diff --git a/ChangeLog.d/key-export.txt b/ChangeLog.d/key-export.txt new file mode 100644 index 000000000..2fc01a4c5 --- /dev/null +++ b/ChangeLog.d/key-export.txt @@ -0,0 +1,10 @@ +API changes + * mbedtls_ssl_conf_export_keys_ext_cb() and + mbedtls_ssl_conf_export_keys_cb() have been removed and + replaced by a new API mbedtls_ssl_set_export_keys_cb(). + Raw keys and IVs are no longer passed to the callback. + Further, callbacks now receive an additional parameter + indicating the type of secret that's being exported, + paving the way for the larger number of secrets + in TLS 1.3. Finally, the key export callback and + context are now connection-specific. diff --git a/docs/3.0-migration-guide.d/key-export.md b/docs/3.0-migration-guide.d/key-export.md new file mode 100644 index 000000000..f8b3505b5 --- /dev/null +++ b/docs/3.0-migration-guide.d/key-export.md @@ -0,0 +1,36 @@ +SSL key export interface change +------------------------------- + +This affects users of the SSL key export APIs: +``` + mbedtls_ssl_conf_export_keys_cb() + mbedtls_ssl_conf_export_keys_ext_cb() +``` + +Those APIs have been removed and replaced by the new API +`mbedtls_ssl_set_export_keys_cb()`. This API differs from +the previous key export API in the following ways: + +- It is no longer bound to an SSL configuration, but to an + SSL context. This allows users to more easily identify the + connection an exported key belongs to. +- It no longer exports raw keys and IV. +- A secret type parameter has been added to identify which key + is being exported. For TLS 1.2, only the master secret is + exported, but upcoming TLS 1.3 support will add other kinds of keys. +- The callback now specifies a void return type, rather than + returning an error code. It is the responsibility of the application + to handle failures in the key export callback, for example by + shutting down the TLS connection. + +For users which do not rely on raw keys and IV, adjusting to the new +callback type should be straightforward - see the example programs +programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks +for NSSKeylog, EAP-TLS and DTLS-SRTP. + +Users which require access to the raw keys used to secure application +traffic may derive those by hand based on the master secret and the +handshake transcript hashes which can be obtained from the raw data +on the wire. Such users are also encouraged to reach out to the +Mbed TLS team on the mailing list, to let the team know about their +use case. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c37f61ce2..47605f9e2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1549,7 +1549,7 @@ * (see Section 5 of RFC 5764), are not handled by this feature. * Instead, after successful completion of a handshake negotiating * the use of DTLS-SRTP, the extended key exporter API - * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement + * mbedtls_ssl_conf_export_keys_cb() should be used to implement * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 * (this is implemented in the SSL example programs). * The resulting key should then be passed to an SRTP stack. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 32ed6385c..02b59ed73 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -458,18 +458,6 @@ typedef enum } mbedtls_ssl_states; -/* - * The tls_prf function types. - */ -typedef enum -{ - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_TLS1, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256 -} -mbedtls_tls_prf_types; - /** * \brief Callback type: send data on the network. * @@ -963,6 +951,57 @@ struct mbedtls_ssl_session #endif }; +/* + * Identifiers for PRFs used in various versions of TLS. + */ +typedef enum +{ + MBEDTLS_SSL_TLS_PRF_NONE, + MBEDTLS_SSL_TLS_PRF_SHA384, + MBEDTLS_SSL_TLS_PRF_SHA256, + MBEDTLS_SSL_HKDF_EXPAND_SHA384, + MBEDTLS_SSL_HKDF_EXPAND_SHA256 +} +mbedtls_tls_prf_types; + +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +typedef enum +{ + MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET, + MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET, + MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, + MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, + MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET, + MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +} mbedtls_ssl_key_export_type; + +/** + * \brief Callback type: Export key alongside random values for + * session identification, and PRF for + * implementation of TLS key exporters. + * + * \param p_expkey Context for the callback. + * \param type The type of the key that is being exported. + * \param secret The address of the buffer holding the secret + * that's being exporterd. + * \param secret_len The length of \p secret in bytes. + * \param client_random The client random bytes. + * \param server_random The server random bytes. + * \param tls_prf_type The identifier for the PRF used in the handshake + * to which the key belongs. + */ +typedef void mbedtls_ssl_export_keys_t( void *p_expkey, + mbedtls_ssl_key_export_type type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ); +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + /** * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. */ @@ -1028,19 +1067,6 @@ struct mbedtls_ssl_config void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - /** Callback to export key block and master secret */ - int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t ); - /** Callback to export key block, master secret, - * tls_prf and random bytes. Should replace f_export_keys */ - int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t, - const unsigned char[32], const unsigned char[32], - mbedtls_tls_prf_types ); - void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ -#endif - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1388,6 +1414,12 @@ struct mbedtls_ssl_context * Possible values are #MBEDTLS_SSL_CID_ENABLED * and #MBEDTLS_SSL_CID_DISABLED. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + /** Callback to export key block and master secret */ + mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); + void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ +#endif }; /** @@ -1911,70 +1943,6 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, size_t *tlen, uint32_t *lifetime ); -#if defined(MBEDTLS_SSL_EXPORT_KEYS) -/** - * \brief Callback type: Export key block and master secret - * - * \note This is required for certain uses of TLS, e.g. EAP-TLS - * (RFC 5216) and Thread. The key pointers are ephemeral and - * therefore must not be stored. The master secret and keys - * should not be used directly except as an input to a key - * derivation function. - * - * \param p_expkey Context for the callback - * \param ms Pointer to master secret (fixed length: 48 bytes) - * \param kb Pointer to key block, see RFC 5246 section 6.3 - * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen). - * \param maclen MAC length - * \param keylen Key length - * \param ivlen IV length - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_export_keys_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen ); - -/** - * \brief Callback type: Export key block, master secret, - * handshake randbytes and the tls_prf function - * used to derive keys. - * - * \note This is required for certain uses of TLS, e.g. EAP-TLS - * (RFC 5216) and Thread. The key pointers are ephemeral and - * therefore must not be stored. The master secret and keys - * should not be used directly except as an input to a key - * derivation function. - * - * \param p_expkey Context for the callback. - * \param ms Pointer to master secret (fixed length: 48 bytes). - * \param kb Pointer to key block, see RFC 5246 section 6.3. - * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen). - * \param maclen MAC length. - * \param keylen Key length. - * \param ivlen IV length. - * \param client_random The client random bytes. - * \param server_random The server random bytes. - * \param tls_prf_type The tls_prf enum type. - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ); -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - /** * \brief Callback type: parse and load session ticket * @@ -2026,34 +1994,26 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** - * \brief Configure key export callback. - * (Default: none.) + * \brief Configure a key export callback. + * (Default: none.) * - * \note See \c mbedtls_ssl_export_keys_t. + * This API can be used for two purposes: + * - Debugging: Use this API to e.g. generate an NSSKeylog + * file and use it to inspect encrypted traffic in tools + * such as Wireshark. + * - Application-specific export: Use this API to implement + * key exporters, e.g. for EAP-TLS or DTLS-SRTP. * - * \param conf SSL configuration context - * \param f_export_keys Callback for exporting keys - * \param p_export_keys Context for the callback + * + * \param ssl The SSL context to which the export + * callback should be attached. + * \param f_export_keys The callback for the key export. + * \param p_export_keys The opaque context pointer to be passed to the + * callback \p f_export_keys. */ -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ); - -/** - * \brief Configure extended key export callback. - * (Default: none.) - * - * \note See \c mbedtls_ssl_export_keys_ext_t. - * \warning Exported key material must not be used for any purpose - * before the (D)TLS handshake is completed - * - * \param conf SSL configuration context - * \param f_export_keys_ext Callback for exporting keys - * \param p_export_keys Context for the callback - */ -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ); +void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5787026f3..1396400ce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -971,23 +971,14 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, ((void) mac_enc); #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->conf->f_export_keys != NULL ) + if( ssl->f_export_keys != NULL ) { - ssl->conf->f_export_keys( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len ); - } - - if( ssl->conf->f_export_keys_ext != NULL ) - { - ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len, - randbytes + 32, - randbytes, - tls_prf_get_type( tls_prf ) ); + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, + master, 48, + randbytes + 32, + randbytes, + tls_prf_get_type( tls_prf ) ); } #endif @@ -4168,20 +4159,12 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ) +void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys ) { - conf->f_export_keys = f_export_keys; - conf->p_export_keys = p_export_keys; -} - -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ) -{ - conf->f_export_keys_ext = f_export_keys_ext; - conf->p_export_keys = p_export_keys; + ssl->f_export_keys = f_export_keys; + ssl->p_export_keys = p_export_keys; } #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dad65e3f4..25fe21bd9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1723,27 +1723,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); #endif -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( opt.eap_tls != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation, - &eap_tls_keying ); - } - else if( opt.nss_keylog != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, - nss_keylog_export, - NULL ); - } -#if defined( MBEDTLS_SSL_DTLS_SRTP ) - else if( opt.use_srtp != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, - &dtls_srtp_keying ); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - #if defined(MBEDTLS_DHM_C) if( opt.dhmlen != DFL_DHMLEN ) mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen ); @@ -1873,6 +1852,27 @@ int main( int argc, char *argv[] ) goto exit; } +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation, + &eap_tls_keying ); + } + else if( opt.nss_keylog != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, + nss_keylog_export, + NULL ); + } +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0e242a5a3..cf608b9b5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2512,27 +2512,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); #endif -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( opt.eap_tls != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation, - &eap_tls_keying ); - } - else if( opt.nss_keylog != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, - nss_keylog_export, - NULL ); - } -#if defined( MBEDTLS_SSL_DTLS_SRTP ) - else if( opt.use_srtp != 0 ) - { - mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, - &dtls_srtp_keying ); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) @@ -2859,6 +2838,27 @@ int main( int argc, char *argv[] ) goto exit; } +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation, + &eap_tls_keying ); + } + else if( opt.nss_keylog != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, + nss_keylog_export, + NULL ); + } +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + io_ctx.ssl = &ssl; io_ctx.net = &client_fd; mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb, diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index fa2c60697..d30c36ea5 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -25,55 +25,46 @@ */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -int eap_tls_key_derivation( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ) +void eap_tls_key_derivation( void *p_expkey, + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) { eap_tls_keys *keys = (eap_tls_keys *)p_expkey; - ( ( void ) kb ); - memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + /* We're only interested in the TLS 1.2 master secret */ + if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET ) + return; + if( secret_len != sizeof( keys->master_secret ) ) + return; + + memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); keys->tls_prf_type = tls_prf_type; - - if( opt.debug_level > 2 ) - { - mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); - mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); - mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); - } - return( 0 ); } -int nss_keylog_export( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ) +void nss_keylog_export( void *p_expkey, + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) { char nss_keylog_line[ 200 ]; size_t const client_random_len = 32; - size_t const master_secret_len = 48; size_t len = 0; size_t j; - int ret = 0; + + /* We're only interested in the TLS 1.2 master secret */ + if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET ) + return; ((void) p_expkey); - ((void) kb); - ((void) maclen); - ((void) keylen); - ((void) ivlen); ((void) server_random); ((void) tls_prf_type); @@ -88,10 +79,10 @@ int nss_keylog_export( void *p_expkey, len += sprintf( nss_keylog_line + len, " " ); - for( j = 0; j < master_secret_len; j++ ) + for( j = 0; j < secret_len; j++ ) { len += sprintf( nss_keylog_line + len, - "%02x", ms[j] ); + "%02x", secret[j] ); } len += sprintf( nss_keylog_line + len, "\n" ); @@ -108,13 +99,11 @@ int nss_keylog_export( void *p_expkey, if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL ) { - ret = -1; goto exit; } if( fwrite( nss_keylog_line, 1, len, f ) != len ) { - ret = -1; fclose( f ); goto exit; } @@ -125,35 +114,29 @@ int nss_keylog_export( void *p_expkey, exit: mbedtls_platform_zeroize( nss_keylog_line, sizeof( nss_keylog_line ) ); - return( ret ); } #if defined( MBEDTLS_SSL_DTLS_SRTP ) -int dtls_srtp_key_derivation( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ) +void dtls_srtp_key_derivation( void *p_expkey, + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) { dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; - ( ( void ) kb ); - memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + /* We're only interested in the TLS 1.2 master secret */ + if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET ) + return; + if( secret_len != sizeof( keys->master_secret ) ) + return; + + memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); keys->tls_prf_type = tls_prf_type; - - if( opt.debug_level > 2 ) - { - mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); - mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); - mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); - } - return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 681a6efde..c8e49853e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8377,12 +8377,6 @@ run_test "export keys functionality" \ "$P_SRV eap_tls=1 debug_level=3" \ "$P_CLI eap_tls=1 debug_level=3" \ 0 \ - -s "exported maclen is " \ - -s "exported keylen is " \ - -s "exported ivlen is " \ - -c "exported maclen is " \ - -c "exported keylen is " \ - -c "exported ivlen is " \ -c "EAP-TLS key material is:"\ -s "EAP-TLS key material is:"\ -c "EAP-TLS IV is:" \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index b0a573dcf..e0a95aeff 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -8638,14 +8638,6 @@ ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled -depends_on:MBEDTLS_SSL_PROTO_TLS1 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0 - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled -depends_on:MBEDTLS_SSL_PROTO_TLS1_1 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0 - SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 depends_on:MBEDTLS_SHA384_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 @@ -8654,10 +8646,6 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled -depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled depends_on:!MBEDTLS_SHA384_C ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE