Blame - tests/opt-testcases/tls13-misc.sh - mirror/mbed-tls

blob: 7b63cd4795bc1e8ae46d50251062c2c4e3a10636 [file] [log] [blame]

Gilles Peskine	ab84fe8	2024-09-13 13:53:50 +0200	[diff] [blame]	1	# Miscellaneous tests of TLS 1.3 features.
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	2
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	3	# Copyright The Mbed TLS Contributors
Dave Rodgman	16799db	2023-11-02 19:47:20 +0000	[diff] [blame]	4	# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	5	#
				6
				7	requires_gnutls_tls1_3
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	8	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10	requires_config_enabled MBEDTLS_SSL_SRV_C
				11	requires_config_enabled MBEDTLS_DEBUG_C
				12	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				13
				14	run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15	"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	16	"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
				17	--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
				18	localhost" \
				19	1 \
				20	-s "found psk key exchange modes extension" \
				21	-s "found pre_shared_key extension" \
				22	-s "Found PSK_EPHEMERAL KEX MODE" \
				23	-s "Found PSK KEX MODE" \
				24	-s "No matched ciphersuite"
				25
				26	requires_openssl_tls1_3
				27	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				28	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				29	requires_config_enabled MBEDTLS_SSL_SRV_C
				30	requires_config_enabled MBEDTLS_DEBUG_C
				31	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				32
				33	run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	34	"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	35	"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
				36	-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
				37	1 \
				38	-s "found psk key exchange modes extension" \
				39	-s "found pre_shared_key extension" \
				40	-s "Found PSK_EPHEMERAL KEX MODE" \
				41	-s "Found PSK KEX MODE" \
				42	-s "No matched ciphersuite"
				43
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	44	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				45	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				46	requires_config_enabled MBEDTLS_SSL_SRV_C
				47	requires_config_enabled MBEDTLS_SSL_CLI_C
				48	requires_config_enabled MBEDTLS_DEBUG_C
				49	requires_config_enabled MBEDTLS_HAVE_TIME
				50	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	51	run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	52	"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	53	"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	54	0 \
				55	-c "Pre-configured PSK number = 2" \
				56	-s "sent selected_identity: 0" \
				57	-s "key exchange mode: psk_ephemeral" \
				58	-S "key exchange mode: psk$" \
				59	-S "key exchange mode: ephemeral$" \
				60	-S "ticket is not authentic"
				61
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	62	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				63	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				64	requires_config_enabled MBEDTLS_SSL_SRV_C
				65	requires_config_enabled MBEDTLS_SSL_CLI_C
				66	requires_config_enabled MBEDTLS_DEBUG_C
				67	requires_config_enabled MBEDTLS_HAVE_TIME
				68	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	69	run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	70	"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	71	"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	72	0 \
				73	-c "Pre-configured PSK number = 2" \
				74	-s "sent selected_identity: 1" \
				75	-s "key exchange mode: psk_ephemeral" \
				76	-S "key exchange mode: psk$" \
				77	-S "key exchange mode: ephemeral$" \
				78	-s "ticket is not authentic"
				79
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	80	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	81	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				82	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				83	requires_config_enabled MBEDTLS_SSL_SRV_C
				84	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	85	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				86	run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
				87	"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
				88	"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
				89	--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
				90	localhost" \
				91	1 \
				92	-s "found psk key exchange modes extension" \
				93	-s "found pre_shared_key extension" \
				94	-s "Found PSK_EPHEMERAL KEX MODE" \
				95	-S "Found PSK KEX MODE" \
				96	-S "key exchange mode: psk$" \
				97	-S "key exchange mode: psk_ephemeral" \
				98	-S "key exchange mode: ephemeral"
				99
				100	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	101	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				102	requires_config_enabled MBEDTLS_SSL_SRV_C
				103	requires_config_enabled MBEDTLS_DEBUG_C
				104	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				105	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				106	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				107	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	108	run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
				109	"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
				110	"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
				111	--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
				112	localhost" \
				113	0 \
				114	-s "found psk key exchange modes extension" \
				115	-s "found pre_shared_key extension" \
				116	-s "Found PSK_EPHEMERAL KEX MODE" \
				117	-s "Found PSK KEX MODE" \
				118	-s "key exchange mode: psk$"
				119
				120	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	121	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				122	requires_config_enabled MBEDTLS_SSL_SRV_C
				123	requires_config_enabled MBEDTLS_DEBUG_C
				124	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				125	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				126	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				127	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	128	run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
				129	"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
				130	"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
				131	--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
				132	localhost" \
				133	0 \
				134	-s "found psk key exchange modes extension" \
				135	-s "found pre_shared_key extension" \
				136	-s "Found PSK_EPHEMERAL KEX MODE" \
				137	-s "Found PSK KEX MODE" \
				138	-s "key exchange mode: psk_ephemeral$"
				139
				140	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	141	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				142	requires_config_enabled MBEDTLS_SSL_SRV_C
				143	requires_config_enabled MBEDTLS_DEBUG_C
				144	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				145	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				146	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				147	requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	148	run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
				149	"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
				150	"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
				151	--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
				152	localhost" \
				153	0 \
				154	-s "key exchange mode: ephemeral$"
				155
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	156	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				157	requires_config_enabled MBEDTLS_SSL_CLI_C
				158	requires_config_enabled MBEDTLS_SSL_SRV_C
				159	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				160	requires_config_enabled MBEDTLS_HAVE_TIME
				161	requires_config_enabled MBEDTLS_DEBUG_C
				162	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	163	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				164	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	165	run_test "TLS 1.3 m->m: resumption" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	166	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	167	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	168	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	169	-c "Protocol is TLSv1.3" \
				170	-c "Saving session for reuse... ok" \
				171	-c "Reconnecting with saved session... ok" \
				172	-c "HTTP/1.0 200 OK" \
				173	-s "Protocol is TLSv1.3" \
				174	-s "key exchange mode: psk" \
				175	-s "Select PSK ciphersuite"
				176
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	177	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				178	requires_config_enabled MBEDTLS_SSL_CLI_C
				179	requires_config_enabled MBEDTLS_SSL_SRV_C
				180	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				181	requires_config_enabled MBEDTLS_HAVE_TIME
				182	requires_config_enabled MBEDTLS_DEBUG_C
				183	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	184	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				185	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				186	run_test "TLS 1.3 m->m: resumption with servername" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	187	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
				188	sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	189	"$P_CLI server_name=localhost new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	190	0 \
				191	-c "Protocol is TLSv1.3" \
				192	-c "Saving session for reuse... ok" \
				193	-c "Reconnecting with saved session... ok" \
				194	-c "HTTP/1.0 200 OK" \
				195	-s "Protocol is TLSv1.3" \
				196	-s "key exchange mode: psk" \
				197	-s "Select PSK ciphersuite"
				198
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	199	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				200	requires_config_enabled MBEDTLS_SSL_CLI_C
