1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
21
22 #include "ssl_test_lib.h"
23
24 #if defined(MBEDTLS_USE_PSA_CRYPTO)
25 #include "test/psa_crypto_helpers.h"
26 #endif
27
28 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)29 int main( void )
30 {
31 mbedtls_printf( MBEDTLS_SSL_TEST_IMPOSSIBLE );
32 mbedtls_exit( 0 );
33 }
34 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)35 int main( void )
36 {
37 mbedtls_printf( "MBEDTLS_SSL_CLI_C not defined.\n" );
38 mbedtls_exit( 0 );
39 }
40 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
41
42 /* Size of memory to be allocated for the heap, when using the library's memory
43 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
44 #define MEMORY_HEAP_SIZE 120000
45
46 #define MAX_REQUEST_SIZE 20000
47 #define MAX_REQUEST_SIZE_STR "20000"
48
49 #define DFL_SERVER_NAME "localhost"
50 #define DFL_SERVER_ADDR NULL
51 #define DFL_SERVER_PORT "4433"
52 #define DFL_REQUEST_PAGE "/"
53 #define DFL_REQUEST_SIZE -1
54 #define DFL_DEBUG_LEVEL 0
55 #define DFL_CONTEXT_CRT_CB 0
56 #define DFL_NBIO 0
57 #define DFL_EVENT 0
58 #define DFL_READ_TIMEOUT 0
59 #define DFL_MAX_RESEND 0
60 #define DFL_CA_FILE ""
61 #define DFL_CA_PATH ""
62 #define DFL_CRT_FILE ""
63 #define DFL_KEY_FILE ""
64 #define DFL_KEY_OPAQUE 0
65 #define DFL_KEY_PWD ""
66 #define DFL_PSK ""
67 #define DFL_PSK_OPAQUE 0
68 #define DFL_PSK_IDENTITY "Client_identity"
69 #define DFL_ECJPAKE_PW NULL
70 #define DFL_EC_MAX_OPS -1
71 #define DFL_FORCE_CIPHER 0
72 #define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
73 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
74 #define DFL_ALLOW_LEGACY -2
75 #define DFL_RENEGOTIATE 0
76 #define DFL_EXCHANGES 1
77 #define DFL_MIN_VERSION -1
78 #define DFL_MAX_VERSION -1
79 #define DFL_SHA1 -1
80 #define DFL_AUTH_MODE -1
81 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
82 #define DFL_TRUNC_HMAC -1
83 #define DFL_RECSPLIT -1
84 #define DFL_DHMLEN -1
85 #define DFL_RECONNECT 0
86 #define DFL_RECO_DELAY 0
87 #define DFL_RECO_MODE 1
88 #define DFL_CID_ENABLED 0
89 #define DFL_CID_VALUE ""
90 #define DFL_CID_ENABLED_RENEGO -1
91 #define DFL_CID_VALUE_RENEGO NULL
92 #define DFL_RECONNECT_HARD 0
93 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
94 #define DFL_ALPN_STRING NULL
95 #define DFL_CURVES NULL
96 #define DFL_SIG_ALGS NULL
97 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
98 #define DFL_HS_TO_MIN 0
99 #define DFL_HS_TO_MAX 0
100 #define DFL_DTLS_MTU -1
101 #define DFL_DGRAM_PACKING 1
102 #define DFL_FALLBACK -1
103 #define DFL_EXTENDED_MS -1
104 #define DFL_ETM -1
105 #define DFL_SERIALIZE 0
106 #define DFL_CONTEXT_FILE ""
107 #define DFL_EXTENDED_MS_ENFORCE -1
108 #define DFL_CA_CALLBACK 0
109 #define DFL_EAP_TLS 0
110 #define DFL_REPRODUCIBLE 0
111 #define DFL_NSS_KEYLOG 0
112 #define DFL_NSS_KEYLOG_FILE NULL
113 #define DFL_SKIP_CLOSE_NOTIFY 0
114 #define DFL_QUERY_CONFIG_MODE 0
115 #define DFL_USE_SRTP 0
116 #define DFL_SRTP_FORCE_PROFILE 0
117 #define DFL_SRTP_MKI ""
118
119 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
120 #define GET_REQUEST_END "\r\n\r\n"
121
122 #if defined(MBEDTLS_X509_CRT_PARSE_C)
123 #define USAGE_CONTEXT_CRT_CB \
124 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
125 " to the SSL configuration of the SSL context.\n" \
126 " Possible values:\n"\
127 " - 0 (default): Use CRT callback bound to configuration\n" \
128 " - 1: Use CRT callback bound to SSL context\n"
129 #else
130 #define USAGE_CONTEXT_CRT_CB ""
131 #endif /* MBEDTLS_X509_CRT_PARSE_C */
132 #if defined(MBEDTLS_X509_CRT_PARSE_C)
133 #if defined(MBEDTLS_FS_IO)
134 #define USAGE_IO \
135 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
136 " default: \"\" (pre-loaded)\n" \
137 " use \"none\" to skip loading any top-level CAs.\n" \
138 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
139 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
140 " use \"none\" to skip loading any top-level CAs.\n" \
141 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
142 " default: \"\" (pre-loaded)\n" \
143 " key_file=%%s default: \"\" (pre-loaded)\n"\
144 " key_pwd=%%s Password for key specified by key_file argument\n"\
145 " default: none\n"
146 #else
147 #define USAGE_IO \
148 " No file operations available (MBEDTLS_FS_IO not defined)\n"
149 #endif /* MBEDTLS_FS_IO */
150 #else /* MBEDTLS_X509_CRT_PARSE_C */
151 #define USAGE_IO ""
152 #endif /* MBEDTLS_X509_CRT_PARSE_C */
153 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
154 #define USAGE_KEY_OPAQUE \
155 " key_opaque=%%d Handle your private key as if it were opaque\n" \
156 " default: 0 (disabled)\n"
157 #else
158 #define USAGE_KEY_OPAQUE ""
159 #endif
160
161 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
162 #define USAGE_CID \
163 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
164 " default: 0 (disabled)\n" \
165 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
166 " default: same as 'cid' parameter\n" \
167 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
168 " default: \"\"\n" \
169 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
170 " default: same as 'cid_val' parameter\n"
171 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
172 #define USAGE_CID ""
173 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
174
175 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
176 #define USAGE_PSK_RAW \
177 " psk=%%s default: \"\" (disabled)\n" \
178 " The PSK values are in hex, without 0x.\n" \
179 " psk_identity=%%s default: \"Client_identity\"\n"
180 #if defined(MBEDTLS_USE_PSA_CRYPTO)
181 #define USAGE_PSK_SLOT \
182 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
183 " Enable this to store the PSK configured through command line\n" \
184 " parameter `psk` in a PSA-based key slot.\n" \
185 " Note: Currently only supported in conjunction with\n" \
186 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
187 " to force a particular PSK-only ciphersuite.\n" \
188 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
189 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
190 " with prepopulated key slots instead of importing raw key material.\n"
191 #else
192 #define USAGE_PSK_SLOT ""
193 #endif /* MBEDTLS_USE_PSA_CRYPTO */
194 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
195 #else
196 #define USAGE_PSK ""
197 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
198
199 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
200 #define USAGE_CA_CALLBACK \
201 " ca_callback=%%d default: 0 (disabled)\n" \
202 " Enable this to use the trusted certificate callback function\n"
203 #else
204 #define USAGE_CA_CALLBACK ""
205 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
206
207 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
208 #define USAGE_TICKETS \
209 " tickets=%%d default: 1 (enabled)\n"
210 #else
211 #define USAGE_TICKETS ""
212 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
213
214 #define USAGE_EAP_TLS \
215 " eap_tls=%%d default: 0 (disabled)\n"
216 #define USAGE_NSS_KEYLOG \
217 " nss_keylog=%%d default: 0 (disabled)\n" \
218 " This cannot be used with eap_tls=1\n"
219 #define USAGE_NSS_KEYLOG_FILE \
220 " nss_keylog_file=%%s\n"
221 #if defined(MBEDTLS_SSL_DTLS_SRTP)
222 #define USAGE_SRTP \
223 " use_srtp=%%d default: 0 (disabled)\n" \
224 " This cannot be used with eap_tls=1 or "\
225 " nss_keylog=1\n" \
226 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
227 " available profiles:\n" \
228 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
229 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
230 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
231 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
232 " mki=%%s default: \"\" (in hex, without 0x)\n"
233 #else /* MBEDTLS_SSL_DTLS_SRTP */
234 #define USAGE_SRTP ""
235 #endif
236
237 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
238 #define USAGE_MAX_FRAG_LEN \
239 " max_frag_len=%%d default: 16384 (tls default)\n" \
240 " options: 512, 1024, 2048, 4096\n"
241 #else
242 #define USAGE_MAX_FRAG_LEN ""
243 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
244
245 #if defined(MBEDTLS_DHM_C)
246 #define USAGE_DHMLEN \
247 " dhmlen=%%d default: (library default: 1024 bits)\n"
248 #else
249 #define USAGE_DHMLEN
250 #endif
251
252 #if defined(MBEDTLS_SSL_ALPN)
253 #define USAGE_ALPN \
254 " alpn=%%s default: \"\" (disabled)\n" \
255 " example: spdy/1,http/1.1\n"
256 #else
257 #define USAGE_ALPN ""
258 #endif /* MBEDTLS_SSL_ALPN */
259
260 #if defined(MBEDTLS_ECP_C)
261 #define USAGE_CURVES \
262 " curves=a,b,c,d default: \"default\" (library default)\n" \
263 " example: \"secp521r1,brainpoolP512r1\"\n" \
264 " - use \"none\" for empty list\n" \
265 " - see mbedtls_ecp_curve_list()\n" \
266 " for acceptable curve names\n"
267 #else
268 #define USAGE_CURVES ""
269 #endif
270
271 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
272 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
273 #define USAGE_SIG_ALGS \
274 " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
275 " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
276 #else
277 #define USAGE_SIG_ALGS ""
278 #endif
279
280 #if defined(MBEDTLS_SSL_PROTO_DTLS)
281 #define USAGE_DTLS \
282 " dtls=%%d default: 0 (TLS)\n" \
283 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
284 " range of DTLS handshake timeouts in millisecs\n" \
285 " mtu=%%d default: (library default: unlimited)\n" \
286 " dgram_packing=%%d default: 1 (allowed)\n" \
287 " allow or forbid packing of multiple\n" \
288 " records within a single datgram.\n"
289 #else
290 #define USAGE_DTLS ""
291 #endif
292
293 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
294 #define USAGE_EMS \
295 " extended_ms=0/1 default: (library default: on)\n"
296 #else
297 #define USAGE_EMS ""
298 #endif
299
300 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
301 #define USAGE_ETM \
302 " etm=0/1 default: (library default: on)\n"
303 #else
304 #define USAGE_ETM ""
305 #endif
306
307 #define USAGE_REPRODUCIBLE \
308 " reproducible=0/1 default: 0 (disabled)\n"
309
310 #if defined(MBEDTLS_SSL_RENEGOTIATION)
311 #define USAGE_RENEGO \
312 " renegotiation=%%d default: 0 (disabled)\n" \
313 " renegotiate=%%d default: 0 (disabled)\n"
314 #else
315 #define USAGE_RENEGO ""
316 #endif
317
318 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
319 #define USAGE_ECJPAKE \
320 " ecjpake_pw=%%s default: none (disabled)\n"
321 #else
322 #define USAGE_ECJPAKE ""
323 #endif
324
325 #if defined(MBEDTLS_ECP_RESTARTABLE)
326 #define USAGE_ECRESTART \
327 " ec_max_ops=%%s default: library default (restart disabled)\n"
328 #else
329 #define USAGE_ECRESTART ""
330 #endif
331
332 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
333 #define USAGE_SERIALIZATION \
334 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
335 " options: 1 (serialize)\n" \
336 " 2 (serialize with re-initialization)\n" \
337 " context_file=%%s The file path to write a serialized connection\n"\
338 " in the form of base64 code (serialize option\n" \
339 " must be set)\n" \
340 " default: \"\" (do nothing)\n" \
341 " option: a file path\n"
342 #else
343 #define USAGE_SERIALIZATION ""
344 #endif
345
346 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
347 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
348 " tls13_kex_modes=%%s default: all\n" \
349 " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
350 #else
351 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
352 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
353
354 /* USAGE is arbitrarily split to stay under the portable string literal
355 * length limit: 4095 bytes in C99. */
356 #define USAGE1 \
357 "\n usage: ssl_client2 param=<>...\n" \
358 "\n acceptable parameters:\n" \
359 " server_name=%%s default: localhost\n" \
360 " server_addr=%%s default: given by name\n" \
361 " server_port=%%d default: 4433\n" \
362 " request_page=%%s default: \".\"\n" \
363 " request_size=%%d default: about 34 (basic request)\n" \
364 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
365 " If 0, in the first exchange only an empty\n" \
366 " application data message is sent followed by\n" \
367 " a second non-empty message before attempting\n" \
368 " to read a response from the server\n" \
369 " debug_level=%%d default: 0 (disabled)\n" \
370 " nbio=%%d default: 0 (blocking I/O)\n" \
371 " options: 1 (non-blocking), 2 (added delays)\n" \
372 " event=%%d default: 0 (loop)\n" \
373 " options: 1 (level-triggered, implies nbio=1),\n" \
374 " read_timeout=%%d default: 0 ms (no timeout)\n" \
375 " max_resend=%%d default: 0 (no resend on timeout)\n" \
376 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
377 "\n" \
378 USAGE_DTLS \
379 USAGE_CID \
380 USAGE_SRTP \
381 "\n"
382 #define USAGE2 \
383 " auth_mode=%%s default: (library default: none)\n" \
384 " options: none, optional, required\n" \
385 USAGE_IO \
386 USAGE_KEY_OPAQUE \
387 USAGE_CA_CALLBACK \
388 "\n" \
389 USAGE_PSK \
390 USAGE_ECJPAKE \
391 USAGE_ECRESTART \
392 "\n"
393 #define USAGE3 \
394 " allow_legacy=%%d default: (library default: no)\n" \
395 USAGE_RENEGO \
396 " exchanges=%%d default: 1\n" \
397 " reconnect=%%d number of reconnections using session resumption\n" \
398 " default: 0 (disabled)\n" \
399 " reco_delay=%%d default: 0 seconds\n" \
400 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
401 " default: 1\n" \
402 " reconnect_hard=%%d default: 0 (disabled)\n" \
403 USAGE_TICKETS \
404 USAGE_EAP_TLS \
405 USAGE_MAX_FRAG_LEN \
406 USAGE_CONTEXT_CRT_CB \
407 USAGE_ALPN \
408 USAGE_EMS \
409 USAGE_ETM \
410 USAGE_REPRODUCIBLE \
411 USAGE_CURVES \
412 USAGE_SIG_ALGS \
413 USAGE_DHMLEN \
414 "\n"
415
416 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
417 #define TLS1_3_VERSION_OPTIONS ", tls13"
418 #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
419 #define TLS1_3_VERSION_OPTIONS ""
420 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
421
422 #define USAGE4 \
423 " allow_sha1=%%d default: 0\n" \
424 " min_version=%%s default: (library default: tls12)\n" \
425 " max_version=%%s default: (library default: tls12)\n" \
426 " force_version=%%s default: \"\" (none)\n" \
427 " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
428 "\n\n" \
429 " force_ciphersuite=<name> default: all enabled\n" \
430 USAGE_TLS1_3_KEY_EXCHANGE_MODES \
431 " query_config=<name> return 0 if the specified\n" \
432 " configuration macro is defined and 1\n" \
433 " otherwise. The expansion of the macro\n" \
434 " is printed if it is defined\n" \
435 USAGE_SERIALIZATION \
436 " acceptable ciphersuite names:\n"
437
438 #define ALPN_LIST_SIZE 10
439 #define CURVE_LIST_SIZE 20
440 #define SIG_ALG_LIST_SIZE 5
441
442 /*
443 * global options
444 */
445 struct options
446 {
447 const char *server_name; /* hostname of the server (client only) */
448 const char *server_addr; /* address of the server (client only) */
449 const char *server_port; /* port on which the ssl service runs */
450 int debug_level; /* level of debugging */
451 int nbio; /* should I/O be blocking? */
452 int event; /* loop or event-driven IO? level or edge triggered? */
453 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
454 int max_resend; /* DTLS times to resend on read timeout */
455 const char *request_page; /* page on server to request */
456 int request_size; /* pad request with header to requested size */
457 const char *ca_file; /* the file with the CA certificate(s) */
458 const char *ca_path; /* the path with the CA certificate(s) reside */
459 const char *crt_file; /* the file with the client certificate */
460 const char *key_file; /* the file with the client key */
461 int key_opaque; /* handle private key as if it were opaque */
462 #if defined(MBEDTLS_USE_PSA_CRYPTO)
463 int psk_opaque;
464 #endif
465 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
466 int ca_callback; /* Use callback for trusted certificate list */
467 #endif
468 const char *key_pwd; /* the password for the client key */
469 const char *psk; /* the pre-shared key */
470 const char *psk_identity; /* the pre-shared key identity */
471 const char *ecjpake_pw; /* the EC J-PAKE password */
472 int ec_max_ops; /* EC consecutive operations limit */
473 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
474 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
475 int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
476 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
477 int renegotiation; /* enable / disable renegotiation */
478 int allow_legacy; /* allow legacy renegotiation */
479 int renegotiate; /* attempt renegotiation? */
480 int renego_delay; /* delay before enforcing renegotiation */
481 int exchanges; /* number of data exchanges */
482 int min_version; /* minimum protocol version accepted */
483 int max_version; /* maximum protocol version accepted */
484 int allow_sha1; /* flag for SHA-1 support */
485 int auth_mode; /* verify mode for connection */
486 unsigned char mfl_code; /* code for maximum fragment length */
487 int trunc_hmac; /* negotiate truncated hmac or not */
488 int recsplit; /* enable record splitting? */
489 int dhmlen; /* minimum DHM params len in bits */
490 int reconnect; /* attempt to resume session */
491 int reco_delay; /* delay in seconds before resuming session */
492 int reco_mode; /* how to keep the session around */
493 int reconnect_hard; /* unexpectedly reconnect from the same port */
494 int tickets; /* enable / disable session tickets */
495 const char *curves; /* list of supported elliptic curves */
496 const char *sig_algs; /* supported TLS 1.3 signature algorithms */
497 const char *alpn_string; /* ALPN supported protocols */
498 int transport; /* TLS or DTLS? */
499 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
500 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
501 int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
502 int fallback; /* is this a fallback connection? */
503 int dgram_packing; /* allow/forbid datagram packing */
504 int extended_ms; /* negotiate extended master secret? */
505 int etm; /* negotiate encrypt then mac? */
506 int context_crt_cb; /* use context-specific CRT verify callback */
507 int eap_tls; /* derive EAP-TLS keying material? */
508 int nss_keylog; /* export NSS key log material */
509 const char *nss_keylog_file; /* NSS key log file */
510 int cid_enabled; /* whether to use the CID extension or not */
511 int cid_enabled_renego; /* whether to use the CID extension or not
512 * during renegotiation */
513 const char *cid_val; /* the CID to use for incoming messages */
514 int serialize; /* serialize/deserialize connection */
515 const char *context_file; /* the file to write a serialized connection
516 * in the form of base64 code (serialize
517 * option must be set) */
518 const char *cid_val_renego; /* the CID to use for incoming messages
519 * after renegotiation */
520 int reproducible; /* make communication reproducible */
521 int skip_close_notify; /* skip sending the close_notify alert */
522 int query_config_mode; /* whether to read config */
523 int use_srtp; /* Support SRTP */
524 int force_srtp_profile; /* SRTP protection profile to use or all */
525 const char *mki; /* The dtls mki value to use */
526 } opt;
527
528 #include "ssl_test_common_source.c"
529
530 #if defined(MBEDTLS_X509_CRT_PARSE_C)
531 static unsigned char peer_crt_info[1024];
532
533 /*
534 * Enabled if debug_level > 1 in code below
535 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)536 static int my_verify( void *data, mbedtls_x509_crt *crt,
537 int depth, uint32_t *flags )
538 {
539 char buf[1024];
540 ((void) data);
541
542 mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
543
544 #if !defined(MBEDTLS_X509_REMOVE_INFO)
545 mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
546 if( depth == 0 )
547 memcpy( peer_crt_info, buf, sizeof( buf ) );
548
549 if( opt.debug_level == 0 )
550 return( 0 );
551
552 mbedtls_printf( "%s", buf );
553 #else
554 ((void) crt);
555 ((void) depth);
556 #endif
557
558 if ( ( *flags ) == 0 )
559 mbedtls_printf( " This certificate has no flags\n" );
560 else
561 {
562 x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
563 mbedtls_printf( "%s\n", buf );
564 }
565
566 return( 0 );
567 }
568 #endif /* MBEDTLS_X509_CRT_PARSE_C */
569
570 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)571 int report_cid_usage( mbedtls_ssl_context *ssl,
572 const char *additional_description )
573 {
574 int ret;
575 unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
576 size_t peer_cid_len;
577 int cid_negotiated;
578
579 if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
580 return( 0 );
581
582 /* Check if the use of a CID has been negotiated,
583 * but don't ask for the CID value and length.
584 *
585 * Note: Here and below, we're demonstrating the various ways
586 * in which mbedtls_ssl_get_peer_cid() can be called,
587 * depending on whether or not the length/value of the
588 * peer's CID is needed.
589 *
590 * An actual application, however, should use
591 * just one call to mbedtls_ssl_get_peer_cid(). */
592 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
593 NULL, NULL );
594 if( ret != 0 )
595 {
596 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
597 (unsigned int) -ret );
598 return( ret );
599 }
600
601 if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
602 {
603 if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
604 {
605 mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
606 additional_description );
607 }
608 }
609 else
610 {
611 size_t idx=0;
612 mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
613 additional_description );
614
615 /* Ask for just the length of the peer's CID. */
616 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
617 NULL, &peer_cid_len );
618 if( ret != 0 )
619 {
620 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
621 (unsigned int) -ret );
622 return( ret );
623 }
624
625 /* Ask for just length + value of the peer's CID. */
626 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
627 peer_cid, &peer_cid_len );
628 if( ret != 0 )
629 {
630 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
631 (unsigned int) -ret );
632 return( ret );
633 }
634 mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
635 additional_description,
636 (unsigned) peer_cid_len );
637 while( idx < peer_cid_len )
638 {
639 mbedtls_printf( "%02x ", peer_cid[ idx ] );
640 idx++;
641 }
642 mbedtls_printf( "\n" );
643 }
644
645 return( 0 );
646 }
647 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
648
main(int argc,char * argv[])649 int main( int argc, char *argv[] )
650 {
651 int ret = 0, len, tail_len, i, written, frags, retry_left;
652 int query_config_ret = 0;
653 mbedtls_net_context server_fd;
654 io_ctx_t io_ctx;
655
656 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
657 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
658 uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
659 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
660
661 unsigned char buf[MAX_REQUEST_SIZE + 1];
662
663 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
664 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
665 size_t psk_len = 0;
666 #endif
667
668 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
669 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
670 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
671 size_t cid_len = 0;
672 size_t cid_renego_len = 0;
673 #endif
674
675 #if defined(MBEDTLS_SSL_ALPN)
676 const char *alpn_list[ALPN_LIST_SIZE];
677 #endif
678
679 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
680 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
681 #endif
682
683 #if defined(MBEDTLS_ECP_C)
684 uint16_t group_list[CURVE_LIST_SIZE];
685 const mbedtls_ecp_curve_info *curve_cur;
686 #endif
687 #if defined(MBEDTLS_SSL_DTLS_SRTP)
688 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
689 size_t mki_len=0;
690 #endif
691
692 const char *pers = "ssl_client2";
693
694 #if defined(MBEDTLS_USE_PSA_CRYPTO)
695 psa_key_id_t slot = 0;
696 psa_algorithm_t alg = 0;
697 psa_key_attributes_t key_attributes;
698 psa_status_t status;
699 #endif
700
701 #if defined(MBEDTLS_X509_CRT_PARSE_C)
702 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
703 #endif
704 rng_context_t rng;
705 mbedtls_ssl_context ssl;
706 mbedtls_ssl_config conf;
707 mbedtls_ssl_session saved_session;
708 unsigned char *session_data = NULL;
709 size_t session_data_len = 0;
710 #if defined(MBEDTLS_TIMING_C)
711 mbedtls_timing_delay_context timer;
712 #endif
713 #if defined(MBEDTLS_X509_CRT_PARSE_C)
714 uint32_t flags;
715 mbedtls_x509_crt cacert;
716 mbedtls_x509_crt clicert;
717 mbedtls_pk_context pkey;
718 #if defined(MBEDTLS_USE_PSA_CRYPTO)
719 psa_key_id_t key_slot = 0; /* invalid key slot */
720 #endif
721 #endif /* MBEDTLS_X509_CRT_PARSE_C */
722 char *p, *q;
723 const int *list;
724 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
725 unsigned char *context_buf = NULL;
726 size_t context_buf_len;
727 #endif
728 unsigned char eap_tls_keymaterial[16];
729 unsigned char eap_tls_iv[8];
730 const char* eap_tls_label = "client EAP encryption";
731 eap_tls_keys eap_tls_keying;
732 #if defined( MBEDTLS_SSL_DTLS_SRTP )
733 /*! master keys and master salt for SRTP generated during handshake */
734 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
735 const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
736 dtls_srtp_keys dtls_srtp_keying;
737 const mbedtls_ssl_srtp_profile default_profiles[] = {
738 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
739 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
740 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
741 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
742 MBEDTLS_TLS_SRTP_UNSET
743 };
744 #endif /* MBEDTLS_SSL_DTLS_SRTP */
745
746 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
747 mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
748 #endif
749
750 #if defined(MBEDTLS_TEST_HOOKS)
751 test_hooks_init( );
752 #endif /* MBEDTLS_TEST_HOOKS */
753
754 /*
755 * Make sure memory references are valid.
756 */
757 mbedtls_net_init( &server_fd );
758 mbedtls_ssl_init( &ssl );
759 mbedtls_ssl_config_init( &conf );
760 memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
761 rng_init( &rng );
762 #if defined(MBEDTLS_X509_CRT_PARSE_C)
763 mbedtls_x509_crt_init( &cacert );
764 mbedtls_x509_crt_init( &clicert );
765 mbedtls_pk_init( &pkey );
766 #endif
767 #if defined(MBEDTLS_SSL_ALPN)
768 memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
769 #endif
770
771 #if defined(MBEDTLS_USE_PSA_CRYPTO)
772 status = psa_crypto_init();
773 if( status != PSA_SUCCESS )
774 {
775 mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
776 (int) status );
777 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
778 goto exit;
779 }
780 #endif /* MBEDTLS_USE_PSA_CRYPTO */
781 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
782 mbedtls_test_enable_insecure_external_rng( );
783 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
784
785 if( argc == 0 )
786 {
787 usage:
788 if( ret == 0 )
789 ret = 1;
790
791 mbedtls_printf( USAGE1 );
792 mbedtls_printf( USAGE2 );
793 mbedtls_printf( USAGE3 );
794 mbedtls_printf( USAGE4 );
795
796 list = mbedtls_ssl_list_ciphersuites();
797 while( *list )
798 {
799 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
800 list++;
801 if( !*list )
802 break;
803 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
804 list++;
805 }
806 mbedtls_printf("\n");
807 goto exit;
808 }
809
810 opt.server_name = DFL_SERVER_NAME;
811 opt.server_addr = DFL_SERVER_ADDR;
812 opt.server_port = DFL_SERVER_PORT;
813 opt.debug_level = DFL_DEBUG_LEVEL;
814 opt.cid_enabled = DFL_CID_ENABLED;
815 opt.cid_val = DFL_CID_VALUE;
816 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
817 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
818 opt.nbio = DFL_NBIO;
819 opt.event = DFL_EVENT;
820 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
821 opt.read_timeout = DFL_READ_TIMEOUT;
822 opt.max_resend = DFL_MAX_RESEND;
823 opt.request_page = DFL_REQUEST_PAGE;
824 opt.request_size = DFL_REQUEST_SIZE;
825 opt.ca_file = DFL_CA_FILE;
826 opt.ca_path = DFL_CA_PATH;
827 opt.crt_file = DFL_CRT_FILE;
828 opt.key_file = DFL_KEY_FILE;
829 opt.key_opaque = DFL_KEY_OPAQUE;
830 opt.key_pwd = DFL_KEY_PWD;
831 opt.psk = DFL_PSK;
832 #if defined(MBEDTLS_USE_PSA_CRYPTO)
833 opt.psk_opaque = DFL_PSK_OPAQUE;
834 #endif
835 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
836 opt.ca_callback = DFL_CA_CALLBACK;
837 #endif
838 opt.psk_identity = DFL_PSK_IDENTITY;
839 opt.ecjpake_pw = DFL_ECJPAKE_PW;
840 opt.ec_max_ops = DFL_EC_MAX_OPS;
841 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
842 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
843 opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
844 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
845 opt.renegotiation = DFL_RENEGOTIATION;
846 opt.allow_legacy = DFL_ALLOW_LEGACY;
847 opt.renegotiate = DFL_RENEGOTIATE;
848 opt.exchanges = DFL_EXCHANGES;
849 opt.min_version = DFL_MIN_VERSION;
850 opt.max_version = DFL_MAX_VERSION;
851 opt.allow_sha1 = DFL_SHA1;
852 opt.auth_mode = DFL_AUTH_MODE;
853 opt.mfl_code = DFL_MFL_CODE;
854 opt.trunc_hmac = DFL_TRUNC_HMAC;
855 opt.recsplit = DFL_RECSPLIT;
856 opt.dhmlen = DFL_DHMLEN;
857 opt.reconnect = DFL_RECONNECT;
858 opt.reco_delay = DFL_RECO_DELAY;
859 opt.reco_mode = DFL_RECO_MODE;
860 opt.reconnect_hard = DFL_RECONNECT_HARD;
861 opt.tickets = DFL_TICKETS;
862 opt.alpn_string = DFL_ALPN_STRING;
863 opt.curves = DFL_CURVES;
864 opt.sig_algs = DFL_SIG_ALGS;
865 opt.transport = DFL_TRANSPORT;
866 opt.hs_to_min = DFL_HS_TO_MIN;
867 opt.hs_to_max = DFL_HS_TO_MAX;
868 opt.dtls_mtu = DFL_DTLS_MTU;
869 opt.fallback = DFL_FALLBACK;
870 opt.extended_ms = DFL_EXTENDED_MS;
871 opt.etm = DFL_ETM;
872 opt.dgram_packing = DFL_DGRAM_PACKING;
873 opt.serialize = DFL_SERIALIZE;
874 opt.context_file = DFL_CONTEXT_FILE;
875 opt.eap_tls = DFL_EAP_TLS;
876 opt.reproducible = DFL_REPRODUCIBLE;
877 opt.nss_keylog = DFL_NSS_KEYLOG;
878 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
879 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
880 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
881 opt.use_srtp = DFL_USE_SRTP;
882 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
883 opt.mki = DFL_SRTP_MKI;
884
885 for( i = 1; i < argc; i++ )
886 {
887 p = argv[i];
888 if( ( q = strchr( p, '=' ) ) == NULL )
889 goto usage;
890 *q++ = '\0';
891
892 if( strcmp( p, "server_name" ) == 0 )
893 opt.server_name = q;
894 else if( strcmp( p, "server_addr" ) == 0 )
895 opt.server_addr = q;
896 else if( strcmp( p, "server_port" ) == 0 )
897 opt.server_port = q;
898 else if( strcmp( p, "dtls" ) == 0 )
899 {
900 int t = atoi( q );
901 if( t == 0 )
902 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
903 else if( t == 1 )
904 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
905 else
906 goto usage;
907 }
908 else if( strcmp( p, "debug_level" ) == 0 )
909 {
910 opt.debug_level = atoi( q );
911 if( opt.debug_level < 0 || opt.debug_level > 65535 )
912 goto usage;
913 }
914 else if( strcmp( p, "context_crt_cb" ) == 0 )
915 {
916 opt.context_crt_cb = atoi( q );
917 if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
918 goto usage;
919 }
920 else if( strcmp( p, "nbio" ) == 0 )
921 {
922 opt.nbio = atoi( q );
923 if( opt.nbio < 0 || opt.nbio > 2 )
924 goto usage;
925 }
926 else if( strcmp( p, "event" ) == 0 )
927 {
928 opt.event = atoi( q );
929 if( opt.event < 0 || opt.event > 2 )
930 goto usage;
931 }
932 else if( strcmp( p, "read_timeout" ) == 0 )
933 opt.read_timeout = atoi( q );
934 else if( strcmp( p, "max_resend" ) == 0 )
935 {
936 opt.max_resend = atoi( q );
937 if( opt.max_resend < 0 )
938 goto usage;
939 }
940 else if( strcmp( p, "request_page" ) == 0 )
941 opt.request_page = q;
942 else if( strcmp( p, "request_size" ) == 0 )
943 {
944 opt.request_size = atoi( q );
945 if( opt.request_size < 0 ||
946 opt.request_size > MAX_REQUEST_SIZE )
947 goto usage;
948 }
949 else if( strcmp( p, "ca_file" ) == 0 )
950 opt.ca_file = q;
951 else if( strcmp( p, "ca_path" ) == 0 )
952 opt.ca_path = q;
953 else if( strcmp( p, "crt_file" ) == 0 )
954 opt.crt_file = q;
955 else if( strcmp( p, "key_file" ) == 0 )
956 opt.key_file = q;
957 else if( strcmp( p, "key_pwd" ) == 0 )
958 opt.key_pwd = q;
959 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
960 else if( strcmp( p, "key_opaque" ) == 0 )
961 opt.key_opaque = atoi( q );
962 #endif
963 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
964 else if( strcmp( p, "cid" ) == 0 )
965 {
966 opt.cid_enabled = atoi( q );
967 if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
968 goto usage;
969 }
970 else if( strcmp( p, "cid_renego" ) == 0 )
971 {
972 opt.cid_enabled_renego = atoi( q );
973 if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
974 goto usage;
975 }
976 else if( strcmp( p, "cid_val" ) == 0 )
977 {
978 opt.cid_val = q;
979 }
980 else if( strcmp( p, "cid_val_renego" ) == 0 )
981 {
982 opt.cid_val_renego = q;
983 }
984 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
985 else if( strcmp( p, "psk" ) == 0 )
986 opt.psk = q;
987 #if defined(MBEDTLS_USE_PSA_CRYPTO)
988 else if( strcmp( p, "psk_opaque" ) == 0 )
989 opt.psk_opaque = atoi( q );
990 #endif
991 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
992 else if( strcmp( p, "ca_callback" ) == 0)
993 opt.ca_callback = atoi( q );
994 #endif
995 else if( strcmp( p, "psk_identity" ) == 0 )
996 opt.psk_identity = q;
997 else if( strcmp( p, "ecjpake_pw" ) == 0 )
998 opt.ecjpake_pw = q;
999 else if( strcmp( p, "ec_max_ops" ) == 0 )
1000 opt.ec_max_ops = atoi( q );
1001 else if( strcmp( p, "force_ciphersuite" ) == 0 )
1002 {
1003 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
1004
1005 if( opt.force_ciphersuite[0] == 0 )
1006 {
1007 ret = 2;
1008 goto usage;
1009 }
1010 opt.force_ciphersuite[1] = 0;
1011 }
1012 else if( strcmp( p, "renegotiation" ) == 0 )
1013 {
1014 opt.renegotiation = (atoi( q )) ?
1015 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1016 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1017 }
1018 else if( strcmp( p, "allow_legacy" ) == 0 )
1019 {
1020 switch( atoi( q ) )
1021 {
1022 case -1:
1023 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1024 break;
1025 case 0:
1026 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1027 break;
1028 case 1:
1029 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1030 break;
1031 default: goto usage;
1032 }
1033 }
1034 else if( strcmp( p, "renegotiate" ) == 0 )
1035 {
1036 opt.renegotiate = atoi( q );
1037 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
1038 goto usage;
1039 }
1040 else if( strcmp( p, "exchanges" ) == 0 )
1041 {
1042 opt.exchanges = atoi( q );
1043 if( opt.exchanges < 1 )
1044 goto usage;
1045 }
1046 else if( strcmp( p, "reconnect" ) == 0 )
1047 {
1048 opt.reconnect = atoi( q );
1049 if( opt.reconnect < 0 || opt.reconnect > 2 )
1050 goto usage;
1051 }
1052 else if( strcmp( p, "reco_delay" ) == 0 )
1053 {
1054 opt.reco_delay = atoi( q );
1055 if( opt.reco_delay < 0 )
1056 goto usage;
1057 }
1058 else if( strcmp( p, "reco_mode" ) == 0 )
1059 {
1060 opt.reco_mode = atoi( q );
1061 if( opt.reco_mode < 0 )
1062 goto usage;
1063 }
1064 else if( strcmp( p, "reconnect_hard" ) == 0 )
1065 {
1066 opt.reconnect_hard = atoi( q );
1067 if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
1068 goto usage;
1069 }
1070 else if( strcmp( p, "tickets" ) == 0 )
1071 {
1072 opt.tickets = atoi( q );
1073 if( opt.tickets < 0 || opt.tickets > 2 )
1074 goto usage;
1075 }
1076 else if( strcmp( p, "alpn" ) == 0 )
1077 {
1078 opt.alpn_string = q;
1079 }
1080 else if( strcmp( p, "extended_ms" ) == 0 )
1081 {
1082 switch( atoi( q ) )
1083 {
1084 case 0:
1085 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1086 break;
1087 case 1:
1088 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1089 break;
1090 default: goto usage;
1091 }
1092 }
1093 else if( strcmp( p, "curves" ) == 0 )
1094 opt.curves = q;
1095 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
1096 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1097 else if( strcmp( p, "sig_algs" ) == 0 )
1098 opt.sig_algs = q;
1099 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1100 else if( strcmp( p, "etm" ) == 0 )
1101 {
1102 switch( atoi( q ) )
1103 {
1104 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1105 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1106 default: goto usage;
1107 }
1108 }
1109 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1110 else if( strcmp( p, "tls13_kex_modes" ) == 0 )
1111 {
1112 if( strcmp( q, "psk" ) == 0 )
1113 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1114 else if( strcmp(q, "psk_ephemeral" ) == 0 )
1115 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1116 else if( strcmp(q, "ephemeral" ) == 0 )
1117 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1118 else if( strcmp(q, "ephemeral_all" ) == 0 )
1119 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
1120 else if( strcmp( q, "psk_all" ) == 0 )
1121 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
1122 else if( strcmp( q, "all" ) == 0 )
1123 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
1124 else goto usage;
1125 }
1126 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1127 else if( strcmp( p, "min_version" ) == 0 )
1128 {
1129 if( strcmp( q, "tls12" ) == 0 ||
1130 strcmp( q, "dtls12" ) == 0 )
1131 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1132 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1133 else if( strcmp( q, "tls13" ) == 0 )
1134 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
1135 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1136 else
1137 goto usage;
1138 }
1139 else if( strcmp( p, "max_version" ) == 0 )
1140 {
1141 if( strcmp( q, "tls12" ) == 0 ||
1142 strcmp( q, "dtls12" ) == 0 )
1143 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1144 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1145 else if( strcmp( q, "tls13" ) == 0 )
1146 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
1147 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1148 else
1149 goto usage;
1150 }
1151 else if( strcmp( p, "allow_sha1" ) == 0 )
1152 {
1153 switch( atoi( q ) )
1154 {
1155 case 0: opt.allow_sha1 = 0; break;
1156 case 1: opt.allow_sha1 = 1; break;
1157 default: goto usage;
1158 }
1159 }
1160 else if( strcmp( p, "force_version" ) == 0 )
1161 {
1162 if( strcmp( q, "tls12" ) == 0 )
1163 {
1164 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1165 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1166 }
1167 else if( strcmp( q, "dtls12" ) == 0 )
1168 {
1169 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1170 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1171 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1172 }
1173 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1174 else if( strcmp( q, "tls13" ) == 0 )
1175 {
1176 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
1177 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
1178 }
1179 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1180 else
1181 goto usage;
1182 }
1183 else if( strcmp( p, "auth_mode" ) == 0 )
1184 {
1185 if( strcmp( q, "none" ) == 0 )
1186 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1187 else if( strcmp( q, "optional" ) == 0 )
1188 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1189 else if( strcmp( q, "required" ) == 0 )
1190 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1191 else
1192 goto usage;
1193 }
1194 else if( strcmp( p, "max_frag_len" ) == 0 )
1195 {
1196 if( strcmp( q, "512" ) == 0 )
1197 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1198 else if( strcmp( q, "1024" ) == 0 )
1199 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1200 else if( strcmp( q, "2048" ) == 0 )
1201 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1202 else if( strcmp( q, "4096" ) == 0 )
1203 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1204 else
1205 goto usage;
1206 }
1207 else if( strcmp( p, "trunc_hmac" ) == 0 )
1208 {
1209 switch( atoi( q ) )
1210 {
1211 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1212 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1213 default: goto usage;
1214 }
1215 }
1216 else if( strcmp( p, "hs_timeout" ) == 0 )
1217 {
1218 if( ( p = strchr( q, '-' ) ) == NULL )
1219 goto usage;
1220 *p++ = '\0';
1221 opt.hs_to_min = atoi( q );
1222 opt.hs_to_max = atoi( p );
1223 if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
1224 goto usage;
1225 }
1226 else if( strcmp( p, "mtu" ) == 0 )
1227 {
1228 opt.dtls_mtu = atoi( q );
1229 if( opt.dtls_mtu < 0 )
1230 goto usage;
1231 }
1232 else if( strcmp( p, "dgram_packing" ) == 0 )
1233 {
1234 opt.dgram_packing = atoi( q );
1235 if( opt.dgram_packing != 0 &&
1236 opt.dgram_packing != 1 )
1237 {
1238 goto usage;
1239 }
1240 }
1241 else if( strcmp( p, "recsplit" ) == 0 )
1242 {
1243 opt.recsplit = atoi( q );
1244 if( opt.recsplit < 0 || opt.recsplit > 1 )
1245 goto usage;
1246 }
1247 else if( strcmp( p, "dhmlen" ) == 0 )
1248 {
1249 opt.dhmlen = atoi( q );
1250 if( opt.dhmlen < 0 )
1251 goto usage;
1252 }
1253 else if( strcmp( p, "query_config" ) == 0 )
1254 {
1255 opt.query_config_mode = 1;
1256 query_config_ret = query_config( q );
1257 goto exit;
1258 }
1259 else if( strcmp( p, "serialize") == 0 )
1260 {
1261 opt.serialize = atoi( q );
1262 if( opt.serialize < 0 || opt.serialize > 2)
1263 goto usage;
1264 }
1265 else if( strcmp( p, "context_file") == 0 )
1266 {
1267 opt.context_file = q;
1268 }
1269 else if( strcmp( p, "eap_tls" ) == 0 )
1270 {
1271 opt.eap_tls = atoi( q );
1272 if( opt.eap_tls < 0 || opt.eap_tls > 1 )
1273 goto usage;
1274 }
1275 else if( strcmp( p, "reproducible" ) == 0 )
1276 {
1277 opt.reproducible = 1;
1278 }
1279 else if( strcmp( p, "nss_keylog" ) == 0 )
1280 {
1281 opt.nss_keylog = atoi( q );
1282 if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
1283 goto usage;
1284 }
1285 else if( strcmp( p, "nss_keylog_file" ) == 0 )
1286 {
1287 opt.nss_keylog_file = q;
1288 }
1289 else if( strcmp( p, "skip_close_notify" ) == 0 )
1290 {
1291 opt.skip_close_notify = atoi( q );
1292 if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
1293 goto usage;
1294 }
1295 else if( strcmp( p, "use_srtp" ) == 0 )
1296 {
1297 opt.use_srtp = atoi ( q );
1298 }
1299 else if( strcmp( p, "srtp_force_profile" ) == 0 )
1300 {
1301 opt.force_srtp_profile = atoi( q );
1302 }
1303 else if( strcmp( p, "mki" ) == 0 )
1304 {
1305 opt.mki = q;
1306 }
1307 else
1308 goto usage;
1309 }
1310
1311 if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
1312 {
1313 mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
1314 goto usage;
1315 }
1316
1317 /* Event-driven IO is incompatible with the above custom
1318 * receive and send functions, as the polling builds on
1319 * refers to the underlying net_context. */
1320 if( opt.event == 1 && opt.nbio != 1 )
1321 {
1322 mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
1323 opt.nbio = 1;
1324 }
1325
1326 #if defined(MBEDTLS_DEBUG_C)
1327 mbedtls_debug_set_threshold( opt.debug_level );
1328 #endif
1329
1330 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1331 /*
1332 * Unhexify the pre-shared key if any is given
1333 */
1334 if( strlen( opt.psk ) )
1335 {
1336 if( mbedtls_test_unhexify( psk, sizeof( psk ),
1337 opt.psk, &psk_len ) != 0 )
1338 {
1339 mbedtls_printf( "pre-shared key not valid\n" );
1340 goto exit;
1341 }
1342 }
1343 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1344
1345 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1346 if( opt.psk_opaque != 0 )
1347 {
1348 if( opt.psk == NULL )
1349 {
1350 mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
1351 ret = 2;
1352 goto usage;
1353 }
1354
1355 if( opt.force_ciphersuite[0] <= 0 )
1356 {
1357 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1358 ret = 2;
1359 goto usage;
1360 }
1361 }
1362 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1363
1364 if( opt.force_ciphersuite[0] > 0 )
1365 {
1366 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1367 ciphersuite_info =
1368 mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
1369
1370 if( opt.max_version != -1 &&
1371 ciphersuite_info->min_minor_ver > opt.max_version )
1372 {
1373 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1374 ret = 2;
1375 goto usage;
1376 }
1377 if( opt.min_version != -1 &&
1378 ciphersuite_info->max_minor_ver < opt.min_version )
1379 {
1380 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
1381 ret = 2;
1382 goto usage;
1383 }
1384
1385 /* If the server selects a version that's not supported by
1386 * this suite, then there will be no common ciphersuite... */
1387 if( opt.max_version == -1 ||
1388 opt.max_version > ciphersuite_info->max_minor_ver )
1389 {
1390 opt.max_version = ciphersuite_info->max_minor_ver;
1391 }
1392 if( opt.min_version < ciphersuite_info->min_minor_ver )
1393 {
1394 opt.min_version = ciphersuite_info->min_minor_ver;
1395 /* DTLS starts with TLS 1.2 */
1396 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1397 opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
1398 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1399 }
1400
1401 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1402 if( opt.psk_opaque != 0 )
1403 {
1404 /* Ensure that the chosen ciphersuite is PSK-only; we must know
1405 * the ciphersuite in advance to set the correct policy for the
1406 * PSK key slot. This limitation might go away in the future. */
1407 if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
1408 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
1409 {
1410 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
1411 ret = 2;
1412 goto usage;
1413 }
1414
1415 /* Determine KDF algorithm the opaque PSK will be used in. */
1416 #if defined(MBEDTLS_SHA384_C)
1417 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
1418 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1419 else
1420 #endif /* MBEDTLS_SHA384_C */
1421 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1422 }
1423 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1424 }
1425
1426 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1427 if( mbedtls_test_unhexify( cid, sizeof( cid ),
1428 opt.cid_val, &cid_len ) != 0 )
1429 {
1430 mbedtls_printf( "CID not valid\n" );
1431 goto exit;
1432 }
1433
1434 /* Keep CID settings for renegotiation unless
1435 * specified otherwise. */
1436 if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
1437 opt.cid_enabled_renego = opt.cid_enabled;
1438 if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
1439 opt.cid_val_renego = opt.cid_val;
1440
1441 if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ),
1442 opt.cid_val_renego, &cid_renego_len ) != 0 )
1443 {
1444 mbedtls_printf( "CID not valid\n" );
1445 goto exit;
1446 }
1447 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1448
1449 #if defined(MBEDTLS_ECP_C)
1450 if( opt.curves != NULL )
1451 {
1452 p = (char *) opt.curves;
1453 i = 0;
1454
1455 if( strcmp( p, "none" ) == 0 )
1456 {
1457 group_list[0] = 0;
1458 }
1459 else if( strcmp( p, "default" ) != 0 )
1460 {
1461 /* Leave room for a final NULL in curve list */
1462 while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
1463 {
1464 q = p;
1465
1466 /* Terminate the current string */
1467 while( *p != ',' && *p != '\0' )
1468 p++;
1469 if( *p == ',' )
1470 *p++ = '\0';
1471
1472 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
1473 {
1474 group_list[i++] = curve_cur->tls_id;
1475 }
1476 else
1477 {
1478 mbedtls_printf( "unknown curve %s\n", q );
1479 mbedtls_printf( "supported curves: " );
1480 for( curve_cur = mbedtls_ecp_curve_list();
1481 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
1482 curve_cur++ )
1483 {
1484 mbedtls_printf( "%s ", curve_cur->name );
1485 }
1486 mbedtls_printf( "\n" );
1487 goto exit;
1488 }
1489 }
1490
1491 mbedtls_printf("Number of curves: %d\n", i );
1492
1493 if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
1494 {
1495 mbedtls_printf( "curves list too long, maximum %d",
1496 CURVE_LIST_SIZE - 1 );
1497 goto exit;
1498 }
1499
1500 group_list[i] = 0;
1501 }
1502 }
1503 #endif /* MBEDTLS_ECP_C */
1504
1505 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
1506 defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1507 if( opt.sig_algs != NULL )
1508 {
1509 p = (char *) opt.sig_algs;
1510 i = 0;
1511
1512 /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
1513 while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
1514 {
1515 q = p;
1516
1517 /* Terminate the current string */
1518 while( *p != ',' && *p != '\0' )
1519 p++;
1520 if( *p == ',' )
1521 *p++ = '\0';
1522
1523 if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
1524 {
1525 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
1526 }
1527 else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
1528 {
1529 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
1530 }
1531 else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
1532 {
1533 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
1534 }
1535 else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
1536 {
1537 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
1538 }
1539 else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
1540 {
1541 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
1542 }
1543 else
1544 {
1545 mbedtls_printf( "unknown signature algorithm %s\n", q );
1546 mbedtls_printf( "supported signature algorithms: " );
1547 mbedtls_printf( "ecdsa_secp256r1_sha256 " );
1548 mbedtls_printf( "ecdsa_secp384r1_sha384 " );
1549 mbedtls_printf( "ecdsa_secp521r1_sha512 " );
1550 mbedtls_printf( "rsa_pss_rsae_sha256 " );
1551 mbedtls_printf( "rsa_pkcs1_sha256 " );
1552 mbedtls_printf( "\n" );
1553 goto exit;
1554 }
1555 }
1556
1557 if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
1558 {
1559 mbedtls_printf( "signature algorithm list too long, maximum %d",
1560 SIG_ALG_LIST_SIZE - 1 );
1561 goto exit;
1562 }
1563
1564 sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
1565 }
1566 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1567
1568 #if defined(MBEDTLS_SSL_ALPN)
1569 if( opt.alpn_string != NULL )
1570 {
1571 p = (char *) opt.alpn_string;
1572 i = 0;
1573
1574 /* Leave room for a final NULL in alpn_list */
1575 while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
1576 {
1577 alpn_list[i++] = p;
1578
1579 /* Terminate the current string and move on to next one */
1580 while( *p != ',' && *p != '\0' )
1581 p++;
1582 if( *p == ',' )
1583 *p++ = '\0';
1584 }
1585 }
1586 #endif /* MBEDTLS_SSL_ALPN */
1587
1588 /*
1589 * 0. Initialize the RNG and the session data
1590 */
1591 mbedtls_printf( "\n . Seeding the random number generator..." );
1592 fflush( stdout );
1593
1594 ret = rng_seed( &rng, opt.reproducible, pers );
1595 if( ret != 0 )
1596 goto exit;
1597 mbedtls_printf( " ok\n" );
1598
1599 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1600 /*
1601 * 1.1. Load the trusted CA
1602 */
1603 mbedtls_printf( " . Loading the CA root certificate ..." );
1604 fflush( stdout );
1605
1606 if( strcmp( opt.ca_path, "none" ) == 0 ||
1607 strcmp( opt.ca_file, "none" ) == 0 )
1608 {
1609 ret = 0;
1610 }
1611 else
1612 #if defined(MBEDTLS_FS_IO)
1613 if( strlen( opt.ca_path ) )
1614 ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
1615 else if( strlen( opt.ca_file ) )
1616 ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
1617 else
1618 #endif
1619 {
1620 #if defined(MBEDTLS_PEM_PARSE_C)
1621 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
1622 {
1623 ret = mbedtls_x509_crt_parse( &cacert,
1624 (const unsigned char *) mbedtls_test_cas[i],
1625 mbedtls_test_cas_len[i] );
1626 if( ret != 0 )
1627 break;
1628 }
1629 if( ret == 0 )
1630 #endif /* MBEDTLS_PEM_PARSE_C */
1631 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
1632 {
1633 ret = mbedtls_x509_crt_parse_der( &cacert,
1634 (const unsigned char *) mbedtls_test_cas_der[i],
1635 mbedtls_test_cas_der_len[i] );
1636 if( ret != 0 )
1637 break;
1638 }
1639 }
1640 if( ret < 0 )
1641 {
1642 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1643 (unsigned int) -ret );
1644 goto exit;
1645 }
1646
1647 mbedtls_printf( " ok (%d skipped)\n", ret );
1648
1649 /*
1650 * 1.2. Load own certificate and private key
1651 *
1652 * (can be skipped if client authentication is not required)
1653 */
1654 mbedtls_printf( " . Loading the client cert. and key..." );
1655 fflush( stdout );
1656
1657 if( strcmp( opt.crt_file, "none" ) == 0 )
1658 ret = 0;
1659 else
1660 #if defined(MBEDTLS_FS_IO)
1661 if( strlen( opt.crt_file ) )
1662 ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
1663 else
1664 #endif
1665 ret = mbedtls_x509_crt_parse( &clicert,
1666 (const unsigned char *) mbedtls_test_cli_crt,
1667 mbedtls_test_cli_crt_len );
1668 if( ret != 0 )
1669 {
1670 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1671 (unsigned int) -ret );
1672 goto exit;
1673 }
1674
1675 if( strcmp( opt.key_file, "none" ) == 0 )
1676 ret = 0;
1677 else
1678 #if defined(MBEDTLS_FS_IO)
1679 if( strlen( opt.key_file ) )
1680 ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
1681 else
1682 #endif
1683 ret = mbedtls_pk_parse_key( &pkey,
1684 (const unsigned char *) mbedtls_test_cli_key,
1685 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
1686 if( ret != 0 )
1687 {
1688 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1689 (unsigned int) -ret );
1690 goto exit;
1691 }
1692
1693 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1694 if( opt.key_opaque != 0 )
1695 {
1696 if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
1697 PSA_ALG_ANY_HASH ) ) != 0 )
1698 {
1699 mbedtls_printf( " failed\n ! "
1700 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
1701 goto exit;
1702 }
1703 }
1704 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1705
1706 mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
1707 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1708
1709 /*
1710 * 2. Setup stuff
1711 */
1712 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
1713 fflush( stdout );
1714
1715 if( ( ret = mbedtls_ssl_config_defaults( &conf,
1716 MBEDTLS_SSL_IS_CLIENT,
1717 opt.transport,
1718 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
1719 {
1720 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1721 (unsigned int) -ret );
1722 goto exit;
1723 }
1724
1725 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1726 /* The default algorithms profile disables SHA-1, but our tests still
1727 rely on it heavily. */
1728 if( opt.allow_sha1 > 0 )
1729 {
1730 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
1731 mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
1732 mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
1733 }
1734
1735 if( opt.context_crt_cb == 0 )
1736 mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
1737
1738 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
1739 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1740
1741 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1742 if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
1743 {
1744 if( opt.cid_enabled == 1 &&
1745 opt.cid_enabled_renego == 1 &&
1746 cid_len != cid_renego_len )
1747 {
1748 mbedtls_printf( "CID length must not change during renegotiation\n" );
1749 goto usage;
1750 }
1751
1752 if( opt.cid_enabled == 1 )
1753 ret = mbedtls_ssl_conf_cid( &conf, cid_len,
1754 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1755 else
1756 ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
1757 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
1758
1759 if( ret != 0 )
1760 {
1761 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1762 (unsigned int) -ret );
1763 goto exit;
1764 }
1765 }
1766 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1767
1768 if( opt.auth_mode != DFL_AUTH_MODE )
1769 mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
1770
1771 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1772 if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
1773 mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
1774 opt.hs_to_max );
1775
1776 if( opt.dgram_packing != DFL_DGRAM_PACKING )
1777 mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
1778 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1779
1780 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1781 if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
1782 {
1783 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1784 ret );
1785 goto exit;
1786 }
1787 #endif
1788
1789 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1790 const mbedtls_ssl_srtp_profile forced_profile[] =
1791 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1792 if( opt.use_srtp == 1 )
1793 {
1794 if( opt.force_srtp_profile != 0 )
1795 {
1796 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
1797 }
1798 else
1799 {
1800 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
1801 }
1802
1803 if( ret != 0 )
1804 {
1805 mbedtls_printf( " failed\n ! "
1806 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1807 ret );
1808 goto exit;
1809 }
1810
1811 }
1812 else if( opt.force_srtp_profile != 0 )
1813 {
1814 mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
1815 goto exit;
1816 }
1817 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1818
1819 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1820 if( opt.extended_ms != DFL_EXTENDED_MS )
1821 mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
1822 #endif
1823
1824 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1825 if( opt.etm != DFL_ETM )
1826 mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
1827 #endif
1828
1829 #if defined(MBEDTLS_DHM_C)
1830 if( opt.dhmlen != DFL_DHMLEN )
1831 mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
1832 #endif
1833
1834 #if defined(MBEDTLS_SSL_ALPN)
1835 if( opt.alpn_string != NULL )
1836 if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
1837 {
1838 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
1839 ret );
1840 goto exit;
1841 }
1842 #endif
1843
1844 if (opt.reproducible)
1845 {
1846 #if defined(MBEDTLS_HAVE_TIME)
1847 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
1848 mbedtls_platform_set_time( dummy_constant_time );
1849 #else
1850 fprintf( stderr, "Warning: reproducible option used without constant time\n" );
1851 #endif
1852 #endif /* MBEDTLS_HAVE_TIME */
1853 }
1854 mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
1855 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
1856
1857 mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
1858
1859 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1860 mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
1861 #endif
1862
1863 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
1864 mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
1865
1866 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1867 mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
1868 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1869
1870 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
1871 mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
1872 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1873 mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
1874 #endif
1875
1876 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1877 if( strcmp( opt.ca_path, "none" ) != 0 &&
1878 strcmp( opt.ca_file, "none" ) != 0 )
1879 {
1880 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1881 if( opt.ca_callback != 0 )
1882 mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert );
1883 else
1884 #endif
1885 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
1886 }
1887 if( strcmp( opt.crt_file, "none" ) != 0 &&
1888 strcmp( opt.key_file, "none" ) != 0 )
1889 {
1890 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
1891 {
1892 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
1893 ret );
1894 goto exit;
1895 }
1896 }
1897 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1898
1899 #if defined(MBEDTLS_ECP_C)
1900 if( opt.curves != NULL &&
1901 strcmp( opt.curves, "default" ) != 0 )
1902 {
1903 mbedtls_ssl_conf_groups( &conf, group_list );
1904 }
1905 #endif
1906
1907 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1908 if( opt.sig_algs != NULL )
1909 mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
1910 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1911
1912 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1913 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1914 if( opt.psk_opaque != 0 )
1915 {
1916 key_attributes = psa_key_attributes_init();
1917 psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
1918 psa_set_key_algorithm( &key_attributes, alg );
1919 psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
1920
1921 status = psa_import_key( &key_attributes, psk, psk_len, &slot );
1922 if( status != PSA_SUCCESS )
1923 {
1924 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1925 goto exit;
1926 }
1927
1928 if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, slot,
1929 (const unsigned char *) opt.psk_identity,
1930 strlen( opt.psk_identity ) ) ) != 0 )
1931 {
1932 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
1933 ret );
1934 goto exit;
1935 }
1936 }
1937 else
1938 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1939 if( psk_len > 0 )
1940 {
1941 ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
1942 (const unsigned char *) opt.psk_identity,
1943 strlen( opt.psk_identity ) );
1944 if( ret != 0 )
1945 {
1946 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
1947 goto exit;
1948 }
1949 }
1950 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1951
1952 if( opt.min_version != DFL_MIN_VERSION )
1953 mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1954 opt.min_version );
1955
1956 if( opt.max_version != DFL_MAX_VERSION )
1957 mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1958 opt.max_version );
1959
1960 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
1961 {
1962 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
1963 (unsigned int) -ret );
1964 goto exit;
1965 }
1966
1967 if( opt.eap_tls != 0 )
1968 {
1969 mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
1970 &eap_tls_keying );
1971 }
1972 else if( opt.nss_keylog != 0 )
1973 {
1974 mbedtls_ssl_set_export_keys_cb( &ssl,
1975 nss_keylog_export,
1976 NULL );
1977 }
1978 #if defined( MBEDTLS_SSL_DTLS_SRTP )
1979 else if( opt.use_srtp != 0 )
1980 {
1981 mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
1982 &dtls_srtp_keying );
1983 }
1984 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1985
1986 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1987 if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
1988 {
1989 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
1990 ret );
1991 goto exit;
1992 }
1993 #endif
1994
1995 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1996 if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
1997 {
1998 if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
1999 (const unsigned char *) opt.ecjpake_pw,
2000 strlen( opt.ecjpake_pw ) ) ) != 0 )
2001 {
2002 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
2003 ret );
2004 goto exit;
2005 }
2006 }
2007 #endif
2008
2009 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2010 if( opt.context_crt_cb == 1 )
2011 mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
2012 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2013
2014 io_ctx.ssl = &ssl;
2015 io_ctx.net = &server_fd;
2016 mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
2017 opt.nbio == 0 ? recv_timeout_cb : NULL );
2018
2019 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2020 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2021 {
2022 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
2023 cid, cid_len ) ) != 0 )
2024 {
2025 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2026 ret );
2027 goto exit;
2028 }
2029 }
2030 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2031
2032 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2033 if( opt.dtls_mtu != DFL_DTLS_MTU )
2034 mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
2035 #endif
2036
2037 #if defined(MBEDTLS_TIMING_C)
2038 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
2039 mbedtls_timing_get_delay );
2040 #endif
2041
2042 #if defined(MBEDTLS_ECP_RESTARTABLE)
2043 if( opt.ec_max_ops != DFL_EC_MAX_OPS )
2044 mbedtls_ecp_set_max_ops( opt.ec_max_ops );
2045 #endif
2046
2047 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2048 if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 )
2049 {
2050 if( mbedtls_test_unhexify( mki, sizeof( mki ),
2051 opt.mki,&mki_len ) != 0 )
2052 {
2053 mbedtls_printf( "mki value not valid hex\n" );
2054 goto exit;
2055 }
2056
2057 mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
2058 if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
2059 (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 )
2060 {
2061 mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
2062 goto exit;
2063 }
2064 }
2065 #endif
2066
2067 mbedtls_printf( " ok\n" );
2068
2069 /*
2070 * 3. Start the connection
2071 */
2072 if( opt.server_addr == NULL)
2073 opt.server_addr = opt.server_name;
2074
2075 mbedtls_printf( " . Connecting to %s/%s/%s...",
2076 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2077 opt.server_addr, opt.server_port );
2078 fflush( stdout );
2079
2080 if( ( ret = mbedtls_net_connect( &server_fd,
2081 opt.server_addr, opt.server_port,
2082 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2083 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2084 {
2085 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2086 (unsigned int) -ret );
2087 goto exit;
2088 }
2089
2090 if( opt.nbio > 0 )
2091 ret = mbedtls_net_set_nonblock( &server_fd );
2092 else
2093 ret = mbedtls_net_set_block( &server_fd );
2094 if( ret != 0 )
2095 {
2096 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
2097 (unsigned int) -ret );
2098 goto exit;
2099 }
2100
2101 mbedtls_printf( " ok\n" );
2102
2103 /*
2104 * 4. Handshake
2105 */
2106 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
2107 fflush( stdout );
2108
2109 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2110 {
2111 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2112 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2113 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2114 {
2115 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
2116 (unsigned int) -ret );
2117 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2118 mbedtls_printf(
2119 " Unable to verify the server's certificate. "
2120 "Either it is invalid,\n"
2121 " or you didn't set ca_file or ca_path "
2122 "to an appropriate value.\n"
2123 " Alternatively, you may want to use "
2124 "auth_mode=optional for testing purposes.\n" );
2125 mbedtls_printf( "\n" );
2126 goto exit;
2127 }
2128
2129 #if defined(MBEDTLS_ECP_RESTARTABLE)
2130 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2131 continue;
2132 #endif
2133
2134 /* For event-driven IO, wait for socket to become available */
2135 if( opt.event == 1 /* level triggered IO */ )
2136 {
2137 #if defined(MBEDTLS_TIMING_C)
2138 ret = idle( &server_fd, &timer, ret );
2139 #else
2140 ret = idle( &server_fd, ret );
2141 #endif
2142 if( ret != 0 )
2143 goto exit;
2144 }
2145 }
2146
2147 mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
2148 mbedtls_ssl_get_version( &ssl ),
2149 mbedtls_ssl_get_ciphersuite( &ssl ) );
2150
2151 if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
2152 mbedtls_printf( " [ Record expansion is %d ]\n", ret );
2153 else
2154 mbedtls_printf( " [ Record expansion is unknown ]\n" );
2155
2156 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2157 mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
2158 (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
2159 mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
2160 (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
2161 #endif
2162
2163 #if defined(MBEDTLS_SSL_ALPN)
2164 if( opt.alpn_string != NULL )
2165 {
2166 const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
2167 mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
2168 alp ? alp : "(none)" );
2169 }
2170 #endif
2171
2172 if( opt.eap_tls != 0 )
2173 {
2174 size_t j = 0;
2175
2176 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
2177 eap_tls_keying.master_secret,
2178 sizeof( eap_tls_keying.master_secret ),
2179 eap_tls_label,
2180 eap_tls_keying.randbytes,
2181 sizeof( eap_tls_keying.randbytes ),
2182 eap_tls_keymaterial,
2183 sizeof( eap_tls_keymaterial ) ) )
2184 != 0 )
2185 {
2186 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2187 (unsigned int) -ret );
2188 goto exit;
2189 }
2190
2191 mbedtls_printf( " EAP-TLS key material is:" );
2192 for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
2193 {
2194 if( j % 8 == 0 )
2195 mbedtls_printf("\n ");
2196 mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
2197 }
2198 mbedtls_printf("\n");
2199
2200 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
2201 eap_tls_label,
2202 eap_tls_keying.randbytes,
2203 sizeof( eap_tls_keying.randbytes ),
2204 eap_tls_iv,
2205 sizeof( eap_tls_iv ) ) ) != 0 )
2206 {
2207 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2208 (unsigned int) -ret );
2209 goto exit;
2210 }
2211
2212 mbedtls_printf( " EAP-TLS IV is:" );
2213 for( j = 0; j < sizeof( eap_tls_iv ); j++ )
2214 {
2215 if( j % 8 == 0 )
2216 mbedtls_printf("\n ");
2217 mbedtls_printf("%02x ", eap_tls_iv[j] );
2218 }
2219 mbedtls_printf("\n");
2220 }
2221
2222 #if defined( MBEDTLS_SSL_DTLS_SRTP )
2223 else if( opt.use_srtp != 0 )
2224 {
2225 size_t j = 0;
2226 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2227 mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result );
2228
2229 if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2230 == MBEDTLS_TLS_SRTP_UNSET )
2231 {
2232 mbedtls_printf( " Unable to negotiate "
2233 "the use of DTLS-SRTP\n" );
2234 }
2235 else
2236 {
2237 if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
2238 dtls_srtp_keying.master_secret,
2239 sizeof( dtls_srtp_keying.master_secret ),
2240 dtls_srtp_label,
2241 dtls_srtp_keying.randbytes,
2242 sizeof( dtls_srtp_keying.randbytes ),
2243 dtls_srtp_key_material,
2244 sizeof( dtls_srtp_key_material ) ) )
2245 != 0 )
2246 {
2247 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2248 (unsigned int) -ret );
2249 goto exit;
2250 }
2251
2252 mbedtls_printf( " DTLS-SRTP key material is:" );
2253 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2254 {
2255 if( j % 8 == 0 )
2256 mbedtls_printf( "\n " );
2257 mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
2258 }
2259 mbedtls_printf( "\n" );
2260
2261 /* produce a less readable output used to perform automatic checks
2262 * - compare client and server output
2263 * - interop test with openssl which client produces this kind of output
2264 */
2265 mbedtls_printf( " Keying material: " );
2266 for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
2267 {
2268 mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
2269 }
2270 mbedtls_printf( "\n" );
2271
2272 if ( dtls_srtp_negotiation_result.mki_len > 0 )
2273 {
2274 mbedtls_printf( " DTLS-SRTP mki value: " );
2275 for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
2276 {
2277 mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
2278 }
2279 }
2280 else
2281 {
2282 mbedtls_printf( " DTLS-SRTP no mki value negotiated" );
2283 }
2284 mbedtls_printf( "\n" );
2285 }
2286 }
2287 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2288 if( opt.reconnect != 0 )
2289 {
2290 mbedtls_printf(" . Saving session for reuse..." );
2291 fflush( stdout );
2292
2293 if( opt.reco_mode == 1 )
2294 {
2295 mbedtls_ssl_session exported_session;
2296
2297 /* free any previously saved data */
2298 if( session_data != NULL )
2299 {
2300 mbedtls_platform_zeroize( session_data, session_data_len );
2301 mbedtls_free( session_data );
2302 session_data = NULL;
2303 }
2304
2305 mbedtls_ssl_session_init( &exported_session );
2306 ret = mbedtls_ssl_get_session( &ssl, &exported_session );
2307 if( ret != 0 )
2308 {
2309 mbedtls_printf(
2310 "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
2311 (unsigned) -ret );
2312 goto exit;
2313 }
2314
2315 /* get size of the buffer needed */
2316 mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len );
2317 session_data = mbedtls_calloc( 1, session_data_len );
2318 if( session_data == NULL )
2319 {
2320 mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
2321 (unsigned) session_data_len );
2322 mbedtls_ssl_session_free( &exported_session );
2323 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
2324 goto exit;
2325 }
2326
2327 /* actually save session data */
2328 if( ( ret = mbedtls_ssl_session_save( &exported_session,
2329 session_data, session_data_len,
2330 &session_data_len ) ) != 0 )
2331 {
2332 mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
2333 (unsigned int) -ret );
2334 mbedtls_ssl_session_free( &exported_session );
2335 goto exit;
2336 }
2337
2338 mbedtls_ssl_session_free( &exported_session );
2339 }
2340 else
2341 {
2342 if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
2343 {
2344 mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2345 (unsigned int) -ret );
2346 goto exit;
2347 }
2348 }
2349
2350 mbedtls_printf( " ok\n" );
2351
2352 if( opt.reco_mode == 1 )
2353 {
2354 mbedtls_printf( " [ Saved %u bytes of session data]\n",
2355 (unsigned) session_data_len );
2356 }
2357 }
2358
2359 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2360 /*
2361 * 5. Verify the server certificate
2362 */
2363 mbedtls_printf( " . Verifying peer X.509 certificate..." );
2364
2365 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
2366 {
2367 char vrfy_buf[512];
2368 mbedtls_printf( " failed\n" );
2369
2370 x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
2371 " ! ", flags );
2372
2373 mbedtls_printf( "%s\n", vrfy_buf );
2374 }
2375 else
2376 mbedtls_printf( " ok\n" );
2377
2378 #if !defined(MBEDTLS_X509_REMOVE_INFO)
2379 mbedtls_printf( " . Peer certificate information ...\n" );
2380 mbedtls_printf( "%s\n", peer_crt_info );
2381 #endif /* !MBEDTLS_X509_REMOVE_INFO */
2382 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2383
2384 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2385 ret = report_cid_usage( &ssl, "initial handshake" );
2386 if( ret != 0 )
2387 goto exit;
2388
2389 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2390 {
2391 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
2392 cid_renego,
2393 cid_renego_len ) ) != 0 )
2394 {
2395 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2396 ret );
2397 goto exit;
2398 }
2399 }
2400 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2401
2402 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2403 if( opt.renegotiate )
2404 {
2405 /*
2406 * Perform renegotiation (this must be done when the server is waiting
2407 * for input from our side).
2408 */
2409 mbedtls_printf( " . Performing renegotiation..." );
2410 fflush( stdout );
2411 while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
2412 {
2413 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2414 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2415 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2416 {
2417 mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2418 ret );
2419 goto exit;
2420 }
2421
2422 #if defined(MBEDTLS_ECP_RESTARTABLE)
2423 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2424 continue;
2425 #endif
2426
2427 /* For event-driven IO, wait for socket to become available */
2428 if( opt.event == 1 /* level triggered IO */ )
2429 {
2430 #if defined(MBEDTLS_TIMING_C)
2431 idle( &server_fd, &timer, ret );
2432 #else
2433 idle( &server_fd, ret );
2434 #endif
2435 }
2436
2437 }
2438 mbedtls_printf( " ok\n" );
2439 }
2440 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2441
2442 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2443 ret = report_cid_usage( &ssl, "after renegotiation" );
2444 if( ret != 0 )
2445 goto exit;
2446 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2447
2448 /*
2449 * 6. Write the GET request
2450 */
2451 retry_left = opt.max_resend;
2452 send_request:
2453 mbedtls_printf( " > Write to server:" );
2454 fflush( stdout );
2455
2456 len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
2457 opt.request_page );
2458 tail_len = (int) strlen( GET_REQUEST_END );
2459
2460 /* Add padding to GET request to reach opt.request_size in length */
2461 if( opt.request_size != DFL_REQUEST_SIZE &&
2462 len + tail_len < opt.request_size )
2463 {
2464 memset( buf + len, 'A', opt.request_size - len - tail_len );
2465 len += opt.request_size - len - tail_len;
2466 }
2467
2468 strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
2469 len += tail_len;
2470
2471 /* Truncate if request size is smaller than the "natural" size */
2472 if( opt.request_size != DFL_REQUEST_SIZE &&
2473 len > opt.request_size )
2474 {
2475 len = opt.request_size;
2476
2477 /* Still end with \r\n unless that's really not possible */
2478 if( len >= 2 ) buf[len - 2] = '\r';
2479 if( len >= 1 ) buf[len - 1] = '\n';
2480 }
2481
2482 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2483 {
2484 written = 0;
2485 frags = 0;
2486
2487 do
2488 {
2489 while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
2490 len - written ) ) < 0 )
2491 {
2492 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2493 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2494 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2495 {
2496 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2497 (unsigned int) -ret );
2498 goto exit;
2499 }
2500
2501 /* For event-driven IO, wait for socket to become available */
2502 if( opt.event == 1 /* level triggered IO */ )
2503 {
2504 #if defined(MBEDTLS_TIMING_C)
2505 idle( &server_fd, &timer, ret );
2506 #else
2507 idle( &server_fd, ret );
2508 #endif
2509 }
2510 }
2511
2512 frags++;
2513 written += ret;
2514 }
2515 while( written < len );
2516 }
2517 else /* Not stream, so datagram */
2518 {
2519 while( 1 )
2520 {
2521 ret = mbedtls_ssl_write( &ssl, buf, len );
2522
2523 #if defined(MBEDTLS_ECP_RESTARTABLE)
2524 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2525 continue;
2526 #endif
2527
2528 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2529 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2530 break;
2531
2532 /* For event-driven IO, wait for socket to become available */
2533 if( opt.event == 1 /* level triggered IO */ )
2534 {
2535 #if defined(MBEDTLS_TIMING_C)
2536 idle( &server_fd, &timer, ret );
2537 #else
2538 idle( &server_fd, ret );
2539 #endif
2540 }
2541 }
2542
2543 if( ret < 0 )
2544 {
2545 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
2546 ret );
2547 goto exit;
2548 }
2549
2550 frags = 1;
2551 written = ret;
2552
2553 if( written < len )
2554 {
2555 mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
2556 "was truncated to size %u", (unsigned) written );
2557 }
2558 }
2559
2560 buf[written] = '\0';
2561 mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
2562 written, frags, (char *) buf );
2563
2564 /* Send a non-empty request if request_size == 0 */
2565 if ( len == 0 )
2566 {
2567 opt.request_size = DFL_REQUEST_SIZE;
2568 goto send_request;
2569 }
2570
2571 /*
2572 * 7. Read the HTTP response
2573 */
2574 mbedtls_printf( " < Read from server:" );
2575 fflush( stdout );
2576
2577 /*
2578 * TLS and DTLS need different reading styles (stream vs datagram)
2579 */
2580 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
2581 {
2582 do
2583 {
2584 len = sizeof( buf ) - 1;
2585 memset( buf, 0, sizeof( buf ) );
2586 ret = mbedtls_ssl_read( &ssl, buf, len );
2587
2588 #if defined(MBEDTLS_ECP_RESTARTABLE)
2589 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2590 continue;
2591 #endif
2592
2593 if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
2594 ret == MBEDTLS_ERR_SSL_WANT_WRITE )
2595 {
2596 /* For event-driven IO, wait for socket to become available */
2597 if( opt.event == 1 /* level triggered IO */ )
2598 {
2599 #if defined(MBEDTLS_TIMING_C)
2600 idle( &server_fd, &timer, ret );
2601 #else
2602 idle( &server_fd, ret );
2603 #endif
2604 }
2605 continue;
2606 }
2607
2608 if( ret <= 0 )
2609 {
2610 switch( ret )
2611 {
2612 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2613 mbedtls_printf( " connection was closed gracefully\n" );
2614 ret = 0;
2615 goto close_notify;
2616
2617 case 0:
2618 case MBEDTLS_ERR_NET_CONN_RESET:
2619 mbedtls_printf( " connection was reset by peer\n" );
2620 ret = 0;
2621 goto reconnect;
2622
2623 default:
2624 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
2625 (unsigned int) -ret );
2626 goto exit;
2627 }
2628 }
2629
2630 len = ret;
2631 buf[len] = '\0';
2632 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
2633
2634 /* End of message should be detected according to the syntax of the
2635 * application protocol (eg HTTP), just use a dummy test here. */
2636 if( ret > 0 && buf[len-1] == '\n' )
2637 {
2638 ret = 0;
2639 break;
2640 }
2641 }
2642 while( 1 );
2643 }
2644 else /* Not stream, so datagram */
2645 {
2646 len = sizeof( buf ) - 1;
2647 memset( buf, 0, sizeof( buf ) );
2648
2649 while( 1 )
2650 {
2651 ret = mbedtls_ssl_read( &ssl, buf, len );
2652
2653 #if defined(MBEDTLS_ECP_RESTARTABLE)
2654 if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2655 continue;
2656 #endif
2657
2658 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2659 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
2660 break;
2661
2662 /* For event-driven IO, wait for socket to become available */
2663 if( opt.event == 1 /* level triggered IO */ )
2664 {
2665 #if defined(MBEDTLS_TIMING_C)
2666 idle( &server_fd, &timer, ret );
2667 #else
2668 idle( &server_fd, ret );
2669 #endif
2670 }
2671 }
2672
2673 if( ret <= 0 )
2674 {
2675 switch( ret )
2676 {
2677 case MBEDTLS_ERR_SSL_TIMEOUT:
2678 mbedtls_printf( " timeout\n" );
2679 if( retry_left-- > 0 )
2680 goto send_request;
2681 goto exit;
2682
2683 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2684 mbedtls_printf( " connection was closed gracefully\n" );
2685 ret = 0;
2686 goto close_notify;
2687
2688 default:
2689 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
2690 goto exit;
2691 }
2692 }
2693
2694 len = ret;
2695 buf[len] = '\0';
2696 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
2697 ret = 0;
2698 }
2699
2700 /*
2701 * 7b. Simulate hard reset and reconnect from same port?
2702 */
2703 if( opt.reconnect_hard != 0 )
2704 {
2705 opt.reconnect_hard = 0;
2706
2707 mbedtls_printf( " . Restarting connection from same port..." );
2708 fflush( stdout );
2709
2710 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2711 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
2712 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2713
2714 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
2715 {
2716 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2717 (unsigned int) -ret );
2718 goto exit;
2719 }
2720
2721 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2722 {
2723 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
2724 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2725 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
2726 {
2727 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2728 (unsigned int) -ret );
2729 goto exit;
2730 }
2731
2732 /* For event-driven IO, wait for socket to become available */
2733 if( opt.event == 1 /* level triggered IO */ )
2734 {
2735 #if defined(MBEDTLS_TIMING_C)
2736 idle( &server_fd, &timer, ret );
2737 #else
2738 idle( &server_fd, ret );
2739 #endif
2740 }
2741 }
2742
2743 mbedtls_printf( " ok\n" );
2744
2745 goto send_request;
2746 }
2747
2748 /*
2749 * 7c. Simulate serialize/deserialize and go back to data exchange
2750 */
2751 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2752 if( opt.serialize != 0 )
2753 {
2754 size_t buf_len;
2755
2756 mbedtls_printf( " . Serializing live connection..." );
2757
2758 ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
2759 if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
2760 {
2761 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2762 "-0x%x\n\n", (unsigned int) -ret );
2763
2764 goto exit;
2765 }
2766
2767 if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL )
2768 {
2769 mbedtls_printf( " failed\n ! Couldn't allocate buffer for "
2770 "serialized context" );
2771
2772 goto exit;
2773 }
2774 context_buf_len = buf_len;
2775
2776 if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
2777 buf_len, &buf_len ) ) != 0 )
2778 {
2779 mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
2780 "-0x%x\n\n", (unsigned int) -ret );
2781
2782 goto exit;
2783 }
2784
2785 mbedtls_printf( " ok\n" );
2786
2787 /* Save serialized context to the 'opt.context_file' as a base64 code */
2788 if( 0 < strlen( opt.context_file ) )
2789 {
2790 FILE *b64_file;
2791 uint8_t *b64_buf;
2792 size_t b64_len;
2793
2794 mbedtls_printf( " . Save serialized context to a file... " );
2795
2796 mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
2797
2798 if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
2799 {
2800 mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
2801 "the base64 code\n" );
2802 goto exit;
2803 }
2804
2805 if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
2806 context_buf, buf_len ) ) != 0 )
2807 {
2808 mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
2809 "-0x%x\n", (unsigned int) -ret );
2810 mbedtls_free( b64_buf );
2811 goto exit;
2812 }
2813
2814 if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
2815 {
2816 mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
2817 opt.context_file );
2818 mbedtls_free( b64_buf );
2819 goto exit;
2820 }
2821
2822 if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
2823 {
2824 mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
2825 (long) b64_len );
2826 mbedtls_free( b64_buf );
2827 fclose( b64_file );
2828 goto exit;
2829 }
2830
2831 mbedtls_free( b64_buf );
2832 fclose( b64_file );
2833
2834 mbedtls_printf( "ok\n" );
2835 }
2836
2837 if( opt.serialize == 1 )
2838 {
2839 /* nothing to do here, done by context_save() already */
2840 mbedtls_printf( " . Context has been reset... ok\n" );
2841 }
2842
2843 if( opt.serialize == 2 )
2844 {
2845 mbedtls_printf( " . Freeing and reinitializing context..." );
2846
2847 mbedtls_ssl_free( &ssl );
2848
2849 mbedtls_ssl_init( &ssl );
2850
2851 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
2852 {
2853 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
2854 "-0x%x\n\n", (unsigned int) -ret );
2855 goto exit;
2856 }
2857
2858 if( opt.nbio == 2 )
2859 mbedtls_ssl_set_bio( &ssl, &server_fd, delayed_send,
2860 delayed_recv, NULL );
2861 else
2862 mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send,
2863 mbedtls_net_recv,
2864 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
2865
2866 #if defined(MBEDTLS_TIMING_C)
2867 mbedtls_ssl_set_timer_cb( &ssl, &timer,
2868 mbedtls_timing_set_delay,
2869 mbedtls_timing_get_delay );
2870 #endif /* MBEDTLS_TIMING_C */
2871
2872 mbedtls_printf( " ok\n" );
2873 }
2874
2875 mbedtls_printf( " . Deserializing connection..." );
2876
2877 if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
2878 buf_len ) ) != 0 )
2879 {
2880 mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
2881 "-0x%x\n\n", (unsigned int) -ret );
2882
2883 goto exit;
2884 }
2885
2886 mbedtls_free( context_buf );
2887 context_buf = NULL;
2888 context_buf_len = 0;
2889
2890 mbedtls_printf( " ok\n" );
2891 }
2892 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2893
2894 /*
2895 * 7d. Continue doing data exchanges?
2896 */
2897 if( --opt.exchanges > 0 )
2898 goto send_request;
2899
2900 /*
2901 * 8. Done, cleanly close the connection
2902 */
2903 close_notify:
2904 mbedtls_printf( " . Closing the connection..." );
2905 fflush( stdout );
2906
2907 /*
2908 * Most of the time sending a close_notify before closing is the right
2909 * thing to do. However, when the server already knows how many messages
2910 * are expected and closes the connection by itself, this alert becomes
2911 * redundant. Sometimes with DTLS this redundancy becomes a problem by
2912 * leading to a race condition where the server might close the connection
2913 * before seeing the alert, and since UDP is connection-less when the
2914 * alert arrives it will be seen as a new connection, which will fail as
2915 * the alert is clearly not a valid ClientHello. This may cause spurious
2916 * failures in tests that use DTLS and resumption with ssl_server2 in
2917 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
2918 */
2919 if( opt.skip_close_notify == 0 )
2920 {
2921 /* No error checking, the connection might be closed already */
2922 do ret = mbedtls_ssl_close_notify( &ssl );
2923 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2924 ret = 0;
2925 }
2926
2927 mbedtls_printf( " done\n" );
2928
2929 /*
2930 * 9. Reconnect?
2931 */
2932 reconnect:
2933 if( opt.reconnect != 0 )
2934 {
2935 --opt.reconnect;
2936
2937 mbedtls_net_free( &server_fd );
2938
2939 #if defined(MBEDTLS_TIMING_C)
2940 if( opt.reco_delay > 0 )
2941 mbedtls_net_usleep( 1000000 * opt.reco_delay );
2942 #endif
2943
2944 mbedtls_printf( " . Reconnecting with saved session..." );
2945
2946 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2947 memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
2948 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2949
2950 if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
2951 {
2952 mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2953 (unsigned int) -ret );
2954 goto exit;
2955 }
2956
2957 if( opt.reco_mode == 1 )
2958 {
2959 if( ( ret = mbedtls_ssl_session_load( &saved_session,
2960 session_data,
2961 session_data_len ) ) != 0 )
2962 {
2963 mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
2964 (unsigned int) -ret );
2965 goto exit;
2966 }
2967 }
2968
2969 if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
2970 {
2971 mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
2972 (unsigned int) -ret );
2973 goto exit;
2974 }
2975
2976 if( ( ret = mbedtls_net_connect( &server_fd,
2977 opt.server_addr, opt.server_port,
2978 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2979 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2980 {
2981 mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2982 (unsigned int) -ret );
2983 goto exit;
2984 }
2985
2986 if( opt.nbio > 0 )
2987 ret = mbedtls_net_set_nonblock( &server_fd );
2988 else
2989 ret = mbedtls_net_set_block( &server_fd );
2990 if( ret != 0 )
2991 {
2992 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
2993 (unsigned int) -ret );
2994 goto exit;
2995 }
2996
2997 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
2998 {
2999 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
3000 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3001 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
3002 {
3003 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
3004 (unsigned int) -ret );
3005 goto exit;
3006 }
3007 }
3008
3009 mbedtls_printf( " ok\n" );
3010
3011 goto send_request;
3012 }
3013
3014 /*
3015 * Cleanup and exit
3016 */
3017 exit:
3018 #ifdef MBEDTLS_ERROR_C
3019 if( ret != 0 )
3020 {
3021 char error_buf[100];
3022 mbedtls_strerror( ret, error_buf, 100 );
3023 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
3024 }
3025 #endif
3026
3027 mbedtls_net_free( &server_fd );
3028
3029 mbedtls_ssl_free( &ssl );
3030 mbedtls_ssl_config_free( &conf );
3031 mbedtls_ssl_session_free( &saved_session );
3032
3033 if( session_data != NULL )
3034 mbedtls_platform_zeroize( session_data, session_data_len );
3035 mbedtls_free( session_data );
3036 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3037 if( context_buf != NULL )
3038 mbedtls_platform_zeroize( context_buf, context_buf_len );
3039 mbedtls_free( context_buf );
3040 #endif
3041
3042 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3043 mbedtls_x509_crt_free( &clicert );
3044 mbedtls_x509_crt_free( &cacert );
3045 mbedtls_pk_free( &pkey );
3046 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3047 psa_destroy_key( key_slot );
3048 #endif
3049 #endif /* MBEDTLS_X509_CRT_PARSE_C */
3050
3051 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
3052 defined(MBEDTLS_USE_PSA_CRYPTO)
3053 if( opt.psk_opaque != 0 )
3054 {
3055 /* This is ok even if the slot hasn't been
3056 * initialized (we might have jumed here
3057 * immediately because of bad cmd line params,
3058 * for example). */
3059 status = psa_destroy_key( slot );
3060 if( ( status != PSA_SUCCESS ) &&
3061 ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
3062 {
3063 mbedtls_printf( "Failed to destroy key slot %u - error was %d",
3064 (unsigned) slot, (int) status );
3065 if( ret == 0 )
3066 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3067 }
3068 }
3069 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
3070 MBEDTLS_USE_PSA_CRYPTO */
3071
3072 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3073 const char* message = mbedtls_test_helper_is_psa_leaking();
3074 if( message )
3075 {
3076 if( ret == 0 )
3077 ret = 1;
3078 mbedtls_printf( "PSA memory leak detected: %s\n", message);
3079 }
3080 #endif /* MBEDTLS_USE_PSA_CRYPTO */
3081
3082 /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
3083 * resources are freed by rng_free(). */
3084 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
3085 !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
3086 mbedtls_psa_crypto_free( );
3087 #endif
3088
3089 rng_free( &rng );
3090
3091 #if defined(MBEDTLS_TEST_HOOKS)
3092 if( test_hooks_failure_detected( ) )
3093 {
3094 if( ret == 0 )
3095 ret = 1;
3096 mbedtls_printf( "Test hooks detected errors.\n" );
3097 }
3098 test_hooks_free( );
3099 #endif /* MBEDTLS_TEST_HOOKS */
3100
3101 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3102 #if defined(MBEDTLS_MEMORY_DEBUG)
3103 mbedtls_memory_buffer_alloc_status();
3104 #endif
3105 mbedtls_memory_buffer_alloc_free();
3106 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
3107
3108 #if defined(_WIN32)
3109 if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
3110 {
3111 mbedtls_printf( " + Press Enter to exit this program.\n" );
3112 fflush( stdout ); getchar();
3113 }
3114 #endif
3115
3116 // Shell can not handle large exit numbers -> 1 for errors
3117 if( ret < 0 )
3118 ret = 1;
3119
3120 if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
3121 mbedtls_exit( ret );
3122 else
3123 mbedtls_exit( query_config_ret );
3124 }
3125 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
3126