1 /* 2 * Common code for SSL test programs 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7 8 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H 9 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H 10 11 #include "mbedtls/version.h" 12 13 #if !defined(MBEDTLS_CONFIG_FILE) 14 #include "mbedtls/config.h" 15 #else 16 #include MBEDTLS_CONFIG_FILE 17 #endif 18 19 #include "mbedtls/platform.h" 20 21 #undef HAVE_RNG 22 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ 23 (defined(MBEDTLS_USE_PSA_CRYPTO) || \ 24 defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) 25 #define HAVE_RNG 26 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) 27 #define HAVE_RNG 28 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \ 29 (defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C)) 30 #define HAVE_RNG 31 #endif 32 33 #if !defined(MBEDTLS_NET_C) || \ 34 !defined(MBEDTLS_SSL_TLS_C) || \ 35 defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) 36 #define MBEDTLS_SSL_TEST_IMPOSSIBLE \ 37 "MBEDTLS_NET_C and/or " \ 38 "MBEDTLS_SSL_TLS_C not defined, " \ 39 "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" 40 #elif !defined(HAVE_RNG) 41 #define MBEDTLS_SSL_TEST_IMPOSSIBLE \ 42 "No random generator is available.\n" 43 #else 44 #undef MBEDTLS_SSL_TEST_IMPOSSIBLE 45 46 #undef HAVE_RNG 47 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 52 #include "mbedtls/net_sockets.h" 53 #include "mbedtls/ssl.h" 54 #include "mbedtls/entropy.h" 55 #include "mbedtls/ctr_drbg.h" 56 #include "mbedtls/hmac_drbg.h" 57 #include "mbedtls/certs.h" 58 #include "mbedtls/x509.h" 59 #include "mbedtls/error.h" 60 #include "mbedtls/debug.h" 61 #include "mbedtls/timing.h" 62 #include "mbedtls/base64.h" 63 64 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) 65 #include "psa/crypto.h" 66 #include "mbedtls/psa_util.h" 67 #endif 68 69 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) 70 #include "mbedtls/memory_buffer_alloc.h" 71 #endif 72 73 #include <test/helpers.h> 74 75 #include "../test/query_config.h" 76 77 #if defined(MBEDTLS_SSL_EXPORT_KEYS) 78 79 typedef struct eap_tls_keys { 80 unsigned char master_secret[48]; 81 unsigned char randbytes[64]; 82 mbedtls_tls_prf_types tls_prf_type; 83 } eap_tls_keys; 84 85 #if defined(MBEDTLS_SSL_DTLS_SRTP) 86 87 /* Supported SRTP mode needs a maximum of : 88 * - 16 bytes for key (AES-128) 89 * - 14 bytes SALT 90 * One for sender, one for receiver context 91 */ 92 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 93 94 typedef struct dtls_srtp_keys { 95 unsigned char master_secret[48]; 96 unsigned char randbytes[64]; 97 mbedtls_tls_prf_types tls_prf_type; 98 } dtls_srtp_keys; 99 100 #endif /* MBEDTLS_SSL_DTLS_SRTP */ 101 102 #endif /* MBEDTLS_SSL_EXPORT_KEYS */ 103 104 typedef struct { 105 mbedtls_ssl_context *ssl; 106 mbedtls_net_context *net; 107 } io_ctx_t; 108 109 void my_debug(void *ctx, int level, 110 const char *file, int line, 111 const char *str); 112 113 #if defined(MBEDTLS_HAVE_TIME) 114 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); 115 #endif 116 117 #if defined(MBEDTLS_USE_PSA_CRYPTO) 118 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use 119 * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. 120 * 121 * The constraints are: 122 * - Without the entropy module, the PSA RNG is the only option. 123 * - Without at least one of the DRBG modules, the PSA RNG is the only option. 124 * - The PSA RNG does not support explicit seeding, so it is incompatible with 125 * the reproducible mode used by test programs. 126 * - For good overall test coverage, there should be at least one configuration 127 * where the test programs use the PSA RNG while the PSA RNG is itself based 128 * on entropy+DRBG, and at least one configuration where the test programs 129 * do not use the PSA RNG even though it's there. 130 * 131 * A simple choice that meets the constraints is to use the PSA RNG whenever 132 * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the 133 * choice to use the PSA RNG in the test programs and the choice to use 134 * PSA crypto when TLS code needs crypto have to be tied together, but it 135 * happens to be a good match. It's also a good match from an application 136 * perspective: either PSA is preferred for TLS (both for crypto and for 137 * random generation) or it isn't. 138 */ 139 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG 140 #endif 141 142 /** A context for random number generation (RNG). 143 */ 144 typedef struct { 145 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) 146 unsigned char dummy; 147 #else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ 148 mbedtls_entropy_context entropy; 149 #if defined(MBEDTLS_CTR_DRBG_C) 150 mbedtls_ctr_drbg_context drbg; 151 #elif defined(MBEDTLS_HMAC_DRBG_C) 152 mbedtls_hmac_drbg_context drbg; 153 #else 154 #error "No DRBG available" 155 #endif 156 #endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ 157 } rng_context_t; 158 159 /** Initialize the RNG. 160 * 161 * This function only initializes the memory used by the RNG context. 162 * Before using the RNG, it must be seeded with rng_seed(). 163 */ 164 void rng_init(rng_context_t *rng); 165 166 /* Seed the random number generator. 167 * 168 * \param rng The RNG context to use. It must have been initialized 169 * with rng_init(). 170 * \param reproducible If zero, seed the RNG from entropy. 171 * If nonzero, use a fixed seed, so that the program 172 * will produce the same sequence of random numbers 173 * each time it is invoked. 174 * \param pers A null-terminated string. Different values for this 175 * string cause the RNG to emit different output for 176 * the same seed. 177 * 178 * return 0 on success, a negative value on error. 179 */ 180 int rng_seed(rng_context_t *rng, int reproducible, const char *pers); 181 182 /** Deinitialize the RNG. Free any embedded resource. 183 * 184 * \param rng The RNG context to deinitialize. It must have been 185 * initialized with rng_init(). 186 */ 187 void rng_free(rng_context_t *rng); 188 189 /** Generate random data. 190 * 191 * This function is suitable for use as the \c f_rng argument to Mbed TLS 192 * library functions. 193 * 194 * \param p_rng The random generator context. This must be a pointer to 195 * a #rng_context_t structure. 196 * \param output The buffer to fill. 197 * \param output_len The length of the buffer in bytes. 198 * 199 * \return \c 0 on success. 200 * \return An Mbed TLS error code on error. 201 */ 202 int rng_get(void *p_rng, unsigned char *output, size_t output_len); 203 204 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 205 /* The test implementation of the PSA external RNG is insecure. When 206 * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto 207 * function that makes use of an RNG, you must call 208 * mbedtls_test_enable_insecure_external_rng(). */ 209 #include <test/fake_external_rng_for_test.h> 210 #endif 211 212 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 213 int ca_callback(void *data, mbedtls_x509_crt const *child, 214 mbedtls_x509_crt **candidates); 215 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 216 217 /* 218 * Test recv/send functions that make sure each try returns 219 * WANT_READ/WANT_WRITE at least once before succeeding 220 */ 221 int delayed_recv(void *ctx, unsigned char *buf, size_t len); 222 int delayed_send(void *ctx, const unsigned char *buf, size_t len); 223 224 /* 225 * Wait for an event from the underlying transport or the timer 226 * (Used in event-driven IO mode). 227 */ 228 int idle(mbedtls_net_context *fd, 229 #if defined(MBEDTLS_TIMING_C) 230 mbedtls_timing_delay_context *timer, 231 #endif 232 int idle_reason); 233 234 #if defined(MBEDTLS_TEST_HOOKS) 235 /** Initialize whatever test hooks are enabled by the compile-time 236 * configuration and make sense for the TLS test programs. */ 237 void test_hooks_init(void); 238 239 /** Check if any test hooks detected a problem. 240 * 241 * If a problem was detected, it's ok for the calling program to keep going, 242 * but it should ultimately exit with an error status. 243 * 244 * \note When implementing a test hook that detects errors on its own 245 * (as opposed to e.g. leaving the error for a memory sanitizer to 246 * report), make sure to print a message to standard error either at 247 * the time the problem is detected or during the execution of this 248 * function. This function does not indicate what problem was detected, 249 * so printing a message is the only way to provide feedback in the 250 * logs of the calling program. 251 * 252 * \return Nonzero if a problem was detected. 253 * \c 0 if no problem was detected. 254 */ 255 int test_hooks_failure_detected(void); 256 257 /** Free any resources allocated for the sake of test hooks. 258 * 259 * Call this at the end of the program so that resource leak analyzers 260 * don't complain. 261 */ 262 void test_hooks_free(void); 263 264 #endif /* !MBEDTLS_TEST_HOOKS */ 265 266 #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ 267 #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ 268