Test check the key material exported match
- include interop with openssl client
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d0f573e..759603a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2779,7 +2779,17 @@
mbedtls_printf( "\n " );
mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
}
+ mbedtls_printf( "\n" );
+ /* produce a less readable output used to perform automatic checks
+ * - compare client and server output
+ * - interop test with openssl which client produces this kind of output
+ */
+ mbedtls_printf( " Keying material: " );
+ for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ {
+ mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+ }
mbedtls_printf( "\n" );
}
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e66ca40..9cef275 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3890,7 +3890,17 @@
mbedtls_printf( "\n " );
mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
}
+ mbedtls_printf( "\n" );
+ /* produce a less readable output used to perform automatic checks
+ * - compare client and server output
+ * - interop test with openssl which client produces this kind of output
+ */
+ mbedtls_printf( " Keying material: " );
+ for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ {
+ mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+ }
mbedtls_printf( "\n" );
}
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1bba6c6..5334225 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -634,6 +634,23 @@
fi
}
+# Compare file content
+# Usage: find_in_both pattern file1 file2
+# extract from file1 the first line matching the pattern
+# check in file2 that the same line can be found
+find_in_both() {
+ srv_pattern=$(grep -m 1 "$1" "$2");
+ if [ -z "$srv_pattern" ]; then
+ return 1;
+ fi
+
+ if grep "$srv_pattern" $3 >/dev/null; then :
+ return 0;
+ else
+ return 1;
+ fi
+}
+
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output
@@ -643,6 +660,7 @@
# -C pattern pattern that must be absent in client output
# -U pattern lines after pattern must be unique in server output
# -F call shell function on server output
+# -g call shell function on server and client output
run_test() {
NAME="$1"
shift 1
@@ -865,6 +883,12 @@
return
fi
;;
+ "-g")
+ if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
+ fail "function call to '$2' failed on Server and Client output"
+ return
+ fi
+ ;;
*)
echo "Unknown test: $1" >&2
@@ -8729,8 +8753,10 @@
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error"
+
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
@@ -8746,6 +8772,7 @@
-c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8763,6 +8790,7 @@
-c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8780,6 +8808,7 @@
-c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8832,6 +8861,7 @@
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8850,6 +8880,7 @@
-c "found srtp profile" \
-c "selected srtp profile" \
-c "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
@@ -8864,6 +8895,7 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8876,6 +8908,7 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8888,6 +8921,7 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8900,6 +8934,7 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8912,6 +8947,7 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\
+ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP