1/** \file ssl_helpers.c 2 * 3 * \brief Helper functions to set up a TLS connection. 4 */ 5 6/* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 11#include <test/ssl_helpers.h> 12#include "mbedtls/psa_util.h" 13 14#if defined(MBEDTLS_SSL_TLS_C) 15int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) 16{ 17 (void) p_rng; 18 for (size_t i = 0; i < output_len; i++) { 19 output[i] = rand(); 20 } 21 22 return 0; 23} 24 25void mbedtls_test_ssl_log_analyzer(void *ctx, int level, 26 const char *file, int line, 27 const char *str) 28{ 29 mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; 30 31 (void) level; 32 (void) line; 33 (void) file; 34 35 if (NULL != p && 36 NULL != p->pattern && 37 NULL != strstr(str, p->pattern)) { 38 p->counter++; 39 } 40} 41 42void mbedtls_test_init_handshake_options( 43 mbedtls_test_handshake_test_options *opts) 44{ 45#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 46 static int rng_seed = 0xBEEF; 47 48 srand(rng_seed); 49 rng_seed += 0xD0; 50#endif 51 52 memset(opts, 0, sizeof(*opts)); 53 54 opts->cipher = ""; 55 opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; 56 opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; 57 opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; 58 opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; 59 opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; 60 opts->pk_alg = MBEDTLS_PK_RSA; 61 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; 62 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; 63 opts->cli_msg_len = 100; 64 opts->srv_msg_len = 100; 65 opts->expected_cli_fragments = 1; 66 opts->expected_srv_fragments = 1; 67 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; 68 opts->resize_buffers = 1; 69 opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; 70 opts->max_early_data_size = -1; 71#if defined(MBEDTLS_SSL_CACHE_C) 72 TEST_CALLOC(opts->cache, 1); 73 mbedtls_ssl_cache_init(opts->cache); 74#if defined(MBEDTLS_HAVE_TIME) 75 TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), 76 MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); 77#endif 78exit: 79 return; 80#endif 81} 82 83void mbedtls_test_free_handshake_options( 84 mbedtls_test_handshake_test_options *opts) 85{ 86#if defined(MBEDTLS_SSL_CACHE_C) 87 mbedtls_ssl_cache_free(opts->cache); 88 mbedtls_free(opts->cache); 89#else 90 (void) opts; 91#endif 92} 93 94#if defined(MBEDTLS_TEST_HOOKS) 95static void set_chk_buf_ptr_args( 96 mbedtls_ssl_chk_buf_ptr_args *args, 97 unsigned char *cur, unsigned char *end, size_t need) 98{ 99 args->cur = cur; 100 args->end = end; 101 args->need = need; 102} 103 104static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) 105{ 106 memset(args, 0, sizeof(*args)); 107} 108#endif /* MBEDTLS_TEST_HOOKS */ 109 110void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) 111{ 112 memset(buf, 0, sizeof(*buf)); 113} 114 115int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, 116 size_t capacity) 117{ 118 buf->buffer = (unsigned char *) mbedtls_calloc(capacity, 119 sizeof(unsigned char)); 120 if (NULL == buf->buffer) { 121 return MBEDTLS_ERR_SSL_ALLOC_FAILED; 122 } 123 buf->capacity = capacity; 124 125 return 0; 126} 127 128void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) 129{ 130 if (buf->buffer != NULL) { 131 mbedtls_free(buf->buffer); 132 } 133 134 memset(buf, 0, sizeof(*buf)); 135} 136 137int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, 138 const unsigned char *input, size_t input_len) 139{ 140 size_t overflow = 0; 141 142 if ((buf == NULL) || (buf->buffer == NULL)) { 143 return -1; 144 } 145 146 /* Reduce input_len to a number that fits in the buffer. */ 147 if ((buf->content_length + input_len) > buf->capacity) { 148 input_len = buf->capacity - buf->content_length; 149 } 150 151 if (input == NULL) { 152 return (input_len == 0) ? 0 : -1; 153 } 154 155 /* Check if the buffer has not come full circle and free space is not in 156 * the middle */ 157 if (buf->start + buf->content_length < buf->capacity) { 158 159 /* Calculate the number of bytes that need to be placed at lower memory 160 * address */ 161 if (buf->start + buf->content_length + input_len 162 > buf->capacity) { 163 overflow = (buf->start + buf->content_length + input_len) 164 % buf->capacity; 165 } 166 167 memcpy(buf->buffer + buf->start + buf->content_length, input, 168 input_len - overflow); 169 memcpy(buf->buffer, input + input_len - overflow, overflow); 170 171 } else { 172 /* The buffer has come full circle and free space is in the middle */ 173 memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, 174 input, input_len); 175 } 176 177 buf->content_length += input_len; 178 return (input_len > INT_MAX) ? INT_MAX : (int) input_len; 179} 180 181int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, 182 unsigned char *output, size_t output_len) 183{ 184 size_t overflow = 0; 185 186 if ((buf == NULL) || (buf->buffer == NULL)) { 187 return -1; 188 } 189 190 if (output == NULL && output_len == 0) { 191 return 0; 192 } 193 194 if (buf->content_length < output_len) { 195 output_len = buf->content_length; 196 } 197 198 /* Calculate the number of bytes that need to be drawn from lower memory 199 * address */ 200 if (buf->start + output_len > buf->capacity) { 201 overflow = (buf->start + output_len) % buf->capacity; 202 } 203 204 if (output != NULL) { 205 memcpy(output, buf->buffer + buf->start, output_len - overflow); 206 memcpy(output + output_len - overflow, buf->buffer, overflow); 207 } 208 209 buf->content_length -= output_len; 210 buf->start = (buf->start + output_len) % buf->capacity; 211 212 return (output_len > INT_MAX) ? INT_MAX : (int) output_len; 213} 214 215int mbedtls_test_ssl_message_queue_setup( 216 mbedtls_test_ssl_message_queue *queue, size_t capacity) 217{ 218 queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); 219 if (NULL == queue->messages) { 220 return MBEDTLS_ERR_SSL_ALLOC_FAILED; 221 } 222 223 queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; 224 queue->pos = 0; 225 queue->num = 0; 226 227 return 0; 228} 229 230void mbedtls_test_ssl_message_queue_free( 231 mbedtls_test_ssl_message_queue *queue) 232{ 233 if (queue == NULL) { 234 return; 235 } 236 237 if (queue->messages != NULL) { 238 mbedtls_free(queue->messages); 239 } 240 241 memset(queue, 0, sizeof(*queue)); 242} 243 244int mbedtls_test_ssl_message_queue_push_info( 245 mbedtls_test_ssl_message_queue *queue, size_t len) 246{ 247 int place; 248 if (queue == NULL) { 249 return MBEDTLS_TEST_ERROR_ARG_NULL; 250 } 251 252 if (queue->num >= queue->capacity) { 253 return MBEDTLS_ERR_SSL_WANT_WRITE; 254 } 255 256 place = (queue->pos + queue->num) % queue->capacity; 257 queue->messages[place] = len; 258 queue->num++; 259 return (len > INT_MAX) ? INT_MAX : (int) len; 260} 261 262int mbedtls_test_ssl_message_queue_pop_info( 263 mbedtls_test_ssl_message_queue *queue, size_t buf_len) 264{ 265 size_t message_length; 266 if (queue == NULL) { 267 return MBEDTLS_TEST_ERROR_ARG_NULL; 268 } 269 if (queue->num == 0) { 270 return MBEDTLS_ERR_SSL_WANT_READ; 271 } 272 273 message_length = queue->messages[queue->pos]; 274 queue->messages[queue->pos] = 0; 275 queue->num--; 276 queue->pos++; 277 queue->pos %= queue->capacity; 278 if (queue->pos < 0) { 279 queue->pos += queue->capacity; 280 } 281 282 return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : 283 (message_length > buf_len) ? (int) buf_len : (int) message_length; 284} 285 286/* 287 * Take a peek on the info about the next message length from the queue. 288 * This will be the oldest inserted message length(fifo). 289 * 290 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 291 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. 292 * \retval 0, if the peek was successful. 293 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is 294 * too small to fit the message. In this case the \p msg_len will be 295 * set to the full message length so that the 296 * caller knows what portion of the message can be dropped. 297 */ 298static int test_ssl_message_queue_peek_info( 299 mbedtls_test_ssl_message_queue *queue, 300 size_t buf_len, size_t *msg_len) 301{ 302 if (queue == NULL || msg_len == NULL) { 303 return MBEDTLS_TEST_ERROR_ARG_NULL; 304 } 305 if (queue->num == 0) { 306 return MBEDTLS_ERR_SSL_WANT_READ; 307 } 308 309 *msg_len = queue->messages[queue->pos]; 310 return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; 311} 312 313void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) 314{ 315 memset(socket, 0, sizeof(*socket)); 316} 317 318void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) 319{ 320 if (socket == NULL) { 321 return; 322 } 323 324 if (socket->input != NULL) { 325 mbedtls_test_ssl_buffer_free(socket->input); 326 mbedtls_free(socket->input); 327 } 328 329 if (socket->output != NULL) { 330 mbedtls_test_ssl_buffer_free(socket->output); 331 mbedtls_free(socket->output); 332 } 333 334 if (socket->peer != NULL) { 335 memset(socket->peer, 0, sizeof(*socket->peer)); 336 } 337 338 memset(socket, 0, sizeof(*socket)); 339} 340 341int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, 342 mbedtls_test_mock_socket *peer2, 343 size_t bufsize) 344{ 345 int ret = -1; 346 347 peer1->output = 348 (mbedtls_test_ssl_buffer *) mbedtls_calloc( 349 1, sizeof(mbedtls_test_ssl_buffer)); 350 if (peer1->output == NULL) { 351 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; 352 goto exit; 353 } 354 mbedtls_test_ssl_buffer_init(peer1->output); 355 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { 356 goto exit; 357 } 358 359 peer2->output = 360 (mbedtls_test_ssl_buffer *) mbedtls_calloc( 361 1, sizeof(mbedtls_test_ssl_buffer)); 362 if (peer2->output == NULL) { 363 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; 364 goto exit; 365 } 366 mbedtls_test_ssl_buffer_init(peer2->output); 367 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { 368 goto exit; 369 } 370 371 peer1->peer = peer2; 372 peer2->peer = peer1; 373 peer1->input = peer2->output; 374 peer2->input = peer1->output; 375 376 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; 377 ret = 0; 378 379exit: 380 381 if (ret != 0) { 382 mbedtls_test_mock_socket_close(peer1); 383 mbedtls_test_mock_socket_close(peer2); 384 } 385 386 return ret; 387} 388 389int mbedtls_test_mock_tcp_send_b(void *ctx, 390 const unsigned char *buf, size_t len) 391{ 392 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 393 394 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 395 return -1; 396 } 397 398 return mbedtls_test_ssl_buffer_put(socket->output, buf, len); 399} 400 401int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) 402{ 403 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 404 405 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 406 return -1; 407 } 408 409 return mbedtls_test_ssl_buffer_get(socket->input, buf, len); 410} 411 412int mbedtls_test_mock_tcp_send_nb(void *ctx, 413 const unsigned char *buf, size_t len) 414{ 415 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 416 417 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 418 return -1; 419 } 420 421 if (socket->output->capacity == socket->output->content_length) { 422 return MBEDTLS_ERR_SSL_WANT_WRITE; 423 } 424 425 return mbedtls_test_ssl_buffer_put(socket->output, buf, len); 426} 427 428int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) 429{ 430 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; 431 432 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { 433 return -1; 434 } 435 436 if (socket->input->content_length == 0) { 437 return MBEDTLS_ERR_SSL_WANT_READ; 438 } 439 440 return mbedtls_test_ssl_buffer_get(socket->input, buf, len); 441} 442 443void mbedtls_test_message_socket_init( 444 mbedtls_test_message_socket_context *ctx) 445{ 446 ctx->queue_input = NULL; 447 ctx->queue_output = NULL; 448 ctx->socket = NULL; 449} 450 451int mbedtls_test_message_socket_setup( 452 mbedtls_test_ssl_message_queue *queue_input, 453 mbedtls_test_ssl_message_queue *queue_output, 454 size_t queue_capacity, 455 mbedtls_test_mock_socket *socket, 456 mbedtls_test_message_socket_context *ctx) 457{ 458 int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); 459 if (ret != 0) { 460 return ret; 461 } 462 ctx->queue_input = queue_input; 463 ctx->queue_output = queue_output; 464 ctx->socket = socket; 465 mbedtls_test_mock_socket_init(socket); 466 467 return 0; 468} 469 470void mbedtls_test_message_socket_close( 471 mbedtls_test_message_socket_context *ctx) 472{ 473 if (ctx == NULL) { 474 return; 475 } 476 477 mbedtls_test_ssl_message_queue_free(ctx->queue_input); 478 mbedtls_test_mock_socket_close(ctx->socket); 479 memset(ctx, 0, sizeof(*ctx)); 480} 481 482int mbedtls_test_mock_tcp_send_msg(void *ctx, 483 const unsigned char *buf, size_t len) 484{ 485 mbedtls_test_ssl_message_queue *queue; 486 mbedtls_test_mock_socket *socket; 487 mbedtls_test_message_socket_context *context = 488 (mbedtls_test_message_socket_context *) ctx; 489 490 if (context == NULL || context->socket == NULL 491 || context->queue_output == NULL) { 492 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; 493 } 494 495 queue = context->queue_output; 496 socket = context->socket; 497 498 if (queue->num >= queue->capacity) { 499 return MBEDTLS_ERR_SSL_WANT_WRITE; 500 } 501 502 if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { 503 return MBEDTLS_TEST_ERROR_SEND_FAILED; 504 } 505 506 return mbedtls_test_ssl_message_queue_push_info(queue, len); 507} 508 509int mbedtls_test_mock_tcp_recv_msg(void *ctx, 510 unsigned char *buf, size_t buf_len) 511{ 512 mbedtls_test_ssl_message_queue *queue; 513 mbedtls_test_mock_socket *socket; 514 mbedtls_test_message_socket_context *context = 515 (mbedtls_test_message_socket_context *) ctx; 516 size_t drop_len = 0; 517 size_t msg_len; 518 int ret; 519 520 if (context == NULL || context->socket == NULL 521 || context->queue_input == NULL) { 522 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; 523 } 524 525 queue = context->queue_input; 526 socket = context->socket; 527 528 /* Peek first, so that in case of a socket error the data remains in 529 * the queue. */ 530 ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); 531 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { 532 /* Calculate how much to drop */ 533 drop_len = msg_len - buf_len; 534 535 /* Set the requested message len to be buffer length */ 536 msg_len = buf_len; 537 } else if (ret != 0) { 538 return ret; 539 } 540 541 if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { 542 return MBEDTLS_TEST_ERROR_RECV_FAILED; 543 } 544 545 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { 546 /* Drop the remaining part of the message */ 547 if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != 548 (int) drop_len) { 549 /* Inconsistent state - part of the message was read, 550 * and a part couldn't. Not much we can do here, but it should not 551 * happen in test environment, unless forced manually. */ 552 } 553 } 554 mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); 555 556 return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; 557} 558 559#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 560 561/* 562 * Deinitializes certificates from endpoint represented by \p ep. 563 */ 564static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) 565{ 566 mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); 567 if (cert != NULL) { 568 if (cert->ca_cert != NULL) { 569 mbedtls_x509_crt_free(cert->ca_cert); 570 mbedtls_free(cert->ca_cert); 571 cert->ca_cert = NULL; 572 } 573 if (cert->cert != NULL) { 574 mbedtls_x509_crt_free(cert->cert); 575 mbedtls_free(cert->cert); 576 cert->cert = NULL; 577 } 578 if (cert->pkey != NULL) { 579#if defined(MBEDTLS_USE_PSA_CRYPTO) 580 if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { 581 psa_destroy_key(cert->pkey->priv_id); 582 } 583#endif 584 mbedtls_pk_free(cert->pkey); 585 mbedtls_free(cert->pkey); 586 cert->pkey = NULL; 587 } 588 } 589} 590 591int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, 592 int pk_alg, 593 int opaque_alg, int opaque_alg2, 594 int opaque_usage) 595{ 596 int i = 0; 597 int ret = -1; 598 mbedtls_test_ssl_endpoint_certificate *cert = NULL; 599#if defined(MBEDTLS_USE_PSA_CRYPTO) 600 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; 601#endif 602 603 if (ep == NULL) { 604 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 605 } 606 607 cert = &(ep->cert); 608 TEST_CALLOC(cert->ca_cert, 1); 609 TEST_CALLOC(cert->cert, 1); 610 TEST_CALLOC(cert->pkey, 1); 611 612 mbedtls_x509_crt_init(cert->ca_cert); 613 mbedtls_x509_crt_init(cert->cert); 614 mbedtls_pk_init(cert->pkey); 615 616 /* Load the trusted CA */ 617 618 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { 619 ret = mbedtls_x509_crt_parse_der( 620 cert->ca_cert, 621 (const unsigned char *) mbedtls_test_cas_der[i], 622 mbedtls_test_cas_der_len[i]); 623 TEST_ASSERT(ret == 0); 624 } 625 626 /* Load own certificate and private key */ 627 628 if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { 629 if (pk_alg == MBEDTLS_PK_RSA) { 630 ret = mbedtls_x509_crt_parse( 631 cert->cert, 632 (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, 633 mbedtls_test_srv_crt_rsa_sha256_der_len); 634 TEST_ASSERT(ret == 0); 635 636 ret = mbedtls_pk_parse_key( 637 cert->pkey, 638 (const unsigned char *) mbedtls_test_srv_key_rsa_der, 639 mbedtls_test_srv_key_rsa_der_len, NULL, 0, 640 mbedtls_test_rnd_std_rand, NULL); 641 TEST_ASSERT(ret == 0); 642 } else { 643 ret = mbedtls_x509_crt_parse( 644 cert->cert, 645 (const unsigned char *) mbedtls_test_srv_crt_ec_der, 646 mbedtls_test_srv_crt_ec_der_len); 647 TEST_ASSERT(ret == 0); 648 649 ret = mbedtls_pk_parse_key( 650 cert->pkey, 651 (const unsigned char *) mbedtls_test_srv_key_ec_der, 652 mbedtls_test_srv_key_ec_der_len, NULL, 0, 653 mbedtls_test_rnd_std_rand, NULL); 654 TEST_ASSERT(ret == 0); 655 } 656 } else { 657 if (pk_alg == MBEDTLS_PK_RSA) { 658 ret = mbedtls_x509_crt_parse( 659 cert->cert, 660 (const unsigned char *) mbedtls_test_cli_crt_rsa_der, 661 mbedtls_test_cli_crt_rsa_der_len); 662 TEST_ASSERT(ret == 0); 663 664 ret = mbedtls_pk_parse_key( 665 cert->pkey, 666 (const unsigned char *) mbedtls_test_cli_key_rsa_der, 667 mbedtls_test_cli_key_rsa_der_len, NULL, 0, 668 mbedtls_test_rnd_std_rand, NULL); 669 TEST_ASSERT(ret == 0); 670 } else { 671 ret = mbedtls_x509_crt_parse( 672 cert->cert, 673 (const unsigned char *) mbedtls_test_cli_crt_ec_der, 674 mbedtls_test_cli_crt_ec_len); 675 TEST_ASSERT(ret == 0); 676 677 ret = mbedtls_pk_parse_key( 678 cert->pkey, 679 (const unsigned char *) mbedtls_test_cli_key_ec_der, 680 mbedtls_test_cli_key_ec_der_len, NULL, 0, 681 mbedtls_test_rnd_std_rand, NULL); 682 TEST_ASSERT(ret == 0); 683 } 684 } 685 686#if defined(MBEDTLS_USE_PSA_CRYPTO) 687 if (opaque_alg != 0) { 688 psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 689 /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ 690 TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, 691 &key_attr), 0); 692 /* Then manually usage, alg and alg2 as requested by the test. */ 693 psa_set_key_usage_flags(&key_attr, opaque_usage); 694 psa_set_key_algorithm(&key_attr, opaque_alg); 695 if (opaque_alg2 != PSA_ALG_NONE) { 696 psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); 697 } 698 TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); 699 mbedtls_pk_free(cert->pkey); 700 mbedtls_pk_init(cert->pkey); 701 TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); 702 } 703#else 704 (void) opaque_alg; 705 (void) opaque_alg2; 706 (void) opaque_usage; 707#endif 708 709 mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); 710 711 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, 712 cert->pkey); 713 TEST_ASSERT(ret == 0); 714 TEST_ASSERT(ep->conf.key_cert != NULL); 715 716 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); 717 TEST_ASSERT(ret == 0); 718 TEST_ASSERT(ep->conf.key_cert == NULL); 719 720 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, 721 cert->pkey); 722 TEST_ASSERT(ret == 0); 723 724exit: 725 if (ret != 0) { 726 test_ssl_endpoint_certificate_free(ep); 727 } 728 729 return ret; 730} 731 732int mbedtls_test_ssl_endpoint_init( 733 mbedtls_test_ssl_endpoint *ep, int endpoint_type, 734 mbedtls_test_handshake_test_options *options, 735 mbedtls_test_message_socket_context *dtls_context, 736 mbedtls_test_ssl_message_queue *input_queue, 737 mbedtls_test_ssl_message_queue *output_queue) 738{ 739 int ret = -1; 740 uintptr_t user_data_n; 741 742 if (dtls_context != NULL && 743 (input_queue == NULL || output_queue == NULL)) { 744 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 745 746 } 747 748 if (ep == NULL) { 749 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 750 } 751 752 memset(ep, 0, sizeof(*ep)); 753 754 ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; 755 756 mbedtls_ssl_init(&(ep->ssl)); 757 mbedtls_ssl_config_init(&(ep->conf)); 758 mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); 759 760 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); 761 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); 762 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); 763 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); 764 765 (void) mbedtls_test_rnd_std_rand(NULL, 766 (void *) &user_data_n, 767 sizeof(user_data_n)); 768 mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); 769 mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); 770 771 if (dtls_context != NULL) { 772 TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, 773 100, &(ep->socket), 774 dtls_context) == 0); 775 } else { 776 mbedtls_test_mock_socket_init(&(ep->socket)); 777 } 778 779 /* Non-blocking callbacks without timeout */ 780 if (dtls_context != NULL) { 781 mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, 782 mbedtls_test_mock_tcp_send_msg, 783 mbedtls_test_mock_tcp_recv_msg, 784 NULL); 785 } else { 786 mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), 787 mbedtls_test_mock_tcp_send_nb, 788 mbedtls_test_mock_tcp_recv_nb, 789 NULL); 790 } 791 792 ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, 793 (dtls_context != NULL) ? 794 MBEDTLS_SSL_TRANSPORT_DATAGRAM : 795 MBEDTLS_SSL_TRANSPORT_STREAM, 796 MBEDTLS_SSL_PRESET_DEFAULT); 797 TEST_ASSERT(ret == 0); 798 799 if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { 800 if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 801 mbedtls_ssl_conf_min_tls_version(&(ep->conf), 802 options->client_min_version); 803 } 804 805 if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 806 mbedtls_ssl_conf_max_tls_version(&(ep->conf), 807 options->client_max_version); 808 } 809 } else { 810 if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 811 mbedtls_ssl_conf_min_tls_version(&(ep->conf), 812 options->server_min_version); 813 } 814 815 if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { 816 mbedtls_ssl_conf_max_tls_version(&(ep->conf), 817 options->server_max_version); 818 } 819 } 820 821 if (options->group_list != NULL) { 822 mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); 823 } 824 825 mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); 826 827#if defined(MBEDTLS_SSL_EARLY_DATA) 828 mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); 829#if defined(MBEDTLS_SSL_SRV_C) 830 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && 831 (options->max_early_data_size >= 0)) { 832 mbedtls_ssl_conf_max_early_data_size(&(ep->conf), 833 options->max_early_data_size); 834 } 835#endif 836#if defined(MBEDTLS_SSL_ALPN) 837 /* check that alpn_list contains at least one valid entry */ 838 if (options->alpn_list[0] != NULL) { 839 mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); 840 } 841#endif 842#endif 843 844#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) 845 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { 846 mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, 847 mbedtls_ssl_cache_get, 848 mbedtls_ssl_cache_set); 849 } 850#endif 851 852 ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); 853 TEST_ASSERT(ret == 0); 854 855#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) 856 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { 857 mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); 858 } 859#endif 860 861#if defined(MBEDTLS_DEBUG_C) 862#if defined(MBEDTLS_SSL_SRV_C) 863 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && 864 options->srv_log_fun != NULL) { 865 mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, 866 options->srv_log_obj); 867 } 868#endif 869#if defined(MBEDTLS_SSL_CLI_C) 870 if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && 871 options->cli_log_fun != NULL) { 872 mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, 873 options->cli_log_obj); 874 } 875#endif 876#endif /* MBEDTLS_DEBUG_C */ 877 878 ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, 879 options->opaque_alg, 880 options->opaque_alg2, 881 options->opaque_usage); 882 TEST_ASSERT(ret == 0); 883 884 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); 885 mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); 886 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); 887 mbedtls_ssl_set_user_data_p(&ep->ssl, ep); 888 889exit: 890 return ret; 891} 892 893void mbedtls_test_ssl_endpoint_free( 894 mbedtls_test_ssl_endpoint *ep, 895 mbedtls_test_message_socket_context *context) 896{ 897 test_ssl_endpoint_certificate_free(ep); 898 899 mbedtls_ssl_free(&(ep->ssl)); 900 mbedtls_ssl_config_free(&(ep->conf)); 901 902 if (context != NULL) { 903 mbedtls_test_message_socket_close(context); 904 } else { 905 mbedtls_test_mock_socket_close(&(ep->socket)); 906 } 907} 908 909int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, 910 mbedtls_ssl_context *second_ssl, 911 int state) 912{ 913 enum { BUFFSIZE = 1024 }; 914 int max_steps = 1000; 915 int ret = 0; 916 917 if (ssl == NULL || second_ssl == NULL) { 918 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; 919 } 920 921 /* Perform communication via connected sockets */ 922 while ((ssl->state != state) && (--max_steps >= 0)) { 923 /* If /p second_ssl ends the handshake procedure before /p ssl then 924 * there is no need to call the next step */ 925 if (!mbedtls_ssl_is_handshake_over(second_ssl)) { 926 ret = mbedtls_ssl_handshake_step(second_ssl); 927 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && 928 ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 929 return ret; 930 } 931 } 932 933 /* We only care about the \p ssl state and returns, so we call it last, 934 * to leave the iteration as soon as the state is as expected. */ 935 ret = mbedtls_ssl_handshake_step(ssl); 936 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && 937 ret != MBEDTLS_ERR_SSL_WANT_WRITE) { 938 return ret; 939 } 940 } 941 942 return (max_steps >= 0) ? ret : -1; 943} 944 945#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 946 947/* 948 * Write application data. Increase write counter if necessary. 949 */ 950int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, 951 unsigned char *buf, int buf_len, 952 int *written, 953 const int expected_fragments) 954{ 955 int ret; 956 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is 957 * a valid no-op for TLS connections. */ 958 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 959 TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); 960 } 961 962 ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); 963 if (ret > 0) { 964 *written += ret; 965 } 966 967 if (expected_fragments == 0) { 968 /* Used for DTLS and the message size larger than MFL. In that case 969 * the message can not be fragmented and the library should return 970 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned 971 * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ 972 return ret; 973 } else if (expected_fragments == 1) { 974 /* Used for TLS/DTLS and the message size lower than MFL */ 975 TEST_ASSERT(ret == buf_len || 976 ret == MBEDTLS_ERR_SSL_WANT_READ || 977 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 978 } else { 979 /* Used for TLS and the message size larger than MFL */ 980 TEST_ASSERT(expected_fragments > 1); 981 TEST_ASSERT((ret >= 0 && ret <= buf_len) || 982 ret == MBEDTLS_ERR_SSL_WANT_READ || 983 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 984 } 985 986 return 0; 987 988exit: 989 /* Some of the tests failed */ 990 return -1; 991} 992 993/* 994 * Read application data and increase read counter and fragments counter 995 * if necessary. 996 */ 997int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, 998 unsigned char *buf, int buf_len, 999 int *read, int *fragments, 1000 const int expected_fragments) 1001{ 1002 int ret; 1003 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is 1004 * a valid no-op for TLS connections. */ 1005 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 1006 TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); 1007 } 1008 1009 ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); 1010 if (ret > 0) { 1011 (*fragments)++; 1012 *read += ret; 1013 } 1014 1015 if (expected_fragments == 0) { 1016 TEST_ASSERT(ret == 0); 1017 } else if (expected_fragments == 1) { 1018 TEST_ASSERT(ret == buf_len || 1019 ret == MBEDTLS_ERR_SSL_WANT_READ || 1020 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1021 } else { 1022 TEST_ASSERT(expected_fragments > 1); 1023 TEST_ASSERT((ret >= 0 && ret <= buf_len) || 1024 ret == MBEDTLS_ERR_SSL_WANT_READ || 1025 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 1026 } 1027 1028 return 0; 1029 1030exit: 1031 /* Some of the tests failed */ 1032 return -1; 1033} 1034 1035#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 1036static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, 1037 int *forced_ciphersuite) 1038{ 1039 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 1040 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); 1041 forced_ciphersuite[1] = 0; 1042 1043 ciphersuite_info = 1044 mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); 1045 1046 TEST_ASSERT(ciphersuite_info != NULL); 1047 TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); 1048 TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); 1049 1050 if (conf->max_tls_version > ciphersuite_info->max_tls_version) { 1051 conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; 1052 } 1053 if (conf->min_tls_version < ciphersuite_info->min_tls_version) { 1054 conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; 1055 } 1056 1057 mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); 1058 1059exit: 1060 return; 1061} 1062#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 1063 1064#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ 1065 defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ 1066 defined(MBEDTLS_SSL_SRV_C) 1067static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, 1068 const unsigned char *name, size_t name_len) 1069{ 1070 (void) p_info; 1071 (void) ssl; 1072 (void) name; 1073 (void) name_len; 1074 1075 return 0; 1076} 1077#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && 1078 MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && 1079 MBEDTLS_SSL_SRV_C */ 1080 1081#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 1082 defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) 1083int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, 1084 const unsigned char *iv, 1085 size_t iv_len, 1086 const unsigned char *input, 1087 size_t ilen, 1088 unsigned char *output, 1089 size_t *olen) 1090{ 1091#if defined(MBEDTLS_USE_PSA_CRYPTO) 1092 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1093 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; 1094 size_t part_len; 1095 1096 status = psa_cipher_encrypt_setup(&cipher_op, 1097 transform->psa_key_enc, 1098 transform->psa_alg); 1099 1100 if (status != PSA_SUCCESS) { 1101 return PSA_TO_MBEDTLS_ERR(status); 1102 } 1103 1104 status = psa_cipher_set_iv(&cipher_op, iv, iv_len); 1105 1106 if (status != PSA_SUCCESS) { 1107 return PSA_TO_MBEDTLS_ERR(status); 1108 } 1109 1110 status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); 1111 1112 if (status != PSA_SUCCESS) { 1113 return PSA_TO_MBEDTLS_ERR(status); 1114 } 1115 1116 status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, 1117 &part_len); 1118 1119 if (status != PSA_SUCCESS) { 1120 return PSA_TO_MBEDTLS_ERR(status); 1121 } 1122 1123 *olen += part_len; 1124 return 0; 1125#else 1126 return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, 1127 iv, iv_len, input, ilen, output, olen); 1128#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1129} 1130#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && 1131 MBEDTLS_SSL_HAVE_AES */ 1132 1133static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, 1134 mbedtls_cipher_mode_t *cipher_mode, 1135 size_t *key_bits, size_t *iv_len) 1136{ 1137 switch (cipher_type) { 1138 case MBEDTLS_CIPHER_AES_128_CBC: 1139 *cipher_mode = MBEDTLS_MODE_CBC; 1140 *key_bits = 128; 1141 *iv_len = 16; 1142 break; 1143 case MBEDTLS_CIPHER_AES_256_CBC: 1144 *cipher_mode = MBEDTLS_MODE_CBC; 1145 *key_bits = 256; 1146 *iv_len = 16; 1147 break; 1148 case MBEDTLS_CIPHER_ARIA_128_CBC: 1149 *cipher_mode = MBEDTLS_MODE_CBC; 1150 *key_bits = 128; 1151 *iv_len = 16; 1152 break; 1153 case MBEDTLS_CIPHER_ARIA_256_CBC: 1154 *cipher_mode = MBEDTLS_MODE_CBC; 1155 *key_bits = 256; 1156 *iv_len = 16; 1157 break; 1158 case MBEDTLS_CIPHER_CAMELLIA_128_CBC: 1159 *cipher_mode = MBEDTLS_MODE_CBC; 1160 *key_bits = 128; 1161 *iv_len = 16; 1162 break; 1163 case MBEDTLS_CIPHER_CAMELLIA_256_CBC: 1164 *cipher_mode = MBEDTLS_MODE_CBC; 1165 *key_bits = 256; 1166 *iv_len = 16; 1167 break; 1168 1169 case MBEDTLS_CIPHER_AES_128_CCM: 1170 *cipher_mode = MBEDTLS_MODE_CCM; 1171 *key_bits = 128; 1172 *iv_len = 12; 1173 break; 1174 case MBEDTLS_CIPHER_AES_192_CCM: 1175 *cipher_mode = MBEDTLS_MODE_CCM; 1176 *key_bits = 192; 1177 *iv_len = 12; 1178 break; 1179 case MBEDTLS_CIPHER_AES_256_CCM: 1180 *cipher_mode = MBEDTLS_MODE_CCM; 1181 *key_bits = 256; 1182 *iv_len = 12; 1183 break; 1184 case MBEDTLS_CIPHER_CAMELLIA_128_CCM: 1185 *cipher_mode = MBEDTLS_MODE_CCM; 1186 *key_bits = 128; 1187 *iv_len = 12; 1188 break; 1189 case MBEDTLS_CIPHER_CAMELLIA_192_CCM: 1190 *cipher_mode = MBEDTLS_MODE_CCM; 1191 *key_bits = 192; 1192 *iv_len = 12; 1193 break; 1194 case MBEDTLS_CIPHER_CAMELLIA_256_CCM: 1195 *cipher_mode = MBEDTLS_MODE_CCM; 1196 *key_bits = 256; 1197 *iv_len = 12; 1198 break; 1199 1200 case MBEDTLS_CIPHER_AES_128_GCM: 1201 *cipher_mode = MBEDTLS_MODE_GCM; 1202 *key_bits = 128; 1203 *iv_len = 12; 1204 break; 1205 case MBEDTLS_CIPHER_AES_192_GCM: 1206 *cipher_mode = MBEDTLS_MODE_GCM; 1207 *key_bits = 192; 1208 *iv_len = 12; 1209 break; 1210 case MBEDTLS_CIPHER_AES_256_GCM: 1211 *cipher_mode = MBEDTLS_MODE_GCM; 1212 *key_bits = 256; 1213 *iv_len = 12; 1214 break; 1215 case MBEDTLS_CIPHER_CAMELLIA_128_GCM: 1216 *cipher_mode = MBEDTLS_MODE_GCM; 1217 *key_bits = 128; 1218 *iv_len = 12; 1219 break; 1220 case MBEDTLS_CIPHER_CAMELLIA_192_GCM: 1221 *cipher_mode = MBEDTLS_MODE_GCM; 1222 *key_bits = 192; 1223 *iv_len = 12; 1224 break; 1225 case MBEDTLS_CIPHER_CAMELLIA_256_GCM: 1226 *cipher_mode = MBEDTLS_MODE_GCM; 1227 *key_bits = 256; 1228 *iv_len = 12; 1229 break; 1230 1231 case MBEDTLS_CIPHER_CHACHA20_POLY1305: 1232 *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; 1233 *key_bits = 256; 1234 *iv_len = 12; 1235 break; 1236 1237 case MBEDTLS_CIPHER_NULL: 1238 *cipher_mode = MBEDTLS_MODE_STREAM; 1239 *key_bits = 0; 1240 *iv_len = 0; 1241 break; 1242 1243 default: 1244 *cipher_mode = MBEDTLS_MODE_NONE; 1245 *key_bits = 0; 1246 *iv_len = 0; 1247 } 1248} 1249 1250int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, 1251 mbedtls_ssl_transform *t_out, 1252 int cipher_type, int hash_id, 1253 int etm, int tag_mode, 1254 mbedtls_ssl_protocol_version tls_version, 1255 size_t cid0_len, 1256 size_t cid1_len) 1257{ 1258 mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; 1259 size_t key_bits = 0; 1260 int ret = 0; 1261 1262#if defined(MBEDTLS_USE_PSA_CRYPTO) 1263 psa_key_type_t key_type; 1264 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1265 psa_algorithm_t alg; 1266 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1267#else 1268 mbedtls_cipher_info_t const *cipher_info; 1269#endif 1270 1271 size_t keylen, maclen, ivlen = 0; 1272 unsigned char *key0 = NULL, *key1 = NULL; 1273 unsigned char *md0 = NULL, *md1 = NULL; 1274 unsigned char iv_enc[16], iv_dec[16]; 1275 1276#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1277 unsigned char cid0[SSL_CID_LEN_MIN]; 1278 unsigned char cid1[SSL_CID_LEN_MIN]; 1279 1280 mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); 1281 mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); 1282#else 1283 ((void) cid0_len); 1284 ((void) cid1_len); 1285#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1286 1287 maclen = 0; 1288 mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, 1289 &cipher_mode, &key_bits, &ivlen); 1290 1291 /* Pick keys */ 1292 keylen = key_bits / 8; 1293 /* Allocate `keylen + 1` bytes to ensure that we get 1294 * a non-NULL pointers from `mbedtls_calloc` even if 1295 * `keylen == 0` in the case of the NULL cipher. */ 1296 CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); 1297 CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); 1298 memset(key0, 0x1, keylen); 1299 memset(key1, 0x2, keylen); 1300 1301#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1302 /* Pick cipher */ 1303 cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); 1304 CHK(cipher_info != NULL); 1305 CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); 1306 CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); 1307 1308 /* Setup cipher contexts */ 1309 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); 1310 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); 1311 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); 1312 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); 1313 1314#if defined(MBEDTLS_CIPHER_MODE_CBC) 1315 if (cipher_mode == MBEDTLS_MODE_CBC) { 1316 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, 1317 MBEDTLS_PADDING_NONE) == 0); 1318 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, 1319 MBEDTLS_PADDING_NONE) == 0); 1320 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, 1321 MBEDTLS_PADDING_NONE) == 0); 1322 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, 1323 MBEDTLS_PADDING_NONE) == 0); 1324 } 1325#endif /* MBEDTLS_CIPHER_MODE_CBC */ 1326 1327 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, 1328 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1329 MBEDTLS_ENCRYPT) 1330 == 0); 1331 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, 1332 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1333 MBEDTLS_DECRYPT) 1334 == 0); 1335 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, 1336 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1337 MBEDTLS_ENCRYPT) 1338 == 0); 1339 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, 1340 (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, 1341 MBEDTLS_DECRYPT) 1342 == 0); 1343#endif /* !MBEDTLS_USE_PSA_CRYPTO */ 1344 1345 /* Setup MAC contexts */ 1346#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1347 if (cipher_mode == MBEDTLS_MODE_CBC || 1348 cipher_mode == MBEDTLS_MODE_STREAM) { 1349#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1350 mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); 1351 CHK(md_info != NULL); 1352#endif 1353 maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); 1354 CHK(maclen != 0); 1355 /* Pick hash keys */ 1356 CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); 1357 CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); 1358 memset(md0, 0x5, maclen); 1359 memset(md1, 0x6, maclen); 1360 1361#if defined(MBEDTLS_USE_PSA_CRYPTO) 1362 alg = mbedtls_md_psa_alg_from_type(hash_id); 1363 1364 CHK(alg != 0); 1365 1366 t_out->psa_mac_alg = PSA_ALG_HMAC(alg); 1367 t_in->psa_mac_alg = PSA_ALG_HMAC(alg); 1368 t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; 1369 t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; 1370 t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; 1371 t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; 1372 1373 psa_reset_key_attributes(&attributes); 1374 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 1375 psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); 1376 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); 1377 1378 CHK(psa_import_key(&attributes, 1379 md0, maclen, 1380 &t_in->psa_mac_enc) == PSA_SUCCESS); 1381 1382 CHK(psa_import_key(&attributes, 1383 md1, maclen, 1384 &t_out->psa_mac_enc) == PSA_SUCCESS); 1385 1386 if (cipher_mode == MBEDTLS_MODE_STREAM || 1387 etm == MBEDTLS_SSL_ETM_DISABLED) { 1388 /* mbedtls_ct_hmac() requires the key to be exportable */ 1389 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | 1390 PSA_KEY_USAGE_VERIFY_HASH); 1391 } else { 1392 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1393 } 1394 1395 CHK(psa_import_key(&attributes, 1396 md1, maclen, 1397 &t_in->psa_mac_dec) == PSA_SUCCESS); 1398 1399 CHK(psa_import_key(&attributes, 1400 md0, maclen, 1401 &t_out->psa_mac_dec) == PSA_SUCCESS); 1402#else 1403 CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); 1404 CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); 1405 CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); 1406 CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); 1407 1408 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, 1409 md0, maclen) == 0); 1410 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, 1411 md1, maclen) == 0); 1412 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, 1413 md1, maclen) == 0); 1414 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, 1415 md0, maclen) == 0); 1416#endif 1417 } 1418#else 1419 ((void) hash_id); 1420#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 1421 1422 1423 /* Pick IV's (regardless of whether they 1424 * are being used by the transform). */ 1425 memset(iv_enc, 0x3, sizeof(iv_enc)); 1426 memset(iv_dec, 0x4, sizeof(iv_dec)); 1427 1428 /* 1429 * Setup transforms 1430 */ 1431 1432#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ 1433 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1434 t_out->encrypt_then_mac = etm; 1435 t_in->encrypt_then_mac = etm; 1436#else 1437 ((void) etm); 1438#endif 1439 1440 t_out->tls_version = tls_version; 1441 t_in->tls_version = tls_version; 1442 t_out->ivlen = ivlen; 1443 t_in->ivlen = ivlen; 1444 1445 switch (cipher_mode) { 1446 case MBEDTLS_MODE_GCM: 1447 case MBEDTLS_MODE_CCM: 1448#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1449 if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { 1450 t_out->fixed_ivlen = 12; 1451 t_in->fixed_ivlen = 12; 1452 } else 1453#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 1454 { 1455 t_out->fixed_ivlen = 4; 1456 t_in->fixed_ivlen = 4; 1457 } 1458 t_out->maclen = 0; 1459 t_in->maclen = 0; 1460 switch (tag_mode) { 1461 case 0: /* Full tag */ 1462 t_out->taglen = 16; 1463 t_in->taglen = 16; 1464 break; 1465 case 1: /* Partial tag */ 1466 t_out->taglen = 8; 1467 t_in->taglen = 8; 1468 break; 1469 default: 1470 ret = 1; 1471 goto cleanup; 1472 } 1473 break; 1474 1475 case MBEDTLS_MODE_CHACHAPOLY: 1476 t_out->fixed_ivlen = 12; 1477 t_in->fixed_ivlen = 12; 1478 t_out->maclen = 0; 1479 t_in->maclen = 0; 1480 switch (tag_mode) { 1481 case 0: /* Full tag */ 1482 t_out->taglen = 16; 1483 t_in->taglen = 16; 1484 break; 1485 case 1: /* Partial tag */ 1486 t_out->taglen = 8; 1487 t_in->taglen = 8; 1488 break; 1489 default: 1490 ret = 1; 1491 goto cleanup; 1492 } 1493 break; 1494 1495 case MBEDTLS_MODE_STREAM: 1496 case MBEDTLS_MODE_CBC: 1497 t_out->fixed_ivlen = 0; /* redundant, must be 0 */ 1498 t_in->fixed_ivlen = 0; /* redundant, must be 0 */ 1499 t_out->taglen = 0; 1500 t_in->taglen = 0; 1501 switch (tag_mode) { 1502 case 0: /* Full tag */ 1503 t_out->maclen = maclen; 1504 t_in->maclen = maclen; 1505 break; 1506 default: 1507 ret = 1; 1508 goto cleanup; 1509 } 1510 break; 1511 default: 1512 ret = 1; 1513 goto cleanup; 1514 break; 1515 } 1516 1517 /* Setup IV's */ 1518 1519 memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); 1520 memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); 1521 memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); 1522 memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); 1523 1524#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1525 /* Add CID */ 1526 memcpy(&t_in->in_cid, cid0, cid0_len); 1527 memcpy(&t_in->out_cid, cid1, cid1_len); 1528 t_in->in_cid_len = (uint8_t) cid0_len; 1529 t_in->out_cid_len = (uint8_t) cid1_len; 1530 memcpy(&t_out->in_cid, cid1, cid1_len); 1531 memcpy(&t_out->out_cid, cid0, cid0_len); 1532 t_out->in_cid_len = (uint8_t) cid1_len; 1533 t_out->out_cid_len = (uint8_t) cid0_len; 1534#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1535 1536#if defined(MBEDTLS_USE_PSA_CRYPTO) 1537 status = mbedtls_ssl_cipher_to_psa(cipher_type, 1538 t_in->taglen, 1539 &alg, 1540 &key_type, 1541 &key_bits); 1542 1543 if (status != PSA_SUCCESS) { 1544 ret = PSA_TO_MBEDTLS_ERR(status); 1545 goto cleanup; 1546 } 1547 1548 t_in->psa_alg = alg; 1549 t_out->psa_alg = alg; 1550 1551 if (alg != MBEDTLS_SSL_NULL_CIPHER) { 1552 psa_reset_key_attributes(&attributes); 1553 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1554 psa_set_key_algorithm(&attributes, alg); 1555 psa_set_key_type(&attributes, key_type); 1556 1557 status = psa_import_key(&attributes, 1558 key0, 1559 PSA_BITS_TO_BYTES(key_bits), 1560 &t_in->psa_key_enc); 1561 1562 if (status != PSA_SUCCESS) { 1563 ret = PSA_TO_MBEDTLS_ERR(status); 1564 goto cleanup; 1565 } 1566 1567 status = psa_import_key(&attributes, 1568 key1, 1569 PSA_BITS_TO_BYTES(key_bits), 1570 &t_out->psa_key_enc); 1571 1572 if (status != PSA_SUCCESS) { 1573 ret = PSA_TO_MBEDTLS_ERR(status); 1574 goto cleanup; 1575 } 1576 1577 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1578 1579 status = psa_import_key(&attributes, 1580 key1, 1581 PSA_BITS_TO_BYTES(key_bits), 1582 &t_in->psa_key_dec); 1583 1584 if (status != PSA_SUCCESS) { 1585 ret = PSA_TO_MBEDTLS_ERR(status); 1586 goto cleanup; 1587 } 1588 1589 status = psa_import_key(&attributes, 1590 key0, 1591 PSA_BITS_TO_BYTES(key_bits), 1592 &t_out->psa_key_dec); 1593 1594 if (status != PSA_SUCCESS) { 1595 ret = PSA_TO_MBEDTLS_ERR(status); 1596 goto cleanup; 1597 } 1598 } 1599#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1600 1601cleanup: 1602 1603 mbedtls_free(key0); 1604 mbedtls_free(key1); 1605 1606 mbedtls_free(md0); 1607 mbedtls_free(md1); 1608 1609 return ret; 1610} 1611 1612#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1613int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, 1614 mbedtls_ssl_transform *transform_out) 1615{ 1616#if defined(MBEDTLS_USE_PSA_CRYPTO) 1617 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1618#endif 1619 1620 /* Serialized version of record header for MAC purposes */ 1621 unsigned char add_data[13]; 1622 memcpy(add_data, record->ctr, 8); 1623 add_data[8] = record->type; 1624 add_data[9] = record->ver[0]; 1625 add_data[10] = record->ver[1]; 1626 add_data[11] = (record->data_len >> 8) & 0xff; 1627 add_data[12] = (record->data_len >> 0) & 0xff; 1628 1629 /* MAC with additional data */ 1630#if defined(MBEDTLS_USE_PSA_CRYPTO) 1631 size_t sign_mac_length = 0; 1632 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, 1633 transform_out->psa_mac_enc, 1634 transform_out->psa_mac_alg)); 1635 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); 1636 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, 1637 record->buf + record->data_offset, 1638 record->data_len)); 1639 /* Use a temporary buffer for the MAC, because with the truncated HMAC 1640 * extension, there might not be enough room in the record for the 1641 * full-length MAC. */ 1642 unsigned char mac[PSA_HASH_MAX_SIZE]; 1643 TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, 1644 mac, sizeof(mac), 1645 &sign_mac_length)); 1646#else 1647 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); 1648 TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, 1649 record->buf + record->data_offset, 1650 record->data_len)); 1651 /* Use a temporary buffer for the MAC, because with the truncated HMAC 1652 * extension, there might not be enough room in the record for the 1653 * full-length MAC. */ 1654 unsigned char mac[MBEDTLS_MD_MAX_SIZE]; 1655 TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); 1656#endif 1657 memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); 1658 record->data_len += transform_out->maclen; 1659 1660 return 0; 1661 1662exit: 1663#if defined(MBEDTLS_USE_PSA_CRYPTO) 1664 psa_mac_abort(&operation); 1665#endif 1666 return -1; 1667} 1668#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 1669 1670#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1671int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, 1672 int ticket_len, 1673 int endpoint_type, 1674 const char *crt_file) 1675{ 1676 (void) ticket_len; 1677 1678#if defined(MBEDTLS_HAVE_TIME) 1679 session->start = mbedtls_time(NULL) - 42; 1680#endif 1681 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 1682 1683 TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || 1684 endpoint_type == MBEDTLS_SSL_IS_SERVER); 1685 1686 session->endpoint = endpoint_type; 1687 session->ciphersuite = 0xabcd; 1688 session->id_len = sizeof(session->id); 1689 memset(session->id, 66, session->id_len); 1690 memset(session->master, 17, sizeof(session->master)); 1691 1692#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) 1693 if (crt_file != NULL && strlen(crt_file) != 0) { 1694 mbedtls_x509_crt tmp_crt; 1695 int ret; 1696 1697 mbedtls_x509_crt_init(&tmp_crt); 1698 ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); 1699 if (ret != 0) { 1700 return ret; 1701 } 1702 1703#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 1704 /* Move temporary CRT. */ 1705 session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); 1706 if (session->peer_cert == NULL) { 1707 return -1; 1708 } 1709 *session->peer_cert = tmp_crt; 1710 memset(&tmp_crt, 0, sizeof(tmp_crt)); 1711#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1712 /* Calculate digest of temporary CRT. */ 1713 session->peer_cert_digest = 1714 mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); 1715 if (session->peer_cert_digest == NULL) { 1716 return -1; 1717 } 1718 1719#if defined(MBEDTLS_USE_PSA_CRYPTO) 1720 psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( 1721 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); 1722 size_t hash_size = 0; 1723 psa_status_t status = psa_hash_compute( 1724 psa_alg, tmp_crt.raw.p, 1725 tmp_crt.raw.len, 1726 session->peer_cert_digest, 1727 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, 1728 &hash_size); 1729 ret = PSA_TO_MBEDTLS_ERR(status); 1730#else 1731 ret = mbedtls_md(mbedtls_md_info_from_type( 1732 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), 1733 tmp_crt.raw.p, tmp_crt.raw.len, 1734 session->peer_cert_digest); 1735#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1736 if (ret != 0) { 1737 return ret; 1738 } 1739 session->peer_cert_digest_type = 1740 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; 1741 session->peer_cert_digest_len = 1742 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; 1743#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1744 1745 mbedtls_x509_crt_free(&tmp_crt); 1746 } 1747#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ 1748 (void) crt_file; 1749#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ 1750 session->verify_result = 0xdeadbeef; 1751 1752#if defined(MBEDTLS_SSL_SESSION_TICKETS) 1753#if defined(MBEDTLS_SSL_CLI_C) 1754 if (ticket_len != 0) { 1755 session->ticket = mbedtls_calloc(1, ticket_len); 1756 if (session->ticket == NULL) { 1757 return -1; 1758 } 1759 memset(session->ticket, 33, ticket_len); 1760 } 1761 session->ticket_len = ticket_len; 1762 session->ticket_lifetime = 86401; 1763#endif /* MBEDTLS_SSL_CLI_C */ 1764 1765#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) 1766 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { 1767 session->ticket_creation_time = mbedtls_ms_time() - 42; 1768 } 1769#endif 1770#endif /* MBEDTLS_SSL_SESSION_TICKETS */ 1771 1772#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 1773 session->mfl_code = 1; 1774#endif 1775#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1776 session->encrypt_then_mac = 1; 1777#endif 1778 1779exit: 1780 return 0; 1781} 1782#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 1783 1784#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1785int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, 1786 int ticket_len, 1787 int endpoint_type) 1788{ 1789 ((void) ticket_len); 1790 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; 1791 session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? 1792 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; 1793 session->ciphersuite = 0xabcd; 1794 session->ticket_age_add = 0x87654321; 1795 session->ticket_flags = 0x7; 1796 1797 session->resumption_key_len = 32; 1798 memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); 1799 1800#if defined(MBEDTLS_SSL_EARLY_DATA) 1801 session->max_early_data_size = 0x87654321; 1802#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) 1803 int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); 1804 if (ret != 0) { 1805 return -1; 1806 } 1807#endif /* MBEDTLS_SSL_ALPN && MBEDTLS_SSL_SRV_C */ 1808#endif /* MBEDTLS_SSL_EARLY_DATA */ 1809 1810#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) 1811 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { 1812 session->ticket_creation_time = mbedtls_ms_time() - 42; 1813 } 1814#endif 1815 1816#if defined(MBEDTLS_SSL_CLI_C) 1817 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { 1818#if defined(MBEDTLS_HAVE_TIME) 1819 session->ticket_reception_time = mbedtls_ms_time() - 40; 1820#endif 1821 session->ticket_lifetime = 0xfedcba98; 1822 1823 session->ticket_len = ticket_len; 1824 if (ticket_len != 0) { 1825 session->ticket = mbedtls_calloc(1, ticket_len); 1826 if (session->ticket == NULL) { 1827 return -1; 1828 } 1829 memset(session->ticket, 33, ticket_len); 1830 } 1831 } 1832#endif /* MBEDTLS_SSL_CLI_C */ 1833 1834#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) 1835 session->record_size_limit = 2048; 1836#endif 1837 1838 return 0; 1839} 1840#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 1841 1842int mbedtls_test_ssl_exchange_data( 1843 mbedtls_ssl_context *ssl_1, 1844 int msg_len_1, const int expected_fragments_1, 1845 mbedtls_ssl_context *ssl_2, 1846 int msg_len_2, const int expected_fragments_2) 1847{ 1848 unsigned char *msg_buf_1 = malloc(msg_len_1); 1849 unsigned char *msg_buf_2 = malloc(msg_len_2); 1850 unsigned char *in_buf_1 = malloc(msg_len_2); 1851 unsigned char *in_buf_2 = malloc(msg_len_1); 1852 int msg_type, ret = -1; 1853 1854 /* Perform this test with two message types. At first use a message 1855 * consisting of only 0x00 for the client and only 0xFF for the server. 1856 * At the second time use message with generated data */ 1857 for (msg_type = 0; msg_type < 2; msg_type++) { 1858 int written_1 = 0; 1859 int written_2 = 0; 1860 int read_1 = 0; 1861 int read_2 = 0; 1862 int fragments_1 = 0; 1863 int fragments_2 = 0; 1864 1865 if (msg_type == 0) { 1866 memset(msg_buf_1, 0x00, msg_len_1); 1867 memset(msg_buf_2, 0xff, msg_len_2); 1868 } else { 1869 int i, j = 0; 1870 for (i = 0; i < msg_len_1; i++) { 1871 msg_buf_1[i] = j++ & 0xFF; 1872 } 1873 for (i = 0; i < msg_len_2; i++) { 1874 msg_buf_2[i] = (j -= 5) & 0xFF; 1875 } 1876 } 1877 1878 while (read_1 < msg_len_2 || read_2 < msg_len_1) { 1879 /* ssl_1 sending */ 1880 if (msg_len_1 > written_1) { 1881 ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, 1882 msg_len_1, &written_1, 1883 expected_fragments_1); 1884 if (expected_fragments_1 == 0) { 1885 /* This error is expected when the message is too large and 1886 * cannot be fragmented */ 1887 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); 1888 msg_len_1 = 0; 1889 } else { 1890 TEST_ASSERT(ret == 0); 1891 } 1892 } 1893 1894 /* ssl_2 sending */ 1895 if (msg_len_2 > written_2) { 1896 ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, 1897 msg_len_2, &written_2, 1898 expected_fragments_2); 1899 if (expected_fragments_2 == 0) { 1900 /* This error is expected when the message is too large and 1901 * cannot be fragmented */ 1902 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); 1903 msg_len_2 = 0; 1904 } else { 1905 TEST_ASSERT(ret == 0); 1906 } 1907 } 1908 1909 /* ssl_1 reading */ 1910 if (read_1 < msg_len_2) { 1911 ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, 1912 msg_len_2, &read_1, 1913 &fragments_2, 1914 expected_fragments_2); 1915 TEST_ASSERT(ret == 0); 1916 } 1917 1918 /* ssl_2 reading */ 1919 if (read_2 < msg_len_1) { 1920 ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, 1921 msg_len_1, &read_2, 1922 &fragments_1, 1923 expected_fragments_1); 1924 TEST_ASSERT(ret == 0); 1925 } 1926 } 1927 1928 ret = -1; 1929 TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); 1930 TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); 1931 TEST_ASSERT(fragments_1 == expected_fragments_1); 1932 TEST_ASSERT(fragments_2 == expected_fragments_2); 1933 } 1934 1935 ret = 0; 1936 1937exit: 1938 free(msg_buf_1); 1939 free(in_buf_1); 1940 free(msg_buf_2); 1941 free(in_buf_2); 1942 1943 return ret; 1944} 1945 1946/* 1947 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints 1948 * must be initialized and connected beforehand. 1949 * 1950 * \retval 0 on success, otherwise error code. 1951 */ 1952#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ 1953 (defined(MBEDTLS_SSL_RENEGOTIATION) || \ 1954 defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) 1955static int exchange_data(mbedtls_ssl_context *ssl_1, 1956 mbedtls_ssl_context *ssl_2) 1957{ 1958 return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, 1959 ssl_2, 256, 1); 1960} 1961#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && 1962 (MBEDTLS_SSL_RENEGOTIATION || 1963 MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ 1964 1965#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 1966static int check_ssl_version( 1967 mbedtls_ssl_protocol_version expected_negotiated_version, 1968 const mbedtls_ssl_context *ssl) 1969{ 1970 const char *version_string = mbedtls_ssl_get_version(ssl); 1971 mbedtls_ssl_protocol_version version_number = 1972 mbedtls_ssl_get_version_number(ssl); 1973 1974 TEST_EQUAL(ssl->tls_version, expected_negotiated_version); 1975 1976 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 1977 TEST_EQUAL(version_string[0], 'D'); 1978 ++version_string; 1979 } 1980 1981 switch (expected_negotiated_version) { 1982 case MBEDTLS_SSL_VERSION_TLS1_2: 1983 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); 1984 TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); 1985 break; 1986 1987 case MBEDTLS_SSL_VERSION_TLS1_3: 1988 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); 1989 TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); 1990 break; 1991 1992 default: 1993 TEST_FAIL( 1994 "Version check not implemented for this protocol version"); 1995 } 1996 1997 return 1; 1998 1999exit: 2000 return 0; 2001} 2002#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2003 2004#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2005void mbedtls_test_ssl_perform_handshake( 2006 mbedtls_test_handshake_test_options *options) 2007{ 2008 /* forced_ciphersuite needs to last until the end of the handshake */ 2009 int forced_ciphersuite[2]; 2010 enum { BUFFSIZE = 17000 }; 2011 mbedtls_test_ssl_endpoint client, server; 2012#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 2013 const char *psk_identity = "foo"; 2014#endif 2015#if defined(MBEDTLS_TIMING_C) 2016 mbedtls_timing_delay_context timer_client, timer_server; 2017#endif 2018#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2019 unsigned char *context_buf = NULL; 2020 size_t context_buf_len; 2021#endif 2022#if defined(MBEDTLS_SSL_RENEGOTIATION) 2023 int ret = -1; 2024#endif 2025 int expected_handshake_result = options->expected_handshake_result; 2026 2027 MD_OR_USE_PSA_INIT(); 2028 mbedtls_platform_zeroize(&client, sizeof(client)); 2029 mbedtls_platform_zeroize(&server, sizeof(server)); 2030 mbedtls_test_ssl_message_queue server_queue, client_queue; 2031 mbedtls_test_message_socket_context server_context, client_context; 2032 mbedtls_test_message_socket_init(&server_context); 2033 mbedtls_test_message_socket_init(&client_context); 2034 2035#if defined(MBEDTLS_DEBUG_C) 2036 if (options->cli_log_fun || options->srv_log_fun) { 2037 mbedtls_debug_set_threshold(4); 2038 } 2039#endif 2040 2041 /* Client side */ 2042 if (options->dtls != 0) { 2043 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, 2044 MBEDTLS_SSL_IS_CLIENT, 2045 options, &client_context, 2046 &client_queue, 2047 &server_queue) == 0); 2048#if defined(MBEDTLS_TIMING_C) 2049 mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, 2050 mbedtls_timing_set_delay, 2051 mbedtls_timing_get_delay); 2052#endif 2053 } else { 2054 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, 2055 MBEDTLS_SSL_IS_CLIENT, 2056 options, NULL, NULL, 2057 NULL) == 0); 2058 } 2059 2060 if (strlen(options->cipher) > 0) { 2061 set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); 2062 } 2063 2064 /* Server side */ 2065 if (options->dtls != 0) { 2066 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, 2067 MBEDTLS_SSL_IS_SERVER, 2068 options, &server_context, 2069 &server_queue, 2070 &client_queue) == 0); 2071#if defined(MBEDTLS_TIMING_C) 2072 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, 2073 mbedtls_timing_set_delay, 2074 mbedtls_timing_get_delay); 2075#endif 2076 } else { 2077 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, 2078 MBEDTLS_SSL_IS_SERVER, 2079 options, NULL, NULL, 2080 NULL) == 0); 2081 } 2082 2083 mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); 2084 2085#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 2086 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), 2087 (unsigned char) options->mfl) 2088 == 0); 2089 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), 2090 (unsigned char) options->mfl) 2091 == 0); 2092#else 2093 TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); 2094#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ 2095 2096#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 2097 if (options->psk_str != NULL && options->psk_str->len > 0) { 2098 TEST_ASSERT(mbedtls_ssl_conf_psk( 2099 &client.conf, options->psk_str->x, 2100 options->psk_str->len, 2101 (const unsigned char *) psk_identity, 2102 strlen(psk_identity)) == 0); 2103 2104 TEST_ASSERT(mbedtls_ssl_conf_psk( 2105 &server.conf, options->psk_str->x, 2106 options->psk_str->len, 2107 (const unsigned char *) psk_identity, 2108 strlen(psk_identity)) == 0); 2109#if defined(MBEDTLS_SSL_SRV_C) 2110 mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); 2111#endif 2112 } 2113#endif 2114#if defined(MBEDTLS_SSL_RENEGOTIATION) 2115 if (options->renegotiate) { 2116 mbedtls_ssl_conf_renegotiation(&(server.conf), 2117 MBEDTLS_SSL_RENEGOTIATION_ENABLED); 2118 mbedtls_ssl_conf_renegotiation(&(client.conf), 2119 MBEDTLS_SSL_RENEGOTIATION_ENABLED); 2120 2121 mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), 2122 options->legacy_renegotiation); 2123 mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), 2124 options->legacy_renegotiation); 2125 } 2126#endif /* MBEDTLS_SSL_RENEGOTIATION */ 2127 2128 TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), 2129 &(server.socket), 2130 BUFFSIZE) == 0); 2131 2132#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2133 if (options->resize_buffers != 0) { 2134 /* Ensure that the buffer sizes are appropriate before resizes */ 2135 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2136 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2137 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2138 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2139 } 2140#endif 2141 2142 if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { 2143 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; 2144 } 2145 2146 TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), 2147 &(server.ssl), 2148 MBEDTLS_SSL_HANDSHAKE_OVER) 2149 == expected_handshake_result); 2150 2151 if (expected_handshake_result != 0) { 2152 /* Connection will have failed by this point, skip to cleanup */ 2153 goto exit; 2154 } 2155 2156 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); 2157 2158 /* Make sure server state is moved to HANDSHAKE_OVER also. */ 2159 TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), 2160 &(client.ssl), 2161 MBEDTLS_SSL_HANDSHAKE_OVER), 2162 0); 2163 2164 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); 2165 /* Check that both sides have negotiated the expected version. */ 2166 mbedtls_test_set_step(0); 2167 if (!check_ssl_version(options->expected_negotiated_version, 2168 &client.ssl)) { 2169 goto exit; 2170 } 2171 2172 mbedtls_test_set_step(1); 2173 if (!check_ssl_version(options->expected_negotiated_version, 2174 &server.ssl)) { 2175 goto exit; 2176 } 2177 2178 if (options->expected_ciphersuite != 0) { 2179 TEST_EQUAL(server.ssl.session->ciphersuite, 2180 options->expected_ciphersuite); 2181 } 2182 2183#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2184 if (options->resize_buffers != 0) { 2185 /* A server, when using DTLS, might delay a buffer resize to happen 2186 * after it receives a message, so we force it. */ 2187 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2188 2189 TEST_ASSERT(client.ssl.out_buf_len == 2190 mbedtls_ssl_get_output_buflen(&client.ssl)); 2191 TEST_ASSERT(client.ssl.in_buf_len == 2192 mbedtls_ssl_get_input_buflen(&client.ssl)); 2193 TEST_ASSERT(server.ssl.out_buf_len == 2194 mbedtls_ssl_get_output_buflen(&server.ssl)); 2195 TEST_ASSERT(server.ssl.in_buf_len == 2196 mbedtls_ssl_get_input_buflen(&server.ssl)); 2197 } 2198#endif 2199 2200 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { 2201 /* Start data exchanging test */ 2202 TEST_ASSERT(mbedtls_test_ssl_exchange_data( 2203 &(client.ssl), options->cli_msg_len, 2204 options->expected_cli_fragments, 2205 &(server.ssl), options->srv_msg_len, 2206 options->expected_srv_fragments) 2207 == 0); 2208 } 2209#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2210 if (options->serialize == 1) { 2211 TEST_ASSERT(options->dtls == 1); 2212 2213 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, 2214 0, &context_buf_len) 2215 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 2216 2217 context_buf = mbedtls_calloc(1, context_buf_len); 2218 TEST_ASSERT(context_buf != NULL); 2219 2220 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, 2221 context_buf_len, 2222 &context_buf_len) 2223 == 0); 2224 2225 mbedtls_ssl_free(&(server.ssl)); 2226 mbedtls_ssl_init(&(server.ssl)); 2227 2228 TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); 2229 2230 mbedtls_ssl_set_bio(&(server.ssl), &server_context, 2231 mbedtls_test_mock_tcp_send_msg, 2232 mbedtls_test_mock_tcp_recv_msg, 2233 NULL); 2234 2235 mbedtls_ssl_set_user_data_p(&server.ssl, &server); 2236 2237#if defined(MBEDTLS_TIMING_C) 2238 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, 2239 mbedtls_timing_set_delay, 2240 mbedtls_timing_get_delay); 2241#endif 2242#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2243 if (options->resize_buffers != 0) { 2244 /* Ensure that the buffer sizes are appropriate before resizes */ 2245 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2246 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2247 } 2248#endif 2249 TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, 2250 context_buf_len) == 0); 2251 2252#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2253 /* Validate buffer sizes after context deserialization */ 2254 if (options->resize_buffers != 0) { 2255 TEST_ASSERT(server.ssl.out_buf_len == 2256 mbedtls_ssl_get_output_buflen(&server.ssl)); 2257 TEST_ASSERT(server.ssl.in_buf_len == 2258 mbedtls_ssl_get_input_buflen(&server.ssl)); 2259 } 2260#endif 2261 /* Retest writing/reading */ 2262 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { 2263 TEST_ASSERT(mbedtls_test_ssl_exchange_data( 2264 &(client.ssl), options->cli_msg_len, 2265 options->expected_cli_fragments, 2266 &(server.ssl), options->srv_msg_len, 2267 options->expected_srv_fragments) 2268 == 0); 2269 } 2270 } 2271#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ 2272 2273#if defined(MBEDTLS_SSL_RENEGOTIATION) 2274 if (options->renegotiate) { 2275 /* Start test with renegotiation */ 2276 TEST_ASSERT(server.ssl.renego_status == 2277 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2278 TEST_ASSERT(client.ssl.renego_status == 2279 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2280 2281 /* After calling this function for the server, it only sends a handshake 2282 * request. All renegotiation should happen during data exchanging */ 2283 TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); 2284 TEST_ASSERT(server.ssl.renego_status == 2285 MBEDTLS_SSL_RENEGOTIATION_PENDING); 2286 TEST_ASSERT(client.ssl.renego_status == 2287 MBEDTLS_SSL_INITIAL_HANDSHAKE); 2288 2289 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2290 TEST_ASSERT(server.ssl.renego_status == 2291 MBEDTLS_SSL_RENEGOTIATION_DONE); 2292 TEST_ASSERT(client.ssl.renego_status == 2293 MBEDTLS_SSL_RENEGOTIATION_DONE); 2294 2295 /* After calling mbedtls_ssl_renegotiate for the client, 2296 * all renegotiation should happen inside this function. 