Test check the key material exported match

- include interop with openssl client

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal 2020-09-24 12:01:13 +02:00
parent 39cfd3b96e
commit 9bc50b0122
3 changed files with 56 additions and 0 deletions

View File

@ -2779,7 +2779,17 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n " ); mbedtls_printf( "\n " );
mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
} }
mbedtls_printf( "\n" );
/* produce a less readable output used to perform automatic checks
* - compare client and server output
* - interop test with openssl which client produces this kind of output
*/
mbedtls_printf( " Keying material: " );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{
mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
}
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
} }
} }

View File

@ -3890,7 +3890,17 @@ handshake:
mbedtls_printf( "\n " ); mbedtls_printf( "\n " );
mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
} }
mbedtls_printf( "\n" );
/* produce a less readable output used to perform automatic checks
* - compare client and server output
* - interop test with openssl which client produces this kind of output
*/
mbedtls_printf( " Keying material: " );
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{
mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
}
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
} }
} }

View File

@ -634,6 +634,23 @@ detect_dtls() {
fi fi
} }
# Compare file content
# Usage: find_in_both pattern file1 file2
# extract from file1 the first line matching the pattern
# check in file2 that the same line can be found
find_in_both() {
srv_pattern=$(grep -m 1 "$1" "$2");
if [ -z "$srv_pattern" ]; then
return 1;
fi
if grep "$srv_pattern" $3 >/dev/null; then :
return 0;
else
return 1;
fi
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output # Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output # -c pattern pattern that must be present in client output
@ -643,6 +660,7 @@ detect_dtls() {
# -C pattern pattern that must be absent in client output # -C pattern pattern that must be absent in client output
# -U pattern lines after pattern must be unique in server output # -U pattern lines after pattern must be unique in server output
# -F call shell function on server output # -F call shell function on server output
# -g call shell function on server and client output
run_test() { run_test() {
NAME="$1" NAME="$1"
shift 1 shift 1
@ -865,6 +883,12 @@ run_test() {
return return
fi fi
;; ;;
"-g")
if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
fail "function call to '$2' failed on Server and Client output"
return
fi
;;
*) *)
echo "Unknown test: $1" >&2 echo "Unknown test: $1" >&2
@ -8729,8 +8753,10 @@ run_test "DTLS-SRTP all profiles supported" \
-c "found srtp profile" \ -c "found srtp profile" \
-c "selected srtp profile" \ -c "selected srtp profile" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
@ -8746,6 +8772,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile."
-c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \ -c "selected srtp profile" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8763,6 +8790,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles."
-c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
-c "selected srtp profile" \ -c "selected srtp profile" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8780,6 +8808,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \
-c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \ -c "selected srtp profile" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8832,6 +8861,7 @@ run_test "DTLS-SRTP all profiles supported. mki used" \
-c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8850,6 +8880,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
-c "found srtp profile" \ -c "found srtp profile" \
-c "selected srtp profile" \ -c "selected srtp profile" \
-c "DTLS-SRTP key material is"\ -c "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \
-C "error" -C "error"
@ -8864,6 +8895,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \
-s "selected srtp profile" \ -s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \ -s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\ -s "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8876,6 +8908,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles,
-s "selected srtp profile" \ -s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \ -s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\ -s "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8888,6 +8921,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile.
-s "selected srtp profile" \ -s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \ -s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\ -s "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8900,6 +8934,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles.
-s "selected srtp profile" \ -s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \ -s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\ -s "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@ -8912,6 +8947,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss
-s "selected srtp profile" \ -s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \ -s "server hello, adding use_srtp extension" \
-s "DTLS-SRTP key material is"\ -s "DTLS-SRTP key material is"\
-g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_DTLS_SRTP