TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1b6c09a62e5f597a7b2d95042b39f0c39b1025e1 / . / programs / ssl / ssl_test_common_source.c
blob: d3ce67e4dae1afd352d8f9e38afa4cf6e226a9be [file] [log] [blame]
Gilles Peskine0d980b82021-01-05 23:34:27 +0100[diff] [blame]1/*
2 * Common source code for SSL test programs. This file is included by
3 * both ssl_client2.c and ssl_server2.c and is intended for source
4 * code that is textually identical in both programs, but that cannot be
5 * compiled separately because it refers to types or macros that are
6 * different in the two programs, or because it would have an incomplete
7 * type.
8 *
9 * This file is meant to be #include'd and cannot be compiled separately.
10 *
11 * Copyright The Mbed TLS Contributors
12 * SPDX-License-Identifier: Apache-2.0
13 *
14 * Licensed under the Apache License, Version 2.0 (the "License"); you may
15 * not use this file except in compliance with the License.
16 * You may obtain a copy of the License at
17 *
18 * http://www.apache.org/licenses/LICENSE-2.0
19 *
20 * Unless required by applicable law or agreed to in writing, software
21 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 * See the License for the specific language governing permissions and
24 * limitations under the License.
25 */
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]26
27#if defined(MBEDTLS_SSL_EXPORT_KEYS)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]28int eap_tls_key_derivation(void *p_expkey,
29 const unsigned char *ms,
30 const unsigned char *kb,
31 size_t maclen,
32 size_t keylen,
33 size_t ivlen,
34 const unsigned char client_random[32],
35 const unsigned char server_random[32],
36 mbedtls_tls_prf_types tls_prf_type)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]37{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]38 eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]39
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]40 ((void) kb);
41 memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
42 memcpy(keys->randbytes, client_random, 32);
43 memcpy(keys->randbytes + 32, server_random, 32);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]44 keys->tls_prf_type = tls_prf_type;
45
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]46 if (opt.debug_level > 2) {
47 mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
48 mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
49 mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]50 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]51 return 0;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]52}
53
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]54int nss_keylog_export(void *p_expkey,
55 const unsigned char *ms,
56 const unsigned char *kb,
57 size_t maclen,
58 size_t keylen,
59 size_t ivlen,
60 const unsigned char client_random[32],
61 const unsigned char server_random[32],
62 mbedtls_tls_prf_types tls_prf_type)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]63{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]64 char nss_keylog_line[200];
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]65 size_t const client_random_len = 32;
66 size_t const master_secret_len = 48;
67 size_t len = 0;
68 size_t j;
69 int ret = 0;
70
71 ((void) p_expkey);
72 ((void) kb);
73 ((void) maclen);
74 ((void) keylen);
75 ((void) ivlen);
76 ((void) server_random);
77 ((void) tls_prf_type);
78
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]79 len += sprintf(nss_keylog_line + len,
80 "%s", "CLIENT_RANDOM ");
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]81
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]82 for (j = 0; j < client_random_len; j++) {
83 len += sprintf(nss_keylog_line + len,
84 "%02x", client_random[j]);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]85 }
86
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]87 len += sprintf(nss_keylog_line + len, " ");
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]88
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]89 for (j = 0; j < master_secret_len; j++) {
90 len += sprintf(nss_keylog_line + len,
91 "%02x", ms[j]);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]92 }
93
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]94 len += sprintf(nss_keylog_line + len, "\n");
95 nss_keylog_line[len] = '\0';
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]96
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]97 mbedtls_printf("\n");
98 mbedtls_printf("---------------- NSS KEYLOG -----------------\n");
99 mbedtls_printf("%s", nss_keylog_line);
100 mbedtls_printf("---------------------------------------------\n");
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]101
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]102 if (opt.nss_keylog_file != NULL) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]103 FILE *f;
104
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]105 if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]106 ret = -1;
107 goto exit;
108 }
109
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]110 if (fwrite(nss_keylog_line, 1, len, f) != len) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]111 ret = -1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]112 fclose(f);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]113 goto exit;
114 }
115
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]116 fclose(f);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]117 }
118
119exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]120 mbedtls_platform_zeroize(nss_keylog_line,
121 sizeof(nss_keylog_line));
122 return ret;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]123}
124
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]125#if defined(MBEDTLS_SSL_DTLS_SRTP)
126int dtls_srtp_key_derivation(void *p_expkey,
127 const unsigned char *ms,
128 const unsigned char *kb,
129 size_t maclen,
130 size_t keylen,
131 size_t ivlen,
132 const unsigned char client_random[32],
133 const unsigned char server_random[32],
134 mbedtls_tls_prf_types tls_prf_type)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]135{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]136 dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]137
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]138 ((void) kb);
139 memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
140 memcpy(keys->randbytes, client_random, 32);
141 memcpy(keys->randbytes + 32, server_random, 32);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]142 keys->tls_prf_type = tls_prf_type;
143
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]144 if (opt.debug_level > 2) {
145 mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
146 mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
147 mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]148 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]149 return 0;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]150}
151#endif /* MBEDTLS_SSL_DTLS_SRTP */
152
153#endif /* MBEDTLS_SSL_EXPORT_KEYS */
154
155#if defined(MBEDTLS_SSL_RECORD_CHECKING)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]156int ssl_check_record(mbedtls_ssl_context const *ssl,
157 unsigned char const *buf, size_t len)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]158{
Manuel Pégourié-Gonnard87e8b5c2021-07-07 10:48:26 +0200[diff] [blame]159 int my_ret = 0, ret_cr1, ret_cr2;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]160 unsigned char *tmp_buf;
161
162 /* Record checking may modify the input buffer,
163 * so make a copy. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]164 tmp_buf = mbedtls_calloc(1, len);
165 if (tmp_buf == NULL) {
166 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
167 }
168 memcpy(tmp_buf, buf, len);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]169
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]170 ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
171 if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]172 /* Test-only: Make sure that mbedtls_ssl_check_record()
173 * doesn't alter state. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]174 memcpy(tmp_buf, buf, len); /* Restore buffer */
175 ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
176 if (ret_cr2 != ret_cr1) {
177 mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n");
Manuel Pégourié-Gonnard87e8b5c2021-07-07 10:48:26 +0200[diff] [blame]178 my_ret = -1;
Manuel Pégourié-Gonnard40e26b22021-07-06 12:05:23 +0200[diff] [blame]179 goto cleanup;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]180 }
181
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]182 switch (ret_cr1) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]183 case 0:
184 break;
185
186 case MBEDTLS_ERR_SSL_INVALID_RECORD:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]187 if (opt.debug_level > 1) {
188 mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n");
189 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]190 break;
191
192 case MBEDTLS_ERR_SSL_INVALID_MAC:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]193 if (opt.debug_level > 1) {
194 mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n");
195 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]196 break;
197
198 case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]199 if (opt.debug_level > 1) {
200 mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n");
201 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]202 break;
203
204 default:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]205 mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n",
206 (unsigned int) -ret_cr1);
Manuel Pégourié-Gonnard87e8b5c2021-07-07 10:48:26 +0200[diff] [blame]207 my_ret = -1;
Manuel Pégourié-Gonnard40e26b22021-07-06 12:05:23 +0200[diff] [blame]208 goto cleanup;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]209 }
210
211 /* Regardless of the outcome, forward the record to the stack. */
212 }
213
Manuel Pégourié-Gonnard40e26b22021-07-06 12:05:23 +0200[diff] [blame]214cleanup:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]215 mbedtls_free(tmp_buf);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]216
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]217 return my_ret;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]218}
219#endif /* MBEDTLS_SSL_RECORD_CHECKING */
220
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]221int recv_cb(void *ctx, unsigned char *buf, size_t len)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]222{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]223 io_ctx_t *io_ctx = (io_ctx_t *) ctx;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]224 size_t recv_len;
225 int ret;
226
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]227 if (opt.nbio == 2) {
228 ret = delayed_recv(io_ctx->net, buf, len);
229 } else {
230 ret = mbedtls_net_recv(io_ctx->net, buf, len);
231 }
232 if (ret < 0) {
233 return ret;
234 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]235 recv_len = (size_t) ret;
236
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]237 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]238 /* Here's the place to do any datagram/record checking
239 * in between receiving the packet from the underlying
240 * transport and passing it on to the TLS stack. */
241#if defined(MBEDTLS_SSL_RECORD_CHECKING)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]242 if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
243 return -1;
244 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]245#endif /* MBEDTLS_SSL_RECORD_CHECKING */
246 }
247
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]248 return (int) recv_len;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]249}
250
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]251int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
252 uint32_t timeout)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]253{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]254 io_ctx_t *io_ctx = (io_ctx_t *) ctx;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]255 int ret;
256 size_t recv_len;
257
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]258 ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout);
259 if (ret < 0) {
260 return ret;
261 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]262 recv_len = (size_t) ret;
263
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]264 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]265 /* Here's the place to do any datagram/record checking
266 * in between receiving the packet from the underlying
267 * transport and passing it on to the TLS stack. */
268#if defined(MBEDTLS_SSL_RECORD_CHECKING)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]269 if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
270 return -1;
271 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]272#endif /* MBEDTLS_SSL_RECORD_CHECKING */
273 }
274
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]275 return (int) recv_len;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]276}
277
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]278int send_cb(void *ctx, unsigned char const *buf, size_t len)
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]279{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]280 io_ctx_t *io_ctx = (io_ctx_t *) ctx;
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]281
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]282 if (opt.nbio == 2) {
283 return delayed_send(io_ctx->net, buf, len);
284 }
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]285
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]286 return mbedtls_net_send(io_ctx->net, buf, len);
Gilles Peskine504c1a32021-01-05 23:40:14 +0100[diff] [blame]287}
288
289#if defined(MBEDTLS_X509_CRT_PARSE_C)
290int ssl_sig_hashes_for_test[] = {
291#if defined(MBEDTLS_SHA512_C)
292 MBEDTLS_MD_SHA512,
293 MBEDTLS_MD_SHA384,
294#endif
295#if defined(MBEDTLS_SHA256_C)
296 MBEDTLS_MD_SHA256,
297 MBEDTLS_MD_SHA224,
298#endif
299#if defined(MBEDTLS_SHA1_C)
300 /* Allow SHA-1 as we use it extensively in tests. */
301 MBEDTLS_MD_SHA1,
302#endif
303 MBEDTLS_MD_NONE
304};
305#endif /* MBEDTLS_X509_CRT_PARSE_C */