ssl-opt.sh: Add tests for keying material export
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0634c26..ad4d8c3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1191,6 +1191,26 @@
fi
}
+# Extract the exported key from the output.
+get_exported_key() {
+ OUTPUT="$1"
+ EXPORTED_KEY1=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT)
+}
+
+# Check that the exported key from the output matches the one obtained in get_exported_key().
+check_exported_key() {
+ OUTPUT="$1"
+ EXPORTED_KEY2=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT)
+ test "$EXPORTED_KEY1" = "$EXPORTED_KEY2"
+}
+
+# Check that the exported key from the output matches the one obtained in get_exported_key().
+check_exported_key_openssl() {
+ OUTPUT="$1"
+ EXPORTED_KEY2=0x$(sed -n '/Keying material: /s/.*: //p' $OUTPUT)
+ test "$EXPORTED_KEY1" = "$EXPORTED_KEY2"
+}
+
# Get handshake memory usage from server or client output and put it into the variable specified by the first argument
handshake_memory_get() {
OUTPUT_VARIABLE="$1"
@@ -1933,6 +1953,34 @@
run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
}
+run_test_export_keying_material() {
+ unset EXPORTED_KEY1
+ unset EXPORTED_KEY2
+ TLS_VERSION="$1"
+ run_test "TLS $TLS_VERSION: Export keying material" \
+ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
+ "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
+ 0 \
+ -s "Exporting key of length 20 with label \".*\": 0x" \
+ -c "Exporting key of length 20 with label \".*\": 0x" \
+ -f get_exported_key \
+ -F check_exported_key
+}
+
+run_test_export_keying_material_openssl_compat() {
+ unset EXPORTED_KEY1
+ unset EXPORTED_KEY2
+ TLS_VERSION="$1"
+ run_test "TLS $TLS_VERSION: Export keying material (OpenSSL compatibility)" \
+ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
+ "$O_CLI -keymatexport=test-label" \
+ 0 \
+ -s "Exporting key of length 20 with label \".*\": 0x" \
+ -c "Keying material exporter:" \
+ -F get_exported_key \
+ -f check_exported_key_openssl
+}
+
cleanup() {
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
rm -f context_srv.txt
@@ -2954,6 +3002,23 @@
0 \
-s "Save serialized context to a file... ok" \
-c "Save serialized context to a file... ok"
+
+requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+requires_protocol_version tls12
+run_test_export_keying_material tls12
+
+requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+requires_protocol_version tls12
+run_test_export_keying_material_openssl_compat tls12
+
+requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+requires_protocol_version tls13
+run_test_export_keying_material tls13
+
+requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+requires_protocol_version tls13
+run_test_export_keying_material_openssl_compat tls13
+
rm -f context_srv.txt
rm -f context_cli.txt