2297 * However in this test, we cannot perform simultaneous communication 2298 * between client and server so this function will return waiting error 2299 * on the socket. All rest of renegotiation should happen 2300 * during data exchanging */ 2301 ret = mbedtls_ssl_renegotiate(&(client.ssl)); 2302#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2303 if (options->resize_buffers != 0) { 2304 /* Ensure that the buffer sizes are appropriate before resizes */ 2305 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); 2306 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); 2307 } 2308#endif 2309 TEST_ASSERT(ret == 0 || 2310 ret == MBEDTLS_ERR_SSL_WANT_READ || 2311 ret == MBEDTLS_ERR_SSL_WANT_WRITE); 2312 TEST_ASSERT(server.ssl.renego_status == 2313 MBEDTLS_SSL_RENEGOTIATION_DONE); 2314 TEST_ASSERT(client.ssl.renego_status == 2315 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); 2316 2317 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); 2318 TEST_ASSERT(server.ssl.renego_status == 2319 MBEDTLS_SSL_RENEGOTIATION_DONE); 2320 TEST_ASSERT(client.ssl.renego_status == 2321 MBEDTLS_SSL_RENEGOTIATION_DONE); 2322#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 2323 /* Validate buffer sizes after renegotiation */ 2324 if (options->resize_buffers != 0) { 2325 TEST_ASSERT(client.ssl.out_buf_len == 2326 mbedtls_ssl_get_output_buflen(&client.ssl)); 2327 TEST_ASSERT(client.ssl.in_buf_len == 2328 mbedtls_ssl_get_input_buflen(&client.ssl)); 2329 TEST_ASSERT(server.ssl.out_buf_len == 2330 mbedtls_ssl_get_output_buflen(&server.ssl)); 2331 TEST_ASSERT(server.ssl.in_buf_len == 2332 mbedtls_ssl_get_input_buflen(&server.ssl)); 2333 } 2334#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ 2335 } 2336#endif /* MBEDTLS_SSL_RENEGOTIATION */ 2337 2338 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); 2339 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); 2340 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); 2341 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); 2342 2343exit: 2344 mbedtls_test_ssl_endpoint_free(&client, 2345 options->dtls != 0 ? &client_context : NULL); 2346 mbedtls_test_ssl_endpoint_free(&server, 2347 options->dtls != 0 ? &server_context : NULL); 2348#if defined(MBEDTLS_DEBUG_C) 2349 if (options->cli_log_fun || options->srv_log_fun) { 2350 mbedtls_debug_set_threshold(0); 2351 } 2352#endif 2353#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) 2354 if (context_buf != NULL) { 2355 mbedtls_free(context_buf); 2356 } 2357#endif 2358 MD_OR_USE_PSA_DONE(); 2359} 2360#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2361 2362#if defined(MBEDTLS_TEST_HOOKS) 2363int mbedtls_test_tweak_tls13_certificate_msg_vector_len( 2364 unsigned char *buf, unsigned char **end, int tweak, 2365 int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) 2366{ 2367/* 2368 * The definition of the tweaks assume that the certificate list contains only 2369 * one certificate. 2370 */ 2371 2372/* 2373 * struct { 2374 * opaque cert_data<1..2^24-1>; 2375 * Extension extensions<0..2^16-1>; 2376 * } CertificateEntry; 2377 * 2378 * struct { 2379 * opaque certificate_request_context<0..2^8-1>; 2380 * CertificateEntry certificate_list<0..2^24-1>; 2381 * } Certificate; 2382 */ 2383 unsigned char *p_certificate_request_context_len = buf; 2384 size_t certificate_request_context_len = buf[0]; 2385 2386 unsigned char *p_certificate_list_len = 2387 buf + 1 + certificate_request_context_len; 2388 unsigned char *certificate_list = p_certificate_list_len + 3; 2389 size_t certificate_list_len = 2390 MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); 2391 2392 unsigned char *p_cert_data_len = certificate_list; 2393 unsigned char *cert_data = p_cert_data_len + 3; 2394 size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); 2395 2396 unsigned char *p_extensions_len = cert_data + cert_data_len; 2397 unsigned char *extensions = p_extensions_len + 2; 2398 size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); 2399 2400 *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; 2401 2402 switch (tweak) { 2403 case 1: 2404 /* Failure when checking if the certificate request context length 2405 * and certificate list length can be read 2406 */ 2407 *end = buf + 3; 2408 set_chk_buf_ptr_args(args, buf, *end, 4); 2409 break; 2410 2411 case 2: 2412 /* Invalid certificate request context length. 2413 */ 2414 *p_certificate_request_context_len = 2415 (unsigned char) certificate_request_context_len + 1; 2416 reset_chk_buf_ptr_args(args); 2417 break; 2418 2419 case 3: 2420 /* Failure when checking if certificate_list data can be read. */ 2421 MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, 2422 p_certificate_list_len, 0); 2423 set_chk_buf_ptr_args(args, certificate_list, *end, 2424 certificate_list_len + 1); 2425 break; 2426 2427 case 4: 2428 /* Failure when checking if the cert_data length can be read. */ 2429 MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); 2430 set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); 2431 break; 2432 2433 case 5: 2434 /* Failure when checking if cert_data data can be read. */ 2435 MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, 2436 p_cert_data_len, 0); 2437 set_chk_buf_ptr_args(args, cert_data, 2438 certificate_list + certificate_list_len, 2439 certificate_list_len - 3 + 1); 2440 break; 2441 2442 case 6: 2443 /* Failure when checking if the extensions length can be read. */ 2444 MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, 2445 p_certificate_list_len, 0); 2446 set_chk_buf_ptr_args( 2447 args, p_extensions_len, 2448 certificate_list + certificate_list_len - extensions_len - 1, 2); 2449 break; 2450 2451 case 7: 2452 /* Failure when checking if extensions data can be read. */ 2453 MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); 2454 2455 set_chk_buf_ptr_args( 2456 args, extensions, 2457 certificate_list + certificate_list_len, extensions_len + 1); 2458 break; 2459 2460 default: 2461 return -1; 2462 } 2463 2464 return 0; 2465} 2466#endif /* MBEDTLS_TEST_HOOKS */ 2467 2468/* 2469 * Functions for tests based on tickets. Implementations of the 2470 * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. 2471 * Basically same implementations as in ticket.c without the encryption. That 2472 * way we can tweak easily tickets characteristics to simulate misbehaving 2473 * peers. 2474 */ 2475#if defined(MBEDTLS_SSL_SESSION_TICKETS) 2476int mbedtls_test_ticket_write( 2477 void *p_ticket, const mbedtls_ssl_session *session, 2478 unsigned char *start, const unsigned char *end, 2479 size_t *tlen, uint32_t *lifetime) 2480{ 2481 int ret; 2482 ((void) p_ticket); 2483 2484 if ((ret = mbedtls_ssl_session_save(session, start, end - start, 2485 tlen)) != 0) { 2486 return ret; 2487 } 2488 2489 /* Maximum ticket lifetime as defined in RFC 8446 */ 2490 *lifetime = 7 * 24 * 3600; 2491 2492 return 0; 2493} 2494 2495int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, 2496 unsigned char *buf, size_t len) 2497{ 2498 ((void) p_ticket); 2499 2500 return mbedtls_ssl_session_load(session, buf, len); 2501} 2502#endif /* MBEDTLS_SSL_SESSION_TICKETS */ 2503 2504#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ 2505 defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ 2506 defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 2507int mbedtls_test_get_tls13_ticket( 2508 mbedtls_test_handshake_test_options *client_options, 2509 mbedtls_test_handshake_test_options *server_options, 2510 mbedtls_ssl_session *session) 2511{ 2512 int ret = -1; 2513 unsigned char buf[64]; 2514 mbedtls_test_ssl_endpoint client_ep, server_ep; 2515 2516 mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); 2517 mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); 2518 2519 ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, 2520 client_options, NULL, NULL, NULL); 2521 TEST_EQUAL(ret, 0); 2522 2523 ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, 2524 server_options, NULL, NULL, NULL); 2525 TEST_EQUAL(ret, 0); 2526 2527 mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, 2528 mbedtls_test_ticket_write, 2529 mbedtls_test_ticket_parse, 2530 NULL); 2531 2532 ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), 2533 &(server_ep.socket), 1024); 2534 TEST_EQUAL(ret, 0); 2535 2536 TEST_EQUAL(mbedtls_test_move_handshake_to_state( 2537 &(server_ep.ssl), &(client_ep.ssl), 2538 MBEDTLS_SSL_HANDSHAKE_OVER), 0); 2539 2540 TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); 2541 2542 do { 2543 ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); 2544 } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); 2545 2546 ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); 2547 TEST_EQUAL(ret, 0); 2548 2549exit: 2550 mbedtls_test_ssl_endpoint_free(&client_ep, NULL); 2551 mbedtls_test_ssl_endpoint_free(&server_ep, NULL); 2552 2553 return ret; 2554} 2555#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && 2556 MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && 2557 MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 2558 2559#endif /* MBEDTLS_SSL_TLS_C */ 2560