blob: c368f573afb07acad200c5745f92ad8e20bd929d [file] [log] [blame]
Gilles Peskinea3ed34f2021-01-05 21:11:16 +01001/*
2 * Common code for SSL test programs
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
21#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
22
Bence Szépkútic662b362021-05-27 11:25:03 +020023#include "mbedtls/build_info.h"
Gilles Peskineab7ce962021-01-05 21:27:53 +010024
25#if defined(MBEDTLS_PLATFORM_C)
26#include "mbedtls/platform.h"
27#else
28#include <stdio.h>
29#include <stdlib.h>
30#define mbedtls_calloc calloc
31#define mbedtls_free free
32#define mbedtls_time time
33#define mbedtls_time_t time_t
34#define mbedtls_printf printf
35#define mbedtls_fprintf fprintf
36#define mbedtls_snprintf snprintf
Gilles Peskine6d576c92022-06-30 17:06:11 +020037#define mbedtls_setbuf setbuf
Gilles Peskineab7ce962021-01-05 21:27:53 +010038#define mbedtls_exit exit
39#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
40#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
41#endif
42
Gilles Peskine8133abd2021-02-08 21:20:12 +010043#undef HAVE_RNG
44#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
45 ( defined(MBEDTLS_USE_PSA_CRYPTO) || \
46 defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
47#define HAVE_RNG
48#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
49#define HAVE_RNG
50#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
51 ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
52#define HAVE_RNG
53#endif
54
55#if !defined(MBEDTLS_NET_C) || \
Andrzej Kurek03e01462022-01-03 12:53:24 +010056 !defined(MBEDTLS_SSL_TLS_C)
57#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
58 "MBEDTLS_NET_C and/or " \
59 "MBEDTLS_SSL_TLS_C not defined."
Gilles Peskine8133abd2021-02-08 21:20:12 +010060#elif !defined(HAVE_RNG)
Andrzej Kurek03e01462022-01-03 12:53:24 +010061#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
Gilles Peskine8133abd2021-02-08 21:20:12 +010062 "No random generator is available.\n"
Gilles Peskineab7ce962021-01-05 21:27:53 +010063#else
64#undef MBEDTLS_SSL_TEST_IMPOSSIBLE
Gilles Peskine67638d62021-01-05 21:36:29 +010065
Gilles Peskine8133abd2021-02-08 21:20:12 +010066#undef HAVE_RNG
67
Gilles Peskine67638d62021-01-05 21:36:29 +010068#include <stdio.h>
69#include <stdlib.h>
70#include <string.h>
71
72#include "mbedtls/net_sockets.h"
73#include "mbedtls/ssl.h"
Glenn Strauss6eef5632022-01-23 08:37:02 -050074#include "mbedtls/ssl_ciphersuites.h"
Gilles Peskine67638d62021-01-05 21:36:29 +010075#include "mbedtls/entropy.h"
76#include "mbedtls/ctr_drbg.h"
Gilles Peskineba749042021-01-13 20:02:03 +010077#include "mbedtls/hmac_drbg.h"
Gilles Peskine67638d62021-01-05 21:36:29 +010078#include "mbedtls/x509.h"
79#include "mbedtls/error.h"
80#include "mbedtls/debug.h"
81#include "mbedtls/timing.h"
82#include "mbedtls/base64.h"
Mateusz Starzyk1aec6462021-02-08 15:34:42 +010083#include "test/certs.h"
Gilles Peskine67638d62021-01-05 21:36:29 +010084
Gilles Peskine8133abd2021-02-08 21:20:12 +010085#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
Gilles Peskine67638d62021-01-05 21:36:29 +010086#include "psa/crypto.h"
87#include "mbedtls/psa_util.h"
Gilles Peskineab7ce962021-01-05 21:27:53 +010088#endif
89
Gilles Peskine67638d62021-01-05 21:36:29 +010090#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
91#include "mbedtls/memory_buffer_alloc.h"
92#endif
93
94#include <test/helpers.h>
95
Gilles Peskinec772b182021-01-12 15:55:10 +010096#include "../test/query_config.h"
Gilles Peskine7c818d62021-01-05 22:33:13 +010097
Gilles Peskine7c818d62021-01-05 22:33:13 +010098typedef struct eap_tls_keys
99{
100 unsigned char master_secret[48];
101 unsigned char randbytes[64];
102 mbedtls_tls_prf_types tls_prf_type;
103} eap_tls_keys;
104
105#if defined( MBEDTLS_SSL_DTLS_SRTP )
106
107/* Supported SRTP mode needs a maximum of :
108 * - 16 bytes for key (AES-128)
109 * - 14 bytes SALT
110 * One for sender, one for receiver context
111 */
112#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
113
114typedef struct dtls_srtp_keys
115{
116 unsigned char master_secret[48];
117 unsigned char randbytes[64];
118 mbedtls_tls_prf_types tls_prf_type;
119} dtls_srtp_keys;
120
121#endif /* MBEDTLS_SSL_DTLS_SRTP */
122
Gilles Peskine7c818d62021-01-05 22:33:13 +0100123typedef struct
124{
125 mbedtls_ssl_context *ssl;
126 mbedtls_net_context *net;
127} io_ctx_t;
128
Gilles Peskine504c1a32021-01-05 23:40:14 +0100129void my_debug( void *ctx, int level,
130 const char *file, int line,
131 const char *str );
Gilles Peskine67638d62021-01-05 21:36:29 +0100132
Raoul Strackx9ed9bc92020-06-22 14:08:57 +0200133#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100134mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
Raoul Strackx9ed9bc92020-06-22 14:08:57 +0200135#endif
Gilles Peskine504c1a32021-01-05 23:40:14 +0100136
Jerry Yu79c00412022-03-01 17:03:56 +0800137#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
Gilles Peskine8eb29432021-02-03 20:07:11 +0100138/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
139 * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
140 *
141 * The constraints are:
142 * - Without the entropy module, the PSA RNG is the only option.
143 * - Without at least one of the DRBG modules, the PSA RNG is the only option.
144 * - The PSA RNG does not support explicit seeding, so it is incompatible with
145 * the reproducible mode used by test programs.
146 * - For good overall test coverage, there should be at least one configuration
147 * where the test programs use the PSA RNG while the PSA RNG is itself based
148 * on entropy+DRBG, and at least one configuration where the test programs
149 * do not use the PSA RNG even though it's there.
150 *
151 * A simple choice that meets the constraints is to use the PSA RNG whenever
152 * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
153 * choice to use the PSA RNG in the test programs and the choice to use
154 * PSA crypto when TLS code needs crypto have to be tied together, but it
155 * happens to be a good match. It's also a good match from an application
156 * perspective: either PSA is preferred for TLS (both for crypto and for
157 * random generation) or it isn't.
158 */
159#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
160#endif
161
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100162/** A context for random number generation (RNG).
Gilles Peskine8a8492b2021-01-13 18:17:32 +0100163 */
164typedef struct
165{
Gilles Peskine8eb29432021-02-03 20:07:11 +0100166#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
167 unsigned char dummy;
168#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskine8a8492b2021-01-13 18:17:32 +0100169 mbedtls_entropy_context entropy;
Gilles Peskineba749042021-01-13 20:02:03 +0100170#if defined(MBEDTLS_CTR_DRBG_C)
Gilles Peskine8a8492b2021-01-13 18:17:32 +0100171 mbedtls_ctr_drbg_context drbg;
Gilles Peskineba749042021-01-13 20:02:03 +0100172#elif defined(MBEDTLS_HMAC_DRBG_C)
173 mbedtls_hmac_drbg_context drbg;
174#else
175#error "No DRBG available"
176#endif
Gilles Peskine8eb29432021-02-03 20:07:11 +0100177#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
Gilles Peskine8a8492b2021-01-13 18:17:32 +0100178} rng_context_t;
179
Gilles Peskinedaa94c42021-01-13 18:38:27 +0100180/** Initialize the RNG.
181 *
182 * This function only initializes the memory used by the RNG context.
183 * Before using the RNG, it must be seeded with rng_seed().
184 */
185void rng_init( rng_context_t *rng );
186
187/* Seed the random number generator.
188 *
189 * \param rng The RNG context to use. It must have been initialized
190 * with rng_init().
191 * \param reproducible If zero, seed the RNG from entropy.
192 * If nonzero, use a fixed seed, so that the program
193 * will produce the same sequence of random numbers
194 * each time it is invoked.
195 * \param pers A null-terminated string. Different values for this
196 * string cause the RNG to emit different output for
197 * the same seed.
198 *
199 * return 0 on success, a negative value on error.
200 */
201int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
202
203/** Deinitialize the RNG. Free any embedded resource.
204 *
205 * \param rng The RNG context to deinitialize. It must have been
206 * initialized with rng_init().
207 */
208void rng_free( rng_context_t *rng );
209
Gilles Peskine535fb372021-01-13 18:59:46 +0100210/** Generate random data.
211 *
212 * This function is suitable for use as the \c f_rng argument to Mbed TLS
213 * library functions.
214 *
Gilles Peskineda9529f2021-01-25 13:42:42 +0100215 * \param p_rng The random generator context. This must be a pointer to
216 * a #rng_context_t structure.
Gilles Peskine535fb372021-01-13 18:59:46 +0100217 * \param output The buffer to fill.
218 * \param output_len The length of the buffer in bytes.
219 *
220 * \return \c 0 on success.
221 * \return An Mbed TLS error code on error.
222 */
223int rng_get( void *p_rng, unsigned char *output, size_t output_len );
224
Przemek Stekiel85d692d2022-04-25 12:42:55 +0200225/** Parse command-line option: key_opaque_algs
226 *
227 *
228 * \param arg String value of key_opaque_algs
229 * Coma-separated pair of values among the following:
230 * - "rsa-sign-pkcs1"
231 * - "rsa-sign-pss"
232 * - "rsa-decrypt"
233 * - "ecdsa-sign"
234 * - "ecdh"
235 * - "none" (only acceptable for the second value).
236 * \param alg1 Address of pointer to alg #1
237 * \param alg2 Address of pointer to alg #2
238 *
239 * \return \c 0 on success.
240 * \return \c 1 on parse failure.
241 */
242int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 );
243
Przemek Stekiel76a41f52022-05-04 13:55:23 +0200244#if defined(MBEDTLS_USE_PSA_CRYPTO)
bootstrap-prime6dbbf442022-05-17 19:30:44 -0400245/** Parse given opaque key algorithms to obtain psa algs and usage
Przemek Stekiel01396a12022-05-02 13:41:53 +0200246 * that will be passed to mbedtls_pk_wrap_as_opaque().
247 *
248 *
249 * \param alg1 input string opaque key algorithm #1
Przemek Stekielcb20d202022-05-06 08:42:34 +0200250 * \param alg2 input string opaque key algorithm #2
Przemek Stekiel01396a12022-05-02 13:41:53 +0200251 * \param psa_alg1 output PSA algorithm #1
252 * \param psa_alg2 output PSA algorithm #2
253 * \param usage output key usage
Przemek Stekielcb20d202022-05-06 08:42:34 +0200254 * \param key_type key type used to set default psa algorithm/usage
255 * when alg1 in "none"
Przemek Stekiel01396a12022-05-02 13:41:53 +0200256 *
257 * \return \c 0 on success.
258 * \return \c 1 on parse failure.
259 */
260int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
261 psa_algorithm_t *psa_alg1,
262 psa_algorithm_t *psa_alg2,
Przemek Stekielcb20d202022-05-06 08:42:34 +0200263 psa_key_usage_t *usage,
264 mbedtls_pk_type_t key_type );
Przemek Stekiel76a41f52022-05-04 13:55:23 +0200265#endif /* MBEDTLS_USE_PSA_CRYPTO */
Przemek Stekiel01396a12022-05-02 13:41:53 +0200266
Gilles Peskine21462112021-01-13 23:53:09 +0100267#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
268/* The test implementation of the PSA external RNG is insecure. When
269 * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
270 * function that makes use of an RNG, you must call
271 * mbedtls_test_enable_insecure_external_rng(). */
Gilles Peskine1af872d2021-01-20 20:02:01 +0100272#include <test/fake_external_rng_for_test.h>
Gilles Peskine21462112021-01-13 23:53:09 +0100273#endif
Gilles Peskine504c1a32021-01-05 23:40:14 +0100274
275#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
276int ca_callback( void *data, mbedtls_x509_crt const *child,
277 mbedtls_x509_crt **candidates );
278#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
279
280/*
281 * Test recv/send functions that make sure each try returns
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800282 * WANT_READ/WANT_WRITE at least once before succeeding
Gilles Peskine504c1a32021-01-05 23:40:14 +0100283 */
284int delayed_recv( void *ctx, unsigned char *buf, size_t len );
285int delayed_send( void *ctx, const unsigned char *buf, size_t len );
286
287/*
288 * Wait for an event from the underlying transport or the timer
289 * (Used in event-driven IO mode).
290 */
291int idle( mbedtls_net_context *fd,
292#if defined(MBEDTLS_TIMING_C)
293 mbedtls_timing_delay_context *timer,
294#endif
295 int idle_reason );
296
Gilles Peskine53dea742021-02-02 22:55:06 +0100297#if defined(MBEDTLS_TEST_HOOKS)
298/** Initialize whatever test hooks are enabled by the compile-time
299 * configuration and make sense for the TLS test programs. */
300void test_hooks_init( void );
301
302/** Check if any test hooks detected a problem.
303 *
Gilles Peskine00d0ad42021-02-15 11:02:51 +0100304 * If a problem was detected, it's ok for the calling program to keep going,
305 * but it should ultimately exit with an error status.
306 *
307 * \note When implementing a test hook that detects errors on its own
308 * (as opposed to e.g. leaving the error for a memory sanitizer to
309 * report), make sure to print a message to standard error either at
310 * the time the problem is detected or during the execution of this
311 * function. This function does not indicate what problem was detected,
312 * so printing a message is the only way to provide feedback in the
313 * logs of the calling program.
Gilles Peskine53dea742021-02-02 22:55:06 +0100314 *
315 * \return Nonzero if a problem was detected.
316 * \c 0 if no problem was detected.
317 */
318int test_hooks_failure_detected( void );
319
320/** Free any resources allocated for the sake of test hooks.
321 *
322 * Call this at the end of the program so that resource leak analyzers
323 * don't complain.
324 */
325void test_hooks_free( void );
326
Gilles Peskine53dea742021-02-02 22:55:06 +0100327#endif /* !MBEDTLS_TEST_HOOKS */
328
Gilles Peskine504c1a32021-01-05 23:40:14 +0100329#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
Gilles Peskinea3ed34f2021-01-05 21:11:16 +0100330#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */