TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3cf41457eee7d27b16002297b445211cf92c008a / . / tests / opt-testcases / tls13-misc.sh
blob: 7fc3af96449f099fcf70031525b623a6b1894f9d [file] [log] [blame]
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]1#!/bin/sh
2
3# tls13-misc.sh
4#
5# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]7#
8
9requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12requires_config_enabled MBEDTLS_SSL_SRV_C
13requires_config_enabled MBEDTLS_DEBUG_C
14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
15
16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
20 localhost" \
21 1 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "No matched ciphersuite"
27
28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
31requires_config_enabled MBEDTLS_SSL_SRV_C
32requires_config_enabled MBEDTLS_DEBUG_C
33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
34
35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
39 1 \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No matched ciphersuite"
45
46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]52 0 \
53 -c "Pre-configured PSK number = 2" \
54 -s "sent selected_identity: 0" \
55 -s "key exchange mode: psk_ephemeral" \
56 -S "key exchange mode: psk$" \
57 -S "key exchange mode: ephemeral$" \
58 -S "ticket is not authentic"
59
60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]66 0 \
67 -c "Pre-configured PSK number = 2" \
68 -s "sent selected_identity: 1" \
69 -s "key exchange mode: psk_ephemeral" \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: ephemeral$" \
72 -s "ticket is not authentic"
73
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]74requires_gnutls_tls1_3
75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
81 localhost" \
82 1 \
83 -s "found psk key exchange modes extension" \
84 -s "found pre_shared_key extension" \
85 -s "Found PSK_EPHEMERAL KEX MODE" \
86 -S "Found PSK KEX MODE" \
87 -S "key exchange mode: psk$" \
88 -S "key exchange mode: psk_ephemeral" \
89 -S "key exchange mode: ephemeral"
90
91requires_gnutls_tls1_3
92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
101 localhost" \
102 0 \
103 -s "found psk key exchange modes extension" \
104 -s "found pre_shared_key extension" \
105 -s "Found PSK_EPHEMERAL KEX MODE" \
106 -s "Found PSK KEX MODE" \
107 -s "key exchange mode: psk$"
108
109requires_gnutls_tls1_3
110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
119 localhost" \
120 0 \
121 -s "found psk key exchange modes extension" \
122 -s "found pre_shared_key extension" \
123 -s "Found PSK_EPHEMERAL KEX MODE" \
124 -s "Found PSK KEX MODE" \
125 -s "key exchange mode: psk_ephemeral$"
126
127requires_gnutls_tls1_3
128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
137 localhost" \
138 0 \
139 -s "key exchange mode: ephemeral$"
140
141requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
142requires_config_enabled MBEDTLS_SSL_SRV_C
143requires_config_enabled MBEDTLS_SSL_CLI_C
144requires_config_enabled MBEDTLS_DEBUG_C
145requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
146 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
148run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
149 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \
150 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
151 0 \
152 -c "Protocol is TLSv1.3" \
153 -c "got new session ticket ( 3 )" \
154 -c "Saving session for reuse... ok" \
155 -c "Reconnecting with saved session" \
156 -c "HTTP/1.0 200 OK" \
157 -s "=> write NewSessionTicket msg" \
158 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
159 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
160 -s "key exchange mode: ephemeral" \
161 -s "key exchange mode: psk_ephemeral" \
162 -s "found pre_shared_key extension"
163
164requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
165 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
166 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
167 MBEDTLS_DEBUG_C \
168 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
169requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
170 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
171run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime max value (7d)" \
172 "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \
173 "$P_CLI reco_mode=1 reconnect=1" \
174 0 \
175 -c "Protocol is TLSv1.3" \
176 -c "HTTP/1.0 200 OK" \
177 -c "got new session ticket" \
178 -c "Reconnecting with saved session... ok" \
179 -s "Protocol is TLSv1.3" \
180 -S "Ticket lifetime (604800) is greater than 7 days."
181
182requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
183 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
184 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
185 MBEDTLS_DEBUG_C \
186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
187requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
188 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
189run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime too long (7d + 1s)" \
190 "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
191 "$P_CLI reco_mode=1 reconnect=1" \
192 1 \
193 -c "Protocol is TLSv1.3" \
194 -C "HTTP/1.0 200 OK" \
195 -C "got new session ticket" \
196 -C "Reconnecting with saved session... ok" \
197 -S "Protocol is TLSv1.3" \
198 -s "Ticket lifetime (604801) is greater than 7 days."
199
200requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
201 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
202 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
203 MBEDTLS_DEBUG_C \
204 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
205requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
206 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
207run_test "TLS 1.3 m->m: NewSessionTicket: ticket lifetime=0" \
208 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \
209 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
210 1 \
211 -c "Protocol is TLSv1.3" \
212 -c "HTTP/1.0 200 OK" \
213 -c "Discard new session ticket" \
214 -C "got new session ticket" \
215 -c "Reconnecting with saved session... failed" \
216 -s "Protocol is TLSv1.3" \
217 -s "<= write new session ticket"
218
219requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
220requires_config_enabled MBEDTLS_SSL_SRV_C
221requires_config_enabled MBEDTLS_SSL_CLI_C
222requires_config_enabled MBEDTLS_DEBUG_C
223requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
225 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
226run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \
227 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \
228 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
229 "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \
230 0 \
231 -c "Protocol is TLSv1.3" \
232 -c "got new session ticket." \
233 -c "Saving session for reuse... ok" \
234 -c "Reconnecting with saved session" \
235 -c "HTTP/1.0 200 OK" \
236 -s "=> write NewSessionTicket msg" \
237 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
238 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
239 -s "key exchange mode: ephemeral" \
240 -s "key exchange mode: psk_ephemeral" \
241 -s "found pre_shared_key extension"
242
243requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
244requires_config_enabled MBEDTLS_SSL_SRV_C
245requires_config_enabled MBEDTLS_SSL_CLI_C
246requires_config_enabled MBEDTLS_DEBUG_C
247requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
248 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
249 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
250run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
251 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \
252 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
253 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
254 1 \
255 -c "Protocol is TLSv1.3" \
256 -c "got new session ticket." \
257 -c "Saving session for reuse... ok" \
258 -c "Reconnecting with saved session" \
259 -c "Hostname mismatch the session ticket, disable session resumption." \
260 -s "=> write NewSessionTicket msg" \
261 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
262 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH"
263
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]264requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]265 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
266 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
267 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]268run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]269 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]270 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
271 0 \
272 -c "Pre-configured PSK number = 1" \
273 -S "sent selected_identity:" \
274 -s "key exchange mode: ephemeral" \
275 -S "key exchange mode: psk_ephemeral" \
276 -S "key exchange mode: psk$" \
277 -s "ticket is not authentic" \
278 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]279 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]280 -S "Ticket age exceeds limitation" \
281 -S "Ticket age outside tolerance window"
282
283requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]284 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
285 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]287run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]288 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]289 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
290 0 \
291 -c "Pre-configured PSK number = 1" \
292 -S "sent selected_identity:" \
293 -s "key exchange mode: ephemeral" \
294 -S "key exchange mode: psk_ephemeral" \
295 -S "key exchange mode: psk$" \
296 -S "ticket is not authentic" \
297 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]298 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]299 -S "Ticket age exceeds limitation" \
300 -S "Ticket age outside tolerance window"
301
302requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]303 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
304 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
305 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]306run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]307 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]308 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
309 0 \
310 -c "Pre-configured PSK number = 1" \
311 -S "sent selected_identity:" \
312 -s "key exchange mode: ephemeral" \
313 -S "key exchange mode: psk_ephemeral" \
314 -S "key exchange mode: psk$" \
315 -S "ticket is not authentic" \
316 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]317 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]318 -S "Ticket age exceeds limitation" \
319 -S "Ticket age outside tolerance window"
320
321requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]322 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
323 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
324 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]325run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]326 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]327 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
328 0 \
329 -c "Pre-configured PSK number = 1" \
330 -S "sent selected_identity:" \
331 -s "key exchange mode: ephemeral" \
332 -S "key exchange mode: psk_ephemeral" \
333 -S "key exchange mode: psk$" \
334 -S "ticket is not authentic" \
335 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]336 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]337 -s "Ticket age exceeds limitation" \
338 -S "Ticket age outside tolerance window"
339
340requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]341 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
342 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
343 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]344run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]345 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]346 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
347 0 \
348 -c "Pre-configured PSK number = 1" \
349 -S "sent selected_identity:" \
350 -s "key exchange mode: ephemeral" \
351 -S "key exchange mode: psk_ephemeral" \
352 -S "key exchange mode: psk$" \
353 -S "ticket is not authentic" \
354 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]355 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]356 -S "Ticket age exceeds limitation" \
357 -s "Ticket age outside tolerance window"
358
359requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]360 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
361 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
362 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]363run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]364 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]365 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
366 0 \
367 -c "Pre-configured PSK number = 1" \
368 -S "sent selected_identity:" \
369 -s "key exchange mode: ephemeral" \
370 -S "key exchange mode: psk_ephemeral" \
371 -S "key exchange mode: psk$" \
372 -S "ticket is not authentic" \
373 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]374 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]375 -S "Ticket age exceeds limitation" \
376 -s "Ticket age outside tolerance window"
377
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]378requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
379 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
380 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]381 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]382run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
383 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
384 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
385 0 \
386 -c "Pre-configured PSK number = 1" \
387 -S "sent selected_identity:" \
388 -s "key exchange mode: ephemeral" \
389 -S "key exchange mode: psk_ephemeral" \
390 -S "key exchange mode: psk$" \
391 -s "No suitable PSK key exchange mode" \
392 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]393
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]394requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
395 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
396 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
397 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
398run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
399 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
400 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
401 0 \
402 -c "Pre-configured PSK number = 1" \
403 -S "No suitable PSK key exchange mode" \
404 -s "found matched identity"
405
406requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
407 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
408 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
409 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
410run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
411 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
412 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
413 0 \
414 -c "Pre-configured PSK number = 1" \
415 -S "sent selected_identity:" \
416 -s "key exchange mode: ephemeral" \
417 -S "key exchange mode: psk_ephemeral" \
418 -S "key exchange mode: psk$" \
419 -s "No suitable PSK key exchange mode" \
420 -s "No usable PSK or ticket"
421
422requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
423 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
424 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
425 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
426run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
427 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
428 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
429 0 \
430 -c "Pre-configured PSK number = 1" \
431 -S "No suitable PSK key exchange mode" \
432 -s "found matched identity"
433
434requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
435 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
436 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]437 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]438run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
439 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
440 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
441 0 \
442 -c "Pre-configured PSK number = 1" \
443 -S "sent selected_identity:" \
444 -s "key exchange mode: ephemeral" \
445 -S "key exchange mode: psk_ephemeral" \
446 -S "key exchange mode: psk$" \
447 -s "No suitable PSK key exchange mode" \
448 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]449
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame^]450requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
451 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
452 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
453 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
454run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
455 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
456 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
457 0 \
458 -c "Pre-configured PSK number = 1" \
459 -S "sent selected_identity:" \
460 -s "key exchange mode: ephemeral" \
461 -S "key exchange mode: psk_ephemeral" \
462 -S "key exchange mode: psk$" \
463 -s "No suitable PSK key exchange mode" \
464 -s "No usable PSK or ticket"
465
466requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
467 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
468 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
469 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
470run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \
471 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
472 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
473 0 \
474 -c "Pre-configured PSK number = 1" \
475 -S "No suitable PSK key exchange mode" \
476 -s "found matched identity" \
477 -s "key exchange mode: psk_ephemeral"
478
479requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
480 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
481 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
482 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
483run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
484 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
485 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
486 0 \
487 -c "Pre-configured PSK number = 1" \
488 -S "No suitable PSK key exchange mode" \
489 -s "found matched identity" \
490 -s "key exchange mode: psk_ephemeral"
491
492requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
493 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
494 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
495 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
496 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
497run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
498 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
499 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
500 0 \
501 -c "Pre-configured PSK number = 1" \
502 -S "sent selected_identity:" \
503 -s "key exchange mode: ephemeral" \
504 -S "key exchange mode: psk_ephemeral" \
505 -S "key exchange mode: psk$" \
506 -s "No suitable PSK key exchange mode" \
507 -s "No usable PSK or ticket"
508
509requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
510 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
511 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
512 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
513 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
514run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
515 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
516 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
517 0 \
518 -c "Pre-configured PSK number = 1" \
519 -S "No suitable PSK key exchange mode" \
520 -s "found matched identity"
521
522requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
523 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
524 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
525 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
526 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
527run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
528 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
529 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
530 0 \
531 -c "Pre-configured PSK number = 1" \
532 -S "No suitable PSK key exchange mode" \
533 -s "found matched identity" \
534 -s "key exchange mode: psk_ephemeral"
535
536requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
537 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
538 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
539 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
540 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
541run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
542 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
543 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
544 0 \
545 -c "Pre-configured PSK number = 1" \
546 -S "No suitable PSK key exchange mode" \
547 -s "found matched identity" \
548 -s "key exchange mode: psk_ephemeral"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]549
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]550requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]551requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
552 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
553 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
554requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
555 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
556run_test "TLS 1.3 m->O: resumption" \
557 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
558 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]559 0 \
560 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]561 -c "Saving session for reuse... ok" \
562 -c "Reconnecting with saved session... ok" \
563 -c "HTTP/1.0 200 ok"
564
565# No early data m->O tests for the time being. The option -early_data is needed
566# to enable early data on OpenSSL server and it is not compatible with the
567# -www option we usually use for testing with OpenSSL server (see
568# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
569# ephemeral then ticket based scenario we use for early data testing the first
570# handshake fails. The following skipped test is here to illustrate the kind
571# of testing we would like to do.
572skip_next_test
573requires_openssl_tls1_3_with_compatible_ephemeral
574requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
575 MBEDTLS_SSL_EARLY_DATA \
576 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
577 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
578requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
579 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
580run_test "TLS 1.3 m->O: resumption with early data" \
581 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
582 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
583 0 \
584 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]585 -c "Saving session for reuse... ok" \
586 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]587 -c "HTTP/1.0 200 OK" \
588 -c "received max_early_data_size: 16384" \
589 -c "NewSessionTicket: early_data(42) extension received." \
590 -c "ClientHello: early_data(42) extension exists." \
591 -c "EncryptedExtensions: early_data(42) extension received." \
592 -c "bytes of early data written" \
593 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]594
595requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]596requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
597 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
599requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
600 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
601run_test "TLS 1.3 m->G: resumption" \
602 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
603 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]604 0 \
605 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]606 -c "Saving session for reuse... ok" \
607 -c "Reconnecting with saved session... ok" \
608 -c "HTTP/1.0 200 OK"
609
610requires_gnutls_tls1_3
611requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
612 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
613 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
614requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
615 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
616requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
617run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
618 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
619 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
620 0 \
621 -c "Protocol is TLSv1.3" \
622 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
623 -c "Saving session for reuse... ok" \
624 -c "Reconnecting with saved session... ok" \
625 -c "HTTP/1.0 200 OK"
626
627requires_gnutls_tls1_3
628requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
629 MBEDTLS_SSL_EARLY_DATA \
630 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
631 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
632requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
633 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