				201	requires_config_enabled MBEDTLS_SSL_SRV_C
				202	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				203	requires_config_enabled MBEDTLS_HAVE_TIME
				204	requires_config_enabled MBEDTLS_DEBUG_C
				205	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	206	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				207	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				208	run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	209	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	210	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	211	0 \
				212	-c "Protocol is TLSv1.3" \
				213	-c "Saving session for reuse... ok" \
				214	-c "Reconnecting with saved session... ok" \
				215	-c "HTTP/1.0 200 OK" \
				216	-s "Protocol is TLSv1.3" \
				217	-s "key exchange mode: psk" \
				218	-s "Select PSK ciphersuite"
				219
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	220	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				221	requires_config_enabled MBEDTLS_SSL_CLI_C
				222	requires_config_enabled MBEDTLS_SSL_SRV_C
				223	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				224	requires_config_enabled MBEDTLS_HAVE_TIME
				225	requires_config_enabled MBEDTLS_DEBUG_C
				226	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	227	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				228	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	229	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
				230	run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	231	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	232	"$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	233	0 \
				234	-c "Protocol is TLSv1.3" \
				235	-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
				236	-c "Saving session for reuse... ok" \
				237	-c "Reconnecting with saved session... ok" \
				238	-c "HTTP/1.0 200 OK" \
				239	-s "Protocol is TLSv1.3" \
				240	-s "key exchange mode: psk" \
				241	-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
				242
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	243	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				244	requires_config_enabled MBEDTLS_SSL_CLI_C
				245	requires_config_enabled MBEDTLS_SSL_SRV_C
				246	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				247	requires_config_enabled MBEDTLS_HAVE_TIME
				248	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				249	requires_config_enabled MBEDTLS_DEBUG_C
				250	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	251	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				252	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				253	run_test "TLS 1.3 m->m: resumption with early data" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	254	"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	255	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	256	0 \
				257	-c "Protocol is TLSv1.3" \
				258	-c "Saving session for reuse... ok" \
				259	-c "Reconnecting with saved session" \
				260	-c "HTTP/1.0 200 OK" \
				261	-c "received max_early_data_size" \
				262	-c "NewSessionTicket: early_data(42) extension received." \
				263	-c "ClientHello: early_data(42) extension exists." \
				264	-c "EncryptedExtensions: early_data(42) extension received." \
				265	-c "bytes of early data written" \
				266	-C "0 bytes of early data written" \
				267	-s "Protocol is TLSv1.3" \
				268	-s "key exchange mode: psk" \
				269	-s "Select PSK ciphersuite" \
				270	-s "Sent max_early_data_size" \
				271	-s "NewSessionTicket: early_data(42) extension exists." \
				272	-s "ClientHello: early_data(42) extension exists." \
				273	-s "EncryptedExtensions: early_data(42) extension exists." \
				274	-s "early data bytes read"
				275
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	276	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				277	requires_config_enabled MBEDTLS_SSL_CLI_C
				278	requires_config_enabled MBEDTLS_SSL_SRV_C
				279	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				280	requires_config_enabled MBEDTLS_HAVE_TIME
				281	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				282	requires_config_enabled MBEDTLS_DEBUG_C
				283	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	284	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				285	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				286	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
				287	run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	288	"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	289	"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	290	0 \
				291	-c "Protocol is TLSv1.3" \
				292	-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
				293	-c "Saving session for reuse... ok" \
				294	-c "Reconnecting with saved session" \
				295	-c "HTTP/1.0 200 OK" \
				296	-c "received max_early_data_size" \
				297	-c "NewSessionTicket: early_data(42) extension received." \
				298	-c "ClientHello: early_data(42) extension exists." \
				299	-c "EncryptedExtensions: early_data(42) extension received." \
				300	-c "bytes of early data written" \
				301	-C "0 bytes of early data written" \
				302	-s "Protocol is TLSv1.3" \
				303	-s "key exchange mode: psk" \
				304	-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
				305	-s "Sent max_early_data_size" \
				306	-s "NewSessionTicket: early_data(42) extension exists." \
				307	-s "ClientHello: early_data(42) extension exists." \
				308	-s "EncryptedExtensions: early_data(42) extension exists." \
				309	-s "early data bytes read"
				310
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	311	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				312	requires_config_enabled MBEDTLS_SSL_CLI_C
				313	requires_config_enabled MBEDTLS_SSL_SRV_C
				314	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				315	requires_config_enabled MBEDTLS_HAVE_TIME
				316	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				317	requires_config_enabled MBEDTLS_DEBUG_C
				318	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	319	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				320	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				321	run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	322	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	323	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	324	0 \
				325	-c "Protocol is TLSv1.3" \
				326	-c "Saving session for reuse... ok" \
				327	-c "Reconnecting with saved session" \
				328	-c "HTTP/1.0 200 OK" \
				329	-C "received max_early_data_size" \
				330	-C "NewSessionTicket: early_data(42) extension received." \
				331	-C "ClientHello: early_data(42) extension exists." \
				332	-C "EncryptedExtensions: early_data(42) extension received." \
				333	-c "0 bytes of early data written" \
				334	-s "Protocol is TLSv1.3" \
				335	-s "key exchange mode: psk" \
				336	-s "Select PSK ciphersuite" \
				337	-S "Sent max_early_data_size" \
				338	-S "NewSessionTicket: early_data(42) extension exists." \
				339	-S "ClientHello: early_data(42) extension exists." \
				340	-S "EncryptedExtensions: early_data(42) extension exists." \
				341	-S "early data bytes read"
				342
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	343	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				344	requires_config_enabled MBEDTLS_SSL_CLI_C
				345	requires_config_enabled MBEDTLS_SSL_SRV_C
				346	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				347	requires_config_enabled MBEDTLS_HAVE_TIME
				348	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				349	requires_config_enabled MBEDTLS_DEBUG_C
				350	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	351	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				352	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				353	run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	354	"$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	355	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	356	0 \
				357	-c "Protocol is TLSv1.3" \
				358	-c "Saving session for reuse... ok" \
				359	-c "Reconnecting with saved session" \
				360	-c "HTTP/1.0 200 OK" \
				361	-C "received max_early_data_size" \
				362	-C "NewSessionTicket: early_data(42) extension received." \
				363	-C "ClientHello: early_data(42) extension exists." \
				364	-C "EncryptedExtensions: early_data(42) extension received." \
				365	-c "0 bytes of early data written" \
				366	-s "Protocol is TLSv1.3" \
				367	-s "key exchange mode: psk" \
				368	-s "Select PSK ciphersuite" \
				369	-S "Sent max_early_data_size" \
				370	-S "NewSessionTicket: early_data(42) extension exists." \
				371	-S "ClientHello: early_data(42) extension exists." \
				372	-S "EncryptedExtensions: early_data(42) extension exists." \
				373	-S "early data bytes read"
				374
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	375	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				376	requires_config_enabled MBEDTLS_SSL_CLI_C
				377	requires_config_enabled MBEDTLS_SSL_SRV_C
				378	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				379	requires_config_enabled MBEDTLS_HAVE_TIME
				380	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				381	requires_config_enabled MBEDTLS_DEBUG_C
				382	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	383	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				384	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				385	run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	386	"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	387	"$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	388	0 \
				389	-c "Protocol is TLSv1.3" \
				390	-c "Saving session for reuse... ok" \
				391	-c "Reconnecting with saved session" \
				392	-c "HTTP/1.0 200 OK" \
				393	-c "received max_early_data_size" \
				394	-c "NewSessionTicket: early_data(42) extension received." \
				395	-C "ClientHello: early_data(42) extension exists." \
				396	-C "EncryptedExtensions: early_data(42) extension received." \
				397	-C "bytes of early data written" \
				398	-s "Protocol is TLSv1.3" \
				399	-s "key exchange mode: psk" \
				400	-s "Select PSK ciphersuite" \
				401	-s "Sent max_early_data_size" \
				402	-s "NewSessionTicket: early_data(42) extension exists." \
				403	-S "ClientHello: early_data(42) extension exists." \
				404	-S "EncryptedExtensions: early_data(42) extension exists." \
				405	-S "early data bytes read"
				406
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	407	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				408	requires_config_enabled MBEDTLS_SSL_CLI_C
				409	requires_config_enabled MBEDTLS_SSL_SRV_C
				410	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				411	requires_config_enabled MBEDTLS_HAVE_TIME
				412	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				413	requires_config_enabled MBEDTLS_DEBUG_C
				414	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	415	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				416	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				417	run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	418	"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	419	"$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	420	0 \
				421	-c "Protocol is TLSv1.3" \
				422	-c "Saving session for reuse... ok" \
				423	-c "Reconnecting with saved session" \
				424	-c "HTTP/1.0 200 OK" \
				425	-c "received max_early_data_size" \
				426	-c "NewSessionTicket: early_data(42) extension received." \
				427	-C "ClientHello: early_data(42) extension exists." \
				428	-C "EncryptedExtensions: early_data(42) extension received." \
				429	-C "bytes of early data written" \
				430	-s "Protocol is TLSv1.3" \
				431	-s "key exchange mode: psk" \
				432	-s "Select PSK ciphersuite" \
				433	-s "Sent max_early_data_size" \
				434	-s "NewSessionTicket: early_data(42) extension exists." \
				435	-S "ClientHello: early_data(42) extension exists." \
				436	-S "EncryptedExtensions: early_data(42) extension exists." \
				437	-S "early data bytes read"
				438
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	439	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				440	requires_config_enabled MBEDTLS_SSL_CLI_C
				441	requires_config_enabled MBEDTLS_SSL_SRV_C
				442	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				443	requires_config_enabled MBEDTLS_HAVE_TIME
				444	requires_config_enabled MBEDTLS_DEBUG_C
				445	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	dd2dc15	2024-03-15 10:08:32 +0100	[diff] [blame]	446	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				447	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	448	run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	449	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	450	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	451	1 \
				452	-c "Protocol is TLSv1.3" \
				453	-C "Saving session for reuse... ok" \
				454	-c "Reconnecting with saved session... failed" \
				455	-S "Protocol is TLSv1.3" \
				456	-S "key exchange mode: psk" \
				457	-S "Select PSK ciphersuite" \
				458	-s "Ticket lifetime (604801) is greater than 7 days."
				459
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	460	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				461	requires_config_enabled MBEDTLS_SSL_CLI_C
				462	requires_config_enabled MBEDTLS_SSL_SRV_C
				463	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				464	requires_config_enabled MBEDTLS_HAVE_TIME
				465	requires_config_enabled MBEDTLS_DEBUG_C
				466	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	467	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				468	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				469	run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	470	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	471	"$P_CLI debug_level=2 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	472	1 \
				473	-c "Protocol is TLSv1.3" \
				474	-C "Saving session for reuse... ok" \
				475	-c "Discard new session ticket" \
				476	-c "Reconnecting with saved session... failed" \
				477	-s "Protocol is TLSv1.3" \
				478	-S "key exchange mode: psk" \
				479	-S "Select PSK ciphersuite"
				480
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	481	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				482	requires_config_enabled MBEDTLS_SSL_CLI_C
				483	requires_config_enabled MBEDTLS_SSL_SRV_C
				484	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				485	requires_config_enabled MBEDTLS_HAVE_TIME
				486	requires_config_enabled MBEDTLS_DEBUG_C
				487	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	488	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				489	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				490	run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	491	"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
				492	sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	493	"$P_CLI debug_level=4 server_name=localhost reco_server_name=remote new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	494	1 \
				495	-c "Protocol is TLSv1.3" \
				496	-c "Saving session for reuse... ok" \
				497	-c "Reconnecting with saved session" \
				498	-c "Hostname mismatch the session ticket, disable session resumption." \
				499	-s "Protocol is TLSv1.3" \
				500	-S "key exchange mode: psk" \
				501	-S "Select PSK ciphersuite"
				502
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	503	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				504	requires_config_enabled MBEDTLS_SSL_CLI_C
				505	requires_config_enabled MBEDTLS_SSL_SRV_C
				506	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				507	requires_config_enabled MBEDTLS_HAVE_TIME
				508	requires_config_enabled MBEDTLS_DEBUG_C
				509	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	510	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				511	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				512	run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	513	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	514	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	515	0 \
				516	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	517	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	518	-s "Protocol is TLSv1.3" \
				519	-c "Saving session for reuse... ok" \
				520	-c "Reconnecting with saved session" \
				521	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	522	-s "ticket is not authentic" \
				523	-S "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	524	-S "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	525	-S "Ticket age exceeds limitation" \
				526	-S "Ticket age outside tolerance window"
				527
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	528	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				529	requires_config_enabled MBEDTLS_SSL_CLI_C
				530	requires_config_enabled MBEDTLS_SSL_SRV_C
				531	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				532	requires_config_enabled MBEDTLS_HAVE_TIME
				533	requires_config_enabled MBEDTLS_DEBUG_C
				534	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	535	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f5b4706	2022-12-15 13:46:23 +0100	[diff] [blame]	536	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	537	run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	538	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	539	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	540	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	541	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	542	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	543	-s "Protocol is TLSv1.3" \
				544	-c "Saving session for reuse... ok" \
				545	-c "Reconnecting with saved session" \
				546	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	547	-S "ticket is not authentic" \
				548	-s "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	549	-S "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	550	-S "Ticket age exceeds limitation" \
				551	-S "Ticket age outside tolerance window"
				552
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	553	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				554	requires_config_enabled MBEDTLS_SSL_CLI_C
				555	requires_config_enabled MBEDTLS_SSL_SRV_C
				556	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				557	requires_config_enabled MBEDTLS_HAVE_TIME
				558	requires_config_enabled MBEDTLS_DEBUG_C
				559	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	560	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f5b4706	2022-12-15 13:46:23 +0100	[diff] [blame]	561	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	562	run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	563	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	564	"$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	565	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	566	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	567	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	568	-s "Protocol is TLSv1.3" \
				569	-c "Saving session for reuse... ok" \
				570	-c "Reconnecting with saved session" \
				571	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	572	-S "ticket is not authentic" \
				573	-S "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	574	-s "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	575	-S "Ticket age exceeds limitation" \
				576	-S "Ticket age outside tolerance window"
				577
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	578	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				579	requires_config_enabled MBEDTLS_SSL_CLI_C
				580	requires_config_enabled MBEDTLS_SSL_SRV_C
				581	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				582	requires_config_enabled MBEDTLS_HAVE_TIME
				583	requires_config_enabled MBEDTLS_DEBUG_C
				584	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	585	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f5b4706	2022-12-15 13:46:23 +0100	[diff] [blame]	586	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	587	run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	588	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	589	"$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	590	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	591	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	592	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	593	-s "Protocol is TLSv1.3" \
				594	-c "Saving session for reuse... ok" \
				595	-c "Reconnecting with saved session" \
				596	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	597	-S "ticket is not authentic" \
				598	-S "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	599	-S "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	600	-s "Ticket age exceeds limitation" \
				601	-S "Ticket age outside tolerance window"
				602
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	603	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				604	requires_config_enabled MBEDTLS_SSL_CLI_C
				605	requires_config_enabled MBEDTLS_SSL_SRV_C
				606	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				607	requires_config_enabled MBEDTLS_HAVE_TIME
				608	requires_config_enabled MBEDTLS_DEBUG_C
				609	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	610	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f5b4706	2022-12-15 13:46:23 +0100	[diff] [blame]	611	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	612	run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	613	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	614	"$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	615	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	616	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	617	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	618	-s "Protocol is TLSv1.3" \
				619	-c "Saving session for reuse... ok" \
				620	-c "Reconnecting with saved session" \
				621	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	622	-S "ticket is not authentic" \
				623	-S "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	624	-S "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	625	-S "Ticket age exceeds limitation" \
				626	-s "Ticket age outside tolerance window"
				627
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	628	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				629	requires_config_enabled MBEDTLS_SSL_CLI_C
				630	requires_config_enabled MBEDTLS_SSL_SRV_C
				631	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				632	requires_config_enabled MBEDTLS_HAVE_TIME
				633	requires_config_enabled MBEDTLS_DEBUG_C
				634	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	635	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f5b4706	2022-12-15 13:46:23 +0100	[diff] [blame]	636	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	637	run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	638	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	639	"$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	640	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	641	-c "Protocol is TLSv1.3" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	642	-s "key exchange mode: ephemeral" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	643	-s "Protocol is TLSv1.3" \
				644	-c "Saving session for reuse... ok" \
				645	-c "Reconnecting with saved session" \
				646	-S "key exchange mode: psk" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	647	-S "ticket is not authentic" \
				648	-S "ticket is expired" \
Jerry Yu	60e9972	2023-11-20 09:55:24 +0800	[diff] [blame]	649	-S "Invalid ticket creation time" \
Jerry Yu	616ba75	2022-11-08 21:49:47 +0800	[diff] [blame]	650	-S "Ticket age exceeds limitation" \
				651	-s "Ticket age outside tolerance window"
				652
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	653	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				654	requires_config_enabled MBEDTLS_SSL_CLI_C
				655	requires_config_enabled MBEDTLS_SSL_SRV_C
				656	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				657	requires_config_enabled MBEDTLS_HAVE_TIME
				658	requires_config_enabled MBEDTLS_DEBUG_C
				659	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				660	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	661	run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	662	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	663	"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	664	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	665	-c "Protocol is TLSv1.3" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	666	-s "key exchange mode: ephemeral" \
				667	-S "key exchange mode: psk_ephemeral" \
				668	-S "key exchange mode: psk$" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	669	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	670	-s "No suitable PSK key exchange mode" \
				671	-s "No usable PSK or ticket"
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	672
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	673	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				674	requires_config_enabled MBEDTLS_SSL_CLI_C
				675	requires_config_enabled MBEDTLS_SSL_SRV_C
				676	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				677	requires_config_enabled MBEDTLS_HAVE_TIME
				678	requires_config_enabled MBEDTLS_DEBUG_C
				679	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				680	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	681	run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	682	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	683	"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	684	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	685	-c "Protocol is TLSv1.3" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	686	-s "key exchange mode: ephemeral" \
				687	-S "key exchange mode: psk_ephemeral" \
				688	-S "key exchange mode: psk$" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	689	-s "found matched identity" \
				690	-S "No suitable PSK key exchange mode" \
				691	-S "No usable PSK or ticket"
				692
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	693	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				694	requires_config_enabled MBEDTLS_SSL_CLI_C
				695	requires_config_enabled MBEDTLS_SSL_SRV_C
				696	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				697	requires_config_enabled MBEDTLS_HAVE_TIME
				698	requires_config_enabled MBEDTLS_DEBUG_C
				699	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				700	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	701	run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	702	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	703	"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	704	0 \
				705	-c "Protocol is TLSv1.3" \
				706	-s "key exchange mode: ephemeral" \
				707	-S "key exchange mode: psk_ephemeral" \
				708	-S "key exchange mode: psk$" \
				709	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	710	-s "No suitable PSK key exchange mode" \
				711	-s "No usable PSK or ticket"
				712
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	713	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				714	requires_config_enabled MBEDTLS_SSL_CLI_C
				715	requires_config_enabled MBEDTLS_SSL_SRV_C
				716	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				717	requires_config_enabled MBEDTLS_HAVE_TIME
				718	requires_config_enabled MBEDTLS_DEBUG_C
				719	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				720	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	721	run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	722	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	723	"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	724	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	725	-c "Protocol is TLSv1.3" \
				726	-s "key exchange mode: ephemeral" \
				727	-S "key exchange mode: psk_ephemeral" \
				728	-S "key exchange mode: psk$" \
				729	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	730	-S "No suitable PSK key exchange mode" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	731	-S "No usable PSK or ticket"
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	732
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	733	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				734	requires_config_enabled MBEDTLS_SSL_CLI_C
				735	requires_config_enabled MBEDTLS_SSL_SRV_C
				736	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				737	requires_config_enabled MBEDTLS_HAVE_TIME
				738	requires_config_enabled MBEDTLS_DEBUG_C
				739	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				740	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	741	run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	742	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	743	"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	744	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	745	-c "Protocol is TLSv1.3" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	746	-s "key exchange mode: ephemeral" \
				747	-S "key exchange mode: psk_ephemeral" \
				748	-S "key exchange mode: psk$" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	749	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	750	-s "No suitable PSK key exchange mode" \
				751	-s "No usable PSK or ticket"
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	752
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	753	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				754	requires_config_enabled MBEDTLS_SSL_CLI_C
				755	requires_config_enabled MBEDTLS_SSL_SRV_C
				756	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				757	requires_config_enabled MBEDTLS_HAVE_TIME
				758	requires_config_enabled MBEDTLS_DEBUG_C
				759	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				760	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	761	run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	762	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	763	"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	764	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	765	-c "Protocol is TLSv1.3" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	766	-s "key exchange mode: ephemeral" \
				767	-S "key exchange mode: psk_ephemeral" \
				768	-S "key exchange mode: psk$" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	769	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	770	-s "No suitable PSK key exchange mode" \
				771	-s "No usable PSK or ticket"
				772
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	773	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				774	requires_config_enabled MBEDTLS_SSL_CLI_C
				775	requires_config_enabled MBEDTLS_SSL_SRV_C
				776	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				777	requires_config_enabled MBEDTLS_HAVE_TIME
				778	requires_config_enabled MBEDTLS_DEBUG_C
				779	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				780	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	781	run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	782	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	783	"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	784	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	785	-c "Protocol is TLSv1.3" \
				786	-s "key exchange mode: ephemeral" \
				787	-s "key exchange mode: psk_ephemeral" \
				788	-S "key exchange mode: psk$" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	789	-s "found matched identity" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	790	-S "No suitable PSK key exchange mode" \
				791	-S "No usable PSK or ticket"
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	792
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	793	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				794	requires_config_enabled MBEDTLS_SSL_CLI_C
				795	requires_config_enabled MBEDTLS_SSL_SRV_C
				796	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				797	requires_config_enabled MBEDTLS_HAVE_TIME
				798	requires_config_enabled MBEDTLS_DEBUG_C
				799	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				800	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	801	run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	802	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	803	"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	804	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	805	-c "Protocol is TLSv1.3" \
				806	-s "key exchange mode: ephemeral" \
				807	-s "key exchange mode: psk_ephemeral" \
				808	-S "key exchange mode: psk$" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	809	-s "found matched identity" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	810	-S "No suitable PSK key exchange mode" \
				811	-S "No usable PSK or ticket"
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	812
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	813	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				814	requires_config_enabled MBEDTLS_SSL_CLI_C
				815	requires_config_enabled MBEDTLS_SSL_SRV_C
				816	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				817	requires_config_enabled MBEDTLS_HAVE_TIME
				818	requires_config_enabled MBEDTLS_DEBUG_C
				819	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				820	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				821	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	822	run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	823	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	824	"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	825	0 \
				826	-c "Pre-configured PSK number = 1" \
				827	-S "sent selected_identity:" \
				828	-s "key exchange mode: ephemeral" \
				829	-S "key exchange mode: psk_ephemeral" \
				830	-S "key exchange mode: psk$" \
				831	-s "No suitable PSK key exchange mode" \
				832	-s "No usable PSK or ticket"
				833
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	834	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				835	requires_config_enabled MBEDTLS_SSL_CLI_C
				836	requires_config_enabled MBEDTLS_SSL_SRV_C
				837	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				838	requires_config_enabled MBEDTLS_HAVE_TIME
				839	requires_config_enabled MBEDTLS_DEBUG_C
				840	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				841	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				842	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	843	run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	844	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	845	"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	846	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	847	-c "Protocol is TLSv1.3" \
				848	-s "key exchange mode: ephemeral" \
				849	-S "key exchange mode: psk_ephemeral" \
				850	-S "key exchange mode: psk$" \
				851	-s "found matched identity" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	852	-S "No suitable PSK key exchange mode" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	853	-S "No usable PSK or ticket"
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	854
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	855	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				856	requires_config_enabled MBEDTLS_SSL_CLI_C
				857	requires_config_enabled MBEDTLS_SSL_SRV_C
				858	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				859	requires_config_enabled MBEDTLS_HAVE_TIME
				860	requires_config_enabled MBEDTLS_DEBUG_C
				861	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				862	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				863	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	864	run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	865	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	866	"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	867	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	868	-c "Protocol is TLSv1.3" \
				869	-s "key exchange mode: ephemeral" \
				870	-s "key exchange mode: psk_ephemeral" \
				871	-S "key exchange mode: psk$" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	872	-s "found matched identity" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	873	-S "No suitable PSK key exchange mode" \
				874	-S "No usable PSK or ticket"
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	875
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	876	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				877	requires_config_enabled MBEDTLS_SSL_CLI_C
				878	requires_config_enabled MBEDTLS_SSL_SRV_C
				879	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				880	requires_config_enabled MBEDTLS_HAVE_TIME
				881	requires_config_enabled MBEDTLS_DEBUG_C
				882	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				883	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				884	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	885	run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
David Horstmann	9c4dd4e	2024-06-11 17:44:00 +0100	[diff] [blame]	886	"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	887	"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	888	0 \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	889	-c "Protocol is TLSv1.3" \
				890	-s "key exchange mode: ephemeral" \
				891	-s "key exchange mode: psk_ephemeral" \
				892	-S "key exchange mode: psk$" \
Ronald Cron	3cf4145	2024-03-10 10:44:14 +0100	[diff] [blame]	893	-s "found matched identity" \
Ronald Cron	e739892	2024-03-10 12:11:02 +0100	[diff] [blame]	894	-S "No suitable PSK key exchange mode" \
				895	-S "No usable PSK or ticket"
Jerry Yu	e599132	2022-11-07 14:03:44 +0800	[diff] [blame]	896
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	897	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	898	requires_config_enabled MBEDTLS_SSL_CLI_C
				899	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				900	requires_config_enabled MBEDTLS_HAVE_TIME
				901	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				902	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	903	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				904	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				905	run_test "TLS 1.3 m->O: resumption" \
				906	"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	907	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	908	0 \
				909	-c "Protocol is TLSv1.3" \
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	910	-c "Saving session for reuse... ok" \
				911	-c "Reconnecting with saved session... ok" \
				912	-c "HTTP/1.0 200 ok"
				913
Ronald Cron	54a9b11	2024-03-26 11:17:10 +0100	[diff] [blame]	914	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	915	requires_config_enabled MBEDTLS_SSL_CLI_C
				916	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				917	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	54a9b11	2024-03-26 11:17:10 +0100	[diff] [blame]	918	requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
				919	run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
				920	"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
				921	"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
				922	1 \
				923	-c "Protocol is TLSv1.3" \
				924	-C "Saving session for reuse... ok" \
				925	-C "Reconnecting with saved session... ok" \
Ronald Cron	97dc583	2024-08-28 09:34:34 +0200	[diff] [blame]	926	-c "Ignoring NewSessionTicket, not supported."
Ronald Cron	54a9b11	2024-03-26 11:17:10 +0100	[diff] [blame]	927
Ronald Cron	57ad182	2024-08-27 19:38:41 +0200	[diff] [blame]	928	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	929	requires_config_enabled MBEDTLS_SSL_CLI_C
				930	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				931	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				932	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	933	run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron	57ad182	2024-08-27 19:38:41 +0200	[diff] [blame]	934	"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
				935	"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
				936	1 \
				937	-c "Protocol is TLSv1.3" \
				938	-C "Saving session for reuse... ok" \
				939	-C "Reconnecting with saved session... ok" \
Ronald Cron	97dc583	2024-08-28 09:34:34 +0200	[diff] [blame]	940	-c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron	57ad182	2024-08-27 19:38:41 +0200	[diff] [blame]	941
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	942	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	943	requires_config_enabled MBEDTLS_SSL_CLI_C
				944	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				945	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				946	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	947	run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \
				948	"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
				949	"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
				950	1 \
				951	-c "Protocol is TLSv1.3" \
				952	-C "Saving session for reuse... ok" \
				953	-C "Reconnecting with saved session... ok" \
				954	-c "Ignoring NewSessionTicket, handling disabled."
				955
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	956	# No early data m->O tests for the time being. The option -early_data is needed
				957	# to enable early data on OpenSSL server and it is not compatible with the
				958	# -www option we usually use for testing with OpenSSL server (see
				959	# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
				960	# ephemeral then ticket based scenario we use for early data testing the first
				961	# handshake fails. The following skipped test is here to illustrate the kind
				962	# of testing we would like to do.
				963	skip_next_test
				964	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	965	requires_config_enabled MBEDTLS_SSL_CLI_C
				966	requires_config_enabled MBEDTLS_DEBUG_C
				967	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				968	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				969	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	970	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				971	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				972	run_test "TLS 1.3 m->O: resumption with early data" \
				973	"$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	974	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	975	0 \
				976	-c "Protocol is TLSv1.3" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	977	-c "Saving session for reuse... ok" \
				978	-c "Reconnecting with saved session" \
Ronald Cron	00fa13b	2024-03-05 17:45:44 +0100	[diff] [blame]	979	-c "HTTP/1.0 200 OK" \
				980	-c "received max_early_data_size: 16384" \
				981	-c "NewSessionTicket: early_data(42) extension received." \
				982	-c "ClientHello: early_data(42) extension exists." \
				983	-c "EncryptedExtensions: early_data(42) extension received." \
				984	-c "bytes of early data written" \
				985	-s "decrypted early data with length:"
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	986
				987	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	988	requires_config_enabled MBEDTLS_SSL_CLI_C
				989	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				990	requires_config_enabled MBEDTLS_HAVE_TIME
				991	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				992	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	993	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				994	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				995	run_test "TLS 1.3 m->G: resumption" \
				996	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	997	"$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	998	0 \
				999	-c "Protocol is TLSv1.3" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1000	-c "Saving session for reuse... ok" \
				1001	-c "Reconnecting with saved session... ok" \
				1002	-c "HTTP/1.0 200 OK"
				1003
				1004	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1005	requires_config_enabled MBEDTLS_SSL_CLI_C
				1006	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1007	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	54a9b11	2024-03-26 11:17:10 +0100	[diff] [blame]	1008	requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
				1009	run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
				1010	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
				1011	"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
				1012	1 \
				1013	-c "Protocol is TLSv1.3" \
				1014	-C "Saving session for reuse... ok" \
				1015	-C "Reconnecting with saved session... ok" \
Ronald Cron	97dc583	2024-08-28 09:34:34 +0200	[diff] [blame]	1016	-c "Ignoring NewSessionTicket, not supported."
Ronald Cron	54a9b11	2024-03-26 11:17:10 +0100	[diff] [blame]	1017
				1018	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1019	requires_config_enabled MBEDTLS_SSL_CLI_C
				1020	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1021	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1022	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1023	run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron	57ad182	2024-08-27 19:38:41 +0200	[diff] [blame]	1024	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
				1025	"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
				1026	1 \
				1027	-c "Protocol is TLSv1.3" \
				1028	-C "Saving session for reuse... ok" \
				1029	-C "Reconnecting with saved session... ok" \
Ronald Cron	97dc583	2024-08-28 09:34:34 +0200	[diff] [blame]	1030	-c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron	57ad182	2024-08-27 19:38:41 +0200	[diff] [blame]	1031
				1032	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1033	requires_config_enabled MBEDTLS_SSL_CLI_C
				1034	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1035	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1036	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1037	run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \
				1038	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
				1039	"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
				1040	1 \
				1041	-c "Protocol is TLSv1.3" \
				1042	-C "Saving session for reuse... ok" \
				1043	-C "Reconnecting with saved session... ok" \
				1044	-c "Ignoring NewSessionTicket, handling disabled."
				1045
				1046	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1047	requires_config_enabled MBEDTLS_SSL_CLI_C
				1048	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1049	requires_config_enabled MBEDTLS_HAVE_TIME
				1050	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1051	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1052	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1053	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1054	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
				1055	run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
				1056	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1057	"$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1058	0 \
				1059	-c "Protocol is TLSv1.3" \
				1060	-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
				1061	-c "Saving session for reuse... ok" \
				1062	-c "Reconnecting with saved session... ok" \
				1063	-c "HTTP/1.0 200 OK"
				1064
				1065	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1066	requires_config_enabled MBEDTLS_SSL_CLI_C
				1067	requires_config_enabled MBEDTLS_DEBUG_C
				1068	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1069	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1070	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1071	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1072	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1073	run_test "TLS 1.3 m->G: resumption with early data" \
				1074	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
				1075	--earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1076	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1077	0 \
				1078	-c "Protocol is TLSv1.3" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1079	-c "Saving session for reuse... ok" \
				1080	-c "Reconnecting with saved session" \
				1081	-c "HTTP/1.0 200 OK" \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1082	-c "received max_early_data_size: 16384" \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1083	-c "NewSessionTicket: early_data(42) extension received." \
				1084	-c "ClientHello: early_data(42) extension exists." \
				1085	-c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1086	-c "bytes of early data written" \
				1087	-s "decrypted early data with length:"
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1088
				1089	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1090	requires_config_enabled MBEDTLS_SSL_CLI_C
				1091	requires_config_enabled MBEDTLS_DEBUG_C
				1092	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1093	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1094	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1095	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1096	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1097	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
				1098	run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
				1099	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
				1100	--earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1101	"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1102	0 \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1103	-c "Protocol is TLSv1.3" \
				1104	-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
				1105	-c "Saving session for reuse... ok" \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1106	-c "Reconnecting with saved session" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1107	-c "HTTP/1.0 200 OK" \
				1108	-c "received max_early_data_size: 16384" \
				1109	-c "NewSessionTicket: early_data(42) extension received." \
				1110	-c "ClientHello: early_data(42) extension exists." \
				1111	-c "EncryptedExtensions: early_data(42) extension received." \
				1112	-c "bytes of early data written" \
				1113	-s "decrypted early data with length:"
				1114
				1115	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1116	requires_config_enabled MBEDTLS_SSL_CLI_C
				1117	requires_config_enabled MBEDTLS_DEBUG_C
				1118	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1119	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1120	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1121	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1122	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1123	run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
				1124	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1125	"$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1126	0 \
				1127	-c "Protocol is TLSv1.3" \
				1128	-c "Saving session for reuse... ok" \
				1129	-c "Reconnecting with saved session" \
				1130	-c "HTTP/1.0 200 OK" \
				1131	-C "received max_early_data_size: 16384" \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1132	-C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1133
				1134	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1135	requires_config_enabled MBEDTLS_SSL_CLI_C
				1136	requires_config_enabled MBEDTLS_DEBUG_C
				1137	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1138	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1139	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1140	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1141	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1142	run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
				1143	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
				1144	--earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1145	"$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1146	0 \
				1147	-c "Protocol is TLSv1.3" \
				1148	-c "Saving session for reuse... ok" \
				1149	-c "Reconnecting with saved session" \
				1150	-c "HTTP/1.0 200 OK" \
				1151	-c "received max_early_data_size: 16384" \
				1152	-c "NewSessionTicket: early_data(42) extension received." \
				1153	-C "ClientHello: early_data(42) extension exists." \
				1154
				1155	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1156	requires_config_enabled MBEDTLS_SSL_CLI_C
				1157	requires_config_enabled MBEDTLS_DEBUG_C
				1158	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1159	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1160	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1161	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
				1162	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1163	run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
				1164	"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
				1165	--earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1166	"$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	0521008	2024-03-05 16:34:51 +0100	[diff] [blame]	1167	0 \
				1168	-c "Protocol is TLSv1.3" \
				1169	-c "Saving session for reuse... ok" \
				1170	-c "Reconnecting with saved session" \
				1171	-c "HTTP/1.0 200 OK" \
				1172	-c "received max_early_data_size: 16384" \
				1173	-c "NewSessionTicket: early_data(42) extension received." \
				1174	-C "ClientHello: early_data(42) extension exists." \
Ronald Cron	c8d604d	2024-03-05 15:05:47 +0100	[diff] [blame]	1175
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1176	requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1177	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1178	requires_config_enabled MBEDTLS_SSL_SRV_C
				1179	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1180	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	820199a	2024-03-10 10:39:26 +0100	[diff] [blame]	1181	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1182	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				1183	# https://github.com/openssl/openssl/issues/10714
				1184	# Until now, OpenSSL client does not support reconnect.
				1185	skip_next_test
Ronald Cron	820199a	2024-03-10 10:39:26 +0100	[diff] [blame]	1186	run_test "TLS 1.3 O->m: resumption" \
				1187	"$P_SRV debug_level=2 tickets=1" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1188	"$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
				1189	0 \
Ronald Cron	820199a	2024-03-10 10:39:26 +0100	[diff] [blame]	1190	-s "Protocol is TLSv1.3" \
				1191	-s "key exchange mode: psk" \
				1192	-s "Select PSK ciphersuite"
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1193
				1194	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1195	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1196	requires_config_enabled MBEDTLS_HAVE_TIME
				1197	requires_config_enabled MBEDTLS_SSL_SRV_C
				1198	requires_config_enabled MBEDTLS_DEBUG_C
				1199	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1200	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1201	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1202	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1203	run_test "TLS 1.3 G->m: resumption" \
				1204	"$P_SRV debug_level=2 tickets=1" \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1205	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
				1206	0 \
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1207	-s "Protocol is TLSv1.3" \
				1208	-s "key exchange mode: psk" \
				1209	-s "Select PSK ciphersuite"
				1210
				1211	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1212	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1213	requires_config_enabled MBEDTLS_HAVE_TIME
				1214	requires_config_enabled MBEDTLS_SSL_SRV_C
				1215	requires_config_enabled MBEDTLS_DEBUG_C
				1216	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1217	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1218	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				1219	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				1220	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
				1221	# Test the session resumption when the cipher suite for the original session is
				1222	# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
				1223	# 256 bits long as with all the other TLS 1.3 cipher suites.
				1224	run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
				1225	"$P_SRV debug_level=2 tickets=1" \
				1226	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
				1227	0 \
				1228	-s "Protocol is TLSv1.3" \
				1229	-s "key exchange mode: psk" \
				1230	-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1231
Ronald Cron	854df13	2024-03-05 17:50:50 +0100	[diff] [blame]	1232	EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT \| wc -c ) + 31 ) / 32 ))
				1233	EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
				1234
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1235	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1236	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1237	requires_config_enabled MBEDTLS_HAVE_TIME
				1238	requires_config_enabled MBEDTLS_SSL_SRV_C
				1239	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1240	requires_config_enabled MBEDTLS_DEBUG_C
				1241	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1242	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	854df13	2024-03-05 17:50:50 +0100	[diff] [blame]	1243	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				1244	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1245	run_test "TLS 1.3 G->m: resumption with early data" \
				1246	"$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
				1247	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
				1248	--earlydata $EARLY_DATA_INPUT" \
Ronald Cron	854df13	2024-03-05 17:50:50 +0100	[diff] [blame]	1249	0 \
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1250	-s "Protocol is TLSv1.3" \
				1251	-s "key exchange mode: psk" \
				1252	-s "Select PSK ciphersuite" \
				1253	-s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
				1254	-s "NewSessionTicket: early_data(42) extension exists." \
				1255	-s "ClientHello: early_data(42) extension exists." \
				1256	-s "EncryptedExtensions: early_data(42) extension exists." \
				1257	-s "$( head -1 $EARLY_DATA_INPUT )" \
				1258	-s "$( tail -1 $EARLY_DATA_INPUT )" \
				1259	-s "200 early data bytes read" \
Ronald Cron	854df13	2024-03-05 17:50:50 +0100	[diff] [blame]	1260	-s "106 early data bytes read"
				1261
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1262	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1263	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1264	requires_config_enabled MBEDTLS_HAVE_TIME
				1265	requires_config_enabled MBEDTLS_SSL_SRV_C
				1266	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1267	requires_config_enabled MBEDTLS_DEBUG_C
				1268	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1269	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1270	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1271	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1272	requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1273	run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
				1274	"$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
				1275	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
				1276	--earlydata $EARLY_DATA_INPUT" \
				1277	0 \
				1278	-s "Protocol is TLSv1.3" \
				1279	-s "key exchange mode: psk" \
				1280	-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
				1281	-s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
				1282	-s "NewSessionTicket: early_data(42) extension exists." \
				1283	-s "ClientHello: early_data(42) extension exists." \
				1284	-s "EncryptedExtensions: early_data(42) extension exists." \
				1285	-s "$( head -1 $EARLY_DATA_INPUT )" \
				1286	-s "$( tail -1 $EARLY_DATA_INPUT )" \
				1287	-s "200 early data bytes read" \
				1288	-s "106 early data bytes read"
				1289
				1290	# The Mbed TLS server does not allow early data for the ticket it sends but
				1291	# the GnuTLS indicates early data anyway when resuming with the ticket and
				1292	# sends early data. The Mbed TLS server does not expect early data in
				1293	# association with the ticket thus it eventually fails the resumption
				1294	# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
				1295	# specification and thus its behavior may change in following versions.
				1296	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1297	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1298	requires_config_enabled MBEDTLS_HAVE_TIME
				1299	requires_config_enabled MBEDTLS_SSL_SRV_C
				1300	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1301	requires_config_enabled MBEDTLS_DEBUG_C
				1302	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1303	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1304	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				1305	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				1306	run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
				1307	"$P_SRV debug_level=4 tickets=1" \
				1308	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
				1309	--earlydata $EARLY_DATA_INPUT" \
				1310	1 \
				1311	-s "Protocol is TLSv1.3" \
				1312	-s "key exchange mode: psk" \
				1313	-s "Select PSK ciphersuite" \
				1314	-S "Sent max_early_data_size" \
				1315	-S "NewSessionTicket: early_data(42) extension exists." \
				1316	-s "ClientHello: early_data(42) extension exists." \
				1317	-s "EarlyData: rejected, feature disabled in server configuration." \
				1318	-S "EncryptedExtensions: early_data(42) extension exists." \
				1319	-s "EarlyData: deprotect and discard app data records" \
				1320	-s "EarlyData: Too much early data received"
				1321
				1322	# The Mbed TLS server does not allow early data for the ticket it sends but
				1323	# the GnuTLS indicates early data anyway when resuming with the ticket and
				1324	# sends early data. The Mbed TLS server does not expect early data in
				1325	# association with the ticket thus it eventually fails the resumption
				1326	# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
				1327	# specification and thus its behavior may change in following versions.
				1328	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1329	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1330	requires_config_enabled MBEDTLS_HAVE_TIME
				1331	requires_config_enabled MBEDTLS_SSL_SRV_C
				1332	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1333	requires_config_enabled MBEDTLS_DEBUG_C
				1334	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1335	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1336	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				1337	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				1338	run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
				1339	"$P_SRV debug_level=4 tickets=1 early_data=0" \
				1340	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
				1341	--earlydata $EARLY_DATA_INPUT" \
				1342	1 \
				1343	-s "Protocol is TLSv1.3" \
				1344	-s "key exchange mode: psk" \
				1345	-s "Select PSK ciphersuite" \
				1346	-S "Sent max_early_data_size" \
				1347	-S "NewSessionTicket: early_data(42) extension exists." \
				1348	-s "ClientHello: early_data(42) extension exists." \
				1349	-s "EarlyData: rejected, feature disabled in server configuration." \
				1350	-S "EncryptedExtensions: early_data(42) extension exists." \
				1351	-s "EarlyData: deprotect and discard app data records" \
				1352	-s "EarlyData: Too much early data received"
				1353
				1354	requires_gnutls_tls1_3
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1355	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1356	requires_config_enabled MBEDTLS_HAVE_TIME
				1357	requires_config_enabled MBEDTLS_SSL_SRV_C
				1358	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1359	requires_config_enabled MBEDTLS_DEBUG_C
				1360	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1361	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1ccd7a7	2024-03-05 23:31:07 +0100	[diff] [blame]	1362	requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
				1363	MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
				1364	run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
				1365	"$P_SRV debug_level=4 tickets=1 early_data=1" \
				1366	"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
				1367	0 \
				1368	-s "Protocol is TLSv1.3" \
				1369	-s "key exchange mode: psk" \
				1370	-s "Select PSK ciphersuite" \
				1371	-s "Sent max_early_data_size" \
				1372	-s "NewSessionTicket: early_data(42) extension exists." \
				1373	-S "ClientHello: early_data(42) extension exists." \
				1374	-S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cron	f1ad73f	2024-03-05 08:38:49 +0100	[diff] [blame]	1375
Gilles Peskine	365296a	2024-09-13 14:15:46 +0200	[diff] [blame^]	1376	requires_config_enabled MBEDTLS_SSL_EARLY_DATA
				1377	requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
				1378	requires_config_enabled MBEDTLS_SSL_CLI_C
				1379	requires_config_enabled MBEDTLS_SSL_SRV_C
				1380	requires_config_enabled MBEDTLS_DEBUG_C
				1381	requires_config_enabled MBEDTLS_HAVE_TIME
				1382	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
				1383	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	1f63fe4	2024-02-23 15:49:12 +0100	[diff] [blame]	1384	run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron	74191a5	2024-03-09 17:38:16 +0100	[diff] [blame]	1385	"$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Manuel Pégourié-Gonnard	aa80f53	2024-09-04 10:51:33 +0200	[diff] [blame]	1386	"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron	1f63fe4	2024-02-23 15:49:12 +0100	[diff] [blame]	1387	0 \
				1388	-s "key exchange mode: ephemeral" \
				1389	-S "key exchange mode: psk" \
				1390	-s "found matched identity" \
				1391	-s "EarlyData: rejected, not a session resumption" \
				1392	-C "EncryptedExtensions: early_data(42) extension exists."