summaryrefslogtreecommitdiff
path: root/lib/ssl/test/ssl_key_update_SUITE.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test/ssl_key_update_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_key_update_SUITE.erl111
1 files changed, 61 insertions, 50 deletions
diff --git a/lib/ssl/test/ssl_key_update_SUITE.erl b/lib/ssl/test/ssl_key_update_SUITE.erl
index baa408dbc5..0ac3228f85 100644
--- a/lib/ssl/test/ssl_key_update_SUITE.erl
+++ b/lib/ssl/test/ssl_key_update_SUITE.erl
@@ -42,7 +42,6 @@
-include_lib("common_test/include/ct.hrl").
-include_lib("ssl/src/ssl_api.hrl").
-include_lib("ssl/src/ssl_connection.hrl").
-
all() ->
[{group, 'tlsv1.3'}].
@@ -107,24 +106,22 @@ key_update_at_server(Config) ->
key_update_at(Config, Role) ->
Data = "123456789012345", %% 15 bytes
Server = ssl_test_lib:start_server(erlang,
- [{options, [{key_update_at, 14}]}],
+ [{options, [{keep_secrets, true},
+ {key_update_at, 14}]}],
Config),
Port = ssl_test_lib:inet_port(Server),
- {Client,
- #sslsocket{pid =
- [ClientReceiverPid, ClientSenderPid]}} =
- ssl_test_lib:start_client(erlang,
- [return_socket, {port, Port},
- {options, [{key_update_at, 14}]}],
- Config),
+ ClientResult = ssl_test_lib:start_client(erlang,
+ [return_socket, {port, Port},
+ {options, [{keep_secrets, true},
+ {key_update_at, 14}]}],
+ Config),
+ {Client, ClientSocket} = ClientResult,
Server ! get_socket,
- #sslsocket{pid =
- [ServerReceiverPid, ServerSenderPid]} =
- receive
- {Server, {socket, S}} -> S
- end,
- Keys0 = get_keys(ClientReceiverPid, ClientSenderPid,
- ServerReceiverPid, ServerSenderPid),
+ ServerSocket = receive
+ {Server, {socket, S}} -> S
+ end,
+ Keys0 = get_traffic_secrets(ClientSocket, ServerSocket),
+ ct:log("connected", []),
{Sender, Receiver} = case Role of
client -> {Client, Server};
server -> {Server, Client}
@@ -134,53 +131,67 @@ key_update_at(Config, Role) ->
Data = ssl_test_lib:check_active_receive(Receiver, Data),
%% TODO check if key has been updated (needs debug logging of secrets)
ct:sleep(500),
- Keys1 = get_keys(ClientReceiverPid, ClientSenderPid,
- ServerReceiverPid, ServerSenderPid),
+ ct:log("sent and waited", []),
+ Keys1 = get_traffic_secrets(ClientSocket, ServerSocket),
verify_key_update(Keys0, Keys1),
%% Test mechanism to prevent infinite loop of key updates
BigData = binary:copy(<<"1234567890">>, 10), %% 100 bytes
ok = ssl_test_lib:send(Sender, BigData),
ct:sleep(500),
- Keys2 = get_keys(ClientReceiverPid, ClientSenderPid,
- ServerReceiverPid, ServerSenderPid),
+ ct:log("sent and waited 2", []),
+ Keys2 = get_traffic_secrets(ClientSocket, ServerSocket),
verify_key_update(Keys1, Keys2),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-get_keys(ClientReceiverPid, ClientSenderPid,
- ServerReceiverPid, ServerSenderPid) ->
- F = fun(Pid) ->
- {connection, D} = sys:get_state(Pid),
- M0 = element(3, D),
- Cr = maps:get(current_write, M0),
- {Pid, {maps:get(security_parameters, Cr),
- maps:get(cipher_state, Cr)}}
+get_traffic_secrets(ClientSocket, ServerSocket) ->
+ ProcessSocket =
+ fun(Socket, Role) ->
+ {ok, [{keylog, KeyLog}]} = ssl:connection_information(Socket, [keylog]),
+ Interesting =
+ fun(S) ->
+ Patterns = ["CLIENT_TRAFFIC_SECRET", "SERVER_TRAFFIC_SECRET"],
+ SearchResults = [string:find(S, P) || P <- Patterns],
+ lists:any(fun(I) -> I /= nomatch end, SearchResults)
+ end,
+ TrafficSecrets = lists:filter(Interesting, KeyLog),
+ Print = fun(Secret) ->
+ [Name, _A, B] = string:lexemes(Secret, " "),
+ [Key] = io_lib:format("~s", [B]),
+ {Name, {Role, Key}}
+ end,
+ [Print(Scr) || Scr <- TrafficSecrets]
end,
- SendersKeys = [F(P) || P <- [ClientSenderPid, ServerSenderPid]],
-
- G = fun(Pid) ->
- {connection, D} = sys:get_state(Pid),
- #state{connection_states = Cs} = D,
- Cr = maps:get(current_read, Cs),
- {Pid, {maps:get(security_parameters,Cr),
- maps:get(cipher_state, Cr)}}
+ Secrets = lists:flatten(
+ [ProcessSocket(S, R) ||
+ {S, R} <-
+ [{ClientSocket, client}, {ServerSocket, server}]]),
+ P = fun(Direction) ->
+ Vals = proplists:get_all_values(Direction, Secrets),
+ ct:log("~30s ~10s(c) ~10s(s)",
+ [Direction, proplists:get_value(client, Vals),
+ proplists:get_value(server, Vals)]),
+ {Direction, [proplists:get_value(client, Vals),
+ proplists:get_value(server, Vals)]}
end,
- ReceiversKeys = [G(P) || P <- [ClientReceiverPid, ServerReceiverPid]],
- maps:from_list(SendersKeys ++ ReceiversKeys).
+ [P(Direction) ||
+ Direction <-
+ ["CLIENT_TRAFFIC_SECRET_0", "SERVER_TRAFFIC_SECRET_0"]].
verify_key_update(Keys0, Keys1) ->
- V = fun(Pid, CurrentKeys) ->
- BaseKeys = maps:get(Pid, Keys0),
- ct:log("Pid = ~p~nBaseKeys = ~p~nCurrentKeys = ~p",
- [Pid, BaseKeys, CurrentKeys], [esc_chars]),
- case BaseKeys == CurrentKeys of
- true ->
- ct:fail("Keys don't differ for ~w", [Pid]);
- false ->
- ok
- end
- end,
- maps:foreach(V, Keys1).
+ CTS0 = proplists:get_value("CLIENT_TRAFFIC_SECRET_0", Keys0),
+ CTS1 = proplists:get_value("CLIENT_TRAFFIC_SECRET_0", Keys1),
+ STS0 = proplists:get_value("SERVER_TRAFFIC_SECRET_0", Keys0),
+ STS1 = proplists:get_value("SERVER_TRAFFIC_SECRET_0", Keys1),
+ CTS = lists:zip(CTS0, CTS1),
+ STS = lists:zip(STS0, STS1),
+ Pred = fun({A, B}) when A == B ->
+ ct:fail(no_key_update),
+ false;
+ (_) ->
+ true
+ end,
+ [true = lists:all(Pred, X) || X <- [CTS, STS]].
explicit_key_update() ->
[{doc,"Test ssl:update_key/2 between erlang client and erlang server."}].
View Lorry Controller Status