1 /*
2 * Common code library for SSL test programs.
3 *
4 * In addition to the functions in this file, there is shared source code
5 * that cannot be compiled separately in "ssl_test_common_source.c".
6 *
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
11 #include "ssl_test_lib.h"
12
13 #if defined(MBEDTLS_TEST_HOOKS)
14 #include "test/helpers.h"
15 #endif
16
17 #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
18
my_debug(void * ctx,int level,const char * file,int line,const char * str)19 void my_debug(void *ctx, int level,
20 const char *file, int line,
21 const char *str)
22 {
23 const char *p, *basename;
24
25 /* Extract basename from file */
26 for (p = basename = file; *p != '\0'; p++) {
27 if (*p == '/' || *p == '\\') {
28 basename = p + 1;
29 }
30 }
31
32 mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
33 basename, line, level, str);
34 fflush((FILE *) ctx);
35 }
36
37 #if defined(MBEDTLS_HAVE_TIME)
dummy_constant_time(mbedtls_time_t * time)38 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
39 {
40 (void) time;
41 return 0x5af2a056;
42 }
43 #endif
44
45 #if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
dummy_entropy(void * data,unsigned char * output,size_t len)46 static int dummy_entropy(void *data, unsigned char *output, size_t len)
47 {
48 size_t i;
49 int ret;
50 (void) data;
51
52 ret = mbedtls_entropy_func(data, output, len);
53 for (i = 0; i < len; i++) {
54 //replace result with pseudo random
55 output[i] = (unsigned char) rand();
56 }
57 return ret;
58 }
59 #endif
60
rng_init(rng_context_t * rng)61 void rng_init(rng_context_t *rng)
62 {
63 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
64 (void) rng;
65 psa_crypto_init();
66 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
67
68 #if defined(MBEDTLS_CTR_DRBG_C)
69 mbedtls_ctr_drbg_init(&rng->drbg);
70 #elif defined(MBEDTLS_HMAC_DRBG_C)
71 mbedtls_hmac_drbg_init(&rng->drbg);
72 #else
73 #error "No DRBG available"
74 #endif
75
76 mbedtls_entropy_init(&rng->entropy);
77 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
78 }
79
rng_seed(rng_context_t * rng,int reproducible,const char * pers)80 int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
81 {
82 #if defined(MBEDTLS_USE_PSA_CRYPTO)
83 if (reproducible) {
84 mbedtls_fprintf(stderr,
85 "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
86 return -1;
87 }
88 #endif
89 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
90 /* The PSA crypto RNG does its own seeding. */
91 (void) rng;
92 (void) pers;
93 if (reproducible) {
94 mbedtls_fprintf(stderr,
95 "The PSA RNG does not support reproducible mode.\n");
96 return -1;
97 }
98 return 0;
99 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
100 int (*f_entropy)(void *, unsigned char *, size_t) =
101 (reproducible ? dummy_entropy : mbedtls_entropy_func);
102
103 if (reproducible) {
104 srand(1);
105 }
106
107 #if defined(MBEDTLS_CTR_DRBG_C)
108 int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
109 f_entropy, &rng->entropy,
110 (const unsigned char *) pers,
111 strlen(pers));
112 #elif defined(MBEDTLS_HMAC_DRBG_C)
113 #if defined(MBEDTLS_SHA256_C)
114 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
115 #elif defined(MBEDTLS_SHA512_C)
116 const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
117 #else
118 #error "No message digest available for HMAC_DRBG"
119 #endif
120 int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
121 mbedtls_md_info_from_type(md_type),
122 f_entropy, &rng->entropy,
123 (const unsigned char *) pers,
124 strlen(pers));
125 #else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
126 #error "No DRBG available"
127 #endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
128
129 if (ret != 0) {
130 mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
131 (unsigned int) -ret);
132 return ret;
133 }
134 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
135
136 return 0;
137 }
138
rng_free(rng_context_t * rng)139 void rng_free(rng_context_t *rng)
140 {
141 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
142 (void) rng;
143 /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
144 * This is ok because none of our applications try to do any crypto after
145 * deinitializing the RNG. */
146 mbedtls_psa_crypto_free();
147 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
148
149 #if defined(MBEDTLS_CTR_DRBG_C)
150 mbedtls_ctr_drbg_free(&rng->drbg);
151 #elif defined(MBEDTLS_HMAC_DRBG_C)
152 mbedtls_hmac_drbg_free(&rng->drbg);
153 #else
154 #error "No DRBG available"
155 #endif
156
157 mbedtls_entropy_free(&rng->entropy);
158 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
159 }
160
rng_get(void * p_rng,unsigned char * output,size_t output_len)161 int rng_get(void *p_rng, unsigned char *output, size_t output_len)
162 {
163 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
164 (void) p_rng;
165 return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
166 output, output_len);
167 #else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
168 rng_context_t *rng = p_rng;
169
170 #if defined(MBEDTLS_CTR_DRBG_C)
171 return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
172 #elif defined(MBEDTLS_HMAC_DRBG_C)
173 return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
174 #else
175 #error "No DRBG available"
176 #endif
177
178 #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
179 }
180
181 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
ca_callback(void * data,mbedtls_x509_crt const * child,mbedtls_x509_crt ** candidates)182 int ca_callback(void *data, mbedtls_x509_crt const *child,
183 mbedtls_x509_crt **candidates)
184 {
185 int ret = 0;
186 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
187 mbedtls_x509_crt *first;
188
189 /* This is a test-only implementation of the CA callback
190 * which always returns the entire list of trusted certificates.
191 * Production implementations managing a large number of CAs
192 * should use an efficient presentation and lookup for the
193 * set of trusted certificates (such as a hashtable) and only
194 * return those trusted certificates which satisfy basic
195 * parental checks, such as the matching of child `Issuer`
196 * and parent `Subject` field or matching key identifiers. */
197 ((void) child);
198
199 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
200 if (first == NULL) {
201 ret = -1;
202 goto exit;
203 }
204 mbedtls_x509_crt_init(first);
205
206 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
207 ret = -1;
208 goto exit;
209 }
210
211 while (ca->next != NULL) {
212 ca = ca->next;
213 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
214 ret = -1;
215 goto exit;
216 }
217 }
218
219 exit:
220
221 if (ret != 0) {
222 mbedtls_x509_crt_free(first);
223 mbedtls_free(first);
224 first = NULL;
225 }
226
227 *candidates = first;
228 return ret;
229 }
230 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
231
delayed_recv(void * ctx,unsigned char * buf,size_t len)232 int delayed_recv(void *ctx, unsigned char *buf, size_t len)
233 {
234 static int first_try = 1;
235 int ret;
236
237 if (first_try) {
238 first_try = 0;
239 return MBEDTLS_ERR_SSL_WANT_READ;
240 }
241
242 ret = mbedtls_net_recv(ctx, buf, len);
243 if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
244 first_try = 1; /* Next call will be a new operation */
245 }
246 return ret;
247 }
248
delayed_send(void * ctx,const unsigned char * buf,size_t len)249 int delayed_send(void *ctx, const unsigned char *buf, size_t len)
250 {
251 static int first_try = 1;
252 int ret;
253
254 if (first_try) {
255 first_try = 0;
256 return MBEDTLS_ERR_SSL_WANT_WRITE;
257 }
258
259 ret = mbedtls_net_send(ctx, buf, len);
260 if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
261 first_try = 1; /* Next call will be a new operation */
262 }
263 return ret;
264 }
265
266 #if !defined(MBEDTLS_TIMING_C)
idle(mbedtls_net_context * fd,int idle_reason)267 int idle(mbedtls_net_context *fd,
268 int idle_reason)
269 #else
270 int idle(mbedtls_net_context *fd,
271 mbedtls_timing_delay_context *timer,
272 int idle_reason)
273 #endif
274 {
275 int ret;
276 int poll_type = 0;
277
278 if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
279 poll_type = MBEDTLS_NET_POLL_WRITE;
280 } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
281 poll_type = MBEDTLS_NET_POLL_READ;
282 }
283 #if !defined(MBEDTLS_TIMING_C)
284 else {
285 return 0;
286 }
287 #endif
288
289 while (1) {
290 /* Check if timer has expired */
291 #if defined(MBEDTLS_TIMING_C)
292 if (timer != NULL &&
293 mbedtls_timing_get_delay(timer) == 2) {
294 break;
295 }
296 #endif /* MBEDTLS_TIMING_C */
297
298 /* Check if underlying transport became available */
299 if (poll_type != 0) {
300 ret = mbedtls_net_poll(fd, poll_type, 0);
301 if (ret < 0) {
302 return ret;
303 }
304 if (ret == poll_type) {
305 break;
306 }
307 }
308 }
309
310 return 0;
311 }
312
313 #if defined(MBEDTLS_TEST_HOOKS)
314
test_hooks_init(void)315 void test_hooks_init(void)
316 {
317 mbedtls_test_info_reset();
318
319 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
320 mbedtls_test_mutex_usage_init();
321 #endif
322 }
323
test_hooks_failure_detected(void)324 int test_hooks_failure_detected(void)
325 {
326 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
327 /* Errors are reported via mbedtls_test_info. */
328 mbedtls_test_mutex_usage_check();
329 #endif
330
331 if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
332 return 1;
333 }
334 return 0;
335 }
336
test_hooks_free(void)337 void test_hooks_free(void)
338 {
339 }
340
341 #endif /* MBEDTLS_TEST_HOOKS */
342
343 #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */
344