TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 987cf898db9bff52ec13b08a67f85517cab26fd2 / . / tests / src / test_helpers / ssl_helpers.c
blob: 53003b22325804af55483d49639e2e84b699193c [file] [log] [blame]
Yanray Wang47907a42022-10-24 14:42:01 +0800[diff] [blame]1/** \file ssl_helpers.c
2 *
3 * \brief Helper functions to set up a TLS connection.
4 */
5
6/*
7 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Yanray Wang47907a42022-10-24 14:42:01 +0800[diff] [blame]9 */
10
11#include <test/ssl_helpers.h>
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]12#include "md_psa.h"
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]13
Yanray Wang4d07d1c2022-10-27 15:28:16 +0800[diff] [blame]14#if defined(MBEDTLS_SSL_TLS_C)
Ronald Cron10b040f2024-02-05 09:38:09 +0100[diff] [blame]15int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]16{
17 (void) p_rng;
18 for (size_t i = 0; i < output_len; i++) {
19 output[i] = rand();
20 }
21
22 return 0;
23}
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]24
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]25void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
26 const char *file, int line,
27 const char *str)
28{
29 mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx;
30
31 (void) level;
32 (void) line;
33 (void) file;
34
35 if (NULL != p &&
36 NULL != p->pattern &&
37 NULL != strstr(str, p->pattern)) {
38 p->counter++;
39 }
40}
41
42void mbedtls_test_init_handshake_options(
43 mbedtls_test_handshake_test_options *opts)
44{
45#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
Ronald Cron987cf892024-03-04 10:24:27 +0100[diff] [blame^]46 static int rng_seed = 0xBEEF;
Yanray Wanga72bc9a2023-12-01 23:34:27 +0800[diff] [blame]47
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]48 srand(rng_seed);
49 rng_seed += 0xD0;
50#endif
51 opts->cipher = "";
52 opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
53 opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
54 opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
55 opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
Ronald Cron097ba142023-03-08 16:18:00 +0100[diff] [blame]56 opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]57 opts->expected_handshake_result = 0;
58 opts->expected_ciphersuite = 0;
59 opts->pk_alg = MBEDTLS_PK_RSA;
60 opts->opaque_alg = 0;
61 opts->opaque_alg2 = 0;
62 opts->opaque_usage = 0;
63 opts->psk_str = NULL;
64 opts->dtls = 0;
65 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
66 opts->serialize = 0;
67 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
68 opts->cli_msg_len = 100;
69 opts->srv_msg_len = 100;
70 opts->expected_cli_fragments = 1;
71 opts->expected_srv_fragments = 1;
72 opts->renegotiate = 0;
73 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
74 opts->srv_log_obj = NULL;
Pengyu Lvfe03a402023-11-08 10:30:48 +0800[diff] [blame]75 opts->cli_log_obj = NULL;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]76 opts->srv_log_fun = NULL;
77 opts->cli_log_fun = NULL;
78 opts->resize_buffers = 1;
79#if defined(MBEDTLS_SSL_CACHE_C)
80 opts->cache = NULL;
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]81 TEST_CALLOC(opts->cache, 1);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]82 mbedtls_ssl_cache_init(opts->cache);
Pengyu Lv5cbb93e2023-07-10 11:09:40 +0800[diff] [blame]83#if defined(MBEDTLS_HAVE_TIME)
84 TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache),
85 MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT);
86#endif
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]87exit:
88 return;
89#endif
90}
91
92void mbedtls_test_free_handshake_options(
93 mbedtls_test_handshake_test_options *opts)
94{
95#if defined(MBEDTLS_SSL_CACHE_C)
96 mbedtls_ssl_cache_free(opts->cache);
97 mbedtls_free(opts->cache);
98#else
99 (void) opts;
100#endif
101}
102
103#if defined(MBEDTLS_TEST_HOOKS)
104static void set_chk_buf_ptr_args(
105 mbedtls_ssl_chk_buf_ptr_args *args,
106 unsigned char *cur, unsigned char *end, size_t need)
107{
108 args->cur = cur;
109 args->end = end;
110 args->need = need;
111}
112
113static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args)
114{
115 memset(args, 0, sizeof(*args));
116}
117#endif /* MBEDTLS_TEST_HOOKS */
118
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]119void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf)
120{
121 memset(buf, 0, sizeof(*buf));
122}
123
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]124int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf,
125 size_t capacity)
126{
127 buf->buffer = (unsigned char *) mbedtls_calloc(capacity,
128 sizeof(unsigned char));
129 if (NULL == buf->buffer) {
130 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
131 }
132 buf->capacity = capacity;
133
134 return 0;
135}
136
137void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf)
138{
139 if (buf->buffer != NULL) {
140 mbedtls_free(buf->buffer);
141 }
142
143 memset(buf, 0, sizeof(*buf));
144}
145
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]146int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf,
147 const unsigned char *input, size_t input_len)
148{
149 size_t overflow = 0;
150
151 if ((buf == NULL) || (buf->buffer == NULL)) {
152 return -1;
153 }
154
155 /* Reduce input_len to a number that fits in the buffer. */
156 if ((buf->content_length + input_len) > buf->capacity) {
157 input_len = buf->capacity - buf->content_length;
158 }
159
160 if (input == NULL) {
161 return (input_len == 0) ? 0 : -1;
162 }
163
164 /* Check if the buffer has not come full circle and free space is not in
165 * the middle */
166 if (buf->start + buf->content_length < buf->capacity) {
167
168 /* Calculate the number of bytes that need to be placed at lower memory
169 * address */
170 if (buf->start + buf->content_length + input_len
171 > buf->capacity) {
172 overflow = (buf->start + buf->content_length + input_len)
173 % buf->capacity;
174 }
175
176 memcpy(buf->buffer + buf->start + buf->content_length, input,
177 input_len - overflow);
178 memcpy(buf->buffer, input + input_len - overflow, overflow);
179
180 } else {
181 /* The buffer has come full circle and free space is in the middle */
182 memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity,
183 input, input_len);
184 }
185
186 buf->content_length += input_len;
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]187 return (input_len > INT_MAX) ? INT_MAX : (int) input_len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]188}
189
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]190int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf,
191 unsigned char *output, size_t output_len)
192{
193 size_t overflow = 0;
194
195 if ((buf == NULL) || (buf->buffer == NULL)) {
196 return -1;
197 }
198
199 if (output == NULL && output_len == 0) {
200 return 0;
201 }
202
203 if (buf->content_length < output_len) {
204 output_len = buf->content_length;
205 }
206
207 /* Calculate the number of bytes that need to be drawn from lower memory
208 * address */
209 if (buf->start + output_len > buf->capacity) {
210 overflow = (buf->start + output_len) % buf->capacity;
211 }
212
213 if (output != NULL) {
214 memcpy(output, buf->buffer + buf->start, output_len - overflow);
215 memcpy(output + output_len - overflow, buf->buffer, overflow);
216 }
217
218 buf->content_length -= output_len;
219 buf->start = (buf->start + output_len) % buf->capacity;
220
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]221 return (output_len > INT_MAX) ? INT_MAX : (int) output_len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]222}
223
Yanray Wangd19894f2023-03-16 11:47:39 +0800[diff] [blame]224int mbedtls_test_ssl_message_queue_setup(
225 mbedtls_test_ssl_message_queue *queue, size_t capacity)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]226{
227 queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
228 if (NULL == queue->messages) {
229 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
230 }
231
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]232 queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]233 queue->pos = 0;
234 queue->num = 0;
235
236 return 0;
237}
238
Yanray Wangd19894f2023-03-16 11:47:39 +0800[diff] [blame]239void mbedtls_test_ssl_message_queue_free(
240 mbedtls_test_ssl_message_queue *queue)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]241{
242 if (queue == NULL) {
243 return;
244 }
245
246 if (queue->messages != NULL) {
247 mbedtls_free(queue->messages);
248 }
249
250 memset(queue, 0, sizeof(*queue));
251}
252
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]253int mbedtls_test_ssl_message_queue_push_info(
254 mbedtls_test_ssl_message_queue *queue, size_t len)
255{
256 int place;
257 if (queue == NULL) {
258 return MBEDTLS_TEST_ERROR_ARG_NULL;
259 }
260
261 if (queue->num >= queue->capacity) {
262 return MBEDTLS_ERR_SSL_WANT_WRITE;
263 }
264
265 place = (queue->pos + queue->num) % queue->capacity;
266 queue->messages[place] = len;
267 queue->num++;
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]268 return (len > INT_MAX) ? INT_MAX : (int) len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]269}
270
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]271int mbedtls_test_ssl_message_queue_pop_info(
272 mbedtls_test_ssl_message_queue *queue, size_t buf_len)
273{
274 size_t message_length;
275 if (queue == NULL) {
276 return MBEDTLS_TEST_ERROR_ARG_NULL;
277 }
278 if (queue->num == 0) {
279 return MBEDTLS_ERR_SSL_WANT_READ;
280 }
281
282 message_length = queue->messages[queue->pos];
283 queue->messages[queue->pos] = 0;
284 queue->num--;
285 queue->pos++;
286 queue->pos %= queue->capacity;
287 if (queue->pos < 0) {
288 queue->pos += queue->capacity;
289 }
290
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]291 return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX :
292 (message_length > buf_len) ? (int) buf_len : (int) message_length;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]293}
294
295/*
296 * Take a peek on the info about the next message length from the queue.
297 * This will be the oldest inserted message length(fifo).
298 *
299 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
300 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
301 * \retval 0, if the peek was successful.
302 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
303 * too small to fit the message. In this case the \p msg_len will be
304 * set to the full message length so that the
305 * caller knows what portion of the message can be dropped.
306 */
Yanray Wang5e22a922023-03-16 14:57:54 +0800[diff] [blame]307static int test_ssl_message_queue_peek_info(
308 mbedtls_test_ssl_message_queue *queue,
309 size_t buf_len, size_t *msg_len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]310{
311 if (queue == NULL || msg_len == NULL) {
312 return MBEDTLS_TEST_ERROR_ARG_NULL;
313 }
314 if (queue->num == 0) {
315 return MBEDTLS_ERR_SSL_WANT_READ;
316 }
317
318 *msg_len = queue->messages[queue->pos];
319 return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
320}
321
Yanray Wang5f86a422023-03-15 16:02:29 +0800[diff] [blame]322void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]323{
324 memset(socket, 0, sizeof(*socket));
325}
326
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]327void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket)
328{
329 if (socket == NULL) {
330 return;
331 }
332
333 if (socket->input != NULL) {
334 mbedtls_test_ssl_buffer_free(socket->input);
335 mbedtls_free(socket->input);
336 }
337
338 if (socket->output != NULL) {
339 mbedtls_test_ssl_buffer_free(socket->output);
340 mbedtls_free(socket->output);
341 }
342
343 if (socket->peer != NULL) {
344 memset(socket->peer, 0, sizeof(*socket->peer));
345 }
346
347 memset(socket, 0, sizeof(*socket));
348}
349
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]350int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1,
351 mbedtls_test_mock_socket *peer2,
352 size_t bufsize)
353{
354 int ret = -1;
355
356 peer1->output =
357 (mbedtls_test_ssl_buffer *) mbedtls_calloc(
358 1, sizeof(mbedtls_test_ssl_buffer));
359 if (peer1->output == NULL) {
360 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
361 goto exit;
362 }
363 mbedtls_test_ssl_buffer_init(peer1->output);
364 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) {
365 goto exit;
366 }
367
368 peer2->output =
369 (mbedtls_test_ssl_buffer *) mbedtls_calloc(
370 1, sizeof(mbedtls_test_ssl_buffer));
371 if (peer2->output == NULL) {
372 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
373 goto exit;
374 }
375 mbedtls_test_ssl_buffer_init(peer2->output);
376 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) {
377 goto exit;
378 }
379
380 peer1->peer = peer2;
381 peer2->peer = peer1;
382 peer1->input = peer2->output;
383 peer2->input = peer1->output;
384
385 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
386 ret = 0;
387
388exit:
389
390 if (ret != 0) {
391 mbedtls_test_mock_socket_close(peer1);
392 mbedtls_test_mock_socket_close(peer2);
393 }
394
395 return ret;
396}
397
Yanray Wangaf727a22023-03-13 19:22:36 +0800[diff] [blame]398int mbedtls_test_mock_tcp_send_b(void *ctx,
399 const unsigned char *buf, size_t len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]400{
401 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
402
403 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
404 return -1;
405 }
406
407 return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
408}
409
410int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len)
411{
412 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
413
414 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
415 return -1;
416 }
417
418 return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
419}
420
Yanray Wang34634352023-02-14 17:56:51 +0800[diff] [blame]421int mbedtls_test_mock_tcp_send_nb(void *ctx,
422 const unsigned char *buf, size_t len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]423{
424 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
425
426 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
427 return -1;
428 }
429
430 if (socket->output->capacity == socket->output->content_length) {
431 return MBEDTLS_ERR_SSL_WANT_WRITE;
432 }
433
434 return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
435}
436
437int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len)
438{
439 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
440
441 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
442 return -1;
443 }
444
445 if (socket->input->content_length == 0) {
446 return MBEDTLS_ERR_SSL_WANT_READ;
447 }
448
449 return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
450}
451
Yanray Wangd19894f2023-03-16 11:47:39 +0800[diff] [blame]452void mbedtls_test_message_socket_init(
453 mbedtls_test_message_socket_context *ctx)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]454{
455 ctx->queue_input = NULL;
456 ctx->queue_output = NULL;
457 ctx->socket = NULL;
458}
459
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]460int mbedtls_test_message_socket_setup(
461 mbedtls_test_ssl_message_queue *queue_input,
462 mbedtls_test_ssl_message_queue *queue_output,
463 size_t queue_capacity,
464 mbedtls_test_mock_socket *socket,
465 mbedtls_test_message_socket_context *ctx)
466{
467 int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity);
468 if (ret != 0) {
469 return ret;
470 }
471 ctx->queue_input = queue_input;
472 ctx->queue_output = queue_output;
473 ctx->socket = socket;
Yanray Wang5f86a422023-03-15 16:02:29 +0800[diff] [blame]474 mbedtls_test_mock_socket_init(socket);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]475
476 return 0;
477}
478
Yanray Wangd19894f2023-03-16 11:47:39 +0800[diff] [blame]479void mbedtls_test_message_socket_close(
480 mbedtls_test_message_socket_context *ctx)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]481{
482 if (ctx == NULL) {
483 return;
484 }
485
486 mbedtls_test_ssl_message_queue_free(ctx->queue_input);
487 mbedtls_test_mock_socket_close(ctx->socket);
488 memset(ctx, 0, sizeof(*ctx));
489}
490
Yanray Wang34634352023-02-14 17:56:51 +0800[diff] [blame]491int mbedtls_test_mock_tcp_send_msg(void *ctx,
492 const unsigned char *buf, size_t len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]493{
494 mbedtls_test_ssl_message_queue *queue;
495 mbedtls_test_mock_socket *socket;
496 mbedtls_test_message_socket_context *context =
497 (mbedtls_test_message_socket_context *) ctx;
498
499 if (context == NULL || context->socket == NULL
500 || context->queue_output == NULL) {
501 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
502 }
503
504 queue = context->queue_output;
505 socket = context->socket;
506
507 if (queue->num >= queue->capacity) {
508 return MBEDTLS_ERR_SSL_WANT_WRITE;
509 }
510
511 if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) {
512 return MBEDTLS_TEST_ERROR_SEND_FAILED;
513 }
514
515 return mbedtls_test_ssl_message_queue_push_info(queue, len);
516}
517
Yanray Wang34634352023-02-14 17:56:51 +0800[diff] [blame]518int mbedtls_test_mock_tcp_recv_msg(void *ctx,
519 unsigned char *buf, size_t buf_len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]520{
521 mbedtls_test_ssl_message_queue *queue;
522 mbedtls_test_mock_socket *socket;
523 mbedtls_test_message_socket_context *context =
524 (mbedtls_test_message_socket_context *) ctx;
525 size_t drop_len = 0;
526 size_t msg_len;
527 int ret;
528
529 if (context == NULL || context->socket == NULL
530 || context->queue_input == NULL) {
531 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
532 }
533
534 queue = context->queue_input;
535 socket = context->socket;
536
537 /* Peek first, so that in case of a socket error the data remains in
538 * the queue. */
Yanray Wang5e22a922023-03-16 14:57:54 +0800[diff] [blame]539 ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]540 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
541 /* Calculate how much to drop */
542 drop_len = msg_len - buf_len;
543
544 /* Set the requested message len to be buffer length */
545 msg_len = buf_len;
546 } else if (ret != 0) {
547 return ret;
548 }
549
550 if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) {
551 return MBEDTLS_TEST_ERROR_RECV_FAILED;
552 }
553
554 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
555 /* Drop the remaining part of the message */
Yanray Wangaf727a22023-03-13 19:22:36 +0800[diff] [blame]556 if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) !=
557 (int) drop_len) {
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]558 /* Inconsistent state - part of the message was read,
559 * and a part couldn't. Not much we can do here, but it should not
560 * happen in test environment, unless forced manually. */
561 }
562 }
563 mbedtls_test_ssl_message_queue_pop_info(queue, buf_len);
564
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]565 return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]566}
567
568#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
569
570/*
571 * Deinitializes certificates from endpoint represented by \p ep.
572 */
Yanray Wangf6f71902023-03-15 16:05:14 +0800[diff] [blame]573static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]574{
575 mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
576 if (cert != NULL) {
577 if (cert->ca_cert != NULL) {
578 mbedtls_x509_crt_free(cert->ca_cert);
579 mbedtls_free(cert->ca_cert);
580 cert->ca_cert = NULL;
581 }
582 if (cert->cert != NULL) {
583 mbedtls_x509_crt_free(cert->cert);
584 mbedtls_free(cert->cert);
585 cert->cert = NULL;
586 }
587 if (cert->pkey != NULL) {
588#if defined(MBEDTLS_USE_PSA_CRYPTO)
589 if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
Valerio Setti4f387ef2023-05-02 14:15:59 +0200[diff] [blame]590 psa_destroy_key(cert->pkey->priv_id);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]591 }
592#endif
593 mbedtls_pk_free(cert->pkey);
594 mbedtls_free(cert->pkey);
595 cert->pkey = NULL;
596 }
597 }
598}
599
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]600int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
601 int pk_alg,
602 int opaque_alg, int opaque_alg2,
603 int opaque_usage)
604{
605 int i = 0;
606 int ret = -1;
607 mbedtls_test_ssl_endpoint_certificate *cert = NULL;
608#if defined(MBEDTLS_USE_PSA_CRYPTO)
609 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
610#endif
611
612 if (ep == NULL) {
613 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
614 }
615
616 cert = &(ep->cert);
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]617 TEST_CALLOC(cert->ca_cert, 1);
618 TEST_CALLOC(cert->cert, 1);
619 TEST_CALLOC(cert->pkey, 1);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]620
621 mbedtls_x509_crt_init(cert->ca_cert);
622 mbedtls_x509_crt_init(cert->cert);
623 mbedtls_pk_init(cert->pkey);
624
625 /* Load the trusted CA */
626
627 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
628 ret = mbedtls_x509_crt_parse_der(
629 cert->ca_cert,
630 (const unsigned char *) mbedtls_test_cas_der[i],
631 mbedtls_test_cas_der_len[i]);
632 TEST_ASSERT(ret == 0);
633 }
634
635 /* Load own certificate and private key */
636
637 if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
638 if (pk_alg == MBEDTLS_PK_RSA) {
639 ret = mbedtls_x509_crt_parse(
640 cert->cert,
641 (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
642 mbedtls_test_srv_crt_rsa_sha256_der_len);
643 TEST_ASSERT(ret == 0);
644
645 ret = mbedtls_pk_parse_key(
646 cert->pkey,
647 (const unsigned char *) mbedtls_test_srv_key_rsa_der,
648 mbedtls_test_srv_key_rsa_der_len, NULL, 0,
649 mbedtls_test_rnd_std_rand, NULL);
650 TEST_ASSERT(ret == 0);
651 } else {
652 ret = mbedtls_x509_crt_parse(
653 cert->cert,
654 (const unsigned char *) mbedtls_test_srv_crt_ec_der,
655 mbedtls_test_srv_crt_ec_der_len);
656 TEST_ASSERT(ret == 0);
657
658 ret = mbedtls_pk_parse_key(
659 cert->pkey,
660 (const unsigned char *) mbedtls_test_srv_key_ec_der,
661 mbedtls_test_srv_key_ec_der_len, NULL, 0,
662 mbedtls_test_rnd_std_rand, NULL);
663 TEST_ASSERT(ret == 0);
664 }
665 } else {
666 if (pk_alg == MBEDTLS_PK_RSA) {
667 ret = mbedtls_x509_crt_parse(
668 cert->cert,
669 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
670 mbedtls_test_cli_crt_rsa_der_len);
671 TEST_ASSERT(ret == 0);
672
673 ret = mbedtls_pk_parse_key(
674 cert->pkey,
675 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
676 mbedtls_test_cli_key_rsa_der_len, NULL, 0,
677 mbedtls_test_rnd_std_rand, NULL);
678 TEST_ASSERT(ret == 0);
679 } else {
680 ret = mbedtls_x509_crt_parse(
681 cert->cert,
682 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
683 mbedtls_test_cli_crt_ec_len);
684 TEST_ASSERT(ret == 0);
685
686 ret = mbedtls_pk_parse_key(
687 cert->pkey,
688 (const unsigned char *) mbedtls_test_cli_key_ec_der,
689 mbedtls_test_cli_key_ec_der_len, NULL, 0,
690 mbedtls_test_rnd_std_rand, NULL);
691 TEST_ASSERT(ret == 0);
692 }
693 }
694
695#if defined(MBEDTLS_USE_PSA_CRYPTO)
696 if (opaque_alg != 0) {
697 TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot,
698 opaque_alg, opaque_usage,
699 opaque_alg2), 0);
700 }
701#else
702 (void) opaque_alg;
703 (void) opaque_alg2;
704 (void) opaque_usage;
705#endif
706
707 mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
708
709 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
710 cert->pkey);
711 TEST_ASSERT(ret == 0);
712 TEST_ASSERT(ep->conf.key_cert != NULL);
713
714 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL);
715 TEST_ASSERT(ret == 0);
716 TEST_ASSERT(ep->conf.key_cert == NULL);
717
718 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
719 cert->pkey);
720 TEST_ASSERT(ret == 0);
721
722exit:
723 if (ret != 0) {
Yanray Wangf6f71902023-03-15 16:05:14 +0800[diff] [blame]724 test_ssl_endpoint_certificate_free(ep);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]725 }
726
727 return ret;
728}
729
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]730int mbedtls_test_ssl_endpoint_init(
731 mbedtls_test_ssl_endpoint *ep, int endpoint_type,
732 mbedtls_test_handshake_test_options *options,
733 mbedtls_test_message_socket_context *dtls_context,
734 mbedtls_test_ssl_message_queue *input_queue,
735 mbedtls_test_ssl_message_queue *output_queue,
736 uint16_t *group_list)
737{
738 int ret = -1;
739 uintptr_t user_data_n;
740
741 if (dtls_context != NULL &&
742 (input_queue == NULL || output_queue == NULL)) {
743 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
744
745 }
746
747 if (ep == NULL) {
748 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
749 }
750
751 memset(ep, 0, sizeof(*ep));
752
753 ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client";
754
755 mbedtls_ssl_init(&(ep->ssl));
756 mbedtls_ssl_config_init(&(ep->conf));
Ronald Cron10b040f2024-02-05 09:38:09 +0100[diff] [blame]757 mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]758
759 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
760 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
761 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL);
762 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0);
763
764 (void) mbedtls_test_rnd_std_rand(NULL,
765 (void *) &user_data_n,
766 sizeof(user_data_n));
767 mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n);
768 mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n);
769
770 if (dtls_context != NULL) {
771 TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue,
772 100, &(ep->socket),
773 dtls_context) == 0);
774 } else {
Yanray Wang5f86a422023-03-15 16:02:29 +0800[diff] [blame]775 mbedtls_test_mock_socket_init(&(ep->socket));
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]776 }
777
778 /* Non-blocking callbacks without timeout */
779 if (dtls_context != NULL) {
780 mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
781 mbedtls_test_mock_tcp_send_msg,
782 mbedtls_test_mock_tcp_recv_msg,
783 NULL);
784 } else {
785 mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
786 mbedtls_test_mock_tcp_send_nb,
787 mbedtls_test_mock_tcp_recv_nb,
788 NULL);
789 }
790
791 ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
792 (dtls_context != NULL) ?
793 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
794 MBEDTLS_SSL_TRANSPORT_STREAM,
795 MBEDTLS_SSL_PRESET_DEFAULT);
796 TEST_ASSERT(ret == 0);
797
Ronald Crona697a712023-03-09 17:47:42 +0100[diff] [blame]798 if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
799 if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
800 mbedtls_ssl_conf_min_tls_version(&(ep->conf),
801 options->client_min_version);
802 }
803
804 if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
805 mbedtls_ssl_conf_max_tls_version(&(ep->conf),
806 options->client_max_version);
807 }
808 } else {
809 if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
810 mbedtls_ssl_conf_min_tls_version(&(ep->conf),
811 options->server_min_version);
812 }
813
814 if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
815 mbedtls_ssl_conf_max_tls_version(&(ep->conf),
816 options->server_max_version);
817 }
818 }
819
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]820 if (group_list != NULL) {
821 mbedtls_ssl_conf_groups(&(ep->conf), group_list);
822 }
823
824 mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
825
826#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)
827 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) {
828 mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache,
829 mbedtls_ssl_cache_get,
830 mbedtls_ssl_cache_set);
831 }
832#endif
833
834 ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
835 TEST_ASSERT(ret == 0);
836
837#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
838 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
839 mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
840 }
841#endif
842
843 ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
844 options->opaque_alg,
845 options->opaque_alg2,
846 options->opaque_usage);
847 TEST_ASSERT(ret == 0);
848
849 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n);
850 mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);
851 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n);
852 mbedtls_ssl_set_user_data_p(&ep->ssl, ep);
853
854exit:
855 return ret;
856}
857
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]858void mbedtls_test_ssl_endpoint_free(
859 mbedtls_test_ssl_endpoint *ep,
860 mbedtls_test_message_socket_context *context)
861{
Yanray Wangf6f71902023-03-15 16:05:14 +0800[diff] [blame]862 test_ssl_endpoint_certificate_free(ep);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]863
864 mbedtls_ssl_free(&(ep->ssl));
865 mbedtls_ssl_config_free(&(ep->conf));
866
867 if (context != NULL) {
868 mbedtls_test_message_socket_close(context);
869 } else {
870 mbedtls_test_mock_socket_close(&(ep->socket));
871 }
872}
873
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]874int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
875 mbedtls_ssl_context *second_ssl,
876 int state)
877{
878 enum { BUFFSIZE = 1024 };
879 int max_steps = 1000;
880 int ret = 0;
881
882 if (ssl == NULL || second_ssl == NULL) {
883 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
884 }
885
886 /* Perform communication via connected sockets */
887 while ((ssl->state != state) && (--max_steps >= 0)) {
888 /* If /p second_ssl ends the handshake procedure before /p ssl then
889 * there is no need to call the next step */
890 if (!mbedtls_ssl_is_handshake_over(second_ssl)) {
891 ret = mbedtls_ssl_handshake_step(second_ssl);
892 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
893 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
894 return ret;
895 }
896 }
897
898 /* We only care about the \p ssl state and returns, so we call it last,
899 * to leave the iteration as soon as the state is as expected. */
900 ret = mbedtls_ssl_handshake_step(ssl);
901 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
902 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
903 return ret;
904 }
905 }
906
907 return (max_steps >= 0) ? ret : -1;
908}
909
910#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
911
912/*
913 * Write application data. Increase write counter if necessary.
914 */
Yanray Wang1fca4de2023-02-06 12:10:48 +0800[diff] [blame]915int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl,
916 unsigned char *buf, int buf_len,
917 int *written,
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]918 const int expected_fragments)
919{
Agathiyan Bragadeesh93212652023-07-12 11:22:59 +0100[diff] [blame]920 int ret;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]921 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
922 * a valid no-op for TLS connections. */
923 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
924 TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
925 }
926
Agathiyan Bragadeesh93212652023-07-12 11:22:59 +0100[diff] [blame]927 ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]928 if (ret > 0) {
929 *written += ret;
930 }
931
932 if (expected_fragments == 0) {
933 /* Used for DTLS and the message size larger than MFL. In that case
934 * the message can not be fragmented and the library should return
935 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]936 * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]937 return ret;
938 } else if (expected_fragments == 1) {
939 /* Used for TLS/DTLS and the message size lower than MFL */
940 TEST_ASSERT(ret == buf_len ||
941 ret == MBEDTLS_ERR_SSL_WANT_READ ||
942 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
943 } else {
944 /* Used for TLS and the message size larger than MFL */
945 TEST_ASSERT(expected_fragments > 1);
946 TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
947 ret == MBEDTLS_ERR_SSL_WANT_READ ||
948 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
949 }
950
951 return 0;
952
953exit:
954 /* Some of the tests failed */
955 return -1;
956}
957
958/*
959 * Read application data and increase read counter and fragments counter
960 * if necessary.
961 */
Yanray Wang1fca4de2023-02-06 12:10:48 +0800[diff] [blame]962int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl,
963 unsigned char *buf, int buf_len,
964 int *read, int *fragments,
965 const int expected_fragments)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]966{
Agathiyan Bragadeesh93212652023-07-12 11:22:59 +0100[diff] [blame]967 int ret;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]968 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
969 * a valid no-op for TLS connections. */
970 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
971 TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
972 }
973
Agathiyan Bragadeesh93212652023-07-12 11:22:59 +0100[diff] [blame]974 ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]975 if (ret > 0) {
976 (*fragments)++;
977 *read += ret;
978 }
979
980 if (expected_fragments == 0) {
981 TEST_ASSERT(ret == 0);
982 } else if (expected_fragments == 1) {
983 TEST_ASSERT(ret == buf_len ||
984 ret == MBEDTLS_ERR_SSL_WANT_READ ||
985 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
986 } else {
987 TEST_ASSERT(expected_fragments > 1);
988 TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
989 ret == MBEDTLS_ERR_SSL_WANT_READ ||
990 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
991 }
992
993 return 0;
994
995exit:
996 /* Some of the tests failed */
997 return -1;
998}
999
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1000#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1001static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
1002 int *forced_ciphersuite)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1003{
1004 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1005 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
1006 forced_ciphersuite[1] = 0;
1007
1008 ciphersuite_info =
1009 mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
1010
1011 TEST_ASSERT(ciphersuite_info != NULL);
1012 TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version);
1013 TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version);
1014
1015 if (conf->max_tls_version > ciphersuite_info->max_tls_version) {
Agathiyan Bragadeesh2f017a82023-07-12 11:21:54 +0100[diff] [blame]1016 conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1017 }
1018 if (conf->min_tls_version < ciphersuite_info->min_tls_version) {
Agathiyan Bragadeesh2f017a82023-07-12 11:21:54 +0100[diff] [blame]1019 conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1020 }
1021
1022 mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
1023
1024exit:
1025 return;
1026}
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1027#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1028
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1029#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
1030 defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
1031 defined(MBEDTLS_SSL_SRV_C)
1032static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
1033 const unsigned char *name, size_t name_len)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1034{
1035 (void) p_info;
1036 (void) ssl;
1037 (void) name;
1038 (void) name_len;
1039
1040 return 0;
1041}
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1042#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
1043 MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
1044 MBEDTLS_SSL_SRV_C */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1045
1046#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
Pengyu Lvba6825e2023-11-08 12:16:29 +0800[diff] [blame]1047 defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1048int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
1049 const unsigned char *iv,
1050 size_t iv_len,
1051 const unsigned char *input,
1052 size_t ilen,
1053 unsigned char *output,
1054 size_t *olen)
1055{
1056#if defined(MBEDTLS_USE_PSA_CRYPTO)
1057 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1058 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
1059 size_t part_len;
1060
1061 status = psa_cipher_encrypt_setup(&cipher_op,
1062 transform->psa_key_enc,
1063 transform->psa_alg);
1064
1065 if (status != PSA_SUCCESS) {
1066 return PSA_TO_MBEDTLS_ERR(status);
1067 }
1068
1069 status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
1070
1071 if (status != PSA_SUCCESS) {
1072 return PSA_TO_MBEDTLS_ERR(status);
1073 }
1074
1075 status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen);
1076
1077 if (status != PSA_SUCCESS) {
1078 return PSA_TO_MBEDTLS_ERR(status);
1079 }
1080
1081 status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen,
1082 &part_len);
1083
1084 if (status != PSA_SUCCESS) {
1085 return PSA_TO_MBEDTLS_ERR(status);
1086 }
1087
1088 *olen += part_len;
1089 return 0;
1090#else
1091 return mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
1092 iv, iv_len, input, ilen, output, olen);
1093#endif /* MBEDTLS_USE_PSA_CRYPTO */
1094}
Pengyu Lvba6825e2023-11-08 12:16:29 +0800[diff] [blame]1095#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC &&
1096 MBEDTLS_SSL_HAVE_AES */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1097
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1098static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type,
1099 mbedtls_cipher_mode_t *cipher_mode,
1100 size_t *key_bits, size_t *iv_len)
1101{
1102 switch (cipher_type) {
1103 case MBEDTLS_CIPHER_AES_128_CBC:
1104 *cipher_mode = MBEDTLS_MODE_CBC;
1105 *key_bits = 128;
1106 *iv_len = 16;
1107 break;
1108 case MBEDTLS_CIPHER_AES_256_CBC:
1109 *cipher_mode = MBEDTLS_MODE_CBC;
1110 *key_bits = 256;
1111 *iv_len = 16;
1112 break;
1113 case MBEDTLS_CIPHER_ARIA_128_CBC:
1114 *cipher_mode = MBEDTLS_MODE_CBC;
1115 *key_bits = 128;
1116 *iv_len = 16;
1117 break;
1118 case MBEDTLS_CIPHER_ARIA_256_CBC:
1119 *cipher_mode = MBEDTLS_MODE_CBC;
1120 *key_bits = 256;
1121 *iv_len = 16;
1122 break;
1123 case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
1124 *cipher_mode = MBEDTLS_MODE_CBC;
1125 *key_bits = 128;
1126 *iv_len = 16;
1127 break;
1128 case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
1129 *cipher_mode = MBEDTLS_MODE_CBC;
1130 *key_bits = 256;
1131 *iv_len = 16;
1132 break;
1133
1134 case MBEDTLS_CIPHER_AES_128_CCM:
1135 *cipher_mode = MBEDTLS_MODE_CCM;
1136 *key_bits = 128;
1137 *iv_len = 12;
1138 break;
1139 case MBEDTLS_CIPHER_AES_192_CCM:
1140 *cipher_mode = MBEDTLS_MODE_CCM;
1141 *key_bits = 192;
1142 *iv_len = 12;
1143 break;
1144 case MBEDTLS_CIPHER_AES_256_CCM:
1145 *cipher_mode = MBEDTLS_MODE_CCM;
1146 *key_bits = 256;
1147 *iv_len = 12;
1148 break;
1149 case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
1150 *cipher_mode = MBEDTLS_MODE_CCM;
1151 *key_bits = 128;
1152 *iv_len = 12;
1153 break;
1154 case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
1155 *cipher_mode = MBEDTLS_MODE_CCM;
1156 *key_bits = 192;
1157 *iv_len = 12;
1158 break;
1159 case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
1160 *cipher_mode = MBEDTLS_MODE_CCM;
1161 *key_bits = 256;
1162 *iv_len = 12;
1163 break;
1164
1165 case MBEDTLS_CIPHER_AES_128_GCM:
1166 *cipher_mode = MBEDTLS_MODE_GCM;
1167 *key_bits = 128;
1168 *iv_len = 12;
1169 break;
1170 case MBEDTLS_CIPHER_AES_192_GCM:
1171 *cipher_mode = MBEDTLS_MODE_GCM;
1172 *key_bits = 192;
1173 *iv_len = 12;
1174 break;
1175 case MBEDTLS_CIPHER_AES_256_GCM:
1176 *cipher_mode = MBEDTLS_MODE_GCM;
1177 *key_bits = 256;
1178 *iv_len = 12;
1179 break;
1180 case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
1181 *cipher_mode = MBEDTLS_MODE_GCM;
1182 *key_bits = 128;
1183 *iv_len = 12;
1184 break;
1185 case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
1186 *cipher_mode = MBEDTLS_MODE_GCM;
1187 *key_bits = 192;
1188 *iv_len = 12;
1189 break;
1190 case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
1191 *cipher_mode = MBEDTLS_MODE_GCM;
1192 *key_bits = 256;
1193 *iv_len = 12;
1194 break;
1195
1196 case MBEDTLS_CIPHER_CHACHA20_POLY1305:
1197 *cipher_mode = MBEDTLS_MODE_CHACHAPOLY;
1198 *key_bits = 256;
1199 *iv_len = 12;
1200 break;
1201
1202 case MBEDTLS_CIPHER_NULL:
1203 *cipher_mode = MBEDTLS_MODE_STREAM;
1204 *key_bits = 0;
1205 *iv_len = 0;
1206 break;
1207
1208 default:
1209 *cipher_mode = MBEDTLS_MODE_NONE;
1210 *key_bits = 0;
1211 *iv_len = 0;
1212 }
1213}
1214
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1215int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
1216 mbedtls_ssl_transform *t_out,
1217 int cipher_type, int hash_id,
1218 int etm, int tag_mode,
1219 mbedtls_ssl_protocol_version tls_version,
1220 size_t cid0_len,
1221 size_t cid1_len)
1222{
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1223 mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE;
1224 size_t key_bits = 0;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1225 int ret = 0;
1226
1227#if defined(MBEDTLS_USE_PSA_CRYPTO)
1228 psa_key_type_t key_type;
1229 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1230 psa_algorithm_t alg;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1231 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Valerio Setti3d59ebe2023-10-30 11:56:56 +0100[diff] [blame]1232#else
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1233 mbedtls_cipher_info_t const *cipher_info;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1234#endif
1235
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1236 size_t keylen, maclen, ivlen = 0;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1237 unsigned char *key0 = NULL, *key1 = NULL;
1238 unsigned char *md0 = NULL, *md1 = NULL;
1239 unsigned char iv_enc[16], iv_dec[16];
1240
1241#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1242 unsigned char cid0[SSL_CID_LEN_MIN];
1243 unsigned char cid1[SSL_CID_LEN_MIN];
1244
1245 mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0));
1246 mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1));
1247#else
1248 ((void) cid0_len);
1249 ((void) cid1_len);
1250#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1251
1252 maclen = 0;
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1253 mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type,
1254 &cipher_mode, &key_bits, &ivlen);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1255
1256 /* Pick keys */
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1257 keylen = key_bits / 8;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1258 /* Allocate `keylen + 1` bytes to ensure that we get
1259 * a non-NULL pointers from `mbedtls_calloc` even if
1260 * `keylen == 0` in the case of the NULL cipher. */
1261 CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL);
1262 CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL);
1263 memset(key0, 0x1, keylen);
1264 memset(key1, 0x2, keylen);
1265
1266#if !defined(MBEDTLS_USE_PSA_CRYPTO)
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1267 /* Pick cipher */
1268 cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
1269 CHK(cipher_info != NULL);
1270 CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
1271 CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
Valerio Setti3d59ebe2023-10-30 11:56:56 +0100[diff] [blame]1272
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1273 /* Setup cipher contexts */
1274 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
1275 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
1276 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
1277 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
1278
1279#if defined(MBEDTLS_CIPHER_MODE_CBC)
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1280 if (cipher_mode == MBEDTLS_MODE_CBC) {
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1281 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
1282 MBEDTLS_PADDING_NONE) == 0);
1283 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
1284 MBEDTLS_PADDING_NONE) == 0);
1285 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
1286 MBEDTLS_PADDING_NONE) == 0);
1287 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
1288 MBEDTLS_PADDING_NONE) == 0);
1289 }
1290#endif /* MBEDTLS_CIPHER_MODE_CBC */
1291
1292 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1293 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
1294 MBEDTLS_ENCRYPT)
1295 == 0);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1296 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1297 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
1298 MBEDTLS_DECRYPT)
1299 == 0);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1300 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1301 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
1302 MBEDTLS_ENCRYPT)
1303 == 0);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1304 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1305 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
1306 MBEDTLS_DECRYPT)
1307 == 0);
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1308#endif /* !MBEDTLS_USE_PSA_CRYPTO */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1309
1310 /* Setup MAC contexts */
1311#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1312 if (cipher_mode == MBEDTLS_MODE_CBC ||
1313 cipher_mode == MBEDTLS_MODE_STREAM) {
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1314#if !defined(MBEDTLS_USE_PSA_CRYPTO)
Agathiyan Bragadeesh2f017a82023-07-12 11:21:54 +0100[diff] [blame]1315 mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1316 CHK(md_info != NULL);
1317#endif
Agathiyan Bragadeesh2f017a82023-07-12 11:21:54 +0100[diff] [blame]1318 maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1319 CHK(maclen != 0);
1320 /* Pick hash keys */
1321 CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
1322 CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
1323 memset(md0, 0x5, maclen);
1324 memset(md1, 0x6, maclen);
1325
1326#if defined(MBEDTLS_USE_PSA_CRYPTO)
Manuel Pégourié-Gonnard2d6d9932023-03-28 11:38:08 +0200[diff] [blame]1327 alg = mbedtls_md_psa_alg_from_type(hash_id);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1328
1329 CHK(alg != 0);
1330
1331 t_out->psa_mac_alg = PSA_ALG_HMAC(alg);
1332 t_in->psa_mac_alg = PSA_ALG_HMAC(alg);
1333 t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
1334 t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
1335 t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
1336 t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
1337
1338 psa_reset_key_attributes(&attributes);
1339 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
1340 psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg));
1341 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
1342
1343 CHK(psa_import_key(&attributes,
1344 md0, maclen,
1345 &t_in->psa_mac_enc) == PSA_SUCCESS);
1346
1347 CHK(psa_import_key(&attributes,
1348 md1, maclen,
1349 &t_out->psa_mac_enc) == PSA_SUCCESS);
1350
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1351 if (cipher_mode == MBEDTLS_MODE_STREAM ||
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1352 etm == MBEDTLS_SSL_ETM_DISABLED) {
1353 /* mbedtls_ct_hmac() requires the key to be exportable */
1354 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
1355 PSA_KEY_USAGE_VERIFY_HASH);
1356 } else {
1357 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
1358 }
1359
1360 CHK(psa_import_key(&attributes,
1361 md1, maclen,
1362 &t_in->psa_mac_dec) == PSA_SUCCESS);
1363
1364 CHK(psa_import_key(&attributes,
1365 md0, maclen,
1366 &t_out->psa_mac_dec) == PSA_SUCCESS);
1367#else
1368 CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
1369 CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
1370 CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
1371 CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
1372
1373 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
1374 md0, maclen) == 0);
1375 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
1376 md1, maclen) == 0);
1377 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
1378 md1, maclen) == 0);
1379 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
1380 md0, maclen) == 0);
1381#endif
1382 }
1383#else
1384 ((void) hash_id);
1385#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
1386
1387
1388 /* Pick IV's (regardless of whether they
1389 * are being used by the transform). */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1390 memset(iv_enc, 0x3, sizeof(iv_enc));
1391 memset(iv_dec, 0x4, sizeof(iv_dec));
1392
1393 /*
1394 * Setup transforms
1395 */
1396
1397#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1398 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
1399 t_out->encrypt_then_mac = etm;
1400 t_in->encrypt_then_mac = etm;
1401#else
1402 ((void) etm);
1403#endif
1404
1405 t_out->tls_version = tls_version;
1406 t_in->tls_version = tls_version;
1407 t_out->ivlen = ivlen;
1408 t_in->ivlen = ivlen;
1409
Valerio Setti31ad3a12023-10-27 11:55:02 +0200[diff] [blame]1410 switch (cipher_mode) {
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1411 case MBEDTLS_MODE_GCM:
1412 case MBEDTLS_MODE_CCM:
1413#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1414 if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
1415 t_out->fixed_ivlen = 12;
1416 t_in->fixed_ivlen = 12;
1417 } else
1418#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1419 {
1420 t_out->fixed_ivlen = 4;
1421 t_in->fixed_ivlen = 4;
1422 }
1423 t_out->maclen = 0;
1424 t_in->maclen = 0;
1425 switch (tag_mode) {
1426 case 0: /* Full tag */
1427 t_out->taglen = 16;
1428 t_in->taglen = 16;
1429 break;
1430 case 1: /* Partial tag */
1431 t_out->taglen = 8;
1432 t_in->taglen = 8;
1433 break;
1434 default:
1435 ret = 1;
1436 goto cleanup;
1437 }
1438 break;
1439
1440 case MBEDTLS_MODE_CHACHAPOLY:
1441 t_out->fixed_ivlen = 12;
1442 t_in->fixed_ivlen = 12;
1443 t_out->maclen = 0;
1444 t_in->maclen = 0;
1445 switch (tag_mode) {
1446 case 0: /* Full tag */
1447 t_out->taglen = 16;
1448 t_in->taglen = 16;
1449 break;
1450 case 1: /* Partial tag */
1451 t_out->taglen = 8;
1452 t_in->taglen = 8;
1453 break;
1454 default:
1455 ret = 1;
1456 goto cleanup;
1457 }
1458 break;
1459
1460 case MBEDTLS_MODE_STREAM:
1461 case MBEDTLS_MODE_CBC:
1462 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1463 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1464 t_out->taglen = 0;
1465 t_in->taglen = 0;
1466 switch (tag_mode) {
1467 case 0: /* Full tag */
1468 t_out->maclen = maclen;
1469 t_in->maclen = maclen;
1470 break;
1471 default:
1472 ret = 1;
1473 goto cleanup;
1474 }
1475 break;
1476 default:
1477 ret = 1;
1478 goto cleanup;
1479 break;
1480 }
1481
1482 /* Setup IV's */
1483
1484 memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec));
1485 memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc));
1486 memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc));
1487 memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec));
1488
1489#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1490 /* Add CID */
1491 memcpy(&t_in->in_cid, cid0, cid0_len);
1492 memcpy(&t_in->out_cid, cid1, cid1_len);
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1493 t_in->in_cid_len = (uint8_t) cid0_len;
1494 t_in->out_cid_len = (uint8_t) cid1_len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1495 memcpy(&t_out->in_cid, cid1, cid1_len);
1496 memcpy(&t_out->out_cid, cid0, cid0_len);
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]1497 t_out->in_cid_len = (uint8_t) cid1_len;
1498 t_out->out_cid_len = (uint8_t) cid0_len;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1499#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1500
1501#if defined(MBEDTLS_USE_PSA_CRYPTO)
1502 status = mbedtls_ssl_cipher_to_psa(cipher_type,
1503 t_in->taglen,
1504 &alg,
1505 &key_type,
1506 &key_bits);
1507
1508 if (status != PSA_SUCCESS) {
1509 ret = PSA_TO_MBEDTLS_ERR(status);
1510 goto cleanup;
1511 }
1512
1513 t_in->psa_alg = alg;
1514 t_out->psa_alg = alg;
1515
1516 if (alg != MBEDTLS_SSL_NULL_CIPHER) {
1517 psa_reset_key_attributes(&attributes);
1518 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
1519 psa_set_key_algorithm(&attributes, alg);
1520 psa_set_key_type(&attributes, key_type);
1521
1522 status = psa_import_key(&attributes,
1523 key0,
1524 PSA_BITS_TO_BYTES(key_bits),
1525 &t_in->psa_key_enc);
1526
1527 if (status != PSA_SUCCESS) {
1528 ret = PSA_TO_MBEDTLS_ERR(status);
1529 goto cleanup;
1530 }
1531
1532 status = psa_import_key(&attributes,
1533 key1,
1534 PSA_BITS_TO_BYTES(key_bits),
1535 &t_out->psa_key_enc);
1536
1537 if (status != PSA_SUCCESS) {
1538 ret = PSA_TO_MBEDTLS_ERR(status);
1539 goto cleanup;
1540 }
1541
1542 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
1543
1544 status = psa_import_key(&attributes,
1545 key1,
1546 PSA_BITS_TO_BYTES(key_bits),
1547 &t_in->psa_key_dec);
1548
1549 if (status != PSA_SUCCESS) {
1550 ret = PSA_TO_MBEDTLS_ERR(status);
1551 goto cleanup;
1552 }
1553
1554 status = psa_import_key(&attributes,
1555 key0,
1556 PSA_BITS_TO_BYTES(key_bits),
1557 &t_out->psa_key_dec);
1558
1559 if (status != PSA_SUCCESS) {
1560 ret = PSA_TO_MBEDTLS_ERR(status);
1561 goto cleanup;
1562 }
1563 }
1564#endif /* MBEDTLS_USE_PSA_CRYPTO */
1565
1566cleanup:
1567
1568 mbedtls_free(key0);
1569 mbedtls_free(key1);
1570
1571 mbedtls_free(md0);
1572 mbedtls_free(md1);
1573
1574 return ret;
1575}
1576
Gilles Peskine9099d3f2023-09-18 13:11:50 +0200[diff] [blame]1577#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
1578int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
1579 mbedtls_ssl_transform *transform_out)
1580{
1581#if defined(MBEDTLS_USE_PSA_CRYPTO)
1582 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
1583#endif
1584
1585 /* Serialized version of record header for MAC purposes */
1586 unsigned char add_data[13];
1587 memcpy(add_data, record->ctr, 8);
1588 add_data[8] = record->type;
1589 add_data[9] = record->ver[0];
1590 add_data[10] = record->ver[1];
1591 add_data[11] = (record->data_len >> 8) & 0xff;
1592 add_data[12] = (record->data_len >> 0) & 0xff;
1593
1594 /* MAC with additional data */
1595#if defined(MBEDTLS_USE_PSA_CRYPTO)
1596 size_t sign_mac_length = 0;
1597 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
1598 transform_out->psa_mac_enc,
1599 transform_out->psa_mac_alg));
1600 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
1601 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
1602 record->buf + record->data_offset,
1603 record->data_len));
1604 /* Use a temporary buffer for the MAC, because with the truncated HMAC
1605 * extension, there might not be enough room in the record for the
1606 * full-length MAC. */
1607 unsigned char mac[PSA_HASH_MAX_SIZE];
1608 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
1609 mac, sizeof(mac),
1610 &sign_mac_length));
1611#else
1612 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
1613 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
1614 record->buf + record->data_offset,
1615 record->data_len));
1616 /* Use a temporary buffer for the MAC, because with the truncated HMAC
1617 * extension, there might not be enough room in the record for the
1618 * full-length MAC. */
1619 unsigned char mac[MBEDTLS_MD_MAX_SIZE];
1620 TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
1621#endif
1622 memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
1623 record->data_len += transform_out->maclen;
1624
1625 return 0;
1626
1627exit:
1628#if defined(MBEDTLS_USE_PSA_CRYPTO)
1629 psa_mac_abort(&operation);
1630#endif
1631 return -1;
1632}
1633#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
1634
Jerry Yu28547c42023-10-31 14:42:50 +0800[diff] [blame]1635#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1636int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
1637 int ticket_len,
1638 const char *crt_file)
1639{
1640#if defined(MBEDTLS_HAVE_TIME)
1641 session->start = mbedtls_time(NULL) - 42;
1642#endif
1643 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
1644 session->ciphersuite = 0xabcd;
1645 session->id_len = sizeof(session->id);
1646 memset(session->id, 66, session->id_len);
1647 memset(session->master, 17, sizeof(session->master));
1648
1649#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
1650 if (crt_file != NULL && strlen(crt_file) != 0) {
1651 mbedtls_x509_crt tmp_crt;
1652 int ret;
1653
1654 mbedtls_x509_crt_init(&tmp_crt);
1655 ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file);
1656 if (ret != 0) {
1657 return ret;
1658 }
1659
1660#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1661 /* Move temporary CRT. */
1662 session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert));
1663 if (session->peer_cert == NULL) {
1664 return -1;
1665 }
1666 *session->peer_cert = tmp_crt;
1667 memset(&tmp_crt, 0, sizeof(tmp_crt));
1668#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1669 /* Calculate digest of temporary CRT. */
1670 session->peer_cert_digest =
1671 mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
1672 if (session->peer_cert_digest == NULL) {
1673 return -1;
1674 }
1675
1676#if defined(MBEDTLS_USE_PSA_CRYPTO)
Manuel Pégourié-Gonnard2d6d9932023-03-28 11:38:08 +0200[diff] [blame]1677 psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1678 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
1679 size_t hash_size = 0;
1680 psa_status_t status = psa_hash_compute(
1681 psa_alg, tmp_crt.raw.p,
1682 tmp_crt.raw.len,
1683 session->peer_cert_digest,
1684 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
1685 &hash_size);
1686 ret = PSA_TO_MBEDTLS_ERR(status);
1687#else
1688 ret = mbedtls_md(mbedtls_md_info_from_type(
1689 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
1690 tmp_crt.raw.p, tmp_crt.raw.len,
1691 session->peer_cert_digest);
1692#endif /* MBEDTLS_USE_PSA_CRYPTO */
1693 if (ret != 0) {
1694 return ret;
1695 }
1696 session->peer_cert_digest_type =
1697 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1698 session->peer_cert_digest_len =
1699 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1700#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1701
1702 mbedtls_x509_crt_free(&tmp_crt);
1703 }
1704#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
1705 (void) crt_file;
1706#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
1707 session->verify_result = 0xdeadbeef;
1708
1709#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1710 if (ticket_len != 0) {
1711 session->ticket = mbedtls_calloc(1, ticket_len);
1712 if (session->ticket == NULL) {
1713 return -1;
1714 }
1715 memset(session->ticket, 33, ticket_len);
1716 }
1717 session->ticket_len = ticket_len;
1718 session->ticket_lifetime = 86401;
1719#else
1720 (void) ticket_len;
1721#endif
1722
1723#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1724 session->mfl_code = 1;
1725#endif
1726#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1727 session->encrypt_then_mac = 1;
1728#endif
1729
1730 return 0;
1731}
Jerry Yu28547c42023-10-31 14:42:50 +0800[diff] [blame]1732#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1733
1734#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1735int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
1736 int ticket_len,
1737 int endpoint_type)
1738{
1739 ((void) ticket_len);
1740 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1741 session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ?
1742 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER;
1743 session->ciphersuite = 0xabcd;
1744 session->ticket_age_add = 0x87654321;
1745 session->ticket_flags = 0x7;
1746
1747 session->resumption_key_len = 32;
1748 memset(session->resumption_key, 0x99, sizeof(session->resumption_key));
1749
Jerry Yu34e95162022-12-12 15:14:56 +0800[diff] [blame]1750#if defined(MBEDTLS_SSL_EARLY_DATA)
1751 session->max_early_data_size = 0x87654321;
1752#endif
1753
Jerry Yu472a6922023-11-14 11:25:24 +0800[diff] [blame]1754#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1755 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
Jerry Yu25ba4d42023-11-10 14:12:20 +0800[diff] [blame]1756 session->ticket_creation_time = mbedtls_ms_time() - 42;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1757 }
1758#endif
1759
1760#if defined(MBEDTLS_SSL_CLI_C)
1761 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
1762#if defined(MBEDTLS_HAVE_TIME)
Jerry Yu342a5552023-11-10 14:23:39 +0800[diff] [blame]1763 session->ticket_reception_time = mbedtls_ms_time() - 40;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1764#endif
1765 session->ticket_lifetime = 0xfedcba98;
1766
1767 session->ticket_len = ticket_len;
1768 if (ticket_len != 0) {
1769 session->ticket = mbedtls_calloc(1, ticket_len);
1770 if (session->ticket == NULL) {
1771 return -1;
1772 }
1773 memset(session->ticket, 33, ticket_len);
1774 }
1775 }
1776#endif /* MBEDTLS_SSL_CLI_C */
1777
1778 return 0;
1779}
1780#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1781
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]1782int mbedtls_test_ssl_exchange_data(
1783 mbedtls_ssl_context *ssl_1,
1784 int msg_len_1, const int expected_fragments_1,
1785 mbedtls_ssl_context *ssl_2,
1786 int msg_len_2, const int expected_fragments_2)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1787{
1788 unsigned char *msg_buf_1 = malloc(msg_len_1);
1789 unsigned char *msg_buf_2 = malloc(msg_len_2);
1790 unsigned char *in_buf_1 = malloc(msg_len_2);
1791 unsigned char *in_buf_2 = malloc(msg_len_1);
1792 int msg_type, ret = -1;
1793
1794 /* Perform this test with two message types. At first use a message
1795 * consisting of only 0x00 for the client and only 0xFF for the server.
1796 * At the second time use message with generated data */
1797 for (msg_type = 0; msg_type < 2; msg_type++) {
1798 int written_1 = 0;
1799 int written_2 = 0;
1800 int read_1 = 0;
1801 int read_2 = 0;
1802 int fragments_1 = 0;
1803 int fragments_2 = 0;
1804
1805 if (msg_type == 0) {
1806 memset(msg_buf_1, 0x00, msg_len_1);
1807 memset(msg_buf_2, 0xff, msg_len_2);
1808 } else {
1809 int i, j = 0;
1810 for (i = 0; i < msg_len_1; i++) {
1811 msg_buf_1[i] = j++ & 0xFF;
1812 }
1813 for (i = 0; i < msg_len_2; i++) {
1814 msg_buf_2[i] = (j -= 5) & 0xFF;
1815 }
1816 }
1817
1818 while (read_1 < msg_len_2 || read_2 < msg_len_1) {
1819 /* ssl_1 sending */
1820 if (msg_len_1 > written_1) {
1821 ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1,
1822 msg_len_1, &written_1,
1823 expected_fragments_1);
1824 if (expected_fragments_1 == 0) {
1825 /* This error is expected when the message is too large and
1826 * cannot be fragmented */
1827 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
1828 msg_len_1 = 0;
1829 } else {
1830 TEST_ASSERT(ret == 0);
1831 }
1832 }
1833
1834 /* ssl_2 sending */
1835 if (msg_len_2 > written_2) {
1836 ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2,
1837 msg_len_2, &written_2,
1838 expected_fragments_2);
1839 if (expected_fragments_2 == 0) {
1840 /* This error is expected when the message is too large and
1841 * cannot be fragmented */
1842 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
1843 msg_len_2 = 0;
1844 } else {
1845 TEST_ASSERT(ret == 0);
1846 }
1847 }
1848
1849 /* ssl_1 reading */
1850 if (read_1 < msg_len_2) {
1851 ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1,
1852 msg_len_2, &read_1,
1853 &fragments_2,
1854 expected_fragments_2);
1855 TEST_ASSERT(ret == 0);
1856 }
1857
1858 /* ssl_2 reading */
1859 if (read_2 < msg_len_1) {
1860 ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2,
1861 msg_len_1, &read_2,
1862 &fragments_1,
1863 expected_fragments_1);
1864 TEST_ASSERT(ret == 0);
1865 }
1866 }
1867
1868 ret = -1;
1869 TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
1870 TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
1871 TEST_ASSERT(fragments_1 == expected_fragments_1);
1872 TEST_ASSERT(fragments_2 == expected_fragments_2);
1873 }
1874
1875 ret = 0;
1876
1877exit:
1878 free(msg_buf_1);
1879 free(in_buf_1);
1880 free(msg_buf_2);
1881 free(in_buf_2);
1882
1883 return ret;
1884}
1885
1886/*
1887 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1888 * must be initialized and connected beforehand.
1889 *
1890 * \retval 0 on success, otherwise error code.
1891 */
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1892#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
1893 (defined(MBEDTLS_SSL_RENEGOTIATION) || \
1894 defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH))
1895static int exchange_data(mbedtls_ssl_context *ssl_1,
1896 mbedtls_ssl_context *ssl_2)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1897{
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]1898 return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1,
1899 ssl_2, 256, 1);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1900}
Yanray Wangead70c82023-03-16 12:04:49 +0800[diff] [blame]1901#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
1902 (MBEDTLS_SSL_RENEGOTIATION ||
1903 MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1904
1905#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1906static int check_ssl_version(
1907 mbedtls_ssl_protocol_version expected_negotiated_version,
1908 const mbedtls_ssl_context *ssl)
1909{
1910 const char *version_string = mbedtls_ssl_get_version(ssl);
1911 mbedtls_ssl_protocol_version version_number =
1912 mbedtls_ssl_get_version_number(ssl);
1913
1914 TEST_EQUAL(ssl->tls_version, expected_negotiated_version);
1915
1916 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1917 TEST_EQUAL(version_string[0], 'D');
1918 ++version_string;
1919 }
1920
1921 switch (expected_negotiated_version) {
1922 case MBEDTLS_SSL_VERSION_TLS1_2:
1923 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2);
1924 TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0);
1925 break;
1926
1927 case MBEDTLS_SSL_VERSION_TLS1_3:
1928 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3);
1929 TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0);
1930 break;
1931
1932 default:
Agathiyan Bragadeeshdc28a5a2023-07-18 11:45:28 +0100[diff] [blame]1933 TEST_FAIL(
Agathiyan Bragadeeshebb40bc2023-07-14 17:28:27 +0100[diff] [blame]1934 "Version check not implemented for this protocol version");
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1935 }
1936
1937 return 1;
1938
1939exit:
1940 return 0;
1941}
1942#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1943
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1944#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1945void mbedtls_test_ssl_perform_handshake(
1946 mbedtls_test_handshake_test_options *options)
1947{
1948 /* forced_ciphersuite needs to last until the end of the handshake */
1949 int forced_ciphersuite[2];
1950 enum { BUFFSIZE = 17000 };
1951 mbedtls_test_ssl_endpoint client, server;
1952#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1953 const char *psk_identity = "foo";
1954#endif
1955#if defined(MBEDTLS_TIMING_C)
1956 mbedtls_timing_delay_context timer_client, timer_server;
1957#endif
1958#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1959 unsigned char *context_buf = NULL;
1960 size_t context_buf_len;
1961#endif
1962#if defined(MBEDTLS_SSL_RENEGOTIATION)
1963 int ret = -1;
1964#endif
1965 int expected_handshake_result = options->expected_handshake_result;
1966
Manuel Pégourié-Gonnard23fc4372023-03-17 13:34:11 +0100[diff] [blame]1967 MD_OR_USE_PSA_INIT();
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1968 mbedtls_platform_zeroize(&client, sizeof(client));
1969 mbedtls_platform_zeroize(&server, sizeof(server));
1970 mbedtls_test_ssl_message_queue server_queue, client_queue;
1971 mbedtls_test_message_socket_context server_context, client_context;
1972 mbedtls_test_message_socket_init(&server_context);
1973 mbedtls_test_message_socket_init(&client_context);
1974
1975 /* Client side */
1976 if (options->dtls != 0) {
1977 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
1978 MBEDTLS_SSL_IS_CLIENT,
1979 options, &client_context,
1980 &client_queue,
1981 &server_queue, NULL) == 0);
1982#if defined(MBEDTLS_TIMING_C)
1983 mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
1984 mbedtls_timing_set_delay,
1985 mbedtls_timing_get_delay);
1986#endif
1987 } else {
1988 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
1989 MBEDTLS_SSL_IS_CLIENT,
1990 options, NULL, NULL,
1991 NULL, NULL) == 0);
1992 }
1993
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]1994 if (strlen(options->cipher) > 0) {
1995 set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
1996 }
1997
1998#if defined(MBEDTLS_DEBUG_C)
1999 if (options->cli_log_fun) {
2000 mbedtls_debug_set_threshold(4);
2001 mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
2002 options->cli_log_obj);
2003 }
2004#endif
2005
2006 /* Server side */
2007 if (options->dtls != 0) {
2008 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
2009 MBEDTLS_SSL_IS_SERVER,
2010 options, &server_context,
2011 &server_queue,
2012 &client_queue, NULL) == 0);
2013#if defined(MBEDTLS_TIMING_C)
2014 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
2015 mbedtls_timing_set_delay,
2016 mbedtls_timing_get_delay);
2017#endif
2018 } else {
2019 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
2020 MBEDTLS_SSL_IS_SERVER,
2021 options, NULL, NULL, NULL,
2022 NULL) == 0);
2023 }
2024
2025 mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
2026
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2027#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2028 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
2029 (unsigned char) options->mfl)
2030 == 0);
2031 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
2032 (unsigned char) options->mfl)
2033 == 0);
2034#else
2035 TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
2036#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2037
2038#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
2039 if (options->psk_str != NULL && options->psk_str->len > 0) {
2040 TEST_ASSERT(mbedtls_ssl_conf_psk(
2041 &client.conf, options->psk_str->x,
2042 options->psk_str->len,
2043 (const unsigned char *) psk_identity,
2044 strlen(psk_identity)) == 0);
2045
2046 TEST_ASSERT(mbedtls_ssl_conf_psk(
2047 &server.conf, options->psk_str->x,
2048 options->psk_str->len,
2049 (const unsigned char *) psk_identity,
2050 strlen(psk_identity)) == 0);
2051#if defined(MBEDTLS_SSL_SRV_C)
2052 mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
2053#endif
2054 }
2055#endif
2056#if defined(MBEDTLS_SSL_RENEGOTIATION)
2057 if (options->renegotiate) {
2058 mbedtls_ssl_conf_renegotiation(&(server.conf),
2059 MBEDTLS_SSL_RENEGOTIATION_ENABLED);
2060 mbedtls_ssl_conf_renegotiation(&(client.conf),
2061 MBEDTLS_SSL_RENEGOTIATION_ENABLED);
2062
2063 mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
2064 options->legacy_renegotiation);
2065 mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
2066 options->legacy_renegotiation);
2067 }
2068#endif /* MBEDTLS_SSL_RENEGOTIATION */
2069
2070#if defined(MBEDTLS_DEBUG_C)
2071 if (options->srv_log_fun) {
2072 mbedtls_debug_set_threshold(4);
2073 mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
2074 options->srv_log_obj);
2075 }
2076#endif
2077
2078 TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
2079 &(server.socket),
2080 BUFFSIZE) == 0);
2081
2082#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2083 if (options->resize_buffers != 0) {
2084 /* Ensure that the buffer sizes are appropriate before resizes */
2085 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2086 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2087 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2088 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2089 }
2090#endif
2091
2092 if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
2093 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
2094 }
2095
2096 TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl),
2097 &(server.ssl),
2098 MBEDTLS_SSL_HANDSHAKE_OVER)
2099 == expected_handshake_result);
2100
2101 if (expected_handshake_result != 0) {
2102 /* Connection will have failed by this point, skip to cleanup */
2103 goto exit;
2104 }
2105
2106 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1);
2107
2108 /* Make sure server state is moved to HANDSHAKE_OVER also. */
2109 TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl),
2110 &(client.ssl),
2111 MBEDTLS_SSL_HANDSHAKE_OVER),
2112 0);
2113
2114 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1);
2115 /* Check that both sides have negotiated the expected version. */
2116 mbedtls_test_set_step(0);
2117 if (!check_ssl_version(options->expected_negotiated_version,
2118 &client.ssl)) {
2119 goto exit;
2120 }
2121
2122 mbedtls_test_set_step(1);
2123 if (!check_ssl_version(options->expected_negotiated_version,
2124 &server.ssl)) {
2125 goto exit;
2126 }
2127
2128 if (options->expected_ciphersuite != 0) {
2129 TEST_EQUAL(server.ssl.session->ciphersuite,
2130 options->expected_ciphersuite);
2131 }
2132
2133#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2134 if (options->resize_buffers != 0) {
2135 /* A server, when using DTLS, might delay a buffer resize to happen
2136 * after it receives a message, so we force it. */
2137 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2138
2139 TEST_ASSERT(client.ssl.out_buf_len ==
2140 mbedtls_ssl_get_output_buflen(&client.ssl));
2141 TEST_ASSERT(client.ssl.in_buf_len ==
2142 mbedtls_ssl_get_input_buflen(&client.ssl));
2143 TEST_ASSERT(server.ssl.out_buf_len ==
2144 mbedtls_ssl_get_output_buflen(&server.ssl));
2145 TEST_ASSERT(server.ssl.in_buf_len ==
2146 mbedtls_ssl_get_input_buflen(&server.ssl));
2147 }
2148#endif
2149
2150 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
2151 /* Start data exchanging test */
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]2152 TEST_ASSERT(mbedtls_test_ssl_exchange_data(
2153 &(client.ssl), options->cli_msg_len,
2154 options->expected_cli_fragments,
2155 &(server.ssl), options->srv_msg_len,
2156 options->expected_srv_fragments)
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2157 == 0);
2158 }
2159#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2160 if (options->serialize == 1) {
2161 TEST_ASSERT(options->dtls == 1);
2162
2163 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
2164 0, &context_buf_len)
2165 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
2166
2167 context_buf = mbedtls_calloc(1, context_buf_len);
2168 TEST_ASSERT(context_buf != NULL);
2169
2170 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
2171 context_buf_len,
2172 &context_buf_len)
2173 == 0);
2174
2175 mbedtls_ssl_free(&(server.ssl));
2176 mbedtls_ssl_init(&(server.ssl));
2177
2178 TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
2179
2180 mbedtls_ssl_set_bio(&(server.ssl), &server_context,
2181 mbedtls_test_mock_tcp_send_msg,
2182 mbedtls_test_mock_tcp_recv_msg,
2183 NULL);
2184
2185 mbedtls_ssl_set_user_data_p(&server.ssl, &server);
2186
2187#if defined(MBEDTLS_TIMING_C)
2188 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
2189 mbedtls_timing_set_delay,
2190 mbedtls_timing_get_delay);
2191#endif
2192#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2193 if (options->resize_buffers != 0) {
2194 /* Ensure that the buffer sizes are appropriate before resizes */
2195 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2196 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2197 }
2198#endif
2199 TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
2200 context_buf_len) == 0);
2201
2202#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2203 /* Validate buffer sizes after context deserialization */
2204 if (options->resize_buffers != 0) {
2205 TEST_ASSERT(server.ssl.out_buf_len ==
2206 mbedtls_ssl_get_output_buflen(&server.ssl));
2207 TEST_ASSERT(server.ssl.in_buf_len ==
2208 mbedtls_ssl_get_input_buflen(&server.ssl));
2209 }
2210#endif
2211 /* Retest writing/reading */
2212 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]2213 TEST_ASSERT(mbedtls_test_ssl_exchange_data(
2214 &(client.ssl), options->cli_msg_len,
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2215 options->expected_cli_fragments,
Yanray Wangb088bfc2023-03-16 12:15:49 +0800[diff] [blame]2216 &(server.ssl), options->srv_msg_len,
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2217 options->expected_srv_fragments)
2218 == 0);
2219 }
2220 }
2221#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2222
2223#if defined(MBEDTLS_SSL_RENEGOTIATION)
2224 if (options->renegotiate) {
2225 /* Start test with renegotiation */
2226 TEST_ASSERT(server.ssl.renego_status ==
2227 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2228 TEST_ASSERT(client.ssl.renego_status ==
2229 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2230
2231 /* After calling this function for the server, it only sends a handshake
2232 * request. All renegotiation should happen during data exchanging */
2233 TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
2234 TEST_ASSERT(server.ssl.renego_status ==
2235 MBEDTLS_SSL_RENEGOTIATION_PENDING);
2236 TEST_ASSERT(client.ssl.renego_status ==
2237 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2238
2239 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2240 TEST_ASSERT(server.ssl.renego_status ==
2241 MBEDTLS_SSL_RENEGOTIATION_DONE);
2242 TEST_ASSERT(client.ssl.renego_status ==
2243 MBEDTLS_SSL_RENEGOTIATION_DONE);
2244
2245 /* After calling mbedtls_ssl_renegotiate for the client,
2246 * all renegotiation should happen inside this function.
2247 * However in this test, we cannot perform simultaneous communication
2248 * between client and server so this function will return waiting error
2249 * on the socket. All rest of renegotiation should happen
2250 * during data exchanging */
2251 ret = mbedtls_ssl_renegotiate(&(client.ssl));
2252#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2253 if (options->resize_buffers != 0) {
2254 /* Ensure that the buffer sizes are appropriate before resizes */
2255 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2256 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2257 }
2258#endif
2259 TEST_ASSERT(ret == 0 ||
2260 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2261 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
2262 TEST_ASSERT(server.ssl.renego_status ==
2263 MBEDTLS_SSL_RENEGOTIATION_DONE);
2264 TEST_ASSERT(client.ssl.renego_status ==
2265 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
2266
2267 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2268 TEST_ASSERT(server.ssl.renego_status ==
2269 MBEDTLS_SSL_RENEGOTIATION_DONE);
2270 TEST_ASSERT(client.ssl.renego_status ==
2271 MBEDTLS_SSL_RENEGOTIATION_DONE);
2272#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2273 /* Validate buffer sizes after renegotiation */
2274 if (options->resize_buffers != 0) {
2275 TEST_ASSERT(client.ssl.out_buf_len ==
2276 mbedtls_ssl_get_output_buflen(&client.ssl));
2277 TEST_ASSERT(client.ssl.in_buf_len ==
2278 mbedtls_ssl_get_input_buflen(&client.ssl));
2279 TEST_ASSERT(server.ssl.out_buf_len ==
2280 mbedtls_ssl_get_output_buflen(&server.ssl));
2281 TEST_ASSERT(server.ssl.in_buf_len ==
2282 mbedtls_ssl_get_input_buflen(&server.ssl));
2283 }
2284#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
2285 }
2286#endif /* MBEDTLS_SSL_RENEGOTIATION */
2287
2288 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client);
2289 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client);
2290 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server);
2291 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server);
2292
2293exit:
2294 mbedtls_test_ssl_endpoint_free(&client,
Yanray Wangaf727a22023-03-13 19:22:36 +0800[diff] [blame]2295 options->dtls != 0 ? &client_context : NULL);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2296 mbedtls_test_ssl_endpoint_free(&server,
Yanray Wangaf727a22023-03-13 19:22:36 +0800[diff] [blame]2297 options->dtls != 0 ? &server_context : NULL);
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2298#if defined(MBEDTLS_DEBUG_C)
2299 if (options->cli_log_fun || options->srv_log_fun) {
2300 mbedtls_debug_set_threshold(0);
2301 }
2302#endif
2303#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2304 if (context_buf != NULL) {
2305 mbedtls_free(context_buf);
2306 }
2307#endif
Manuel Pégourié-Gonnard23fc4372023-03-17 13:34:11 +0100[diff] [blame]2308 MD_OR_USE_PSA_DONE();
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2309}
2310#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2311
2312#if defined(MBEDTLS_TEST_HOOKS)
Yanray Wangf56181a2023-03-16 12:21:33 +0800[diff] [blame]2313int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2314 unsigned char *buf, unsigned char **end, int tweak,
2315 int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args)
2316{
2317/*
2318 * The definition of the tweaks assume that the certificate list contains only
2319 * one certificate.
2320 */
2321
2322/*
2323 * struct {
2324 * opaque cert_data<1..2^24-1>;
2325 * Extension extensions<0..2^16-1>;
2326 * } CertificateEntry;
2327 *
2328 * struct {
2329 * opaque certificate_request_context<0..2^8-1>;
2330 * CertificateEntry certificate_list<0..2^24-1>;
2331 * } Certificate;
2332 */
2333 unsigned char *p_certificate_request_context_len = buf;
2334 size_t certificate_request_context_len = buf[0];
2335
2336 unsigned char *p_certificate_list_len =
2337 buf + 1 + certificate_request_context_len;
2338 unsigned char *certificate_list = p_certificate_list_len + 3;
2339 size_t certificate_list_len =
2340 MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0);
2341
2342 unsigned char *p_cert_data_len = certificate_list;
2343 unsigned char *cert_data = p_cert_data_len + 3;
2344 size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0);
2345
2346 unsigned char *p_extensions_len = cert_data + cert_data_len;
2347 unsigned char *extensions = p_extensions_len + 2;
2348 size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0);
2349
2350 *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR;
2351
2352 switch (tweak) {
2353 case 1:
2354 /* Failure when checking if the certificate request context length
2355 * and certificate list length can be read
2356 */
2357 *end = buf + 3;
2358 set_chk_buf_ptr_args(args, buf, *end, 4);
2359 break;
2360
2361 case 2:
2362 /* Invalid certificate request context length.
2363 */
2364 *p_certificate_request_context_len =
Yanray Wanga8f445e2022-11-03 11:51:59 +0800[diff] [blame]2365 (unsigned char) certificate_request_context_len + 1;
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame]2366 reset_chk_buf_ptr_args(args);
2367 break;
2368
2369 case 3:
2370 /* Failure when checking if certificate_list data can be read. */
2371 MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1,
2372 p_certificate_list_len, 0);
2373 set_chk_buf_ptr_args(args, certificate_list, *end,
2374 certificate_list_len + 1);
2375 break;
2376
2377 case 4:
2378 /* Failure when checking if the cert_data length can be read. */
2379 MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0);
2380 set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3);
2381 break;
2382
2383 case 5:
2384 /* Failure when checking if cert_data data can be read. */
2385 MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1,
2386 p_cert_data_len, 0);
2387 set_chk_buf_ptr_args(args, cert_data,
2388 certificate_list + certificate_list_len,
2389 certificate_list_len - 3 + 1);
2390 break;
2391
2392 case 6:
2393 /* Failure when checking if the extensions length can be read. */
2394 MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1,
2395 p_certificate_list_len, 0);
2396 set_chk_buf_ptr_args(
2397 args, p_extensions_len,
2398 certificate_list + certificate_list_len - extensions_len - 1, 2);
2399 break;
2400
2401 case 7:
2402 /* Failure when checking if extensions data can be read. */
2403 MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0);
2404
2405 set_chk_buf_ptr_args(
2406 args, extensions,
2407 certificate_list + certificate_list_len, extensions_len + 1);
2408 break;
2409
2410 default:
2411 return -1;
2412 }
2413
2414 return 0;
2415}
2416#endif /* MBEDTLS_TEST_HOOKS */
Yanray Wang4d07d1c2022-10-27 15:28:16 +0800[diff] [blame]2417#endif /* MBEDTLS_SSL_TLS_C */