Update code base on comments
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases
Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index 59f5fff..4c1dbe2 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -20,7 +20,7 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `./tests/scripts/generate_tls13_compat_tests.py -a -o tests/opt-testcases/tls13-compat.sh`.
+# `generate_tls13_compat_tests.py -a -o tls13-compat.sh`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
@@ -3470,21 +3470,24 @@
0 \
-c "HTTP/1.0 200 OK" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3495,13 +3498,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3510,13 +3514,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3527,13 +3532,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3542,13 +3548,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3559,13 +3566,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3574,13 +3582,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3591,13 +3600,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,secp256r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1,secp384r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp256r1,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3606,13 +3616,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3623,13 +3634,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3638,13 +3650,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3655,13 +3668,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3670,13 +3684,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3687,13 +3702,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3702,13 +3718,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3719,13 +3736,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,secp384r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1,secp256r1,secp521r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp384r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3734,13 +3752,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3751,13 +3770,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3766,13 +3786,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3783,13 +3804,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3798,13 +3820,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3815,13 +3838,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3830,13 +3854,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3847,13 +3872,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,secp521r1,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1,secp256r1,secp384r1,x25519,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=secp521r1,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3862,13 +3888,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3879,13 +3906,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3894,13 +3922,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3911,13 +3940,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3926,13 +3956,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3943,13 +3974,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3958,13 +3990,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3975,13 +4008,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,x25519,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1,secp256r1,secp384r1,secp521r1,x448" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x25519,secp384r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519" \
+ -c "NamedGroup: x448" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -3990,13 +4024,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4007,13 +4042,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp256r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4022,13 +4058,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4039,13 +4076,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp384r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4054,13 +4092,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4071,13 +4110,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: secp521r1" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4086,13 +4126,14 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
@@ -4103,12 +4144,13 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,x448,ecdsa_secp384r1_sha384, force hrr" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1,secp256r1,secp384r1,secp521r1,x25519" \
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt curves=x448,secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448" \
+ -c "NamedGroup: x25519" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "Verifying peer X.509 certificate... ok"
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 2656f1d..4c0ee35 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -83,11 +83,12 @@
Base class for generate server/client command.
"""
# pylint: disable=too-many-arguments
- def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
+ def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None, peer_named_group=None,
is_hrr=False, cert_sig_alg=None, compat_mode=True):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
+ self._peer_named_group = peer_named_group
self._is_hrr = is_hrr
self._cert_sig_algs = []
if ciphersuite:
@@ -154,15 +155,16 @@
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-accept $SRV_PORT']
- if self._ciphers:
- ciphersuites = ':'.join(self._ciphers)
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
+ if not self._is_hrr:
+ if self._ciphers:
+ ciphersuites = ':'.join(self._ciphers)
+ ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- signature_algorithms = ':'.join(signature_algorithms)
- ret += ["-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms)]
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ signature_algorithms = ':'.join(signature_algorithms)
+ ret += ["-sigalgs {signature_algorithms}".format(
+ signature_algorithms=signature_algorithms)]
if self._named_groups:
named_groups = ':'.join(
@@ -248,18 +250,22 @@
if i not in priority_string_list:
yield i
- if self._ciphers:
- priority_string_list.extend(update_priority_string_list(
- self._ciphers, self.CIPHER_SUITE))
+ if self._is_hrr:
+ priority_string_list.extend(
+ ['CIPHER-ALL', 'SIGN-ALL', 'MAC-ALL'])
else:
- priority_string_list.append('CIPHER-ALL')
+ if self._ciphers:
+ priority_string_list.extend(update_priority_string_list(
+ self._ciphers, self.CIPHER_SUITE))
+ else:
+ priority_string_list.append('CIPHER-ALL')
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- priority_string_list.extend(update_priority_string_list(
- signature_algorithms, self.SIGNATURE_ALGORITHM))
- else:
- priority_string_list.append('SIGN-ALL')
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ priority_string_list.extend(update_priority_string_list(
+ signature_algorithms, self.SIGNATURE_ALGORITHM))
+ else:
+ priority_string_list.append('SIGN-ALL')
if self._named_groups:
@@ -303,23 +309,25 @@
ret += ['ca_file={cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
- if self._ciphers:
- ciphers = ','.join(
- map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
- ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
+ if not self._is_hrr:
+ if self._ciphers:
+ ciphers = ','.join(
+ map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
+ ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
- if self._sig_algs + self._cert_sig_algs:
- ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
+ if self._sig_algs + self._cert_sig_algs:
+ ret += ['sig_algs={sig_algs}'.format(
+ sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
if self._named_groups:
- named_groups = ','.join(self._named_groups)
if self._is_hrr:
- named_groups += ','
- self_group_list = list(NAMED_GROUP_IANA_VALUE.keys())
- self_group_list.remove(self._named_groups[0])
- self_group = ','.join(self_group_list)
- named_groups += (self_group)
+ for sig_alg in self._sig_algs:
+ if sig_alg in ('ecdsa_secp256r1_sha256',
+ 'ecdsa_secp384r1_sha384',
+ 'ecdsa_secp521r1_sha512'):
+ self.add_named_groups(sig_alg.split('_')[1])
+ self.add_named_groups(self._peer_named_group)
+ named_groups = ','.join(self._named_groups)
ret += ["curves={named_groups}".format(named_groups=named_groups)]
ret = ' '.join(ret)
@@ -360,12 +368,9 @@
# pylint: disable=C0330
def post_hrr_checks(self):
- check_strings = ["server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]),
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]),
- "<= ssl_tls13_process_server_hello ( HelloRetryRequest )",
+ check_strings = ["NamedGroup: {group}".format(group=self._named_groups[0]),
+ "NamedGroup: {group}".format(group=self._named_groups[-1]),
+ "<= ssl_tls13_process_server_hello ( HelloRetryRequest )",
"Verifying peer X.509 certificate... ok", ]
return ['-c "{}"'.format(i) for i in check_strings]
@@ -405,12 +410,10 @@
"""
Generate test case with `ssl-opt.sh` format.
"""
- name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{server_named_group},'.format(
- client=client, server=server, cipher=cipher, server_named_group=server_named_group)
- name += '{client_named_group},{sig_alg}, force hrr'.format(
- client_named_group=client_named_group, sig_alg=sig_alg)
- server_object = SERVER_CLASSES[server](cipher, sig_alg, server_named_group)
- client_object = CLIENT_CLASSES[client](cipher, sig_alg, client_named_group, True)
+ name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {client_named_group} -> {server_named_group}'.format(
+ client=client, server=server, client_named_group=client_named_group, server_named_group=server_named_group)
+ server_object = SERVER_CLASSES[server](cipher, sig_alg, server_named_group, client_named_group, True)
+ client_object = CLIENT_CLASSES[client](cipher, sig_alg, client_named_group, server_named_group, True)
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']