Adjust example programs to new key export API

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

programs/ssl/ssl_client2.c

@@ -1740,19 +1740,19 @@ int main( int argc, char *argv[] )
     if( opt.eap_tls != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf, eap_tls_key_derivation,
-                                             &eap_tls_keying );
+                                         &eap_tls_keying );
     }
     else if( opt.nss_keylog != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf,
-                                             nss_keylog_export,
+                                         nss_keylog_export,
-                                             NULL );
+                                         NULL );
     }
 #if defined( MBEDTLS_SSL_DTLS_SRTP )
     else if( opt.use_srtp != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf, dtls_srtp_key_derivation,
-                                             &dtls_srtp_keying );
+                                         &dtls_srtp_keying );
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */

programs/ssl/ssl_server2.c

@@ -2529,19 +2529,19 @@ int main( int argc, char *argv[] )
     if( opt.eap_tls != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf, eap_tls_key_derivation,
-                                             &eap_tls_keying );
+                                         &eap_tls_keying );
     }
     else if( opt.nss_keylog != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf,
-                                             nss_keylog_export,
+                                         nss_keylog_export,
-                                             NULL );
+                                         NULL );
     }
 #if defined( MBEDTLS_SSL_DTLS_SRTP )
     else if( opt.use_srtp != 0 )
     {
         mbedtls_ssl_conf_export_keys_cb( &conf, dtls_srtp_key_derivation,
-                                             &dtls_srtp_keying );
+                                         &dtls_srtp_keying );
     }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */

programs/ssl/ssl_test_common_source.c

@@ -26,54 +26,48 @@
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
 int eap_tls_key_derivation( void *p_expkey,
-                            const unsigned char *ms,
+                            mbedtls_ssl_key_export_type secret_type,
-                            const unsigned char *kb,
+                            const unsigned char *secret,
-                            size_t maclen,
+                            size_t secret_len,
-                            size_t keylen,
-                            size_t ivlen,
                             const unsigned char client_random[32],
                             const unsigned char server_random[32],
                             mbedtls_tls_prf_types tls_prf_type )
 {
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
 
-    ( ( void ) kb );
+    /* We're only interested in the TLS 1.2 master secret */
-    memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+    if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+        return( 0 );
+    if( secret_len != sizeof( keys->master_secret ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
     memcpy( keys->randbytes, client_random, 32 );
     memcpy( keys->randbytes + 32, server_random, 32 );
     keys->tls_prf_type = tls_prf_type;
 
-    if( opt.debug_level > 2 )
-    {
-        mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
-        mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
-        mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
-    }
     return( 0 );
 }
 
 int nss_keylog_export( void *p_expkey,
-                       const unsigned char *ms,
+                       mbedtls_ssl_key_export_type secret_type,
-                       const unsigned char *kb,
+                       const unsigned char *secret,
-                       size_t maclen,
+                       size_t secret_len,
-                       size_t keylen,
-                       size_t ivlen,
                        const unsigned char client_random[32],
                        const unsigned char server_random[32],
                        mbedtls_tls_prf_types tls_prf_type )
 {
     char nss_keylog_line[ 200 ];
     size_t const client_random_len = 32;
-    size_t const master_secret_len = 48;
     size_t len = 0;
     size_t j;
     int ret = 0;
 
+    /* We're only interested in the TLS 1.2 master secret */
+    if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+        return( 0 );
+
     ((void) p_expkey);
-    ((void) kb);
-    ((void) maclen);
-    ((void) keylen);
-    ((void) ivlen);
     ((void) server_random);
     ((void) tls_prf_type);
 
@@ -88,10 +82,10 @@ int nss_keylog_export( void *p_expkey,
 
     len += sprintf( nss_keylog_line + len, " " );
 
-    for( j = 0; j < master_secret_len; j++ )
+    for( j = 0; j < secret_len; j++ )
     {
         len += sprintf( nss_keylog_line + len,
-                        "%02x", ms[j] );
+                        "%02x", secret[j] );
     }
 
     len += sprintf( nss_keylog_line + len, "\n" );
@@ -130,29 +124,26 @@ exit:
 
 #if defined( MBEDTLS_SSL_DTLS_SRTP )
 int dtls_srtp_key_derivation( void *p_expkey,
-                              const unsigned char *ms,
+                              mbedtls_ssl_key_export_type secret_type,
-                              const unsigned char *kb,
+                              const unsigned char *secret,
-                              size_t maclen,
+                              size_t secret_len,
-                              size_t keylen,
-                              size_t ivlen,
                               const unsigned char client_random[32],
                               const unsigned char server_random[32],
                               mbedtls_tls_prf_types tls_prf_type )
 {
     dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
 
-    ( ( void ) kb );
+    /* We're only interested in the TLS 1.2 master secret */
-    memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+    if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+        return( 0 );
+    if( secret_len != sizeof( keys->master_secret ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
     memcpy( keys->randbytes, client_random, 32 );
     memcpy( keys->randbytes + 32, server_random, 32 );
     keys->tls_prf_type = tls_prf_type;
 
-    if( opt.debug_level > 2 )
-    {
-        mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
-        mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
-        mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
-    }
     return( 0 );
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */