1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
21
22 #include "ssl_test_lib.h"
23
24 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)25 int main( void )
26 {
27 mbedtls_printf( MBEDTLS_SSL_TEST_IMPOSSIBLE );
28 mbedtls_exit( 0 );
29 }
30 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)31 int main( void )
32 {
33 mbedtls_printf( "MBEDTLS_SSL_CLI_C not defined.\n" );
34 mbedtls_exit( 0 );
35 }
36 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
37
38 /* Size of memory to be allocated for the heap, when using the library's memory
39 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
40 #define MEMORY_HEAP_SIZE 120000
41
42 #define MAX_REQUEST_SIZE 20000
43 #define MAX_REQUEST_SIZE_STR "20000"
44
45 #define DFL_SERVER_NAME "localhost"
46 #define DFL_SERVER_ADDR NULL
47 #define DFL_SERVER_PORT "4433"
48 #define DFL_REQUEST_PAGE "/"
49 #define DFL_REQUEST_SIZE -1
50 #define DFL_DEBUG_LEVEL 0
51 #define DFL_CONTEXT_CRT_CB 0
52 #define DFL_NBIO 0
53 #define DFL_EVENT 0
54 #define DFL_READ_TIMEOUT 0
55 #define DFL_MAX_RESEND 0
56 #define DFL_CA_FILE ""
57 #define DFL_CA_PATH ""
58 #define DFL_CRT_FILE ""
59 #define DFL_KEY_FILE ""
60 #define DFL_KEY_OPAQUE 0
61 #define DFL_KEY_PWD ""
62 #define DFL_PSK ""
63 #define DFL_PSK_OPAQUE 0
64 #define DFL_PSK_IDENTITY "Client_identity"
65 #define DFL_ECJPAKE_PW NULL
66 #define DFL_EC_MAX_OPS -1
67 #define DFL_FORCE_CIPHER 0
68 #define DFL_TLS13_KEX_MODES MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
69 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
70 #define DFL_ALLOW_LEGACY -2
71 #define DFL_RENEGOTIATE 0
72 #define DFL_EXCHANGES 1
73 #define DFL_MIN_VERSION -1
74 #define DFL_MAX_VERSION -1
75 #define DFL_SHA1 -1
76 #define DFL_AUTH_MODE -1
77 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
78 #define DFL_TRUNC_HMAC -1
79 #define DFL_RECSPLIT -1
80 #define DFL_DHMLEN -1
81 #define DFL_RECONNECT 0
82 #define DFL_RECO_DELAY 0
83 #define DFL_RECO_MODE 1
84 #define DFL_CID_ENABLED 0
85 #define DFL_CID_VALUE ""
86 #define DFL_CID_ENABLED_RENEGO -1
87 #define DFL_CID_VALUE_RENEGO NULL
88 #define DFL_RECONNECT_HARD 0
89 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
90 #define DFL_ALPN_STRING NULL
91 #define DFL_CURVES NULL
92 #define DFL_SIG_ALGS NULL
93 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
94 #define DFL_HS_TO_MIN 0
95 #define DFL_HS_TO_MAX 0
96 #define DFL_DTLS_MTU -1
97 #define DFL_DGRAM_PACKING 1
98 #define DFL_FALLBACK -1
99 #define DFL_EXTENDED_MS -1
100 #define DFL_ETM -1
101 #define DFL_SERIALIZE 0
102 #define DFL_CONTEXT_FILE ""
103 #define DFL_EXTENDED_MS_ENFORCE -1
104 #define DFL_CA_CALLBACK 0
105 #define DFL_EAP_TLS 0
106 #define DFL_REPRODUCIBLE 0
107 #define DFL_NSS_KEYLOG 0
108 #define DFL_NSS_KEYLOG_FILE NULL
109 #define DFL_SKIP_CLOSE_NOTIFY 0
110 #define DFL_QUERY_CONFIG_MODE 0
111 #define DFL_USE_SRTP 0
112 #define DFL_SRTP_FORCE_PROFILE 0
113 #define DFL_SRTP_MKI ""
114
115 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
116 #define GET_REQUEST_END "\r\n\r\n"
117
118 #if defined(MBEDTLS_X509_CRT_PARSE_C)
119 #define USAGE_CONTEXT_CRT_CB \
120 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
121 " to the SSL configuration of the SSL context.\n" \
122 " Possible values:\n"\
123 " - 0 (default): Use CRT callback bound to configuration\n" \
124 " - 1: Use CRT callback bound to SSL context\n"
125 #else
126 #define USAGE_CONTEXT_CRT_CB ""
127 #endif /* MBEDTLS_X509_CRT_PARSE_C */
128 #if defined(MBEDTLS_X509_CRT_PARSE_C)
129 #if defined(MBEDTLS_FS_IO)
130 #define USAGE_IO \
131 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
132 " default: \"\" (pre-loaded)\n" \
133 " use \"none\" to skip loading any top-level CAs.\n" \
134 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
135 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
136 " use \"none\" to skip loading any top-level CAs.\n" \
137 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
138 " default: \"\" (pre-loaded)\n" \
139 " key_file=%%s default: \"\" (pre-loaded)\n"\
140 " key_pwd=%%s Password for key specified by key_file argument\n"\
141 " default: none\n"
142 #else
143 #define USAGE_IO \
144 " No file operations available (MBEDTLS_FS_IO not defined)\n"
145 #endif /* MBEDTLS_FS_IO */
146 #else /* MBEDTLS_X509_CRT_PARSE_C */
147 #define USAGE_IO ""
148 #endif /* MBEDTLS_X509_CRT_PARSE_C */
149 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
150 #define USAGE_KEY_OPAQUE \
151 " key_opaque=%%d Handle your private key as if it were opaque\n" \
152 " default: 0 (disabled)\n"
153 #else
154 #define USAGE_KEY_OPAQUE ""
155 #endif
156
157 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
158 #define USAGE_CID \
159 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
160 " default: 0 (disabled)\n" \
161 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
162 " default: same as 'cid' parameter\n" \
163 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
164 " default: \"\"\n" \
165 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
166 " default: same as 'cid_val' parameter\n"
167 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
168 #define USAGE_CID ""
169 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
170
171 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
172 #define USAGE_PSK_RAW \
173 " psk=%%s default: \"\" (disabled)\n" \
174 " The PSK values are in hex, without 0x.\n" \
175 " psk_identity=%%s default: \"Client_identity\"\n"
176 #if defined(MBEDTLS_USE_PSA_CRYPTO)
177 #define USAGE_PSK_SLOT \
178 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
179 " Enable this to store the PSK configured through command line\n" \
180 " parameter `psk` in a PSA-based key slot.\n" \
181 " Note: Currently only supported in conjunction with\n" \
182 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
183 " to force a particular PSK-only ciphersuite.\n" \
184 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
185 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
186 " with prepopulated key slots instead of importing raw key material.\n"
187 #else
188 #define USAGE_PSK_SLOT ""
189 #endif /* MBEDTLS_USE_PSA_CRYPTO */
190 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
191 #else
192 #define USAGE_PSK ""
193 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
194
195 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
196 #define USAGE_CA_CALLBACK \
197 " ca_callback=%%d default: 0 (disabled)\n" \
198 " Enable this to use the trusted certificate callback function\n"
199 #else
200 #define USAGE_CA_CALLBACK ""
201 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
202
203 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
204 #define USAGE_TICKETS \
205 " tickets=%%d default: 1 (enabled)\n"
206 #else
207 #define USAGE_TICKETS ""
208 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
209
210 #define USAGE_EAP_TLS \
211 " eap_tls=%%d default: 0 (disabled)\n"
212 #define USAGE_NSS_KEYLOG \
213 " nss_keylog=%%d default: 0 (disabled)\n" \
214 " This cannot be used with eap_tls=1\n"
215 #define USAGE_NSS_KEYLOG_FILE \
216 " nss_keylog_file=%%s\n"
217 #if defined(MBEDTLS_SSL_DTLS_SRTP)
218 #define USAGE_SRTP \
219 " use_srtp=%%d default: 0 (disabled)\n" \
220 " This cannot be used with eap_tls=1 or "\
221 " nss_keylog=1\n" \
222 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
223 " available profiles:\n" \
224 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
225 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
226 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
227 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
228 " mki=%%s default: \"\" (in hex, without 0x)\n"
229 #else /* MBEDTLS_SSL_DTLS_SRTP */
230 #define USAGE_SRTP ""
231 #endif
232
233 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
234 #define USAGE_MAX_FRAG_LEN \
235 " max_frag_len=%%d default: 16384 (tls default)\n" \
236 " options: 512, 1024, 2048, 4096\n"
237 #else
238 #define USAGE_MAX_FRAG_LEN ""
239 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
240
241 #if defined(MBEDTLS_DHM_C)
242 #define USAGE_DHMLEN \
243 " dhmlen=%%d default: (library default: 1024 bits)\n"
244 #else
245 #define USAGE_DHMLEN
246 #endif
247
248 #if defined(MBEDTLS_SSL_ALPN)
249 #define USAGE_ALPN \
250 " alpn=%%s default: \"\" (disabled)\n" \
251 " example: spdy/1,http/1.1\n"
252 #else
253 #define USAGE_ALPN ""
254 #endif /* MBEDTLS_SSL_ALPN */
255
256 #if defined(MBEDTLS_ECP_C)
257 #define USAGE_CURVES \
258 " curves=a,b,c,d default: \"default\" (library default)\n" \
259 " example: \"secp521r1,brainpoolP512r1\"\n" \
260 " - use \"none\" for empty list\n" \
261 " - see mbedtls_ecp_curve_list()\n" \
262 " for acceptable curve names\n"
263 #else
264 #define USAGE_CURVES ""
265 #endif
266
267 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
268 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
269 #define USAGE_SIG_ALGS \
270 " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
271 " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
272 #else
273 #define USAGE_SIG_ALGS ""
274 #endif
275
276 #if defined(MBEDTLS_SSL_PROTO_DTLS)
277 #define USAGE_DTLS \
278 " dtls=%%d default: 0 (TLS)\n" \
279 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
280 " range of DTLS handshake timeouts in millisecs\n" \
281 " mtu=%%d default: (library default: unlimited)\n" \
282 " dgram_packing=%%d default: 1 (allowed)\n" \
283 " allow or forbid packing of multiple\n" \
284 " records within a single datgram.\n"
285 #else
286 #define USAGE_DTLS ""
287 #endif
288
289 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
290 #define USAGE_EMS \
291 " extended_ms=0/1 default: (library default: on)\n"
292 #else
293 #define USAGE_EMS ""
294 #endif
295
296 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
297 #define USAGE_ETM \
298 " etm=0/1 default: (library default: on)\n"
299 #else
300 #define USAGE_ETM ""
301 #endif
302
303 #define USAGE_REPRODUCIBLE \
304 " reproducible=0/1 default: 0 (disabled)\n"
305
306 #if defined(MBEDTLS_SSL_RENEGOTIATION)
307 #define USAGE_RENEGO \
308 " renegotiation=%%d default: 0 (disabled)\n" \
309 " renegotiate=%%d default: 0 (disabled)\n"
310 #else
311 #define USAGE_RENEGO ""
312 #endif
313
314 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
315 #define USAGE_ECJPAKE \
316 " ecjpake_pw=%%s default: none (disabled)\n"
317 #else
318 #define USAGE_ECJPAKE ""
319 #endif
320
321 #if defined(MBEDTLS_ECP_RESTARTABLE)
322 #define USAGE_ECRESTART \
323 " ec_max_ops=%%s default: library default (restart disabled)\n"
324 #else
325 #define USAGE_ECRESTART ""
326 #endif
327
328 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
329 #define USAGE_SERIALIZATION \
330 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
331 " options: 1 (serialize)\n" \
332 " 2 (serialize with re-initialization)\n" \
333 " context_file=%%s The file path to write a serialized connection\n"\
334 " in the form of base64 code (serialize option\n" \
335 " must be set)\n" \
336 " default: \"\" (do nothing)\n" \
337 " option: a file path\n"
338 #else
339 #define USAGE_SERIALIZATION ""
340 #endif
341
342 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
343 #define USAGE_TLS13_KEY_EXCHANGE_MODES \
344 " tls13_kex_modes=%%s default: all\n" \
345 " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
346 #else
347 #define USAGE_TLS13_KEY_EXCHANGE_MODES ""
348 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
349
350 /* USAGE is arbitrarily split to stay under the portable string literal
351 * length limit: 4095 bytes in C99. */
352 #define USAGE1 \
353 "\n usage: ssl_client2 param=<>...\n" \
354 "\n acceptable parameters:\n" \
355 " server_name=%%s default: localhost\n" \
356 " server_addr=%%s default: given by name\n" \
357 " server_port=%%d default: 4433\n" \
358 " request_page=%%s default: \".\"\n" \
359 " request_size=%%d default: about 34 (basic request)\n" \
360 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
361 " If 0, in the first exchange only an empty\n" \
362 " application data message is sent followed by\n" \
363 " a second non-empty message before attempting\n" \
364 " to read a response from the server\n" \
365 " debug_level=%%d default: 0 (disabled)\n" \
366 " nbio=%%d default: 0 (blocking I/O)\n" \
367 " options: 1 (non-blocking), 2 (added delays)\n" \
368 " event=%%d default: 0 (loop)\n" \
369 " options: 1 (level-triggered, implies nbio=1),\n" \
370 " read_timeout=%%d default: 0 ms (no timeout)\n" \
371 " max_resend=%%d default: 0 (no resend on timeout)\n" \
372 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
373 "\n" \
374 USAGE_DTLS \
375 USAGE_CID \
376 USAGE_SRTP \
377 "\n"
378 #define USAGE2 \
379 " auth_mode=%%s default: (library default: none)\n" \
380 " options: none, optional, required\n" \
381 USAGE_IO \
382 USAGE_KEY_OPAQUE \
383 USAGE_CA_CALLBACK \
384 "\n" \
385 USAGE_PSK \
386 USAGE_ECJPAKE \
387 USAGE_ECRESTART \
388 "\n"
389 #define USAGE3 \
390 " allow_legacy=%%d default: (library default: no)\n" \
391 USAGE_RENEGO \
392 " exchanges=%%d default: 1\n" \
393 " reconnect=%%d number of reconnections using session resumption\n" \
394 " default: 0 (disabled)\n" \
395 " reco_delay=%%d default: 0 seconds\n" \
396 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
397 " default: 1\n" \
398 " reconnect_hard=%%d default: 0 (disabled)\n" \
399 USAGE_TICKETS \
400 USAGE_EAP_TLS \
401 USAGE_MAX_FRAG_LEN \
402 USAGE_CONTEXT_CRT_CB \
403 USAGE_ALPN \
404 USAGE_EMS \
405 USAGE_ETM \
406 USAGE_REPRODUCIBLE \
407 USAGE_CURVES \
408 USAGE_SIG_ALGS \
409 USAGE_DHMLEN \
410 "\n"
411
412 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
413 #define TLS1_3_VERSION_OPTIONS ", tls1_3"
414 #else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
415 #define TLS1_3_VERSION_OPTIONS ""
416 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
417
418 #define USAGE4 \
419 " allow_sha1=%%d default: 0\n" \
420 " min_version=%%s default: (library default: tls1_2)\n" \
421 " max_version=%%s default: (library default: tls1_2)\n" \
422 " force_version=%%s default: \"\" (none)\n" \
423 " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
424 "\n\n" \
425 " force_ciphersuite=<name> default: all enabled\n" \
426 USAGE_TLS13_KEY_EXCHANGE_MODES \
427 " query_config=<name> return 0 if the specified\n" \
428 " configuration macro is defined and 1\n" \
429 " otherwise. The expansion of the macro\n" \
430 " is printed if it is defined\n" \
431 USAGE_SERIALIZATION \
432 " acceptable ciphersuite names:\n"
433
434 #define ALPN_LIST_SIZE 10
435 #define CURVE_LIST_SIZE 20
436 #define SIG_ALG_LIST_SIZE 5
437
438 /*
439 * global options
440 */
441 struct options
442 {
443 const char *server_name; /* hostname of the server (client only) */
444 const char *server_addr; /* address of the server (client only) */
445 const char *server_port; /* port on which the ssl service runs */
446 int debug_level; /* level of debugging */
447 int nbio; /* should I/O be blocking? */
448 int event; /* loop or event-driven IO? level or edge triggered? */
449 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
450 int max_resend; /* DTLS times to resend on read timeout */
451 const char *request_page; /* page on server to request */
452 int request_size; /* pad request with header to requested size */
453 const char *ca_file; /* the file with the CA certificate(s) */
454 const char *ca_path; /* the path with the CA certificate(s) reside */
455 const char *crt_file; /* the file with the client certificate */
456 const char *key_file; /* the file with the client key */
457 int key_opaque; /* handle private key as if it were opaque */
458 #if defined(MBEDTLS_USE_PSA_CRYPTO)
459 int psk_opaque;
460 #endif
461 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
462 int ca_callback; /* Use callback for trusted certificate list */
463 #endif
464 const char *key_pwd; /* the password for the client key */
465 const char *psk; /* the pre-shared key */
466 const char *psk_identity; /* the pre-shared key identity */
467 const char *ecjpake_pw; /* the EC J-PAKE password */
468 int ec_max_ops; /* EC consecutive operations limit */
469 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
470 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
471 int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
472 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
473 int renegotiation; /* enable / disable renegotiation */
474 int allow_legacy; /* allow legacy renegotiation */
475 int renegotiate; /* attempt renegotiation? */
476 int renego_delay; /* delay before enforcing renegotiation */
477 int exchanges; /* number of data exchanges */
478 int min_version; /* minimum protocol version accepted */
479 int max_version; /* maximum protocol version accepted */
480 int allow_sha1; /* flag for SHA-1 support */
481 int auth_mode; /* verify mode for connection */
482 unsigned char mfl_code; /* code for maximum fragment length */
483 int trunc_hmac; /* negotiate truncated hmac or not */
484 int recsplit; /* enable record splitting? */
485 int dhmlen; /* minimum DHM params len in bits */
486 int reconnect; /* attempt to resume session */
487 int reco_delay; /* delay in seconds before resuming session */
488 int reco_mode; /* how to keep the session around */
489 int reconnect_hard; /* unexpectedly reconnect from the same port */
490 int tickets; /* enable / disable session tickets */
491 const char *curves; /* list of supported elliptic curves */
492 const char *sig_algs; /* supported TLS 1.3 signature algorithms */
493 const char *alpn_string; /* ALPN supported protocols */
494 int transport; /* TLS or DTLS? */
495 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
496 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
497 int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
498 int fallback; /* is this a fallback connection? */
499 int dgram_packing; /* allow/forbid datagram packing */
500 int extended_ms; /* negotiate extended master secret? */
501 int etm; /* negotiate encrypt then mac? */
502 int context_crt_cb; /* use context-specific CRT verify callback */
503 int eap_tls; /* derive EAP-TLS keying material? */
504 int nss_keylog; /* export NSS key log material */
505 const char *nss_keylog_file; /* NSS key log file */
506 int cid_enabled; /* whether to use the CID extension or not */
507 int cid_enabled_renego; /* whether to use the CID extension or not
508 * during renegotiation */
509 const char *cid_val; /* the CID to use for incoming messages */
510 int serialize; /* serialize/deserialize connection */
511 const char *context_file; /* the file to write a serialized connection
512 * in the form of base64 code (serialize
513 * option must be set) */
514 const char *cid_val_renego; /* the CID to use for incoming messages
515 * after renegotiation */
516 int reproducible; /* make communication reproducible */
517 int skip_close_notify; /* skip sending the close_notify alert */
518 int query_config_mode; /* whether to read config */
519 int use_srtp; /* Support SRTP */
520 int force_srtp_profile; /* SRTP protection profile to use or all */
521 const char *mki; /* The dtls mki value to use */
522 } opt;
523
524 #include "ssl_test_common_source.c"
525
526 #if defined(MBEDTLS_X509_CRT_PARSE_C)
527 static unsigned char peer_crt_info[1024];
528
529 /*
530 * Enabled if debug_level > 1 in code below
531 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)532 static int my_verify( void *data, mbedtls_x509_crt *crt,
533 int depth, uint32_t *flags )
534 {
535 char buf[1024];
536 ((void) data);
537
538 mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
539
540 #if !defined(MBEDTLS_X509_REMOVE_INFO)
541 mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
542 if( depth == 0 )
543 memcpy( peer_crt_info, buf, sizeof( buf ) );
544
545 if( opt.debug_level == 0 )
546 return( 0 );
547
548 mbedtls_printf( "%s", buf );
549 #else
550 ((void) crt);
551 ((void) depth);
552 #endif
553
554 if ( ( *flags ) == 0 )
555 mbedtls_printf( " This certificate has no flags\n" );
556 else
557 {
558 x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
559 mbedtls_printf( "%s\n", buf );
560 }
561
562 return( 0 );
563 }
564 #endif /* MBEDTLS_X509_CRT_PARSE_C */
565
566 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)567 int report_cid_usage( mbedtls_ssl_context *ssl,
568 const char *additional_description )
569 {
570 int ret;
571 unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
572 size_t peer_cid_len;
573 int cid_negotiated;
574
575 if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
576 return( 0 );
577
578 /* Check if the use of a CID has been negotiated,
579 * but don't ask for the CID value and length.
580 *
581 * Note: Here and below, we're demonstrating the various ways
582 * in which mbedtls_ssl_get_peer_cid() can be called,
583 * depending on whether or not the length/value of the
584 * peer's CID is needed.
585 *
586 * An actual application, however, should use
587 * just one call to mbedtls_ssl_get_peer_cid(). */
588 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
589 NULL, NULL );
590 if( ret != 0 )
591 {
592 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
593 (unsigned int) -ret );
594 return( ret );
595 }
596
597 if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
598 {
599 if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
600 {
601 mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
602 additional_description );
603 }
604 }
605 else
606 {
607 size_t idx=0;
608 mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
609 additional_description );
610
611 /* Ask for just the length of the peer's CID. */
612 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
613 NULL, &peer_cid_len );
614 if( ret != 0 )
615 {
616 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
617 (unsigned int) -ret );
618 return( ret );
619 }
620
621 /* Ask for just length + value of the peer's CID. */
622 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
623 peer_cid, &peer_cid_len );
624 if( ret != 0 )
625 {
626 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
627 (unsigned int) -ret );
628 return( ret );
629 }
630 mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
631 additional_description,
632 (unsigned) peer_cid_len );
633 while( idx < peer_cid_len )
634 {
635 mbedtls_printf( "%02x ", peer_cid[ idx ] );
636 idx++;
637 }
638 mbedtls_printf( "\n" );
639 }
640
641 return( 0 );
642 }
643 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
644
main(int argc,char * argv[])645 int main( int argc, char *argv[] )
646 {
647 int ret = 0, len, tail_len, i, written, frags, retry_left;
648 int query_config_ret = 0;
649 mbedtls_net_context server_fd;
650 io_ctx_t io_ctx;
651
652 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
653 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
654 uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
655 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
656 MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
657
658 unsigned char buf[MAX_REQUEST_SIZE + 1];
659
660 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
661 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
662 size_t psk_len = 0;
663 #endif
664
665 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
666 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
667 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
668 size_t cid_len = 0;
669 size_t cid_renego_len = 0;
670 #endif
671
672 #if defined(MBEDTLS_SSL_ALPN)
673 const char *alpn_list[ALPN_LIST_SIZE];
674 #endif
675
676 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
677 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
678 #endif
679
680 #if defined(MBEDTLS_ECP_C)
681 uint16_t group_list[CURVE_LIST_SIZE];
682 const mbedtls_ecp_curve_info *curve_cur;
683 #endif
684 #if defined(MBEDTLS_SSL_DTLS_SRTP)
685 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
686 size_t mki_len=0;
687 #endif
688
689 const char *pers = "ssl_client2";
690
691 #if defined(MBEDTLS_USE_PSA_CRYPTO)
692 psa_key_id_t slot = 0;
693 psa_algorithm_t alg = 0;
694 psa_key_attributes_t key_attributes;
695 psa_status_t status;
696 #endif
697
698 #if defined(MBEDTLS_X509_CRT_PARSE_C)
699 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
700 #endif
701 rng_context_t rng;
702 mbedtls_ssl_context ssl;
703 mbedtls_ssl_config conf;
704 mbedtls_ssl_session saved_session;
705 unsigned char *session_data = NULL;
706 size_t session_data_len = 0;
707 #if defined(MBEDTLS_TIMING_C)
708 mbedtls_timing_delay_context timer;
709 #endif
710 #if defined(MBEDTLS_X509_CRT_PARSE_C)
711 uint32_t flags;
712 mbedtls_x509_crt cacert;
713 mbedtls_x509_crt clicert;
714 mbedtls_pk_context pkey;
715 #if defined(MBEDTLS_USE_PSA_CRYPTO)
716 psa_key_id_t key_slot = 0; /* invalid key slot */
717 #endif
718 #endif /* MBEDTLS_X509_CRT_PARSE_C */
719 char *p, *q;
720 const int *list;
721 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
722 unsigned char *context_buf = NULL;
723 size_t context_buf_len;
724 #endif
725 unsigned char eap_tls_keymaterial[16];
726 unsigned char eap_tls_iv[8];
727 const char* eap_tls_label = "client EAP encryption";
728 eap_tls_keys eap_tls_keying;
729 #if defined( MBEDTLS_SSL_DTLS_SRTP )
730 /*! master keys and master salt for SRTP generated during handshake */
731 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
732 const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
733 dtls_srtp_keys dtls_srtp_keying;
734 const mbedtls_ssl_srtp_profile default_profiles[] = {
735 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
736 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
737 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
738 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
739 MBEDTLS_TLS_SRTP_UNSET
740 };
741 #endif /* MBEDTLS_SSL_DTLS_SRTP */
742
743 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
744 mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
745 #endif
746
747 #if defined(MBEDTLS_TEST_HOOKS)
748 test_hooks_init( );
749 #endif /* MBEDTLS_TEST_HOOKS */
750
751 /*
752 * Make sure memory references are valid.
753 */
754 mbedtls_net_init( &server_fd );
755 mbedtls_ssl_init( &ssl );
756 mbedtls_ssl_config_init( &conf );
757 memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
758 rng_init( &rng );
759 #if defined(MBEDTLS_X509_CRT_PARSE_C)
760 mbedtls_x509_crt_init( &cacert );
761 mbedtls_x509_crt_init( &clicert );
762 mbedtls_pk_init( &pkey );
763 #endif
764 #if defined(MBEDTLS_SSL_ALPN)
765 memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
766 #endif
767
768 #if defined(MBEDTLS_USE_PSA_CRYPTO)
769 status = psa_crypto_init();
770 if( status != PSA_SUCCESS )
771 {
772 mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
773 (int) status );
774 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
775 goto exit;
776 }
777 #endif /* MBEDTLS_USE_PSA_CRYPTO */
778 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
779 mbedtls_test_enable_insecure_external_rng( );
780 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
781
782 if( argc == 0 )
783 {
784 usage:
785 if( ret == 0 )
786 ret = 1;
787
788 mbedtls_printf( USAGE1 );
789 mbedtls_printf( USAGE2 );
790 mbedtls_printf( USAGE3 );
791 mbedtls_printf( USAGE4 );
792
793 list = mbedtls_ssl_list_ciphersuites();
794 while( *list )
795 {
796 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
797 list++;
798 if( !*list )
799 break;
800 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
801 list++;
802 }
803 mbedtls_printf("\n");
804 goto exit;
805 }
806
807 opt.server_name = DFL_SERVER_NAME;
808 opt.server_addr = DFL_SERVER_ADDR;
809 opt.server_port = DFL_SERVER_PORT;
810 opt.debug_level = DFL_DEBUG_LEVEL;
811 opt.cid_enabled = DFL_CID_ENABLED;
812 opt.cid_val = DFL_CID_VALUE;
813 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
814 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
815 opt.nbio = DFL_NBIO;
816 opt.event = DFL_EVENT;
817 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
818 opt.read_timeout = DFL_READ_TIMEOUT;
819 opt.max_resend = DFL_MAX_RESEND;
820 opt.request_page = DFL_REQUEST_PAGE;
821 opt.request_size = DFL_REQUEST_SIZE;
822 opt.ca_file = DFL_CA_FILE;
823 opt.ca_path = DFL_CA_PATH;
824 opt.crt_file = DFL_CRT_FILE;
825 opt.key_file = DFL_KEY_FILE;
826 opt.key_opaque = DFL_KEY_OPAQUE;
827 opt.key_pwd = DFL_KEY_PWD;
828 opt.psk = DFL_PSK;
829 #if defined(MBEDTLS_USE_PSA_CRYPTO)
830 opt.psk_opaque = DFL_PSK_OPAQUE;
831 #endif
832 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
833 opt.ca_callback = DFL_CA_CALLBACK;
834 #endif
835 opt.psk_identity = DFL_PSK_IDENTITY;
836 opt.ecjpake_pw = DFL_ECJPAKE_PW;
837 opt.ec_max_ops = DFL_EC_MAX_OPS;
838 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
839 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
840 opt.tls13_kex_modes = DFL_TLS13_KEX_MODES;
841 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
842 opt.renegotiation = DFL_RENEGOTIATION;
843 opt.allow_legacy = DFL_ALLOW_LEGACY;
844 opt.renegotiate = DFL_RENEGOTIATE;
845 opt.exchanges = DFL_EXCHANGES;
846 opt.min_version = DFL_MIN_VERSION;
847 opt.max_version = DFL_MAX_VERSION;
848 opt.allow_sha1 = DFL_SHA1;
849 opt.auth_mode = DFL_AUTH_MODE;
850 opt.mfl_code = DFL_MFL_CODE;
851 opt.trunc_hmac = DFL_TRUNC_HMAC;
852 opt.recsplit = DFL_RECSPLIT;
853 opt.dhmlen = DFL_DHMLEN;
854 opt.reconnect = DFL_RECONNECT;
855 opt.reco_delay = DFL_RECO_DELAY;
856 opt.reco_mode = DFL_RECO_MODE;
857 opt.reconnect_hard = DFL_RECONNECT_HARD;
858 opt.tickets = DFL_TICKETS;
859 opt.alpn_string = DFL_ALPN_STRING;
860 opt.curves = DFL_CURVES;
861 opt.sig_algs = DFL_SIG_ALGS;
862 opt.transport = DFL_TRANSPORT;
863 opt.hs_to_min = DFL_HS_TO_MIN;
864 opt.hs_to_max = DFL_HS_TO_MAX;
865 opt.dtls_mtu = DFL_DTLS_MTU;
866 opt.fallback = DFL_FALLBACK;
867 opt.extended_ms = DFL_EXTENDED_MS;
868 opt.etm = DFL_ETM;
869 opt.dgram_packing = DFL_DGRAM_PACKING;
870 opt.serialize = DFL_SERIALIZE;
871 opt.context_file = DFL_CONTEXT_FILE;
872 opt.eap_tls = DFL_EAP_TLS;
873 opt.reproducible = DFL_REPRODUCIBLE;
874 opt.nss_keylog = DFL_NSS_KEYLOG;
875 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
876 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
877 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
878 opt.use_srtp = DFL_USE_SRTP;
879 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
880 opt.mki = DFL_SRTP_MKI;
881
882 for( i = 1; i < argc; i++ )
883 {
884 p = argv[i];
885 if( ( q = strchr( p, '=' ) ) == NULL )
886 goto usage;
887 *q++ = '\0';
888
889 if( strcmp( p, "server_name" ) == 0 )
890 opt.server_name = q;
891 else if( strcmp( p, "server_addr" ) == 0 )
892 opt.server_addr = q;
893 else if( strcmp( p, "server_port" ) == 0 )
894 opt.server_port = q;
895 else if( strcmp( p, "dtls" ) == 0 )
896 {
897 int t = atoi( q );
898 if( t == 0 )
899 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
900 else if( t == 1 )
901 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
902 else
903 goto usage;
904 }
905 else if( strcmp( p, "debug_level" ) == 0 )
906 {
907 opt.debug_level = atoi( q );
908 if( opt.debug_level < 0 || opt.debug_level > 65535 )
909 goto usage;
910 }
911 else if( strcmp( p, "context_crt_cb" ) == 0 )
912 {
913 opt.context_crt_cb = atoi( q );
914 if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
915 goto usage;
916 }
917 else if( strcmp( p, "nbio" ) == 0 )
918 {
919 opt.nbio = atoi( q );
920 if( opt.nbio < 0 || opt.nbio > 2 )
921 goto usage;
922 }
923 else if( strcmp( p, "event" ) == 0 )
924 {
925 opt.event = atoi( q );
926 if( opt.event < 0 || opt.event > 2 )
927 goto usage;
928 }
929 else if( strcmp( p, "read_timeout" ) == 0 )
930 opt.read_timeout = atoi( q );
931 else if( strcmp( p, "max_resend" ) == 0 )
932 {
933 opt.max_resend = atoi( q );
934 if( opt.max_resend < 0 )
935 goto usage;
936 }
937 else if( strcmp( p, "request_page" ) == 0 )
938 opt.request_page = q;
939 else if( strcmp( p, "request_size" ) == 0 )
940 {
941 opt.request_size = atoi( q );
942 if( opt.request_size < 0 ||
943 opt.request_size > MAX_REQUEST_SIZE )
944 goto usage;
945 }
946 else if( strcmp( p, "ca_file" ) == 0 )
947 opt.ca_file = q;
948 else if( strcmp( p, "ca_path" ) == 0 )
949 opt.ca_path = q;
950 else if( strcmp( p, "crt_file" ) == 0 )
951 opt.crt_file = q;
952 else if( strcmp( p, "key_file" ) == 0 )
953 opt.key_file = q;
954 else if( strcmp( p, "key_pwd" ) == 0 )
955 opt.key_pwd = q;
956 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
957 else if( strcmp( p, "key_opaque" ) == 0 )
958 opt.key_opaque = atoi( q );
959 #endif
960 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
961 else if( strcmp( p, "cid" ) == 0 )
962 {
963 opt.cid_enabled = atoi( q );
964 if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
965 goto usage;
966 }
967 else if( strcmp( p, "cid_renego" ) == 0 )
968 {
969 opt.cid_enabled_renego = atoi( q );
970 if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
971 goto usage;
972 }
973 else if( strcmp( p, "cid_val" ) == 0 )
974 {
975 opt.cid_val = q;
976 }
977 else if( strcmp( p, "cid_val_renego" ) == 0 )
978 {
979 opt.cid_val_renego = q;
980 }
981 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
982 else if( strcmp( p, "psk" ) == 0 )
983 opt.psk = q;
984 #if defined(MBEDTLS_USE_PSA_CRYPTO)
985 else if( strcmp( p, "psk_opaque" ) == 0 )
986 opt.psk_opaque = atoi( q );
987 #endif
988 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
989 else if( strcmp( p, "ca_callback" ) == 0)
990 opt.ca_callback = atoi( q );
991 #endif
992 else if( strcmp( p, "psk_identity" ) == 0 )
993 opt.psk_identity = q;
994 else if( strcmp( p, "ecjpake_pw" ) == 0 )
995 opt.ecjpake_pw = q;
996 else if( strcmp( p, "ec_max_ops" ) == 0 )
997 opt.ec_max_ops = atoi( q );
998 else if( strcmp( p, "force_ciphersuite" ) == 0 )
999 {
1000 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
1001
1002 if( opt.force_ciphersuite[0] == 0 )
1003 {
1004 ret = 2;
1005 goto usage;
1006 }
1007 opt.force_ciphersuite[1] = 0;
1008 }
1009 else if( strcmp( p, "renegotiation" ) == 0 )
1010 {
1011 opt.renegotiation = (atoi( q )) ?
