ssl_helpers.c (92818B)
1 /** \file ssl_helpers.c 2 * 3 * \brief Helper functions to set up a TLS connection. 4 */ 5 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 11 #include <test/ssl_helpers.h> 12 #include "mbedtls/psa_util.h" 13 14 #if defined(MBEDTLS_SSL_TLS_C) 15 int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) 16 { 17 (void) p_rng; 18 for (size_t i = 0; i < output_len; i++) { 19 output[i] = rand(); 20 } 21 22 return 0; 23 } 24 25 void mbedtls_test_ssl_log_analyzer(void *ctx, int level, 26 const char *file, int line, 27 const char *str) 28 { 29 mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; 30 31 /* Change 0 to 1 for debugging of test cases that use this function. */ 32 #if 0 33 const char *q, *basename; 34 /* Extract basename from file */ 35 for (q = basename = file; *q != '\0'; q++) { 36 if (*q == '/' || *q == '\\') { 37 basename = q + 1; 38 } 39 } 40 printf("%s:%04d: |%d| %s", 41 basename, line, level, str); 42 #else 43 (void) level; 44 (void) line; 45 (void) file; 46 #endif 47 48 if (NULL != p && 49 NULL != p->pattern && 50 NULL != strstr(str, p->pattern)) { 51 p->counter++; 52 } 53 } 54 55 void mbedtls_test_init_handshake_options( 56 mbedtls_test_handshake_test_options *opts) 57 { 58 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 59 static int rng_seed = 0xBEEF; 60 61 srand(rng_seed); 62 rng_seed += 0xD0; 63 #endif 64 65 memset(opts, 0, sizeof(*opts)); 66 67 opts->cipher = ""; 68 opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; 69 opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; 70 opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; 71 opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; 72 opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; 73 opts->pk_alg = MBEDTLS_PK_RSA; 74 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; 75 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; 76 opts->cli_msg_len = 100; 77 opts->srv_msg_len = 100; 78 opts->expected_cli_fragments = 1; 79 opts->expected_srv_fragments = 1; 80 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; 81 opts->resize_buffers = 1; 82 opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; 83 opts->max_early_data_size = -1; 84 #if defined(MBEDTLS_SSL_CACHE_C) 85 TEST_CALLOC(opts->cache, 1); 86 mbedtls_ssl_cache_init(opts->cache); 87 #if defined(MBEDTLS_HAVE_TIME) 88 TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), 89 MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); 90 #endif 91 exit: 92 return; 93 #endif 94 } 95 96 void mbedtls_test_free_handshake_options( 97 mbedtls_test_handshake_test_options *opts) 98 { 99 #if defined(MBEDTLS_SSL_CACHE_C) 100 mbedtls_ssl_cache_free(opts->cache); 101 mbedtls_free(opts->cache); 102 #else 103 (void) opts; 104 #endif 105 } 106 107 #if defined(MBEDTLS_TEST_HOOKS) 108 static void set_chk_buf_ptr_args( 109 mbedtls_ssl_chk_buf_ptr_args *args, 110 unsigned char *cur, unsigned char *end, size_t need) 111 { 112 args->cur = cur; 113 args->end = end; 114 args->need = need; 115 } 116 117 static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) 118 { 119 memset(args, 0, sizeof(*args)); 120 } 121 #endif /* MBEDTLS_TEST_HOOKS */ 122 123 void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) 124 { 125 memset(buf, 0, sizeof(*buf)); 126 } 127 128 int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, 129 size_t capacity) 130 { 131 buf->buffer = (unsigned char *) mbedtls_calloc(capacity, 132 sizeof(unsigned char)); 133 if (NULL == buf->buffer) { 134 return MBEDTLS_ERR_SSL_ALLOC_FAILED; 135 } 136 buf->capacity = capacity; 137 138 return 0; 139 } 140 141 void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) 142 { 143 if (buf->buffer != NULL) { 144 mbedtls_free(buf->buffer); 145 } 146 147 memset(buf, 0, sizeof(*buf)); 148 } 149 150 int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, 151 const unsigned char *input, size_t input_len) 152 { 153 size_t overflow = 0; 154 155 if ((buf == NULL) || (buf->buffer == NULL)) { 156 return -1; 157 } 158 159 /* Reduce input_len to a number that fits in the buffer. */ 160 if ((buf->content_length + input_len) > buf->capacity) { 161 input_len = buf->capacity - buf->content_length; 162 } 163 164 if (input == NULL) { 165 return (input_len == 0) ? 0 : -1; 166 } 167 168 /* Check if the buffer has not come full circle and free space is not in 169 * the middle */ 170 if (buf->start + buf->content_length < buf->capacity) { 171 172 /* Calculate the number of bytes that need to be placed at lower memory 173 * address */ 174 if (buf->start + buf->content_length + input_len 175 > buf->capacity) { 176 overflow = (buf->start + buf->content_length + input_len) 177 % buf->capacity; 178 } 179 180 memcpy(buf->buffer + buf->start + buf->content_length, input, 181 input_len - overflow); 182 memcpy(buf->buffer, input + input_len - overflow, overflow); 183 184 } else { 185 /* The buffer has come full circle and free space is in the middle */ 186 memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, 187 input, input_len); 188 } 189 190 buf->content_length += input_len; 191 return (input_len > INT_MAX) ? INT_MAX : (int) input_len; 192 } 193 194 int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, 195 unsigned char *output, size_t output_len) 196 { 197 size_t overflow = 0; 198 199 if ((buf == NULL) || (buf->buffer == NULL)) { 200 return -1; 201 } 202 203 if (output == NULL && output_len == 0) { 204 return 0; 205 } 206 207 if (buf->content_length < output_len) { 208 output_len = buf->content_length; 209 } 210 211 /* Calculate the number of bytes that need to be drawn from lower memory 212 * address */ 213 if (buf->start + output_len > buf->capacity) { 214 overflow = (buf->start + output_len) % buf->capacity; 215 } 216 217 if (output != NULL) { 218 memcpy(output, buf->buffer + buf->start, output_len - overflow); 219 memcpy(output + output_len - overflow, buf->buffer, overflow); 220 } 221 222 buf->content_length -= output_len; 223 buf->start = (buf->start + output_len) % buf->capacity; 224 225 return (output_len > INT_MAX) ? INT_MAX : (int) output_len; 226 } 227 228 int mbedtls_test_ssl_message_queue_setup( 229 mbedtls_test_ssl_message_queue *queue, size_t capacity) 230 { 231 queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); 232 if (NULL == queue->messages) { 233 return MBEDTLS_ERR_SSL_ALLOC_FAILED; 234 } 235 236 queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; 237 queue->pos = 0; 238 queue->num = 0; 239 240 return 0; 241 } 242 243 void mbedtls_test_ssl_message_queue_free( 244 mbedtls_test_ssl_message_queue *queue) 245 { 246 if (queue == NULL) { 247 return; 248 } 249 250 if (queue->messages != NULL) { 251 mbedtls_free(queue->messages); 252 } 253 254 memset(queue, 0, sizeof(*queue)); 255 } 256 257 int mbedtls_test_ssl_message_queue_push_info( 258 mbedtls_test_ssl_message_queue *queue, size_t len) 259 { 260 int place; 261 if (queue == NULL) { 262 return MBEDTLS_TEST_ERROR_ARG_NULL; 263 } 264 265 if (queue->num >= queue->capacity) { 266 return MBEDTLS_ERR_SSL_WANT_WRITE; 267 } 268 269 place = (queue->pos + queue->num) % queue->capacity; 270 queue->messages[place] = len; 271 queue->num++; 272 return (len > INT_MAX) ? INT_MAX : (int) len; 273 } 274 275 int mbedtls_test_ssl_message_queue_pop_info( 276 mbedtls_test_ssl_message_queue *queue, size_t buf_len) 277 { 278 size_t message_length; 279 if (queue == NULL) { 280 return MBEDTLS_TEST_ERROR_ARG_NULL; 281 } 282 if (queue->num == 0) { 283 return MBEDTLS_ERR_SSL_WANT_READ; 284 } 285 286 message_length = queue->messages[queue->pos]; 287 queue->messages[queue->pos] = 0; 288 queue->num--; 289 queue->pos++; 290 queue->pos %= queue->capacity; 291 if (queue->pos < 0) { 292 queue->pos += queue->capacity; 293 } 294 295 return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : 296 (message_length > buf_len) ? (int) buf_len : (int) message_length; 297 } 298 299 /* 300 * Take a peek on the info about the next message length from the queue. 301 * This will be the oldest inserted message length(fifo). 302 * 303 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 304 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. 305 * \retval 0, if the peek was successful. 306 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is 307 * too small to fit the message. In this case the \p msg_len will be 308 * set to the full message length so that the 309 * caller knows what portion of the message can be dropped. 310 */ 311 static int test_ssl_message_queue_peek_info( 312 mbedtls_test_ssl_message_queue *queue, 313 size_t buf_len, size_t *msg_len) 314 { 315 if (queue == NULL || msg_len == NULL) { 316 return MBEDTLS_TEST_ERROR_ARG_NULL; 317 } 318 if (queue->num == 0) { 319 return MBEDTLS_ERR_SSL_WANT_READ; 320 } 321 322 *msg_len = queue->messages[queue->pos]; 323 return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; 324 } 325 326 void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) 327 { 328 memset(socket, 0, sizeof(*socket)); 329 } 330 331 void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) 332 { 333 if (socket == NULL) { 334 return; 335 } 336 337 if (socket->input != NULL) { 338 mbedtls_test_ssl_buffer_free(socket->input); 339 mbedtls_free(socket->input); 340 } 341 342 if (socket->output != NULL) { 343 mbedtls_test_ssl_buffer_free(socket->output); 344 mbedtls_free(socket->output); 345 } 346 347 if (socket->peer != NULL) { 348 memset(socket->peer, 0, sizeof(*socket->peer)); 349 } 350 351 memset(socket, 0, sizeof(*socket)); 352 } 353 354 int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, 355 mbedtls_test_mock_socket *peer2, 356 size_t bufsize) 357 { 358 int ret = -1; 359 360 peer1->output = 361 (mbedtls_test_ssl_buffer *) mbedtls_calloc( 362 1, sizeof(mbedtls_test_ssl_buffer)); 363 if (peer1->output == NULL) { 364 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; 365 goto exit; 366 } 367 mbedtls_test_ssl_buffer_init(peer1->output); 368 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { 369 goto exit; 370 } 371 372 peer2->output = 373 (mbedtls_test_ssl_buffer *) mbedtls_calloc( 374 1, sizeof(mbedtls_test_ssl_buffer)); 375 if (peer2->output == NULL) { 376 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; 377 goto exit; 378 } 379 mbedtls_test_ssl_buffer_init(peer2->output); 380 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { 381 goto exit; 382 } 383 384 peer1->peer = peer2; 385 peer2->peer = peer1; 386 peer1->input = peer2->output; 387 peer2->input = peer1->output; 388 389 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; 390 ret = 0; 391 392 exit: 393 394 if (ret != 0) { 395 mbedtls_test_mock_socket_close(peer1); 396 mbedtls_test_mock_socket_close(peer2); 397 } 398 399 return ret; 400 } 401 402 int mbedtls_test_mock_tcp_send_b(void *ctx, 403 const unsigned char *buf, size_t len) 404 { 405 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 406 407 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 408 return -1; 409 } 410 411 return mbedtls_test_ssl_buffer_put(socket->output, buf, len); 412 } 413 414 int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) 415 { 416 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 417 418 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 419 return -1; 420 } 421 422 return mbedtls_test_ssl_buffer_get(socket->input, buf, len); 423 } 424 425 int mbedtls_test_mock_tcp_send_nb(void *ctx, 426 const unsigned char *buf, size_t len) 427 { 428 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 429 430 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 431 return -1; 432 } 433 434 if (socket->output->capacity == socket->output->content_length) { 435 return MBEDTLS_ERR_SSL_WANT_WRITE; 436 } 437 438 return mbedtls_test_ssl_buffer_put(socket->output, buf, len); 439 } 440 441 int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) 442 { 443 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 444 445 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 446 return -1; 447 } 448 449 if (socket->input->content_length == 0) { 450 return MBEDTLS_ERR_SSL_WANT_READ; 451 } 452 453 return mbedtls_test_ssl_buffer_get(socket->input, buf, len); 454 } 455 456 void mbedtls_test_message_socket_init( 457 mbedtls_test_message_socket_context *ctx) 458 { 459 ctx->queue_input = NULL; 460 ctx->queue_output = NULL; 461 ctx->socket = NULL; 462 } 463 464 int mbedtls_test_message_socket_setup( 465 mbedtls_test_ssl_message_queue *queue_input, 466 mbedtls_test_ssl_message_queue *queue_output, 467 size_t queue_capacity, 468 mbedtls_test_mock_socket *socket, 469 mbedtls_test_message_socket_context *ctx) 470 { 471 int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); 472 if (ret != 0) { 473 return ret; 474 } 475 ctx->queue_input = queue_input; 476 ctx->queue_output = queue_output; 477 ctx->socket = socket; 478 mbedtls_test_mock_socket_init(socket); 479 480 return 0; 481 } 482 483 void mbedtls_test_message_socket_close( 484 mbedtls_test_message_socket_context *ctx) 485 { 486 if (ctx == NULL) { 487 return; 488 } 489 490 mbedtls_test_ssl_message_queue_free(ctx->queue_input); 491 mbedtls_test_mock_socket_close(ctx->socket); 492 memset(ctx, 0, sizeof(*ctx)); 493 } 494 495 int mbedtls_test_mock_tcp_send_msg(void *ctx, 496 const unsigned char *buf, size_t len) 497 { 498 mbedtls_test_ssl_message_queue *queue; 499 mbedtls_test_mock_socket *socket; 500 mbedtls_test_message_socket_context *context = 501 (mbedtls_test_message_socket_context *) ctx; 502 503 if (context == NULL || context->socket == NULL 504 || context->queue_output == NULL) { 505 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; 506 } 507 508 queue = context->queue_output; 509 socket = context->socket; 510 511 if (queue->num >= queue->capacity) { 512 return MBEDTLS_ERR_SSL_WANT_WRITE; 513 } 514 515 if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { 516 return MBEDTLS_TEST_ERROR_SEND_FAILED; 517 } 518 519 return mbedtls_test_ssl_message_queue_push_info(queue, len); 520 } 521 522 int mbedtls_test_mock_tcp_recv_msg(void *ctx, 523 unsigned char *buf, size_t buf_len) 524 { 525 mbedtls_test_ssl_message_queue *queue; 526 mbedtls_test_mock_socket *socket; 527 mbedtls_test_message_socket_context *context = 528 (mbedtls_test_message_socket_context *) ctx; 529 size_t drop_len = 0; 530 size_t msg_len; 531 int ret; 532 533 if (context == NULL || context->socket == NULL 534 || context->queue_input == NULL) { 535 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; 536 } 537 538 queue = context->queue_input; 539 socket = context->socket; 540 541 /* Peek first, so that in case of a socket error the data remains in 542 * the queue. */ 543 ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); 544 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { 545 /* Calculate how much to drop */ 546 drop_len = msg_len - buf_len; 547 548 /* Set the requested message len to be buffer length */ 549 msg_len = buf_len; 550 } else if (ret != 0) { 551 return ret; 552 } 553 554 if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { 555 return MBEDTLS_TEST_ERROR_RECV_FAILED; 556 } 557 558 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { 559 /* Drop the remaining part of the message */ 560 if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != 561 (int) drop_len) { 562 /* Inconsistent state - part of the message was read, 563 * and a part couldn't. Not much we can do here, but it should not 564 * happen in test environment, unless forced manually. */ 565 } 566 } 567 ret = mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); 568 if (ret < 0) { 569 return ret; 570 } 571 572 return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; 573 } 574 575 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 576 577 /* 578 * Deinitializes certificates from endpoint represented by \p ep. 579 */ 580 static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) 581 { 582 mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); 583 if (cert != NULL) { 584 if (cert->ca_cert != NULL) { 585 mbedtls_x509_crt_free(cert->ca_cert); 586 mbedtls_free(cert->ca_cert); 587 cert->ca_cert = NULL; 588 } 589 if (cert->cert != NULL) { 590 mbedtls_x509_crt_free(cert->cert); 591 mbedtls_free(cert->cert); 592 cert->cert = NULL; 593 } 594 if (cert->pkey != NULL) { 595 #if defined(MBEDTLS_USE_PSA_CRYPTO) 596 if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { 597 psa_destroy_key(cert->pkey->priv_id); 598 } 599 #endif 600 mbedtls_pk_free(cert->pkey); 601 mbedtls_free(cert->pkey); 602 cert->pkey = NULL; 603 } 604 } 605 } 606 607 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, 608 int pk_alg, 609 int opaque_alg, int opaque_alg2, 610 int opaque_usage) 611 { 612 int i = 0; 613 int ret = -1; 614 int ok = 0; 615 mbedtls_test_ssl_endpoint_certificate *cert = NULL; 616 #if defined(MBEDTLS_USE_PSA_CRYPTO) 617 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; 618 #endif 619 620 if (ep == NULL) { 621 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 622 } 623 624 cert = &(ep->cert); 625 TEST_CALLOC(cert->ca_cert, 1); 626 TEST_CALLOC(cert->cert, 1); 627 TEST_CALLOC(cert->pkey, 1); 628 629 mbedtls_x509_crt_init(cert->ca_cert); 630 mbedtls_x509_crt_init(cert->cert); 631 mbedtls_pk_init(cert->pkey); 632 633 /* Load the trusted CA */ 634 635 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { 636 ret = mbedtls_x509_crt_parse_der( 637 cert->ca_cert, 638 (const unsigned char *) mbedtls_test_cas_der[i], 639 mbedtls_test_cas_der_len[i]); 640 TEST_ASSERT(ret == 0); 641 } 642 643 /* Load own certificate and private key */ 644 645 if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { 646 if (pk_alg == MBEDTLS_PK_RSA) { 647 ret = mbedtls_x509_crt_parse( 648 cert->cert, 649 (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, 650 mbedtls_test_srv_crt_rsa_sha256_der_len); 651 TEST_ASSERT(ret == 0); 652 653 ret = mbedtls_pk_parse_key( 654 cert->pkey, 655 (const unsigned char *) mbedtls_test_srv_key_rsa_der, 656 mbedtls_test_srv_key_rsa_der_len, NULL, 0, 657 mbedtls_test_rnd_std_rand, NULL); 658 TEST_ASSERT(ret == 0); 659 } else { 660 ret = mbedtls_x509_crt_parse( 661 cert->cert, 662 (const unsigned char *) mbedtls_test_srv_crt_ec_der, 663 mbedtls_test_srv_crt_ec_der_len); 664 TEST_ASSERT(ret == 0); 665 666 ret = mbedtls_pk_parse_key( 667 cert->pkey, 668 (const unsigned char *) mbedtls_test_srv_key_ec_der, 669 mbedtls_test_srv_key_ec_der_len, NULL, 0, 670 mbedtls_test_rnd_std_rand, NULL); 671 TEST_ASSERT(ret == 0); 672 } 673 } else { 674 if (pk_alg == MBEDTLS_PK_RSA) { 675 ret = mbedtls_x509_crt_parse( 676 cert->cert, 677 (const unsigned char *) mbedtls_test_cli_crt_rsa_der, 678 mbedtls_test_cli_crt_rsa_der_len); 679 TEST_ASSERT(ret == 0); 680 681 ret = mbedtls_pk_parse_key( 682 cert->pkey, 683 (const unsigned char *) mbedtls_test_cli_key_rsa_der, 684 mbedtls_test_cli_key_rsa_der_len, NULL, 0, 685 mbedtls_test_rnd_std_rand, NULL); 686 TEST_ASSERT(ret == 0); 687 } else { 688 ret = mbedtls_x509_crt_parse( 689 cert->cert, 690 (const unsigned char *) mbedtls_test_cli_crt_ec_der, 691 mbedtls_test_cli_crt_ec_len); 692 TEST_ASSERT(ret == 0); 693 694 ret = mbedtls_pk_parse_key( 695 cert->pkey, 696 (const unsigned char *) mbedtls_test_cli_key_ec_der, 697 mbedtls_test_cli_key_ec_der_len, NULL, 0, 698 mbedtls_test_rnd_std_rand, NULL); 699 TEST_ASSERT(ret == 0); 700 } 701 } 702 703 #if defined(MBEDTLS_USE_PSA_CRYPTO) 704 if (opaque_alg != 0) { 705 psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 706 /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ 707 TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, 708 &key_attr), 0); 709 /* Then manually usage, alg and alg2 as requested by the test. */ 710 psa_set_key_usage_flags(&key_attr, opaque_usage); 711 psa_set_key_algorithm(&key_attr, opaque_alg); 712 if (opaque_alg2 != PSA_ALG_NONE) { 713 psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); 714 } 715 TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); 716 mbedtls_pk_free(cert->pkey); 717 mbedtls_pk_init(cert->pkey); 718 TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); 719 } 720 #else 721 (void) opaque_alg; 722 (void) opaque_alg2; 723 (void) opaque_usage; 724 #endif 725 726 mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); 727 728 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, 729 cert->pkey); 730 TEST_ASSERT(ret == 0); 731 TEST_ASSERT(ep->conf.key_cert != NULL); 732 733 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); 734 TEST_ASSERT(ret == 0); 735 TEST_ASSERT(ep->conf.key_cert == NULL); 736 737 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, 738 cert->pkey); 739 TEST_ASSERT(ret == 0); 740 741 ok = 1; 742 743 exit: 744 if (ret == 0 && !ok) { 745 /* Exiting due to a test assertion that isn't ret == 0 */ 746 ret = -1; 747 } 748 if (ret != 0) { 749 test_ssl_endpoint_certificate_free(ep); 750 } 751 752 return ret; 753 } 754 755 int mbedtls_test_ssl_endpoint_init( 756 mbedtls_test_ssl_endpoint *ep, int endpoint_type, 757 mbedtls_test_handshake_test_options *options, 758 mbedtls_test_message_socket_context *dtls_context, 759 mbedtls_test_ssl_message_queue *input_queue, 760 mbedtls_test_ssl_message_queue *output_queue) 761 { 762 int ret = -1; 763 uintptr_t user_data_n; 764 765 if (dtls_context != NULL && 766 (input_queue == NULL || output_queue == NULL)) { 767 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 768 769 } 770 771 if (ep == NULL) { 772 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 773 } 774 775 memset(ep, 0, sizeof(*ep)); 776 777 ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; 778 779 mbedtls_ssl_init(&(ep->ssl)); 780 mbedtls_ssl_config_init(&(ep->conf)); 781 mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); 782 783 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); 784 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); 785 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); 786 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); 787 788 (void) mbedtls_test_rnd_std_rand(NULL, 789 (void *) &user_data_n, 790 sizeof(user_data_n)); 791 mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); 792 mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); 793 794 if (dtls_context != NULL) { 795 TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, 796 100, &(ep->socket), 797 dtls_context) == 0); 798 } else { 799 mbedtls_test_mock_socket_init(&(ep->socket)); 800 } 801 802 /* Non-blocking callbacks without timeout */ 803 if (dtls_context != NULL) { 804 mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, 805 mbedtls_test_mock_tcp_send_msg, 806 mbedtls_test_mock_tcp_recv_msg, 807 NULL); 808 } else { 809 mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), 810 mbedtls_test_mock_tcp_send_nb, 811 mbedtls_test_mock_tcp_recv_nb, 812 NULL); 813 } 814 815 ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, 816 (dtls_context != NULL) ? 817 MBEDTLS_SSL_TRANSPORT_DATAGRAM : 818 MBEDTLS_SSL_TRANSPORT_STREAM, 819 MBEDTLS_SSL_PRESET_DEFAULT); 820 TEST_ASSERT(ret == 0); 821 822 if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { 823 if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 824 mbedtls_ssl_conf_min_tls_version(&(ep->conf), 825 options->client_min_version); 826 } 827 828 if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 829 mbedtls_ssl_conf_max_tls_version(&(ep->conf), 830 options->client_max_version); 831 } 832 } else { 833 if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 834 mbedtls_ssl_conf_min_tls_version(&(ep->conf), 835 options->server_min_version); 836 } 837 838 if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 839 mbedtls_ssl_conf_max_tls_version(&(ep->conf), 840 options->server_max_version); 841 } 842 } 843 844 if (options->group_list != NULL) { 845 mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); 846 } 847 848 mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); 849 850 #if defined(MBEDTLS_SSL_EARLY_DATA) 851 mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); 852 #if defined(MBEDTLS_SSL_SRV_C) 853 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && 854 (options->max_early_data_size >= 0)) { 855 mbedtls_ssl_conf_max_early_data_size(&(ep->conf), 856 options->max_early_data_size); 857 } 858 #endif 859 #if defined(MBEDTLS_SSL_ALPN) 860 /* check that alpn_list contains at least one valid entry */ 861 if (options->alpn_list[0] != NULL) { 862 mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); 863 } 864 #endif 865 #endif 866 867 #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) 868 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { 869 mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, 870 mbedtls_ssl_cache_get, 871 mbedtls_ssl_cache_set); 872 } 873 #endif 874 875 ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); 876 TEST_ASSERT(ret == 0); 877 878 if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { 879 ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); 880 TEST_EQUAL(ret, 0); 881 } 882 883 #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) 884 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { 885 mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); 886 } 887 #endif 888 889 #if defined(MBEDTLS_DEBUG_C) 890 #if defined(MBEDTLS_SSL_SRV_C) 891 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && 892 options->srv_log_fun != NULL) { 893 mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, 894 options->srv_log_obj); 895 } 896 #endif 897 #if defined(MBEDTLS_SSL_CLI_C) 898 if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && 899 options->cli_log_fun != NULL) { 900 mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, 901 options->cli_log_obj); 902 } 903 #endif 904 #endif /* MBEDTLS_DEBUG_C */ 905 906 ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, 907 options->opaque_alg, 908 options->opaque_alg2, 909 options->opaque_usage); 910 TEST_ASSERT(ret == 0); 911 912 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); 913 mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); 914 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); 915 mbedtls_ssl_set_user_data_p(&ep->ssl, ep); 916 917 return 0; 918 919 exit: 920 if (ret == 0) { 921 /* Exiting due to a test assertion that isn't ret == 0 */ 922 ret = -1; 923 } 924 return ret; 925 } 926 927 void mbedtls_test_ssl_endpoint_free( 928 mbedtls_test_ssl_endpoint *ep, 929 mbedtls_test_message_socket_context *context) 930 { 931 test_ssl_endpoint_certificate_free(ep); 932 933 mbedtls_ssl_free(&(ep->ssl)); 934 mbedtls_ssl_config_free(&(ep->conf)); 935 936 if (context != NULL) { 937 mbedtls_test_message_socket_close(context); 938 } else { 939 mbedtls_test_mock_socket_close(&(ep->socket)); 940 } 941 } 942 943 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, 944 mbedtls_ssl_context *second_ssl, 945 int state) 946 { 947 enum { BUFFSIZE = 1024 }; 948 int max_steps = 1000; 949 int ret = 0; 950 951 if (ssl == NULL || second_ssl == NULL) { 952 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 953 } 954 955 /* Perform communication via connected sockets */ 956 while ((ssl->state != state) && (--max_steps >= 0)) { 957 /* If /p second_ssl ends the handshake procedure before /p ssl then 958 * there is no need to call the next step */ 959 if (!mbedtls_ssl_is_handshake_over(second_ssl)) { 960 ret = mbedtls_ssl_handshake_step(second_ssl); 961 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && 962 ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 963 return ret; 964 } 965 } 966 967 /* We only care about the \p ssl state and returns, so we call it last, 968 * to leave the iteration as soon as the state is as expected. */ 969 ret = mbedtls_ssl_handshake_step(ssl); 970 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && 971 ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 972 return ret; 973 } 974 } 975 976 return (max_steps >= 0) ? ret : -1; 977 } 978 979 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 980 981 /* 982 * Write application data. Increase write counter if necessary. 983 */ 984 static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, 985 unsigned char *buf, int buf_len, 986 int *written, 987 const int expected_fragments) 988 { 989 int ret; 990 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is 991 * a valid no-op for TLS connections. */ 992 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 993 TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); 994 } 995 996 ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); 997 if (ret > 0) { 998 *written += ret; 999 } 1000 1001 if (expected_fragments == 0) { 1002 /* Used for DTLS and the message size larger than MFL. In that case 1003 * the message can not be fragmented and the library should return 1004 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned 1005 * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ 1006 return ret; 1007 } else if (expected_fragments == 1) { 1008 /* Used for TLS/DTLS and the message size lower than MFL */ 1009 TEST_ASSERT(ret == buf_len || 1010 ret == MBEDTLS_ERR_SSL_WANT_READ || 1011 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1012 } else { 1013 /* Used for TLS and the message size larger than MFL */ 1014 TEST_ASSERT(expected_fragments > 1); 1015 TEST_ASSERT((ret >= 0 && ret <= buf_len) || 1016 ret == MBEDTLS_ERR_SSL_WANT_READ || 1017 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1018 } 1019 1020 return 0; 1021 1022 exit: 1023 /* Some of the tests failed */ 1024 return -1; 1025 } 1026 1027 /* 1028 * Read application data and increase read counter and fragments counter 1029 * if necessary. 1030 */ 1031 static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, 1032 unsigned char *buf, int buf_len, 1033 int *read, int *fragments, 1034 const int expected_fragments) 1035 { 1036 int ret; 1037 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is 1038 * a valid no-op for TLS connections. */ 1039 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 1040 TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); 1041 } 1042 1043 ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); 1044 if (ret > 0) { 1045 (*fragments)++; 1046 *read += ret; 1047 } 1048 1049 if (expected_fragments == 0) { 1050 TEST_ASSERT(ret == 0); 1051 } else if (expected_fragments == 1) { 1052 TEST_ASSERT(ret == buf_len || 1053 ret == MBEDTLS_ERR_SSL_WANT_READ || 1054 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1055 } else { 1056 TEST_ASSERT(expected_fragments > 1); 1057 TEST_ASSERT((ret >= 0 && ret <= buf_len) || 1058 ret == MBEDTLS_ERR_SSL_WANT_READ || 1059 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1060 } 1061 1062 return 0; 1063 1064 exit: 1065 /* Some of the tests failed */ 1066 return -1; 1067 } 1068 1069 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 1070 static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, 1071 int *forced_ciphersuite) 1072 { 1073 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 1074 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); 1075 forced_ciphersuite[1] = 0; 1076 1077 ciphersuite_info = 1078 mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); 1079 1080 TEST_ASSERT(ciphersuite_info != NULL); 1081 TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); 1082 TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); 1083 1084 if (conf->max_tls_version > ciphersuite_info->max_tls_version) { 1085 conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; 1086 } 1087 if (conf->min_tls_version < ciphersuite_info->min_tls_version) { 1088 conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; 1089 } 1090 1091 mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); 1092 1093 exit: 1094 return; 1095 } 1096 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 1097 1098 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ 1099 defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ 1100 defined(MBEDTLS_SSL_SRV_C) 1101 static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, 1102 const unsigned char *name, size_t name_len) 1103 { 1104 (void) p_info; 1105 (void) ssl; 1106 (void) name; 1107 (void) name_len; 1108 1109 return 0; 1110 } 1111 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && 1112 MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && 1113 MBEDTLS_SSL_SRV_C */ 1114 1115 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 1116 defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) 1117 int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, 1118 const unsigned char *iv, 1119 size_t iv_len, 1120 const unsigned char *input, 1121 size_t ilen, 1122 unsigned char *output, 1123 size_t *olen) 1124 { 1125 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1126 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1127 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; 1128 size_t part_len; 1129 1130 status = psa_cipher_encrypt_setup(&cipher_op, 1131 transform->psa_key_enc, 1132 transform->psa_alg); 1133 1134 if (status != PSA_SUCCESS) { 1135 return PSA_TO_MBEDTLS_ERR(status); 1136 } 1137 1138 status = psa_cipher_set_iv(&cipher_op, iv, iv_len); 1139 1140 if (status != PSA_SUCCESS) { 1141 return PSA_TO_MBEDTLS_ERR(status); 1142 } 1143 1144 status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); 1145 1146 if (status != PSA_SUCCESS) { 1147 return PSA_TO_MBEDTLS_ERR(status); 1148 } 1149 1150 status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, 1151 &part_len); 1152 1153 if (status != PSA_SUCCESS) { 1154 return PSA_TO_MBEDTLS_ERR(status); 1155 } 1156 1157 *olen += part_len; 1158 return 0; 1159 #else 1160 return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, 1161 iv, iv_len, input, ilen, output, olen); 1162 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1163 } 1164 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && 1165 MBEDTLS_SSL_HAVE_AES */ 1166 1167 static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, 1168 mbedtls_cipher_mode_t *cipher_mode, 1169 size_t *key_bits, size_t *iv_len) 1170 { 1171 switch (cipher_type) { 1172 case MBEDTLS_CIPHER_AES_128_CBC: 1173 *cipher_mode = MBEDTLS_MODE_CBC; 1174 *key_bits = 128; 1175 *iv_len = 16; 1176 break; 1177 case MBEDTLS_CIPHER_AES_256_CBC: 1178 *cipher_mode = MBEDTLS_MODE_CBC; 1179 *key_bits = 256; 1180 *iv_len = 16; 1181 break; 1182 case MBEDTLS_CIPHER_ARIA_128_CBC: 1183 *cipher_mode = MBEDTLS_MODE_CBC; 1184 *key_bits = 128; 1185 *iv_len = 16; 1186 break; 1187 case MBEDTLS_CIPHER_ARIA_256_CBC: 1188 *cipher_mode = MBEDTLS_MODE_CBC; 1189 *key_bits = 256; 1190 *iv_len = 16; 1191 break; 1192 case MBEDTLS_CIPHER_CAMELLIA_128_CBC: 1193 *cipher_mode = MBEDTLS_MODE_CBC; 1194 *key_bits = 128; 1195 *iv_len = 16; 1196 break; 1197 case MBEDTLS_CIPHER_CAMELLIA_256_CBC: 1198 *cipher_mode = MBEDTLS_MODE_CBC; 1199 *key_bits = 256; 1200 *iv_len = 16; 1201 break; 1202 1203 case MBEDTLS_CIPHER_AES_128_CCM: 1204 *cipher_mode = MBEDTLS_MODE_CCM; 1205 *key_bits = 128; 1206 *iv_len = 12; 1207 break; 1208 case MBEDTLS_CIPHER_AES_192_CCM: 1209 *cipher_mode = MBEDTLS_MODE_CCM; 1210 *key_bits = 192; 1211 *iv_len = 12; 1212 break; 1213 case MBEDTLS_CIPHER_AES_256_CCM: 1214 *cipher_mode = MBEDTLS_MODE_CCM; 1215 *key_bits = 256; 1216 *iv_len = 12; 1217 break; 1218 case MBEDTLS_CIPHER_CAMELLIA_128_CCM: 1219 *cipher_mode = MBEDTLS_MODE_CCM; 1220 *key_bits = 128; 1221 *iv_len = 12; 1222 break; 1223 case MBEDTLS_CIPHER_CAMELLIA_192_CCM: 1224 *cipher_mode = MBEDTLS_MODE_CCM; 1225 *key_bits = 192; 1226 *iv_len = 12; 1227 break; 1228 case MBEDTLS_CIPHER_CAMELLIA_256_CCM: 1229 *cipher_mode = MBEDTLS_MODE_CCM; 1230 *key_bits = 256; 1231 *iv_len = 12; 1232 break; 1233 1234 case MBEDTLS_CIPHER_AES_128_GCM: 1235 *cipher_mode = MBEDTLS_MODE_GCM; 1236 *key_bits = 128; 1237 *iv_len = 12; 1238 break; 1239 case MBEDTLS_CIPHER_AES_192_GCM: 1240 *cipher_mode = MBEDTLS_MODE_GCM; 1241 *key_bits = 192; 1242 *iv_len = 12; 1243 break; 1244 case MBEDTLS_CIPHER_AES_256_GCM: 1245 *cipher_mode = MBEDTLS_MODE_GCM; 1246 *key_bits = 256; 1247 *iv_len = 12; 1248 break; 1249 case MBEDTLS_CIPHER_CAMELLIA_128_GCM: 1250 *cipher_mode = MBEDTLS_MODE_GCM; 1251 *key_bits = 128; 1252 *iv_len = 12; 1253 break; 1254 case MBEDTLS_CIPHER_CAMELLIA_192_GCM: 1255 *cipher_mode = MBEDTLS_MODE_GCM; 1256 *key_bits = 192; 1257 *iv_len = 12; 1258 break; 1259 case MBEDTLS_CIPHER_CAMELLIA_256_GCM: 1260 *cipher_mode = MBEDTLS_MODE_GCM; 1261 *key_bits = 256; 1262 *iv_len = 12; 1263 break; 1264 1265 case MBEDTLS_CIPHER_CHACHA20_POLY1305: 1266 *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; 1267 *key_bits = 256; 1268 *iv_len = 12; 1269 break; 1270 1271 case MBEDTLS_CIPHER_NULL: 1272 *cipher_mode = MBEDTLS_MODE_STREAM; 1273 *key_bits = 0; 1274 *iv_len = 0; 1275 break; 1276 1277 default: 1278 *cipher_mode = MBEDTLS_MODE_NONE; 1279 *key_bits = 0; 1280 *iv_len = 0; 1281 } 1282 } 1283 1284 int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, 1285 mbedtls_ssl_transform *t_out, 1286 int cipher_type, int hash_id, 1287 int etm, int tag_mode, 1288 mbedtls_ssl_protocol_version tls_version, 1289 size_t cid0_len, 1290 size_t cid1_len) 1291 { 1292 mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; 1293 size_t key_bits = 0; 1294 int ret = 0; 1295 1296 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1297 psa_key_type_t key_type; 1298 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1299 psa_algorithm_t alg; 1300 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1301 #else 1302 mbedtls_cipher_info_t const *cipher_info; 1303 #endif 1304 1305 size_t keylen, maclen, ivlen = 0; 1306 unsigned char *key0 = NULL, *key1 = NULL; 1307 unsigned char *md0 = NULL, *md1 = NULL; 1308 unsigned char iv_enc[16], iv_dec[16]; 1309 1310 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1311 unsigned char cid0[SSL_CID_LEN_MIN]; 1312 unsigned char cid1[SSL_CID_LEN_MIN]; 1313 1314 mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); 1315 mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); 1316 #else 1317 ((void) cid0_len); 1318 ((void) cid1_len); 1319 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1320 1321 maclen = 0; 1322 mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, 1323 &cipher_mode, &key_bits, &ivlen); 1324 1325 /* Pick keys */ 1326 keylen = key_bits / 8; 1327 /* Allocate `keylen + 1` bytes to ensure that we get 1328 * a non-NULL pointers from `mbedtls_calloc` even if 1329 * `keylen == 0` in the case of the NULL cipher. */ 1330 CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); 1331 CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); 1332 memset(key0, 0x1, keylen); 1333 memset(key1, 0x2, keylen); 1334 1335 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 1336 /* Pick cipher */ 1337 cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); 1338 CHK(cipher_info != NULL); 1339 CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); 1340 CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); 1341 1342 /* Setup cipher contexts */ 1343 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); 1344 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); 1345 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); 1346 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); 1347 1348 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1349 if (cipher_mode == MBEDTLS_MODE_CBC) { 1350 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, 1351 MBEDTLS_PADDING_NONE) == 0); 1352 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, 1353 MBEDTLS_PADDING_NONE) == 0); 1354 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, 1355 MBEDTLS_PADDING_NONE) == 0); 1356 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, 1357 MBEDTLS_PADDING_NONE) == 0); 1358 } 1359 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1360 1361 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, 1362 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1363 MBEDTLS_ENCRYPT) 1364 == 0); 1365 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, 1366 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1367 MBEDTLS_DECRYPT) 1368 == 0); 1369 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, 1370 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1371 MBEDTLS_ENCRYPT) 1372 == 0); 1373 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, 1374 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1375 MBEDTLS_DECRYPT) 1376 == 0); 1377 #endif /* !MBEDTLS_USE_PSA_CRYPTO */ 1378 1379 /* Setup MAC contexts */ 1380 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1381 if (cipher_mode == MBEDTLS_MODE_CBC || 1382 cipher_mode == MBEDTLS_MODE_STREAM) { 1383 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 1384 mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); 1385 CHK(md_info != NULL); 1386 #endif 1387 maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); 1388 CHK(maclen != 0); 1389 /* Pick hash keys */ 1390 CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); 1391 CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); 1392 memset(md0, 0x5, maclen); 1393 memset(md1, 0x6, maclen); 1394 1395 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1396 alg = mbedtls_md_psa_alg_from_type(hash_id); 1397 1398 CHK(alg != 0); 1399 1400 t_out->psa_mac_alg = PSA_ALG_HMAC(alg); 1401 t_in->psa_mac_alg = PSA_ALG_HMAC(alg); 1402 t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; 1403 t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; 1404 t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; 1405 t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; 1406 1407 psa_reset_key_attributes(&attributes); 1408 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 1409 psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); 1410 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); 1411 1412 CHK(psa_import_key(&attributes, 1413 md0, maclen, 1414 &t_in->psa_mac_enc) == PSA_SUCCESS); 1415 1416 CHK(psa_import_key(&attributes, 1417 md1, maclen, 1418 &t_out->psa_mac_enc) == PSA_SUCCESS); 1419 1420 if (cipher_mode == MBEDTLS_MODE_STREAM || 1421 etm == MBEDTLS_SSL_ETM_DISABLED) { 1422 /* mbedtls_ct_hmac() requires the key to be exportable */ 1423 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | 1424 PSA_KEY_USAGE_VERIFY_HASH); 1425 } else { 1426 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1427 } 1428 1429 CHK(psa_import_key(&attributes, 1430 md1, maclen, 1431 &t_in->psa_mac_dec) == PSA_SUCCESS); 1432 1433 CHK(psa_import_key(&attributes, 1434 md0, maclen, 1435 &t_out->psa_mac_dec) == PSA_SUCCESS); 1436 #else 1437 CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); 1438 CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); 1439 CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); 1440 CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); 1441 1442 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, 1443 md0, maclen) == 0); 1444 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, 1445 md1, maclen) == 0); 1446 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, 1447 md1, maclen) == 0); 1448 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, 1449 md0, maclen) == 0); 1450 #endif 1451 } 1452 #else 1453 ((void) hash_id); 1454 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 1455 1456 1457 /* Pick IV's (regardless of whether they 1458 * are being used by the transform). */ 1459 memset(iv_enc, 0x3, sizeof(iv_enc)); 1460 memset(iv_dec, 0x4, sizeof(iv_dec)); 1461 1462 /* 1463 * Setup transforms 1464 */ 1465 1466 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ 1467 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1468 t_out->encrypt_then_mac = etm; 1469 t_in->encrypt_then_mac = etm; 1470 #else 1471 ((void) etm); 1472 #endif 1473 1474 t_out->tls_version = tls_version; 1475 t_in->tls_version = tls_version; 1476 t_out->ivlen = ivlen; 1477 t_in->ivlen = ivlen; 1478 1479 switch (cipher_mode) { 1480 case MBEDTLS_MODE_GCM: 1481 case MBEDTLS_MODE_CCM: 1482 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1483 if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { 1484 t_out->fixed_ivlen = 12; 1485 t_in->fixed_ivlen = 12; 1486 } else 1487 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 1488 { 1489 t_out->fixed_ivlen = 4; 1490 t_in->fixed_ivlen = 4; 1491 } 1492 t_out->maclen = 0; 1493 t_in->maclen = 0; 1494 switch (tag_mode) { 1495 case 0: /* Full tag */ 1496 t_out->taglen = 16; 1497 t_in->taglen = 16; 1498 break; 1499 case 1: /* Partial tag */ 1500 t_out->taglen = 8; 1501 t_in->taglen = 8; 1502 break; 1503 default: 1504 ret = 1; 1505 goto cleanup; 1506 } 1507 break; 1508 1509 case MBEDTLS_MODE_CHACHAPOLY: 1510 t_out->fixed_ivlen = 12; 1511 t_in->fixed_ivlen = 12; 1512 t_out->maclen = 0; 1513 t_in->maclen = 0; 1514 switch (tag_mode) { 1515 case 0: /* Full tag */ 1516 t_out->taglen = 16; 1517 t_in->taglen = 16; 1518 break; 1519 case 1: /* Partial tag */ 1520 t_out->taglen = 8; 1521 t_in->taglen = 8; 1522 break; 1523 default: 1524 ret = 1; 1525 goto cleanup; 1526 } 1527 break; 1528 1529 case MBEDTLS_MODE_STREAM: 1530 case MBEDTLS_MODE_CBC: 1531 t_out->fixed_ivlen = 0; /* redundant, must be 0 */ 1532 t_in->fixed_ivlen = 0; /* redundant, must be 0 */ 1533 t_out->taglen = 0; 1534 t_in->taglen = 0; 1535 switch (tag_mode) { 1536 case 0: /* Full tag */ 1537 t_out->maclen = maclen; 1538 t_in->maclen = maclen; 1539 break; 1540 default: 1541 ret = 1; 1542 goto cleanup; 1543 } 1544 break; 1545 default: 1546 ret = 1; 1547 goto cleanup; 1548 break; 1549 } 1550 1551 /* Setup IV's */ 1552 1553 memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); 1554 memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); 1555 memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); 1556 memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); 1557 1558 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1559 /* Add CID */ 1560 memcpy(&t_in->in_cid, cid0, cid0_len); 1561 memcpy(&t_in->out_cid, cid1, cid1_len); 1562 t_in->in_cid_len = (uint8_t) cid0_len; 1563 t_in->out_cid_len = (uint8_t) cid1_len; 1564 memcpy(&t_out->in_cid, cid1, cid1_len); 1565 memcpy(&t_out->out_cid, cid0, cid0_len); 1566 t_out->in_cid_len = (uint8_t) cid1_len; 1567 t_out->out_cid_len = (uint8_t) cid0_len; 1568 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1569 1570 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1571 status = mbedtls_ssl_cipher_to_psa(cipher_type, 1572 t_in->taglen, 1573 &alg, 1574 &key_type, 1575 &key_bits); 1576 1577 if (status != PSA_SUCCESS) { 1578 ret = PSA_TO_MBEDTLS_ERR(status); 1579 goto cleanup; 1580 } 1581 1582 t_in->psa_alg = alg; 1583 t_out->psa_alg = alg; 1584 1585 if (alg != MBEDTLS_SSL_NULL_CIPHER) { 1586 psa_reset_key_attributes(&attributes); 1587 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1588 psa_set_key_algorithm(&attributes, alg); 1589 psa_set_key_type(&attributes, key_type); 1590 1591 status = psa_import_key(&attributes, 1592 key0, 1593 PSA_BITS_TO_BYTES(key_bits), 1594 &t_in->psa_key_enc); 1595 1596 if (status != PSA_SUCCESS) { 1597 ret = PSA_TO_MBEDTLS_ERR(status); 1598 goto cleanup; 1599 } 1600 1601 status = psa_import_key(&attributes, 1602 key1, 1603 PSA_BITS_TO_BYTES(key_bits), 1604 &t_out->psa_key_enc); 1605 1606 if (status != PSA_SUCCESS) { 1607 ret = PSA_TO_MBEDTLS_ERR(status); 1608 goto cleanup; 1609 } 1610 1611 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1612 1613 status = psa_import_key(&attributes, 1614 key1, 1615 PSA_BITS_TO_BYTES(key_bits), 1616 &t_in->psa_key_dec); 1617 1618 if (status != PSA_SUCCESS) { 1619 ret = PSA_TO_MBEDTLS_ERR(status); 1620 goto cleanup; 1621 } 1622 1623 status = psa_import_key(&attributes, 1624 key0, 1625 PSA_BITS_TO_BYTES(key_bits), 1626 &t_out->psa_key_dec); 1627 1628 if (status != PSA_SUCCESS) { 1629 ret = PSA_TO_MBEDTLS_ERR(status); 1630 goto cleanup; 1631 } 1632 } 1633 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1634 1635 cleanup: 1636 1637 mbedtls_free(key0); 1638 mbedtls_free(key1); 1639 1640 mbedtls_free(md0); 1641 mbedtls_free(md1); 1642 1643 return ret; 1644 } 1645 1646 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1647 int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, 1648 mbedtls_ssl_transform *transform_out) 1649 { 1650 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1651 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1652 #endif 1653 1654 /* Serialized version of record header for MAC purposes */ 1655 unsigned char add_data[13]; 1656 memcpy(add_data, record->ctr, 8); 1657 add_data[8] = record->type; 1658 add_data[9] = record->ver[0]; 1659 add_data[10] = record->ver[1]; 1660 add_data[11] = (record->data_len >> 8) & 0xff; 1661 add_data[12] = (record->data_len >> 0) & 0xff; 1662 1663 /* MAC with additional data */ 1664 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1665 size_t sign_mac_length = 0; 1666 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, 1667 transform_out->psa_mac_enc, 1668 transform_out->psa_mac_alg)); 1669 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); 1670 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, 1671 record->buf + record->data_offset, 1672 record->data_len)); 1673 /* Use a temporary buffer for the MAC, because with the truncated HMAC 1674 * extension, there might not be enough room in the record for the 1675 * full-length MAC. */ 1676 unsigned char mac[PSA_HASH_MAX_SIZE]; 1677 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, 1678 mac, sizeof(mac), 1679 &sign_mac_length)); 1680 #else 1681 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); 1682 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, 1683 record->buf + record->data_offset, 1684 record->data_len)); 1685 /* Use a temporary buffer for the MAC, because with the truncated HMAC 1686 * extension, there might not be enough room in the record for the 1687 * full-length MAC. */ 1688 unsigned char mac[MBEDTLS_MD_MAX_SIZE]; 1689 TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); 1690 #endif 1691 memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); 1692 record->data_len += transform_out->maclen; 1693 1694 return 0; 1695 1696 exit: 1697 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1698 psa_mac_abort(&operation); 1699 #endif 1700 return -1; 1701 } 1702 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 1703 1704 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1705 int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, 1706 int ticket_len, 1707 int endpoint_type, 1708 const char *crt_file) 1709 { 1710 (void) ticket_len; 1711 1712 #if defined(MBEDTLS_HAVE_TIME) 1713 session->start = mbedtls_time(NULL) - 42; 1714 #endif 1715 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 1716 1717 TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || 1718 endpoint_type == MBEDTLS_SSL_IS_SERVER); 1719 1720 session->endpoint = endpoint_type; 1721 session->ciphersuite = 0xabcd; 1722 session->id_len = sizeof(session->id); 1723 memset(session->id, 66, session->id_len); 1724 memset(session->master, 17, sizeof(session->master)); 1725 1726 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) 1727 if (crt_file != NULL && strlen(crt_file) != 0) { 1728 mbedtls_x509_crt tmp_crt; 1729 int ret; 1730 1731 mbedtls_x509_crt_init(&tmp_crt); 1732 ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); 1733 if (ret != 0) { 1734 return ret; 1735 } 1736 1737 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 1738 /* Move temporary CRT. */ 1739 session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); 1740 if (session->peer_cert == NULL) { 1741 return -1; 1742 } 1743 *session->peer_cert = tmp_crt; 1744 memset(&tmp_crt, 0, sizeof(tmp_crt)); 1745 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1746 /* Calculate digest of temporary CRT. */ 1747 session->peer_cert_digest = 1748 mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); 1749 if (session->peer_cert_digest == NULL) { 1750 return -1; 1751 } 1752 1753 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1754 psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( 1755 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); 1756 size_t hash_size = 0; 1757 psa_status_t status = psa_hash_compute( 1758 psa_alg, tmp_crt.raw.p, 1759 tmp_crt.raw.len, 1760 session->peer_cert_digest, 1761 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, 1762 &hash_size); 1763 ret = PSA_TO_MBEDTLS_ERR(status); 1764 #else 1765 ret = mbedtls_md(mbedtls_md_info_from_type( 1766 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), 1767 tmp_crt.raw.p, tmp_crt.raw.len, 1768 session->peer_cert_digest); 1769 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1770 if (ret != 0) { 1771 return ret; 1772 } 1773 session->peer_cert_digest_type = 1774 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; 1775 session->peer_cert_digest_len = 1776 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; 1777 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1778 1779 mbedtls_x509_crt_free(&tmp_crt); 1780 } 1781 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ 1782 (void) crt_file; 1783 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ 1784 session->verify_result = 0xdeadbeef; 1785 1786 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 1787 #if defined(MBEDTLS_SSL_CLI_C) 1788 if (ticket_len != 0) { 1789 session->ticket = mbedtls_calloc(1, ticket_len); 1790 if (session->ticket == NULL) { 1791 return -1; 1792 } 1793 memset(session->ticket, 33, ticket_len); 1794 } 1795 session->ticket_len = ticket_len; 1796 session->ticket_lifetime = 86401; 1797 #endif /* MBEDTLS_SSL_CLI_C */ 1798 1799 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) 1800 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { 1801 session->ticket_creation_time = mbedtls_ms_time() - 42; 1802 } 1803 #endif 1804 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 1805 1806 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 1807 session->mfl_code = 1; 1808 #endif 1809 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1810 session->encrypt_then_mac = 1; 1811 #endif 1812 1813 exit: 1814 return 0; 1815 } 1816 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 1817 1818 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1819 int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, 1820 int ticket_len, 1821 int endpoint_type) 1822 { 1823 ((void) ticket_len); 1824 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; 1825 session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? 1826 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; 1827 session->ciphersuite = 0xabcd; 1828 1829 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 1830 session->ticket_age_add = 0x87654321; 1831 session->ticket_flags = 0x7; 1832 session->resumption_key_len = 32; 1833 memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); 1834 #endif 1835 1836 #if defined(MBEDTLS_SSL_SRV_C) 1837 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { 1838 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 1839 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) 1840 int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); 1841 if (ret != 0) { 1842 return -1; 1843 } 1844 #endif 1845 #if defined(MBEDTLS_HAVE_TIME) 1846 session->ticket_creation_time = mbedtls_ms_time() - 42; 1847 #endif 1848 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 1849 } 1850 #endif /* MBEDTLS_SSL_SRV_C */ 1851 1852 #if defined(MBEDTLS_SSL_CLI_C) 1853 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { 1854 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 1855 #if defined(MBEDTLS_HAVE_TIME) 1856 session->ticket_reception_time = mbedtls_ms_time() - 40; 1857 #endif 1858 session->ticket_lifetime = 0xfedcba98; 1859 1860 session->ticket_len = ticket_len; 1861 if (ticket_len != 0) { 1862 session->ticket = mbedtls_calloc(1, ticket_len); 1863 if (session->ticket == NULL) { 1864 return -1; 1865 } 1866 memset(session->ticket, 33, ticket_len); 1867 } 1868 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 1869 char hostname[] = "hostname example"; 1870 session->hostname = mbedtls_calloc(1, sizeof(hostname)); 1871 if (session->hostname == NULL) { 1872 return -1; 1873 } 1874 memcpy(session->hostname, hostname, sizeof(hostname)); 1875 #endif 1876 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 1877 } 1878 #endif /* MBEDTLS_SSL_CLI_C */ 1879 1880 #if defined(MBEDTLS_SSL_EARLY_DATA) 1881 session->max_early_data_size = 0x87654321; 1882 #endif /* MBEDTLS_SSL_EARLY_DATA */ 1883 1884 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) 1885 session->record_size_limit = 2048; 1886 #endif 1887 1888 return 0; 1889 } 1890 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 1891 1892 int mbedtls_test_ssl_exchange_data( 1893 mbedtls_ssl_context *ssl_1, 1894 int msg_len_1, const int expected_fragments_1, 1895 mbedtls_ssl_context *ssl_2, 1896 int msg_len_2, const int expected_fragments_2) 1897 { 1898 unsigned char *msg_buf_1 = malloc(msg_len_1); 1899 unsigned char *msg_buf_2 = malloc(msg_len_2); 1900 unsigned char *in_buf_1 = malloc(msg_len_2); 1901 unsigned char *in_buf_2 = malloc(msg_len_1); 1902 int msg_type, ret = -1; 1903 1904 /* Perform this test with two message types. At first use a message 1905 * consisting of only 0x00 for the client and only 0xFF for the server. 1906 * At the second time use message with generated data */ 1907 for (msg_type = 0; msg_type < 2; msg_type++) { 1908 int written_1 = 0; 1909 int written_2 = 0; 1910 int read_1 = 0; 1911 int read_2 = 0; 1912 int fragments_1 = 0; 1913 int fragments_2 = 0; 1914 1915 if (msg_type == 0) { 1916 memset(msg_buf_1, 0x00, msg_len_1); 1917 memset(msg_buf_2, 0xff, msg_len_2); 1918 } else { 1919 int i, j = 0; 1920 for (i = 0; i < msg_len_1; i++) { 1921 msg_buf_1[i] = j++ & 0xFF; 1922 } 1923 for (i = 0; i < msg_len_2; i++) { 1924 msg_buf_2[i] = (j -= 5) & 0xFF; 1925 } 1926 } 1927 1928 while (read_1 < msg_len_2 || read_2 < msg_len_1) { 1929 /* ssl_1 sending */ 1930 if (msg_len_1 > written_1) { 1931 ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, 1932 msg_len_1, &written_1, 1933 expected_fragments_1); 1934 if (expected_fragments_1 == 0) { 1935 /* This error is expected when the message is too large and 1936 * cannot be fragmented */ 1937 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); 1938 msg_len_1 = 0; 1939 } else { 1940 TEST_ASSERT(ret == 0); 1941 } 1942 } 1943 1944 /* ssl_2 sending */ 1945 if (msg_len_2 > written_2) { 1946 ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, 1947 msg_len_2, &written_2, 1948 expected_fragments_2); 1949 if (expected_fragments_2 == 0) { 1950 /* This error is expected when the message is too large and 1951 * cannot be fragmented */ 1952 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); 1953 msg_len_2 = 0; 1954 } else { 1955 TEST_ASSERT(ret == 0); 1956 } 1957 } 1958 1959 /* ssl_1 reading */ 1960 if (read_1 < msg_len_2) { 1961 ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, 1962 msg_len_2, &read_1, 1963 &fragments_2, 1964 expected_fragments_2); 1965 TEST_ASSERT(ret == 0); 1966 } 1967 1968 /* ssl_2 reading */ 1969 if (read_2 < msg_len_1) { 1970 ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, 1971 msg_len_1, &read_2, 1972 &fragments_1, 1973 expected_fragments_1); 1974 TEST_ASSERT(ret == 0); 1975 } 1976 } 1977 1978 ret = -1; 1979 TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); 1980 TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); 1981 TEST_ASSERT(fragments_1 == expected_fragments_1); 1982 TEST_ASSERT(fragments_2 == expected_fragments_2); 1983 } 1984 1985 ret = 0; 1986 1987 exit: 1988 free(msg_buf_1); 1989 free(in_buf_1); 1990 free(msg_buf_2); 1991 free(in_buf_2); 1992 1993 return ret; 1994 } 1995 1996 /* 1997 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints 1998 * must be initialized and connected beforehand. 1999 * 2000 * \retval 0 on success, otherwise error code. 2001 */ 2002 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ 2003 (defined(MBEDTLS_SSL_RENEGOTIATION) || \ 2004 defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) 2005 static int exchange_data(mbedtls_ssl_context *ssl_1, 2006 mbedtls_ssl_context *ssl_2) 2007 { 2008 return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, 2009 ssl_2, 256, 1); 2010 } 2011 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && 2012 (MBEDTLS_SSL_RENEGOTIATION || 2013 MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ 2014 2015 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2016 static int check_ssl_version( 2017 mbedtls_ssl_protocol_version expected_negotiated_version, 2018 const mbedtls_ssl_context *ssl) 2019 { 2020 const char *version_string = mbedtls_ssl_get_version(ssl); 2021 mbedtls_ssl_protocol_version version_number = 2022 mbedtls_ssl_get_version_number(ssl); 2023 2024 TEST_EQUAL(ssl->tls_version, expected_negotiated_version); 2025 2026 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 2027 TEST_EQUAL(version_string[0], 'D'); 2028 ++version_string; 2029 } 2030 2031 switch (expected_negotiated_version) { 2032 case MBEDTLS_SSL_VERSION_TLS1_2: 2033 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); 2034 TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); 2035 break; 2036 2037 case MBEDTLS_SSL_VERSION_TLS1_3: 2038 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); 2039 TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); 2040 break; 2041 2042 default: 2043 TEST_FAIL( 2044 "Version check not implemented for this protocol version"); 2045 } 2046 2047 return 1; 2048 2049 exit: 2050 return 0; 2051 } 2052 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2053 2054 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2055 int mbedtls_test_ssl_do_handshake_with_endpoints( 2056 mbedtls_test_ssl_endpoint *server_ep, 2057 mbedtls_test_ssl_endpoint *client_ep, 2058 mbedtls_test_handshake_test_options *options, 2059 mbedtls_ssl_protocol_version proto) 2060 { 2061 enum { BUFFSIZE = 1024 }; 2062 2063 int ret = -1; 2064 2065 mbedtls_platform_zeroize(server_ep, sizeof(mbedtls_test_ssl_endpoint)); 2066 mbedtls_platform_zeroize(client_ep, sizeof(mbedtls_test_ssl_endpoint)); 2067 2068 mbedtls_test_init_handshake_options(options); 2069 options->server_min_version = proto; 2070 options->client_min_version = proto; 2071 options->server_max_version = proto; 2072 options->client_max_version = proto; 2073 2074 ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options, 2075 NULL, NULL, NULL); 2076 if (ret != 0) { 2077 return ret; 2078 } 2079 ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options, 2080 NULL, NULL, NULL); 2081 if (ret != 0) { 2082 return ret; 2083 } 2084 2085 ret = mbedtls_test_mock_socket_connect(&client_ep->socket, &server_ep->socket, BUFFSIZE); 2086 if (ret != 0) { 2087 return ret; 2088 } 2089 2090 ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, 2091 &client_ep->ssl, 2092 MBEDTLS_SSL_HANDSHAKE_OVER); 2093 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 2094 return ret; 2095 } 2096 ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, 2097 &server_ep->ssl, 2098 MBEDTLS_SSL_HANDSHAKE_OVER); 2099 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 2100 return ret; 2101 } 2102 if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || 2103 !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { 2104 return -1; 2105 } 2106 2107 return 0; 2108 } 2109 #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ 2110 2111 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2112 void mbedtls_test_ssl_perform_handshake( 2113 mbedtls_test_handshake_test_options *options) 2114 { 2115 /* forced_ciphersuite needs to last until the end of the handshake */ 2116 int forced_ciphersuite[2]; 2117 enum { BUFFSIZE = 17000 }; 2118 mbedtls_test_ssl_endpoint client, server; 2119 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 2120 const char *psk_identity = "foo"; 2121 #endif 2122 #if defined(MBEDTLS_TIMING_C) 2123 mbedtls_timing_delay_context timer_client, timer_server; 2124 #endif 2125 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2126 unsigned char *context_buf = NULL; 2127 size_t context_buf_len; 2128 #endif 2129 #if defined(MBEDTLS_SSL_RENEGOTIATION) 2130 int ret = -1; 2131 #endif 2132 int expected_handshake_result = options->expected_handshake_result; 2133 2134 MD_OR_USE_PSA_INIT(); 2135 mbedtls_platform_zeroize(&client, sizeof(client)); 2136 mbedtls_platform_zeroize(&server, sizeof(server)); 2137 mbedtls_test_ssl_message_queue server_queue, client_queue; 2138 mbedtls_test_message_socket_context server_context, client_context; 2139 mbedtls_test_message_socket_init(&server_context); 2140 mbedtls_test_message_socket_init(&client_context); 2141 2142 #if defined(MBEDTLS_DEBUG_C) 2143 if (options->cli_log_fun || options->srv_log_fun) { 2144 mbedtls_debug_set_threshold(4); 2145 } 2146 #endif 2147 2148 /* Client side */ 2149 if (options->dtls != 0) { 2150 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, 2151 MBEDTLS_SSL_IS_CLIENT, 2152 options, &client_context, 2153 &client_queue, 2154 &server_queue) == 0); 2155 #if defined(MBEDTLS_TIMING_C) 2156 mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, 2157 mbedtls_timing_set_delay, 2158 mbedtls_timing_get_delay); 2159 #endif 2160 } else { 2161 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, 2162 MBEDTLS_SSL_IS_CLIENT, 2163 options, NULL, NULL, 2164 NULL) == 0); 2165 } 2166 2167 if (strlen(options->cipher) > 0) { 2168 set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); 2169 } 2170 2171 /* Server side */ 2172 if (options->dtls != 0) { 2173 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, 2174 MBEDTLS_SSL_IS_SERVER, 2175 options, &server_context, 2176 &server_queue, 2177 &client_queue) == 0); 2178 #if defined(MBEDTLS_TIMING_C) 2179 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, 2180 mbedtls_timing_set_delay, 2181 mbedtls_timing_get_delay); 2182 #endif 2183 } else { 2184 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, 2185 MBEDTLS_SSL_IS_SERVER, 2186 options, NULL, NULL, 2187 NULL) == 0); 2188 } 2189 2190 mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); 2191 2192 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 2193 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), 2194 (unsigned char) options->mfl) 2195 == 0); 2196 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), 2197 (unsigned char) options->mfl) 2198 == 0); 2199 #else 2200 TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); 2201 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ 2202 2203 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 2204 if (options->psk_str != NULL && options->psk_str->len > 0) { 2205 TEST_ASSERT(mbedtls_ssl_conf_psk( 2206 &client.conf, options->psk_str->x, 2207 options->psk_str->len, 2208 (const unsigned char *) psk_identity, 2209 strlen(psk_identity)) == 0); 2210 2211 TEST_ASSERT(mbedtls_ssl_conf_psk( 2212 &server.conf, options->psk_str->x, 2213 options->psk_str->len, 2214 (const unsigned char *) psk_identity, 2215 strlen(psk_identity)) == 0); 2216 #if defined(MBEDTLS_SSL_SRV_C) 2217 mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); 2218 #endif 2219 } 2220 #endif 2221 #if defined(MBEDTLS_SSL_RENEGOTIATION) 2222 if (options->renegotiate) { 2223 mbedtls_ssl_conf_renegotiation(&(server.conf), 2224 MBEDTLS_SSL_RENEGOTIATION_ENABLED); 2225 mbedtls_ssl_conf_renegotiation(&(client.conf), 2226 MBEDTLS_SSL_RENEGOTIATION_ENABLED); 2227 2228 mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), 2229 options->legacy_renegotiation); 2230 mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), 2231 options->legacy_renegotiation); 2232 } 2233 #endif /* MBEDTLS_SSL_RENEGOTIATION */ 2234 2235 TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), 2236 &(server.socket), 2237 BUFFSIZE) == 0); 2238 2239 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2240 if (options->resize_buffers != 0) { 2241 /* Ensure that the buffer sizes are appropriate before resizes */ 2242 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2243 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2244 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2245 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2246 } 2247 #endif 2248 2249 if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { 2250 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; 2251 } 2252 2253 TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), 2254 &(server.ssl), 2255 MBEDTLS_SSL_HANDSHAKE_OVER) 2256 == expected_handshake_result); 2257 2258 if (expected_handshake_result != 0) { 2259 /* Connection will have failed by this point, skip to cleanup */ 2260 goto exit; 2261 } 2262 2263 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); 2264 2265 /* Make sure server state is moved to HANDSHAKE_OVER also. */ 2266 TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), 2267 &(client.ssl), 2268 MBEDTLS_SSL_HANDSHAKE_OVER), 2269 0); 2270 2271 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); 2272 /* Check that both sides have negotiated the expected version. */ 2273 mbedtls_test_set_step(0); 2274 if (!check_ssl_version(options->expected_negotiated_version, 2275 &client.ssl)) { 2276 goto exit; 2277 } 2278 2279 mbedtls_test_set_step(1); 2280 if (!check_ssl_version(options->expected_negotiated_version, 2281 &server.ssl)) { 2282 goto exit; 2283 } 2284 2285 if (options->expected_ciphersuite != 0) { 2286 TEST_EQUAL(server.ssl.session->ciphersuite, 2287 options->expected_ciphersuite); 2288 } 2289 2290 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2291 if (options->resize_buffers != 0) { 2292 /* A server, when using DTLS, might delay a buffer resize to happen 2293 * after it receives a message, so we force it. */ 2294 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2295 2296 TEST_ASSERT(client.ssl.out_buf_len == 2297 mbedtls_ssl_get_output_buflen(&client.ssl)); 2298 TEST_ASSERT(client.ssl.in_buf_len == 2299 mbedtls_ssl_get_input_buflen(&client.ssl)); 2300 TEST_ASSERT(server.ssl.out_buf_len == 2301 mbedtls_ssl_get_output_buflen(&server.ssl)); 2302 TEST_ASSERT(server.ssl.in_buf_len == 2303 mbedtls_ssl_get_input_buflen(&server.ssl)); 2304 } 2305 #endif 2306 2307 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { 2308 /* Start data exchanging test */ 2309 TEST_ASSERT(mbedtls_test_ssl_exchange_data( 2310 &(client.ssl), options->cli_msg_len, 2311 options->expected_cli_fragments, 2312 &(server.ssl), options->srv_msg_len, 2313 options->expected_srv_fragments) 2314 == 0); 2315 } 2316 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2317 if (options->serialize == 1) { 2318 TEST_ASSERT(options->dtls == 1); 2319 2320 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, 2321 0, &context_buf_len) 2322 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 2323 2324 context_buf = mbedtls_calloc(1, context_buf_len); 2325 TEST_ASSERT(context_buf != NULL); 2326 2327 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, 2328 context_buf_len, 2329 &context_buf_len) 2330 == 0); 2331 2332 mbedtls_ssl_free(&(server.ssl)); 2333 mbedtls_ssl_init(&(server.ssl)); 2334 2335 TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); 2336 2337 mbedtls_ssl_set_bio(&(server.ssl), &server_context, 2338 mbedtls_test_mock_tcp_send_msg, 2339 mbedtls_test_mock_tcp_recv_msg, 2340 NULL); 2341 2342 mbedtls_ssl_set_user_data_p(&server.ssl, &server); 2343 2344 #if defined(MBEDTLS_TIMING_C) 2345 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, 2346 mbedtls_timing_set_delay, 2347 mbedtls_timing_get_delay); 2348 #endif 2349 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2350 if (options->resize_buffers != 0) { 2351 /* Ensure that the buffer sizes are appropriate before resizes */ 2352 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2353 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2354 } 2355 #endif 2356 TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, 2357 context_buf_len) == 0); 2358 2359 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2360 /* Validate buffer sizes after context deserialization */ 2361 if (options->resize_buffers != 0) { 2362 TEST_ASSERT(server.ssl.out_buf_len == 2363 mbedtls_ssl_get_output_buflen(&server.ssl)); 2364 TEST_ASSERT(server.ssl.in_buf_len == 2365 mbedtls_ssl_get_input_buflen(&server.ssl)); 2366 } 2367 #endif 2368 /* Retest writing/reading */ 2369 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { 2370 TEST_ASSERT(mbedtls_test_ssl_exchange_data( 2371 &(client.ssl), options->cli_msg_len, 2372 options->expected_cli_fragments, 2373 &(server.ssl), options->srv_msg_len, 2374 options->expected_srv_fragments) 2375 == 0); 2376 } 2377 } 2378 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ 2379 2380 #if defined(MBEDTLS_SSL_RENEGOTIATION) 2381 if (options->renegotiate) { 2382 /* Start test with renegotiation */ 2383 TEST_ASSERT(server.ssl.renego_status == 2384 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2385 TEST_ASSERT(client.ssl.renego_status == 2386 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2387 2388 /* After calling this function for the server, it only sends a handshake 2389 * request. All renegotiation should happen during data exchanging */ 2390 TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); 2391 TEST_ASSERT(server.ssl.renego_status == 2392 MBEDTLS_SSL_RENEGOTIATION_PENDING); 2393 TEST_ASSERT(client.ssl.renego_status == 2394 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2395 2396 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2397 TEST_ASSERT(server.ssl.renego_status == 2398 MBEDTLS_SSL_RENEGOTIATION_DONE); 2399 TEST_ASSERT(client.ssl.renego_status == 2400 MBEDTLS_SSL_RENEGOTIATION_DONE); 2401 2402 /* After calling mbedtls_ssl_renegotiate for the client, 2403 * all renegotiation should happen inside this function. 2404 * However in this test, we cannot perform simultaneous communication 2405 * between client and server so this function will return waiting error 2406 * on the socket. All rest of renegotiation should happen 2407 * during data exchanging */ 2408 ret = mbedtls_ssl_renegotiate(&(client.ssl)); 2409 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2410 if (options->resize_buffers != 0) { 2411 /* Ensure that the buffer sizes are appropriate before resizes */ 2412 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2413 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2414 } 2415 #endif 2416 TEST_ASSERT(ret == 0 || 2417 ret == MBEDTLS_ERR_SSL_WANT_READ || 2418 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 2419 TEST_ASSERT(server.ssl.renego_status == 2420 MBEDTLS_SSL_RENEGOTIATION_DONE); 2421 TEST_ASSERT(client.ssl.renego_status == 2422 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); 2423 2424 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2425 TEST_ASSERT(server.ssl.renego_status == 2426 MBEDTLS_SSL_RENEGOTIATION_DONE); 2427 TEST_ASSERT(client.ssl.renego_status == 2428 MBEDTLS_SSL_RENEGOTIATION_DONE); 2429 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2430 /* Validate buffer sizes after renegotiation */ 2431 if (options->resize_buffers != 0) { 2432 TEST_ASSERT(client.ssl.out_buf_len == 2433 mbedtls_ssl_get_output_buflen(&client.ssl)); 2434 TEST_ASSERT(client.ssl.in_buf_len == 2435 mbedtls_ssl_get_input_buflen(&client.ssl)); 2436 TEST_ASSERT(server.ssl.out_buf_len == 2437 mbedtls_ssl_get_output_buflen(&server.ssl)); 2438 TEST_ASSERT(server.ssl.in_buf_len == 2439 mbedtls_ssl_get_input_buflen(&server.ssl)); 2440 } 2441 #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ 2442 } 2443 #endif /* MBEDTLS_SSL_RENEGOTIATION */ 2444 2445 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); 2446 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); 2447 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); 2448 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); 2449 2450 exit: 2451 mbedtls_test_ssl_endpoint_free(&client, 2452 options->dtls != 0 ? &client_context : NULL); 2453 mbedtls_test_ssl_endpoint_free(&server, 2454 options->dtls != 0 ? &server_context : NULL); 2455 #if defined(MBEDTLS_DEBUG_C) 2456 if (options->cli_log_fun || options->srv_log_fun) { 2457 mbedtls_debug_set_threshold(0); 2458 } 2459 #endif 2460 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2461 if (context_buf != NULL) { 2462 mbedtls_free(context_buf); 2463 } 2464 #endif 2465 MD_OR_USE_PSA_DONE(); 2466 } 2467 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2468 2469 #if defined(MBEDTLS_TEST_HOOKS) 2470 int mbedtls_test_tweak_tls13_certificate_msg_vector_len( 2471 unsigned char *buf, unsigned char **end, int tweak, 2472 int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) 2473 { 2474 /* 2475 * The definition of the tweaks assume that the certificate list contains only 2476 * one certificate. 2477 */ 2478 2479 /* 2480 * struct { 2481 * opaque cert_data<1..2^24-1>; 2482 * Extension extensions<0..2^16-1>; 2483 * } CertificateEntry; 2484 * 2485 * struct { 2486 * opaque certificate_request_context<0..2^8-1>; 2487 * CertificateEntry certificate_list<0..2^24-1>; 2488 * } Certificate; 2489 */ 2490 unsigned char *p_certificate_request_context_len = buf; 2491 size_t certificate_request_context_len = buf[0]; 2492 2493 unsigned char *p_certificate_list_len = 2494 buf + 1 + certificate_request_context_len; 2495 unsigned char *certificate_list = p_certificate_list_len + 3; 2496 size_t certificate_list_len = 2497 MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); 2498 2499 unsigned char *p_cert_data_len = certificate_list; 2500 unsigned char *cert_data = p_cert_data_len + 3; 2501 size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); 2502 2503 unsigned char *p_extensions_len = cert_data + cert_data_len; 2504 unsigned char *extensions = p_extensions_len + 2; 2505 size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); 2506 2507 *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; 2508 2509 switch (tweak) { 2510 case 1: 2511 /* Failure when checking if the certificate request context length 2512 * and certificate list length can be read 2513 */ 2514 *end = buf + 3; 2515 set_chk_buf_ptr_args(args, buf, *end, 4); 2516 break; 2517 2518 case 2: 2519 /* Invalid certificate request context length. 2520 */ 2521 *p_certificate_request_context_len = 2522 (unsigned char) certificate_request_context_len + 1; 2523 reset_chk_buf_ptr_args(args); 2524 break; 2525 2526 case 3: 2527 /* Failure when checking if certificate_list data can be read. */ 2528 MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, 2529 p_certificate_list_len, 0); 2530 set_chk_buf_ptr_args(args, certificate_list, *end, 2531 certificate_list_len + 1); 2532 break; 2533 2534 case 4: 2535 /* Failure when checking if the cert_data length can be read. */ 2536 MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); 2537 set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); 2538 break; 2539 2540 case 5: 2541 /* Failure when checking if cert_data data can be read. */ 2542 MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, 2543 p_cert_data_len, 0); 2544 set_chk_buf_ptr_args(args, cert_data, 2545 certificate_list + certificate_list_len, 2546 certificate_list_len - 3 + 1); 2547 break; 2548 2549 case 6: 2550 /* Failure when checking if the extensions length can be read. */ 2551 MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, 2552 p_certificate_list_len, 0); 2553 set_chk_buf_ptr_args( 2554 args, p_extensions_len, 2555 certificate_list + certificate_list_len - extensions_len - 1, 2); 2556 break; 2557 2558 case 7: 2559 /* Failure when checking if extensions data can be read. */ 2560 MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); 2561 2562 set_chk_buf_ptr_args( 2563 args, extensions, 2564 certificate_list + certificate_list_len, extensions_len + 1); 2565 break; 2566 2567 default: 2568 return -1; 2569 } 2570 2571 return 0; 2572 } 2573 #endif /* MBEDTLS_TEST_HOOKS */ 2574 2575 /* 2576 * Functions for tests based on tickets. Implementations of the 2577 * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. 2578 * Basically same implementations as in ticket.c without the encryption. That 2579 * way we can tweak easily tickets characteristics to simulate misbehaving 2580 * peers. 2581 */ 2582 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 2583 int mbedtls_test_ticket_write( 2584 void *p_ticket, const mbedtls_ssl_session *session, 2585 unsigned char *start, const unsigned char *end, 2586 size_t *tlen, uint32_t *lifetime) 2587 { 2588 int ret; 2589 ((void) p_ticket); 2590 2591 if ((ret = mbedtls_ssl_session_save(session, start, end - start, 2592 tlen)) != 0) { 2593 return ret; 2594 } 2595 2596 /* Maximum ticket lifetime as defined in RFC 8446 */ 2597 *lifetime = 7 * 24 * 3600; 2598 2599 return 0; 2600 } 2601 2602 int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, 2603 unsigned char *buf, size_t len) 2604 { 2605 ((void) p_ticket); 2606 2607 return mbedtls_ssl_session_load(session, buf, len); 2608 } 2609 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 2610 2611 #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ 2612 defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ 2613 defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2614 int mbedtls_test_get_tls13_ticket( 2615 mbedtls_test_handshake_test_options *client_options, 2616 mbedtls_test_handshake_test_options *server_options, 2617 mbedtls_ssl_session *session) 2618 { 2619 int ret = -1; 2620 int ok = 0; 2621 unsigned char buf[64]; 2622 mbedtls_test_ssl_endpoint client_ep, server_ep; 2623 2624 mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); 2625 mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); 2626 2627 ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, 2628 client_options, NULL, NULL, NULL); 2629 TEST_EQUAL(ret, 0); 2630 2631 ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, 2632 server_options, NULL, NULL, NULL); 2633 TEST_EQUAL(ret, 0); 2634 2635 mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( 2636 &client_ep.conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED); 2637 2638 mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, 2639 mbedtls_test_ticket_write, 2640 mbedtls_test_ticket_parse, 2641 NULL); 2642 2643 ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), 2644 &(server_ep.socket), 1024); 2645 TEST_EQUAL(ret, 0); 2646 2647 TEST_EQUAL(mbedtls_test_move_handshake_to_state( 2648 &(server_ep.ssl), &(client_ep.ssl), 2649 MBEDTLS_SSL_HANDSHAKE_OVER), 0); 2650 2651 TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); 2652 2653 do { 2654 ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); 2655 } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); 2656 2657 ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); 2658 TEST_EQUAL(ret, 0); 2659 2660 ok = 1; 2661 2662 exit: 2663 mbedtls_test_ssl_endpoint_free(&client_ep, NULL); 2664 mbedtls_test_ssl_endpoint_free(&server_ep, NULL); 2665 2666 if (ret == 0 && !ok) { 2667 /* Exiting due to a test assertion that isn't ret == 0 */ 2668 ret = -1; 2669 } 2670 return ret; 2671 } 2672 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && 2673 MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && 2674 MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2675 2676 #endif /* MBEDTLS_SSL_TLS_C */