TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e739892cf8a5a083caa3e390d64a9d251c5a6a3f / . / tests / opt-testcases / tls13-misc.sh
blob: 534ebb96300a0139a95863ab3b04d940ebbec6bd [file] [log] [blame]
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]1#!/bin/sh
2
3# tls13-misc.sh
4#
5# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]7#
8
9requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12requires_config_enabled MBEDTLS_SSL_SRV_C
13requires_config_enabled MBEDTLS_DEBUG_C
14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
15
16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
20 localhost" \
21 1 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "No matched ciphersuite"
27
28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
31requires_config_enabled MBEDTLS_SSL_SRV_C
32requires_config_enabled MBEDTLS_DEBUG_C
33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
34
35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
39 1 \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No matched ciphersuite"
45
46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]52 0 \
53 -c "Pre-configured PSK number = 2" \
54 -s "sent selected_identity: 0" \
55 -s "key exchange mode: psk_ephemeral" \
56 -S "key exchange mode: psk$" \
57 -S "key exchange mode: ephemeral$" \
58 -S "ticket is not authentic"
59
60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]66 0 \
67 -c "Pre-configured PSK number = 2" \
68 -s "sent selected_identity: 1" \
69 -s "key exchange mode: psk_ephemeral" \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: ephemeral$" \
72 -s "ticket is not authentic"
73
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]74requires_gnutls_tls1_3
75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
81 localhost" \
82 1 \
83 -s "found psk key exchange modes extension" \
84 -s "found pre_shared_key extension" \
85 -s "Found PSK_EPHEMERAL KEX MODE" \
86 -S "Found PSK KEX MODE" \
87 -S "key exchange mode: psk$" \
88 -S "key exchange mode: psk_ephemeral" \
89 -S "key exchange mode: ephemeral"
90
91requires_gnutls_tls1_3
92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
101 localhost" \
102 0 \
103 -s "found psk key exchange modes extension" \
104 -s "found pre_shared_key extension" \
105 -s "Found PSK_EPHEMERAL KEX MODE" \
106 -s "Found PSK KEX MODE" \
107 -s "key exchange mode: psk$"
108
109requires_gnutls_tls1_3
110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
119 localhost" \
120 0 \
121 -s "found psk key exchange modes extension" \
122 -s "found pre_shared_key extension" \
123 -s "Found PSK_EPHEMERAL KEX MODE" \
124 -s "Found PSK KEX MODE" \
125 -s "key exchange mode: psk_ephemeral$"
126
127requires_gnutls_tls1_3
128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
137 localhost" \
138 0 \
139 -s "key exchange mode: ephemeral$"
140
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]141requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
142 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
143 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
144 MBEDTLS_DEBUG_C \
145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
146requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]148run_test "TLS 1.3 m->m: resumption" \
149 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
150 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]151 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]152 -c "Protocol is TLSv1.3" \
153 -c "Saving session for reuse... ok" \
154 -c "Reconnecting with saved session... ok" \
155 -c "HTTP/1.0 200 OK" \
156 -s "Protocol is TLSv1.3" \
157 -s "key exchange mode: psk" \
158 -s "Select PSK ciphersuite"
159
160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
161 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
162 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
163 MBEDTLS_DEBUG_C \
164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
167run_test "TLS 1.3 m->m: resumption with servername" \
168 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \
169 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
170 "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \
171 0 \
172 -c "Protocol is TLSv1.3" \
173 -c "Saving session for reuse... ok" \
174 -c "Reconnecting with saved session... ok" \
175 -c "HTTP/1.0 200 OK" \
176 -s "Protocol is TLSv1.3" \
177 -s "key exchange mode: psk" \
178 -s "Select PSK ciphersuite"
179
180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
181 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
182 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
183 MBEDTLS_DEBUG_C \
184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
185requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
187run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
188 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \
189 "$P_CLI reco_mode=1 reconnect=1" \
190 0 \
191 -c "Protocol is TLSv1.3" \
192 -c "Saving session for reuse... ok" \
193 -c "Reconnecting with saved session... ok" \
194 -c "HTTP/1.0 200 OK" \
195 -s "Protocol is TLSv1.3" \
196 -s "key exchange mode: psk" \
197 -s "Select PSK ciphersuite"
198
199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
200 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
201 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
202 MBEDTLS_DEBUG_C \
203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
204requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
205 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
206run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
207 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
208 "$P_CLI reco_mode=1 reconnect=1" \
209 1 \
210 -c "Protocol is TLSv1.3" \
211 -C "Saving session for reuse... ok" \
212 -c "Reconnecting with saved session... failed" \
213 -S "Protocol is TLSv1.3" \
214 -S "key exchange mode: psk" \
215 -S "Select PSK ciphersuite" \
216 -s "Ticket lifetime (604801) is greater than 7 days."
217
218requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
219 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
220 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
221 MBEDTLS_DEBUG_C \
222 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
223requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
225run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
226 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \
227 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
228 1 \
229 -c "Protocol is TLSv1.3" \
230 -C "Saving session for reuse... ok" \
231 -c "Discard new session ticket" \
232 -c "Reconnecting with saved session... failed" \
233 -s "Protocol is TLSv1.3" \
234 -S "key exchange mode: psk" \
235 -S "Select PSK ciphersuite"
236
237requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
238 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
239 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
240 MBEDTLS_DEBUG_C \
241 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
242requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
243 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
244run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
245 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \
246 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
247 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
248 1 \
249 -c "Protocol is TLSv1.3" \
250 -c "Saving session for reuse... ok" \
251 -c "Reconnecting with saved session" \
252 -c "Hostname mismatch the session ticket, disable session resumption." \
253 -s "Protocol is TLSv1.3" \
254 -S "key exchange mode: psk" \
255 -S "Select PSK ciphersuite"
256
257requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
258 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
259 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
260 MBEDTLS_DEBUG_C \
261 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
262requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
263 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
264run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
265 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \
266 "$P_CLI reco_mode=1 reconnect=1" \
267 0 \
268 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]269 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]270 -s "Protocol is TLSv1.3" \
271 -c "Saving session for reuse... ok" \
272 -c "Reconnecting with saved session" \
273 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]274 -s "ticket is not authentic" \
275 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]276 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]277 -S "Ticket age exceeds limitation" \
278 -S "Ticket age outside tolerance window"
279
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]280requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
281 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
282 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
283 MBEDTLS_DEBUG_C \
284 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
285requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]287run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]288 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]289 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]290 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]291 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]292 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]293 -s "Protocol is TLSv1.3" \
294 -c "Saving session for reuse... ok" \
295 -c "Reconnecting with saved session" \
296 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]297 -S "ticket is not authentic" \
298 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]299 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]300 -S "Ticket age exceeds limitation" \
301 -S "Ticket age outside tolerance window"
302
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]303requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
304 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
305 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
306 MBEDTLS_DEBUG_C \
307 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
308requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]309 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]310run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]311 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]312 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
313 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]314 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]315 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]316 -s "Protocol is TLSv1.3" \
317 -c "Saving session for reuse... ok" \
318 -c "Reconnecting with saved session" \
319 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]320 -S "ticket is not authentic" \
321 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]322 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]323 -S "Ticket age exceeds limitation" \
324 -S "Ticket age outside tolerance window"
325
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]326requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
327 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
328 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
329 MBEDTLS_DEBUG_C \
330 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
331requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]332 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]333run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]334 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]335 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
336 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]337 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]338 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]339 -s "Protocol is TLSv1.3" \
340 -c "Saving session for reuse... ok" \
341 -c "Reconnecting with saved session" \
342 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]343 -S "ticket is not authentic" \
344 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]345 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]346 -s "Ticket age exceeds limitation" \
347 -S "Ticket age outside tolerance window"
348
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]349requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
350 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
351 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
352 MBEDTLS_DEBUG_C \
353 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
354requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]355 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]356run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]357 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]358 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
359 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]360 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]361 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]362 -s "Protocol is TLSv1.3" \
363 -c "Saving session for reuse... ok" \
364 -c "Reconnecting with saved session" \
365 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]366 -S "ticket is not authentic" \
367 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]368 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]369 -S "Ticket age exceeds limitation" \
370 -s "Ticket age outside tolerance window"
371
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]372requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
373 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
374 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
375 MBEDTLS_DEBUG_C \
376 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
377requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]378 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]379run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]380 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]381 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
382 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]383 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]384 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]385 -s "Protocol is TLSv1.3" \
386 -c "Saving session for reuse... ok" \
387 -c "Reconnecting with saved session" \
388 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]389 -S "ticket is not authentic" \
390 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]391 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]392 -S "Ticket age exceeds limitation" \
393 -s "Ticket age outside tolerance window"
394
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]395requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
396 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
397 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
398 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]399 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]400 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]401run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]402 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
403 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
404 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]405 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]406 -s "key exchange mode: ephemeral" \
407 -S "key exchange mode: psk_ephemeral" \
408 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]409 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]410 -s "No suitable PSK key exchange mode" \
411 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]412
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]413requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
414 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
415 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
416 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]417 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
418 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]419run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]420 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
421 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
422 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]423 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]424 -s "key exchange mode: ephemeral" \
425 -S "key exchange mode: psk_ephemeral" \
426 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]427 -s "found matched identity" \
428 -S "No suitable PSK key exchange mode" \
429 -S "No usable PSK or ticket"
430
431requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
432 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
433 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
434 MBEDTLS_DEBUG_C \
435 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
436 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
437run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
438 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
439 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
440 0 \
441 -c "Protocol is TLSv1.3" \
442 -s "key exchange mode: ephemeral" \
443 -S "key exchange mode: psk_ephemeral" \
444 -S "key exchange mode: psk$" \
445 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]446 -s "No suitable PSK key exchange mode" \
447 -s "No usable PSK or ticket"
448
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]449requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
450 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
451 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
452 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]453 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
454 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]455run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]456 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
457 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
458 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]459 -c "Protocol is TLSv1.3" \
460 -s "key exchange mode: ephemeral" \
461 -S "key exchange mode: psk_ephemeral" \
462 -S "key exchange mode: psk$" \
463 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]464 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]465 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]466
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]467requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
468 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
469 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
470 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]471 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]472 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]473run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]474 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
475 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
476 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]477 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]478 -s "key exchange mode: ephemeral" \
479 -S "key exchange mode: psk_ephemeral" \
480 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]481 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]482 -s "No suitable PSK key exchange mode" \
483 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]484
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]485requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
486 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
487 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
488 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]489 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
490 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]491run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]492 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
493 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
494 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]495 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]496 -s "key exchange mode: ephemeral" \
497 -S "key exchange mode: psk_ephemeral" \
498 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]499 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]500 -s "No suitable PSK key exchange mode" \
501 -s "No usable PSK or ticket"
502
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]503requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
504 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
505 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
506 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]507 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
508 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]509run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]510 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
511 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
512 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]513 -c "Protocol is TLSv1.3" \
514 -s "key exchange mode: ephemeral" \
515 -s "key exchange mode: psk_ephemeral" \
516 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]517 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]518 -S "No suitable PSK key exchange mode" \
519 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]520
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]521requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
522 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
523 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
524 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]525 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
526 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]527run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]528 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
529 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
530 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]531 -c "Protocol is TLSv1.3" \
532 -s "key exchange mode: ephemeral" \
533 -s "key exchange mode: psk_ephemeral" \
534 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]535 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]536 -S "No suitable PSK key exchange mode" \
537 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]538
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]539requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
540 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
541 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
542 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]543 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
544 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
545 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]546run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]547 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
548 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
549 0 \
550 -c "Pre-configured PSK number = 1" \
551 -S "sent selected_identity:" \
552 -s "key exchange mode: ephemeral" \
553 -S "key exchange mode: psk_ephemeral" \
554 -S "key exchange mode: psk$" \
555 -s "No suitable PSK key exchange mode" \
556 -s "No usable PSK or ticket"
557
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]558requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
559 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
560 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
561 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]562 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
563 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
564 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]565run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]566 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
567 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
568 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]569 -c "Protocol is TLSv1.3" \
570 -s "key exchange mode: ephemeral" \
571 -S "key exchange mode: psk_ephemeral" \
572 -S "key exchange mode: psk$" \
573 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]574 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]575 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]576
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]577requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
578 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
579 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
580 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]581 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
582 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
583 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]584run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]585 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
586 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
587 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]588 -c "Protocol is TLSv1.3" \
589 -s "key exchange mode: ephemeral" \
590 -s "key exchange mode: psk_ephemeral" \
591 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]592 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]593 -S "No suitable PSK key exchange mode" \
594 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]595
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]596requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
597 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
598 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
599 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]600 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
601 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
602 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]603run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]604 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
605 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
606 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]607 -c "Protocol is TLSv1.3" \
608 -s "key exchange mode: ephemeral" \
609 -s "key exchange mode: psk_ephemeral" \
610 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]611 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame^]612 -S "No suitable PSK key exchange mode" \
613 -S "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]614
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]615requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]616requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
617 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
618 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
619requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
620 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
621run_test "TLS 1.3 m->O: resumption" \
622 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
623 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]624 0 \
625 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]626 -c "Saving session for reuse... ok" \
627 -c "Reconnecting with saved session... ok" \
628 -c "HTTP/1.0 200 ok"
629
630# No early data m->O tests for the time being. The option -early_data is needed
631# to enable early data on OpenSSL server and it is not compatible with the
632# -www option we usually use for testing with OpenSSL server (see
633# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
634# ephemeral then ticket based scenario we use for early data testing the first
635# handshake fails. The following skipped test is here to illustrate the kind
636# of testing we would like to do.
637skip_next_test
638requires_openssl_tls1_3_with_compatible_ephemeral
639requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
640 MBEDTLS_SSL_EARLY_DATA \
641 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
642 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
643requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
644 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
645run_test "TLS 1.3 m->O: resumption with early data" \
646 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
647 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
648 0 \
649 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]650 -c "Saving session for reuse... ok" \
651 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]652 -c "HTTP/1.0 200 OK" \
653 -c "received max_early_data_size: 16384" \
654 -c "NewSessionTicket: early_data(42) extension received." \
655 -c "ClientHello: early_data(42) extension exists." \
656 -c "EncryptedExtensions: early_data(42) extension received." \
657 -c "bytes of early data written" \
658 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]659
660requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]661requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
662 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
663 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
664requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
665 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
666run_test "TLS 1.3 m->G: resumption" \
667 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
668 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]669 0 \
670 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]671 -c "Saving session for reuse... ok" \
672 -c "Reconnecting with saved session... ok" \
673 -c "HTTP/1.0 200 OK"
674
675requires_gnutls_tls1_3
676requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
677 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
678 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
679requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
680 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
681requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
682run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
683 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
684 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
685 0 \
686 -c "Protocol is TLSv1.3" \
687 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
688 -c "Saving session for reuse... ok" \
689 -c "Reconnecting with saved session... ok" \
690 -c "HTTP/1.0 200 OK"
691
692requires_gnutls_tls1_3
693requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
694 MBEDTLS_SSL_EARLY_DATA \
695 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
696 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
697requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
698 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
699run_test "TLS 1.3 m->G: resumption with early data" \
700 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
701 --earlydata --maxearlydata 16384" \
702 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
703 0 \
704 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]705 -c "Saving session for reuse... ok" \
706 -c "Reconnecting with saved session" \
707 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]708 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]709 -c "NewSessionTicket: early_data(42) extension received." \
710 -c "ClientHello: early_data(42) extension exists." \
711 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]712 -c "bytes of early data written" \
713 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]714
715requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]716requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
717 MBEDTLS_SSL_EARLY_DATA \
718 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
719 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]720requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
721 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]722requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
723run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
724 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
725 --earlydata --maxearlydata 16384" \
726 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]727 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]728 -c "Protocol is TLSv1.3" \
729 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
730 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]731 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]732 -c "HTTP/1.0 200 OK" \
733 -c "received max_early_data_size: 16384" \
734 -c "NewSessionTicket: early_data(42) extension received." \
735 -c "ClientHello: early_data(42) extension exists." \
736 -c "EncryptedExtensions: early_data(42) extension received." \
737 -c "bytes of early data written" \
738 -s "decrypted early data with length:"
739
740requires_gnutls_tls1_3
741requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
742 MBEDTLS_SSL_EARLY_DATA \
743 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
744 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
745requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
746 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
747run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
748 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
749 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
750 0 \
751 -c "Protocol is TLSv1.3" \
752 -c "Saving session for reuse... ok" \
753 -c "Reconnecting with saved session" \
754 -c "HTTP/1.0 200 OK" \
755 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]756 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]757
758requires_gnutls_tls1_3
759requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
760 MBEDTLS_SSL_EARLY_DATA \
761 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
763requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
764 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
765run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
766 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
767 --earlydata --maxearlydata 16384" \
768 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
769 0 \
770 -c "Protocol is TLSv1.3" \
771 -c "Saving session for reuse... ok" \
772 -c "Reconnecting with saved session" \
773 -c "HTTP/1.0 200 OK" \
774 -c "received max_early_data_size: 16384" \
775 -c "NewSessionTicket: early_data(42) extension received." \
776 -C "ClientHello: early_data(42) extension exists." \
777
778requires_gnutls_tls1_3
779requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
780 MBEDTLS_SSL_EARLY_DATA \
781 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
783requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
784 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
785run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
786 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
787 --earlydata --maxearlydata 16384" \
788 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
789 0 \
790 -c "Protocol is TLSv1.3" \
791 -c "Saving session for reuse... ok" \
792 -c "Reconnecting with saved session" \
793 -c "HTTP/1.0 200 OK" \
794 -c "received max_early_data_size: 16384" \
795 -c "NewSessionTicket: early_data(42) extension received." \
796 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]797
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]798requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]799requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
800 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
801 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
802requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]803 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
804# https://github.com/openssl/openssl/issues/10714
805# Until now, OpenSSL client does not support reconnect.
806skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]807run_test "TLS 1.3 O->m: resumption" \
808 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]809 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
810 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]811 -s "Protocol is TLSv1.3" \
812 -s "key exchange mode: psk" \
813 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]814
815requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]816requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
817 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
818 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
819 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
820requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]821 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]822run_test "TLS 1.3 G->m: resumption" \
823 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]824 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
825 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]826 -s "Protocol is TLSv1.3" \
827 -s "key exchange mode: psk" \
828 -s "Select PSK ciphersuite"
829
830requires_gnutls_tls1_3
831requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
832 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
833 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
834 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
835requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
836 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
837requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
838# Test the session resumption when the cipher suite for the original session is
839# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
840# 256 bits long as with all the other TLS 1.3 cipher suites.
841run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
842 "$P_SRV debug_level=2 tickets=1" \
843 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
844 0 \
845 -s "Protocol is TLSv1.3" \
846 -s "key exchange mode: psk" \
847 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]848
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]849EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
850EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
851
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]852requires_gnutls_tls1_3
853requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
854 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
855 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
856 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]857requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
858 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]859run_test "TLS 1.3 G->m: resumption with early data" \
860 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
861 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
862 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]863 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]864 -s "Protocol is TLSv1.3" \
865 -s "key exchange mode: psk" \
866 -s "Select PSK ciphersuite" \
867 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
868 -s "NewSessionTicket: early_data(42) extension exists." \
869 -s "ClientHello: early_data(42) extension exists." \
870 -s "EncryptedExtensions: early_data(42) extension exists." \
871 -s "$( head -1 $EARLY_DATA_INPUT )" \
872 -s "$( tail -1 $EARLY_DATA_INPUT )" \
873 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]874 -s "106 early data bytes read"
875
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]876requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]877requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
878 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
879 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
880 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
881requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]882 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]883requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]884run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
885 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
886 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
887 --earlydata $EARLY_DATA_INPUT" \
888 0 \
889 -s "Protocol is TLSv1.3" \
890 -s "key exchange mode: psk" \
891 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
892 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
893 -s "NewSessionTicket: early_data(42) extension exists." \
894 -s "ClientHello: early_data(42) extension exists." \
895 -s "EncryptedExtensions: early_data(42) extension exists." \
896 -s "$( head -1 $EARLY_DATA_INPUT )" \
897 -s "$( tail -1 $EARLY_DATA_INPUT )" \
898 -s "200 early data bytes read" \
899 -s "106 early data bytes read"
900
901# The Mbed TLS server does not allow early data for the ticket it sends but
902# the GnuTLS indicates early data anyway when resuming with the ticket and
903# sends early data. The Mbed TLS server does not expect early data in
904# association with the ticket thus it eventually fails the resumption
905# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
906# specification and thus its behavior may change in following versions.
907requires_gnutls_tls1_3
908requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
909 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
910 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
911 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
912requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
913 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
914run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
915 "$P_SRV debug_level=4 tickets=1" \
916 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
917 --earlydata $EARLY_DATA_INPUT" \
918 1 \
919 -s "Protocol is TLSv1.3" \
920 -s "key exchange mode: psk" \
921 -s "Select PSK ciphersuite" \
922 -S "Sent max_early_data_size" \
923 -S "NewSessionTicket: early_data(42) extension exists." \
924 -s "ClientHello: early_data(42) extension exists." \
925 -s "EarlyData: rejected, feature disabled in server configuration." \
926 -S "EncryptedExtensions: early_data(42) extension exists." \
927 -s "EarlyData: deprotect and discard app data records" \
928 -s "EarlyData: Too much early data received"
929
930# The Mbed TLS server does not allow early data for the ticket it sends but
931# the GnuTLS indicates early data anyway when resuming with the ticket and
932# sends early data. The Mbed TLS server does not expect early data in
933# association with the ticket thus it eventually fails the resumption
934# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
935# specification and thus its behavior may change in following versions.
936requires_gnutls_tls1_3
937requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
938 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
939 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
940 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
941requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
942 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
943run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
944 "$P_SRV debug_level=4 tickets=1 early_data=0" \
945 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
946 --earlydata $EARLY_DATA_INPUT" \
947 1 \
948 -s "Protocol is TLSv1.3" \
949 -s "key exchange mode: psk" \
950 -s "Select PSK ciphersuite" \
951 -S "Sent max_early_data_size" \
952 -S "NewSessionTicket: early_data(42) extension exists." \
953 -s "ClientHello: early_data(42) extension exists." \
954 -s "EarlyData: rejected, feature disabled in server configuration." \
955 -S "EncryptedExtensions: early_data(42) extension exists." \
956 -s "EarlyData: deprotect and discard app data records" \
957 -s "EarlyData: Too much early data received"
958
959requires_gnutls_tls1_3
960requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
961 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
962 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
963 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
964requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
965 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
966run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
967 "$P_SRV debug_level=4 tickets=1 early_data=1" \
968 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
969 0 \
970 -s "Protocol is TLSv1.3" \
971 -s "key exchange mode: psk" \
972 -s "Select PSK ciphersuite" \
973 -s "Sent max_early_data_size" \
974 -s "NewSessionTicket: early_data(42) extension exists." \
975 -S "ClientHello: early_data(42) extension exists." \
976 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]977
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]978requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
979 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
980 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
981 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
982 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
983run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]984 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Ronald Crone14770f2024-03-08 08:57:36 +0100[diff] [blame]985 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]986 0 \
987 -s "key exchange mode: ephemeral" \
988 -S "key exchange mode: psk" \
989 -s "found matched identity" \
990 -s "EarlyData: rejected, not a session resumption" \
991 -C "EncryptedExtensions: early_data(42) extension exists."