1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include <stdio.h>
17 #include <stdint.h>
18 #include <stdbool.h>
19 #include <stdlib.h>
20 #include <time.h>
21 #include <stddef.h>
22 #include <unistd.h>
23 #include "securec.h"
24 #include "bsl_sal.h"
25 #include "hitls.h"
26 #include "hitls_config.h"
27 #include "hitls_error.h"
28 #include "hitls_cert_reg.h"
29 #include "hitls_crypt_type.h"
30 #include "tls.h"
31 #include "hs.h"
32 #include "hs_ctx.h"
33 #include "hs_state_recv.h"
34 #include "conn_init.h"
35 #include "app.h"
36 #include "record.h"
37 #include "rec_conn.h"
38 #include "session.h"
39 #include "recv_process.h"
40 #include "stub_replace.h"
41 #include "frame_tls.h"
42 #include "frame_msg.h"
43 #include "simulate_io.h"
44 #include "parser_frame_msg.h"
45 #include "pack_frame_msg.h"
46 #include "frame_io.h"
47 #include "frame_link.h"
48 #include "cert.h"
49 #include "cert_mgr.h"
50 #include "hs_extensions.h"
51 #include "hlt_type.h"
52 #include "hlt.h"
53 #include "sctp_channel.h"
54 #include "logger.h"
55
56 #define READ_BUF_SIZE (18 * 1024) /* Maximum length of the read message buffer */
57
58 typedef struct {
59 HITLS_Config *config;
60 FRAME_LinkObj *client;
61 FRAME_LinkObj *server;
62 HITLS_HandshakeState state;
63 bool isClient;
64 bool isSupportExtendMasterSecret;
65 bool isSupportClientVerify;
66 bool isSupportNoClientCert;
67 bool isServerExtendMasterSecret;
68 bool isSupportRenegotiation; /* Renegotiation support flag */
69 bool needStopBeforeRecvCCS; /* CCS test, so that the TRY_RECV_FINISH stops before the CCS message is received */
70 } HandshakeTestInfo;
71
72
SendHelloReq(HITLS_Ctx * ctx)73 int32_t SendHelloReq(HITLS_Ctx *ctx)
74 {
75 /** Initialize the message buffer. */
76 uint8_t buf[HS_MSG_HEADER_SIZE] = {0u};
77 size_t len = HS_MSG_HEADER_SIZE;
78
79 /** Write records. */
80 return REC_Write(ctx, REC_TYPE_HANDSHAKE, buf, len);
81 }
82
83 #define TEST_CLIENT_SEND_FAIL 1
84
TestSetCertPath(HLT_Ctx_Config * ctxConfig,char * SignatureType)85 void TestSetCertPath(HLT_Ctx_Config *ctxConfig, char *SignatureType)
86 {
87 if (strncmp(SignatureType, "CERT_SIG_SCHEME_RSA_PKCS1_SHA1", strlen("CERT_SIG_SCHEME_RSA_PKCS1_SHA1")) == 0) {
88 HLT_SetCertPath(
89 ctxConfig, RSA_SHA_CA_PATH, RSA_SHA_CHAIN_PATH, RSA_SHA1_EE_PATH, RSA_SHA1_PRIV_PATH, "NULL", "NULL");
90 } else if (strncmp(SignatureType, "CERT_SIG_SCHEME_RSA_PKCS1_SHA256", strlen("CERT_SIG_SCHEME_RSA_PKCS1_SHA256")) ==
91 0 ||
92 strncmp(SignatureType,
93 "CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256",
94 strlen("CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256")) == 0) {
95 HLT_SetCertPath(
96 ctxConfig, RSA_SHA_CA_PATH, RSA_SHA_CHAIN_PATH, RSA_SHA256_EE_PATH3, RSA_SHA256_PRIV_PATH3, "NULL", "NULL");
97 } else if (strncmp(SignatureType, "CERT_SIG_SCHEME_RSA_PKCS1_SHA384", strlen("CERT_SIG_SCHEME_RSA_PKCS1_SHA384")) ==
98 0 ||
99 strncmp(SignatureType,
100 "CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384",
101 strlen("CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384")) == 0) {
102 HLT_SetCertPath(
103 ctxConfig, RSA_SHA_CA_PATH, RSA_SHA_CHAIN_PATH, RSA_SHA384_EE_PATH, RSA_SHA384_PRIV_PATH, "NULL", "NULL");
104 } else if (strncmp(SignatureType, "CERT_SIG_SCHEME_RSA_PKCS1_SHA512", strlen("CERT_SIG_SCHEME_RSA_PKCS1_SHA512")) ==
105 0 ||
106 strncmp(SignatureType,
107 "CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512",
108 strlen("CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512")) == 0) {
109 HLT_SetCertPath(
110 ctxConfig, RSA_SHA_CA_PATH, RSA_SHA_CHAIN_PATH, RSA_SHA512_EE_PATH, RSA_SHA512_PRIV_PATH, "NULL", "NULL");
111 } else if (strncmp(SignatureType,
112 "CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256",
113 strlen("CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256")) == 0) {
114 HLT_SetCertPath(ctxConfig,
115 ECDSA_SHA_CA_PATH,
116 ECDSA_SHA_CHAIN_PATH,
117 ECDSA_SHA256_EE_PATH,
118 ECDSA_SHA256_PRIV_PATH,
119 "NULL",
120 "NULL");
121 } else if (strncmp(SignatureType,
122 "CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384",
123 strlen("CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384")) == 0) {
124 HLT_SetCertPath(ctxConfig,
125 ECDSA_SHA_CA_PATH,
126 ECDSA_SHA_CHAIN_PATH,
127 ECDSA_SHA384_EE_PATH,
128 ECDSA_SHA384_PRIV_PATH,
129 "NULL",
130 "NULL");
131 } else if (strncmp(SignatureType,
132 "CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512",
133 strlen("CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512")) == 0) {
134 HLT_SetCertPath(ctxConfig,
135 ECDSA_SHA_CA_PATH,
136 ECDSA_SHA_CHAIN_PATH,
137 ECDSA_SHA512_EE_PATH,
138 ECDSA_SHA512_PRIV_PATH,
139 "NULL",
140 "NULL");
141 } else if (strncmp(SignatureType, "CERT_SIG_SCHEME_ECDSA_SHA1", strlen("CERT_SIG_SCHEME_ECDSA_SHA1")) == 0) {
142 HLT_SetCertPath(ctxConfig,
143 ECDSA_SHA1_CA_PATH,
144 ECDSA_SHA1_CHAIN_PATH,
145 ECDSA_SHA1_EE_PATH,
146 ECDSA_SHA1_PRIV_PATH,
147 "NULL",
148 "NULL");
149 }
150 }
151