TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e7bab00825c42bb39ed63d42a98c306cb9869edd / . / tests / opt-testcases / tls13-misc.sh
blob: 8b9d5750f80b1824e005c6f5e01a1e073702be0f [file] [log] [blame]
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]1#!/bin/sh
2
3# tls13-misc.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20
21requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]22requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
23requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24requires_config_enabled MBEDTLS_SSL_SRV_C
25requires_config_enabled MBEDTLS_DEBUG_C
26requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
27
28run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
29 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
30 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
31 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
32 localhost" \
33 1 \
34 -s "found psk key exchange modes extension" \
35 -s "found pre_shared_key extension" \
36 -s "Found PSK_EPHEMERAL KEX MODE" \
37 -s "Found PSK KEX MODE" \
38 -s "No matched ciphersuite"
39
40requires_openssl_tls1_3
41requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
42requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
43requires_config_enabled MBEDTLS_SSL_SRV_C
44requires_config_enabled MBEDTLS_DEBUG_C
45requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
46
47run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
48 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
49 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
50 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
51 1 \
52 -s "found psk key exchange modes extension" \
53 -s "found pre_shared_key extension" \
54 -s "Found PSK_EPHEMERAL KEX MODE" \
55 -s "Found PSK KEX MODE" \
56 -s "No matched ciphersuite"
57
58requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
59 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
60requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
61 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
62requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
63 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
64run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
65 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
66 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
67 0 \
68 -c "Pre-configured PSK number = 2" \
69 -s "sent selected_identity: 0" \
70 -s "key exchange mode: psk_ephemeral" \
71 -S "key exchange mode: psk$" \
72 -S "key exchange mode: ephemeral$" \
73 -S "ticket is not authentic"
74
75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
76 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
77requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
78 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
79requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
80 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
81run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
82 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
83 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
84 0 \
85 -c "Pre-configured PSK number = 2" \
86 -s "sent selected_identity: 1" \
87 -s "key exchange mode: psk_ephemeral" \
88 -S "key exchange mode: psk$" \
89 -S "key exchange mode: ephemeral$" \
90 -s "ticket is not authentic"
91
92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
93 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
94requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
95 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
96requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
97 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
98run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \
99 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \
100 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
101 0 \
102 -c "Pre-configured PSK number = 1" \
103 -S "sent selected_identity:" \
104 -s "key exchange mode: ephemeral" \
105 -S "key exchange mode: psk_ephemeral" \
106 -S "key exchange mode: psk$" \
107 -s "ticket is not authentic" \
108 -S "ticket is expired" \
109 -S "Invalid ticket start time" \
110 -S "Ticket age exceeds limitation" \
111 -S "Ticket age outside tolerance window"
112
113requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
114 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
115requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
116 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
117requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
118 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
119run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \
120 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \
121 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
122 0 \
123 -c "Pre-configured PSK number = 1" \
124 -S "sent selected_identity:" \
125 -s "key exchange mode: ephemeral" \
126 -S "key exchange mode: psk_ephemeral" \
127 -S "key exchange mode: psk$" \
128 -S "ticket is not authentic" \
129 -s "ticket is expired" \
130 -S "Invalid ticket start time" \
131 -S "Ticket age exceeds limitation" \
132 -S "Ticket age outside tolerance window"
133
134requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
135 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
136requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
137 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
138requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
139 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
140run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \
141 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \
142 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
143 0 \
144 -c "Pre-configured PSK number = 1" \
145 -S "sent selected_identity:" \
146 -s "key exchange mode: ephemeral" \
147 -S "key exchange mode: psk_ephemeral" \
148 -S "key exchange mode: psk$" \
149 -S "ticket is not authentic" \
150 -S "ticket is expired" \
151 -s "Invalid ticket start time" \
152 -S "Ticket age exceeds limitation" \
153 -S "Ticket age outside tolerance window"
154
155requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
156 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
157requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
158 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
159requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
160 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
161run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \
162 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \
163 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
164 0 \
165 -c "Pre-configured PSK number = 1" \
166 -S "sent selected_identity:" \
167 -s "key exchange mode: ephemeral" \
168 -S "key exchange mode: psk_ephemeral" \
169 -S "key exchange mode: psk$" \
170 -S "ticket is not authentic" \
171 -S "ticket is expired" \
172 -S "Invalid ticket start time" \
173 -s "Ticket age exceeds limitation" \
174 -S "Ticket age outside tolerance window"
175
176requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
177 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
178requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
179 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
180requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
181 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
182run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \
183 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \
184 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
185 0 \
186 -c "Pre-configured PSK number = 1" \
187 -S "sent selected_identity:" \
188 -s "key exchange mode: ephemeral" \
189 -S "key exchange mode: psk_ephemeral" \
190 -S "key exchange mode: psk$" \
191 -S "ticket is not authentic" \
192 -S "ticket is expired" \
193 -S "Invalid ticket start time" \
194 -S "Ticket age exceeds limitation" \
195 -s "Ticket age outside tolerance window"
196
197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
198 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
199requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
200 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
201requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
202 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
203run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \
204 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \
205 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
206 0 \
207 -c "Pre-configured PSK number = 1" \
208 -S "sent selected_identity:" \
209 -s "key exchange mode: ephemeral" \
210 -S "key exchange mode: psk_ephemeral" \
211 -S "key exchange mode: psk$" \
212 -S "ticket is not authentic" \
213 -S "ticket is expired" \
214 -S "Invalid ticket start time" \
215 -S "Ticket age exceeds limitation" \
216 -s "Ticket age outside tolerance window"
217
218requires_gnutls_tls1_3
219requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
221run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
222 "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
223 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
224 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
225 localhost" \
226 1 \
227 -s "found psk key exchange modes extension" \
228 -s "found pre_shared_key extension" \
229 -s "Found PSK_EPHEMERAL KEX MODE" \
230 -S "Found PSK KEX MODE" \
231 -S "key exchange mode: psk$" \
232 -S "key exchange mode: psk_ephemeral" \
233 -S "key exchange mode: ephemeral"
234
235requires_gnutls_tls1_3
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]236requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
237 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
238 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
239requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
240 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
241run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
242 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
243 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
244 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
245 localhost" \
246 0 \
247 -s "found psk key exchange modes extension" \
248 -s "found pre_shared_key extension" \
249 -s "Found PSK_EPHEMERAL KEX MODE" \
250 -s "Found PSK KEX MODE" \
251 -s "key exchange mode: psk$"
252
253requires_gnutls_tls1_3
254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
255 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
257requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
258 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
259run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
260 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
261 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
262 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
263 localhost" \
264 0 \
265 -s "found psk key exchange modes extension" \
266 -s "found pre_shared_key extension" \
267 -s "Found PSK_EPHEMERAL KEX MODE" \
268 -s "Found PSK KEX MODE" \
269 -s "key exchange mode: psk_ephemeral$"
270
271requires_gnutls_tls1_3
272requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
273 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
274 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
275requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
276 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
277run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
278 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
279 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
280 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
281 localhost" \
282 0 \
283 -s "key exchange mode: ephemeral$"
284
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]285requires_gnutls_tls1_3
286requires_config_enabled MBEDTLS_DEBUG_C
287requires_config_enabled MBEDTLS_SSL_CLI_C
288requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
289 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]290 MBEDTLS_SSL_EARLY_DATA
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]291requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
292 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]293run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
294 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
295 "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
296 1 \
297 -c "Reconnecting with saved session" \
298 -c "NewSessionTicket: early_data(42) extension received." \
299 -c "ClientHello: early_data(42) extension exists." \
300 -c "EncryptedExtensions: early_data(42) extension received." \
301 -c "EncryptedExtensions: early_data(42) extension ( ignored )." \
302 -s "Parsing extension 'Early Data/42' (0 bytes)" \
303 -s "Sending extension Early Data/42 (0 bytes)" \
304 -s "early data accepted"
305
306requires_gnutls_tls1_3
307requires_config_enabled MBEDTLS_DEBUG_C
308requires_config_enabled MBEDTLS_SSL_CLI_C
309requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
310 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]311 MBEDTLS_SSL_EARLY_DATA
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]312requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
313 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]314run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \
315 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
316 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
317 1 \
318 -c "Reconnecting with saved session" \
319 -c "NewSessionTicket: early_data(42) extension received." \
320 -c "ClientHello: early_data(42) extension exists." \
321 -c "EncryptedExtensions: early_data(42) extension received." \
322 -c "EncryptedExtensions: early_data(42) extension ( ignored )." \
323 -s "Parsing extension 'Early Data/42' (0 bytes)" \
324 -s "Sending extension Early Data/42 (0 bytes)" \
325 -s "early data accepted"
326
327requires_gnutls_tls1_3
328requires_config_enabled MBEDTLS_DEBUG_C
329requires_config_enabled MBEDTLS_SSL_CLI_C
330requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
331 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]332 MBEDTLS_SSL_EARLY_DATA
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]333requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
334 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
335run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good." \
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]336 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
337 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
338 0 \
339 -c "Reconnecting with saved session" \
340 -C "NewSessionTicket: early_data(42) extension received." \
341 -c "ClientHello: early_data(42) extension does not exist." \
342 -C "EncryptedExtensions: early_data(42) extension received." \
343 -C "EncryptedExtensions: early_data(42) extension ( ignored )."
344
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]345#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked.
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]346skip_next_test
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]347requires_openssl_tls1_3
348requires_config_enabled MBEDTLS_DEBUG_C
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]349requires_config_enabled MBEDTLS_SSL_CLI_C
Xiaokang Qiane7bab002022-11-16 08:51:01 +0000[diff] [blame^]350requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
351 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
352 MBEDTLS_SSL_EARLY_DATA
353requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
354 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qianf3cefb42022-11-16 03:23:46 +0000[diff] [blame]355run_test "TLS 1.3, ext PSK, early data" \
356 "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
357 "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \
358 1 \
359 -c "Reconnecting with saved session" \
360 -c "NewSessionTicket: early_data(42) extension received." \
361 -c "ClientHello: early_data(42) extension exists." \
362 -c "EncryptedExtensions: early_data(42) extension received." \
363 -c "EncryptedExtensions: early_data(42) extension ( ignored )."
364