TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1d6a9505ee734ef597b22f2c7db2b2e6cb192bae / . / tests / opt-testcases / tls13-misc.sh
blob: 6fe235830f5c416af0b9ff0f03febb70b826e1ce [file] [log] [blame]
Gilles Peskine1d6a9502024-09-13 13:53:50 +0200[diff] [blame^]1# Miscellaneous tests of TLS 1.3 features.
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]2
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]3# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]5#
6
7requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]8requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10requires_config_enabled MBEDTLS_SSL_SRV_C
11requires_config_enabled MBEDTLS_DEBUG_C
12requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
13
14run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]16 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
17 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
18 localhost" \
19 1 \
20 -s "found psk key exchange modes extension" \
21 -s "found pre_shared_key extension" \
22 -s "Found PSK_EPHEMERAL KEX MODE" \
23 -s "Found PSK KEX MODE" \
24 -s "No matched ciphersuite"
25
26requires_openssl_tls1_3
27requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
28requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
29requires_config_enabled MBEDTLS_SSL_SRV_C
30requires_config_enabled MBEDTLS_DEBUG_C
31requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
32
33run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]34 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]35 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
36 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
37 1 \
38 -s "found psk key exchange modes extension" \
39 -s "found pre_shared_key extension" \
40 -s "Found PSK_EPHEMERAL KEX MODE" \
41 -s "Found PSK KEX MODE" \
42 -s "No matched ciphersuite"
43
44requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]45 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
46 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]47run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]48 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
49 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]50 0 \
51 -c "Pre-configured PSK number = 2" \
52 -s "sent selected_identity: 0" \
53 -s "key exchange mode: psk_ephemeral" \
54 -S "key exchange mode: psk$" \
55 -S "key exchange mode: ephemeral$" \
56 -S "ticket is not authentic"
57
58requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]59 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
60 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]61run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]62 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
63 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]64 0 \
65 -c "Pre-configured PSK number = 2" \
66 -s "sent selected_identity: 1" \
67 -s "key exchange mode: psk_ephemeral" \
68 -S "key exchange mode: psk$" \
69 -S "key exchange mode: ephemeral$" \
70 -s "ticket is not authentic"
71
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]72requires_gnutls_tls1_3
73requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
74requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
75run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
76 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
77 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
78 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
79 localhost" \
80 1 \
81 -s "found psk key exchange modes extension" \
82 -s "found pre_shared_key extension" \
83 -s "Found PSK_EPHEMERAL KEX MODE" \
84 -S "Found PSK KEX MODE" \
85 -S "key exchange mode: psk$" \
86 -S "key exchange mode: psk_ephemeral" \
87 -S "key exchange mode: ephemeral"
88
89requires_gnutls_tls1_3
90requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
91 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
92 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
93requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
95run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
96 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
97 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
98 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
99 localhost" \
100 0 \
101 -s "found psk key exchange modes extension" \
102 -s "found pre_shared_key extension" \
103 -s "Found PSK_EPHEMERAL KEX MODE" \
104 -s "Found PSK KEX MODE" \
105 -s "key exchange mode: psk$"
106
107requires_gnutls_tls1_3
108requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
109 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
111requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
113run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
114 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
115 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
116 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
117 localhost" \
118 0 \
119 -s "found psk key exchange modes extension" \
120 -s "found pre_shared_key extension" \
121 -s "Found PSK_EPHEMERAL KEX MODE" \
122 -s "Found PSK KEX MODE" \
123 -s "key exchange mode: psk_ephemeral$"
124
125requires_gnutls_tls1_3
126requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
127 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
128 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
129requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
131run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
132 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
133 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
134 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
135 localhost" \
136 0 \
137 -s "key exchange mode: ephemeral$"
138
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]139requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
140 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
141 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
142 MBEDTLS_DEBUG_C \
143 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
144requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]146run_test "TLS 1.3 m->m: resumption" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]147 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]148 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]149 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]150 -c "Protocol is TLSv1.3" \
151 -c "Saving session for reuse... ok" \
152 -c "Reconnecting with saved session... ok" \
153 -c "HTTP/1.0 200 OK" \
154 -s "Protocol is TLSv1.3" \
155 -s "key exchange mode: psk" \
156 -s "Select PSK ciphersuite"
157
158requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
159 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
160 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
161 MBEDTLS_DEBUG_C \
162 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
163requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
165run_test "TLS 1.3 m->m: resumption with servername" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]166 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
167 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]168 "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \
169 0 \
170 -c "Protocol is TLSv1.3" \
171 -c "Saving session for reuse... ok" \
172 -c "Reconnecting with saved session... ok" \
173 -c "HTTP/1.0 200 OK" \
174 -s "Protocol is TLSv1.3" \
175 -s "key exchange mode: psk" \
176 -s "Select PSK ciphersuite"
177
178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
179 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
180 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
181 MBEDTLS_DEBUG_C \
182 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
183requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
185run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]186 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]187 "$P_CLI reco_mode=1 reconnect=1" \
188 0 \
189 -c "Protocol is TLSv1.3" \
190 -c "Saving session for reuse... ok" \
191 -c "Reconnecting with saved session... ok" \
192 -c "HTTP/1.0 200 OK" \
193 -s "Protocol is TLSv1.3" \
194 -s "key exchange mode: psk" \
195 -s "Select PSK ciphersuite"
196
197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
198 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
199 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
200 MBEDTLS_DEBUG_C \
201 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
202requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]204requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
205run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]206 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]207 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
208 0 \
209 -c "Protocol is TLSv1.3" \
210 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
211 -c "Saving session for reuse... ok" \
212 -c "Reconnecting with saved session... ok" \
213 -c "HTTP/1.0 200 OK" \
214 -s "Protocol is TLSv1.3" \
215 -s "key exchange mode: psk" \
216 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
217
218requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
219 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
220 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
221 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
222 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
223requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
225run_test "TLS 1.3 m->m: resumption with early data" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]226 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]227 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
228 0 \
229 -c "Protocol is TLSv1.3" \
230 -c "Saving session for reuse... ok" \
231 -c "Reconnecting with saved session" \
232 -c "HTTP/1.0 200 OK" \
233 -c "received max_early_data_size" \
234 -c "NewSessionTicket: early_data(42) extension received." \
235 -c "ClientHello: early_data(42) extension exists." \
236 -c "EncryptedExtensions: early_data(42) extension received." \
237 -c "bytes of early data written" \
238 -C "0 bytes of early data written" \
239 -s "Protocol is TLSv1.3" \
240 -s "key exchange mode: psk" \
241 -s "Select PSK ciphersuite" \
242 -s "Sent max_early_data_size" \
243 -s "NewSessionTicket: early_data(42) extension exists." \
244 -s "ClientHello: early_data(42) extension exists." \
245 -s "EncryptedExtensions: early_data(42) extension exists." \
246 -s "early data bytes read"
247
248requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
249 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
250 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
251 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
252 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
253requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
255requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
256run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]257 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]258 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
259 0 \
260 -c "Protocol is TLSv1.3" \
261 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
262 -c "Saving session for reuse... ok" \
263 -c "Reconnecting with saved session" \
264 -c "HTTP/1.0 200 OK" \
265 -c "received max_early_data_size" \
266 -c "NewSessionTicket: early_data(42) extension received." \
267 -c "ClientHello: early_data(42) extension exists." \
268 -c "EncryptedExtensions: early_data(42) extension received." \
269 -c "bytes of early data written" \
270 -C "0 bytes of early data written" \
271 -s "Protocol is TLSv1.3" \
272 -s "key exchange mode: psk" \
273 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
274 -s "Sent max_early_data_size" \
275 -s "NewSessionTicket: early_data(42) extension exists." \
276 -s "ClientHello: early_data(42) extension exists." \
277 -s "EncryptedExtensions: early_data(42) extension exists." \
278 -s "early data bytes read"
279
280requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
281 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
282 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
283 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
284 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
285requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
287run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]288 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]289 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
290 0 \
291 -c "Protocol is TLSv1.3" \
292 -c "Saving session for reuse... ok" \
293 -c "Reconnecting with saved session" \
294 -c "HTTP/1.0 200 OK" \
295 -C "received max_early_data_size" \
296 -C "NewSessionTicket: early_data(42) extension received." \
297 -C "ClientHello: early_data(42) extension exists." \
298 -C "EncryptedExtensions: early_data(42) extension received." \
299 -c "0 bytes of early data written" \
300 -s "Protocol is TLSv1.3" \
301 -s "key exchange mode: psk" \
302 -s "Select PSK ciphersuite" \
303 -S "Sent max_early_data_size" \
304 -S "NewSessionTicket: early_data(42) extension exists." \
305 -S "ClientHello: early_data(42) extension exists." \
306 -S "EncryptedExtensions: early_data(42) extension exists." \
307 -S "early data bytes read"
308
309requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
310 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
311 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
312 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
313 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
314requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
316run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]317 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]318 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
319 0 \
320 -c "Protocol is TLSv1.3" \
321 -c "Saving session for reuse... ok" \
322 -c "Reconnecting with saved session" \
323 -c "HTTP/1.0 200 OK" \
324 -C "received max_early_data_size" \
325 -C "NewSessionTicket: early_data(42) extension received." \
326 -C "ClientHello: early_data(42) extension exists." \
327 -C "EncryptedExtensions: early_data(42) extension received." \
328 -c "0 bytes of early data written" \
329 -s "Protocol is TLSv1.3" \
330 -s "key exchange mode: psk" \
331 -s "Select PSK ciphersuite" \
332 -S "Sent max_early_data_size" \
333 -S "NewSessionTicket: early_data(42) extension exists." \
334 -S "ClientHello: early_data(42) extension exists." \
335 -S "EncryptedExtensions: early_data(42) extension exists." \
336 -S "early data bytes read"
337
338requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
339 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
340 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
341 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
342 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
343requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
345run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]346 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]347 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
348 0 \
349 -c "Protocol is TLSv1.3" \
350 -c "Saving session for reuse... ok" \
351 -c "Reconnecting with saved session" \
352 -c "HTTP/1.0 200 OK" \
353 -c "received max_early_data_size" \
354 -c "NewSessionTicket: early_data(42) extension received." \
355 -C "ClientHello: early_data(42) extension exists." \
356 -C "EncryptedExtensions: early_data(42) extension received." \
357 -C "bytes of early data written" \
358 -s "Protocol is TLSv1.3" \
359 -s "key exchange mode: psk" \
360 -s "Select PSK ciphersuite" \
361 -s "Sent max_early_data_size" \
362 -s "NewSessionTicket: early_data(42) extension exists." \
363 -S "ClientHello: early_data(42) extension exists." \
364 -S "EncryptedExtensions: early_data(42) extension exists." \
365 -S "early data bytes read"
366
367requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
368 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
369 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
370 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
371 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
372requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
374run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]375 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]376 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
377 0 \
378 -c "Protocol is TLSv1.3" \
379 -c "Saving session for reuse... ok" \
380 -c "Reconnecting with saved session" \
381 -c "HTTP/1.0 200 OK" \
382 -c "received max_early_data_size" \
383 -c "NewSessionTicket: early_data(42) extension received." \
384 -C "ClientHello: early_data(42) extension exists." \
385 -C "EncryptedExtensions: early_data(42) extension received." \
386 -C "bytes of early data written" \
387 -s "Protocol is TLSv1.3" \
388 -s "key exchange mode: psk" \
389 -s "Select PSK ciphersuite" \
390 -s "Sent max_early_data_size" \
391 -s "NewSessionTicket: early_data(42) extension exists." \
392 -S "ClientHello: early_data(42) extension exists." \
393 -S "EncryptedExtensions: early_data(42) extension exists." \
394 -S "early data bytes read"
395
396requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
397 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
398 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
399 MBEDTLS_DEBUG_C \
400 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
401requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]403run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]404 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]405 "$P_CLI reco_mode=1 reconnect=1" \
406 1 \
407 -c "Protocol is TLSv1.3" \
408 -C "Saving session for reuse... ok" \
409 -c "Reconnecting with saved session... failed" \
410 -S "Protocol is TLSv1.3" \
411 -S "key exchange mode: psk" \
412 -S "Select PSK ciphersuite" \
413 -s "Ticket lifetime (604801) is greater than 7 days."
414
415requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
416 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
417 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
418 MBEDTLS_DEBUG_C \
419 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
420requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
422run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]423 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]424 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
425 1 \
426 -c "Protocol is TLSv1.3" \
427 -C "Saving session for reuse... ok" \
428 -c "Discard new session ticket" \
429 -c "Reconnecting with saved session... failed" \
430 -s "Protocol is TLSv1.3" \
431 -S "key exchange mode: psk" \
432 -S "Select PSK ciphersuite"
433
434requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
435 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
436 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
437 MBEDTLS_DEBUG_C \
438 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
439requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
441run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]442 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
443 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]444 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
445 1 \
446 -c "Protocol is TLSv1.3" \
447 -c "Saving session for reuse... ok" \
448 -c "Reconnecting with saved session" \
449 -c "Hostname mismatch the session ticket, disable session resumption." \
450 -s "Protocol is TLSv1.3" \
451 -S "key exchange mode: psk" \
452 -S "Select PSK ciphersuite"
453
454requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
455 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
456 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
457 MBEDTLS_DEBUG_C \
458 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
459requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
461run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]462 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]463 "$P_CLI reco_mode=1 reconnect=1" \
464 0 \
465 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]466 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]467 -s "Protocol is TLSv1.3" \
468 -c "Saving session for reuse... ok" \
469 -c "Reconnecting with saved session" \
470 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]471 -s "ticket is not authentic" \
472 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]473 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]474 -S "Ticket age exceeds limitation" \
475 -S "Ticket age outside tolerance window"
476
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]477requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
478 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
479 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
480 MBEDTLS_DEBUG_C \
481 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
482requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]484run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]485 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]486 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]487 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]488 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]489 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]490 -s "Protocol is TLSv1.3" \
491 -c "Saving session for reuse... ok" \
492 -c "Reconnecting with saved session" \
493 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]494 -S "ticket is not authentic" \
495 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]496 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]497 -S "Ticket age exceeds limitation" \
498 -S "Ticket age outside tolerance window"
499
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]500requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
501 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
502 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
503 MBEDTLS_DEBUG_C \
504 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
505requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]507run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]508 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]509 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
510 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]511 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]512 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]513 -s "Protocol is TLSv1.3" \
514 -c "Saving session for reuse... ok" \
515 -c "Reconnecting with saved session" \
516 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]517 -S "ticket is not authentic" \
518 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]519 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]520 -S "Ticket age exceeds limitation" \
521 -S "Ticket age outside tolerance window"
522
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]523requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
524 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
525 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
526 MBEDTLS_DEBUG_C \
527 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
528requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]530run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]531 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]532 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
533 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]534 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]535 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]536 -s "Protocol is TLSv1.3" \
537 -c "Saving session for reuse... ok" \
538 -c "Reconnecting with saved session" \
539 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]540 -S "ticket is not authentic" \
541 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]542 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]543 -s "Ticket age exceeds limitation" \
544 -S "Ticket age outside tolerance window"
545
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]546requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
547 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
548 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
549 MBEDTLS_DEBUG_C \
550 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
551requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]553run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]554 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]555 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
556 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]557 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]558 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]559 -s "Protocol is TLSv1.3" \
560 -c "Saving session for reuse... ok" \
561 -c "Reconnecting with saved session" \
562 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]563 -S "ticket is not authentic" \
564 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]565 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]566 -S "Ticket age exceeds limitation" \
567 -s "Ticket age outside tolerance window"
568
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]569requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
570 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
571 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
572 MBEDTLS_DEBUG_C \
573 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
574requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]576run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]577 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]578 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
579 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]580 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]581 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]582 -s "Protocol is TLSv1.3" \
583 -c "Saving session for reuse... ok" \
584 -c "Reconnecting with saved session" \
585 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]586 -S "ticket is not authentic" \
587 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]588 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]589 -S "Ticket age exceeds limitation" \
590 -s "Ticket age outside tolerance window"
591
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]592requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
593 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
594 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
595 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]596 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]597 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]598run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]599 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]600 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
601 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]602 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]603 -s "key exchange mode: ephemeral" \
604 -S "key exchange mode: psk_ephemeral" \
605 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]606 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]607 -s "No suitable PSK key exchange mode" \
608 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]609
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]610requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
611 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
612 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
613 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]614 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
615 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]616run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]617 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]618 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
619 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]620 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]621 -s "key exchange mode: ephemeral" \
622 -S "key exchange mode: psk_ephemeral" \
623 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]624 -s "found matched identity" \
625 -S "No suitable PSK key exchange mode" \
626 -S "No usable PSK or ticket"
627
628requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
629 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
630 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
631 MBEDTLS_DEBUG_C \
632 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
633 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
634run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]635 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]636 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
637 0 \
638 -c "Protocol is TLSv1.3" \
639 -s "key exchange mode: ephemeral" \
640 -S "key exchange mode: psk_ephemeral" \
641 -S "key exchange mode: psk$" \
642 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]643 -s "No suitable PSK key exchange mode" \
644 -s "No usable PSK or ticket"
645
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]646requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
647 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
648 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
649 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]650 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
651 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]652run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]653 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]654 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
655 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]656 -c "Protocol is TLSv1.3" \
657 -s "key exchange mode: ephemeral" \
658 -S "key exchange mode: psk_ephemeral" \
659 -S "key exchange mode: psk$" \
660 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]661 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]662 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]663
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]664requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
665 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
666 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
667 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]668 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]669 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]670run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]671 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]672 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
673 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]674 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]675 -s "key exchange mode: ephemeral" \
676 -S "key exchange mode: psk_ephemeral" \
677 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]678 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]679 -s "No suitable PSK key exchange mode" \
680 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]681
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]682requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
683 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
684 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
685 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]686 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
687 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]688run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]689 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]690 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
691 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]692 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]693 -s "key exchange mode: ephemeral" \
694 -S "key exchange mode: psk_ephemeral" \
695 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]696 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]697 -s "No suitable PSK key exchange mode" \
698 -s "No usable PSK or ticket"
699
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]700requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
701 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
702 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
703 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]704 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
705 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]706run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]707 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]708 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
709 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]710 -c "Protocol is TLSv1.3" \
711 -s "key exchange mode: ephemeral" \
712 -s "key exchange mode: psk_ephemeral" \
713 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]714 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]715 -S "No suitable PSK key exchange mode" \
716 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]717
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]718requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
719 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
720 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
721 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]722 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
723 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]724run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]725 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]726 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
727 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]728 -c "Protocol is TLSv1.3" \
729 -s "key exchange mode: ephemeral" \
730 -s "key exchange mode: psk_ephemeral" \
731 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]732 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]733 -S "No suitable PSK key exchange mode" \
734 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]735
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]736requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
737 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
738 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
739 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]740 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
741 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]743run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]744 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]745 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
746 0 \
747 -c "Pre-configured PSK number = 1" \
748 -S "sent selected_identity:" \
749 -s "key exchange mode: ephemeral" \
750 -S "key exchange mode: psk_ephemeral" \
751 -S "key exchange mode: psk$" \
752 -s "No suitable PSK key exchange mode" \
753 -s "No usable PSK or ticket"
754
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]755requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
756 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
757 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
758 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]759 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
760 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]762run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]763 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]764 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
765 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]766 -c "Protocol is TLSv1.3" \
767 -s "key exchange mode: ephemeral" \
768 -S "key exchange mode: psk_ephemeral" \
769 -S "key exchange mode: psk$" \
770 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]771 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]772 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]773
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]774requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
775 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
776 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
777 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]778 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
779 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]781run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]782 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]783 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
784 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]785 -c "Protocol is TLSv1.3" \
786 -s "key exchange mode: ephemeral" \
787 -s "key exchange mode: psk_ephemeral" \
788 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]789 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]790 -S "No suitable PSK key exchange mode" \
791 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]792
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]793requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
794 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
795 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
796 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]797 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
798 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]800run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]801 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]802 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
803 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]804 -c "Protocol is TLSv1.3" \
805 -s "key exchange mode: ephemeral" \
806 -s "key exchange mode: psk_ephemeral" \
807 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]808 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]809 -S "No suitable PSK key exchange mode" \
810 -S "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]811
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]812requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]813requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritius4f1c9272023-04-12 09:50:30 +0200[diff] [blame]814 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]815 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
816 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
817requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
818 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
819run_test "TLS 1.3 m->O: resumption" \
820 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
821 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]822 0 \
823 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]824 -c "Saving session for reuse... ok" \
825 -c "Reconnecting with saved session... ok" \
826 -c "HTTP/1.0 200 ok"
827
Ronald Cronceae4f82024-03-26 11:17:10 +0100[diff] [blame]828requires_openssl_tls1_3_with_compatible_ephemeral
829requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
830 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
831 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
832requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
833run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
834 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
835 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
836 1 \
837 -c "Protocol is TLSv1.3" \
838 -C "Saving session for reuse... ok" \
839 -C "Reconnecting with saved session... ok" \
840 -c "Ignore NewSessionTicket, not supported."
841
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]842# No early data m->O tests for the time being. The option -early_data is needed
843# to enable early data on OpenSSL server and it is not compatible with the
844# -www option we usually use for testing with OpenSSL server (see
845# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
846# ephemeral then ticket based scenario we use for early data testing the first
847# handshake fails. The following skipped test is here to illustrate the kind
848# of testing we would like to do.
849skip_next_test
850requires_openssl_tls1_3_with_compatible_ephemeral
851requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
852 MBEDTLS_SSL_EARLY_DATA \
853 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
854 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
855requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
856 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
857run_test "TLS 1.3 m->O: resumption with early data" \
858 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
859 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
860 0 \
861 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]862 -c "Saving session for reuse... ok" \
863 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]864 -c "HTTP/1.0 200 OK" \
865 -c "received max_early_data_size: 16384" \
866 -c "NewSessionTicket: early_data(42) extension received." \
867 -c "ClientHello: early_data(42) extension exists." \
868 -c "EncryptedExtensions: early_data(42) extension received." \
869 -c "bytes of early data written" \
870 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]871
872requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]873requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritius4f1c9272023-04-12 09:50:30 +0200[diff] [blame]874 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]875 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
876 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
877requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
878 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
879run_test "TLS 1.3 m->G: resumption" \
880 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
881 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]882 0 \
883 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]884 -c "Saving session for reuse... ok" \
885 -c "Reconnecting with saved session... ok" \
886 -c "HTTP/1.0 200 OK"
887
888requires_gnutls_tls1_3
889requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cronceae4f82024-03-26 11:17:10 +0100[diff] [blame]890 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
891 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
892requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
893run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
894 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
895 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
896 1 \
897 -c "Protocol is TLSv1.3" \
898 -C "Saving session for reuse... ok" \
899 -C "Reconnecting with saved session... ok" \
900 -c "Ignore NewSessionTicket, not supported."
901
902requires_gnutls_tls1_3
903requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritius4f1c9272023-04-12 09:50:30 +0200[diff] [blame]904 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]905 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
906 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
907requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
908 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
909requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
910run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
911 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
912 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
913 0 \
914 -c "Protocol is TLSv1.3" \
915 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
916 -c "Saving session for reuse... ok" \
917 -c "Reconnecting with saved session... ok" \
918 -c "HTTP/1.0 200 OK"
919
920requires_gnutls_tls1_3
921requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
922 MBEDTLS_SSL_EARLY_DATA \
923 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
924 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
925requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
926 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
927run_test "TLS 1.3 m->G: resumption with early data" \
928 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
929 --earlydata --maxearlydata 16384" \
930 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
931 0 \
932 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]933 -c "Saving session for reuse... ok" \
934 -c "Reconnecting with saved session" \
935 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]936 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]937 -c "NewSessionTicket: early_data(42) extension received." \
938 -c "ClientHello: early_data(42) extension exists." \
939 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]940 -c "bytes of early data written" \
941 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]942
943requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]944requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
945 MBEDTLS_SSL_EARLY_DATA \
946 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
947 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]948requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
949 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]950requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
951run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
952 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
953 --earlydata --maxearlydata 16384" \
954 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]955 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]956 -c "Protocol is TLSv1.3" \
957 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
958 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]959 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]960 -c "HTTP/1.0 200 OK" \
961 -c "received max_early_data_size: 16384" \
962 -c "NewSessionTicket: early_data(42) extension received." \
963 -c "ClientHello: early_data(42) extension exists." \
964 -c "EncryptedExtensions: early_data(42) extension received." \
965 -c "bytes of early data written" \
966 -s "decrypted early data with length:"
967
968requires_gnutls_tls1_3
969requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
970 MBEDTLS_SSL_EARLY_DATA \
971 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
972 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
973requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
974 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
975run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
976 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
977 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
978 0 \
979 -c "Protocol is TLSv1.3" \
980 -c "Saving session for reuse... ok" \
981 -c "Reconnecting with saved session" \
982 -c "HTTP/1.0 200 OK" \
983 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]984 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]985
986requires_gnutls_tls1_3
987requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
988 MBEDTLS_SSL_EARLY_DATA \
989 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
990 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
991requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
992 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
993run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
994 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
995 --earlydata --maxearlydata 16384" \
996 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
997 0 \
998 -c "Protocol is TLSv1.3" \
999 -c "Saving session for reuse... ok" \
1000 -c "Reconnecting with saved session" \
1001 -c "HTTP/1.0 200 OK" \
1002 -c "received max_early_data_size: 16384" \
1003 -c "NewSessionTicket: early_data(42) extension received." \
1004 -C "ClientHello: early_data(42) extension exists." \
1005
1006requires_gnutls_tls1_3
1007requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1008 MBEDTLS_SSL_EARLY_DATA \
1009 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1010 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1011requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1012 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1013run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
1014 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1015 --earlydata --maxearlydata 16384" \
1016 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
1017 0 \
1018 -c "Protocol is TLSv1.3" \
1019 -c "Saving session for reuse... ok" \
1020 -c "Reconnecting with saved session" \
1021 -c "HTTP/1.0 200 OK" \
1022 -c "received max_early_data_size: 16384" \
1023 -c "NewSessionTicket: early_data(42) extension received." \
1024 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1025
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1026requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1027requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
1028 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1029 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1030requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1031 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1032# https://github.com/openssl/openssl/issues/10714
1033# Until now, OpenSSL client does not support reconnect.
1034skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1035run_test "TLS 1.3 O->m: resumption" \
1036 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1037 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
1038 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1039 -s "Protocol is TLSv1.3" \
1040 -s "key exchange mode: psk" \
1041 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1042
1043requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1044requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1045 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1046 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1047 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1048requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1049 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1050run_test "TLS 1.3 G->m: resumption" \
1051 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1052 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1053 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1054 -s "Protocol is TLSv1.3" \
1055 -s "key exchange mode: psk" \
1056 -s "Select PSK ciphersuite"
1057
1058requires_gnutls_tls1_3
1059requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1060 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1061 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1062 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1063requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1064 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1065requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1066# Test the session resumption when the cipher suite for the original session is
1067# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
1068# 256 bits long as with all the other TLS 1.3 cipher suites.
1069run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
1070 "$P_SRV debug_level=2 tickets=1" \
1071 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
1072 0 \
1073 -s "Protocol is TLSv1.3" \
1074 -s "key exchange mode: psk" \
1075 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1076
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1077EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
1078EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
1079
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1080requires_gnutls_tls1_3
1081requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1082 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1083 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1084 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1085requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1086 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1087run_test "TLS 1.3 G->m: resumption with early data" \
1088 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1089 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1090 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1091 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1092 -s "Protocol is TLSv1.3" \
1093 -s "key exchange mode: psk" \
1094 -s "Select PSK ciphersuite" \
1095 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1096 -s "NewSessionTicket: early_data(42) extension exists." \
1097 -s "ClientHello: early_data(42) extension exists." \
1098 -s "EncryptedExtensions: early_data(42) extension exists." \
1099 -s "$( head -1 $EARLY_DATA_INPUT )" \
1100 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1101 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1102 -s "106 early data bytes read"
1103
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1104requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1105requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1106 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1107 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1108 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1109requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1111requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1112run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
1113 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1114 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
1115 --earlydata $EARLY_DATA_INPUT" \
1116 0 \
1117 -s "Protocol is TLSv1.3" \
1118 -s "key exchange mode: psk" \
1119 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
1120 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1121 -s "NewSessionTicket: early_data(42) extension exists." \
1122 -s "ClientHello: early_data(42) extension exists." \
1123 -s "EncryptedExtensions: early_data(42) extension exists." \
1124 -s "$( head -1 $EARLY_DATA_INPUT )" \
1125 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1126 -s "200 early data bytes read" \
1127 -s "106 early data bytes read"
1128
1129# The Mbed TLS server does not allow early data for the ticket it sends but
1130# the GnuTLS indicates early data anyway when resuming with the ticket and
1131# sends early data. The Mbed TLS server does not expect early data in
1132# association with the ticket thus it eventually fails the resumption
1133# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1134# specification and thus its behavior may change in following versions.
1135requires_gnutls_tls1_3
1136requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1137 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1138 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1139 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1140requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1141 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1142run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
1143 "$P_SRV debug_level=4 tickets=1" \
1144 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1145 --earlydata $EARLY_DATA_INPUT" \
1146 1 \
1147 -s "Protocol is TLSv1.3" \
1148 -s "key exchange mode: psk" \
1149 -s "Select PSK ciphersuite" \
1150 -S "Sent max_early_data_size" \
1151 -S "NewSessionTicket: early_data(42) extension exists." \
1152 -s "ClientHello: early_data(42) extension exists." \
1153 -s "EarlyData: rejected, feature disabled in server configuration." \
1154 -S "EncryptedExtensions: early_data(42) extension exists." \
1155 -s "EarlyData: deprotect and discard app data records" \
1156 -s "EarlyData: Too much early data received"
1157
1158# The Mbed TLS server does not allow early data for the ticket it sends but
1159# the GnuTLS indicates early data anyway when resuming with the ticket and
1160# sends early data. The Mbed TLS server does not expect early data in
1161# association with the ticket thus it eventually fails the resumption
1162# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1163# specification and thus its behavior may change in following versions.
1164requires_gnutls_tls1_3
1165requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1166 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1167 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1168 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1169requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1170 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1171run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
1172 "$P_SRV debug_level=4 tickets=1 early_data=0" \
1173 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1174 --earlydata $EARLY_DATA_INPUT" \
1175 1 \
1176 -s "Protocol is TLSv1.3" \
1177 -s "key exchange mode: psk" \
1178 -s "Select PSK ciphersuite" \
1179 -S "Sent max_early_data_size" \
1180 -S "NewSessionTicket: early_data(42) extension exists." \
1181 -s "ClientHello: early_data(42) extension exists." \
1182 -s "EarlyData: rejected, feature disabled in server configuration." \
1183 -S "EncryptedExtensions: early_data(42) extension exists." \
1184 -s "EarlyData: deprotect and discard app data records" \
1185 -s "EarlyData: Too much early data received"
1186
1187requires_gnutls_tls1_3
1188requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1189 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1190 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1191 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1192requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1193 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1194run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
1195 "$P_SRV debug_level=4 tickets=1 early_data=1" \
1196 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1197 0 \
1198 -s "Protocol is TLSv1.3" \
1199 -s "key exchange mode: psk" \
1200 -s "Select PSK ciphersuite" \
1201 -s "Sent max_early_data_size" \
1202 -s "NewSessionTicket: early_data(42) extension exists." \
1203 -S "ClientHello: early_data(42) extension exists." \
1204 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1205
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1206requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
1207 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
1208 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
1209 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1210 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1211run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]1212 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Ronald Crone14770f2024-03-08 08:57:36 +0100[diff] [blame]1213 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1214 0 \
1215 -s "key exchange mode: ephemeral" \
1216 -S "key exchange mode: psk" \
1217 -s "found matched identity" \
1218 -s "EarlyData: rejected, not a session resumption" \
1219 -C "EncryptedExtensions: early_data(42) extension exists."