634run_test "TLS 1.3 m->G: resumption with early data" \
635 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
636 --earlydata --maxearlydata 16384" \
637 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
638 0 \
639 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]640 -c "Saving session for reuse... ok" \
641 -c "Reconnecting with saved session" \
642 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]643 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]644 -c "NewSessionTicket: early_data(42) extension received." \
645 -c "ClientHello: early_data(42) extension exists." \
646 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]647 -c "bytes of early data written" \
648 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]649
650requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]651requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
652 MBEDTLS_SSL_EARLY_DATA \
653 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
654 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]655requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
656 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]657requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
658run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
659 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
660 --earlydata --maxearlydata 16384" \
661 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]662 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]663 -c "Protocol is TLSv1.3" \
664 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
665 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]666 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]667 -c "HTTP/1.0 200 OK" \
668 -c "received max_early_data_size: 16384" \
669 -c "NewSessionTicket: early_data(42) extension received." \
670 -c "ClientHello: early_data(42) extension exists." \
671 -c "EncryptedExtensions: early_data(42) extension received." \
672 -c "bytes of early data written" \
673 -s "decrypted early data with length:"
674
675requires_gnutls_tls1_3
676requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
677 MBEDTLS_SSL_EARLY_DATA \
678 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
679 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
680requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
681 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
682run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
683 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
684 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
685 0 \
686 -c "Protocol is TLSv1.3" \
687 -c "Saving session for reuse... ok" \
688 -c "Reconnecting with saved session" \
689 -c "HTTP/1.0 200 OK" \
690 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]691 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]692
693requires_gnutls_tls1_3
694requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
695 MBEDTLS_SSL_EARLY_DATA \
696 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
697 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
698requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
699 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
700run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
701 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
702 --earlydata --maxearlydata 16384" \
703 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
704 0 \
705 -c "Protocol is TLSv1.3" \
706 -c "Saving session for reuse... ok" \
707 -c "Reconnecting with saved session" \
708 -c "HTTP/1.0 200 OK" \
709 -c "received max_early_data_size: 16384" \
710 -c "NewSessionTicket: early_data(42) extension received." \
711 -C "ClientHello: early_data(42) extension exists." \
712
713requires_gnutls_tls1_3
714requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
715 MBEDTLS_SSL_EARLY_DATA \
716 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
717 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
718requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
719 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
720run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
721 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
722 --earlydata --maxearlydata 16384" \
723 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
724 0 \
725 -c "Protocol is TLSv1.3" \
726 -c "Saving session for reuse... ok" \
727 -c "Reconnecting with saved session" \
728 -c "HTTP/1.0 200 OK" \
729 -c "received max_early_data_size: 16384" \
730 -c "NewSessionTicket: early_data(42) extension received." \
731 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]732
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]733requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]734requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
735 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
736 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
737requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]738 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
739# https://github.com/openssl/openssl/issues/10714
740# Until now, OpenSSL client does not support reconnect.
741skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]742run_test "TLS 1.3 O->m: resumption" \
743 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]744 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
745 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]746 -s "Protocol is TLSv1.3" \
747 -s "key exchange mode: psk" \
748 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]749
750requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]751requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
752 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
753 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
754 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
755requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]756 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]757run_test "TLS 1.3 G->m: resumption" \
758 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]759 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
760 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]761 -s "Protocol is TLSv1.3" \
762 -s "key exchange mode: psk" \
763 -s "Select PSK ciphersuite"
764
765requires_gnutls_tls1_3
766requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
767 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
768 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
769 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
770requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
771 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
772requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
773# Test the session resumption when the cipher suite for the original session is
774# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
775# 256 bits long as with all the other TLS 1.3 cipher suites.
776run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
777 "$P_SRV debug_level=2 tickets=1" \
778 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
779 0 \
780 -s "Protocol is TLSv1.3" \
781 -s "key exchange mode: psk" \
782 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]783
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]784EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
785EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
786
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]787requires_gnutls_tls1_3
788requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
789 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
790 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
791 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]792requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
793 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]794run_test "TLS 1.3 G->m: resumption with early data" \
795 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
796 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
797 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]798 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]799 -s "Protocol is TLSv1.3" \
800 -s "key exchange mode: psk" \
801 -s "Select PSK ciphersuite" \
802 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
803 -s "NewSessionTicket: early_data(42) extension exists." \
804 -s "ClientHello: early_data(42) extension exists." \
805 -s "EncryptedExtensions: early_data(42) extension exists." \
806 -s "$( head -1 $EARLY_DATA_INPUT )" \
807 -s "$( tail -1 $EARLY_DATA_INPUT )" \
808 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]809 -s "106 early data bytes read"
810
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]811requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]812requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
813 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
814 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
815 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
816requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]817 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]818requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]819run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
820 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
821 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
822 --earlydata $EARLY_DATA_INPUT" \
823 0 \
824 -s "Protocol is TLSv1.3" \
825 -s "key exchange mode: psk" \
826 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
827 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
828 -s "NewSessionTicket: early_data(42) extension exists." \
829 -s "ClientHello: early_data(42) extension exists." \
830 -s "EncryptedExtensions: early_data(42) extension exists." \
831 -s "$( head -1 $EARLY_DATA_INPUT )" \
832 -s "$( tail -1 $EARLY_DATA_INPUT )" \
833 -s "200 early data bytes read" \
834 -s "106 early data bytes read"
835
836# The Mbed TLS server does not allow early data for the ticket it sends but
837# the GnuTLS indicates early data anyway when resuming with the ticket and
838# sends early data. The Mbed TLS server does not expect early data in
839# association with the ticket thus it eventually fails the resumption
840# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
841# specification and thus its behavior may change in following versions.
842requires_gnutls_tls1_3
843requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
844 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
845 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
846 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
847requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
848 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
849run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
850 "$P_SRV debug_level=4 tickets=1" \
851 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
852 --earlydata $EARLY_DATA_INPUT" \
853 1 \
854 -s "Protocol is TLSv1.3" \
855 -s "key exchange mode: psk" \
856 -s "Select PSK ciphersuite" \
857 -S "Sent max_early_data_size" \
858 -S "NewSessionTicket: early_data(42) extension exists." \
859 -s "ClientHello: early_data(42) extension exists." \
860 -s "EarlyData: rejected, feature disabled in server configuration." \
861 -S "EncryptedExtensions: early_data(42) extension exists." \
862 -s "EarlyData: deprotect and discard app data records" \
863 -s "EarlyData: Too much early data received"
864
865# The Mbed TLS server does not allow early data for the ticket it sends but
866# the GnuTLS indicates early data anyway when resuming with the ticket and
867# sends early data. The Mbed TLS server does not expect early data in
868# association with the ticket thus it eventually fails the resumption
869# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
870# specification and thus its behavior may change in following versions.
871requires_gnutls_tls1_3
872requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
873 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
874 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
875 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
876requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
877 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
878run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
879 "$P_SRV debug_level=4 tickets=1 early_data=0" \
880 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
881 --earlydata $EARLY_DATA_INPUT" \
882 1 \
883 -s "Protocol is TLSv1.3" \
884 -s "key exchange mode: psk" \
885 -s "Select PSK ciphersuite" \
886 -S "Sent max_early_data_size" \
887 -S "NewSessionTicket: early_data(42) extension exists." \
888 -s "ClientHello: early_data(42) extension exists." \
889 -s "EarlyData: rejected, feature disabled in server configuration." \
890 -S "EncryptedExtensions: early_data(42) extension exists." \
891 -s "EarlyData: deprotect and discard app data records" \
892 -s "EarlyData: Too much early data received"
893
894requires_gnutls_tls1_3
895requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
896 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
897 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
898 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
899requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
900 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
901run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
902 "$P_SRV debug_level=4 tickets=1 early_data=1" \
903 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
904 0 \
905 -s "Protocol is TLSv1.3" \
906 -s "key exchange mode: psk" \
907 -s "Select PSK ciphersuite" \
908 -s "Sent max_early_data_size" \
909 -s "NewSessionTicket: early_data(42) extension exists." \
910 -S "ClientHello: early_data(42) extension exists." \
911 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]912
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]913requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
914 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
915 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
916 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
917 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
918run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]919 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Ronald Crone14770f2024-03-08 08:57:36 +0100[diff] [blame]920 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]921 0 \
922 -s "key exchange mode: ephemeral" \
923 -S "key exchange mode: psk" \
924 -s "found matched identity" \
925 -s "EarlyData: rejected, not a session resumption" \
926 -C "EncryptedExtensions: early_data(42) extension exists."