1012 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1013 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1014 }
1015 else if( strcmp( p, "allow_legacy" ) == 0 )
1016 {
1017 switch( atoi( q ) )
1018 {
1019 case -1:
1020 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1021 break;
1022 case 0:
1023 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1024 break;
1025 case 1:
1026 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1027 break;
1028 default: goto usage;
1029 }
1030 }
1031 else if( strcmp( p, "renegotiate" ) == 0 )
1032 {
1033 opt.renegotiate = atoi( q );
1034 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
1035 goto usage;
1036 }
1037 else if( strcmp( p, "exchanges" ) == 0 )
1038 {
1039 opt.exchanges = atoi( q );
1040 if( opt.exchanges < 1 )
1041 goto usage;
1042 }
1043 else if( strcmp( p, "reconnect" ) == 0 )
1044 {
1045 opt.reconnect = atoi( q );
1046 if( opt.reconnect < 0 || opt.reconnect > 2 )
1047 goto usage;
1048 }
1049 else if( strcmp( p, "reco_delay" ) == 0 )
1050 {
1051 opt.reco_delay = atoi( q );
1052 if( opt.reco_delay < 0 )
1053 goto usage;
1054 }
1055 else if( strcmp( p, "reco_mode" ) == 0 )
1056 {
1057 opt.reco_mode = atoi( q );
1058 if( opt.reco_mode < 0 )
1059 goto usage;
1060 }
1061 else if( strcmp( p, "reconnect_hard" ) == 0 )
1062 {
1063 opt.reconnect_hard = atoi( q );
1064 if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
1065 goto usage;
1066 }
1067 else if( strcmp( p, "tickets" ) == 0 )
1068 {
1069 opt.tickets = atoi( q );
1070 if( opt.tickets < 0 || opt.tickets > 2 )
1071 goto usage;
1072 }
1073 else if( strcmp( p, "alpn" ) == 0 )
1074 {
1075 opt.alpn_string = q;
1076 }
1077 else if( strcmp( p, "extended_ms" ) == 0 )
1078 {
1079 switch( atoi( q ) )
1080 {
1081 case 0:
1082 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1083 break;
1084 case 1:
1085 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1086 break;
1087 default: goto usage;
1088 }
1089 }
1090 else if( strcmp( p, "curves" ) == 0 )
1091 opt.curves = q;
1092 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
1093 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1094 else if( strcmp( p, "sig_algs" ) == 0 )
1095 opt.sig_algs = q;
1096 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
1097 MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1098 else if( strcmp( p, "etm" ) == 0 )
1099 {
1100 switch( atoi( q ) )
1101 {
1102 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1103 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1104 default: goto usage;
1105 }
1106 }
1107 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1108 else if( strcmp( p, "tls13_kex_modes" ) == 0 )
1109 {
1110 if( strcmp( q, "psk" ) == 0 )
1111 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
1112 else if( strcmp(q, "psk_ephemeral" ) == 0 )
1113 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1114 else if( strcmp(q, "ephemeral" ) == 0 )
1115 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
1116 else if( strcmp(q, "ephemeral_all" ) == 0 )
1117 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
1118 else if( strcmp( q, "psk_all" ) == 0 )
1119 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL;
1120 else if( strcmp( q, "all" ) == 0 )
1121 opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
1122 else goto usage;
1123 }
1124 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1125 else if( strcmp( p, "min_version" ) == 0 )
1126 {
1127 if( strcmp( q, "tls1_2" ) == 0 ||
1128 strcmp( q, "dtls1_2" ) == 0 )
1129 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1130 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1131 else if( strcmp( q, "tls1_3" ) == 0 )
1132 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
1133 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1134 else
1135 goto usage;
1136 }
1137 else if( strcmp( p, "max_version" ) == 0 )
1138 {
1139 if( strcmp( q, "tls1_2" ) == 0 ||
1140 strcmp( q, "dtls1_2" ) == 0 )
1141 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1142 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1143 else if( strcmp( q, "tls1_3" ) == 0 )
1144 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
1145 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1146 else
1147 goto usage;
1148 }
1149 else if( strcmp( p, "allow_sha1" ) == 0 )
1150 {
1151 switch( atoi( q ) )
1152 {
1153 case 0: opt.allow_sha1 = 0; break;
1154 case 1: opt.allow_sha1 = 1; break;
1155 default: goto usage;
1156 }
1157 }
1158 else if( strcmp( p, "force_version" ) == 0 )
1159 {
1160 if( strcmp( q, "tls1_2" ) == 0 )
1161 {
1162 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1163 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1164 }
1165 else if( strcmp( q, "dtls1_2" ) == 0 )
1166 {
1167 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1168 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1169 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1170 }
1171 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1172 else if( strcmp( q, "tls1_3" ) == 0 )
1173 {
1174 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
1175 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
1176 }
1177 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1178 else
1179 goto usage;
1180 }
1181 else if( strcmp( p, "auth_mode" ) == 0 )
1182 {
1183 if( strcmp( q, "none" ) == 0 )
1184 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1185 else if( strcmp( q, "optional" ) == 0 )
1186 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1187 else if( strcmp( q, "required" ) == 0 )
1188 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1189 else
1190 goto usage;
1191 }
1192 else if( strcmp( p, "max_frag_len" ) == 0 )
1193 {
1194 if( strcmp( q, "512" ) == 0 )
1195 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1196 else if( strcmp( q, "1024" ) == 0 )
1197 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1198 else if( strcmp( q, "2048" ) == 0 )
1199 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1200 else if( strcmp( q, "4096" ) == 0 )
1201 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1202 else
1203 goto usage;
1204 }
1205 else if( strcmp( p, "trunc_hmac" ) == 0 )
1206 {
1207 switch( atoi( q ) )
1208 {
1209 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1210 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1211 default: goto usage;
1212 }
1213 }
1214 else if( strcmp( p, "hs_timeout" ) == 0 )
1215 {
1216 if( ( p = strchr( q, '-' ) ) == NULL )
1217 goto usage;
1218 *p++ = '\0';
1219 opt.hs_to_min = atoi( q );
1220 opt.hs_to_max = atoi( p );
1221 if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
1222 goto usage;
1223 }
1224 else if( strcmp( p, "mtu" ) == 0 )
1225 {
1226 opt.dtls_mtu = atoi( q );
1227 if( opt.dtls_mtu < 0 )
1228 goto usage;
1229 }
1230 else if( strcmp( p, "dgram_packing" ) == 0 )
1231 {
1232 opt.dgram_packing = atoi( q );
1233 if( opt.dgram_packing != 0 &&
1234 opt.dgram_packing != 1 )
1235 {
1236 goto usage;
1237 }
1238 }
1239 else if( strcmp( p, "recsplit" ) == 0 )
1240 {
1241 opt.recsplit = atoi( q );
1242 if( opt.recsplit < 0 || opt.recsplit > 1 )
1243 goto usage;
1244 }
1245 else if( strcmp( p, "dhmlen" ) == 0 )
1246 {
1247 opt.dhmlen = atoi( q );
1248 if( opt.dhmlen < 0 )
1249 goto usage;
1250 }
1251 else if( strcmp( p, "query_config" ) == 0 )
1252 {
1253 opt.query_config_mode = 1;
1254 query_config_ret = query_config( q );
1255 goto exit;
1256 }
1257 else if( strcmp( p, "serialize") == 0 )
1258 {
1259 opt.serialize = atoi( q );
1260 if( opt.serialize < 0 || opt.serialize > 2)
1261 goto usage;
1262 }
1263 else if( strcmp( p, "context_file") == 0 )
1264 {
1265 opt.context_file = q;
1266 }
1267 else if( strcmp( p, "eap_tls" ) == 0 )
1268 {
1269 opt.eap_tls = atoi( q );
1270 if( opt.eap_tls < 0 || opt.eap_tls > 1 )
1271 goto usage;
1272 }
1273 else if( strcmp( p, "reproducible" ) == 0 )
1274 {
1275 opt.reproducible = 1;
1276 }
1277 else if( strcmp( p, "nss_keylog" ) == 0 )
1278 {
1279 opt.nss_keylog = atoi( q );
1280 if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
1281 goto usage;
1282 }
1283 else if( strcmp( p, "nss_keylog_file" ) == 0 )
1284 {
1285 opt.nss_keylog_file = q;
1286 }
1287 else if( strcmp( p, "skip_close_notify" ) == 0 )
1288 {
1289 opt.skip_close_notify = atoi( q );
1290 if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
1291 goto usage;
1292 }
1293 else if( strcmp( p, "use_srtp" ) == 0 )
1294 {
1295 opt.use_srtp = atoi ( q );
1296 }
1297 else if( strcmp( p, "srtp_force_profile" ) == 0 )
1298 {
1299 opt.force_srtp_profile = atoi( q );
1300 }
1301 else if( strcmp( p, "mki" ) == 0 )
1302 {
1303 opt.mki = q;
1304 }
1305 else
1306 goto usage;
1307 }
1308
1309 if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
1310 {
1311 mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
1312 goto usage;
1313 }
1314
1315 /* Event-driven IO is incompatible with the above custom
1316 * receive and send functions, as the polling builds on
1317 * refers to the underlying net_context. */
1318 if( opt.event == 1 && opt.nbio != 1 )
1319 {
1320 mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
1321 opt.nbio = 1;
1322 }
1323
1324 #if defined(MBEDTLS_DEBUG_C)
1325 mbedtls_debug_set_threshold( opt.debug_level );
1326 #endif
1327
1328 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1329 /*
1330 * Unhexify the pre-shared key if any is given
1331 */
1332 if( strlen( opt.psk ) )
1333 {
1334 if( mbedtls_test_unhexify( psk, sizeof( psk ),
1335 opt.psk, &psk_len ) != 0 )
1336 {
1337 mbedtls_printf( "pre-shared key not valid\n" );
1338 goto exit;
1339 }
1340 }
1341 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1342
1343 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1344 if( opt.psk_opaque != 0 )
1345 {
1346 if( opt.psk == NULL )
1347 {
1348 mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
1349 ret = 2;
1350 goto usage;
1351 }
1352
1353 if( opt.force_ciphersuite[0] <= 0 )
1354 {
1355 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1356 ret = 2;
1357 goto usage;
1358 }
1359 }
1360 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1361
1362 if( opt.force_ciphersuite[0] > 0 )
1363 {
1364 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1365 ciphersuite_info =
1366 mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
1367
1368 if( opt.max_version != -1 &&
1369 ciphersuite_info->min_minor_ver > opt.max_version )
1370 {
1371 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1372 ret = 2;
1373 goto usage;
1374 }
1375 if( opt.min_version != -1 &&
1376 ciphersuite_info->max_minor_ver < opt.min_version )
1377 {
1378 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1379 ret = 2;
1380 goto usage;
1381 }
1382
1383 /* If the server selects a version that's not supported by
1384 * this suite, then there will be no common ciphersuite... */
1385 if( opt.max_version == -1 ||
1386 opt.max_version > ciphersuite_info->max_minor_ver )
1387 {
1388 opt.max_version = ciphersuite_info->max_minor_ver;
1389 }
1390 if( opt.min_version < ciphersuite_info->min_minor_ver )
1391 {
1392 opt.min_version = ciphersuite_info->min_minor_ver;
1393 /* DTLS starts with TLS 1.2 */
1394 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1395 opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
1396 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1397 }
1398
1399 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1400 if( opt.psk_opaque != 0 )
1401 {
1402 /* Ensure that the chosen ciphersuite is PSK-only; we must know
1403 * the ciphersuite in advance to set the correct policy for the
1404 * PSK key slot. This limitation might go away in the future. */
1405 if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
1406 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
1407 {
1408 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1409 ret = 2;
1410 goto usage;
1411 }
1412
1413 /* Determine KDF algorithm the opaque PSK will be used in. */
1414 #if defined(MBEDTLS_SHA384_C)
1415 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
1416 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1417 else
1418 #endif /* MBEDTLS_SHA384_C */
1419 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1420 }
1421 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1422 }
1423
1424 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1425 if( mbedtls_test_unhexify( cid, sizeof( cid ),
1426 opt.cid_val, &cid_len ) != 0 )
1427 {
1428 mbedtls_printf( "CID not valid\n" );
1429 goto exit;
1430 }
1431
1432 /* Keep CID settings for renegotiation unless
1433 * specified otherwise. */
1434 if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
1435 opt.cid_enabled_renego = opt.cid_enabled;
1436 if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
1437 opt.cid_val_renego = opt.cid_val;
1438
1439 if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ),
1440 opt.cid_val_renego, &cid_renego_len ) != 0 )
1441 {
1442 mbedtls_printf( "CID not valid\n" );
1443 goto exit;
1444 }
1445 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1446
1447 #if defined(MBEDTLS_ECP_C)
1448 if( opt.curves != NULL )
1449 {
1450 p = (char *) opt.curves;
1451 i = 0;
1452
1453 if( strcmp( p, "none" ) == 0 )
1454 {
1455 group_list[0] = 0;
1456 }
1457 else if( strcmp( p, "default" ) != 0 )
1458 {
1459 /* Leave room for a final NULL in curve list */
1460 while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
1461 {
1462 q = p;
1463
1464 /* Terminate the current string */
1465 while( *p != ',' && *p != '\0' )
1466 p++;
1467 if( *p == ',' )
1468 *p++ = '\0';
1469
1470 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
1471 {
1472 group_list[i++] = curve_cur->tls_id;
1473 }
1474 else
1475 {
1476 mbedtls_printf( "unknown curve %s\n", q );
1477 mbedtls_printf( "supported curves: " );
1478 for( curve_cur = mbedtls_ecp_curve_list();
1479 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
1480 curve_cur++ )
1481 {
1482 mbedtls_printf( "%s ", curve_cur->name );
1483 }
1484 mbedtls_printf( "\n" );
1485 goto exit;
1486 }
1487 }
1488
1489 mbedtls_printf("Number of curves: %d\n", i );
1490
1491 if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
1492 {
1493 mbedtls_printf( "curves list too long, maximum %d",
1494 CURVE_LIST_SIZE - 1 );
1495 goto exit;
1496 }
1497
1498 group_list[i] = 0;
1499 }
1500 }
1501 #endif /* MBEDTLS_ECP_C */
1502
1503 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
1504 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1505 if( opt.sig_algs != NULL )
1506 {
1507 p = (char *) opt.sig_algs;
1508 i = 0;
1509
1510 /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
1511 while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
1512 {
1513 q = p;
1514
1515 /* Terminate the current string */
1516 while( *p != ',' && *p != '\0' )
1517 p++;
1518 if( *p == ',' )
1519 *p++ = '\0';
1520
1521 if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
1522 {
1523 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
1524 }
1525 else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
1526 {
1527 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
1528 }
1529 else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
1530 {
1531 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
1532 }
1533 else
1534 {
1535 mbedtls_printf( "unknown signature algorithm %s\n", q );
1536 mbedtls_printf( "supported signature algorithms: " );
1537 mbedtls_printf( "ecdsa_secp256r1_sha256 " );
1538 mbedtls_printf( "ecdsa_secp384r1_sha384 " );
1539 mbedtls_printf( "ecdsa_secp521r1_sha512 " );
1540 mbedtls_printf( "\n" );
1541 goto exit;
1542 }
1543 }
1544
1545 if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
1546 {
1547 mbedtls_printf( "signature algorithm list too long, maximum %d",
1548 SIG_ALG_LIST_SIZE - 1 );
1549 goto exit;
1550 }
1551
1552 sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
1553 }
1554 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
1555 MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1556
1557 #if defined(MBEDTLS_SSL_ALPN)
1558 if( opt.alpn_string != NULL )
1559 {
1560 p = (char *) opt.alpn_string;
1561 i = 0;
1562
1563 /* Leave room for a final NULL in alpn_list */
1564 while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
1565 {
1566 alpn_list[i++] = p;
1567
1568 /* Terminate the current string and move on to next one */
1569 while( *p != ',' && *p != '\0' )
1570 p++;
1571 if( *p == ',' )
1572 *p++ = '\0';
1573 }
1574 }
1575 #endif /* MBEDTLS_SSL_ALPN */
1576
1577 /*
1578 * 0. Initialize the RNG and the session data
1579 */
1580 mbedtls_printf( "\n . Seeding the random number generator..." );
1581 fflush( stdout );
1582
1583 ret = rng_seed( &rng, opt.reproducible, pers );
1584 if( ret != 0 )
1585 goto exit;
1586 mbedtls_printf( " ok\n" );
1587
1588 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1589 /*
1590 * 1.1. Load the trusted CA
1591 */
1592 mbedtls_printf( " . Loading the CA root certificate ..." );
1593 fflush( stdout );
1594
1595 if( strcmp( opt.ca_path, "none" ) == 0 ||
1596 strcmp( opt.ca_file, "none" ) == 0 )
1597 {
1598 ret = 0;
1599 }
1600 else
1601 #if defined(MBEDTLS_FS_IO)
1602 if( strlen( opt.ca_path ) )
1603 ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
1604 else if( strlen( opt.ca_file ) )
1605 ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
1606 else
1607 #endif
1608 {
1609 #if defined(MBEDTLS_PEM_PARSE_C)
1610 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
1611 {
1612 ret = mbedtls_x509_crt_parse( &cacert,
1613 (const unsigned char *) mbedtls_test_cas[i],
1614 mbedtls_test_cas_len[i] );
1615 if( ret != 0 )
1616 break;
1617 }
1618 if( ret == 0 )
1619 #endif /* MBEDTLS_PEM_PARSE_C */
1620 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
1621 {
1622 ret = mbedtls_x509_crt_parse_der( &cacert,
1623 (const unsigned char *) mbedtls_test_cas_der[i],
1624 mbedtls_test_cas_der_len[i] );
1625 if( ret != 0 )
1626 break;
1627 }
1628 }
1629 if( ret < 0 )
1630 {
1631 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1632 (unsigned int) -ret );
1633 goto exit;
1634 }
1635
1636 mbedtls_printf( " ok (%d skipped)\n", ret );
1637
1638 /*
1639 * 1.2. Load own certificate and private key
1640 *
1641 * (can be skipped if client authentication is not required)
1642 */
1643 mbedtls_printf( " . Loading the client cert. and key..." );
1644 fflush( stdout );
1645
1646 if( strcmp( opt.crt_file, "none" ) == 0 )
1647 ret = 0;
1648 else
1649 #if defined(MBEDTLS_FS_IO)
1650 if( strlen( opt.crt_file ) )
1651 ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
1652 else
1653 #endif
1654 ret = mbedtls_x509_crt_parse( &clicert,
1655 (const unsigned char *) mbedtls_test_cli_crt,
1656 mbedtls_test_cli_crt_len );
1657 if( ret != 0 )
1658 {
1659 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1660 (unsigned int) -ret );
1661 goto exit;
1662 }
1663
1664 if( strcmp( opt.key_file, "none" ) == 0 )
1665 ret = 0;
1666 else
1667 #if defined(MBEDTLS_FS_IO)
1668 if( strlen( opt.key_file ) )
1669 ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
1670 else
1671 #endif
1672 ret = mbedtls_pk_parse_key( &pkey,
1673 (const unsigned char *) mbedtls_test_cli_key,
1674 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
1675 if( ret != 0 )
1676 {
1677 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1678 (unsigned int) -ret );
1679 goto exit;
1680 }
1681
1682 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1683 if( opt.key_opaque != 0 )
1684 {
1685 if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
1686 PSA_ALG_ANY_HASH ) ) != 0 )
1687 {
1688 mbedtls_printf( " failed\n ! "
1689 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
1690 goto exit;
1691 }
1692 }
1693 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1694
1695 mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
1696 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1697
1698 /*
1699 * 2. Setup stuff
1700 */
1701 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
1702 fflush( stdout );
1703
1704 if( ( ret = mbedtls_ssl_config_defaults( &conf,
1705 MBEDTLS_SSL_IS_CLIENT,
1706 opt.transport,
1707 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
1708 {
1709 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1710 (unsigned int) -ret );
1711 goto exit;
1712 }
1713
1714 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1715 /* The default algorithms profile disables SHA-1, but our tests still
1716 rely on it heavily. */
1717 if( opt.allow_sha1 > 0 )
1718 {
1719 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
1720 mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
1721 mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
1722 }
1723
1724 if( opt.context_crt_cb == 0 )
1725 mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
1726
1727 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
1728 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1729
1730 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1731 if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
1732 {
1733 if( opt.cid_enabled == 1 &&
1734 opt.cid_enabled_renego == 1 &&
1735 cid_len != cid_renego_len )
1736 {
1737 mbedtls_printf( "CID length must not change during renegotiation\n" );
1738 goto usage;
1739 }
1740
1741 if( opt.cid_enabled == 1 )
1742 ret = mbedtls_ssl_conf_cid( &conf, cid_len,
1743 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1744 else
1745 ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
1746 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1747
1748 if( ret != 0 )
1749 {
1750 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1751 (unsigned int) -ret );
1752 goto exit;
1753 }
1754 }
1755 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1756
1757 if( opt.auth_mode != DFL_AUTH_MODE )
1758 mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
1759
1760 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1761 if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
1762 mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
1763 opt.hs_to_max );
1764
1765 if( opt.dgram_packing != DFL_DGRAM_PACKING )
1766 mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
1767 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1768
1769 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1770 if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
1771 {
1772 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1773 ret );
1774 goto exit;
1775 }
1776 #endif
1777
1778 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1779 const mbedtls_ssl_srtp_profile forced_profile[] =
1780 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1781 if( opt.use_srtp == 1 )
1782 {
1783 if( opt.force_srtp_profile != 0 )
1784 {
1785 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
1786 }
1787 else
1788 {
1789 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
1790 }
1791
1792 if( ret != 0 )
1793 {
1794 mbedtls_printf( " failed\n ! "
1795 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1796 ret );
1797 goto exit;
1798 }
1799
1800 }
1801 else if( opt.force_srtp_profile != 0 )
1802 {
1803 mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
1804 goto exit;
1805 }
1806 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1807
1808 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1809 if( opt.extended_ms != DFL_EXTENDED_MS )
1810 mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
1811 #endif
1812
1813 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1814 if( opt.etm != DFL_ETM )
1815 mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
1816 #endif
1817
1818 #if defined(MBEDTLS_DHM_C)
1819 if( opt.dhmlen != DFL_DHMLEN )
1820 mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
1821 #endif
1822
1823 #if defined(MBEDTLS_SSL_ALPN)
1824 if( opt.alpn_string != NULL )
1825 if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
1826 {
1827 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
1828 ret );
1829 goto exit;
1830 }
1831 #endif
1832
1833 if (opt.reproducible)
1834 {
1835 #if defined(MBEDTLS_HAVE_TIME)
1836 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
1837 mbedtls_platform_set_time( dummy_constant_time );
1838 #else
1839 fprintf( stderr, "Warning: reproducible option used without constant time\n" );
1840 #endif
1841 #endif /* MBEDTLS_HAVE_TIME */
1842 }
1843 mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
1844 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
1845
1846 mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
1847
1848 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1849 mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
1850 #endif
1851
1852 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
1853 mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
1854
1855 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1856 mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
1857 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1858
1859 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
1860 mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
1861 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1862 mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
1863 #endif
1864
1865 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1866 if( strcmp( opt.ca_path, "none" ) != 0 &&
1867 strcmp( opt.ca_file, "none" ) != 0 )
1868 {
1869 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1870 if( opt.ca_callback != 0 )
1871 mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert );
1872 else
1873 #endif
1874 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
1875 }
1876 if( strcmp( opt.crt_file, "none" ) != 0 &&
1877 strcmp( opt.key_file, "none" ) != 0 )
1878 {
1879 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
1880 {
1881 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
1882 ret );
1883 goto exit;
1884 }
1885 }
1886 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1887
1888 #if defined(MBEDTLS_ECP_C)
1889 if( opt.curves != NULL &&
1890 strcmp( opt.curves, "default" ) != 0 )
1891 {
1892 mbedtls_ssl_conf_groups( &conf, group_list );
1893 }
1894 #endif
1895
1896 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1897 if( opt.sig_algs != NULL )
1898 mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
1899 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1900
1901 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1902 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1903 if( opt.psk_opaque != 0 )
1904 {
1905 key_attributes = psa_key_attributes_init();
1906 psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
1907 psa_set_key_algorithm( &key_attributes, alg );
1908 psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
1909
1910 status = psa_import_key( &key_attributes, psk, psk_len, &slot );
1911 if( status != PSA_SUCCESS )
1912 {
1913 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1914 goto exit;
1915 }
1916
1917 if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, slot,
1918 (const unsigned char *) opt.psk_identity,
1919 strlen( opt.psk_identity ) ) ) != 0 )
1920 {
1921 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
1922 ret );
1923 goto exit;
1924 }
1925 }
1926 else
1927 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1928 if( psk_len > 0 )
1929 {
1930 ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
1931 (const unsigned char *) opt.psk_identity,
1932 strlen( opt.psk_identity ) );
1933 if( ret != 0 )
1934 {
1935 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
1936 goto exit;
1937 }
1938 }
1939 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1940
1941 if( opt.min_version != DFL_MIN_VERSION )
1942 mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1943 opt.min_version );
1944
1945 if( opt.max_version != DFL_MAX_VERSION )
1946 mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1947 opt.max_version );
1948
1949 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
1950 {
1951 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
1952 (unsigned int) -ret );
1953 goto exit;
1954 }
1955
1956 if( opt.eap_tls != 0 )
1957 {
1958 mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
1959 &eap_tls_keying );
1960 }
1961 else if( opt.nss_keylog != 0 )
1962 {
1963 mbedtls_ssl_set_export_keys_cb( &ssl,
1964 nss_keylog_export,
1965 NULL );
1966 }
1967 #if defined( MBEDTLS_SSL_DTLS_SRTP )
1968 else if( opt.use_srtp != 0 )
1969 {
1970 mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
1971 &dtls_srtp_keying );
1972 }
1973 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1974
1975 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1976 if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
1977 {
1978 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
1979 ret );
1980 goto exit;
1981 }
1982 #endif
1983
1984 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1985 if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
1986 {
1987 if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
1988 (const unsigned char *) opt.ecjpake_pw,
1989 strlen( opt.ecjpake_pw ) ) ) != 0 )
1990 {
1991 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
1992 ret );
1993 goto exit;
1994 }
1995 }
1996 #endif
1997
1998 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1999 if( opt.context_crt_cb == 1 )
2000 mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
2001 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2002
2003 io_ctx.ssl = &ssl;
2004 io_ctx.net = &server_fd;
2005 mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
2006 opt.nbio == 0 ? recv_timeout_cb : NULL );
2007
2008 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2009 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2010 {
2011 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
2012 cid, cid_len ) ) != 0 )
2013 {
2014 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2015 ret );
2016 goto exit;
2017 }
2018 }
2019 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2020
2021 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2022 if( opt.dtls_mtu != DFL_DTLS_MTU )
2023 mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
2024 #endif
2025
2026 #if defined(MBEDTLS_TIMING_C)
2027 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
2028 mbedtls_timing_get_delay );
2029 #endif
2030
2031 #if defined(MBEDTLS_ECP_RESTARTABLE)
2032 if( opt.ec_max_ops != DFL_EC_MAX_OPS )
2033 mbedtls_ecp_set_max_ops( opt.ec_max_ops );
2034 #endif
2035
2036 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2037 if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 )
2038 {
2039 if( mbedtls_test_unhexify( mki, sizeof( mki ),
2040 opt.mki,&mki_len ) != 0 )
2041 {
2042 mbedtls_printf( "mki value not valid hex\n" );
2043 goto exit;
2044 }
2045
2046 mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
2047 if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
2048 (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 )
2049 {
2050 mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
2051 goto exit;
2052 }
2053 }
2054 #endif
2055
2056 mbedtls_printf( " ok\n" );
2057
2058 /*
2059 * 3. Start the connection
2060 */
2061 if( opt.server_addr == NULL)
2062 opt.server_addr = opt.server_name;
2063
2064 mbedtls_printf( " . Connecting to %s/%s/%s...",
2065 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2066 opt.server_addr, opt.server_port );
2067 fflush( stdout );
2068
2069 if( ( ret = mbedtls_net_connect( &server_fd,
2070 opt.server_addr, opt.server_port,
2071 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2072 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2073 {
2074 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2075 (unsigned int) -ret );
2076 goto exit;
2077 }
2078
2079 if( opt.nbio > 0 )
2080 ret = mbedtls_net_set_nonblock( &server_fd );
2081 else
2082 ret = mbedtls_net_set_block( &server_fd );
2083 if( ret != 0 )
2084 {
2085 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
2086 (unsigned int) -ret );
2087 goto exit;
2088 }
2089
2090 mbedtls_printf( " ok\n" );
2091
2092 /*
2093 * 4. Handshake
2094 */
2095 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
2096 fflush( stdout );
2097
2098 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2099 {
2100 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2101 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2102 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2103 {
2104 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
2105 (unsigned int) -ret );
2106 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2107 mbedtls_printf(
2108 " Unable to verify the server's certificate. "
2109 "Either it is invalid,\n"
2110 " or you didn't set ca_file or ca_path "
2111 "to an appropriate value.\n"
2112 " Alternatively, you may want to use "
2113 "auth_mode=optional for testing purposes.\n" );
2114 mbedtls_printf( "\n" );
2115 goto exit;
2116 }
2117
2118 #if defined(MBEDTLS_ECP_RESTARTABLE)
2119 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2120 continue;
2121 #endif
2122
2123 /* For event-driven IO, wait for socket to become available */
2124 if( opt.event == 1 /* level triggered IO */ )
2125 {
2126 #if defined(MBEDTLS_TIMING_C)
2127 ret = idle( &server_fd, &timer, ret );
2128 #else
2129 ret = idle( &server_fd, ret );
2130 #endif
2131 if( ret != 0 )
2132 goto exit;
2133 }
2134 }
2135
2136 mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
2137 mbedtls_ssl_get_version( &ssl ),
2138 mbedtls_ssl_get_ciphersuite( &ssl ) );
2139
2140 if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
2141 mbedtls_printf( " [ Record expansion is %d ]\n", ret );
2142 else
2143 mbedtls_printf( " [ Record expansion is unknown ]\n" );
2144
2145 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2146 mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
2147 (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
2148 mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
2149 (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
2150 #endif
2151
2152 #if defined(MBEDTLS_SSL_ALPN)
2153 if( opt.alpn_string != NULL )
2154 {
2155 const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
2156 mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
2157 alp ? alp : "(none)" );
2158 }
2159 #endif
2160
2161 if( opt.eap_tls != 0 )
2162 {
2163 size_t j = 0;
2164
2165 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
2166 eap_tls_keying.master_secret,
2167 sizeof( eap_tls_keying.master_secret ),
2168 eap_tls_label,
2169 eap_tls_keying.randbytes,
2170 sizeof( eap_tls_keying.randbytes ),
2171 eap_tls_keymaterial,
2172 sizeof( eap_tls_keymaterial ) ) )
2173 != 0 )
2174 {
2175 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2176 (unsigned int) -ret );
2177 goto exit;
2178 }
2179
2180 mbedtls_printf( " EAP-TLS key material is:" );
2181 for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
2182 {
2183 if( j % 8 == 0 )
2184 mbedtls_printf("\n ");
2185 mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
2186 }
2187 mbedtls_printf("\n");
2188
2189 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
2190 eap_tls_label,
2191 eap_tls_keying.randbytes,
2192 sizeof( eap_tls_keying.randbytes ),
2193 eap_tls_iv,
2194 sizeof( eap_tls_iv ) ) ) != 0 )
2195 {
2196 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2197 (unsigned int) -ret );
2198 goto exit;
2199 }
2200
2201 mbedtls_printf( " EAP-TLS IV is:" );
2202 for( j = 0; j < sizeof( eap_tls_iv ); j++ )
2203 {
2204 if( j % 8 == 0 )
2205 mbedtls_printf("\n ");
2206 mbedtls_printf("%02x ", eap_tls_iv[j] );
2207 }
2208 mbedtls_printf("\n");
2209 }
2210
2211 #if defined( MBEDTLS_SSL_DTLS_SRTP )
2212 else if( opt.use_srtp != 0 )
2213 {
2214 size_t j = 0;
2215 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2216 mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result );
2217
2218 if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2219 == MBEDTLS_TLS_SRTP_UNSET )
2220 {
2221 mbedtls_printf( " Unable to negotiate "
2222 "the use of DTLS-SRTP\n" );
2223 }
2224 else
2225 {
2226 if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
2227 dtls_srtp_keying.master_secret,
2228 sizeof( dtls_srtp_keying.master_secret ),
2229 dtls_srtp_label,
2230 dtls_srtp_keying.randbytes,
2231 sizeof( dtls_srtp_keying.randbytes ),
2232 dtls_srtp_key_material,
2233 sizeof( dtls_srtp_key_material ) ) )
2234 != 0 )
2235 {
2236 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2237 (unsigned int) -ret );
2238 goto exit;
2239 }
2240
2241 mbedtls_printf( " DTLS-SRTP key material is:" );
2242 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2243 {
2244 if( j % 8 == 0 )
2245 mbedtls_printf( "\n " );
2246 mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
2247 }
2248 mbedtls_printf( "\n" );
2249
2250 /* produce a less readable output used to perform automatic checks
2251 * - compare client and server output
2252 * - interop test with openssl which client produces this kind of output
2253 */
2254 mbedtls_printf( " Keying material: " );
2255 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2256 {
2257 mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
2258 }
2259 mbedtls_printf( "\n" );
2260
2261 if ( dtls_srtp_negotiation_result.mki_len > 0 )
2262 {
2263 mbedtls_printf( " DTLS-SRTP mki value: " );
2264 for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
2265 {
2266 mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
2267 }
2268 }
2269 else
2270 {
2271 mbedtls_printf( " DTLS-SRTP no mki value negotiated" );
2272 }
2273 mbedtls_printf( "\n" );
2274 }
2275 }
2276 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2277 if( opt.reconnect != 0 )
2278 {
2279 mbedtls_printf(" . Saving session for reuse..." );
2280 fflush( stdout );
2281
2282 if( opt.reco_mode == 1 )
2283 {
2284 mbedtls_ssl_session exported_session;
2285
2286 /* free any previously saved data */
2287 if( session_data != NULL )
2288 {
2289 mbedtls_platform_zeroize( session_data, session_data_len );
2290 mbedtls_free( session_data );
2291 session_data = NULL;
2292 }
2293
2294 mbedtls_ssl_session_init( &exported_session );
2295 ret = mbedtls_ssl_get_session( &ssl, &exported_session );
2296 if( ret != 0 )
2297 {
2298 mbedtls_printf(
2299 "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
2300 (unsigned) -ret );
2301 goto exit;
2302 }
2303
2304 /* get size of the buffer needed */
2305 mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len );
2306 session_data = mbedtls_calloc( 1, session_data_len );
2307 if( session_data == NULL )
2308 {
2309 mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
2310 (unsigned) session_data_len );
2311 mbedtls_ssl_session_free( &exported_session );
2312 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
2313 goto exit;
2314 }
2315
2316 /* actually save session data */
2317 if( ( ret = mbedtls_ssl_session_save( &exported_session,
2318 session_data, session_data_len,
2319 &session_data_len ) ) != 0 )
2320 {
2321 mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
2322 (unsigned int) -ret );
2323 mbedtls_ssl_session_free( &exported_session );
2324 goto exit;
2325 }
2326
2327 mbedtls_ssl_session_free( &exported_session );
2328 }
2329 else
2330 {
2331 if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
2332 {
2333 mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2334 (unsigned int) -ret );
2335 goto exit;
2336 }
2337 }
2338
2339 mbedtls_printf( " ok\n" );
2340
2341 if( opt.reco_mode == 1 )
2342 {
2343 mbedtls_printf( " [ Saved %u bytes of session data]\n",
2344 (unsigned) session_data_len );
2345 }
2346 }
2347
2348 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2349 /*
2350 * 5. Verify the server certificate
2351 */
2352 mbedtls_printf( " . Verifying peer X.509 certificate..." );
2353
2354 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
2355 {
2356 char vrfy_buf[512];
2357 mbedtls_printf( " failed\n" );
2358
2359 x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
2360 " ! ", flags );
2361
2362 mbedtls_printf( "%s\n", vrfy_buf );
2363 }
2364 else
2365 mbedtls_printf( " ok\n" );
2366
2367 #if !defined(MBEDTLS_X509_REMOVE_INFO)
2368 mbedtls_printf( " . Peer certificate information ...\n" );
2369 mbedtls_printf( "%s\n", peer_crt_info );
2370 #endif /* !MBEDTLS_X509_REMOVE_INFO */
2371 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2372
2373 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2374 ret = report_cid_usage( &ssl, "initial handshake" );
2375 if( ret != 0 )
2376 goto exit;
2377
2378 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2379 {
2380 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
2381 cid_renego,
2382 cid_renego_len ) ) != 0 )
2383 {
2384 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2385 ret );
2386 goto exit;
2387 }
2388 }
2389 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2390
2391 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2392 if( opt.renegotiate )
2393 {
2394 /*
2395 * Perform renegotiation (this must be done when the server is waiting
2396 * for input from our side).
2397 */
2398 mbedtls_printf( " . Performing renegotiation..." );
2399 fflush( stdout );
2400 while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
2401 {
2402 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2403 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2404 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2405 {
2406 mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2407 ret );
2408 goto exit;
2409 }
2410
2411 #if defined(MBEDTLS_ECP_RESTARTABLE)
2412 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2413 continue;
2414 #endif
2415
2416 /* For event-driven IO, wait for socket to become available */
2417 if( opt.event == 1 /* level triggered IO */ )
2418 {
2419 #if defined(MBEDTLS_TIMING_C)
2420 idle( &server_fd, &timer, ret );
2421 #else
2422 idle( &server_fd, ret );
2423 #endif
2424 }
2425
2426 }
2427 mbedtls_printf( " ok\n" );
2428 }
2429 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2430
2431 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2432 ret = report_cid_usage( &ssl, "after renegotiation" );
2433 if( ret != 0 )
2434 goto exit;
2435 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2436
2437 /*
2438 * 6. Write the GET request
2439 */
2440 retry_left = opt.max_resend;
2441 send_request:
2442 mbedtls_printf( " > Write to server:" );
2443 fflush( stdout );
2444
2445 len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
2446 opt.request_page );
2447 tail_len = (int) strlen( GET_REQUEST_END );
2448
2449 /* Add padding to GET request to reach opt.request_size in length */
2450 if( opt.request_size != DFL_REQUEST_SIZE &&
2451 len + tail_len < opt.request_size )
2452 {
2453 memset( buf + len, 'A', opt.request_size - len - tail_len );
2454 len += opt.request_size - len - tail_len;
2455 }
2456
2457 strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
2458 len += tail_len;
2459
2460 /* Truncate if request size is smaller than the "natural" size */
2461 if( opt.request_size != DFL_REQUEST_SIZE &&
2462 len > opt.request_size )
2463 {
2464 len = opt.request_size;
2465
2466 /* Still end with \r\n unless that's really not possible */
2467 if( len >= 2 ) buf[len - 2] = '\r';
2468 if( len >= 1 ) buf[len - 1] = '\n';
2469 }
2470
2471 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2472 {
2473 written = 0;
2474 frags = 0;
2475
2476 do
2477 {
2478 while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
2479 len - written ) ) < 0 )
2480 {
2481 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2482 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2483 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2484 {
2485 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2486 (unsigned int) -ret );
2487 goto exit;
2488 }
2489
2490 /* For event-driven IO, wait for socket to become available */
2491 if( opt.event == 1 /* level triggered IO */ )
2492 {
2493 #if defined(MBEDTLS_TIMING_C)
2494 idle( &server_fd, &timer, ret );
2495 #else
2496 idle( &server_fd, ret );
2497 #endif
2498 }
2499 }
2500
2501 frags++;
2502 written += ret;
2503 }
2504 while( written < len );
2505 }
2506 else /* Not stream, so datagram */
2507 {
2508 while( 1 )
2509 {
2510 ret = mbedtls_ssl_write( &ssl, buf, len );
2511
2512 #if defined(MBEDTLS_ECP_RESTARTABLE)
2513 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2514 continue;
2515 #endif
2516
2517 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2518 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2519 break;
2520
2521 /* For event-driven IO, wait for socket to become available */
2522 if( opt.event == 1 /* level triggered IO */ )
2523 {
2524 #if defined(MBEDTLS_TIMING_C)
2525 idle( &server_fd, &timer, ret );
2526 #else
2527 idle( &server_fd, ret );
2528 #endif
2529 }
2530 }
2531
2532 if( ret < 0 )
2533 {
2534 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
2535 ret );
2536 goto exit;
2537 }
2538
2539 frags = 1;
2540 written = ret;
2541
2542 if( written < len )
2543 {
2544 mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
2545 "was truncated to size %u", (unsigned) written );
2546 }
2547 }
2548
2549 buf[written] = '\0';
2550 mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
2551 written, frags, (char *) buf );
2552
2553 /* Send a non-empty request if request_size == 0 */
2554 if ( len == 0 )
2555 {
2556 opt.request_size = DFL_REQUEST_SIZE;
2557 goto send_request;
2558 }
2559
2560 /*
2561 * 7. Read the HTTP response
2562 */
2563 mbedtls_printf( " < Read from server:" );
2564 fflush( stdout );
2565
2566 /*
2567 * TLS and DTLS need different reading styles (stream vs datagram)
2568 */
2569 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2570 {
2571 do
2572 {
2573 len = sizeof( buf ) - 1;
2574 memset( buf, 0, sizeof( buf ) );
2575 ret = mbedtls_ssl_read( &ssl, buf, len );
2576
2577 #if defined(MBEDTLS_ECP_RESTARTABLE)
2578 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2579 continue;
2580 #endif
2581
2582 if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
2583 ret == MBEDTLS_ERR_SSL_WANT_WRITE )
2584 {
2585 /* For event-driven IO, wait for socket to become available */
2586 if( opt.event == 1 /* level triggered IO */ )
2587 {
2588 #if defined(MBEDTLS_TIMING_C)
2589 idle( &server_fd, &timer, ret );
2590 #else
2591 idle( &server_fd, ret );
2592 #endif
2593 }
2594 continue;
2595 }
2596
2597 if( ret <= 0 )
2598 {
2599 switch( ret )
2600 {
2601 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2602 mbedtls_printf( " connection was closed gracefully\n" );
2603 ret = 0;
2604 goto close_notify;
2605
2606 case 0:
2607 case MBEDTLS_ERR_NET_CONN_RESET:
2608 mbedtls_printf( " connection was reset by peer\n" );
2609 ret = 0;
2610 goto reconnect;
2611
2612 default:
2613 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
2614 (unsigned int) -ret );
2615 goto exit;
2616 }
2617 }
2618
2619 len = ret;
2620 buf[len] = '\0';
2621 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
2622
2623 /* End of message should be detected according to the syntax of the
2624 * application protocol (eg HTTP), just use a dummy test here. */
2625 if( ret > 0 && buf[len-1] == '\n' )
2626 {
2627 ret = 0;
2628 break;
2629 }
2630 }
2631 while( 1 );
2632 }
2633 else /* Not stream, so datagram */
2634 {
2635 len = sizeof( buf ) - 1;
2636 memset( buf, 0, sizeof( buf ) );
2637
2638 while( 1 )
2639 {
2640 ret = mbedtls_ssl_read( &ssl, buf, len );
2641
2642 #if defined(MBEDTLS_ECP_RESTARTABLE)
2643 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2644 continue;
2645 #endif
2646
2647 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2648 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2649 break;
2650
2651 /* For event-driven IO, wait for socket to become available */
2652 if( opt.event == 1 /* level triggered IO */ )
2653 {
2654 #if defined(MBEDTLS_TIMING_C)
2655 idle( &server_fd, &timer, ret );
2656 #else
2657 idle( &server_fd, ret );
2658 #endif
2659 }
2660 }
2661
2662 if( ret <= 0 )
2663 {
2664 switch( ret )
2665 {
2666 case MBEDTLS_ERR_SSL_TIMEOUT:
2667 mbedtls_printf( " timeout\n" );
2668 if( retry_left-- > 0 )
2669 goto send_request;
2670 goto exit;
2671
2672 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2673 mbedtls_printf( " connection was closed gracefully\n" );
2674 ret = 0;
2675 goto close_notify;
2676
2677 default:
2678 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
2679 goto exit;
2680 }
2681 }
2682
2683 len = ret;
2684 buf[len] = '\0';
2685 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
2686 ret = 0;
2687 }
2688
2689 /*
2690 * 7b. Simulate hard reset and reconnect from same port?
2691 */
2692 if( opt.reconnect_hard != 0 )
2693 {
2694 opt.reconnect_hard = 0;
2695
2696 mbedtls_printf( " . Restarting connection from same port..." );
2697 fflush( stdout );
2698
2699 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2700 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
2701 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2702
2703 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
2704 {
2705 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2706 (unsigned int) -ret );
2707 goto exit;
2708 }
2709
2710 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2711 {
2712 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2713 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2714 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2715 {
2716 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2717 (unsigned int) -ret );
2718 goto exit;
2719 }
2720
2721 /* For event-driven IO, wait for socket to become available */
2722 if( opt.event == 1 /* level triggered IO */ )
2723 {
2724 #if defined(MBEDTLS_TIMING_C)
2725 idle( &server_fd, &timer, ret );
2726 #else
2727 idle( &server_fd, ret );
2728 #endif
2729 }
2730 }
2731
2732 mbedtls_printf( " ok\n" );
2733
2734 goto send_request;
2735 }
2736
2737 /*
2738 * 7c. Simulate serialize/deserialize and go back to data exchange
2739 */
2740 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2741 if( opt.serialize != 0 )
2742 {
2743 size_t buf_len;
2744
2745 mbedtls_printf( " . Serializing live connection..." );
2746
2747 ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
2748 if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
2749 {
2750 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2751 "-0x%x\n\n", (unsigned int) -ret );
2752
2753 goto exit;
2754 }
2755
2756 if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL )
2757 {
2758 mbedtls_printf( " failed\n ! Couldn't allocate buffer for "
2759 "serialized context" );
2760
2761 goto exit;
2762 }
2763 context_buf_len = buf_len;
2764
2765 if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
2766 buf_len, &buf_len ) ) != 0 )
2767 {
2768 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2769 "-0x%x\n\n", (unsigned int) -ret );
2770
2771 goto exit;
2772 }
2773
2774 mbedtls_printf( " ok\n" );
2775
2776 /* Save serialized context to the 'opt.context_file' as a base64 code */
2777 if( 0 < strlen( opt.context_file ) )
2778 {
2779 FILE *b64_file;
2780 uint8_t *b64_buf;
2781 size_t b64_len;
2782
2783 mbedtls_printf( " . Save serialized context to a file... " );
2784
2785 mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
2786
2787 if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
2788 {
2789 mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
2790 "the base64 code\n" );
2791 goto exit;
2792 }
2793
2794 if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
2795 context_buf, buf_len ) ) != 0 )
2796 {
2797 mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
2798 "-0x%x\n", (unsigned int) -ret );
2799 mbedtls_free( b64_buf );
2800 goto exit;
2801 }
2802
2803 if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
2804 {
2805 mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
2806 opt.context_file );
2807 mbedtls_free( b64_buf );
2808 goto exit;
2809 }
2810
2811 if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
2812 {
2813 mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
2814 (long) b64_len );
2815 mbedtls_free( b64_buf );
2816 fclose( b64_file );
2817 goto exit;
2818 }
2819
2820 mbedtls_free( b64_buf );
2821 fclose( b64_file );
2822
2823 mbedtls_printf( "ok\n" );
2824 }
2825
2826 if( opt.serialize == 1 )
2827 {
2828 /* nothing to do here, done by context_save() already */
2829 mbedtls_printf( " . Context has been reset... ok\n" );
2830 }
2831
2832 if( opt.serialize == 2 )
2833 {
2834 mbedtls_printf( " . Freeing and reinitializing context..." );
2835
2836 mbedtls_ssl_free( &ssl );
2837
2838 mbedtls_ssl_init( &ssl );
2839
2840 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
2841 {
2842 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
2843 "-0x%x\n\n", (unsigned int) -ret );
2844 goto exit;
2845 }
2846
2847 if( opt.nbio == 2 )
2848 mbedtls_ssl_set_bio( &ssl, &server_fd, delayed_send,
2849 delayed_recv, NULL );
2850 else
2851 mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send,
2852 mbedtls_net_recv,
2853 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
2854
2855 #if defined(MBEDTLS_TIMING_C)
2856 mbedtls_ssl_set_timer_cb( &ssl, &timer,
2857 mbedtls_timing_set_delay,
2858 mbedtls_timing_get_delay );
2859 #endif /* MBEDTLS_TIMING_C */
2860
2861 mbedtls_printf( " ok\n" );
2862 }
2863
2864 mbedtls_printf( " . Deserializing connection..." );
2865
2866 if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
2867 buf_len ) ) != 0 )
2868 {
2869 mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
2870 "-0x%x\n\n", (unsigned int) -ret );
2871
2872 goto exit;
2873 }
2874
2875 mbedtls_free( context_buf );
2876 context_buf = NULL;
2877 context_buf_len = 0;
2878
2879 mbedtls_printf( " ok\n" );
2880 }
2881 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2882
2883 /*
2884 * 7d. Continue doing data exchanges?
2885 */
2886 if( --opt.exchanges > 0 )
2887 goto send_request;
2888
2889 /*
2890 * 8. Done, cleanly close the connection
2891 */
2892 close_notify:
2893 mbedtls_printf( " . Closing the connection..." );
2894 fflush( stdout );
2895
2896 /*
2897 * Most of the time sending a close_notify before closing is the right
2898 * thing to do. However, when the server already knows how many messages
2899 * are expected and closes the connection by itself, this alert becomes
2900 * redundant. Sometimes with DTLS this redundancy becomes a problem by
2901 * leading to a race condition where the server might close the connection
2902 * before seeing the alert, and since UDP is connection-less when the
2903 * alert arrives it will be seen as a new connection, which will fail as
2904 * the alert is clearly not a valid ClientHello. This may cause spurious
2905 * failures in tests that use DTLS and resumption with ssl_server2 in
2906 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
2907 */
2908 if( opt.skip_close_notify == 0 )
2909 {
2910 /* No error checking, the connection might be closed already */
2911 do ret = mbedtls_ssl_close_notify( &ssl );
2912 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2913 ret = 0;
2914 }
2915
2916 mbedtls_printf( " done\n" );
2917
2918 /*
2919 * 9. Reconnect?
2920 */
2921 reconnect:
2922 if( opt.reconnect != 0 )
2923 {
2924 --opt.reconnect;
2925
2926 mbedtls_net_free( &server_fd );
2927
2928 #if defined(MBEDTLS_TIMING_C)
2929 if( opt.reco_delay > 0 )
2930 mbedtls_net_usleep( 1000000 * opt.reco_delay );
2931 #endif
2932
2933 mbedtls_printf( " . Reconnecting with saved session..." );
2934
2935 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2936 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
2937 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2938
2939 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
2940 {
2941 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2942 (unsigned int) -ret );
2943 goto exit;
2944 }
2945
2946 if( opt.reco_mode == 1 )
2947 {
2948 if( ( ret = mbedtls_ssl_session_load( &saved_session,
2949 session_data,
2950 session_data_len ) ) != 0 )
2951 {
2952 mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
2953 (unsigned int) -ret );
2954 goto exit;
2955 }
2956 }
2957
2958 if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
2959 {
2960 mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
2961 (unsigned int) -ret );
2962 goto exit;
2963 }
2964
2965 if( ( ret = mbedtls_net_connect( &server_fd,
2966 opt.server_addr, opt.server_port,
2967 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2968 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2969 {
2970 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2971 (unsigned int) -ret );
2972 goto exit;
2973 }
2974
2975 if( opt.nbio > 0 )
2976 ret = mbedtls_net_set_nonblock( &server_fd );
2977 else
2978 ret = mbedtls_net_set_block( &server_fd );
2979 if( ret != 0 )
2980 {
2981 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
2982 (unsigned int) -ret );
2983 goto exit;
2984 }
2985
2986 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2987 {
2988 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2989 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2990 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2991 {
2992 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2993 (unsigned int) -ret );
2994 goto exit;
2995 }
2996 }
2997
2998 mbedtls_printf( " ok\n" );
2999
3000 goto send_request;
3001 }
3002
3003 /*
3004 * Cleanup and exit
3005 */
3006 exit:
3007 #ifdef MBEDTLS_ERROR_C
3008 if( ret != 0 )
3009 {
3010 char error_buf[100];
3011 mbedtls_strerror( ret, error_buf, 100 );
3012 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
3013 }
3014 #endif
3015
3016 mbedtls_net_free( &server_fd );
3017
3018 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3019 mbedtls_x509_crt_free( &clicert );
3020 mbedtls_x509_crt_free( &cacert );
3021 mbedtls_pk_free( &pkey );
3022 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3023 psa_destroy_key( key_slot );
3024 #endif
3025 #endif /* MBEDTLS_X509_CRT_PARSE_C */
3026
3027 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
3028 defined(MBEDTLS_USE_PSA_CRYPTO)
3029 if( opt.psk_opaque != 0 )
3030 {
3031 /* This is ok even if the slot hasn't been
3032 * initialized (we might have jumed here
3033 * immediately because of bad cmd line params,
3034 * for example). */
3035 status = psa_destroy_key( slot );
3036 if( ( status != PSA_SUCCESS ) &&
3037 ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
3038 {
3039 mbedtls_printf( "Failed to destroy key slot %u - error was %d",
3040 (unsigned) slot, (int) status );
3041 if( ret == 0 )
3042 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3043 }
3044 }
3045 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
3046 MBEDTLS_USE_PSA_CRYPTO */
3047
3048 mbedtls_ssl_session_free( &saved_session );
3049 mbedtls_ssl_free( &ssl );
3050 mbedtls_ssl_config_free( &conf );
3051 rng_free( &rng );
3052 if( session_data != NULL )
3053 mbedtls_platform_zeroize( session_data, session_data_len );
3054 mbedtls_free( session_data );
3055 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3056 if( context_buf != NULL )
3057 mbedtls_platform_zeroize( context_buf, context_buf_len );
3058 mbedtls_free( context_buf );
3059 #endif
3060
3061 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3062 mbedtls_psa_crypto_free( );
3063 #endif
3064
3065 #if defined(MBEDTLS_TEST_HOOKS)
3066 if( test_hooks_failure_detected( ) )
3067 {
3068 if( ret == 0 )
3069 ret = 1;
3070 mbedtls_printf( "Test hooks detected errors.\n" );
3071 }
3072 test_hooks_free( );
3073 #endif /* MBEDTLS_TEST_HOOKS */
3074
3075 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3076 #if defined(MBEDTLS_MEMORY_DEBUG)
3077 mbedtls_memory_buffer_alloc_status();
3078 #endif
3079 mbedtls_memory_buffer_alloc_free();
3080 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
3081
3082 #if defined(_WIN32)
3083 if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
3084 {
3085 mbedtls_printf( " + Press Enter to exit this program.\n" );
3086 fflush( stdout ); getchar();
3087 }
3088 #endif
3089
3090 // Shell can not handle large exit numbers -> 1 for errors
3091 if( ret < 0 )
3092 ret = 1;
3093
3094 if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
3095 mbedtls_exit( ret );
3096 else
3097 mbedtls_exit( query_config_ret );
3098 }
3099 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
3100