TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7b02c1f3b63de90ae009a3bd607ae7d1384ad761 / . / tests / opt-testcases / tls13-kex-modes.sh
blob: cb738b88e454b4b928c3bf40375702eeded96492 [file] [log] [blame]
Gilles Peskine1d6a9502024-09-13 13:53:50 +0200[diff] [blame]1# Systematic testing of TLS 1.3 key exchange modes.
Jerry Yu6a9beba2022-07-31 12:45:25 +0800[diff] [blame]2
Jerry Yu97be6a92022-11-09 22:43:31 +0800[diff] [blame]3# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]4# scripts in future(#6280)
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]5
Gilles Peskine1d6a9502024-09-13 13:53:50 +0200[diff] [blame]6# Copyright The Mbed TLS Contributors
7# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8#
9
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]10requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]11requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
12requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13requires_config_enabled MBEDTLS_SSL_SRV_C
14requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]15requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]16run_test "TLS 1.3: G->m: all/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
20 localhost" \
21 0 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]27 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]28 -s "key exchange mode: psk$" \
29 -S "key exchange mode: psk_ephemeral" \
30 -S "key exchange mode: ephemeral"
31
32requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]33requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
34requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
35requires_config_enabled MBEDTLS_SSL_SRV_C
36requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]37requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]38run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]39 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]40 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
41 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
42 localhost" \
43 1 \
44 -s "found psk key exchange modes extension" \
45 -s "found pre_shared_key extension" \
46 -s "Found PSK_EPHEMERAL KEX MODE" \
47 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]48 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]49 -S "key exchange mode: psk$" \
50 -S "key exchange mode: psk_ephemeral" \
51 -S "key exchange mode: ephemeral"
52
53requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]54requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
55requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
56requires_config_enabled MBEDTLS_SSL_SRV_C
57requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]58requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]59run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]60 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]61 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
62 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
63 localhost" \
64 1 \
65 -s "found psk key exchange modes extension" \
66 -s "found pre_shared_key extension" \
67 -s "Found PSK_EPHEMERAL KEX MODE" \
68 -s "Found PSK KEX MODE" \
69 -s "Invalid binder." \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: psk_ephemeral" \
72 -S "key exchange mode: ephemeral"
73
74requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]75requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
76requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
77requires_config_enabled MBEDTLS_SSL_SRV_C
78requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]79requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]80run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]81 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]82 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
83 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
84 localhost" \
85 0 \
86 -s "found psk key exchange modes extension" \
87 -s "found pre_shared_key extension" \
88 -S "Found PSK_EPHEMERAL KEX MODE" \
89 -s "Found PSK KEX MODE" \
90 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]91 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]92 -s "key exchange mode: psk$" \
93 -S "key exchange mode: psk_ephemeral" \
94 -S "key exchange mode: ephemeral"
95
96requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]97requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
98requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
99requires_config_enabled MBEDTLS_SSL_SRV_C
100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]102run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]103 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]104 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
105 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
106 localhost" \
107 1 \
108 -s "found psk key exchange modes extension" \
109 -s "found pre_shared_key extension" \
110 -S "Found PSK_EPHEMERAL KEX MODE" \
111 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]112 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]113 -S "key exchange mode: psk$" \
114 -S "key exchange mode: psk_ephemeral" \
115 -S "key exchange mode: ephemeral"
116
117requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]118requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
120requires_config_enabled MBEDTLS_SSL_SRV_C
121requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]123run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]124 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]125 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
126 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
127 localhost" \
128 1 \
129 -s "found psk key exchange modes extension" \
130 -s "found pre_shared_key extension" \
131 -S "Found PSK_EPHEMERAL KEX MODE" \
132 -s "Found PSK KEX MODE" \
133 -s "Invalid binder." \
134 -S "key exchange mode: psk$" \
135 -S "key exchange mode: psk_ephemeral" \
136 -S "key exchange mode: ephemeral"
137
138requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]139requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
140requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
141requires_config_enabled MBEDTLS_SSL_SRV_C
142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]144run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]145 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]146 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
147 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
148 localhost" \
149 0 \
150 -s "found psk key exchange modes extension" \
151 -s "found pre_shared_key extension" \
152 -s "Found PSK_EPHEMERAL KEX MODE" \
153 -S "Found PSK KEX MODE" \
154 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]155 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]156 -S "key exchange mode: psk$" \
157 -s "key exchange mode: psk_ephemeral" \
158 -S "key exchange mode: ephemeral"
159
160requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
163requires_config_enabled MBEDTLS_SSL_SRV_C
164requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]166run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]167 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]168 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
169 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
170 localhost" \
171 1 \
172 -s "found psk key exchange modes extension" \
173 -s "found pre_shared_key extension" \
174 -s "Found PSK_EPHEMERAL KEX MODE" \
175 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]176 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]177 -S "key exchange mode: psk$" \
178 -S "key exchange mode: psk_ephemeral" \
179 -S "key exchange mode: ephemeral"
180
181requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]182requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
184requires_config_enabled MBEDTLS_SSL_SRV_C
185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]187run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]188 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]189 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
190 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
191 localhost" \
192 1 \
193 -s "found psk key exchange modes extension" \
194 -s "found pre_shared_key extension" \
195 -s "Found PSK_EPHEMERAL KEX MODE" \
196 -S "Found PSK KEX MODE" \
197 -s "Invalid binder." \
198 -S "key exchange mode: psk$" \
199 -S "key exchange mode: psk_ephemeral" \
200 -S "key exchange mode: ephemeral"
201
202requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
205requires_config_enabled MBEDTLS_SSL_SRV_C
206requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]207requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]208run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]209 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]210 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
211 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
212 localhost" \
213 0 \
214 -s "found psk key exchange modes extension" \
215 -s "found pre_shared_key extension" \
216 -s "Found PSK_EPHEMERAL KEX MODE" \
217 -s "Found PSK KEX MODE" \
218 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]219 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]220 -S "key exchange mode: psk$" \
221 -s "key exchange mode: psk_ephemeral" \
222 -S "key exchange mode: ephemeral"
223
224requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]225requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
227requires_config_enabled MBEDTLS_SSL_SRV_C
228requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]230run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]231 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]232 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
233 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
234 localhost" \
235 1 \
236 -s "found psk key exchange modes extension" \
237 -s "found pre_shared_key extension" \
238 -s "Found PSK_EPHEMERAL KEX MODE" \
239 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]240 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]241 -S "key exchange mode: psk$" \
242 -S "key exchange mode: psk_ephemeral" \
243 -S "key exchange mode: ephemeral"
244
245requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]246requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
248requires_config_enabled MBEDTLS_SSL_SRV_C
249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]251run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]252 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]253 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
254 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
255 localhost" \
256 1 \
257 -s "found psk key exchange modes extension" \
258 -s "found pre_shared_key extension" \
259 -s "Found PSK_EPHEMERAL KEX MODE" \
260 -s "Found PSK KEX MODE" \
261 -s "Invalid binder." \
262 -S "key exchange mode: psk$" \
263 -S "key exchange mode: psk_ephemeral" \
264 -S "key exchange mode: ephemeral"
265
266requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
269requires_config_enabled MBEDTLS_SSL_SRV_C
270requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]272run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]273 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]274 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
275 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
276 localhost" \
277 1 \
278 -s "found psk key exchange modes extension" \
279 -s "found pre_shared_key extension" \
280 -S "Found PSK_EPHEMERAL KEX MODE" \
281 -s "Found PSK KEX MODE" \
282 -S "key exchange mode: psk$" \
283 -S "key exchange mode: psk_ephemeral" \
284 -S "key exchange mode: ephemeral"
285
286requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
289requires_config_enabled MBEDTLS_SSL_SRV_C
290requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]293run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]294 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]295 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
296 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
297 localhost" \
298 0 \
299 -s "found psk key exchange modes extension" \
300 -s "found pre_shared_key extension" \
301 -s "Found PSK_EPHEMERAL KEX MODE" \
302 -S "Found PSK KEX MODE" \
303 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]304 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]305 -S "key exchange mode: psk$" \
306 -s "key exchange mode: psk_ephemeral" \
307 -S "key exchange mode: ephemeral"
308
309requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
311requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
312requires_config_enabled MBEDTLS_SSL_SRV_C
313requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]316run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]317 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]318 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
319 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
320 localhost" \
321 1 \
322 -s "found psk key exchange modes extension" \
323 -s "found pre_shared_key extension" \
324 -s "Found PSK_EPHEMERAL KEX MODE" \
325 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]326 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]327 -S "key exchange mode: psk$" \
328 -S "key exchange mode: psk_ephemeral" \
329 -S "key exchange mode: ephemeral"
330
331requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
334requires_config_enabled MBEDTLS_SSL_SRV_C
335requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]338run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]339 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]340 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
341 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
342 localhost" \
343 1 \
344 -s "found psk key exchange modes extension" \
345 -s "found pre_shared_key extension" \
346 -s "Found PSK_EPHEMERAL KEX MODE" \
347 -S "Found PSK KEX MODE" \
348 -s "Invalid binder." \
349 -S "key exchange mode: psk$" \
350 -S "key exchange mode: psk_ephemeral" \
351 -S "key exchange mode: ephemeral"
352
353requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]354requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
356requires_config_enabled MBEDTLS_SSL_SRV_C
357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]360run_test "TLS 1.3: G->m: all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]361 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]362 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
363 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
364 localhost" \
365 0 \
366 -s "found psk key exchange modes extension" \
367 -s "found pre_shared_key extension" \
368 -s "Found PSK_EPHEMERAL KEX MODE" \
369 -s "Found PSK KEX MODE" \
370 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]371 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]372 -S "key exchange mode: psk$" \
373 -s "key exchange mode: psk_ephemeral" \
374 -S "key exchange mode: ephemeral"
375
376requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]377requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
379requires_config_enabled MBEDTLS_SSL_SRV_C
380requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]383run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]384 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]385 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
386 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
387 localhost" \
388 1 \
389 -s "found psk key exchange modes extension" \
390 -s "found pre_shared_key extension" \
391 -s "Found PSK_EPHEMERAL KEX MODE" \
392 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]393 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]394 -S "key exchange mode: psk$" \
395 -S "key exchange mode: psk_ephemeral" \
396 -S "key exchange mode: ephemeral"
397
398requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
401requires_config_enabled MBEDTLS_SSL_SRV_C
402requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
404requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]405run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]406 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]407 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
408 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
409 localhost" \
410 1 \
411 -s "found psk key exchange modes extension" \
412 -s "found pre_shared_key extension" \
413 -s "Found PSK_EPHEMERAL KEX MODE" \
414 -s "Found PSK KEX MODE" \
415 -s "Invalid binder." \
416 -S "key exchange mode: psk$" \
417 -S "key exchange mode: psk_ephemeral" \
418 -S "key exchange mode: ephemeral"
419
420requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]421requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
423requires_config_enabled MBEDTLS_SSL_SRV_C
424requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]427run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]428 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]429 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
430 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
431 localhost" \
432 0 \
433 -s "found psk key exchange modes extension" \
434 -s "found pre_shared_key extension" \
435 -S "Found PSK_EPHEMERAL KEX MODE" \
436 -s "Found PSK KEX MODE" \
437 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]438 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]439 -s "key exchange mode: psk$" \
440 -S "key exchange mode: psk_ephemeral" \
441 -S "key exchange mode: ephemeral"
442
443requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
446requires_config_enabled MBEDTLS_SSL_SRV_C
447requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]448requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]450run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]451 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]452 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
453 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
454 localhost" \
455 1 \
456 -s "found psk key exchange modes extension" \
457 -s "found pre_shared_key extension" \
458 -S "Found PSK_EPHEMERAL KEX MODE" \
459 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]460 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]461 -S "key exchange mode: psk$" \
462 -S "key exchange mode: psk_ephemeral" \
463 -S "key exchange mode: ephemeral"
464
465requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]466requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
468requires_config_enabled MBEDTLS_SSL_SRV_C
469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]472run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]473 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]474 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
475 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
476 localhost" \
477 1 \
478 -s "found psk key exchange modes extension" \
479 -s "found pre_shared_key extension" \
480 -S "Found PSK_EPHEMERAL KEX MODE" \
481 -s "Found PSK KEX MODE" \
482 -s "Invalid binder." \
483 -S "key exchange mode: psk$" \
484 -S "key exchange mode: psk_ephemeral" \
485 -S "key exchange mode: ephemeral"
486
487requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]488requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
490requires_config_enabled MBEDTLS_SSL_SRV_C
491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]494run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]495 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]496 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
497 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
498 localhost" \
499 0 \
500 -s "found psk key exchange modes extension" \
501 -s "found pre_shared_key extension" \
502 -s "Found PSK_EPHEMERAL KEX MODE" \
503 -S "Found PSK KEX MODE" \
504 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]505 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]506 -S "key exchange mode: psk$" \
507 -s "key exchange mode: psk_ephemeral" \
508 -S "key exchange mode: ephemeral"
509
510requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]511requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
513requires_config_enabled MBEDTLS_SSL_SRV_C
514requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]517run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]518 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]519 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
520 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
521 localhost" \
522 0 \
523 -s "found psk key exchange modes extension" \
524 -s "found pre_shared_key extension" \
525 -s "Found PSK_EPHEMERAL KEX MODE" \
526 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]527 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]528 -S "key exchange mode: psk$" \
529 -S "key exchange mode: psk_ephemeral" \
530 -s "key exchange mode: ephemeral"
531
532requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]533requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
534requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
535requires_config_enabled MBEDTLS_SSL_SRV_C
536requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
538requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]539run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]540 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]541 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
542 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
543 localhost" \
544 1 \
545 -s "found psk key exchange modes extension" \
546 -s "found pre_shared_key extension" \
547 -s "Found PSK_EPHEMERAL KEX MODE" \
548 -S "Found PSK KEX MODE" \
549 -s "Invalid binder." \
550 -S "key exchange mode: psk$" \
551 -S "key exchange mode: psk_ephemeral" \
552 -S "key exchange mode: ephemeral"
553
554requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]555requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
557requires_config_enabled MBEDTLS_SSL_SRV_C
558requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]561run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]562 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]563 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
564 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
565 localhost" \
566 0 \
567 -s "found psk key exchange modes extension" \
568 -s "found pre_shared_key extension" \
569 -s "Found PSK_EPHEMERAL KEX MODE" \
570 -s "Found PSK KEX MODE" \
571 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]572 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]573 -S "key exchange mode: psk$" \
574 -s "key exchange mode: psk_ephemeral" \
575 -S "key exchange mode: ephemeral"
576
577requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]578requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
580requires_config_enabled MBEDTLS_SSL_SRV_C
581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]584run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]585 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]586 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
587 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
588 localhost" \
589 0 \
590 -s "found psk key exchange modes extension" \
591 -s "found pre_shared_key extension" \
592 -s "Found PSK_EPHEMERAL KEX MODE" \
593 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]594 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]595 -S "key exchange mode: psk$" \
596 -S "key exchange mode: psk_ephemeral" \
597 -s "key exchange mode: ephemeral"
598
599requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]600requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
602requires_config_enabled MBEDTLS_SSL_SRV_C
603requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]606run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]607 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]608 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
609 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
610 localhost" \
611 1 \
612 -s "found psk key exchange modes extension" \
613 -s "found pre_shared_key extension" \
614 -s "Found PSK_EPHEMERAL KEX MODE" \
615 -s "Found PSK KEX MODE" \
616 -s "Invalid binder." \
617 -S "key exchange mode: psk$" \
618 -S "key exchange mode: psk_ephemeral" \
619 -S "key exchange mode: ephemeral"
620
621requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
624requires_config_enabled MBEDTLS_SSL_SRV_C
625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]628run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]629 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]630 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
631 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
632 localhost" \
633 0 \
634 -s "found psk key exchange modes extension" \
635 -s "found pre_shared_key extension" \
636 -S "Found PSK_EPHEMERAL KEX MODE" \
637 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]638 -s "No suitable PSK key exchange mode" \
639 -S "Pre shared key found" \
640 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]641 -S "key exchange mode: psk$" \
642 -S "key exchange mode: psk_ephemeral" \
643 -s "key exchange mode: ephemeral"
644
645requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]646requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
648requires_config_enabled MBEDTLS_SSL_SRV_C
649requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
651requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]653run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]654 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]655 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
656 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
657 localhost" \
658 0 \
659 -s "found psk key exchange modes extension" \
660 -s "found pre_shared_key extension" \
661 -s "Found PSK_EPHEMERAL KEX MODE" \
662 -S "Found PSK KEX MODE" \
663 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]664 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]665 -S "key exchange mode: psk$" \
666 -s "key exchange mode: psk_ephemeral" \
667 -S "key exchange mode: ephemeral"
668
669requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]670requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
671requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
672requires_config_enabled MBEDTLS_SSL_SRV_C
673requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]674requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
676requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]677run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]678 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]679 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
680 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
681 localhost" \
682 0 \
683 -s "found psk key exchange modes extension" \
684 -s "found pre_shared_key extension" \
685 -s "Found PSK_EPHEMERAL KEX MODE" \
686 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]687 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]688 -S "key exchange mode: psk$" \
689 -S "key exchange mode: psk_ephemeral" \
690 -s "key exchange mode: ephemeral"
691
692requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]693requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
695requires_config_enabled MBEDTLS_SSL_SRV_C
696requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]697requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]700run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]701 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]702 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
703 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
704 localhost" \
705 1 \
706 -s "found psk key exchange modes extension" \
707 -s "found pre_shared_key extension" \
708 -s "Found PSK_EPHEMERAL KEX MODE" \
709 -S "Found PSK KEX MODE" \
710 -s "Invalid binder." \
711 -S "key exchange mode: psk$" \
712 -S "key exchange mode: psk_ephemeral" \
713 -S "key exchange mode: ephemeral"
714
715requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
718requires_config_enabled MBEDTLS_SSL_SRV_C
719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]723run_test "TLS 1.3: G->m: all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]724 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]725 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
726 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
727 localhost" \
728 0 \
729 -s "found psk key exchange modes extension" \
730 -s "found pre_shared_key extension" \
731 -s "Found PSK_EPHEMERAL KEX MODE" \
732 -s "Found PSK KEX MODE" \
733 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]734 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]735 -S "key exchange mode: psk$" \
736 -s "key exchange mode: psk_ephemeral" \
737 -S "key exchange mode: ephemeral"
738
739requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]740requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
742requires_config_enabled MBEDTLS_SSL_SRV_C
743requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]747run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]748 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]749 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
750 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
751 localhost" \
752 0 \
753 -s "found psk key exchange modes extension" \
754 -s "found pre_shared_key extension" \
755 -s "Found PSK_EPHEMERAL KEX MODE" \
756 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]757 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]758 -S "key exchange mode: psk$" \
759 -S "key exchange mode: psk_ephemeral" \
760 -s "key exchange mode: ephemeral"
761
762requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
765requires_config_enabled MBEDTLS_SSL_SRV_C
766requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]770run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]771 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]772 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
773 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
774 localhost" \
775 1 \
776 -s "found psk key exchange modes extension" \
777 -s "found pre_shared_key extension" \
778 -s "Found PSK_EPHEMERAL KEX MODE" \
779 -s "Found PSK KEX MODE" \
780 -s "Invalid binder." \
781 -S "key exchange mode: psk$" \
782 -S "key exchange mode: psk_ephemeral" \
783 -S "key exchange mode: ephemeral"
784
785requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]786requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
788requires_config_enabled MBEDTLS_SSL_SRV_C
789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]793run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]794 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]795 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
796 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
797 localhost" \
798 0 \
799 -s "found psk key exchange modes extension" \
800 -s "found pre_shared_key extension" \
801 -S "Found PSK_EPHEMERAL KEX MODE" \
802 -s "Found PSK KEX MODE" \
803 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]804 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]805 -S "key exchange mode: psk$" \
806 -S "key exchange mode: psk_ephemeral" \
807 -s "key exchange mode: ephemeral"
808
809requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
812requires_config_enabled MBEDTLS_SSL_SRV_C
813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]817run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]818 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]819 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
820 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
821 localhost" \
822 1 \
823 -s "found psk key exchange modes extension" \
824 -s "found pre_shared_key extension" \
825 -S "Found PSK_EPHEMERAL KEX MODE" \
826 -s "Found PSK KEX MODE" \
827 -s "Invalid binder." \
828 -S "key exchange mode: psk$" \
829 -S "key exchange mode: psk_ephemeral" \
830 -S "key exchange mode: ephemeral"
831
832requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
835requires_config_enabled MBEDTLS_SSL_SRV_C
836requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]839run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]840 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]841 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
842 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
843 localhost" \
844 0 \
845 -s "found psk key exchange modes extension" \
846 -s "found pre_shared_key extension" \
847 -s "Found PSK_EPHEMERAL KEX MODE" \
848 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]849 -s "No suitable PSK key exchange mode" \
850 -S "Pre shared key found" \
851 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]852 -S "key exchange mode: psk$" \
853 -S "key exchange mode: psk_ephemeral" \
854 -s "key exchange mode: ephemeral"
855
856requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]857requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
858requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
859requires_config_enabled MBEDTLS_SSL_SRV_C
860requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]861requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]863run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]864 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]865 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
866 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
867 localhost" \
868 0 \
869 -s "found psk key exchange modes extension" \
870 -s "found pre_shared_key extension" \
871 -s "Found PSK_EPHEMERAL KEX MODE" \
872 -s "Found PSK KEX MODE" \
873 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]874 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]875 -S "key exchange mode: psk$" \
876 -S "key exchange mode: psk_ephemeral" \
877 -s "key exchange mode: ephemeral"
878
879requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]880requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
882requires_config_enabled MBEDTLS_SSL_SRV_C
883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
885requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]886run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]887 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]888 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
889 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
890 localhost" \
891 1 \
892 -s "found psk key exchange modes extension" \
893 -s "found pre_shared_key extension" \
894 -s "Found PSK_EPHEMERAL KEX MODE" \
895 -s "Found PSK KEX MODE" \
896 -s "Invalid binder." \
897 -S "key exchange mode: psk$" \
898 -S "key exchange mode: psk_ephemeral" \
899 -S "key exchange mode: ephemeral"
900
901requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
904requires_config_enabled MBEDTLS_SSL_SRV_C
905requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]908run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]909 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]910 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
911 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
912 localhost" \
913 0 \
914 -s "found psk key exchange modes extension" \
915 -s "found pre_shared_key extension" \
916 -S "Found PSK_EPHEMERAL KEX MODE" \
917 -s "Found PSK KEX MODE" \
918 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]919 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]920 -S "key exchange mode: psk$" \
921 -S "key exchange mode: psk_ephemeral" \
922 -s "key exchange mode: ephemeral"
923
924requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]925requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
927requires_config_enabled MBEDTLS_SSL_SRV_C
928requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu66886692022-08-31 17:08:34 +0800[diff] [blame]931run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]932 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]933 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
934 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
935 localhost" \
936 1 \
937 -s "found psk key exchange modes extension" \
938 -s "found pre_shared_key extension" \
939 -S "Found PSK_EPHEMERAL KEX MODE" \
940 -s "Found PSK KEX MODE" \
941 -s "Invalid binder." \
942 -S "key exchange mode: psk$" \
943 -S "key exchange mode: psk_ephemeral" \
944 -S "key exchange mode: ephemeral"
945
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]946requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
949requires_config_enabled MBEDTLS_SSL_SRV_C
950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]952requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]953run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]954 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]955 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \
956 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
957 localhost" \
958 0 \
959 -s "write selected_group: secp256r1" \
960 -S "key exchange mode: psk$" \
961 -s "key exchange mode: psk_ephemeral" \
962 -S "key exchange mode: ephemeral"
963
964requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
966requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
967requires_config_enabled MBEDTLS_SSL_SRV_C
968requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]970requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]971run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]972 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]973 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \
974 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
975 localhost" \
976 0 \
977 -s "write selected_group: secp384r1" \
978 -S "key exchange mode: psk$" \
979 -s "key exchange mode: psk_ephemeral" \
980 -S "key exchange mode: ephemeral"
981
982requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
984requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
985requires_config_enabled MBEDTLS_SSL_SRV_C
986requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]988requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]989run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]990 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]991 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \
992 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
993 localhost" \
994 0 \
995 -s "write selected_group: secp521r1" \
996 -S "key exchange mode: psk$" \
997 -s "key exchange mode: psk_ephemeral" \
998 -S "key exchange mode: ephemeral"
999
1000requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1003requires_config_enabled MBEDTLS_SSL_SRV_C
1004requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1006requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1007run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1008 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1009 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \
1010 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
1011 localhost" \
1012 0 \
1013 -s "write selected_group: x25519" \
1014 -S "key exchange mode: psk$" \
1015 -s "key exchange mode: psk_ephemeral" \
1016 -S "key exchange mode: ephemeral"
1017
1018requires_gnutls_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1019requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1021requires_config_enabled MBEDTLS_SSL_SRV_C
1022requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1024requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1025run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1026 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1027 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \
1028 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
1029 localhost" \
1030 0 \
1031 -s "write selected_group: x448" \
1032 -S "key exchange mode: psk$" \
1033 -s "key exchange mode: psk_ephemeral" \
1034 -S "key exchange mode: ephemeral"
1035
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1036requires_openssl_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1037requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1039requires_config_enabled MBEDTLS_SSL_SRV_C
1040requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1041requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1042run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1043 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1044 "$O_NEXT_CLI -tls1_3 -msg \
1045 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1046 1 \
1047 -s "found psk key exchange modes extension" \
1048 -s "found pre_shared_key extension" \
1049 -s "Found PSK_EPHEMERAL KEX MODE" \
1050 -S "Found PSK KEX MODE" \
1051 -S "key exchange mode: psk$" \
1052 -S "key exchange mode: psk_ephemeral" \
1053 -S "key exchange mode: ephemeral"
1054
1055requires_openssl_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1056requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1058requires_config_enabled MBEDTLS_SSL_SRV_C
1059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1061run_test "TLS 1.3: O->m: all/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1062 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1063 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1064 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1065 0 \
1066 -s "found psk key exchange modes extension" \
1067 -s "found pre_shared_key extension" \
1068 -s "Found PSK_EPHEMERAL KEX MODE" \
1069 -s "Found PSK KEX MODE" \
1070 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1071 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1072 -s "key exchange mode: psk$" \
1073 -S "key exchange mode: psk_ephemeral" \
1074 -S "key exchange mode: ephemeral"
1075
1076requires_openssl_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1079requires_config_enabled MBEDTLS_SSL_SRV_C
1080requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1082run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1083 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1084 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1085 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1086 1 \
1087 -s "found psk key exchange modes extension" \
1088 -s "found pre_shared_key extension" \
1089 -s "Found PSK_EPHEMERAL KEX MODE" \
1090 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1091 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1092 -S "key exchange mode: psk$" \
1093 -S "key exchange mode: psk_ephemeral" \
1094 -S "key exchange mode: ephemeral"
1095
1096requires_openssl_tls1_3
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1099requires_config_enabled MBEDTLS_SSL_SRV_C
1100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1102run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1103 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1104 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1105 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1106 1 \
1107 -s "found psk key exchange modes extension" \
1108 -s "found pre_shared_key extension" \
1109 -s "Found PSK_EPHEMERAL KEX MODE" \
1110 -s "Found PSK KEX MODE" \
1111 -s "Invalid binder." \
1112 -S "key exchange mode: psk$" \
1113 -S "key exchange mode: psk_ephemeral" \
1114 -S "key exchange mode: ephemeral"
1115
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1116requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1119requires_config_enabled MBEDTLS_SSL_SRV_C
1120requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1121requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1122run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1123 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1124 "$O_NEXT_CLI -tls1_3 -msg \
1125 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1126 0 \
1127 -s "found psk key exchange modes extension" \
1128 -s "found pre_shared_key extension" \
1129 -s "Found PSK_EPHEMERAL KEX MODE" \
1130 -S "Found PSK KEX MODE" \
1131 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1132 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1133 -S "key exchange mode: psk$" \
1134 -s "key exchange mode: psk_ephemeral" \
1135 -S "key exchange mode: ephemeral"
1136
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1137requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1138requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1140requires_config_enabled MBEDTLS_SSL_SRV_C
1141requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1143run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1144 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1145 "$O_NEXT_CLI -tls1_3 -msg \
1146 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1147 1 \
1148 -s "found psk key exchange modes extension" \
1149 -s "found pre_shared_key extension" \
1150 -s "Found PSK_EPHEMERAL KEX MODE" \
1151 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1152 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1153 -S "key exchange mode: psk$" \
1154 -S "key exchange mode: psk_ephemeral" \
1155 -S "key exchange mode: ephemeral"
1156
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1157requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1160requires_config_enabled MBEDTLS_SSL_SRV_C
1161requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1163run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1164 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1165 "$O_NEXT_CLI -tls1_3 -msg \
1166 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1167 1 \
1168 -s "found psk key exchange modes extension" \
1169 -s "found pre_shared_key extension" \
1170 -s "Found PSK_EPHEMERAL KEX MODE" \
1171 -S "Found PSK KEX MODE" \
1172 -s "Invalid binder." \
1173 -S "key exchange mode: psk$" \
1174 -S "key exchange mode: psk_ephemeral" \
1175 -S "key exchange mode: ephemeral"
1176
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1177requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1178requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1180requires_config_enabled MBEDTLS_SSL_SRV_C
1181requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1183run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1184 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1185 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1186 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1187 0 \
1188 -s "found psk key exchange modes extension" \
1189 -s "found pre_shared_key extension" \
1190 -s "Found PSK_EPHEMERAL KEX MODE" \
1191 -s "Found PSK KEX MODE" \
1192 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1193 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1194 -S "key exchange mode: psk$" \
1195 -s "key exchange mode: psk_ephemeral" \
1196 -S "key exchange mode: ephemeral"
1197
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1198requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1201requires_config_enabled MBEDTLS_SSL_SRV_C
1202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1204run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1205 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1206 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1207 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1208 1 \
1209 -s "found psk key exchange modes extension" \
1210 -s "found pre_shared_key extension" \
1211 -s "Found PSK_EPHEMERAL KEX MODE" \
1212 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1213 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1214 -S "key exchange mode: psk$" \
1215 -S "key exchange mode: psk_ephemeral" \
1216 -S "key exchange mode: ephemeral"
1217
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1218requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1221requires_config_enabled MBEDTLS_SSL_SRV_C
1222requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1223requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1224run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1225 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1226 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1227 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1228 1 \
1229 -s "found psk key exchange modes extension" \
1230 -s "found pre_shared_key extension" \
1231 -s "Found PSK_EPHEMERAL KEX MODE" \
1232 -s "Found PSK KEX MODE" \
1233 -s "Invalid binder." \
1234 -S "key exchange mode: psk$" \
1235 -S "key exchange mode: psk_ephemeral" \
1236 -S "key exchange mode: ephemeral"
1237
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1238requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1241requires_config_enabled MBEDTLS_SSL_SRV_C
1242requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1245run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1246 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1247 "$O_NEXT_CLI -tls1_3 -msg \
1248 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1249 0 \
1250 -s "found psk key exchange modes extension" \
1251 -s "found pre_shared_key extension" \
1252 -s "Found PSK_EPHEMERAL KEX MODE" \
1253 -S "Found PSK KEX MODE" \
1254 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1255 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1256 -S "key exchange mode: psk$" \
1257 -s "key exchange mode: psk_ephemeral" \
1258 -S "key exchange mode: ephemeral"
1259
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1260requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1261requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1262requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1263requires_config_enabled MBEDTLS_SSL_SRV_C
1264requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1265requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1267run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1268 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1269 "$O_NEXT_CLI -tls1_3 -msg \
1270 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1271 1 \
1272 -s "found psk key exchange modes extension" \
1273 -s "found pre_shared_key extension" \
1274 -s "Found PSK_EPHEMERAL KEX MODE" \
1275 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1276 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1277 -S "key exchange mode: psk$" \
1278 -S "key exchange mode: psk_ephemeral" \
1279 -S "key exchange mode: ephemeral"
1280
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1281requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1284requires_config_enabled MBEDTLS_SSL_SRV_C
1285requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1287requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1288run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1289 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1290 "$O_NEXT_CLI -tls1_3 -msg \
1291 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1292 1 \
1293 -s "found psk key exchange modes extension" \
1294 -s "found pre_shared_key extension" \
1295 -s "Found PSK_EPHEMERAL KEX MODE" \
1296 -S "Found PSK KEX MODE" \
1297 -s "Invalid binder." \
1298 -S "key exchange mode: psk$" \
1299 -S "key exchange mode: psk_ephemeral" \
1300 -S "key exchange mode: ephemeral"
1301
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1302requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1304requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1305requires_config_enabled MBEDTLS_SSL_SRV_C
1306requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1309run_test "TLS 1.3: O->m: all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1310 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1311 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1312 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1313 0 \
1314 -s "found psk key exchange modes extension" \
1315 -s "found pre_shared_key extension" \
1316 -s "Found PSK_EPHEMERAL KEX MODE" \
1317 -s "Found PSK KEX MODE" \
1318 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1319 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1320 -S "key exchange mode: psk$" \
1321 -s "key exchange mode: psk_ephemeral" \
1322 -S "key exchange mode: ephemeral"
1323
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1324requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1325requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1327requires_config_enabled MBEDTLS_SSL_SRV_C
1328requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1331run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1332 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1333 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1334 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1335 1 \
1336 -s "found psk key exchange modes extension" \
1337 -s "found pre_shared_key extension" \
1338 -s "Found PSK_EPHEMERAL KEX MODE" \
1339 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1340 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1341 -S "key exchange mode: psk$" \
1342 -S "key exchange mode: psk_ephemeral" \
1343 -S "key exchange mode: ephemeral"
1344
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1345requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1346requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1348requires_config_enabled MBEDTLS_SSL_SRV_C
1349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1352run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1353 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1354 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1355 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1356 1 \
1357 -s "found psk key exchange modes extension" \
1358 -s "found pre_shared_key extension" \
1359 -s "Found PSK_EPHEMERAL KEX MODE" \
1360 -s "Found PSK KEX MODE" \
1361 -s "Invalid binder." \
1362 -S "key exchange mode: psk$" \
1363 -S "key exchange mode: psk_ephemeral" \
1364 -S "key exchange mode: ephemeral"
1365
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1366requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1367requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1369requires_config_enabled MBEDTLS_SSL_SRV_C
1370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1373run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1374 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1375 "$O_NEXT_CLI -tls1_3 -msg \
1376 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1377 0 \
1378 -s "found psk key exchange modes extension" \
1379 -s "found pre_shared_key extension" \
1380 -s "Found PSK_EPHEMERAL KEX MODE" \
1381 -S "Found PSK KEX MODE" \
1382 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1383 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1384 -S "key exchange mode: psk$" \
1385 -s "key exchange mode: psk_ephemeral" \
1386 -S "key exchange mode: ephemeral"
1387
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1388requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1389requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1391requires_config_enabled MBEDTLS_SSL_SRV_C
1392requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1395run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1396 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1397 "$O_NEXT_CLI -tls1_3 -msg \
1398 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1399 0 \
1400 -s "found psk key exchange modes extension" \
1401 -s "found pre_shared_key extension" \
1402 -s "Found PSK_EPHEMERAL KEX MODE" \
1403 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1404 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1405 -S "key exchange mode: psk$" \
1406 -S "key exchange mode: psk_ephemeral" \
1407 -s "key exchange mode: ephemeral"
1408
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1409requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1412requires_config_enabled MBEDTLS_SSL_SRV_C
1413requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1416run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1417 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1418 "$O_NEXT_CLI -tls1_3 -msg \
1419 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1420 1 \
1421 -s "found psk key exchange modes extension" \
1422 -s "found pre_shared_key extension" \
1423 -s "Found PSK_EPHEMERAL KEX MODE" \
1424 -S "Found PSK KEX MODE" \
1425 -s "Invalid binder." \
1426 -S "key exchange mode: psk$" \
1427 -S "key exchange mode: psk_ephemeral" \
1428 -S "key exchange mode: ephemeral"
1429
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1430requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1433requires_config_enabled MBEDTLS_SSL_SRV_C
1434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1437run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1438 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1439 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1440 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1441 0 \
1442 -s "found psk key exchange modes extension" \
1443 -s "found pre_shared_key extension" \
1444 -s "Found PSK_EPHEMERAL KEX MODE" \
1445 -s "Found PSK KEX MODE" \
1446 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1447 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1448 -S "key exchange mode: psk$" \
1449 -s "key exchange mode: psk_ephemeral" \
1450 -S "key exchange mode: ephemeral"
1451
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1452requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1453requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1454requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1455requires_config_enabled MBEDTLS_SSL_SRV_C
1456requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1457requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1459run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1460 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1461 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1462 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1463 0 \
1464 -s "found psk key exchange modes extension" \
1465 -s "found pre_shared_key extension" \
1466 -s "Found PSK_EPHEMERAL KEX MODE" \
1467 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1468 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1469 -S "key exchange mode: psk$" \
1470 -S "key exchange mode: psk_ephemeral" \
1471 -s "key exchange mode: ephemeral"
1472
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1473requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1474requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1476requires_config_enabled MBEDTLS_SSL_SRV_C
1477requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1480run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1481 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1482 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1483 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1484 1 \
1485 -s "found psk key exchange modes extension" \
1486 -s "found pre_shared_key extension" \
1487 -s "Found PSK_EPHEMERAL KEX MODE" \
1488 -s "Found PSK KEX MODE" \
1489 -s "Invalid binder." \
1490 -S "key exchange mode: psk$" \
1491 -S "key exchange mode: psk_ephemeral" \
1492 -S "key exchange mode: ephemeral"
1493
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1494requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1497requires_config_enabled MBEDTLS_SSL_SRV_C
1498requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1502run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1503 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1504 "$O_NEXT_CLI -tls1_3 -msg \
1505 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1506 0 \
1507 -s "found psk key exchange modes extension" \
1508 -s "found pre_shared_key extension" \
1509 -s "Found PSK_EPHEMERAL KEX MODE" \
1510 -S "Found PSK KEX MODE" \
1511 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1512 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1513 -S "key exchange mode: psk$" \
1514 -s "key exchange mode: psk_ephemeral" \
1515 -S "key exchange mode: ephemeral"
1516
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1517requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1518requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1519requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1520requires_config_enabled MBEDTLS_SSL_SRV_C
1521requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1525run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1526 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1527 "$O_NEXT_CLI -tls1_3 -msg \
1528 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1529 0 \
1530 -s "found psk key exchange modes extension" \
1531 -s "found pre_shared_key extension" \
1532 -s "Found PSK_EPHEMERAL KEX MODE" \
1533 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1534 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1535 -S "key exchange mode: psk$" \
1536 -S "key exchange mode: psk_ephemeral" \
1537 -s "key exchange mode: ephemeral"
1538
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1539requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1540requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1542requires_config_enabled MBEDTLS_SSL_SRV_C
1543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1547run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1548 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1549 "$O_NEXT_CLI -tls1_3 -msg \
1550 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1551 1 \
1552 -s "found psk key exchange modes extension" \
1553 -s "found pre_shared_key extension" \
1554 -s "Found PSK_EPHEMERAL KEX MODE" \
1555 -S "Found PSK KEX MODE" \
1556 -s "Invalid binder." \
1557 -S "key exchange mode: psk$" \
1558 -S "key exchange mode: psk_ephemeral" \
1559 -S "key exchange mode: ephemeral"
1560
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1561requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1562requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1564requires_config_enabled MBEDTLS_SSL_SRV_C
1565requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1569run_test "TLS 1.3: O->m: all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1570 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1571 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1572 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1573 0 \
1574 -s "found psk key exchange modes extension" \
1575 -s "found pre_shared_key extension" \
1576 -s "Found PSK_EPHEMERAL KEX MODE" \
1577 -s "Found PSK KEX MODE" \
1578 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1579 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1580 -S "key exchange mode: psk$" \
1581 -s "key exchange mode: psk_ephemeral" \
1582 -S "key exchange mode: ephemeral"
1583
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1584requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1587requires_config_enabled MBEDTLS_SSL_SRV_C
1588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1592run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1593 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1594 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1595 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1596 0 \
1597 -s "found psk key exchange modes extension" \
1598 -s "found pre_shared_key extension" \
1599 -s "Found PSK_EPHEMERAL KEX MODE" \
1600 -s "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1601 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1602 -S "key exchange mode: psk$" \
1603 -S "key exchange mode: psk_ephemeral" \
1604 -s "key exchange mode: ephemeral"
1605
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1606requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1607requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1608requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1609requires_config_enabled MBEDTLS_SSL_SRV_C
1610requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1614run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1615 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1616 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1617 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1618 1 \
1619 -s "found psk key exchange modes extension" \
1620 -s "found pre_shared_key extension" \
1621 -s "Found PSK_EPHEMERAL KEX MODE" \
1622 -s "Found PSK KEX MODE" \
1623 -s "Invalid binder." \
1624 -S "key exchange mode: psk$" \
1625 -S "key exchange mode: psk_ephemeral" \
1626 -S "key exchange mode: ephemeral"
1627
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1628requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1629requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1630requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1631requires_config_enabled MBEDTLS_SSL_SRV_C
1632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu7101b872022-08-31 14:15:23 +0800[diff] [blame]1635run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1636 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1637 "$O_NEXT_CLI -tls1_3 -msg \
1638 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1639 0 \
1640 -s "found psk key exchange modes extension" \
1641 -s "found pre_shared_key extension" \
1642 -s "Found PSK_EPHEMERAL KEX MODE" \
1643 -S "Found PSK KEX MODE" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1644 -s "No suitable PSK key exchange mode" \
1645 -S "Pre shared key found" \
1646 -s "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1647 -S "key exchange mode: psk$" \
1648 -S "key exchange mode: psk_ephemeral" \
1649 -s "key exchange mode: ephemeral"
1650
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1651requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1654requires_config_enabled MBEDTLS_SSL_SRV_C
1655requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1658run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1659 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1660 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1661 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1662 0 \
1663 -s "found psk key exchange modes extension" \
1664 -s "found pre_shared_key extension" \
1665 -s "Found PSK_EPHEMERAL KEX MODE" \
1666 -s "Found PSK KEX MODE" \
1667 -s "Pre shared key found" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1668 -S "No usable PSK or ticket" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1669 -S "key exchange mode: psk$" \
1670 -S "key exchange mode: psk_ephemeral" \
1671 -s "key exchange mode: ephemeral"
1672
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1673requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1674requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1675requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1676requires_config_enabled MBEDTLS_SSL_SRV_C
1677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu63d40e62022-08-29 20:38:39 +0800[diff] [blame]1680run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1681 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
Jerry Yue7b4b582022-08-25 17:53:13 +0800[diff] [blame]1682 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1683 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1684 1 \
1685 -s "found psk key exchange modes extension" \
1686 -s "found pre_shared_key extension" \
1687 -s "Found PSK_EPHEMERAL KEX MODE" \
1688 -s "Found PSK KEX MODE" \
1689 -s "Invalid binder." \
1690 -S "key exchange mode: psk$" \
1691 -S "key exchange mode: psk_ephemeral" \
1692 -S "key exchange mode: ephemeral"
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1693
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1694requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1695requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1697requires_config_enabled MBEDTLS_SSL_SRV_C
1698requires_config_enabled MBEDTLS_DEBUG_C
1699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1700requires_config_enabled PSA_WANT_ALG_ECDH
1701requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1702run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1703 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1704 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
1705 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1706 0 \
1707 -s "write selected_group: secp256r1" \
1708 -S "key exchange mode: psk$" \
1709 -s "key exchange mode: psk_ephemeral" \
1710 -S "key exchange mode: ephemeral"
1711
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1712requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1715requires_config_enabled MBEDTLS_SSL_SRV_C
1716requires_config_enabled MBEDTLS_DEBUG_C
1717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1718requires_config_enabled PSA_WANT_ALG_ECDH
1719requires_config_enabled PSA_WANT_ECC_SECP_R1_384
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1720run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1721 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1722 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
1723 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1724 0 \
1725 -s "write selected_group: secp384r1" \
1726 -S "key exchange mode: psk$" \
1727 -s "key exchange mode: psk_ephemeral" \
1728 -S "key exchange mode: ephemeral"
1729
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1730requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1731requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1733requires_config_enabled MBEDTLS_SSL_SRV_C
1734requires_config_enabled MBEDTLS_DEBUG_C
1735requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1736requires_config_enabled PSA_WANT_ALG_ECDH
1737requires_config_enabled PSA_WANT_ECC_SECP_R1_521
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1738run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1739 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1740 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
1741 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1742 0 \
1743 -s "write selected_group: secp521r1" \
1744 -S "key exchange mode: psk$" \
1745 -s "key exchange mode: psk_ephemeral" \
1746 -S "key exchange mode: ephemeral"
1747
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1748requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1751requires_config_enabled MBEDTLS_SSL_SRV_C
1752requires_config_enabled MBEDTLS_DEBUG_C
1753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1754requires_config_enabled PSA_WANT_ALG_ECDH
1755requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1756run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1757 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1758 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
1759 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1760 0 \
1761 -s "write selected_group: x25519" \
1762 -S "key exchange mode: psk$" \
1763 -s "key exchange mode: psk_ephemeral" \
1764 -S "key exchange mode: ephemeral"
1765
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1766requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1767requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1769requires_config_enabled MBEDTLS_SSL_SRV_C
1770requires_config_enabled MBEDTLS_DEBUG_C
1771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1772requires_config_enabled PSA_WANT_ALG_ECDH
1773requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1774run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1775 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
Jerry Yu58af2332022-09-06 11:19:31 +0800[diff] [blame]1776 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
1777 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1778 0 \
1779 -s "write selected_group: x448" \
1780 -S "key exchange mode: psk$" \
1781 -s "key exchange mode: psk_ephemeral" \
1782 -S "key exchange mode: ephemeral"
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1783
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1784requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1785requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1787requires_config_enabled MBEDTLS_SSL_SRV_C
1788requires_config_enabled MBEDTLS_DEBUG_C
1789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1790requires_config_enabled PSA_WANT_ALG_ECDH
1791requires_config_enabled PSA_WANT_ECC_SECP_R1_384
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1792run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
Przemek Stekiel45255e42023-06-29 13:56:36 +0200[diff] [blame]1793 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
Jerry Yu93706122022-09-21 22:44:24 +0800[diff] [blame]1794 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1795 0 \
1796 -s "write selected_group: secp384r1" \
1797 -s "HRR selected_group: secp384r1" \
1798 -S "key exchange mode: psk$" \
1799 -s "key exchange mode: psk_ephemeral" \
1800 -S "key exchange mode: ephemeral"
1801
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1802requires_gnutls_tls1_3
1803requires_gnutls_next_no_ticket
1804requires_gnutls_next_disable_tls13_compat
Gilles Peskine7b02c1f2024-09-13 14:15:46 +0200[diff] [blame^]1805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1806requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1807requires_config_enabled MBEDTLS_SSL_SRV_C
1808requires_config_enabled MBEDTLS_DEBUG_C
1809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1810requires_config_enabled PSA_WANT_ALG_ECDH
1811requires_config_enabled PSA_WANT_ECC_SECP_R1_384
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1812run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
Przemek Stekiel45255e42023-06-29 13:56:36 +0200[diff] [blame]1813 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
Jerry Yu93706122022-09-21 22:44:24 +0800[diff] [blame]1814 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
Jerry Yu2db49df2022-09-21 11:03:28 +0800[diff] [blame]1815 0 \
1816 -s "write selected_group: secp384r1" \
1817 -s "HRR selected_group: secp384r1" \
1818 -S "key exchange mode: psk$" \
1819 -s "key exchange mode: psk_ephemeral" \
1820 -S "key exchange mode: ephemeral"
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]1821
1822
1823# Add psk test cases for mbedtls client code
1824
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1825# MbedTls->MbedTLS kinds of tls13_kex_modes
1826# PSK mode in client
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]1827requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1828requires_config_enabled MBEDTLS_SSL_SRV_C
1829requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1831run_test "TLS 1.3: m->m: psk/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1832 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1833 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]1834 0 \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]1835 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1836 -c "client hello, adding psk_key_exchange_modes extension" \
1837 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]1838 -c "Selected key exchange mode: psk$" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]1839 -c "HTTP/1.0 200 OK"
1840
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1842requires_config_enabled MBEDTLS_SSL_SRV_C
1843requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1845run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1846 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1847 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1848 1 \
1849 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1850 -c "client hello, adding psk_key_exchange_modes extension" \
1851 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1852 -s "No usable PSK or ticket"
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1853
1854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1855requires_config_enabled MBEDTLS_SSL_SRV_C
1856requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1858run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1859 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1860 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1861 1 \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1862 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1863 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1864 -c "client hello, adding PSK binder list" \
1865 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1866
1867requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1868requires_config_enabled MBEDTLS_SSL_SRV_C
1869requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1872run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1873 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1874 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1875 1 \
1876 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1877 -c "client hello, adding psk_key_exchange_modes extension" \
1878 -c "client hello, adding PSK binder list" \
1879 -s "ClientHello message misses mandatory extensions."
1880
1881requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1882requires_config_enabled MBEDTLS_SSL_SRV_C
1883requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1885requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1886run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1887 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1888 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1889 1 \
1890 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1891 -c "client hello, adding psk_key_exchange_modes extension" \
1892 -c "client hello, adding PSK binder list" \
1893 -s "ClientHello message misses mandatory extensions."
1894
1895requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1896requires_config_enabled MBEDTLS_SSL_SRV_C
1897requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1901run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1902 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1903 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1904 1 \
1905 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1906 -c "client hello, adding psk_key_exchange_modes extension" \
1907 -c "client hello, adding PSK binder list" \
1908 -s "ClientHello message misses mandatory extensions."
1909
1910requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1911requires_config_enabled MBEDTLS_SSL_SRV_C
1912requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1915run_test "TLS 1.3: m->m: psk/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1916 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1917 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1918 0 \
1919 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1920 -c "client hello, adding psk_key_exchange_modes extension" \
1921 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]1922 -c "Selected key exchange mode: psk$" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1923 -c "HTTP/1.0 200 OK"
1924
1925requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1926requires_config_enabled MBEDTLS_SSL_SRV_C
1927requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1930run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1931 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1932 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1933 1 \
1934 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1935 -c "client hello, adding psk_key_exchange_modes extension" \
1936 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1937 -s "No usable PSK or ticket" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1938 -s "ClientHello message misses mandatory extensions."
1939
1940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1941requires_config_enabled MBEDTLS_SSL_SRV_C
1942requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1945run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1946 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1947 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1948 1 \
Xiaokang Qian89399302022-09-21 07:16:22 +0000[diff] [blame]1949 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1950 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qian89399302022-09-21 07:16:22 +0000[diff] [blame]1951 -c "client hello, adding PSK binder list" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1952 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1953
1954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1955requires_config_enabled MBEDTLS_SSL_SRV_C
1956requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]1960run_test "TLS 1.3: m->m: psk/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1961 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1962 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1963 0 \
1964 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1965 -c "client hello, adding psk_key_exchange_modes extension" \
1966 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]1967 -c "Selected key exchange mode: psk$" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1968 -c "HTTP/1.0 200 OK"
1969
1970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1971requires_config_enabled MBEDTLS_SSL_SRV_C
1972requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1973requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1976run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1977 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1978 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1979 1 \
1980 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1981 -c "client hello, adding psk_key_exchange_modes extension" \
1982 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]1983 -s "No usable PSK or ticket" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1984 -s "ClientHello message misses mandatory extensions."
1985
1986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1987requires_config_enabled MBEDTLS_SSL_SRV_C
1988requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]1989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]1992run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1993 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]1994 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1995 1 \
Xiaokang Qian89399302022-09-21 07:16:22 +0000[diff] [blame]1996 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]1997 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qian89399302022-09-21 07:16:22 +0000[diff] [blame]1998 -c "client hello, adding PSK binder list" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]1999 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2000
2001# psk_ephemeral mode in client
2002requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2003requires_config_enabled MBEDTLS_SSL_SRV_C
2004requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2007run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2008 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2009 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2010 1 \
2011 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2012 -c "client hello, adding psk_key_exchange_modes extension" \
2013 -c "client hello, adding PSK binder list" \
2014 -s "ClientHello message misses mandatory extensions."
2015
2016requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2017requires_config_enabled MBEDTLS_SSL_SRV_C
2018requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2020run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2021 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2022 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2023 0 \
2024 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2025 -c "client hello, adding psk_key_exchange_modes extension" \
2026 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2027 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2028 -c "HTTP/1.0 200 OK"
2029
2030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2031requires_config_enabled MBEDTLS_SSL_SRV_C
2032requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2034run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2035 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2036 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2037 1 \
2038 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2039 -c "client hello, adding psk_key_exchange_modes extension" \
2040 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2041 -s "No usable PSK or ticket" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2042 -s "ClientHello message misses mandatory extensions."
2043
2044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2045requires_config_enabled MBEDTLS_SSL_SRV_C
2046requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2047requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2048run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2049 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2050 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2051 1 \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2052 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2053 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2054 -c "client hello, adding PSK binder list" \
2055 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2056
2057requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2058requires_config_enabled MBEDTLS_SSL_SRV_C
2059requires_config_enabled MBEDTLS_SSL_CLI_C
Xiaokang Qian210727f2022-09-23 07:25:40 +0000[diff] [blame]2060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2063run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2064 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2065 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2066 1 \
2067 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2068 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qianac8195f2022-09-26 04:01:06 +0000[diff] [blame]2069 -c "client hello, adding PSK binder list"
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2070
2071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2072requires_config_enabled MBEDTLS_SSL_SRV_C
2073requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2076run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2077 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2078 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2079 0 \
2080 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2081 -c "client hello, adding psk_key_exchange_modes extension" \
2082 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2083 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2084 -c "HTTP/1.0 200 OK"
2085
2086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Xiaokang Qian210727f2022-09-23 07:25:40 +0000[diff] [blame]2087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2088requires_config_enabled MBEDTLS_SSL_SRV_C
2089requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2092run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2093 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2094 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2095 1 \
2096 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2097 -c "client hello, adding psk_key_exchange_modes extension" \
2098 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2099 -s "No usable PSK or ticket"
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2100
2101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2102requires_config_enabled MBEDTLS_SSL_SRV_C
2103requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2106run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2107 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2108 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2109 1 \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2110 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2111 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2112 -c "client hello, adding PSK binder list" \
2113 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2114
2115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2116requires_config_enabled MBEDTLS_SSL_SRV_C
2117requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2120run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2121 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2122 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2123 0 \
2124 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2125 -c "client hello, adding psk_key_exchange_modes extension" \
2126 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2127 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2128 -c "HTTP/1.0 200 OK"
2129
2130requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2131requires_config_enabled MBEDTLS_SSL_SRV_C
2132requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2135run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2136 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2137 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2138 1 \
2139 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2140 -c "client hello, adding psk_key_exchange_modes extension" \
2141 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2142 -s "No usable PSK or ticket" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2143 -s "ClientHello message misses mandatory extensions."
2144
2145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2146requires_config_enabled MBEDTLS_SSL_SRV_C
2147requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2149requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2150run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2151 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2152 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2153 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2154 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2155 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2156 -c "client hello, adding PSK binder list" \
2157 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2158
2159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2160requires_config_enabled MBEDTLS_SSL_SRV_C
2161requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2165run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2166 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2167 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2168 0 \
2169 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2170 -c "client hello, adding psk_key_exchange_modes extension" \
2171 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2172 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2173 -c "HTTP/1.0 200 OK"
2174
2175requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2176requires_config_enabled MBEDTLS_SSL_SRV_C
2177requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2181run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2182 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2183 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2184 1 \
2185 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2186 -c "client hello, adding psk_key_exchange_modes extension" \
2187 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2188 -s "No usable PSK or ticket" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2189
2190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2191requires_config_enabled MBEDTLS_SSL_SRV_C
2192requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2196run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2197 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2198 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2199 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2200 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2201 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2202 -c "client hello, adding PSK binder list" \
2203 -s "Invalid binder."
Xiaokang Qianf9b694b2022-08-25 08:48:51 +0000[diff] [blame]2204
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2205# ephemeral mode in client
2206requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2207requires_config_enabled MBEDTLS_SSL_SRV_C
2208requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2211run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2212 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2213 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2214 1 \
2215 -s "ClientHello message misses mandatory extensions."
2216
2217requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2218requires_config_enabled MBEDTLS_SSL_SRV_C
2219requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2222run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2223 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2224 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2225 1 \
2226 -s "ClientHello message misses mandatory extensions."
2227
2228requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2229requires_config_enabled MBEDTLS_SSL_SRV_C
2230requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2232run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2233 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2234 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2235 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2236 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2237 -c "HTTP/1.0 200 OK"
2238
2239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2240requires_config_enabled MBEDTLS_SSL_SRV_C
2241requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2244run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2245 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2246 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2247 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2248 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2249 -c "HTTP/1.0 200 OK"
2250
2251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2252requires_config_enabled MBEDTLS_SSL_SRV_C
2253requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2257run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2258 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2259 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2260 1 \
2261 -s "ClientHello message misses mandatory extensions."
2262
2263requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2264requires_config_enabled MBEDTLS_SSL_SRV_C
2265requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2269run_test "TLS 1.3: m->m: ephemeral/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2270 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2271 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2272 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2273 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2274 -c "HTTP/1.0 200 OK"
2275
2276# ephemeral_all mode in client
2277requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2278requires_config_enabled MBEDTLS_SSL_SRV_C
2279requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2283run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2284 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2285 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2286 1 \
2287 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2288 -c "client hello, adding psk_key_exchange_modes extension" \
2289 -c "client hello, adding PSK binder list" \
2290 -s "ClientHello message misses mandatory extensions."
2291
2292requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2293requires_config_enabled MBEDTLS_SSL_SRV_C
2294requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2297run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2298 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2299 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2300 0 \
2301 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2302 -c "client hello, adding psk_key_exchange_modes extension" \
2303 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2304 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2305 -c "HTTP/1.0 200 OK"
2306
2307requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2308requires_config_enabled MBEDTLS_SSL_SRV_C
2309requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2312run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2313 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2314 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
Xiaokang Qian210727f2022-09-23 07:25:40 +0000[diff] [blame]2315 1 \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2316 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2317 -c "client hello, adding psk_key_exchange_modes extension" \
2318 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2319 -s "No usable PSK or ticket"
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2320
2321requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2322requires_config_enabled MBEDTLS_SSL_SRV_C
2323requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2326run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2327 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2328 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2329 1 \
2330 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2331 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2332 -c "client hello, adding PSK binder list" \
2333 -s "Invalid binder."
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2334
2335requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2336requires_config_enabled MBEDTLS_SSL_SRV_C
2337requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2340run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2341 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2342 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2343 0 \
2344 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2345 -c "client hello, adding psk_key_exchange_modes extension" \
2346 -c "client hello, adding PSK binder list" \
2347 -s "key exchange mode: ephemeral" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2348 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2349 -c "HTTP/1.0 200 OK"
2350
2351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2352requires_config_enabled MBEDTLS_SSL_SRV_C
2353requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2356run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2357 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2358 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2359 0 \
2360 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2361 -c "client hello, adding psk_key_exchange_modes extension" \
2362 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2363 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2364 -c "HTTP/1.0 200 OK"
2365
2366requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2367requires_config_enabled MBEDTLS_SSL_SRV_C
2368requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2371run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2372 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2373 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2374 0 \
2375 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2376 -c "client hello, adding psk_key_exchange_modes extension" \
2377 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2378 -s "No usable PSK or ticket" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2379 -s "key exchange mode: ephemeral"
2380
2381requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2382requires_config_enabled MBEDTLS_SSL_SRV_C
2383requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qiana70bd912022-09-28 07:50:13 +0000[diff] [blame]2386run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2387 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2388 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2389 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2390 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2391 -c "client hello, adding psk_key_exchange_modes extension" \
2392 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2393 -s "Invalid binder."
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2394
2395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2396requires_config_enabled MBEDTLS_SSL_SRV_C
2397requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2401run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2402 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2403 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2404 0 \
2405 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2406 -c "client hello, adding psk_key_exchange_modes extension" \
2407 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2408 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2409 -c "HTTP/1.0 200 OK"
2410
2411requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2412requires_config_enabled MBEDTLS_SSL_SRV_C
2413requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2417run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2418 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2419 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2420 1 \
2421 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2422 -c "client hello, adding psk_key_exchange_modes extension" \
2423 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2424 -s "No usable PSK or ticket" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2425 -s "ClientHello message misses mandatory extensions."
2426
2427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2428requires_config_enabled MBEDTLS_SSL_SRV_C
2429requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2433run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2434 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2435 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2436 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2437 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2438 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2439 -c "client hello, adding PSK binder list" \
2440 -s "Invalid binder."
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2441
2442requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2443requires_config_enabled MBEDTLS_SSL_SRV_C
2444requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2448run_test "TLS 1.3: m->m: ephemeral_all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2449 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2450 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2451 0 \
2452 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2453 -c "client hello, adding psk_key_exchange_modes extension" \
2454 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2455 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2456 -c "HTTP/1.0 200 OK"
2457
2458requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2459requires_config_enabled MBEDTLS_SSL_SRV_C
2460requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2463requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2464run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2465 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2466 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2467 0 \
2468 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2469 -c "client hello, adding psk_key_exchange_modes extension" \
2470 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2471 -s "No usable PSK or ticket" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2472 -s "key exchange mode: ephemeral"
2473
2474requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2475requires_config_enabled MBEDTLS_SSL_SRV_C
2476requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2480run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2481 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2482 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2483 1 \
2484 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2485 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2486 -c "client hello, adding PSK binder list" \
2487 -s "Invalid binder."
Xiaokang Qianca48ddd2022-08-29 08:25:17 +0000[diff] [blame]2488
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2489# psk_all mode in client
2490requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2491requires_config_enabled MBEDTLS_SSL_SRV_C
2492requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2495run_test "TLS 1.3: m->m: psk_all/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2496 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2497 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2498 0 \
2499 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2500 -c "client hello, adding psk_key_exchange_modes extension" \
2501 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2502 -c "Selected key exchange mode: psk$" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2503 -c "HTTP/1.0 200 OK"
2504
2505requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2506requires_config_enabled MBEDTLS_SSL_SRV_C
2507requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2510run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2511 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2512 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2513 1 \
2514 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2515 -c "client hello, adding psk_key_exchange_modes extension" \
2516 -c "client hello, adding PSK binder list" \
2517 -s "ClientHello message misses mandatory extensions."
2518
2519requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2520requires_config_enabled MBEDTLS_SSL_SRV_C
2521requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2524run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2525 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2526 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2527 1 \
2528 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2529 -c "client hello, adding psk_key_exchange_modes extension" \
2530 -c "client hello, adding PSK binder list" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2531 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2532
2533requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2534requires_config_enabled MBEDTLS_SSL_SRV_C
2535requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2536requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2538run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2539 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2540 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2541 0 \
2542 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2543 -c "client hello, adding psk_key_exchange_modes extension" \
2544 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2545 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2546 -c "HTTP/1.0 200 OK"
2547
2548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2549requires_config_enabled MBEDTLS_SSL_SRV_C
2550requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2553run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2554 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2555 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2556 1 \
2557 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2558 -c "client hello, adding psk_key_exchange_modes extension" \
2559 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2560 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2561 -s "ClientHello message misses mandatory extensions."
2562
2563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2564requires_config_enabled MBEDTLS_SSL_SRV_C
2565requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2568run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2569 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qian954d5762022-09-26 08:40:10 +0000[diff] [blame]2570 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2571 1 \
Xiaokang Qian954d5762022-09-26 08:40:10 +0000[diff] [blame]2572 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2573 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qian954d5762022-09-26 08:40:10 +0000[diff] [blame]2574 -c "client hello, adding PSK binder list" \
2575 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2576
2577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2578requires_config_enabled MBEDTLS_SSL_SRV_C
2579requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2583run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2584 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2585 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2586 1 \
2587 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2588 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qianac8195f2022-09-26 04:01:06 +0000[diff] [blame]2589 -c "client hello, adding PSK binder list"
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2590
2591requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2592requires_config_enabled MBEDTLS_SSL_SRV_C
2593requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2595requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2597run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2598 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2599 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2600 0 \
2601 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2602 -c "client hello, adding psk_key_exchange_modes extension" \
2603 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2604 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2605 -c "HTTP/1.0 200 OK"
2606
2607requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2608requires_config_enabled MBEDTLS_SSL_SRV_C
2609requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2613run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2614 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2615 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2616 1 \
2617 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2618 -c "client hello, adding psk_key_exchange_modes extension" \
2619 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2620 -s "No usable PSK or ticket"
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2621
2622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2623requires_config_enabled MBEDTLS_SSL_SRV_C
2624requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qiana70bd912022-09-28 07:50:13 +0000[diff] [blame]2628run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2629 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2630 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2631 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2632 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2633 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2634 -c "client hello, adding PSK binder list" \
2635 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2636
2637requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2638requires_config_enabled MBEDTLS_SSL_SRV_C
2639requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2642run_test "TLS 1.3: m->m: psk_all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2643 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2644 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2645 0 \
2646 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2647 -c "client hello, adding psk_key_exchange_modes extension" \
2648 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2649 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2650 -c "HTTP/1.0 200 OK"
2651
2652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2653requires_config_enabled MBEDTLS_SSL_SRV_C
2654requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2657run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2658 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2659 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2660 1 \
2661 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2662 -c "client hello, adding psk_key_exchange_modes extension" \
2663 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2664 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2665 -s "ClientHello message misses mandatory extensions."
2666
2667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2668requires_config_enabled MBEDTLS_SSL_SRV_C
2669requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2672run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2673 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2674 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2675 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2676 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2677 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2678 -c "client hello, adding PSK binder list" \
2679 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2680
2681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2682requires_config_enabled MBEDTLS_SSL_SRV_C
2683requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2687run_test "TLS 1.3: m->m: psk_all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2688 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2689 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2690 0 \
2691 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2692 -c "client hello, adding psk_key_exchange_modes extension" \
2693 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2694 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2695 -c "HTTP/1.0 200 OK"
2696
2697requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2698requires_config_enabled MBEDTLS_SSL_SRV_C
2699requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2703run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2704 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2705 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2706 1 \
2707 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2708 -c "client hello, adding psk_key_exchange_modes extension" \
2709 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2710 -s "No usable PSK or ticket"
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2711
2712requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2713requires_config_enabled MBEDTLS_SSL_SRV_C
2714requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2715requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2718run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2719 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2720 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2721 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2722 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2723 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2724 -c "client hello, adding PSK binder list" \
2725 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2726
2727# all mode in client
2728requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2729requires_config_enabled MBEDTLS_SSL_SRV_C
2730requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2734run_test "TLS 1.3: m->m: all/psk, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2735 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2736 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2737 0 \
2738 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2739 -c "client hello, adding psk_key_exchange_modes extension" \
2740 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2741 -c "Selected key exchange mode: psk$" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2742 -c "HTTP/1.0 200 OK"
2743
2744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2745requires_config_enabled MBEDTLS_SSL_SRV_C
2746requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2747requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2749requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2750run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2751 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2752 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2753 1 \
2754 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2755 -c "client hello, adding psk_key_exchange_modes extension" \
2756 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2757 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2758 -s "ClientHello message misses mandatory extensions."
2759
2760requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2761requires_config_enabled MBEDTLS_SSL_SRV_C
2762requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2766run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2767 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2768 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2769 1 \
2770 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2771 -c "client hello, adding psk_key_exchange_modes extension" \
2772 -c "client hello, adding PSK binder list" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2773 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2774
2775requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2776requires_config_enabled MBEDTLS_SSL_SRV_C
2777requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2779requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2781run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2782 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2783 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2784 0 \
2785 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2786 -c "client hello, adding psk_key_exchange_modes extension" \
2787 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2788 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2789 -c "HTTP/1.0 200 OK"
2790
2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2792requires_config_enabled MBEDTLS_SSL_SRV_C
2793requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2797run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2798 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2799 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2800 1 \
2801 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2802 -c "client hello, adding psk_key_exchange_modes extension" \
2803 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2804 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2805 -s "ClientHello message misses mandatory extensions."
2806
2807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2808requires_config_enabled MBEDTLS_SSL_SRV_C
2809requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2813run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2814 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2815 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2816 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2817 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2818 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2819 -c "client hello, adding PSK binder list" \
2820 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2821
2822requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2823requires_config_enabled MBEDTLS_SSL_SRV_C
2824requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2827requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2828run_test "TLS 1.3: m->m: all/ephemeral, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2829 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2830 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2831 0 \
2832 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2833 -c "client hello, adding psk_key_exchange_modes extension" \
2834 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2835 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2836 -c "HTTP/1.0 200 OK"
2837
2838requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2839requires_config_enabled MBEDTLS_SSL_SRV_C
2840requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2842requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2843requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2844run_test "TLS 1.3: m->m: all/ephemeral_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2845 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2846 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2847 0 \
2848 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2849 -c "client hello, adding psk_key_exchange_modes extension" \
2850 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2851 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2852 -c "HTTP/1.0 200 OK"
2853
2854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2855requires_config_enabled MBEDTLS_SSL_SRV_C
2856requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2860run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2861 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2862 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2863 0 \
2864 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2865 -c "client hello, adding psk_key_exchange_modes extension" \
2866 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2867 -s "No usable PSK or ticket" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2868 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2869 -c "HTTP/1.0 200 OK"
2870
2871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2872requires_config_enabled MBEDTLS_SSL_SRV_C
2873requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2877run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2878 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2879 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2880 1 \
2881 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2882 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2883 -c "client hello, adding PSK binder list" \
2884 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2885
2886requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2887requires_config_enabled MBEDTLS_SSL_SRV_C
2888requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2889requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2892run_test "TLS 1.3: m->m: all/psk_all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2893 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2894 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2895 0 \
2896 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2897 -c "client hello, adding psk_key_exchange_modes extension" \
2898 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2899 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2900 -c "HTTP/1.0 200 OK"
2901
2902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2903requires_config_enabled MBEDTLS_SSL_SRV_C
2904requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2905requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2908run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2909 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2910 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2911 1 \
2912 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2913 -c "client hello, adding psk_key_exchange_modes extension" \
2914 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2915 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2916 -s "ClientHello message misses mandatory extensions."
2917
2918requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2919requires_config_enabled MBEDTLS_SSL_SRV_C
2920requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2921requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2922requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2923requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2924run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2925 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2926 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2927 1 \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2928 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2929 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2930 -c "client hello, adding PSK binder list" \
2931 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2932
2933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2934requires_config_enabled MBEDTLS_SSL_SRV_C
2935requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2938requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2939run_test "TLS 1.3: m->m: all/all, good" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2940 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2941 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2942 0 \
2943 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2944 -c "client hello, adding psk_key_exchange_modes extension" \
2945 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2946 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2947 -c "HTTP/1.0 200 OK"
2948
2949requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2950requires_config_enabled MBEDTLS_SSL_SRV_C
2951requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2955run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2956 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiancffb18c2022-09-13 01:58:07 +0000[diff] [blame]2957 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2958 0 \
2959 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2960 -c "client hello, adding psk_key_exchange_modes extension" \
2961 -c "client hello, adding PSK binder list" \
Ronald Croncf284562024-02-16 18:54:10 +0100[diff] [blame]2962 -s "No usable PSK or ticket" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2963 -s "key exchange mode: ephemeral"
2964
2965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2966requires_config_enabled MBEDTLS_SSL_SRV_C
2967requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian9c172042022-09-27 11:41:50 +0000[diff] [blame]2971run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2972 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2973 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2974 1 \
2975 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2976 -c "client hello, adding psk_key_exchange_modes extension" \
Xiaokang Qiandea2cbe2022-09-22 11:07:28 +0000[diff] [blame]2977 -c "client hello, adding PSK binder list" \
2978 -s "Invalid binder."
Xiaokang Qian8e76e1d2022-08-29 10:11:14 +0000[diff] [blame]2979
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]2980#OPENSSL-SERVER psk mode
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]2981requires_openssl_tls1_3
2982requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2984requires_config_enabled MBEDTLS_DEBUG_C
2985requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]2986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]2987run_test "TLS 1.3: m->O: psk/all, good" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]2988 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2989 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]2990 0 \
2991 -c "=> write client hello" \
2992 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2993 -c "client hello, adding psk_key_exchange_modes extension" \
2994 -c "client hello, adding PSK binder list" \
2995 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]2996 -c "Selected key exchange mode: psk$" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]2997 -c "HTTP/1.0 200 ok"
2998
2999requires_openssl_tls1_3
3000requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3002requires_config_enabled MBEDTLS_DEBUG_C
3003requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3005run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]3006 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
Ronald Cron2ea36af2022-10-17 09:37:16 +0200[diff] [blame]3007 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qiane0cc5842022-08-25 06:17:36 +0000[diff] [blame]3008 1 \
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]3009 -c "=> write client hello" \
3010 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3011 -c "client hello, adding psk_key_exchange_modes extension" \
3012 -c "client hello, adding PSK binder list" \
3013 -c "<= write client hello" \
Xiaokang Qiane0cc5842022-08-25 06:17:36 +0000[diff] [blame]3014 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
Xiaokang Qiancf6442e2022-08-23 06:47:40 +0000[diff] [blame]3015
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3016#OPENSSL-SERVER psk_all mode
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3017requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3018requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3020requires_config_enabled MBEDTLS_DEBUG_C
3021requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3024run_test "TLS 1.3: m->O: psk_all/all, good" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3025 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3026 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3027 0 \
3028 -c "=> write client hello" \
3029 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3030 -c "client hello, adding psk_key_exchange_modes extension" \
3031 -c "client hello, adding PSK binder list" \
3032 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3033 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3034 -c "HTTP/1.0 200 ok"
3035
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3036requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3037requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3039requires_config_enabled MBEDTLS_DEBUG_C
3040requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3041requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3043run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3044 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
Ronald Cron2ea36af2022-10-17 09:37:16 +0200[diff] [blame]3045 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3046 0 \
3047 -c "=> write client hello" \
3048 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3049 -c "client hello, adding psk_key_exchange_modes extension" \
3050 -c "client hello, adding PSK binder list" \
3051 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3052 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian73894232022-08-23 08:06:34 +0000[diff] [blame]3053 -c "HTTP/1.0 200 ok"
3054
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3055#OPENSSL-SERVER psk_ephemeral mode
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3056requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3057requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3059requires_config_enabled MBEDTLS_DEBUG_C
3060requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3062run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3063 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3064 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3065 0 \
3066 -c "=> write client hello" \
3067 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3068 -c "client hello, adding psk_key_exchange_modes extension" \
3069 -c "client hello, adding PSK binder list" \
3070 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3071 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3072 -c "HTTP/1.0 200 ok"
3073
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3074requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3075requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3077requires_config_enabled MBEDTLS_DEBUG_C
3078requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3079requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3080run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3081 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
Ronald Cron2ea36af2022-10-17 09:37:16 +0200[diff] [blame]3082 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3083 0 \
3084 -c "=> write client hello" \
3085 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3086 -c "client hello, adding psk_key_exchange_modes extension" \
3087 -c "client hello, adding PSK binder list" \
3088 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3089 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qianff5705b2022-08-24 03:18:31 +0000[diff] [blame]3090 -c "HTTP/1.0 200 ok"
3091
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3092#OPENSSL-SERVER ephemeral mode
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3093requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3096requires_config_enabled MBEDTLS_DEBUG_C
3097requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3098requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3099run_test "TLS 1.3: m->O: ephemeral/all, good" \
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3100 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3101 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3102 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3103 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3104 -c "HTTP/1.0 200 ok"
3105
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3106requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3107requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3109requires_config_enabled MBEDTLS_DEBUG_C
3110requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3112run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3113 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
3114 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
3115 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3116 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian01173c22022-08-24 06:29:05 +0000[diff] [blame]3117 -c "HTTP/1.0 200 ok"
3118
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3119#OPENSSL-SERVER ephemeral_all mode
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3120requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3121requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3123requires_config_enabled MBEDTLS_DEBUG_C
3124requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3127run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3128 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3129 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3130 0 \
3131 -c "=> write client hello" \
3132 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3133 -c "client hello, adding psk_key_exchange_modes extension" \
3134 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3135 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3136 -c "<= write client hello" \
3137 -c "HTTP/1.0 200 ok"
3138
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3139requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3142requires_config_enabled MBEDTLS_DEBUG_C
3143requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3146run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3147 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
3148 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
3149 0 \
3150 -c "=> write client hello" \
3151 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3152 -c "client hello, adding psk_key_exchange_modes extension" \
3153 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3154 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiana39d0d52022-08-24 06:48:07 +0000[diff] [blame]3155 -c "<= write client hello" \
3156 -c "HTTP/1.0 200 ok"
3157
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3158#OPENSSL-SERVER all mode
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3159requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3162requires_config_enabled MBEDTLS_DEBUG_C
3163requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3167run_test "TLS 1.3: m->O: all/all, good" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3168 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3169 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3170 0 \
3171 -c "=> write client hello" \
3172 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3173 -c "client hello, adding psk_key_exchange_modes extension" \
3174 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3175 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3176 -c "<= write client hello" \
3177 -c "HTTP/1.0 200 ok"
3178
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]3179requires_openssl_tls1_3_with_compatible_ephemeral
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3180requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3182requires_config_enabled MBEDTLS_DEBUG_C
3183requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3184requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3187run_test "TLS 1.3: m->O: all/ephemeral_all, good" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3188 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
3189 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
3190 0 \
3191 -c "=> write client hello" \
3192 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3193 -c "client hello, adding psk_key_exchange_modes extension" \
3194 -c "client hello, adding PSK binder list" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3195 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3196 -c "<= write client hello" \
3197 -c "HTTP/1.0 200 ok"
3198
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3199#GNUTLS-SERVER psk mode
3200requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3201requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3202requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3203requires_config_enabled MBEDTLS_DEBUG_C
3204requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3206run_test "TLS 1.3: m->G: psk/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3207 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3208 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3209 0 \
3210 -c "=> write client hello" \
3211 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3212 -c "client hello, adding psk_key_exchange_modes extension" \
3213 -c "client hello, adding PSK binder list" \
3214 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3215 -s "Parsing extension 'Pre Shared Key/41'" \
3216 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3217 -c "Selected key exchange mode: psk$" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3218 -c "HTTP/1.0 200 OK"
3219
3220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3221requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3223requires_config_enabled MBEDTLS_DEBUG_C
3224requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3226run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3227 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3228 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3229 1 \
3230 -c "=> write client hello" \
3231 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3232 -c "client hello, adding psk_key_exchange_modes extension" \
3233 -c "client hello, adding PSK binder list" \
3234 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3235 -s "Parsing extension 'Pre Shared Key/41'" \
3236 -c "<= write client hello" \
3237 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
3238
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3239#GNUTLS-SERVER psk_all mode
3240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3241requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3243requires_config_enabled MBEDTLS_DEBUG_C
3244requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3245requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3247run_test "TLS 1.3: m->G: psk_all/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3248 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3249 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3250 0 \
3251 -c "=> write client hello" \
3252 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3253 -c "client hello, adding psk_key_exchange_modes extension" \
3254 -c "client hello, adding PSK binder list" \
3255 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3256 -s "Parsing extension 'Pre Shared Key/41'" \
3257 -c "<= write client hello" \
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3258 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3259 -c "HTTP/1.0 200 OK"
3260
3261requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3262requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3264requires_config_enabled MBEDTLS_DEBUG_C
3265requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3268run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3269 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3270 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3271 0 \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3272 -c "=> write client hello" \
3273 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3274 -c "client hello, adding psk_key_exchange_modes extension" \
3275 -c "client hello, adding PSK binder list" \
3276 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3277 -s "Parsing extension 'Pre Shared Key/41'" \
3278 -c "<= write client hello" \
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3279 -c "Selected key exchange mode: psk_ephemeral" \
3280 -c "HTTP/1.0 200 OK"
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3281
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3282#GNUTLS-SERVER psk_ephemeral mode
3283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3284requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3286requires_config_enabled MBEDTLS_DEBUG_C
3287requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3289run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3290 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3291 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3292 0 \
3293 -c "=> write client hello" \
3294 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3295 -c "client hello, adding psk_key_exchange_modes extension" \
3296 -c "client hello, adding PSK binder list" \
3297 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3298 -s "Parsing extension 'Pre Shared Key/41'" \
3299 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3300 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3301 -c "HTTP/1.0 200 OK"
3302
3303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3304requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3306requires_config_enabled MBEDTLS_DEBUG_C
3307requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3309run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3310 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3311 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3312 0 \
3313 -c "=> write client hello" \
3314 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3315 -c "client hello, adding psk_key_exchange_modes extension" \
3316 -c "client hello, adding PSK binder list" \
3317 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3318 -s "Parsing extension 'Pre Shared Key/41'" \
3319 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3320 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3321 -c "HTTP/1.0 200 OK"
3322
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3323#GNUTLS-SERVER ephemeral mode
3324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3325requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3327requires_config_enabled MBEDTLS_DEBUG_C
3328requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3330run_test "TLS 1.3: m->G: ephemeral/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3331 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3332 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3333 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3334 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3335 -c "HTTP/1.0 200 OK"
3336
3337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3338requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3340requires_config_enabled MBEDTLS_DEBUG_C
3341requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3342requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3343run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3344 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3345 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3346 0 \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3347 -c "Selected key exchange mode: ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3348 -c "HTTP/1.0 200 OK"
3349
3350#GNUTLS-SERVER ephemeral_all mode
3351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3352requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3354requires_config_enabled MBEDTLS_DEBUG_C
3355requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3358run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3359 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3360 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3361 0 \
3362 -c "=> write client hello" \
3363 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3364 -c "client hello, adding psk_key_exchange_modes extension" \
3365 -c "client hello, adding PSK binder list" \
3366 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3367 -s "Parsing extension 'Pre Shared Key/41'" \
3368 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3369 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3370 -c "HTTP/1.0 200 OK"
3371
3372requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3373requires_gnutls_tls1_3
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3375requires_config_enabled MBEDTLS_DEBUG_C
3376requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3379run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3380 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3381 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3382 0 \
3383 -c "=> write client hello" \
3384 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3385 -c "client hello, adding psk_key_exchange_modes extension" \
3386 -c "client hello, adding PSK binder list" \
3387 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3388 -s "Parsing extension 'Pre Shared Key/41'" \
3389 -c "<= write client hello" \
Xiaokang Qianca343ae2022-09-28 02:07:54 +0000[diff] [blame]3390 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qian2aaf1c12022-08-30 09:18:59 +0000[diff] [blame]3391 -c "HTTP/1.0 200 OK"
3392
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3393#GNUTLS-SERVER all mode
3394requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3395requires_gnutls_tls1_3
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3397requires_config_enabled MBEDTLS_DEBUG_C
3398requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3402run_test "TLS 1.3: m->G: all/all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3403 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3404 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3405 0 \
3406 -c "=> write client hello" \
3407 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3408 -c "client hello, adding psk_key_exchange_modes extension" \
3409 -c "client hello, adding PSK binder list" \
3410 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3411 -s "Parsing extension 'Pre Shared Key/41'" \
3412 -c "<= write client hello" \
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3413 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3414 -c "HTTP/1.0 200 OK"
3415
3416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3417requires_gnutls_tls1_3
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3419requires_config_enabled MBEDTLS_DEBUG_C
3420requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron59625842022-10-17 10:36:34 +0200[diff] [blame]3421requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Xiaokang Qian8f7d7c72022-09-07 10:10:16 +0000[diff] [blame]3424run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
David Horstmanndcf18dd2024-06-11 17:44:00 +0100[diff] [blame]3425 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3426 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3427 0 \
3428 -c "=> write client hello" \
3429 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3430 -c "client hello, adding psk_key_exchange_modes extension" \
3431 -c "client hello, adding PSK binder list" \
3432 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3433 -s "Parsing extension 'Pre Shared Key/41'" \
3434 -c "<= write client hello" \
Ronald Crona709a0f2022-09-27 16:46:11 +0200[diff] [blame]3435 -c "Selected key exchange mode: psk_ephemeral" \
Xiaokang Qiandf6a3892022-08-24 06:55:18 +0000[diff] [blame]3436 -c "HTTP/1.0 200 OK"