1 /* 2 * Common code for SSL test programs 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7 8 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H 9 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H 10 11 #include "mbedtls/build_info.h" 12 13 #include "mbedtls/platform.h" 14 #include "mbedtls/md.h" 15 16 #undef HAVE_RNG 17 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ 18 (defined(MBEDTLS_USE_PSA_CRYPTO) || \ 19 defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) 20 #define HAVE_RNG 21 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) 22 #define HAVE_RNG 23 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \ 24 (defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA512)) 25 #define HAVE_RNG 26 #endif 27 28 #if !defined(MBEDTLS_NET_C) || \ 29 !defined(MBEDTLS_SSL_TLS_C) 30 #define MBEDTLS_SSL_TEST_IMPOSSIBLE \ 31 "MBEDTLS_NET_C and/or " \ 32 "MBEDTLS_SSL_TLS_C not defined." 33 #elif !defined(HAVE_RNG) 34 #define MBEDTLS_SSL_TEST_IMPOSSIBLE \ 35 "No random generator is available.\n" 36 #else 37 #undef MBEDTLS_SSL_TEST_IMPOSSIBLE 38 39 #undef HAVE_RNG 40 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "mbedtls/net_sockets.h" 46 #include "mbedtls/ssl.h" 47 #include "mbedtls/ssl_ciphersuites.h" 48 #include "mbedtls/entropy.h" 49 #include "mbedtls/ctr_drbg.h" 50 #include "mbedtls/hmac_drbg.h" 51 #include "mbedtls/x509.h" 52 #include "mbedtls/error.h" 53 #include "mbedtls/debug.h" 54 #include "mbedtls/timing.h" 55 #include "mbedtls/base64.h" 56 #include "test/certs.h" 57 58 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) 59 #include "psa/crypto.h" 60 #include "mbedtls/psa_util.h" 61 #endif 62 63 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) 64 #include "mbedtls/memory_buffer_alloc.h" 65 #endif 66 67 #include <test/helpers.h> 68 69 #include "../test/query_config.h" 70 71 #define ALPN_LIST_SIZE 10 72 #define GROUP_LIST_SIZE 25 73 #define SIG_ALG_LIST_SIZE 5 74 75 typedef struct eap_tls_keys { 76 unsigned char master_secret[48]; 77 unsigned char randbytes[64]; 78 mbedtls_tls_prf_types tls_prf_type; 79 } eap_tls_keys; 80 81 #if defined(MBEDTLS_SSL_DTLS_SRTP) 82 83 /* Supported SRTP mode needs a maximum of : 84 * - 16 bytes for key (AES-128) 85 * - 14 bytes SALT 86 * One for sender, one for receiver context 87 */ 88 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 89 90 typedef struct dtls_srtp_keys { 91 unsigned char master_secret[48]; 92 unsigned char randbytes[64]; 93 mbedtls_tls_prf_types tls_prf_type; 94 } dtls_srtp_keys; 95 96 #endif /* MBEDTLS_SSL_DTLS_SRTP */ 97 98 typedef struct { 99 mbedtls_ssl_context *ssl; 100 mbedtls_net_context *net; 101 } io_ctx_t; 102 103 void my_debug(void *ctx, int level, 104 const char *file, int line, 105 const char *str); 106 107 #if defined(MBEDTLS_HAVE_TIME) 108 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); 109 #endif 110 111 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) 112 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use 113 * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. 114 * 115 * The constraints are: 116 * - Without the entropy module, the PSA RNG is the only option. 117 * - Without at least one of the DRBG modules, the PSA RNG is the only option. 118 * - The PSA RNG does not support explicit seeding, so it is incompatible with 119 * the reproducible mode used by test programs. 120 * - For good overall test coverage, there should be at least one configuration 121 * where the test programs use the PSA RNG while the PSA RNG is itself based 122 * on entropy+DRBG, and at least one configuration where the test programs 123 * do not use the PSA RNG even though it's there. 124 * 125 * A simple choice that meets the constraints is to use the PSA RNG whenever 126 * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the 127 * choice to use the PSA RNG in the test programs and the choice to use 128 * PSA crypto when TLS code needs crypto have to be tied together, but it 129 * happens to be a good match. It's also a good match from an application 130 * perspective: either PSA is preferred for TLS (both for crypto and for 131 * random generation) or it isn't. 132 */ 133 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG 134 #endif 135 136 /** A context for random number generation (RNG). 137 */ 138 typedef struct { 139 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) 140 unsigned char dummy; 141 #else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ 142 mbedtls_entropy_context entropy; 143 #if defined(MBEDTLS_CTR_DRBG_C) 144 mbedtls_ctr_drbg_context drbg; 145 #elif defined(MBEDTLS_HMAC_DRBG_C) 146 mbedtls_hmac_drbg_context drbg; 147 #else 148 #error "No DRBG available" 149 #endif 150 #endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ 151 } rng_context_t; 152 153 /** Initialize the RNG. 154 * 155 * This function only initializes the memory used by the RNG context. 156 * Before using the RNG, it must be seeded with rng_seed(). 157 */ 158 void rng_init(rng_context_t *rng); 159 160 /* Seed the random number generator. 161 * 162 * \param rng The RNG context to use. It must have been initialized 163 * with rng_init(). 164 * \param reproducible If zero, seed the RNG from entropy. 165 * If nonzero, use a fixed seed, so that the program 166 * will produce the same sequence of random numbers 167 * each time it is invoked. 168 * \param pers A null-terminated string. Different values for this 169 * string cause the RNG to emit different output for 170 * the same seed. 171 * 172 * return 0 on success, a negative value on error. 173 */ 174 int rng_seed(rng_context_t *rng, int reproducible, const char *pers); 175 176 /** Deinitialize the RNG. Free any embedded resource. 177 * 178 * \param rng The RNG context to deinitialize. It must have been 179 * initialized with rng_init(). 180 */ 181 void rng_free(rng_context_t *rng); 182 183 /** Generate random data. 184 * 185 * This function is suitable for use as the \c f_rng argument to Mbed TLS 186 * library functions. 187 * 188 * \param p_rng The random generator context. This must be a pointer to 189 * a #rng_context_t structure. 190 * \param output The buffer to fill. 191 * \param output_len The length of the buffer in bytes. 192 * 193 * \return \c 0 on success. 194 * \return An Mbed TLS error code on error. 195 */ 196 int rng_get(void *p_rng, unsigned char *output, size_t output_len); 197 198 /** Parse command-line option: key_opaque_algs 199 * 200 * 201 * \param arg String value of key_opaque_algs 202 * Coma-separated pair of values among the following: 203 * - "rsa-sign-pkcs1" 204 * - "rsa-sign-pss" 205 * - "rsa-decrypt" 206 * - "ecdsa-sign" 207 * - "ecdh" 208 * - "none" (only acceptable for the second value). 209 * \param alg1 Address of pointer to alg #1 210 * \param alg2 Address of pointer to alg #2 211 * 212 * \return \c 0 on success. 213 * \return \c 1 on parse failure. 214 */ 215 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); 216 217 #if defined(MBEDTLS_USE_PSA_CRYPTO) 218 /** Parse given opaque key algorithms to obtain psa algs and usage 219 * that will be passed to mbedtls_pk_wrap_as_opaque(). 220 * 221 * 222 * \param alg1 input string opaque key algorithm #1 223 * \param alg2 input string opaque key algorithm #2 224 * \param psa_alg1 output PSA algorithm #1 225 * \param psa_alg2 output PSA algorithm #2 226 * \param usage output key usage 227 * \param key_type key type used to set default psa algorithm/usage 228 * when alg1 in "none" 229 * 230 * \return \c 0 on success. 231 * \return \c 1 on parse failure. 232 */ 233 int key_opaque_set_alg_usage(const char *alg1, const char *alg2, 234 psa_algorithm_t *psa_alg1, 235 psa_algorithm_t *psa_alg2, 236 psa_key_usage_t *usage, 237 mbedtls_pk_type_t key_type); 238 239 #if defined(MBEDTLS_PK_C) 240 /** Turn a non-opaque PK context into an opaque one with folowing steps: 241 * - extract the key data and attributes from the PK context. 242 * - import the key material into PSA. 243 * - free the provided PK context and re-initilize it as an opaque PK context 244 * wrapping the PSA key imported in the above step. 245 * 246 * \param[in/out] pk On input the non-opaque PK context which contains the 247 * key to be wrapped. On output the re-initialized PK 248 * context which represents the opaque version of the one 249 * provided as input. 250 * \param[in] psa_alg The primary algorithm that will be associated to the 251 * PSA key. 252 * \param[in] psa_alg2 The enrollment algorithm that will be associated to the 253 * PSA key. 254 * \param[in] psa_usage The PSA key usage policy. 255 * \param[out] key_id The PSA key identifier of the imported key. 256 * 257 * \return \c 0 on sucess. 258 * \return \c -1 on failure. 259 */ 260 int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, 261 psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); 262 #endif /* MBEDTLS_PK_C */ 263 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 264 265 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 266 /* The test implementation of the PSA external RNG is insecure. When 267 * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto 268 * function that makes use of an RNG, you must call 269 * mbedtls_test_enable_insecure_external_rng(). */ 270 #include <test/fake_external_rng_for_test.h> 271 #endif 272 273 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 274 int ca_callback(void *data, mbedtls_x509_crt const *child, 275 mbedtls_x509_crt **candidates); 276 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 277 278 /* 279 * Test recv/send functions that make sure each try returns 280 * WANT_READ/WANT_WRITE at least once before succeeding 281 */ 282 int delayed_recv(void *ctx, unsigned char *buf, size_t len); 283 int delayed_send(void *ctx, const unsigned char *buf, size_t len); 284 285 /* 286 * Wait for an event from the underlying transport or the timer 287 * (Used in event-driven IO mode). 288 */ 289 int idle(mbedtls_net_context *fd, 290 #if defined(MBEDTLS_TIMING_C) 291 mbedtls_timing_delay_context *timer, 292 #endif 293 int idle_reason); 294 295 #if defined(MBEDTLS_TEST_HOOKS) 296 /** Initialize whatever test hooks are enabled by the compile-time 297 * configuration and make sense for the TLS test programs. */ 298 void test_hooks_init(void); 299 300 /** Check if any test hooks detected a problem. 301 * 302 * If a problem was detected, it's ok for the calling program to keep going, 303 * but it should ultimately exit with an error status. 304 * 305 * \note When implementing a test hook that detects errors on its own 306 * (as opposed to e.g. leaving the error for a memory sanitizer to 307 * report), make sure to print a message to standard error either at 308 * the time the problem is detected or during the execution of this 309 * function. This function does not indicate what problem was detected, 310 * so printing a message is the only way to provide feedback in the 311 * logs of the calling program. 312 * 313 * \return Nonzero if a problem was detected. 314 * \c 0 if no problem was detected. 315 */ 316 int test_hooks_failure_detected(void); 317 318 /** Free any resources allocated for the sake of test hooks. 319 * 320 * Call this at the end of the program so that resource leak analyzers 321 * don't complain. 322 */ 323 void test_hooks_free(void); 324 325 #endif /* !MBEDTLS_TEST_HOOKS */ 326 327 /* Helper functions for FFDH groups. */ 328 int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len); 329 330 #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ 331 #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ 332