ssl_test_common_source.c (12551B)
1 /* 2 * Common source code for SSL test programs. This file is included by 3 * both ssl_client2.c and ssl_server2.c and is intended for source 4 * code that is textually identical in both programs, but that cannot be 5 * compiled separately because it refers to types or macros that are 6 * different in the two programs, or because it would have an incomplete 7 * type. 8 * 9 * This file is meant to be #include'd and cannot be compiled separately. 10 * 11 * Copyright The Mbed TLS Contributors 12 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 13 */ 14 15 static void eap_tls_key_derivation(void *p_expkey, 16 mbedtls_ssl_key_export_type secret_type, 17 const unsigned char *secret, 18 size_t secret_len, 19 const unsigned char client_random[32], 20 const unsigned char server_random[32], 21 mbedtls_tls_prf_types tls_prf_type) 22 { 23 eap_tls_keys *keys = (eap_tls_keys *) p_expkey; 24 25 /* We're only interested in the TLS 1.2 master secret */ 26 if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 27 return; 28 } 29 if (secret_len != sizeof(keys->master_secret)) { 30 return; 31 } 32 33 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); 34 memcpy(keys->randbytes, client_random, 32); 35 memcpy(keys->randbytes + 32, server_random, 32); 36 keys->tls_prf_type = tls_prf_type; 37 } 38 39 static void nss_keylog_export(void *p_expkey, 40 mbedtls_ssl_key_export_type secret_type, 41 const unsigned char *secret, 42 size_t secret_len, 43 const unsigned char client_random[32], 44 const unsigned char server_random[32], 45 mbedtls_tls_prf_types tls_prf_type) 46 { 47 char nss_keylog_line[200]; 48 size_t const client_random_len = 32; 49 size_t len = 0; 50 size_t j; 51 52 /* We're only interested in the TLS 1.2 master secret */ 53 if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 54 return; 55 } 56 57 ((void) p_expkey); 58 ((void) server_random); 59 ((void) tls_prf_type); 60 61 len += sprintf(nss_keylog_line + len, 62 "%s", "CLIENT_RANDOM "); 63 64 for (j = 0; j < client_random_len; j++) { 65 len += sprintf(nss_keylog_line + len, 66 "%02x", client_random[j]); 67 } 68 69 len += sprintf(nss_keylog_line + len, " "); 70 71 for (j = 0; j < secret_len; j++) { 72 len += sprintf(nss_keylog_line + len, 73 "%02x", secret[j]); 74 } 75 76 len += sprintf(nss_keylog_line + len, "\n"); 77 nss_keylog_line[len] = '\0'; 78 79 mbedtls_printf("\n"); 80 mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); 81 mbedtls_printf("%s", nss_keylog_line); 82 mbedtls_printf("---------------------------------------------\n"); 83 84 if (opt.nss_keylog_file != NULL) { 85 FILE *f; 86 87 if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { 88 goto exit; 89 } 90 91 /* Ensure no stdio buffering of secrets, as such buffers cannot be 92 * wiped. */ 93 mbedtls_setbuf(f, NULL); 94 95 if (fwrite(nss_keylog_line, 1, len, f) != len) { 96 fclose(f); 97 goto exit; 98 } 99 100 fclose(f); 101 } 102 103 exit: 104 mbedtls_platform_zeroize(nss_keylog_line, 105 sizeof(nss_keylog_line)); 106 } 107 108 #if defined(MBEDTLS_SSL_DTLS_SRTP) 109 static void dtls_srtp_key_derivation(void *p_expkey, 110 mbedtls_ssl_key_export_type secret_type, 111 const unsigned char *secret, 112 size_t secret_len, 113 const unsigned char client_random[32], 114 const unsigned char server_random[32], 115 mbedtls_tls_prf_types tls_prf_type) 116 { 117 dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; 118 119 /* We're only interested in the TLS 1.2 master secret */ 120 if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 121 return; 122 } 123 if (secret_len != sizeof(keys->master_secret)) { 124 return; 125 } 126 127 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); 128 memcpy(keys->randbytes, client_random, 32); 129 memcpy(keys->randbytes + 32, server_random, 32); 130 keys->tls_prf_type = tls_prf_type; 131 } 132 #endif /* MBEDTLS_SSL_DTLS_SRTP */ 133 134 static int ssl_check_record(mbedtls_ssl_context const *ssl, 135 unsigned char const *buf, size_t len) 136 { 137 int my_ret = 0, ret_cr1, ret_cr2; 138 unsigned char *tmp_buf; 139 140 /* Record checking may modify the input buffer, 141 * so make a copy. */ 142 tmp_buf = mbedtls_calloc(1, len); 143 if (tmp_buf == NULL) { 144 return MBEDTLS_ERR_SSL_ALLOC_FAILED; 145 } 146 memcpy(tmp_buf, buf, len); 147 148 ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); 149 if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { 150 /* Test-only: Make sure that mbedtls_ssl_check_record() 151 * doesn't alter state. */ 152 memcpy(tmp_buf, buf, len); /* Restore buffer */ 153 ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); 154 if (ret_cr2 != ret_cr1) { 155 mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n"); 156 my_ret = -1; 157 goto cleanup; 158 } 159 160 switch (ret_cr1) { 161 case 0: 162 break; 163 164 case MBEDTLS_ERR_SSL_INVALID_RECORD: 165 if (opt.debug_level > 1) { 166 mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n"); 167 } 168 break; 169 170 case MBEDTLS_ERR_SSL_INVALID_MAC: 171 if (opt.debug_level > 1) { 172 mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n"); 173 } 174 break; 175 176 case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: 177 if (opt.debug_level > 1) { 178 mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n"); 179 } 180 break; 181 182 default: 183 mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n", 184 (unsigned int) -ret_cr1); 185 my_ret = -1; 186 goto cleanup; 187 } 188 189 /* Regardless of the outcome, forward the record to the stack. */ 190 } 191 192 cleanup: 193 mbedtls_free(tmp_buf); 194 195 return my_ret; 196 } 197 198 static int recv_cb(void *ctx, unsigned char *buf, size_t len) 199 { 200 io_ctx_t *io_ctx = (io_ctx_t *) ctx; 201 size_t recv_len; 202 int ret; 203 204 if (opt.nbio == 2) { 205 ret = delayed_recv(io_ctx->net, buf, len); 206 } else { 207 ret = mbedtls_net_recv(io_ctx->net, buf, len); 208 } 209 if (ret < 0) { 210 return ret; 211 } 212 recv_len = (size_t) ret; 213 214 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 215 /* Here's the place to do any datagram/record checking 216 * in between receiving the packet from the underlying 217 * transport and passing it on to the TLS stack. */ 218 if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { 219 return -1; 220 } 221 } 222 223 return (int) recv_len; 224 } 225 226 static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, 227 uint32_t timeout) 228 { 229 io_ctx_t *io_ctx = (io_ctx_t *) ctx; 230 int ret; 231 size_t recv_len; 232 233 ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); 234 if (ret < 0) { 235 return ret; 236 } 237 recv_len = (size_t) ret; 238 239 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 240 /* Here's the place to do any datagram/record checking 241 * in between receiving the packet from the underlying 242 * transport and passing it on to the TLS stack. */ 243 if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { 244 return -1; 245 } 246 } 247 248 return (int) recv_len; 249 } 250 251 static int send_cb(void *ctx, unsigned char const *buf, size_t len) 252 { 253 io_ctx_t *io_ctx = (io_ctx_t *) ctx; 254 255 if (opt.nbio == 2) { 256 return delayed_send(io_ctx->net, buf, len); 257 } 258 259 return mbedtls_net_send(io_ctx->net, buf, len); 260 } 261 262 #if defined(MBEDTLS_X509_CRT_PARSE_C) 263 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && defined(MBEDTLS_RSA_C) 264 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 265 /* 266 * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate 267 * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if 268 * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then 269 * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm 270 * for its signature in the key exchange message. As Mbed TLS 1.2 does not 271 * support them, the handshake fails. 272 */ 273 #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ 274 ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ 275 (0x800 | hash), 276 #else 277 #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ 278 ((hash << 8) | MBEDTLS_SSL_SIG_RSA), 279 #endif 280 #elif defined(MBEDTLS_PK_CAN_ECDSA_SOME) 281 #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), 282 #elif defined(MBEDTLS_RSA_C) 283 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 284 /* See above */ 285 #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ 286 (0x800 | hash), 287 #else 288 #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), 289 #endif 290 #else 291 #define MBEDTLS_SSL_SIG_ALG(hash) 292 #endif 293 294 uint16_t ssl_sig_algs_for_test[] = { 295 #if defined(MBEDTLS_MD_CAN_SHA512) 296 MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512) 297 #endif 298 #if defined(MBEDTLS_MD_CAN_SHA384) 299 MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384) 300 #endif 301 #if defined(MBEDTLS_MD_CAN_SHA256) 302 MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256) 303 #endif 304 #if defined(MBEDTLS_MD_CAN_SHA224) 305 MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224) 306 #endif 307 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) 308 MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, 309 #endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 */ 310 #if defined(MBEDTLS_MD_CAN_SHA1) 311 /* Allow SHA-1 as we use it extensively in tests. */ 312 MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) 313 #endif 314 MBEDTLS_TLS1_3_SIG_NONE 315 }; 316 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 317 318 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 319 /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function 320 * for more info. 321 */ 322 static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, 323 uint32_t flags) 324 { 325 #if !defined(MBEDTLS_X509_REMOVE_INFO) 326 return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); 327 328 #else /* !MBEDTLS_X509_REMOVE_INFO */ 329 int ret; 330 char *p = buf; 331 size_t n = size; 332 333 #define X509_CRT_ERROR_INFO(err, err_str, info) \ 334 if ((flags & err) != 0) \ 335 { \ 336 ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \ 337 MBEDTLS_X509_SAFE_SNPRINTF; \ 338 flags ^= err; \ 339 } 340 341 MBEDTLS_X509_CRT_ERROR_INFO_LIST 342 #undef X509_CRT_ERROR_INFO 343 344 if (flags != 0) { 345 ret = mbedtls_snprintf(p, n, "%sUnknown reason " 346 "(this should not happen)\n", prefix); 347 MBEDTLS_X509_SAFE_SNPRINTF; 348 } 349 350 return (int) (size - n); 351 #endif /* MBEDTLS_X509_REMOVE_INFO */ 352 } 353 354 static void mbedtls_print_supported_sig_algs(void) 355 { 356 mbedtls_printf("supported signature algorithms:\n"); 357 mbedtls_printf("\trsa_pkcs1_sha256 "); 358 mbedtls_printf("rsa_pkcs1_sha384 "); 359 mbedtls_printf("rsa_pkcs1_sha512\n"); 360 mbedtls_printf("\tecdsa_secp256r1_sha256 "); 361 mbedtls_printf("ecdsa_secp384r1_sha384 "); 362 mbedtls_printf("ecdsa_secp521r1_sha512\n"); 363 mbedtls_printf("\trsa_pss_rsae_sha256 "); 364 mbedtls_printf("rsa_pss_rsae_sha384 "); 365 mbedtls_printf("rsa_pss_rsae_sha512\n"); 366 mbedtls_printf("\trsa_pss_pss_sha256 "); 367 mbedtls_printf("rsa_pss_pss_sha384 "); 368 mbedtls_printf("rsa_pss_pss_sha512\n"); 369 mbedtls_printf("\ted25519 "); 370 mbedtls_printf("ed448 "); 371 mbedtls_printf("rsa_pkcs1_sha1 "); 372 mbedtls_printf("ecdsa_sha1\n"); 373 mbedtls_printf("\n"); 374 } 375 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */