add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4b3799f..d64675d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1215,6 +1215,9 @@
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
} else if (strcmp(q, "all") == 0) {
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+ } else if (strcmp(q, "psk_or_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
} else {
goto usage;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 90a13eb..b3d9f5a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1412,7 +1412,7 @@
return ret;
}
- switch (opt.dummy_ticket % 7) {
+ switch (opt.dummy_ticket % 11) {
case 1:
return MBEDTLS_ERR_SSL_INVALID_MAC;
case 2:
@@ -1432,6 +1432,20 @@
session->ticket_age_add -= 1000;
#endif
break;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ case 7:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
+ break;
+ case 8:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ break;
+ case 9:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ break;
+ case 10:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
+ break;
+#endif
default:
break;
}
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 3aaf3f3..48d5e78 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -323,3 +323,66 @@
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )."
+get_resumption_with_ticket_flags_criteria()
+{
+ ticket_flags=$1
+ psk_modes=$2
+ if [ "$ticket_flags" = "none" ] || \
+ ( [ "$psk_modes" != "psk_all" ] && \
+ [ "$ticket_flags" != "psk_all" ] && \
+ [ "$psk_modes" != "$ticket_flags" ] );
+ then
+ # ticket_flags is incompatible with the psk_kex_modes
+ echo ' -c "Pre-configured PSK number = 1"' \
+ ' -S "sent selected_identity:"' \
+ ' -s "key exchange mode: ephemeral"' \
+ ' -S "key exchange mode: psk_ephemeral"' \
+ ' -S "key exchange mode: psk$"' \
+ ' -s "No suitable key exchange mode"' \
+ ' -s "No matched PSK or ticket"'
+ else
+ # ticket_flags is compatible with the psk_kex_modes
+ echo ' -c "Pre-configured PSK number = 1"' \
+ ' -S "No suitable key exchange mode"' \
+ ' -s "found matched identity"'
+ fi
+}
+
+run_tests_tls13_resumption_with_ticket_flags()
+{
+ # all tests in this sequence requires the same configuration.
+ SKIP_THIS_TESTS="$SKIP_NEXT"
+
+ DUMMY_TICKET_BASE=6
+ TLS13_KEX_MODES="ephemeral:psk_or_ephemeral:ephemeral_all:all"
+ PSK_KEX_MODES="none:psk:psk_ephemeral:psk_all"
+
+ for m in $(seq 4); do
+ kex_mode="$(echo "$TLS13_KEX_MODES" | cut -d ":" -f "$m")"
+ # ephemeral only mode doesn't support resumption
+ if [ "$kex_mode" = "ephemeral" ]; then continue; fi
+
+ for n in $(seq 4); do
+ supported_psk_modes="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$m")"
+ dummy_ticket_flags="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$n")"
+
+ eval "set -- $(get_resumption_with_ticket_flags_criteria "$dummy_ticket_flags" "$supported_psk_modes")"
+
+ SKIP_NEXT="$SKIP_THIS_TESTS"
+ run_test "TLS 1.3 m->m: Resumption with ticket flags, $supported_psk_modes->$dummy_ticket_flags." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=$((n + DUMMY_TICKET_BASE))" \
+ "$P_CLI debug_level=4 force_version=tls13 tls13_kex_modes=$kex_mode reconnect=1" \
+ 0 \
+ "$@"
+ done
+ done
+}
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_tests_tls13_resumption_with_ticket_flags
+