " cookies=0/1/-1 default: 1 (enabled)\n" \
326 " 0: disabled, -1: library default (broken)\n"
327#else
328#define USAGE_COOKIES ""
329#endif
330
331#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
332#define USAGE_ANTI_REPLAY \
333 " anti_replay=0/1 default: (library default: enabled)\n"
334#else
335#define USAGE_ANTI_REPLAY ""
336#endif
337
338#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
339#define USAGE_BADMAC_LIMIT \
340 " badmac_limit=%%d default: (library default: disabled)\n"
341#else
342#define USAGE_BADMAC_LIMIT ""
343#endif
344
345#if defined(MBEDTLS_SSL_PROTO_DTLS)
346#define USAGE_DTLS \
347 " dtls=%%d default: 0 (TLS)\n" \
348 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
349 " range of DTLS handshake timeouts in millisecs\n" \
350 " mtu=%%d default: (library default: unlimited)\n" \
351 " dgram_packing=%%d default: 1 (allowed)\n" \
352 " allow or forbid packing of multiple\n" \
353 " records within a single datgram.\n"
354#else
355#define USAGE_DTLS ""
356#endif
357
358#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
359#define USAGE_EMS \
360 " extended_ms=0/1 default: (library default: on)\n"
361#else
362#define USAGE_EMS ""
363#endif
364
365#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
366#define USAGE_ETM \
367 " etm=0/1 default: (library default: on)\n"
368#else
369#define USAGE_ETM ""
370#endif
371
372#if defined(MBEDTLS_SSL_RENEGOTIATION)
373#define USAGE_RENEGO \
374 " renegotiation=%%d default: 0 (disabled)\n" \
375 " renegotiate=%%d default: 0 (disabled)\n" \
376 " renego_delay=%%d default: -2 (library default)\n" \
377 " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
378#else
379#define USAGE_RENEGO ""
380#endif
381
382#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
383#define USAGE_ECJPAKE \
384 " ecjpake_pw=%%s default: none (disabled)\n"
385#else
386#define USAGE_ECJPAKE ""
387#endif
388
389#if defined(MBEDTLS_ECP_C)
390#define USAGE_CURVES \
391 " curves=a,b,c,d default: \"default\" (library default)\n" \
392 " example: \"secp521r1,brainpoolP512r1\"\n" \
393 " - use \"none\" for empty list\n" \
394 " - see mbedtls_ecp_curve_list()\n" \
395 " for acceptable curve names\n"
396#else
397#define USAGE_CURVES ""
398#endif
399
400#define USAGE \
401 "\n usage: ssl_server2 param=<>...\n" \
402 "\n acceptable parameters:\n" \
403 " server_addr=%%s default: (all interfaces)\n" \
404 " server_port=%%d default: 4433\n" \
405 " debug_level=%%d default: 0 (disabled)\n" \
406 " buffer_size=%%d default: 200 \n" \
407 " (minimum: 1, max: 16385)\n" \
408 " response_size=%%d default: about 152 (basic response)\n" \
409 " (minimum: 0, max: 16384)\n" \
410 " increases buffer_size if bigger\n"\
411 " nbio=%%d default: 0 (blocking I/O)\n" \
412 " options: 1 (non-blocking), 2 (added delays)\n" \
413 " event=%%d default: 0 (loop)\n" \
414 " options: 1 (level-triggered, implies nbio=1),\n" \
415 " read_timeout=%%d default: 0 ms (no timeout)\n" \
416 "\n" \
417 USAGE_DTLS \
418 USAGE_COOKIES \
419 USAGE_ANTI_REPLAY \
420 USAGE_BADMAC_LIMIT \
421 "\n" \
422 " auth_mode=%%s default: (library default: none)\n" \
423 " options: none, optional, required\n" \
424 " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
425 " options: 1 (send ca list), 0 (don't send)\n" \
426 USAGE_IO \
427 USAGE_SSL_ASYNC \
428 USAGE_SNI \
429 "\n" \
430 USAGE_PSK \
431 USAGE_CA_CALLBACK \
432 USAGE_ECJPAKE \
433 "\n" \
434 " allow_legacy=%%d default: (library default: no)\n" \
435 USAGE_RENEGO \
436 " exchanges=%%d default: 1\n" \
437 "\n" \
438 USAGE_TICKETS \
439 USAGE_CACHE \
440 USAGE_MAX_FRAG_LEN \
441 USAGE_TRUNC_HMAC \
442 USAGE_ALPN \
443 USAGE_EMS \
444 USAGE_ETM \
445 USAGE_CURVES \
446 "\n" \
447 " arc4=%%d default: (library default: 0)\n" \
448 " allow_sha1=%%d default: 0\n" \
449 " min_version=%%s default: (library default: tls1)\n" \
450 " max_version=%%s default: (library default: tls1_2)\n" \
451 " force_version=%%s default: \"\" (none)\n" \
452 " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
453 "\n" \
454 " version_suites=a,b,c,d per-version ciphersuites\n" \
455 " in order from ssl3 to tls1_2\n" \
456 " default: all enabled\n" \
457 " force_ciphersuite=<name> default: all enabled\n" \
458 " query_config=<name> return 0 if the specified\n" \
459 " configuration macro is defined and 1\n" \
460 " otherwise. The expansion of the macro\n" \
461 " is printed if it is defined\n" \
462 " acceptable ciphersuite names:\n"
463
464
465#define ALPN_LIST_SIZE 10
466#define CURVE_LIST_SIZE 20
467
468#define PUT_UINT64_BE(out_be,in_le,i) \
469{ \
470 (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
471 (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
472 (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
473 (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
474 (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
475 (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
476 (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
477 (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
478}
479
480#if defined(MBEDTLS_CHECK_PARAMS)
481#include "mbedtls/platform_util.h"
482void mbedtls_param_failed( const char *failure_condition,
483 const char *file,
484 int line )
485{
486 mbedtls_printf( "%s:%i: Input param failed - %s\n",
487 file, line, failure_condition );
488 mbedtls_exit( MBEDTLS_EXIT_FAILURE );
489}
490#endif
491
492/*
493 * global options
494 */
495struct options
496{
497 const char *server_addr; /* address on which the ssl service runs */
498 const char *server_port; /* port on which the ssl service runs */
499 int debug_level; /* level of debugging */
500 int nbio; /* should I/O be blocking? */
501 int event; /* loop or event-driven IO? level or edge triggered? */
502 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
503 int response_size; /* pad response with header to requested size */
504 uint16_t buffer_size; /* IO buffer size */
505 const char *ca_file; /* the file with the CA certificate(s) */
506 const char *ca_path; /* the path with the CA certificate(s) reside */
507 const char *crt_file; /* the file with the server certificate */
508 const char *key_file; /* the file with the server key */
509 const char *crt_file2; /* the file with the 2nd server certificate */
510 const char *key_file2; /* the file with the 2nd server key */
511 const char *async_operations; /* supported SSL asynchronous operations */
512 int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
513 int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
514 int async_private_error; /* inject error in async private callback */
515#if defined(MBEDTLS_USE_PSA_CRYPTO)
516 int psk_opaque;
517 int psk_list_opaque;
518#endif
519#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
520 int ca_callback; /* Use callback for trusted certificate list */
521#endif
522 const char *psk; /* the pre-shared key */
523 const char *psk_identity; /* the pre-shared key identity */
524 char *psk_list; /* list of PSK id/key pairs for callback */
525 const char *ecjpake_pw; /* the EC J-PAKE password */
526 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
527 const char *version_suites; /* per-version ciphersuites */
528 int renegotiation; /* enable / disable renegotiation */
529 int allow_legacy; /* allow legacy renegotiation */
530 int renegotiate; /* attempt renegotiation? */
531 int renego_delay; /* delay before enforcing renegotiation */
532 uint64_t renego_period; /* period for automatic renegotiation */
533 int exchanges; /* number of data exchanges */
534 int min_version; /* minimum protocol version accepted */
535 int max_version; /* maximum protocol version accepted */
536 int arc4; /* flag for arc4 suites support */
537 int allow_sha1; /* flag for SHA-1 support */
538 int auth_mode; /* verify mode for connection */
539 int cert_req_ca_list; /* should we send the CA list? */
540 unsigned char mfl_code; /* code for maximum fragment length */
541 int trunc_hmac; /* accept truncated hmac? */
542 int tickets; /* enable / disable session tickets */
543 int ticket_timeout; /* session ticket lifetime */
544 int cache_max; /* max number of session cache entries */
545 int cache_timeout; /* expiration delay of session cache entries */
546 char *sni; /* string describing sni information */
547 const char *curves; /* list of supported elliptic curves */
548 const char *alpn_string; /* ALPN supported protocols */
549 const char *dhm_file; /* the file with the DH parameters */
550 int extended_ms; /* allow negotiation of extended MS? */
551 int etm; /* allow negotiation of encrypt-then-MAC? */
552 int transport; /* TLS or DTLS? */
553 int cookies; /* Use cookies for DTLS? -1 to break them */
554 int anti_replay; /* Use anti-replay for DTLS? -1 for default */
555 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
556 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
557 int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
558 int dgram_packing; /* allow/forbid datagram packing */
559 int badmac_limit; /* Limit of records with bad MAC */
560} opt;
561
562int query_config( const char *config );
563
564static void my_debug( void *ctx, int level,
565 const char *file, int line,
566 const char *str )
567{
568 const char *p, *basename;
569
570 /* Extract basename from file */
571 for( p = basename = file; *p != '\0'; p++ )
572 if( *p == '/' || *p == '\\' )
573 basename = p + 1;
574
575 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
576 fflush( (FILE *) ctx );
577}
578
579#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
580int ca_callback( void *data, mbedtls_x509_crt const *child,
581 mbedtls_x509_crt **candidates)
582{
583 int ret = 0;
584 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
585 mbedtls_x509_crt *first;
586
587 /* This is a test-only implementation of the CA callback
588 * which always returns the entire list of trusted certificates.
589 * Production implementations managing a large number of CAs
590 * should use an efficient presentation and lookup for the
591 * set of trusted certificates (such as a hashtable) and only
592 * return those trusted certificates which satisfy basic
593 * parental checks, such as the matching of child `Issuer`
594 * and parent `Subject` field. */
595 ((void) child);
596
597 first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
598 if( first == NULL )
599 {
600 ret = -1;
601 goto exit;
602 }
603 mbedtls_x509_crt_init( first );
604
605 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
606 {
607 ret = -1;
608 goto exit;
609 }
610
611 while( ca->next != NULL )
612 {
613 ca = ca->next;
614 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
615 {
616 ret = -1;
617 goto exit;
618 }
619 }
620
621exit:
622
623 if( ret != 0 )
624 {
625 mbedtls_x509_crt_free( first );
626 mbedtls_free( first );
627 first = NULL;
628 }
629
630 *candidates = first;
631 return( ret );
632}
633#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
634
635/*
636 * Test recv/send functions that make sure each try returns
637 * WANT_READ/WANT_WRITE at least once before sucesseding
638 */
639static int my_recv( void *ctx, unsigned char *buf, size_t len )
640{
641 static int first_try = 1;
642 int ret;
643
644 if( first_try )
645 {
646 first_try = 0;
647 return( MBEDTLS_ERR_SSL_WANT_READ );
648 }
649
650 ret = mbedtls_net_recv( ctx, buf, len );
651 if( ret != MBEDTLS_ERR_SSL_WANT_READ )
652 first_try = 1; /* Next call will be a new operation */
653 return( ret );
654}
655
656static int my_send( void *ctx, const unsigned char *buf, size_t len )
657{
658 static int first_try = 1;
659 int ret;
660
661 if( first_try )
662 {
663 first_try = 0;
664 return( MBEDTLS_ERR_SSL_WANT_WRITE );
665 }
666
667 ret = mbedtls_net_send( ctx, buf, len );
668 if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
669 first_try = 1; /* Next call will be a new operation */
670 return( ret );
671}
672
673/*
674 * Return authmode from string, or -1 on error
675 */
676static int get_auth_mode( const char *s )
677{
678 if( strcmp( s, "none" ) == 0 )
679 return( MBEDTLS_SSL_VERIFY_NONE );
680 if( strcmp( s, "optional" ) == 0 )
681 return( MBEDTLS_SSL_VERIFY_OPTIONAL );
682 if( strcmp( s, "required" ) == 0 )
683 return( MBEDTLS_SSL_VERIFY_REQUIRED );
684
685 return( -1 );
686}
687
688/*
689 * Used by sni_parse and psk_parse to handle coma-separated lists
690 */
691#define GET_ITEM( dst ) \
692 dst = p; \
693 while( *p != ',' ) \
694 if( ++p > end ) \
695 goto error; \
696 *p++ = '\0';
697
698#if defined(SNI_OPTION)
699typedef struct _sni_entry sni_entry;
700
701struct _sni_entry {
702 const char *name;
703 mbedtls_x509_crt *cert;
704 mbedtls_pk_context *key;
705 mbedtls_x509_crt* ca;
706 mbedtls_x509_crl* crl;
707 int authmode;
708 sni_entry *next;
709};
710
711void sni_free( sni_entry *head )
712{
713 sni_entry *cur = head, *next;
714
715 while( cur != NULL )
716 {
717 mbedtls_x509_crt_free( cur->cert );
718 mbedtls_free( cur->cert );
719
720 mbedtls_pk_free( cur->key );
721 mbedtls_free( cur->key );
722
723 mbedtls_x509_crt_free( cur->ca );
724 mbedtls_free( cur->ca );
725
726 mbedtls_x509_crl_free( cur->crl );
727 mbedtls_free( cur->crl );
728
729 next = cur->next;
730 mbedtls_free( cur );
731 cur = next;
732 }
733}
734
735/*
736 * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...]
737 * into a usable sni_entry list. For ca1, crl1, auth1, the special value
738 * '-' means unset. If ca1 is unset, then crl1 is ignored too.
739 *
740 * Modifies the input string! This is not production quality!
741 */
742sni_entry *sni_parse( char *sni_string )
743{
744 sni_entry *cur = NULL, *new = NULL;
745 char *p = sni_string;
746 char *end = p;
747 char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
748
749 while( *end != '\0' )
750 ++end;
751 *end = ',';
752
753 while( p <= end )
754 {
755 if( ( new = mbedtls_calloc( 1, sizeof( sni_entry ) ) ) == NULL )
756 {
757 sni_free( cur );
758 return( NULL );
759 }
760
761 GET_ITEM( new->name );
762 GET_ITEM( crt_file );
763 GET_ITEM( key_file );
764 GET_ITEM( ca_file );
765 GET_ITEM( crl_file );
766 GET_ITEM( auth_str );
767
768 if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
769 ( new->key = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) ) ) == NULL )
770 goto error;
771
772 mbedtls_x509_crt_init( new->cert );
773 mbedtls_pk_init( new->key );
774
775 if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
776 mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
777 goto error;
778
779 if( strcmp( ca_file, "-" ) != 0 )
780 {
781 if( ( new->ca = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
782 goto error;
783
784 mbedtls_x509_crt_init( new->ca );
785
786 if( mbedtls_x509_crt_parse_file( new->ca, ca_file ) != 0 )
787 goto error;
788 }
789
790 if( strcmp( crl_file, "-" ) != 0 )
791 {
792 if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
793 goto error;
794
795 mbedtls_x509_crl_init( new->crl );
796
797 if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
798 goto error;
799 }
800
801 if( strcmp( auth_str, "-" ) != 0 )
802 {
803 if( ( new->authmode = get_auth_mode( auth_str ) ) < 0 )
804 goto error;
805 }
806 else
807 new->authmode = DFL_AUTH_MODE;
808
809 new->next = cur;
810 cur = new;
811 }
812
813 return( cur );
814
815error:
816 sni_free( new );
817 sni_free( cur );
818 return( NULL );
819}
820
821/*
822 * SNI callback.
823 */
824int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
825 const unsigned char *name, size_t name_len )
826{
827 const sni_entry *cur = (const sni_entry *) p_info;
828
829 while( cur != NULL )
830 {
831 if( name_len == strlen( cur->name ) &&
832 memcmp( name, cur->name, name_len ) == 0 )
833 {
834 if( cur->ca != NULL )
835 mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
836
837 if( cur->authmode != DFL_AUTH_MODE )
838 mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
839
840 return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
841 }
842
843 cur = cur->next;
844 }
845
846 return( -1 );
847}
848
849#endif /* SNI_OPTION */
850
851#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
852
853#define HEX2NUM( c ) \
854 if( c >= '0' && c <= '9' ) \
855 c -= '0'; \
856 else if( c >= 'a' && c <= 'f' ) \
857 c -= 'a' - 10; \
858 else if( c >= 'A' && c <= 'F' ) \
859 c -= 'A' - 10; \
860 else \
861 return( -1 );
862
863/*
864 * Convert a hex string to bytes.
865 * Return 0 on success, -1 on error.
866 */
867int unhexify( unsigned char *output, const char *input, size_t *olen )
868{
869 unsigned char c;
870 size_t j;
871
872 *olen = strlen( input );
873 if( *olen % 2 != 0 || *olen / 2 > MBEDTLS_PSK_MAX_LEN )
874 return( -1 );
875 *olen /= 2;
876
877 for( j = 0; j < *olen * 2; j += 2 )
878 {
879 c = input[j];
880 HEX2NUM( c );
881 output[ j / 2 ] = c << 4;
882
883 c = input[j + 1];
884 HEX2NUM( c );
885 output[ j / 2 ] |= c;
886 }
887
888 return( 0 );
889}
890
891typedef struct _psk_entry psk_entry;
892
893struct _psk_entry
894{
895 const char *name;
896 size_t key_len;
897 unsigned char key[MBEDTLS_PSK_MAX_LEN];
898#if defined(MBEDTLS_USE_PSA_CRYPTO)
899 psa_key_handle_t slot;
900#endif /* MBEDTLS_USE_PSA_CRYPTO */
901 psk_entry *next;
902};
903
904/*
905 * Free a list of psk_entry's
906 */
907int psk_free( psk_entry *head )
908{
909 psk_entry *next;
910
911 while( head != NULL )
912 {
913#if defined(MBEDTLS_USE_PSA_CRYPTO)
914 psa_status_t status;
915 psa_key_handle_t const slot = head->slot;
916
917 if( slot != 0 )
918 {
919 status = psa_destroy_key( slot );
920 if( status != PSA_SUCCESS )
921 return( status );
922 }
923#endif /* MBEDTLS_USE_PSA_CRYPTO */
924
925 next = head->next;
926 mbedtls_free( head );
927 head = next;
928 }
929
930 return( 0 );
931}
932
933/*
934 * Parse a string of pairs name1,key1[,name2,key2[,...]]
935 * into a usable psk_entry list.
936 *
937 * Modifies the input string! This is not production quality!
938 */
939psk_entry *psk_parse( char *psk_string )
940{
941 psk_entry *cur = NULL, *new = NULL;
942 char *p = psk_string;
943 char *end = p;
944 char *key_hex;
945
946 while( *end != '\0' )
947 ++end;
948 *end = ',';
949
950 while( p <= end )
951 {
952 if( ( new = mbedtls_calloc( 1, sizeof( psk_entry ) ) ) == NULL )
953 goto error;
954
955 memset( new, 0, sizeof( psk_entry ) );
956
957 GET_ITEM( new->name );
958 GET_ITEM( key_hex );
959
960 if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
961 goto error;
962
963 new->next = cur;
964 cur = new;
965 }
966
967 return( cur );
968
969error:
970 psk_free( new );
971 psk_free( cur );
972 return( 0 );
973}
974
975/*
976 * PSK callback
977 */
978int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
979 const unsigned char *name, size_t name_len )
980{
981 psk_entry *cur = (psk_entry *) p_info;
982
983 while( cur != NULL )
984 {
985 if( name_len == strlen( cur->name ) &&
986 memcmp( name, cur->name, name_len ) == 0 )
987 {
988#if defined(MBEDTLS_USE_PSA_CRYPTO)
989 if( cur->slot != 0 )
990 return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
991 else
992#endif
993 return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
994 }
995
996 cur = cur->next;
997 }
998
999 return( -1 );
1000}
1001#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
1002
1003static mbedtls_net_context listen_fd, client_fd;
1004
1005/* Interruption handler to ensure clean exit (for valgrind testing) */
1006#if !defined(_WIN32)
1007static int received_sigterm = 0;
1008void term_handler( int sig )
1009{
1010 ((void) sig);
1011 received_sigterm = 1;
1012 mbedtls_net_free( &listen_fd ); /* causes mbedtls_net_accept() to abort */
1013 mbedtls_net_free( &client_fd ); /* causes net_read() to abort */
1014}
1015#endif
1016
1017#if defined(MBEDTLS_X509_CRT_PARSE_C)
1018static int ssl_sig_hashes_for_test[] = {
1019#if defined(MBEDTLS_SHA512_C)
1020 MBEDTLS_MD_SHA512,
1021 MBEDTLS_MD_SHA384,
1022#endif
1023#if defined(MBEDTLS_SHA256_C)
1024 MBEDTLS_MD_SHA256,
1025 MBEDTLS_MD_SHA224,
1026#endif
1027#if defined(MBEDTLS_SHA1_C)
1028 /* Allow SHA-1 as we use it extensively in tests. */
1029 MBEDTLS_MD_SHA1,
1030#endif
1031 MBEDTLS_MD_NONE
1032};
1033#endif /* MBEDTLS_X509_CRT_PARSE_C */
1034
1035/** Return true if \p ret is a status code indicating that there is an
1036 * operation in progress on an SSL connection, and false if it indicates
1037 * success or a fatal error.
1038 *
1039 * The possible operations in progress are:
1040 *
1041 * - A read, when the SSL input buffer does not contain a full message.
1042 * - A write, when the SSL output buffer contains some data that has not
1043 * been sent over the network yet.
1044 * - An asynchronous callback that has not completed yet. */
1045static int mbedtls_status_is_ssl_in_progress( int ret )
1046{
1047 return( ret == MBEDTLS_ERR_SSL_WANT_READ ||
1048 ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
1049 ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1050}
1051
1052#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1053typedef struct
1054{
1055 mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */
1056 mbedtls_pk_context *pk; /*!< Private key */
1057 unsigned delay; /*!< Number of resume steps to go through */
1058 unsigned pk_owned : 1; /*!< Whether to free the pk object on exit */
1059} ssl_async_key_slot_t;
1060
1061typedef enum {
1062 SSL_ASYNC_INJECT_ERROR_NONE = 0, /*!< Let the callbacks succeed */
1063 SSL_ASYNC_INJECT_ERROR_START, /*!< Inject error during start */
1064 SSL_ASYNC_INJECT_ERROR_CANCEL, /*!< Close the connection after async start */
1065 SSL_ASYNC_INJECT_ERROR_RESUME, /*!< Inject error during resume */
1066#define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME
1067} ssl_async_inject_error_t;
1068
1069typedef struct
1070{
1071 ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */
1072 size_t slots_used;
1073 ssl_async_inject_error_t inject_error;
1074 int (*f_rng)(void *, unsigned char *, size_t);
1075 void *p_rng;
1076} ssl_async_key_context_t;
1077
1078int ssl_async_set_key( ssl_async_key_context_t *ctx,
1079 mbedtls_x509_crt *cert,
1080 mbedtls_pk_context *pk,
1081 int pk_take_ownership,
1082 unsigned delay )
1083{
1084 if( ctx->slots_used >= sizeof( ctx->slots ) / sizeof( *ctx->slots ) )
1085 return( -1 );
1086 ctx->slots[ctx->slots_used].cert = cert;
1087 ctx->slots[ctx->slots_used].pk = pk;
1088 ctx->slots[ctx->slots_used].delay = delay;
1089 ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership;
1090 ++ctx->slots_used;
1091 return( 0 );
1092}
1093
1094#define SSL_ASYNC_INPUT_MAX_SIZE 512
1095
1096typedef enum
1097{
1098 ASYNC_OP_SIGN,
1099 ASYNC_OP_DECRYPT,
1100} ssl_async_operation_type_t;
1101/* Note that the enum above and the array below need to be kept in sync!
1102 * `ssl_async_operation_names[op]` is the name of op for each value `op`
1103 * of type `ssl_async_operation_type_t`. */
1104static const char *const ssl_async_operation_names[] =
1105{
1106 "sign",
1107 "decrypt",
1108};
1109
1110typedef struct
1111{
1112 unsigned slot;
1113 ssl_async_operation_type_t operation_type;
1114 mbedtls_md_type_t md_alg;
1115 unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE];
1116 size_t input_len;
1117 unsigned remaining_delay;
1118} ssl_async_operation_context_t;
1119
1120static int ssl_async_start( mbedtls_ssl_context *ssl,
1121 mbedtls_x509_crt *cert,
1122 ssl_async_operation_type_t op_type,
1123 mbedtls_md_type_t md_alg,
1124 const unsigned char *input,
1125 size_t input_len )
1126{
1127 ssl_async_key_context_t *config_data =
1128 mbedtls_ssl_conf_get_async_config_data( ssl->conf );
1129 unsigned slot;
1130 ssl_async_operation_context_t *ctx = NULL;
1131 const char *op_name = ssl_async_operation_names[op_type];
1132
1133 {
1134 char dn[100];
1135 if( mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject ) > 0 )
1136 mbedtls_printf( "Async %s callback: looking for DN=%s\n",
1137 op_name, dn );
1138 }
1139
1140 /* Look for a private key that matches the public key in cert.
1141 * Since this test code has the private key inside Mbed TLS,
1142 * we call mbedtls_pk_check_pair to match a private key with the
1143 * public key. */
1144 for( slot = 0; slot < config_data->slots_used; slot++ )
1145 {
1146 if( mbedtls_pk_check_pair( &cert->pk,
1147 config_data->slots[slot].pk ) == 0 )
1148 break;
1149 }
1150 if( slot == config_data->slots_used )
1151 {
1152 mbedtls_printf( "Async %s callback: no key matches this certificate.\n",
1153 op_name );
1154 return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH );
1155 }
1156 mbedtls_printf( "Async %s callback: using key slot %u, delay=%u.\n",
1157 op_name, slot, config_data->slots[slot].delay );
1158
1159 if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START )
1160 {
1161 mbedtls_printf( "Async %s callback: injected error\n", op_name );
1162 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1163 }
1164
1165 if( input_len > SSL_ASYNC_INPUT_MAX_SIZE )
1166 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1167
1168 ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
1169 if( ctx == NULL )
1170 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
1171 ctx->slot = slot;
1172 ctx->operation_type = op_type;
1173 ctx->md_alg = md_alg;
1174 memcpy( ctx->input, input, input_len );
1175 ctx->input_len = input_len;
1176 ctx->remaining_delay = config_data->slots[slot].delay;
1177 mbedtls_ssl_set_async_operation_data( ssl, ctx );
1178
1179 if( ctx->remaining_delay == 0 )
1180 return( 0 );
1181 else
1182 return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1183}
1184
1185static int ssl_async_sign( mbedtls_ssl_context *ssl,
1186 mbedtls_x509_crt *cert,
1187 mbedtls_md_type_t md_alg,
1188 const unsigned char *hash,
1189 size_t hash_len )
1190{
1191 return( ssl_async_start( ssl, cert,
1192 ASYNC_OP_SIGN, md_alg,
1193 hash, hash_len ) );
1194}
1195
1196static int ssl_async_decrypt( mbedtls_ssl_context *ssl,
1197 mbedtls_x509_crt *cert,
1198 const unsigned char *input,
1199 size_t input_len )
1200{
1201 return( ssl_async_start( ssl, cert,
1202 ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
1203 input, input_len ) );
1204}
1205
1206static int ssl_async_resume( mbedtls_ssl_context *ssl,
1207 unsigned char *output,
1208 size_t *output_len,
1209 size_t output_size )
1210{
1211 ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
1212 ssl_async_key_context_t *config_data =
1213 mbedtls_ssl_conf_get_async_config_data( ssl->conf );
1214 ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
1215 int ret;
1216 const char *op_name;
1217
1218 if( ctx->remaining_delay > 0 )
1219 {
1220 --ctx->remaining_delay;
1221 mbedtls_printf( "Async resume (slot %u): call %u more times.\n",
1222 ctx->slot, ctx->remaining_delay );
1223 return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1224 }
1225
1226 switch( ctx->operation_type )
1227 {
1228 case ASYNC_OP_DECRYPT:
1229 ret = mbedtls_pk_decrypt( key_slot->pk,
1230 ctx->input, ctx->input_len,
1231 output, output_len, output_size,
1232 config_data->f_rng, config_data->p_rng );
1233 break;
1234 case ASYNC_OP_SIGN:
1235 ret = mbedtls_pk_sign( key_slot->pk,
1236 ctx->md_alg,
1237 ctx->input, ctx->input_len,
1238 output, output_len,
1239 config_data->f_rng, config_data->p_rng );
1240 break;
1241 default:
1242 mbedtls_printf( "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n",
1243 ctx->slot, (long) ctx->operation_type );
1244 mbedtls_free( ctx );
1245 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1246 break;
1247 }
1248
1249 op_name = ssl_async_operation_names[ctx->operation_type];
1250
1251 if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
1252 {
1253 mbedtls_printf( "Async resume callback: %s done but injected error\n",
1254 op_name );
1255 mbedtls_free( ctx );
1256 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1257 }
1258
1259 mbedtls_printf( "Async resume (slot %u): %s done, status=%d.\n",
1260 ctx->slot, op_name, ret );
1261 mbedtls_free( ctx );
1262 return( ret );
1263}
1264
1265static void ssl_async_cancel( mbedtls_ssl_context *ssl )
1266{
1267 ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
1268 mbedtls_printf( "Async cancel callback.\n" );
1269 mbedtls_free( ctx );
1270}
1271#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1272
1273/*
1274 * Wait for an event from the underlying transport or the timer
1275 * (Used in event-driven IO mode).
1276 */
1277#if !defined(MBEDTLS_TIMING_C)
1278int idle( mbedtls_net_context *fd,
1279 int idle_reason )
1280#else
1281int idle( mbedtls_net_context *fd,
1282 mbedtls_timing_delay_context *timer,
1283 int idle_reason )
1284#endif
1285{
1286 int ret;
1287 int poll_type = 0;
1288
1289 if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
1290 poll_type = MBEDTLS_NET_POLL_WRITE;
1291 else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
1292 poll_type = MBEDTLS_NET_POLL_READ;
1293#if !defined(MBEDTLS_TIMING_C)
1294 else
1295 return( 0 );
1296#endif
1297
1298 while( 1 )
1299 {
1300 /* Check if timer has expired */
1301#if defined(MBEDTLS_TIMING_C)
1302 if( timer != NULL &&
1303 mbedtls_timing_get_delay( timer ) == 2 )
1304 {
1305 break;
1306 }
1307#endif /* MBEDTLS_TIMING_C */
1308
1309 /* Check if underlying transport became available */
1310 if( poll_type != 0 )
1311 {
1312 ret = mbedtls_net_poll( fd, poll_type, 0 );
1313 if( ret < 0 )
1314 return( ret );
1315 if( ret == poll_type )
1316 break;
1317 }
1318 }
1319
1320 return( 0 );
1321}
1322
1323#if defined(MBEDTLS_USE_PSA_CRYPTO)
1324static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
1325 psa_algorithm_t alg,
1326 unsigned char *psk,
1327 size_t psk_len )
1328{
1329 psa_status_t status;
1330 psa_key_policy_t policy;
1331
1332 policy = psa_key_policy_init();
1333 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
1334
1335 status = psa_set_key_policy( slot, &policy );
1336 if( status != PSA_SUCCESS )
1337 {
1338 fprintf( stderr, "POLICY\n" );
1339 return( status );
1340 }
1341
1342 status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
1343 if( status != PSA_SUCCESS )
1344 {
1345 fprintf( stderr, "IMPORT\n" );
1346 return( status );
1347 }
1348
1349 return( PSA_SUCCESS );
1350}
1351#endif /* MBEDTLS_USE_PSA_CRYPTO */
1352
1353int main( int argc, char *argv[] )
1354{
1355 int ret = 0, len, written, frags, exchanges_left;
1356 int version_suites[4][2];
1357 unsigned char* buf = 0;
1358#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1359#if defined(MBEDTLS_USE_PSA_CRYPTO)
1360 psa_algorithm_t alg = 0;
1361 psa_key_handle_t psk_slot = 0;
1362#endif /* MBEDTLS_USE_PSA_CRYPTO */
1363 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
1364 size_t psk_len = 0;
1365 psk_entry *psk_info = NULL;
1366#endif
1367 const char *pers = "ssl_server2";
1368 unsigned char client_ip[16] = { 0 };
1369 size_t cliip_len;
1370#if defined(MBEDTLS_SSL_COOKIE_C)
1371 mbedtls_ssl_cookie_ctx cookie_ctx;
1372#endif
1373
1374#if defined(MBEDTLS_X509_CRT_PARSE_C)
1375 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
1376#endif
1377 mbedtls_entropy_context entropy;
1378 mbedtls_ctr_drbg_context ctr_drbg;
1379 mbedtls_ssl_context ssl;
1380 mbedtls_ssl_config conf;
1381#if defined(MBEDTLS_TIMING_C)
1382 mbedtls_timing_delay_context timer;
1383#endif
1384#if defined(MBEDTLS_SSL_RENEGOTIATION)
1385 unsigned char renego_period[8] = { 0 };
1386#endif
1387#if defined(MBEDTLS_X509_CRT_PARSE_C)
1388 uint32_t flags;
1389 mbedtls_x509_crt cacert;
1390 mbedtls_x509_crt srvcert;
1391 mbedtls_pk_context pkey;
1392 mbedtls_x509_crt srvcert2;
1393 mbedtls_pk_context pkey2;
1394 int key_cert_init = 0, key_cert_init2 = 0;
1395#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1396 ssl_async_key_context_t ssl_async_keys;
1397#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1398#endif /* MBEDTLS_X509_CRT_PARSE_C */
1399#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
1400 mbedtls_dhm_context dhm;
1401#endif
1402#if defined(MBEDTLS_SSL_CACHE_C)
1403 mbedtls_ssl_cache_context cache;
1404#endif
1405#if defined(MBEDTLS_SSL_SESSION_TICKETS)
1406 mbedtls_ssl_ticket_context ticket_ctx;
1407#endif
1408#if defined(SNI_OPTION)
1409 sni_entry *sni_info = NULL;
1410#endif
1411#if defined(MBEDTLS_ECP_C)
1412 mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
1413 const mbedtls_ecp_curve_info * curve_cur;
1414#endif
1415#if defined(MBEDTLS_SSL_ALPN)
1416 const char *alpn_list[ALPN_LIST_SIZE];
1417#endif
1418#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
1419 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
1420#endif
1421
1422 int i;
1423 char *p, *q;
1424 const int *list;
1425#if defined(MBEDTLS_USE_PSA_CRYPTO)
1426 psa_status_t status;
1427#endif
1428
1429#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
1430 mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
1431#endif
1432
1433 /*
1434 * Make sure memory references are valid in case we exit early.
1435 */
1436 mbedtls_net_init( &client_fd );
1437 mbedtls_net_init( &listen_fd );
1438 mbedtls_ssl_init( &ssl );
1439 mbedtls_ssl_config_init( &conf );
1440 mbedtls_ctr_drbg_init( &ctr_drbg );
1441#if defined(MBEDTLS_X509_CRT_PARSE_C)
1442 mbedtls_x509_crt_init( &cacert );
1443 mbedtls_x509_crt_init( &srvcert );
1444 mbedtls_pk_init( &pkey );
1445 mbedtls_x509_crt_init( &srvcert2 );
1446 mbedtls_pk_init( &pkey2 );
1447#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1448 memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
1449#endif
1450#endif
1451#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
1452 mbedtls_dhm_init( &dhm );
1453#endif
1454#if defined(MBEDTLS_SSL_CACHE_C)
1455 mbedtls_ssl_cache_init( &cache );
1456#endif
1457#if defined(MBEDTLS_SSL_SESSION_TICKETS)
1458 mbedtls_ssl_ticket_init( &ticket_ctx );
1459#endif
1460#if defined(MBEDTLS_SSL_ALPN)
1461 memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
1462#endif
1463#if defined(MBEDTLS_SSL_COOKIE_C)
1464 mbedtls_ssl_cookie_init( &cookie_ctx );
1465#endif
1466
1467#if defined(MBEDTLS_USE_PSA_CRYPTO)
1468 status = psa_crypto_init();
1469 if( status != PSA_SUCCESS )
1470 {
1471 mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
1472 (int) status );
1473 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1474 goto exit;
1475 }
1476#endif
1477
1478#if !defined(_WIN32)
1479 /* Abort cleanly on SIGTERM and SIGINT */
1480 signal( SIGTERM, term_handler );
1481 signal( SIGINT, term_handler );
1482#endif
1483
1484 if( argc == 0 )
1485 {
1486 usage:
1487 if( ret == 0 )
1488 ret = 1;
1489
1490 mbedtls_printf( USAGE );
1491
1492 list = mbedtls_ssl_list_ciphersuites();
1493 while( *list )
1494 {
1495 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
1496 list++;
1497 if( !*list )
1498 break;
1499 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
1500 list++;
1501 }
1502 mbedtls_printf("\n");
1503 goto exit;
1504 }
1505
1506 opt.buffer_size = DFL_IO_BUF_LEN;
1507 opt.server_addr = DFL_SERVER_ADDR;
1508 opt.server_port = DFL_SERVER_PORT;
1509 opt.debug_level = DFL_DEBUG_LEVEL;
1510 opt.event = DFL_EVENT;
1511 opt.response_size = DFL_RESPONSE_SIZE;
1512 opt.nbio = DFL_NBIO;
1513 opt.read_timeout = DFL_READ_TIMEOUT;
1514 opt.ca_file = DFL_CA_FILE;
1515 opt.ca_path = DFL_CA_PATH;
1516 opt.crt_file = DFL_CRT_FILE;
1517 opt.key_file = DFL_KEY_FILE;
1518 opt.crt_file2 = DFL_CRT_FILE2;
1519 opt.key_file2 = DFL_KEY_FILE2;
1520 opt.async_operations = DFL_ASYNC_OPERATIONS;
1521 opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
1522 opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
1523 opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
1524 opt.psk = DFL_PSK;
1525#if defined(MBEDTLS_USE_PSA_CRYPTO)
1526 opt.psk_opaque = DFL_PSK_OPAQUE;
1527 opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
1528#endif
1529#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1530 opt.ca_callback = DFL_CA_CALLBACK;
1531#endif
1532 opt.psk_identity = DFL_PSK_IDENTITY;
1533 opt.psk_list = DFL_PSK_LIST;
1534 opt.ecjpake_pw = DFL_ECJPAKE_PW;
1535 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
1536 opt.version_suites = DFL_VERSION_SUITES;
1537 opt.renegotiation = DFL_RENEGOTIATION;
1538 opt.allow_legacy = DFL_ALLOW_LEGACY;
1539 opt.renegotiate = DFL_RENEGOTIATE;
1540 opt.renego_delay = DFL_RENEGO_DELAY;
1541 opt.renego_period = DFL_RENEGO_PERIOD;
1542 opt.exchanges = DFL_EXCHANGES;
1543 opt.min_version = DFL_MIN_VERSION;
1544 opt.max_version = DFL_MAX_VERSION;
1545 opt.arc4 = DFL_ARC4;
1546 opt.allow_sha1 = DFL_SHA1;
1547 opt.auth_mode = DFL_AUTH_MODE;
1548 opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
1549 opt.mfl_code = DFL_MFL_CODE;
1550 opt.trunc_hmac = DFL_TRUNC_HMAC;
1551 opt.tickets = DFL_TICKETS;
1552 opt.ticket_timeout = DFL_TICKET_TIMEOUT;
1553 opt.cache_max = DFL_CACHE_MAX;
1554 opt.cache_timeout = DFL_CACHE_TIMEOUT;
1555 opt.sni = DFL_SNI;
1556 opt.alpn_string = DFL_ALPN_STRING;
1557 opt.curves = DFL_CURVES;
1558 opt.dhm_file = DFL_DHM_FILE;
1559 opt.transport = DFL_TRANSPORT;
1560 opt.cookies = DFL_COOKIES;
1561 opt.anti_replay = DFL_ANTI_REPLAY;
1562 opt.hs_to_min = DFL_HS_TO_MIN;
1563 opt.hs_to_max = DFL_HS_TO_MAX;
1564 opt.dtls_mtu = DFL_DTLS_MTU;
1565 opt.dgram_packing = DFL_DGRAM_PACKING;
1566 opt.badmac_limit = DFL_BADMAC_LIMIT;
1567 opt.extended_ms = DFL_EXTENDED_MS;
1568 opt.etm = DFL_ETM;
1569
1570 for( i = 1; i < argc; i++ )
1571 {
1572 p = argv[i];
1573 if( ( q = strchr( p, '=' ) ) == NULL )
1574 goto usage;
1575 *q++ = '\0';
1576
1577 if( strcmp( p, "server_port" ) == 0 )
1578 opt.server_port = q;
1579 else if( strcmp( p, "server_addr" ) == 0 )
1580 opt.server_addr = q;
1581 else if( strcmp( p, "dtls" ) == 0 )
1582 {
1583 int t = atoi( q );
1584 if( t == 0 )
1585 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
1586 else if( t == 1 )
1587 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1588 else
1589 goto usage;
1590 }
1591 else if( strcmp( p, "debug_level" ) == 0 )
1592 {
1593 opt.debug_level = atoi( q );
1594 if( opt.debug_level < 0 || opt.debug_level > 65535 )
1595 goto usage;
1596 }
1597 else if( strcmp( p, "nbio" ) == 0 )
1598 {
1599 opt.nbio = atoi( q );
1600 if( opt.nbio < 0 || opt.nbio > 2 )
1601 goto usage;
1602 }
1603 else if( strcmp( p, "event" ) == 0 )
1604 {
1605 opt.event = atoi( q );
1606 if( opt.event < 0 || opt.event > 2 )
1607 goto usage;
1608 }
1609 else if( strcmp( p, "read_timeout" ) == 0 )
1610 opt.read_timeout = atoi( q );
1611 else if( strcmp( p, "buffer_size" ) == 0 )
1612 {
1613 opt.buffer_size = atoi( q );
1614 if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
1615 goto usage;
1616 }
1617 else if( strcmp( p, "response_size" ) == 0 )
1618 {
1619 opt.response_size = atoi( q );
1620 if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
1621 goto usage;
1622 if( opt.buffer_size < opt.response_size )
1623 opt.buffer_size = opt.response_size;
1624 }
1625 else if( strcmp( p, "ca_file" ) == 0 )
1626 opt.ca_file = q;
1627 else if( strcmp( p, "ca_path" ) == 0 )
1628 opt.ca_path = q;
1629 else if( strcmp( p, "crt_file" ) == 0 )
1630 opt.crt_file = q;
1631 else if( strcmp( p, "key_file" ) == 0 )
1632 opt.key_file = q;
1633 else if( strcmp( p, "crt_file2" ) == 0 )
1634 opt.crt_file2 = q;
1635 else if( strcmp( p, "key_file2" ) == 0 )
1636 opt.key_file2 = q;
1637 else if( strcmp( p, "dhm_file" ) == 0 )
1638 opt.dhm_file = q;
1639#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1640 else if( strcmp( p, "async_operations" ) == 0 )
1641 opt.async_operations = q;
1642 else if( strcmp( p, "async_private_delay1" ) == 0 )
1643 opt.async_private_delay1 = atoi( q );
1644 else if( strcmp( p, "async_private_delay2" ) == 0 )
1645 opt.async_private_delay2 = atoi( q );
1646 else if( strcmp( p, "async_private_error" ) == 0 )
1647 {
1648 int n = atoi( q );
1649 if( n < -SSL_ASYNC_INJECT_ERROR_MAX ||
1650 n > SSL_ASYNC_INJECT_ERROR_MAX )
1651 {
1652 ret = 2;
1653 goto usage;
1654 }
1655 opt.async_private_error = n;
1656 }
1657#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1658 else if( strcmp( p, "psk" ) == 0 )
1659 opt.psk = q;
1660#if defined(MBEDTLS_USE_PSA_CRYPTO)
1661 else if( strcmp( p, "psk_opaque" ) == 0 )
1662 opt.psk_opaque = atoi( q );
1663 else if( strcmp( p, "psk_list_opaque" ) == 0 )
1664 opt.psk_list_opaque = atoi( q );
1665#endif
1666#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1667 else if( strcmp( p, "ca_callback" ) == 0)
1668 opt.ca_callback = atoi( q );
1669#endif
1670 else if( strcmp( p, "psk_identity" ) == 0 )
1671 opt.psk_identity = q;
1672 else if( strcmp( p, "psk_list" ) == 0 )
1673 opt.psk_list = q;
1674 else if( strcmp( p, "ecjpake_pw" ) == 0 )
1675 opt.ecjpake_pw = q;
1676 else if( strcmp( p, "force_ciphersuite" ) == 0 )
1677 {
1678 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
1679
1680 if( opt.force_ciphersuite[0] == 0 )
1681 {
1682 ret = 2;
1683 goto usage;
1684 }
1685 opt.force_ciphersuite[1] = 0;
1686 }
1687 else if( strcmp( p, "curves" ) == 0 )
1688 opt.curves = q;
1689 else if( strcmp( p, "version_suites" ) == 0 )
1690 opt.version_suites = q;
1691 else if( strcmp( p, "renegotiation" ) == 0 )
1692 {
1693 opt.renegotiation = (atoi( q )) ?
1694 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1695 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1696 }
1697 else if( strcmp( p, "allow_legacy" ) == 0 )
1698 {
1699 switch( atoi( q ) )
1700 {
1701 case -1:
1702 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1703 break;
1704 case 0:
1705 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1706 break;
1707 case 1:
1708 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1709 break;
1710 default: goto usage;
1711 }
1712 }
1713 else if( strcmp( p, "renegotiate" ) == 0 )
1714 {
1715 opt.renegotiate = atoi( q );
1716 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
1717 goto usage;
1718 }
1719 else if( strcmp( p, "renego_delay" ) == 0 )
1720 {
1721 opt.renego_delay = atoi( q );
1722 }
1723 else if( strcmp( p, "renego_period" ) == 0 )
1724 {
1725#if defined(_MSC_VER)
1726 opt.renego_period = _strtoui64( q, NULL, 10 );
1727#else
1728 if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
1729 goto usage;
1730#endif /* _MSC_VER */
1731 if( opt.renego_period < 2 )
1732 goto usage;
1733 }
1734 else if( strcmp( p, "exchanges" ) == 0 )
1735 {
1736 opt.exchanges = atoi( q );
1737 if( opt.exchanges < 0 )
1738 goto usage;
1739 }
1740 else if( strcmp( p, "min_version" ) == 0 )
1741 {
1742 if( strcmp( q, "ssl3" ) == 0 )
1743 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1744 else if( strcmp( q, "tls1" ) == 0 )
1745 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1746 else if( strcmp( q, "tls1_1" ) == 0 ||
1747 strcmp( q, "dtls1" ) == 0 )
1748 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1749 else if( strcmp( q, "tls1_2" ) == 0 ||
1750 strcmp( q, "dtls1_2" ) == 0 )
1751 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1752 else
1753 goto usage;
1754 }
1755 else if( strcmp( p, "max_version" ) == 0 )
1756 {
1757 if( strcmp( q, "ssl3" ) == 0 )
1758 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1759 else if( strcmp( q, "tls1" ) == 0 )
1760 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1761 else if( strcmp( q, "tls1_1" ) == 0 ||
1762 strcmp( q, "dtls1" ) == 0 )
1763 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1764 else if( strcmp( q, "tls1_2" ) == 0 ||
1765 strcmp( q, "dtls1_2" ) == 0 )
1766 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1767 else
1768 goto usage;
1769 }
1770 else if( strcmp( p, "arc4" ) == 0 )
1771 {
1772 switch( atoi( q ) )
1773 {
1774 case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
1775 case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
1776 default: goto usage;
1777 }
1778 }
1779 else if( strcmp( p, "allow_sha1" ) == 0 )
1780 {
1781 switch( atoi( q ) )
1782 {
1783 case 0: opt.allow_sha1 = 0; break;
1784 case 1: opt.allow_sha1 = 1; break;
1785 default: goto usage;
1786 }
1787 }
1788 else if( strcmp( p, "force_version" ) == 0 )
1789 {
1790 if( strcmp( q, "ssl3" ) == 0 )
1791 {
1792 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1793 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1794 }
1795 else if( strcmp( q, "tls1" ) == 0 )
1796 {
1797 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1798 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1799 }
1800 else if( strcmp( q, "tls1_1" ) == 0 )
1801 {
1802 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1803 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1804 }
1805 else if( strcmp( q, "tls1_2" ) == 0 )
1806 {
1807 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1808 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1809 }
1810 else if( strcmp( q, "dtls1" ) == 0 )
1811 {
1812 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1813 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1814 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1815 }
1816 else if( strcmp( q, "dtls1_2" ) == 0 )
1817 {
1818 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1819 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1820 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1821 }
1822 else
1823 goto usage;
1824 }
1825 else if( strcmp( p, "auth_mode" ) == 0 )
1826 {
1827 if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
1828 goto usage;
1829 }
1830 else if( strcmp( p, "cert_req_ca_list" ) == 0 )
1831 {
1832 opt.cert_req_ca_list = atoi( q );
1833 if( opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1 )
1834 goto usage;
1835 }
1836 else if( strcmp( p, "max_frag_len" ) == 0 )
1837 {
1838 if( strcmp( q, "512" ) == 0 )
1839 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1840 else if( strcmp( q, "1024" ) == 0 )
1841 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1842 else if( strcmp( q, "2048" ) == 0 )
1843 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1844 else if( strcmp( q, "4096" ) == 0 )
1845 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1846 else
1847 goto usage;
1848 }
1849 else if( strcmp( p, "alpn" ) == 0 )
1850 {
1851 opt.alpn_string = q;
1852 }
1853 else if( strcmp( p, "trunc_hmac" ) == 0 )
1854 {
1855 switch( atoi( q ) )
1856 {
1857 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1858 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1859 default: goto usage;
1860 }
1861 }
1862 else if( strcmp( p, "extended_ms" ) == 0 )
1863 {
1864 switch( atoi( q ) )
1865 {
1866 case 0:
1867 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1868 break;
1869 case 1:
1870 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1871 break;
1872 default: goto usage;
1873 }
1874 }
1875 else if( strcmp( p, "etm" ) == 0 )
1876 {
1877 switch( atoi( q ) )
1878 {
1879 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1880 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1881 default: goto usage;
1882 }
1883 }
1884 else if( strcmp( p, "tickets" ) == 0 )
1885 {
1886 opt.tickets = atoi( q );
1887 if( opt.tickets < 0 || opt.tickets > 1 )
1888 goto usage;
1889 }
1890 else if( strcmp( p, "ticket_timeout" ) == 0 )
1891 {
1892 opt.ticket_timeout = atoi( q );
1893 if( opt.ticket_timeout < 0 )
1894 goto usage;
1895 }
1896 else if( strcmp( p, "cache_max" ) == 0 )
1897 {
1898 opt.cache_max = atoi( q );
1899 if( opt.cache_max < 0 )
1900 goto usage;
1901 }
1902 else if( strcmp( p, "cache_timeout" ) == 0 )
1903 {
1904 opt.cache_timeout = atoi( q );
1905 if( opt.cache_timeout < 0 )
1906 goto usage;
1907 }
1908 else if( strcmp( p, "cookies" ) == 0 )
1909 {
1910 opt.cookies = atoi( q );
1911 if( opt.cookies < -1 || opt.cookies > 1)
1912 goto usage;
1913 }
1914 else if( strcmp( p, "anti_replay" ) == 0 )
1915 {
1916 opt.anti_replay = atoi( q );
1917 if( opt.anti_replay < 0 || opt.anti_replay > 1)
1918 goto usage;
1919 }
1920 else if( strcmp( p, "badmac_limit" ) == 0 )
1921 {
1922 opt.badmac_limit = atoi( q );
1923 if( opt.badmac_limit < 0 )
1924 goto usage;
1925 }
1926 else if( strcmp( p, "hs_timeout" ) == 0 )
1927 {
1928 if( ( p = strchr( q, '-' ) ) == NULL )
1929 goto usage;
1930 *p++ = '\0';
1931 opt.hs_to_min = atoi( q );
1932 opt.hs_to_max = atoi( p );
1933 if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
1934 goto usage;
1935 }
1936 else if( strcmp( p, "mtu" ) == 0 )
1937 {
1938 opt.dtls_mtu = atoi( q );
1939 if( opt.dtls_mtu < 0 )
1940 goto usage;
1941 }
1942 else if( strcmp( p, "dgram_packing" ) == 0 )
1943 {
1944 opt.dgram_packing = atoi( q );
1945 if( opt.dgram_packing != 0 &&
1946 opt.dgram_packing != 1 )
1947 {
1948 goto usage;
1949 }
1950 }
1951 else if( strcmp( p, "sni" ) == 0 )
1952 {
1953 opt.sni = q;
1954 }
1955 else if( strcmp( p, "query_config" ) == 0 )
1956 {
1957 return query_config( q );
1958 }
1959 else
1960 goto usage;
1961 }
1962
1963 /* Event-driven IO is incompatible with the above custom
1964 * receive and send functions, as the polling builds on
1965 * refers to the underlying net_context. */
1966 if( opt.event == 1 && opt.nbio != 1 )
1967 {
1968 mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
1969 opt.nbio = 1;
1970 }
1971
1972#if defined(MBEDTLS_DEBUG_C)
1973 mbedtls_debug_set_threshold( opt.debug_level );
1974#endif
1975 buf = mbedtls_calloc( 1, opt.buffer_size + 1 );
1976 if( buf == NULL )
1977 {
1978 mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size );
1979 ret = 3;
1980 goto exit;
1981 }
1982
1983#if defined(MBEDTLS_USE_PSA_CRYPTO)
1984 if( opt.psk_opaque != 0 )
1985 {
1986 if( strlen( opt.psk ) == 0 )
1987 {
1988 mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
1989 ret = 2;
1990 goto usage;
1991 }
1992
1993 if( opt.force_ciphersuite[0] <= 0 )
1994 {
1995 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1996 ret = 2;
1997 goto usage;
1998 }
1999 }
2000
2001 if( opt.psk_list_opaque != 0 )
2002 {
2003 if( opt.psk_list == NULL )
2004 {
2005 mbedtls_printf( "psk_slot set but no psk to be imported specified.\n" );
2006 ret = 2;
2007 goto usage;
2008 }
2009
2010 if( opt.force_ciphersuite[0] <= 0 )
2011 {
2012 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
2013 ret = 2;
2014 goto usage;
2015 }
2016 }
2017#endif /* MBEDTLS_USE_PSA_CRYPTO */
2018
2019 if( opt.force_ciphersuite[0] > 0 )
2020 {
2021 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2022 ciphersuite_info =
2023 mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
2024
2025 if( opt.max_version != -1 &&
2026 ciphersuite_info->min_minor_ver > opt.max_version )
2027 {
2028 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
2029 ret = 2;
2030 goto usage;
2031 }
2032 if( opt.min_version != -1 &&
2033 ciphersuite_info->max_minor_ver < opt.min_version )
2034 {
2035 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
2036 ret = 2;
2037 goto usage;
2038 }
2039
2040 /* If we select a version that's not supported by
2041 * this suite, then there will be no common ciphersuite... */
2042 if( opt.max_version == -1 ||
2043 opt.max_version > ciphersuite_info->max_minor_ver )
2044 {
2045 opt.max_version = ciphersuite_info->max_minor_ver;
2046 }
2047 if( opt.min_version < ciphersuite_info->min_minor_ver )
2048 {
2049 opt.min_version = ciphersuite_info->min_minor_ver;
2050 /* DTLS starts with TLS 1.1 */
2051 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
2052 opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
2053 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
2054 }
2055
2056 /* Enable RC4 if needed and not explicitly disabled */
2057 if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
2058 {
2059 if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
2060 {
2061 mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
2062 ret = 2;
2063 goto usage;
2064 }
2065
2066 opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
2067 }
2068
2069#if defined(MBEDTLS_USE_PSA_CRYPTO)
2070 if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
2071 {
2072 /* Ensure that the chosen ciphersuite is PSK-only; we must know
2073 * the ciphersuite in advance to set the correct policy for the
2074 * PSK key slot. This limitation might go away in the future. */
2075 if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
2076 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
2077 {
2078 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
2079 ret = 2;
2080 goto usage;
2081 }
2082
2083 /* Determine KDF algorithm the opaque PSK will be used in. */
2084#if defined(MBEDTLS_SHA512_C)
2085 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
2086 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
2087 else
2088#endif /* MBEDTLS_SHA512_C */
2089 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
2090 }
2091#endif /* MBEDTLS_USE_PSA_CRYPTO */
2092 }
2093
2094 if( opt.version_suites != NULL )
2095 {
2096 const char *name[4] = { 0 };
2097
2098 /* Parse 4-element coma-separated list */
2099 for( i = 0, p = (char *) opt.version_suites;
2100 i < 4 && *p != '\0';
2101 i++ )
2102 {
2103 name[i] = p;
2104
2105 /* Terminate the current string and move on to next one */
2106 while( *p != ',' && *p != '\0' )
2107 p++;
2108 if( *p == ',' )
2109 *p++ = '\0';
2110 }
2111
2112 if( i != 4 )
2113 {
2114 mbedtls_printf( "too few values for version_suites\n" );
2115 ret = 1;
2116 goto exit;
2117 }
2118
2119 memset( version_suites, 0, sizeof( version_suites ) );
2120
2121 /* Get the suites identifiers from their name */
2122 for( i = 0; i < 4; i++ )
2123 {
2124 version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
2125
2126 if( version_suites[i][0] == 0 )
2127 {
2128 mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
2129 ret = 2;
2130 goto usage;
2131 }
2132 }
2133 }
2134
2135#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2136 /*
2137 * Unhexify the pre-shared key and parse the list if any given
2138 */
2139 if( unhexify( psk, opt.psk, &psk_len ) != 0 )
2140 {
2141 mbedtls_printf( "pre-shared key not valid hex\n" );
2142 goto exit;
2143 }
2144
2145 if( opt.psk_list != NULL )
2146 {
2147 if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
2148 {
2149 mbedtls_printf( "psk_list invalid" );
2150 goto exit;
2151 }
2152 }
2153#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2154
2155#if defined(MBEDTLS_ECP_C)
2156 if( opt.curves != NULL )
2157 {
2158 p = (char *) opt.curves;
2159 i = 0;
2160
2161 if( strcmp( p, "none" ) == 0 )
2162 {
2163 curve_list[0] = MBEDTLS_ECP_DP_NONE;
2164 }
2165 else if( strcmp( p, "default" ) != 0 )
2166 {
2167 /* Leave room for a final NULL in curve list */
2168 while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
2169 {
2170 q = p;
2171
2172 /* Terminate the current string */
2173 while( *p != ',' && *p != '\0' )
2174 p++;
2175 if( *p == ',' )
2176 *p++ = '\0';
2177
2178 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
2179 {
2180 curve_list[i++] = curve_cur->grp_id;
2181 }
2182 else
2183 {
2184 mbedtls_printf( "unknown curve %s\n", q );
2185 mbedtls_printf( "supported curves: " );
2186 for( curve_cur = mbedtls_ecp_curve_list();
2187 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
2188 curve_cur++ )
2189 {
2190 mbedtls_printf( "%s ", curve_cur->name );
2191 }
2192 mbedtls_printf( "\n" );
2193 goto exit;
2194 }
2195 }
2196
2197 mbedtls_printf("Number of curves: %d\n", i );
2198
2199 if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
2200 {
2201 mbedtls_printf( "curves list too long, maximum %d",
2202 CURVE_LIST_SIZE - 1 );
2203 goto exit;
2204 }
2205
2206 curve_list[i] = MBEDTLS_ECP_DP_NONE;
2207 }
2208 }
2209#endif /* MBEDTLS_ECP_C */
2210
2211#if defined(MBEDTLS_SSL_ALPN)
2212 if( opt.alpn_string != NULL )
2213 {
2214 p = (char *) opt.alpn_string;
2215 i = 0;
2216
2217 /* Leave room for a final NULL in alpn_list */
2218 while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
2219 {
2220 alpn_list[i++] = p;
2221
2222 /* Terminate the current string and move on to next one */
2223 while( *p != ',' && *p != '\0' )
2224 p++;
2225 if( *p == ',' )
2226 *p++ = '\0';
2227 }
2228 }
2229#endif /* MBEDTLS_SSL_ALPN */
2230
2231 /*
2232 * 0. Initialize the RNG and the session data
2233 */
2234 mbedtls_printf( "\n . Seeding the random number generator..." );
2235 fflush( stdout );
2236
2237 mbedtls_entropy_init( &entropy );
2238 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
2239 &entropy, (const unsigned char *) pers,
2240 strlen( pers ) ) ) != 0 )
2241 {
2242 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
2243 -ret );
2244 goto exit;
2245 }
2246
2247 mbedtls_printf( " ok\n" );
2248
2249#if defined(MBEDTLS_X509_CRT_PARSE_C)
2250 /*
2251 * 1.1. Load the trusted CA
2252 */
2253 mbedtls_printf( " . Loading the CA root certificate ..." );
2254 fflush( stdout );
2255
2256#if defined(MBEDTLS_FS_IO)
2257 if( strlen( opt.ca_path ) )
2258 if( strcmp( opt.ca_path, "none" ) == 0 )
2259 ret = 0;
2260 else
2261 ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
2262 else if( strlen( opt.ca_file ) )
2263 if( strcmp( opt.ca_file, "none" ) == 0 )
2264 ret = 0;
2265 else
2266 ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
2267 else
2268#endif
2269#if defined(MBEDTLS_CERTS_C)
2270 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
2271 {
2272 ret = mbedtls_x509_crt_parse( &cacert,
2273 (const unsigned char *) mbedtls_test_cas[i],
2274 mbedtls_test_cas_len[i] );
2275 if( ret != 0 )
2276 break;
2277 }
2278#else
2279 {
2280 ret = 1;
2281 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
2282 }
2283#endif
2284 if( ret < 0 )
2285 {
2286 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
2287 goto exit;
2288 }
2289
2290 mbedtls_printf( " ok (%d skipped)\n", ret );
2291
2292 /*
2293 * 1.2. Load own certificate and private key
2294 */
2295 mbedtls_printf( " . Loading the server cert. and key..." );
2296 fflush( stdout );
2297
2298#if defined(MBEDTLS_FS_IO)
2299 if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
2300 {
2301 key_cert_init++;
2302 if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
2303 {
2304 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
2305 -ret );
2306 goto exit;
2307 }
2308 }
2309 if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
2310 {
2311 key_cert_init++;
2312 if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
2313 {
2314 mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret );
2315 goto exit;
2316 }
2317 }
2318 if( key_cert_init == 1 )
2319 {
2320 mbedtls_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
2321 goto exit;
2322 }
2323
2324 if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
2325 {
2326 key_cert_init2++;
2327 if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
2328 {
2329 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
2330 -ret );
2331 goto exit;
2332 }
2333 }
2334 if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
2335 {
2336 key_cert_init2++;
2337 if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
2338 {
2339 mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
2340 -ret );
2341 goto exit;
2342 }
2343 }
2344 if( key_cert_init2 == 1 )
2345 {
2346 mbedtls_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
2347 goto exit;
2348 }
2349#endif
2350 if( key_cert_init == 0 &&
2351 strcmp( opt.crt_file, "none" ) != 0 &&
2352 strcmp( opt.key_file, "none" ) != 0 &&
2353 key_cert_init2 == 0 &&
2354 strcmp( opt.crt_file2, "none" ) != 0 &&
2355 strcmp( opt.key_file2, "none" ) != 0 )
2356 {
2357#if !defined(MBEDTLS_CERTS_C)
2358 mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
2359 goto exit;
2360#else
2361#if defined(MBEDTLS_RSA_C)
2362 if( ( ret = mbedtls_x509_crt_parse( &srvcert,
2363 (const unsigned char *) mbedtls_test_srv_crt_rsa,
2364 mbedtls_test_srv_crt_rsa_len ) ) != 0 )
2365 {
2366 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
2367 -ret );
2368 goto exit;
2369 }
2370 if( ( ret = mbedtls_pk_parse_key( &pkey,
2371 (const unsigned char *) mbedtls_test_srv_key_rsa,
2372 mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
2373 {
2374 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
2375 -ret );
2376 goto exit;
2377 }
2378 key_cert_init = 2;
2379#endif /* MBEDTLS_RSA_C */
2380#if defined(MBEDTLS_ECDSA_C)
2381 if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
2382 (const unsigned char *) mbedtls_test_srv_crt_ec,
2383 mbedtls_test_srv_crt_ec_len ) ) != 0 )
2384 {
2385 mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
2386 -ret );
2387 goto exit;
2388 }
2389 if( ( ret = mbedtls_pk_parse_key( &pkey2,
2390 (const unsigned char *) mbedtls_test_srv_key_ec,
2391 mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
2392 {
2393 mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
2394 -ret );
2395 goto exit;
2396 }
2397 key_cert_init2 = 2;
2398#endif /* MBEDTLS_ECDSA_C */
2399#endif /* MBEDTLS_CERTS_C */
2400 }
2401
2402 mbedtls_printf( " ok\n" );
2403#endif /* MBEDTLS_X509_CRT_PARSE_C */
2404
2405#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
2406 if( opt.dhm_file != NULL )
2407 {
2408 mbedtls_printf( " . Loading DHM parameters..." );
2409 fflush( stdout );
2410
2411 if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
2412 {
2413 mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
2414 -ret );
2415 goto exit;
2416 }
2417
2418 mbedtls_printf( " ok\n" );
2419 }
2420#endif
2421
2422#if defined(SNI_OPTION)
2423 if( opt.sni != NULL )
2424 {
2425 mbedtls_printf( " . Setting up SNI information..." );
2426 fflush( stdout );
2427
2428 if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
2429 {
2430 mbedtls_printf( " failed\n" );
2431 goto exit;
2432 }
2433
2434 mbedtls_printf( " ok\n" );
2435 }
2436#endif /* SNI_OPTION */
2437
2438 /*
2439 * 2. Setup the listening TCP socket
2440 */
2441 mbedtls_printf( " . Bind on %s://%s:%s/ ...",
2442 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2443 opt.server_addr ? opt.server_addr : "*",
2444 opt.server_port );
2445 fflush( stdout );
2446
2447 if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
2448 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2449 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2450 {
2451 mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret );
2452 goto exit;
2453 }
2454
2455 mbedtls_printf( " ok\n" );
2456
2457 /*
2458 * 3. Setup stuff
2459 */
2460 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
2461 fflush( stdout );
2462
2463 if( ( ret = mbedtls_ssl_config_defaults( &conf,
2464 MBEDTLS_SSL_IS_SERVER,
2465 opt.transport,
2466 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
2467 {
2468 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
2469 goto exit;
2470 }
2471
2472#if defined(MBEDTLS_X509_CRT_PARSE_C)
2473 /* The default algorithms profile disables SHA-1, but our tests still
2474 rely on it heavily. Hence we allow it here. A real-world server
2475 should use the default profile unless there is a good reason not to. */
2476 if( opt.allow_sha1 > 0 )
2477 {
2478 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
2479 mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
2480 mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
2481 }
2482#endif /* MBEDTLS_X509_CRT_PARSE_C */
2483
2484 if( opt.auth_mode != DFL_AUTH_MODE )
2485 mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
2486
2487 if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
2488 mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
2489
2490#if defined(MBEDTLS_SSL_PROTO_DTLS)
2491 if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
2492 mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
2493
2494 if( opt.dgram_packing != DFL_DGRAM_PACKING )
2495 mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
2496#endif /* MBEDTLS_SSL_PROTO_DTLS */
2497
2498#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2499 if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
2500 {
2501 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
2502 goto exit;
2503 };
2504#endif
2505
2506#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2507 if( opt.trunc_hmac != DFL_TRUNC_HMAC )
2508 mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
2509#endif
2510
2511#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2512 if( opt.extended_ms != DFL_EXTENDED_MS )
2513 mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
2514#endif
2515
2516#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2517 if( opt.etm != DFL_ETM )
2518 mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
2519#endif
2520
2521#if defined(MBEDTLS_SSL_ALPN)
2522 if( opt.alpn_string != NULL )
2523 if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
2524 {
2525 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
2526 goto exit;
2527 }
2528#endif
2529
2530 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
2531 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
2532
2533#if defined(MBEDTLS_SSL_CACHE_C)
2534 if( opt.cache_max != -1 )
2535 mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
2536
2537 if( opt.cache_timeout != -1 )
2538 mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
2539
2540 mbedtls_ssl_conf_session_cache( &conf, &cache,
2541 mbedtls_ssl_cache_get,
2542 mbedtls_ssl_cache_set );
2543#endif
2544
2545#if defined(MBEDTLS_SSL_SESSION_TICKETS)
2546 if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
2547 {
2548 if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
2549 mbedtls_ctr_drbg_random, &ctr_drbg,
2550 MBEDTLS_CIPHER_AES_256_GCM,
2551 opt.ticket_timeout ) ) != 0 )
2552 {
2553 mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
2554 goto exit;
2555 }
2556
2557 mbedtls_ssl_conf_session_tickets_cb( &conf,
2558 mbedtls_ssl_ticket_write,
2559 mbedtls_ssl_ticket_parse,
2560 &ticket_ctx );
2561 }
2562#endif
2563
2564#if defined(MBEDTLS_SSL_PROTO_DTLS)
2565 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2566 {
2567#if defined(MBEDTLS_SSL_COOKIE_C)
2568 if( opt.cookies > 0 )
2569 {
2570 if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
2571 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
2572 {
2573 mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
2574 goto exit;
2575 }
2576
2577 mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
2578 &cookie_ctx );
2579 }
2580 else
2581#endif /* MBEDTLS_SSL_COOKIE_C */
2582#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
2583 if( opt.cookies == 0 )
2584 {
2585 mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
2586 }
2587 else
2588#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
2589 {
2590 ; /* Nothing to do */
2591 }
2592
2593#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2594 if( opt.anti_replay != DFL_ANTI_REPLAY )
2595 mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
2596#endif
2597
2598#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2599 if( opt.badmac_limit != DFL_BADMAC_LIMIT )
2600 mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
2601#endif
2602 }
2603#endif /* MBEDTLS_SSL_PROTO_DTLS */
2604
2605 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
2606 mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
2607
2608#if defined(MBEDTLS_ARC4_C)
2609 if( opt.arc4 != DFL_ARC4 )
2610 mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
2611#endif
2612
2613 if( opt.version_suites != NULL )
2614 {
2615 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
2616 MBEDTLS_SSL_MAJOR_VERSION_3,
2617 MBEDTLS_SSL_MINOR_VERSION_0 );
2618 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
2619 MBEDTLS_SSL_MAJOR_VERSION_3,
2620 MBEDTLS_SSL_MINOR_VERSION_1 );
2621 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
2622 MBEDTLS_SSL_MAJOR_VERSION_3,
2623 MBEDTLS_SSL_MINOR_VERSION_2 );
2624 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
2625 MBEDTLS_SSL_MAJOR_VERSION_3,
2626 MBEDTLS_SSL_MINOR_VERSION_3 );
2627 }
2628
2629 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
2630 mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
2631#if defined(MBEDTLS_SSL_RENEGOTIATION)
2632 mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
2633
2634 if( opt.renego_delay != DFL_RENEGO_DELAY )
2635 mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
2636
2637 if( opt.renego_period != DFL_RENEGO_PERIOD )
2638 {
2639 PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
2640 mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
2641 }
2642#endif
2643
2644#if defined(MBEDTLS_X509_CRT_PARSE_C)
2645 if( strcmp( opt.ca_path, "none" ) != 0 &&
2646 strcmp( opt.ca_file, "none" ) != 0 )
2647 {
2648#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2649 if( opt.ca_callback != 0 )
2650 mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert);
2651 else
2652#endif
2653 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
2654 }
2655 if( key_cert_init )
2656 {
2657 mbedtls_pk_context *pk = &pkey;
2658#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2659 if( opt.async_private_delay1 >= 0 )
2660 {
2661 ret = ssl_async_set_key( &ssl_async_keys, &srvcert, pk, 0,
2662 opt.async_private_delay1 );
2663 if( ret < 0 )
2664 {
2665 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
2666 ret );
2667 goto exit;
2668 }
2669 pk = NULL;
2670 }
2671#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2672 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
2673 {
2674 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
2675 goto exit;
2676 }
2677 }
2678 if( key_cert_init2 )
2679 {
2680 mbedtls_pk_context *pk = &pkey2;
2681#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2682 if( opt.async_private_delay2 >= 0 )
2683 {
2684 ret = ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, 0,
2685 opt.async_private_delay2 );
2686 if( ret < 0 )
2687 {
2688 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
2689 ret );
2690 goto exit;
2691 }
2692 pk = NULL;
2693 }
2694#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2695 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
2696 {
2697 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
2698 goto exit;
2699 }
2700 }
2701
2702#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2703 if( opt.async_operations[0] != '-' )
2704 {
2705 mbedtls_ssl_async_sign_t *sign = NULL;
2706 mbedtls_ssl_async_decrypt_t *decrypt = NULL;
2707 const char *r;
2708 for( r = opt.async_operations; *r; r++ )
2709 {
2710 switch( *r )
2711 {
2712 case 'd':
2713 decrypt = ssl_async_decrypt;
2714 break;
2715 case 's':
2716 sign = ssl_async_sign;
2717 break;
2718 }
2719 }
2720 ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
2721 - opt.async_private_error :
2722 opt.async_private_error );
2723 ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
2724 ssl_async_keys.p_rng = &ctr_drbg;
2725 mbedtls_ssl_conf_async_private_cb( &conf,
2726 sign,
2727 decrypt,
2728 ssl_async_resume,
2729 ssl_async_cancel,
2730 &ssl_async_keys );
2731 }
2732#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2733#endif /* MBEDTLS_X509_CRT_PARSE_C */
2734
2735#if defined(SNI_OPTION)
2736 if( opt.sni != NULL )
2737 {
2738 mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
2739#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2740 if( opt.async_private_delay2 >= 0 )
2741 {
2742 sni_entry *cur;
2743 for( cur = sni_info; cur != NULL; cur = cur->next )
2744 {
2745 ret = ssl_async_set_key( &ssl_async_keys,
2746 cur->cert, cur->key, 1,
2747 opt.async_private_delay2 );
2748 if( ret < 0 )
2749 {
2750 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
2751 ret );
2752 goto exit;
2753 }
2754 cur->key = NULL;
2755 }
2756 }
2757#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2758 }
2759#endif
2760
2761#if defined(MBEDTLS_ECP_C)
2762 if( opt.curves != NULL &&
2763 strcmp( opt.curves, "default" ) != 0 )
2764 {
2765 mbedtls_ssl_conf_curves( &conf, curve_list );
2766 }
2767#endif
2768
2769#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2770
2771 if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
2772 {
2773#if defined(MBEDTLS_USE_PSA_CRYPTO)
2774 if( opt.psk_opaque != 0 )
2775 {
2776 status = psa_allocate_key( &psk_slot );
2777 if( status != PSA_SUCCESS )
2778 {
2779 fprintf( stderr, "ALLOC FAIL\n" );
2780 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2781 goto exit;
2782 }
2783
2784 /* The algorithm has already been determined earlier. */
2785 status = psa_setup_psk_key_slot( psk_slot, alg, psk, psk_len );
2786 if( status != PSA_SUCCESS )
2787 {
2788 fprintf( stderr, "SETUP FAIL\n" );
2789 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2790 goto exit;
2791 }
2792 if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, psk_slot,
2793 (const unsigned char *) opt.psk_identity,
2794 strlen( opt.psk_identity ) ) ) != 0 )
2795 {
2796 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
2797 ret );
2798 goto exit;
2799 }
2800 }
2801 else
2802#endif /* MBEDTLS_USE_PSA_CRYPTO */
2803 if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
2804 (const unsigned char *) opt.psk_identity,
2805 strlen( opt.psk_identity ) ) ) != 0 )
2806 {
2807 mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
2808 goto exit;
2809 }
2810 }
2811
2812 if( opt.psk_list != NULL )
2813 {
2814#if defined(MBEDTLS_USE_PSA_CRYPTO)
2815 if( opt.psk_list_opaque != 0 )
2816 {
2817 psk_entry *cur_psk;
2818 for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
2819 {
2820 status = psa_allocate_key( &cur_psk->slot );
2821 if( status != PSA_SUCCESS )
2822 {
2823 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2824 goto exit;
2825 }
2826
2827 status = psa_setup_psk_key_slot( cur_psk->slot, alg,
2828 cur_psk->key,
2829 cur_psk->key_len );
2830 if( status != PSA_SUCCESS )
2831 {
2832 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2833 goto exit;
2834 }
2835 }
2836 }
2837#endif /* MBEDTLS_USE_PSA_CRYPTO */
2838
2839 mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
2840 }
2841#endif
2842
2843#if defined(MBEDTLS_DHM_C)
2844 /*
2845 * Use different group than default DHM group
2846 */
2847#if defined(MBEDTLS_FS_IO)
2848 if( opt.dhm_file != NULL )
2849 ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
2850#endif
2851 if( ret != 0 )
2852 {
2853 mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret );
2854 goto exit;
2855 }
2856#endif
2857
2858 if( opt.min_version != DFL_MIN_VERSION )
2859 mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
2860
2861 if( opt.max_version != DFL_MIN_VERSION )
2862 mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
2863
2864 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
2865 {
2866 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
2867 goto exit;
2868 }
2869
2870 if( opt.nbio == 2 )
2871 mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
2872 else
2873 mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
2874 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
2875
2876#if defined(MBEDTLS_SSL_PROTO_DTLS)
2877 if( opt.dtls_mtu != DFL_DTLS_MTU )
2878 mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
2879#endif
2880
2881#if defined(MBEDTLS_TIMING_C)
2882 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
2883 mbedtls_timing_get_delay );
2884#endif
2885
2886 mbedtls_printf( " ok\n" );
2887
2888reset:
2889#if !defined(_WIN32)
2890 if( received_sigterm )
2891 {
2892 mbedtls_printf( " interrupted by SIGTERM (not in net_accept())\n" );
2893 if( ret == MBEDTLS_ERR_NET_INVALID_CONTEXT )
2894 ret = 0;
2895
2896 goto exit;
2897 }
2898#endif
2899
2900 if( ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
2901 {
2902 mbedtls_printf( " ! Client initiated reconnection from same port\n" );
2903 goto handshake;
2904 }
2905
2906#ifdef MBEDTLS_ERROR_C
2907 if( ret != 0 )
2908 {
2909 char error_buf[100];
2910 mbedtls_strerror( ret, error_buf, 100 );
2911 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
2912 }
2913#endif
2914
2915 mbedtls_net_free( &client_fd );
2916
2917 mbedtls_ssl_session_reset( &ssl );
2918
2919 /*
2920 * 3. Wait until a client connects
2921 */
2922 mbedtls_printf( " . Waiting for a remote connection ..." );
2923 fflush( stdout );
2924
2925 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
2926 client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
2927 {
2928#if !defined(_WIN32)
2929 if( received_sigterm )
2930 {
2931 mbedtls_printf( " interrupted by SIGTERM (in net_accept())\n" );
2932 if( ret == MBEDTLS_ERR_NET_ACCEPT_FAILED )
2933 ret = 0;
2934
2935 goto exit;
2936 }
2937#endif
2938
2939 mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret );
2940 goto exit;
2941 }
2942
2943 if( opt.nbio > 0 )
2944 ret = mbedtls_net_set_nonblock( &client_fd );
2945 else
2946 ret = mbedtls_net_set_block( &client_fd );
2947 if( ret != 0 )
2948 {
2949 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
2950 goto exit;
2951 }
2952
2953 mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
2954
2955#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
2956 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2957 {
2958 if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
2959 client_ip, cliip_len ) ) != 0 )
2960 {
2961 mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
2962 -ret );
2963 goto exit;
2964 }
2965 }
2966#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
2967
2968#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2969 if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
2970 {
2971 if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
2972 (const unsigned char *) opt.ecjpake_pw,
2973 strlen( opt.ecjpake_pw ) ) ) != 0 )
2974 {
2975 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
2976 goto exit;
2977 }
2978 }
2979#endif
2980
2981 mbedtls_printf( " ok\n" );
2982
2983 /*
2984 * 4. Handshake
2985 */
2986handshake:
2987 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
2988 fflush( stdout );
2989
2990 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2991 {
2992#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2993 if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
2994 ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL )
2995 {
2996 mbedtls_printf( " cancelling on injected error\n" );
2997 break;
2998 }
2999#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
3000
3001 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3002 break;
3003
3004 /* For event-driven IO, wait for socket to become available */
3005 if( opt.event == 1 /* level triggered IO */ )
3006 {
3007#if defined(MBEDTLS_TIMING_C)
3008 ret = idle( &client_fd, &timer, ret );
3009#else
3010 ret = idle( &client_fd, ret );
3011#endif
3012 if( ret != 0 )
3013 goto reset;
3014 }
3015 }
3016
3017 if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
3018 {
3019 mbedtls_printf( " hello verification requested\n" );
3020 ret = 0;
3021 goto reset;
3022 }
3023 else if( ret != 0 )
3024 {
3025 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
3026
3027#if defined(MBEDTLS_X509_CRT_PARSE_C)
3028 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
3029 {
3030 char vrfy_buf[512];
3031 flags = mbedtls_ssl_get_verify_result( &ssl );
3032
3033 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
3034
3035 mbedtls_printf( "%s\n", vrfy_buf );
3036 }
3037#endif
3038
3039#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3040 if( opt.async_private_error < 0 )
3041 /* Injected error only the first time round, to test reset */
3042 ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;
3043#endif
3044 goto reset;
3045 }
3046 else /* ret == 0 */
3047 {
3048 mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
3049 mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
3050 }
3051
3052 if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
3053 mbedtls_printf( " [ Record expansion is %d ]\n", ret );
3054 else
3055 mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
3056
3057#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3058 mbedtls_printf( " [ Maximum fragment length is %u ]\n",
3059 (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
3060#endif
3061
3062#if defined(MBEDTLS_SSL_ALPN)
3063 if( opt.alpn_string != NULL )
3064 {
3065 const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
3066 mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
3067 alp ? alp : "(none)" );
3068 }
3069#endif
3070
3071#if defined(MBEDTLS_X509_CRT_PARSE_C)
3072 /*
3073 * 5. Verify the client certificate
3074 */
3075 mbedtls_printf( " . Verifying peer X.509 certificate..." );
3076
3077 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
3078 {
3079 char vrfy_buf[512];
3080
3081 mbedtls_printf( " failed\n" );
3082
3083 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
3084
3085 mbedtls_printf( "%s\n", vrfy_buf );
3086 }
3087 else
3088 mbedtls_printf( " ok\n" );
3089
3090 if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
3091 {
3092 char crt_buf[512];
3093
3094 mbedtls_printf( " . Peer certificate information ...\n" );
3095 mbedtls_x509_crt_info( crt_buf, sizeof( crt_buf ), " ",
3096 mbedtls_ssl_get_peer_cert( &ssl ) );
3097 mbedtls_printf( "%s\n", crt_buf );
3098 }
3099#endif /* MBEDTLS_X509_CRT_PARSE_C */
3100
3101 if( opt.exchanges == 0 )
3102 goto close_notify;
3103
3104 exchanges_left = opt.exchanges;
3105data_exchange:
3106 /*
3107 * 6. Read the HTTP Request
3108 */
3109 mbedtls_printf( " < Read from client:" );
3110 fflush( stdout );
3111
3112 /*
3113 * TLS and DTLS need different reading styles (stream vs datagram)
3114 */
3115 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
3116 {
3117 do
3118 {
3119 int terminated = 0;
3120 len = opt.buffer_size - 1;
3121 memset( buf, 0, opt.buffer_size );
3122 ret = mbedtls_ssl_read( &ssl, buf, len );
3123
3124 if( mbedtls_status_is_ssl_in_progress( ret ) )
3125 {
3126 if( opt.event == 1 /* level triggered IO */ )
3127 {
3128#if defined(MBEDTLS_TIMING_C)
3129 idle( &client_fd, &timer, ret );
3130#else
3131 idle( &client_fd, ret );
3132#endif
3133 }
3134
3135 continue;
3136 }
3137
3138 if( ret <= 0 )
3139 {
3140 switch( ret )
3141 {
3142 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3143 mbedtls_printf( " connection was closed gracefully\n" );
3144 goto close_notify;
3145
3146 case 0:
3147 case MBEDTLS_ERR_NET_CONN_RESET:
3148 mbedtls_printf( " connection was reset by peer\n" );
3149 ret = MBEDTLS_ERR_NET_CONN_RESET;
3150 goto reset;
3151
3152 default:
3153 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
3154 goto reset;
3155 }
3156 }
3157
3158 if( mbedtls_ssl_get_bytes_avail( &ssl ) == 0 )
3159 {
3160 len = ret;
3161 buf[len] = '\0';
3162 mbedtls_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
3163
3164 /* End of message should be detected according to the syntax of the
3165 * application protocol (eg HTTP), just use a dummy test here. */
3166 if( buf[len - 1] == '\n' )
3167 terminated = 1;
3168 }
3169 else
3170 {
3171 int extra_len, ori_len;
3172 unsigned char *larger_buf;
3173
3174 ori_len = ret;
3175 extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
3176
3177 larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
3178 if( larger_buf == NULL )
3179 {
3180 mbedtls_printf( " ! memory allocation failed\n" );
3181 ret = 1;
3182 goto reset;
3183 }
3184
3185 memset( larger_buf, 0, ori_len + extra_len );
3186 memcpy( larger_buf, buf, ori_len );
3187
3188 /* This read should never fail and get the whole cached data */
3189 ret = mbedtls_ssl_read( &ssl, larger_buf + ori_len, extra_len );
3190 if( ret != extra_len ||
3191 mbedtls_ssl_get_bytes_avail( &ssl ) != 0 )
3192 {
3193 mbedtls_printf( " ! mbedtls_ssl_read failed on cached data\n" );
3194 ret = 1;
3195 goto reset;
3196 }
3197
3198 larger_buf[ori_len + extra_len] = '\0';
3199 mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n",
3200 ori_len + extra_len, ori_len, extra_len,
3201 (char *) larger_buf );
3202
3203 /* End of message should be detected according to the syntax of the
3204 * application protocol (eg HTTP), just use a dummy test here. */
3205 if( larger_buf[ori_len + extra_len - 1] == '\n' )
3206 terminated = 1;
3207
3208 mbedtls_free( larger_buf );
3209 }
3210
3211 if( terminated )
3212 {
3213 ret = 0;
3214 break;
3215 }
3216 }
3217 while( 1 );
3218 }
3219 else /* Not stream, so datagram */
3220 {
3221 len = opt.buffer_size - 1;
3222 memset( buf, 0, opt.buffer_size );
3223
3224 do
3225 {
3226 /* Without the call to `mbedtls_ssl_check_pending`, it might
3227 * happen that the client sends application data in the same
3228 * datagram as the Finished message concluding the handshake.
3229 * In this case, the application data would be ready to be
3230 * processed while the underlying transport wouldn't signal
3231 * any further incoming data.
3232 *
3233 * See the test 'Event-driven I/O: session-id resume, UDP packing'
3234 * in tests/ssl-opt.sh.
3235 */
3236
3237 /* For event-driven IO, wait for socket to become available */
3238 if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
3239 opt.event == 1 /* level triggered IO */ )
3240 {
3241#if defined(MBEDTLS_TIMING_C)
3242 idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
3243#else
3244 idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
3245#endif
3246 }
3247
3248 ret = mbedtls_ssl_read( &ssl, buf, len );
3249
3250 /* Note that even if `mbedtls_ssl_check_pending` returns true,
3251 * it can happen that the subsequent call to `mbedtls_ssl_read`
3252 * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
3253 * might be discarded (e.g. because they are retransmissions). */
3254 }
3255 while( mbedtls_status_is_ssl_in_progress( ret ) );
3256
3257 if( ret <= 0 )
3258 {
3259 switch( ret )
3260 {
3261 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3262 mbedtls_printf( " connection was closed gracefully\n" );
3263 ret = 0;
3264 goto close_notify;
3265
3266 default:
3267 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
3268 goto reset;
3269 }
3270 }
3271
3272 len = ret;
3273 buf[len] = '\0';
3274 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
3275 ret = 0;
3276 }
3277
3278 /*
3279 * 7a. Request renegotiation while client is waiting for input from us.
3280 * (only on the first exchange, to be able to test retransmission)
3281 */
3282#if defined(MBEDTLS_SSL_RENEGOTIATION)
3283 if( opt.renegotiate && exchanges_left == opt.exchanges )
3284 {
3285 mbedtls_printf( " . Requestion renegotiation..." );
3286 fflush( stdout );
3287
3288 while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
3289 {
3290 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3291 {
3292 mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
3293 goto reset;
3294 }
3295
3296 /* For event-driven IO, wait for socket to become available */
3297 if( opt.event == 1 /* level triggered IO */ )
3298 {
3299#if defined(MBEDTLS_TIMING_C)
3300 idle( &client_fd, &timer, ret );
3301#else
3302 idle( &client_fd, ret );
3303#endif
3304 }
3305 }
3306
3307 mbedtls_printf( " ok\n" );
3308 }
3309#endif /* MBEDTLS_SSL_RENEGOTIATION */
3310
3311 /*
3312 * 7. Write the 200 Response
3313 */
3314 mbedtls_printf( " > Write to client:" );
3315 fflush( stdout );
3316
3317 len = sprintf( (char *) buf, HTTP_RESPONSE,
3318 mbedtls_ssl_get_ciphersuite( &ssl ) );
3319
3320 /* Add padding to the response to reach opt.response_size in length */
3321 if( opt.response_size != DFL_RESPONSE_SIZE &&
3322 len < opt.response_size )
3323 {
3324 memset( buf + len, 'B', opt.response_size - len );
3325 len += opt.response_size - len;
3326 }
3327
3328 /* Truncate if response size is smaller than the "natural" size */
3329 if( opt.response_size != DFL_RESPONSE_SIZE &&
3330 len > opt.response_size )
3331 {
3332 len = opt.response_size;
3333
3334 /* Still end with \r\n unless that's really not possible */
3335 if( len >= 2 ) buf[len - 2] = '\r';
3336 if( len >= 1 ) buf[len - 1] = '\n';
3337 }
3338
3339 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
3340 {
3341 for( written = 0, frags = 0; written < len; written += ret, frags++ )
3342 {
3343 while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
3344 <= 0 )
3345 {
3346 if( ret == MBEDTLS_ERR_NET_CONN_RESET )
3347 {
3348 mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
3349 goto reset;
3350 }
3351
3352 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3353 {
3354 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
3355 goto reset;
3356 }
3357
3358 /* For event-driven IO, wait for socket to become available */
3359 if( opt.event == 1 /* level triggered IO */ )
3360 {
3361#if defined(MBEDTLS_TIMING_C)
3362 idle( &client_fd, &timer, ret );
3363#else
3364 idle( &client_fd, ret );
3365#endif
3366 }
3367 }
3368 }
3369 }
3370 else /* Not stream, so datagram */
3371 {
3372 while( 1 )
3373 {
3374 ret = mbedtls_ssl_write( &ssl, buf, len );
3375
3376 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3377 break;
3378
3379 /* For event-driven IO, wait for socket to become available */
3380 if( opt.event == 1 /* level triggered IO */ )
3381 {
3382#if defined(MBEDTLS_TIMING_C)
3383 idle( &client_fd, &timer, ret );
3384#else
3385 idle( &client_fd, ret );
3386#endif
3387 }
3388 }
3389
3390 if( ret < 0 )
3391 {
3392 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
3393 goto reset;
3394 }
3395
3396 frags = 1;
3397 written = ret;
3398 }
3399
3400 buf[written] = '\0';
3401 mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
3402 ret = 0;
3403
3404 /*
3405 * 7b. Continue doing data exchanges?
3406 */
3407 if( --exchanges_left > 0 )
3408 goto data_exchange;
3409
3410 /*
3411 * 8. Done, cleanly close the connection
3412 */
3413close_notify:
3414 mbedtls_printf( " . Closing the connection..." );
3415
3416 /* No error checking, the connection might be closed already */
3417 do ret = mbedtls_ssl_close_notify( &ssl );
3418 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3419 ret = 0;
3420
3421 mbedtls_printf( " done\n" );
3422
3423 goto reset;
3424
3425 /*
3426 * Cleanup and exit
3427 */
3428exit:
3429#ifdef MBEDTLS_ERROR_C
3430 if( ret != 0 )
3431 {
3432 char error_buf[100];
3433 mbedtls_strerror( ret, error_buf, 100 );
3434 mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
3435 }
3436#endif
3437
3438 mbedtls_printf( " . Cleaning up..." );
3439 fflush( stdout );
3440
3441 mbedtls_net_free( &client_fd );
3442 mbedtls_net_free( &listen_fd );
3443
3444#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
3445 mbedtls_dhm_free( &dhm );
3446#endif
3447#if defined(MBEDTLS_X509_CRT_PARSE_C)
3448 mbedtls_x509_crt_free( &cacert );
3449 mbedtls_x509_crt_free( &srvcert );
3450 mbedtls_pk_free( &pkey );
3451 mbedtls_x509_crt_free( &srvcert2 );
3452 mbedtls_pk_free( &pkey2 );
3453#endif
3454#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3455 for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
3456 {
3457 if( ssl_async_keys.slots[i].pk_owned )
3458 {
3459 mbedtls_pk_free( ssl_async_keys.slots[i].pk );
3460 mbedtls_free( ssl_async_keys.slots[i].pk );
3461 ssl_async_keys.slots[i].pk = NULL;
3462 }
3463 }
3464#endif
3465#if defined(SNI_OPTION)
3466 sni_free( sni_info );
3467#endif
3468#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3469 if( ( ret = psk_free( psk_info ) ) != 0 )
3470 mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
3471#endif
3472#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
3473 mbedtls_dhm_free( &dhm );
3474#endif
3475
3476#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
3477 defined(MBEDTLS_USE_PSA_CRYPTO)
3478 if( opt.psk_opaque != 0 )
3479 {
3480 /* This is ok even if the slot hasn't been
3481 * initialized (we might have jumed here
3482 * immediately because of bad cmd line params,
3483 * for example). */
3484 status = psa_destroy_key( psk_slot );
3485 if( status != PSA_SUCCESS )
3486 {
3487 mbedtls_printf( "Failed to destroy key slot %u - error was %d",
3488 (unsigned) psk_slot, (int) status );
3489 }
3490 }
3491#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
3492 MBEDTLS_USE_PSA_CRYPTO */
3493
3494 mbedtls_ssl_free( &ssl );
3495 mbedtls_ssl_config_free( &conf );
3496 mbedtls_ctr_drbg_free( &ctr_drbg );
3497 mbedtls_entropy_free( &entropy );
3498
3499#if defined(MBEDTLS_SSL_CACHE_C)
3500 mbedtls_ssl_cache_free( &cache );
3501#endif
3502#if defined(MBEDTLS_SSL_SESSION_TICKETS)
3503 mbedtls_ssl_ticket_free( &ticket_ctx );
3504#endif
3505#if defined(MBEDTLS_SSL_COOKIE_C)
3506 mbedtls_ssl_cookie_free( &cookie_ctx );
3507#endif
3508
3509 mbedtls_free( buf );
3510
3511#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3512#if defined(MBEDTLS_MEMORY_DEBUG)
3513 mbedtls_memory_buffer_alloc_status();
3514#endif
3515 mbedtls_memory_buffer_alloc_free();
3516#endif
3517
3518 mbedtls_printf( " done.\n" );
3519
3520#if defined(_WIN32)
3521 mbedtls_printf( " + Press Enter to exit this program.\n" );
3522 fflush( stdout ); getchar();
3523#endif
3524
3525 // Shell can not handle large exit numbers -> 1 for errors
3526 if( ret < 0 )
3527 ret = 1;
3528
3529 return( ret );
3530}
3531#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
3532 MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
3533 MBEDTLS_CTR_DRBG_C */