From aa4d15264ae6905d26aa0e7b81e5b33580c4a3ca Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 6 Jun 2019 21:24:31 +0200 Subject: [PATCH] SSL reproducible test mode --- programs/ssl/ssl_client2.c | 80 ++++++++++++++++++++++++++++++++++---- programs/ssl/ssl_server2.c | 79 +++++++++++++++++++++++++++++++++---- 2 files changed, 143 insertions(+), 16 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1e63ee5df9..58c4020612 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -131,6 +131,7 @@ int main( void ) #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 +#define DFL_REPRODUCIBLE 0 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -482,6 +483,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); @@ -538,6 +540,42 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } + +mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) +{ + (void) time; + return 0x5af2a056; +} + +int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) +{ + int ret; + size_t i; + + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + for (i=0; i 1 ) goto usage; } + else if( strcmp( p, "reproducible" ) == 0 ) + { + opt.reproducible = 1; + } else goto usage; } @@ -1663,13 +1706,24 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); - goto exit; + if (opt.reproducible) { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } + } else { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } } mbedtls_printf( " ok\n" ); @@ -1949,7 +2003,17 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + if (opt.reproducible) { + srand(1); + mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time( dummy_constant_time ); +#else + fprintf(stderr, "Warning: reprpduce without constant time\n"); +#endif + } else { + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + } mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 59d5545f84..586b87119d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -173,6 +173,7 @@ int main( void ) #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 +#define DFL_REPRODUCIBLE 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -597,6 +598,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); @@ -652,6 +654,41 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } +mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) +{ + (void) time; + return 0x5af2a056; +} + +int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) +{ + int ret; + size_t i; + + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + for (i=0; i 1 ) goto usage; } + else if( strcmp( p, "reproducible" ) == 0 ) + { + opt.reproducible = 1; + } else goto usage; } @@ -2446,13 +2488,24 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); - goto exit; + if (opt.reproducible) { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } + } else { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } } mbedtls_printf( " ok\n" ); @@ -2771,7 +2824,17 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + if (opt.reproducible) { + srand(1); + mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time( dummy_constant_time ); +#else + fprintf(stderr, "Warning: reprpduce without constant time\n"); +#endif + } else { + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + } mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C)