ssl-opt.sh: Add m->m resumption and early data tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 534ebb9..5e43921 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -203,6 +203,205 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption with early data" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -C "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -C "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -C "received max_early_data_size" \
+ -C "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -c "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
+ "$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -C "received max_early_data_size" \
+ -C "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -c "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -C "bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -C "bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
"$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
"$P_CLI reco_mode=1 reconnect=1" \