Merge remote-tracking branch 'origin/pr/2538' into development

* origin/pr/2538: Remove unneeded whitespaces Fix mingw CI failures Initialize psa_crypto in ssl test Fix missing tls version test failures Fix typo Fix ChangeLog entry location Add changeLog entry Add test for export keys functionality Add function to retrieve the tls_prf type Add tests for the public tls_prf API Add public API for tls_prf Add eap-tls key derivation in the examples. Add ChangeLog entry Add an extra key export function Have the temporary buffer allocated dynamically Zeroize secret data in the exit point Add a single exit point in key derivation function
2026-04-20 22:05:15 +00:00 · 2019-05-20 10:58:36 +01:00 · 2019-05-20 10:58:36 +01:00 · 9ebcf9b00a
commit 9ebcf9b00a
parent fc4596f3d5 51c4507b9c
9 changed files with 578 additions and 41 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -7939,6 +7939,18 @@ run_test    "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
            -s "Extra-header:" \
            -c "Extra-header:"

+requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS
+run_test    "export keys functionality" \
+            "$P_SRV eap_tls=1 debug_level=3" \
+            "$P_CLI eap_tls=1 debug_level=3" \
+            0 \
+            -s "exported maclen is " \
+            -s "exported keylen is " \
+            -s "exported ivlen is "  \
+            -c "exported maclen is " \
+            -c "exported keylen is " \
+            -c "exported ivlen is "
+
 # Final report

 echo "------------------------------------------------------------------------"
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -5633,3 +5633,42 @@ ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_
 Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
 depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3
+depends_on:MBEDTLS_SSL_PROTO_SSL3
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
+depends_on:MBEDTLS_SSL_PROTO_TLS1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 not enabled
+depends_on:!MBEDTLS_SSL_PROTO_SSL3
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
+depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-512 not enabled
+depends_on:!MBEDTLS_SHA512_C
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled
+depends_on:!MBEDTLS_SHA256_C
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -541,3 +541,32 @@ exit:
    mbedtls_free( buf );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_tls_prf( int type, data_t * secret, data_t * random,
+                  char *label, data_t *result_hex_str, int exp_ret )
+{
+    unsigned char *output;
+
+    output = mbedtls_calloc( 1, result_hex_str->len );
+    if( output == NULL )
+        goto exit;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
+    TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
+                                      label, random->x, random->len,
+                                      output, result_hex_str->len ) == exp_ret );
+
+    if( exp_ret == 0 )
+    {
+        TEST_ASSERT( hexcmp( output, result_hex_str->x,
+                     result_hex_str->len, result_hex_str->len ) == 0 );
+    }
+exit:
+
+    mbedtls_free( output );
+}
+/* END_CASE */