TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ccae25b4bf776e6696b58ebec54d504007fdbde6 / . / programs / ssl / ssl_test_lib.c
blob: a7f3d0e3895f1d279ac7fd946c591d145730d877 [file] [log] [blame]
Gilles Peskinea3ed34f2021-01-05 21:11:16 +0100[diff] [blame]1/*
Gilles Peskine0d980b82021-01-05 23:34:27 +0100[diff] [blame]2 * Common code library for SSL test programs.
3 *
4 * In addition to the functions in this file, there is shared source code
5 * that cannot be compiled separately in "ssl_test_common_source.c".
Gilles Peskinea3ed34f2021-01-05 21:11:16 +0100[diff] [blame]6 *
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 */
22
Mateusz Starzyk6c2e9b62021-05-19 17:54:54 +0200[diff] [blame]23#define MBEDTLS_ALLOW_PRIVATE_ACCESS
24
Gilles Peskinea3ed34f2021-01-05 21:11:16 +0100[diff] [blame]25#include "ssl_test_lib.h"
26
Gilles Peskinee374b952021-02-03 00:05:19 +0100[diff] [blame]27#if defined(MBEDTLS_TEST_HOOKS)
28#include "test/helpers.h"
29#endif
30
Gilles Peskineab7ce962021-01-05 21:27:53 +0100[diff] [blame]31#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
32
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]33void my_debug( void *ctx, int level,
34 const char *file, int line,
35 const char *str )
36{
37 const char *p, *basename;
38
39 /* Extract basename from file */
40 for( p = basename = file; *p != '\0'; p++ )
41 if( *p == '/' || *p == '\\' )
42 basename = p + 1;
43
44 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
45 basename, line, level, str );
46 fflush( (FILE *) ctx );
47}
48
Raoul Strackx9ed9bc92020-06-22 14:08:57 +0200[diff] [blame]49#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]50mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
51{
52 (void) time;
53 return 0x5af2a056;
54}
Raoul Strackx9ed9bc92020-06-22 14:08:57 +0200[diff] [blame]55#endif
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]56
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]57#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
Gilles Peskinef1cb75f2021-01-13 18:46:01 +0100[diff] [blame]58static int dummy_entropy( void *data, unsigned char *output, size_t len )
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]59{
60 size_t i;
61 int ret;
62 (void) data;
63
64 ret = mbedtls_entropy_func( data, output, len );
65 for( i = 0; i < len; i++ )
66 {
67 //replace result with pseudo random
68 output[i] = (unsigned char) rand();
69 }
70 return( ret );
71}
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]72#endif
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]73
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]74void rng_init( rng_context_t *rng )
75{
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]76#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
77 (void) rng;
78 psa_crypto_init( );
79#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
80
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]81#if defined(MBEDTLS_CTR_DRBG_C)
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]82 mbedtls_ctr_drbg_init( &rng->drbg );
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]83#elif defined(MBEDTLS_HMAC_DRBG_C)
84 mbedtls_hmac_drbg_init( &rng->drbg );
85#else
86#error "No DRBG available"
87#endif
88
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]89 mbedtls_entropy_init( &rng->entropy );
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]90#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]91}
92
93int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
94{
Gilles Peskineaaedbdc2021-02-03 13:55:22 +0100[diff] [blame]95#if defined(MBEDTLS_USE_PSA_CRYPTO)
96 if( reproducible )
97 {
98 mbedtls_fprintf( stderr,
99 "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
100 return( -1 );
101 }
102#endif
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]103#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
104 /* The PSA crypto RNG does its own seeding. */
105 (void) rng;
106 (void) pers;
107 if( reproducible )
108 {
109 mbedtls_fprintf( stderr,
110 "The PSA RNG does not support reproducible mode.\n" );
111 return( -1 );
112 }
113 return( 0 );
114#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskinef1cb75f2021-01-13 18:46:01 +0100[diff] [blame]115 int ( *f_entropy )( void *, unsigned char *, size_t ) =
116 ( reproducible ? dummy_entropy : mbedtls_entropy_func );
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]117
118 if ( reproducible )
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]119 srand( 1 );
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]120
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]121#if defined(MBEDTLS_CTR_DRBG_C)
Gilles Peskinef1cb75f2021-01-13 18:46:01 +0100[diff] [blame]122 int ret = mbedtls_ctr_drbg_seed( &rng->drbg,
123 f_entropy, &rng->entropy,
124 (const unsigned char *) pers,
125 strlen( pers ) );
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]126#elif defined(MBEDTLS_HMAC_DRBG_C)
127#if defined(MBEDTLS_SHA256_C)
128 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
129#elif defined(MBEDTLS_SHA512_C)
130 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
131#else
132#error "No message digest available for HMAC_DRBG"
133#endif
134 int ret = mbedtls_hmac_drbg_seed( &rng->drbg,
135 mbedtls_md_info_from_type( md_type ),
136 f_entropy, &rng->entropy,
137 (const unsigned char *) pers,
138 strlen( pers ) );
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]139#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]140#error "No DRBG available"
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]141#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]142
Gilles Peskinef1cb75f2021-01-13 18:46:01 +0100[diff] [blame]143 if( ret != 0 )
144 {
145 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
146 (unsigned int) -ret );
147 return( ret );
148 }
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]149#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]150
151 return( 0 );
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]152}
153
154void rng_free( rng_context_t *rng )
155{
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]156#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
157 (void) rng;
158 /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
159 * This is ok because none of our applications try to do any crypto after
160 * deinitializing the RNG. */
161 mbedtls_psa_crypto_free( );
162#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
163
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]164#if defined(MBEDTLS_CTR_DRBG_C)
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]165 mbedtls_ctr_drbg_free( &rng->drbg );
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]166#elif defined(MBEDTLS_HMAC_DRBG_C)
167 mbedtls_hmac_drbg_free( &rng->drbg );
168#else
169#error "No DRBG available"
170#endif
171
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]172 mbedtls_entropy_free( &rng->entropy );
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]173#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100[diff] [blame]174}
175
Gilles Peskine535fb372021-01-13 18:59:46 +0100[diff] [blame]176int rng_get( void *p_rng, unsigned char *output, size_t output_len )
177{
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]178#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
179 (void) p_rng;
180 return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
181 output, output_len ) );
182#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskine535fb372021-01-13 18:59:46 +0100[diff] [blame]183 rng_context_t *rng = p_rng;
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]184
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]185#if defined(MBEDTLS_CTR_DRBG_C)
Gilles Peskine535fb372021-01-13 18:59:46 +0100[diff] [blame]186 return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
Gilles Peskineba749042021-01-13 20:02:03 +0100[diff] [blame]187#elif defined(MBEDTLS_HMAC_DRBG_C)
188 return( mbedtls_hmac_drbg_random( &rng->drbg, output, output_len ) );
189#else
190#error "No DRBG available"
191#endif
Gilles Peskine8eb29432021-02-03 20:07:11 +0100[diff] [blame]192
193#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskine535fb372021-01-13 18:59:46 +0100[diff] [blame]194}
195
Przemek Stekiel85d692d2022-04-25 12:42:55 +0200[diff] [blame]196int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 )
197{
198 char* separator;
199 if( ( separator = strchr( arg, ',' ) ) == NULL )
200 return 1;
201 *separator = '\0';
202
203 *alg1 = arg;
204 *alg2 = separator + 1;
205
Przemek Stekiel77fc9ab2022-04-29 09:51:54 +0200[diff] [blame]206 if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
207 strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
208 strcmp( *alg1, "rsa-decrypt" ) != 0 &&
209 strcmp( *alg1, "ecdsa-sign" ) != 0 &&
210 strcmp( *alg1, "ecdh" ) != 0 )
Przemek Stekiel85d692d2022-04-25 12:42:55 +0200[diff] [blame]211 return 1;
212
Przemek Stekiel77fc9ab2022-04-29 09:51:54 +0200[diff] [blame]213 if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
214 strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
215 strcmp( *alg2, "rsa-decrypt" ) != 0 &&
216 strcmp( *alg2, "ecdsa-sign" ) != 0 &&
217 strcmp( *alg2, "ecdh" ) != 0 &&
218 strcmp( *alg2, "none" ) != 0 )
Przemek Stekiel85d692d2022-04-25 12:42:55 +0200[diff] [blame]219 return 1;
220
221 return 0;
222}
223
Przemek Stekiel76a41f52022-05-04 13:55:23 +0200[diff] [blame]224#if defined(MBEDTLS_USE_PSA_CRYPTO)
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]225int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
226 psa_algorithm_t *psa_alg1,
227 psa_algorithm_t *psa_alg2,
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]228 psa_key_usage_t *usage,
229 mbedtls_pk_type_t key_type )
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]230{
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]231 if( strcmp( alg1, "none" ) != 0 )
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]232 {
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]233 const char * algs[] = { alg1, alg2 };
234 psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]235
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]236 for ( int i = 0; i < 2; i++ )
237 {
238 if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 )
239 {
240 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
241 *usage |= PSA_KEY_USAGE_SIGN_HASH;
242 }
243 else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 )
244 {
245 *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
246 *usage |= PSA_KEY_USAGE_SIGN_HASH;
247 }
248 else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
249 {
250 *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
251 *usage |= PSA_KEY_USAGE_DECRYPT;
252 }
253 else if( strcmp( algs[i], "ecdsa-sign" ) == 0 )
254 {
255 *psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
256 *usage |= PSA_KEY_USAGE_SIGN_HASH;
257 }
258 else if( strcmp( algs[i], "ecdh" ) == 0 )
259 {
260 *psa_algs[i] = PSA_ALG_ECDH;
261 *usage |= PSA_KEY_USAGE_DERIVE;
262 }
263 else if( strcmp( algs[i], "none" ) == 0 )
264 {
265 *psa_algs[i] = PSA_ALG_NONE;
266 }
267 }
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]268 }
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]269 else
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]270 {
Przemek Stekielcb20d202022-05-06 08:42:34 +0200[diff] [blame]271 if( key_type == MBEDTLS_PK_ECKEY )
272 {
273 *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
274 *psa_alg2 = PSA_ALG_ECDH;
275 *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
276 }
277 else if( key_type == MBEDTLS_PK_RSA )
278 {
279 *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
280 *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
281 *usage = PSA_KEY_USAGE_SIGN_HASH;
282 }
283 else
284 {
285 return 1;
286 }
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]287 }
288
289 return 0;
290}
Przemek Stekiel76a41f52022-05-04 13:55:23 +0200[diff] [blame]291#endif /* MBEDTLS_USE_PSA_CRYPTO */
Przemek Stekiel01396a12022-05-02 13:41:53 +0200[diff] [blame]292
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]293#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
294int ca_callback( void *data, mbedtls_x509_crt const *child,
295 mbedtls_x509_crt **candidates )
296{
297 int ret = 0;
298 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
299 mbedtls_x509_crt *first;
300
301 /* This is a test-only implementation of the CA callback
302 * which always returns the entire list of trusted certificates.
303 * Production implementations managing a large number of CAs
304 * should use an efficient presentation and lookup for the
305 * set of trusted certificates (such as a hashtable) and only
306 * return those trusted certificates which satisfy basic
307 * parental checks, such as the matching of child `Issuer`
308 * and parent `Subject` field or matching key identifiers. */
309 ((void) child);
310
311 first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
312 if( first == NULL )
313 {
314 ret = -1;
315 goto exit;
316 }
317 mbedtls_x509_crt_init( first );
318
319 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
320 {
321 ret = -1;
322 goto exit;
323 }
324
325 while( ca->next != NULL )
326 {
327 ca = ca->next;
328 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
329 {
330 ret = -1;
331 goto exit;
332 }
333 }
334
335exit:
336
337 if( ret != 0 )
338 {
339 mbedtls_x509_crt_free( first );
340 mbedtls_free( first );
341 first = NULL;
342 }
343
344 *candidates = first;
345 return( ret );
346}
347#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
348
349int delayed_recv( void *ctx, unsigned char *buf, size_t len )
350{
351 static int first_try = 1;
352 int ret;
353
354 if( first_try )
355 {
356 first_try = 0;
357 return( MBEDTLS_ERR_SSL_WANT_READ );
358 }
359
360 ret = mbedtls_net_recv( ctx, buf, len );
361 if( ret != MBEDTLS_ERR_SSL_WANT_READ )
362 first_try = 1; /* Next call will be a new operation */
363 return( ret );
364}
365
366int delayed_send( void *ctx, const unsigned char *buf, size_t len )
367{
368 static int first_try = 1;
369 int ret;
370
371 if( first_try )
372 {
373 first_try = 0;
374 return( MBEDTLS_ERR_SSL_WANT_WRITE );
375 }
376
377 ret = mbedtls_net_send( ctx, buf, len );
378 if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
379 first_try = 1; /* Next call will be a new operation */
380 return( ret );
381}
382
383#if !defined(MBEDTLS_TIMING_C)
384int idle( mbedtls_net_context *fd,
385 int idle_reason )
386#else
387int idle( mbedtls_net_context *fd,
388 mbedtls_timing_delay_context *timer,
389 int idle_reason )
390#endif
391{
392 int ret;
393 int poll_type = 0;
394
395 if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
396 poll_type = MBEDTLS_NET_POLL_WRITE;
397 else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
398 poll_type = MBEDTLS_NET_POLL_READ;
399#if !defined(MBEDTLS_TIMING_C)
400 else
401 return( 0 );
402#endif
403
404 while( 1 )
405 {
406 /* Check if timer has expired */
407#if defined(MBEDTLS_TIMING_C)
408 if( timer != NULL &&
409 mbedtls_timing_get_delay( timer ) == 2 )
410 {
411 break;
412 }
413#endif /* MBEDTLS_TIMING_C */
414
415 /* Check if underlying transport became available */
416 if( poll_type != 0 )
417 {
418 ret = mbedtls_net_poll( fd, poll_type, 0 );
419 if( ret < 0 )
420 return( ret );
421 if( ret == poll_type )
422 break;
423 }
424 }
425
426 return( 0 );
427}
428
Gilles Peskine53dea742021-02-02 22:55:06 +0100[diff] [blame]429#if defined(MBEDTLS_TEST_HOOKS)
430
431void test_hooks_init( void )
432{
Gilles Peskinee374b952021-02-03 00:05:19 +0100[diff] [blame]433 mbedtls_test_info_reset( );
434
435#if defined(MBEDTLS_TEST_MUTEX_USAGE)
436 mbedtls_test_mutex_usage_init( );
437#endif
Gilles Peskine53dea742021-02-02 22:55:06 +0100[diff] [blame]438}
439
440int test_hooks_failure_detected( void )
441{
Gilles Peskinee374b952021-02-03 00:05:19 +0100[diff] [blame]442#if defined(MBEDTLS_TEST_MUTEX_USAGE)
443 /* Errors are reported via mbedtls_test_info. */
444 mbedtls_test_mutex_usage_check( );
445#endif
446
447 if( mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS )
448 return( 1 );
Gilles Peskine53dea742021-02-02 22:55:06 +0100[diff] [blame]449 return( 0 );
450}
451
452void test_hooks_free( void )
453{
454}
455
456#endif /* MBEDTLS_TEST_HOOKS */
457
Gilles Peskineab7ce962021-01-05 21:27:53 +0100[diff] [blame]458#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */