mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-07-24 01:51:03 +08:00
Add TLS-Exporter options to ssl_client2
Prints out the exported key on the command line for testing purposes. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
This commit is contained in:
parent
32ba7f4a17
commit
b2718e17e6
@ -102,6 +102,8 @@ int main(void)
|
|||||||
#define DFL_NSS_KEYLOG 0
|
#define DFL_NSS_KEYLOG 0
|
||||||
#define DFL_NSS_KEYLOG_FILE NULL
|
#define DFL_NSS_KEYLOG_FILE NULL
|
||||||
#define DFL_SKIP_CLOSE_NOTIFY 0
|
#define DFL_SKIP_CLOSE_NOTIFY 0
|
||||||
|
#define DFL_EXP_LABEL NULL
|
||||||
|
#define DFL_EXP_LEN 20
|
||||||
#define DFL_QUERY_CONFIG_MODE 0
|
#define DFL_QUERY_CONFIG_MODE 0
|
||||||
#define DFL_USE_SRTP 0
|
#define DFL_USE_SRTP 0
|
||||||
#define DFL_SRTP_FORCE_PROFILE 0
|
#define DFL_SRTP_FORCE_PROFILE 0
|
||||||
@ -389,6 +391,10 @@ int main(void)
|
|||||||
" read_timeout=%%d default: 0 ms (no timeout)\n" \
|
" read_timeout=%%d default: 0 ms (no timeout)\n" \
|
||||||
" max_resend=%%d default: 0 (no resend on timeout)\n" \
|
" max_resend=%%d default: 0 (no resend on timeout)\n" \
|
||||||
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
|
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
|
||||||
|
" exp_label=%%s Label to input into TLS-Exporter\n" \
|
||||||
|
" default: None (don't try to export a key)\n" \
|
||||||
|
" exp_len=%%d Length of key to extract from TLS-Exporter \n" \
|
||||||
|
" default: 20\n" \
|
||||||
"\n" \
|
"\n" \
|
||||||
USAGE_DTLS \
|
USAGE_DTLS \
|
||||||
USAGE_CID \
|
USAGE_CID \
|
||||||
@ -534,6 +540,8 @@ struct options {
|
|||||||
* after renegotiation */
|
* after renegotiation */
|
||||||
int reproducible; /* make communication reproducible */
|
int reproducible; /* make communication reproducible */
|
||||||
int skip_close_notify; /* skip sending the close_notify alert */
|
int skip_close_notify; /* skip sending the close_notify alert */
|
||||||
|
const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */
|
||||||
|
int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||||
int early_data; /* early data enablement flag */
|
int early_data; /* early data enablement flag */
|
||||||
#endif
|
#endif
|
||||||
@ -1412,6 +1420,10 @@ usage:
|
|||||||
if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
|
if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
} else if (strcmp(p, "exp_label") == 0) {
|
||||||
|
opt.exp_label = q;
|
||||||
|
} else if (strcmp(p, "exp_len") == 0) {
|
||||||
|
opt.exp_len = atoi(q);
|
||||||
} else if (strcmp(p, "use_srtp") == 0) {
|
} else if (strcmp(p, "use_srtp") == 0) {
|
||||||
opt.use_srtp = atoi(q);
|
opt.use_srtp = atoi(q);
|
||||||
} else if (strcmp(p, "srtp_force_profile") == 0) {
|
} else if (strcmp(p, "srtp_force_profile") == 0) {
|
||||||
@ -2485,6 +2497,27 @@ usage:
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
|
if (opt.exp_label != NULL && opt.exp_len > 0) {
|
||||||
|
unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int));
|
||||||
|
if (exported_key == NULL) {
|
||||||
|
mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len);
|
||||||
|
ret = 3;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len,
|
||||||
|
opt.exp_label, strlen(opt.exp_label),
|
||||||
|
NULL, 0, 0);
|
||||||
|
if (ret != 0) {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label);
|
||||||
|
for (i = 0; i < opt.exp_len; i++) {
|
||||||
|
mbedtls_printf("%02X", exported_key[i]);
|
||||||
|
}
|
||||||
|
mbedtls_printf("\n\n");
|
||||||
|
fflush(stdout);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 6. Write the GET request
|
* 6. Write the GET request
|
||||||
*/
|
*/
|
||||||
|
Loading…
x
Reference in New Issue
Block a user