Test check the key material exported match

- include interop with openssl client Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-09-24 12:01:13 +02:00 · 2020-09-24 12:01:13 +02:00 · 9bc50b0122
commit 9bc50b0122
parent 39cfd3b96e
3 changed files with 56 additions and 0 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -2779,7 +2779,17 @@ int main( int argc, char *argv[] )
                    mbedtls_printf( "\n    " );
                mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
            }
+            mbedtls_printf( "\n" );

+            /* produce a less readable output used to perform automatic checks
+             * - compare client and server output
+             * - interop test with openssl which client produces this kind of output
+             */
+            mbedtls_printf( "    Keying material: " );
+            for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+            {
+                mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+            }
            mbedtls_printf( "\n" );
        }
    }
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -3890,7 +3890,17 @@ handshake:
                    mbedtls_printf( "\n    " );
                mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
            }
+            mbedtls_printf( "\n" );

+            /* produce a less readable output used to perform automatic checks
+             * - compare client and server output
+             * - interop test with openssl which client produces this kind of output
+             */
+            mbedtls_printf( "    Keying material: " );
+            for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+            {
+                mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+            }
            mbedtls_printf( "\n" );
        }
    }
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -634,6 +634,23 @@ detect_dtls() {
    fi
 }

+# Compare file content
+# Usage: find_in_both pattern file1 file2
+# extract from file1 the first line matching the pattern
+# check in file2 that the same line can be found
+find_in_both() {
+        srv_pattern=$(grep -m 1 "$1" "$2");
+        if [ -z "$srv_pattern" ]; then
+                return 1;
+        fi
+
+        if grep "$srv_pattern" $3 >/dev/null; then :
+                       return 0;
+        else
+                return 1;
+        fi
+}
+
 # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
 # Options:  -s pattern  pattern that must be present in server output
 #           -c pattern  pattern that must be present in client output
@ -643,6 +660,7 @@ detect_dtls() {
 #           -C pattern  pattern that must be absent in client output
 #           -U pattern  lines after pattern must be unique in server output
 #           -F call shell function on server output
+#           -g call shell function on server and client output
 run_test() {
    NAME="$1"
    shift 1
@ -865,6 +883,12 @@ run_test() {
                    return
                fi
                ;;
+            "-g")
+                if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
+                    fail "function call to '$2' failed on Server and Client output"
+                    return
+                fi
+                ;;

            *)
                echo "Unknown test: $1" >&2
@ -8729,8 +8753,10 @@ run_test  "DTLS-SRTP all profiles supported" \
          -c "found srtp profile" \
          -c "selected srtp profile" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -C "error"

+
 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
 run_test  "DTLS-SRTP server supports all profiles. Client supports one profile." \
          "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
@ -8746,6 +8772,7 @@ run_test  "DTLS-SRTP server supports all profiles. Client supports one profile."
          -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
          -c "selected srtp profile" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -C "error"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8763,6 +8790,7 @@ run_test  "DTLS-SRTP server supports one profile. Client supports all profiles."
          -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
          -c "selected srtp profile" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -C "error"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8780,6 +8808,7 @@ run_test  "DTLS-SRTP server and Client support only one matching profile." \
          -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
          -c "selected srtp profile" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -C "error"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8832,6 +8861,7 @@ run_test  "DTLS-SRTP all profiles supported. mki used" \
          -c "dumping 'sending mki' (8 bytes)" \
          -c "dumping 'received mki' (8 bytes)" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -C "error"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8850,6 +8880,7 @@ run_test  "DTLS-SRTP all profiles supported. server doesn't support mki." \
          -c "found srtp profile" \
          -c "selected srtp profile" \
          -c "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "dumping 'sending mki' (8 bytes)" \
          -C "dumping 'received mki' (8 bytes)" \
          -C "error"
@ -8864,6 +8895,7 @@ run_test  "DTLS-SRTP all profiles supported. openssl client." \
          -s "selected srtp profile" \
          -s "server hello, adding use_srtp extension" \
          -s "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8876,6 +8908,7 @@ run_test  "DTLS-SRTP server supports all profiles. Client supports all profiles,
          -s "selected srtp profile" \
          -s "server hello, adding use_srtp extension" \
          -s "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8888,6 +8921,7 @@ run_test  "DTLS-SRTP server supports all profiles. Client supports one profile.
          -s "selected srtp profile" \
          -s "server hello, adding use_srtp extension" \
          -s "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8900,6 +8934,7 @@ run_test  "DTLS-SRTP server supports one profile. Client supports all profiles.
          -s "selected srtp profile" \
          -s "server hello, adding use_srtp extension" \
          -s "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8912,6 +8947,7 @@ run_test  "DTLS-SRTP server and Client support only one matching profile. openss
          -s "selected srtp profile" \
          -s "server hello, adding use_srtp extension" \
          -s "DTLS-SRTP key material is"\
+          -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
          -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"

 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP