TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fc76718dcd745bc5ba9f610e6f5563feb1174f97 / . / tests / opt-testcases / tls13-misc.sh
blob: 17beab67a1fc241130bc439639f59c6f6f7d6e8e [file] [log] [blame]
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]1#!/bin/sh
2
3# tls13-misc.sh
4#
5# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]7#
8
9requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12requires_config_enabled MBEDTLS_SSL_SRV_C
13requires_config_enabled MBEDTLS_DEBUG_C
14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
15
16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
20 localhost" \
21 1 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "No matched ciphersuite"
27
28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
31requires_config_enabled MBEDTLS_SSL_SRV_C
32requires_config_enabled MBEDTLS_DEBUG_C
33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
34
35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
39 1 \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No matched ciphersuite"
45
46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]52 0 \
53 -c "Pre-configured PSK number = 2" \
54 -s "sent selected_identity: 0" \
55 -s "key exchange mode: psk_ephemeral" \
56 -S "key exchange mode: psk$" \
57 -S "key exchange mode: ephemeral$" \
58 -S "ticket is not authentic"
59
60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]66 0 \
67 -c "Pre-configured PSK number = 2" \
68 -s "sent selected_identity: 1" \
69 -s "key exchange mode: psk_ephemeral" \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: ephemeral$" \
72 -s "ticket is not authentic"
73
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]74requires_gnutls_tls1_3
75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
81 localhost" \
82 1 \
83 -s "found psk key exchange modes extension" \
84 -s "found pre_shared_key extension" \
85 -s "Found PSK_EPHEMERAL KEX MODE" \
86 -S "Found PSK KEX MODE" \
87 -S "key exchange mode: psk$" \
88 -S "key exchange mode: psk_ephemeral" \
89 -S "key exchange mode: ephemeral"
90
91requires_gnutls_tls1_3
92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
101 localhost" \
102 0 \
103 -s "found psk key exchange modes extension" \
104 -s "found pre_shared_key extension" \
105 -s "Found PSK_EPHEMERAL KEX MODE" \
106 -s "Found PSK KEX MODE" \
107 -s "key exchange mode: psk$"
108
109requires_gnutls_tls1_3
110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
119 localhost" \
120 0 \
121 -s "found psk key exchange modes extension" \
122 -s "found pre_shared_key extension" \
123 -s "Found PSK_EPHEMERAL KEX MODE" \
124 -s "Found PSK KEX MODE" \
125 -s "key exchange mode: psk_ephemeral$"
126
127requires_gnutls_tls1_3
128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
137 localhost" \
138 0 \
139 -s "key exchange mode: ephemeral$"
140
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]141requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
142 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
143 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
144 MBEDTLS_DEBUG_C \
145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
146requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]148run_test "TLS 1.3 m->m: resumption" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]149 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]150 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]151 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]152 -c "Protocol is TLSv1.3" \
153 -c "Saving session for reuse... ok" \
154 -c "Reconnecting with saved session... ok" \
155 -c "HTTP/1.0 200 OK" \
156 -s "Protocol is TLSv1.3" \
157 -s "key exchange mode: psk" \
158 -s "Select PSK ciphersuite"
159
160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
161 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
162 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
163 MBEDTLS_DEBUG_C \
164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
167run_test "TLS 1.3 m->m: resumption with servername" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]168 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
169 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]170 "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \
171 0 \
172 -c "Protocol is TLSv1.3" \
173 -c "Saving session for reuse... ok" \
174 -c "Reconnecting with saved session... ok" \
175 -c "HTTP/1.0 200 OK" \
176 -s "Protocol is TLSv1.3" \
177 -s "key exchange mode: psk" \
178 -s "Select PSK ciphersuite"
179
180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
181 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
182 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
183 MBEDTLS_DEBUG_C \
184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
185requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
187run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]188 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]189 "$P_CLI reco_mode=1 reconnect=1" \
190 0 \
191 -c "Protocol is TLSv1.3" \
192 -c "Saving session for reuse... ok" \
193 -c "Reconnecting with saved session... ok" \
194 -c "HTTP/1.0 200 OK" \
195 -s "Protocol is TLSv1.3" \
196 -s "key exchange mode: psk" \
197 -s "Select PSK ciphersuite"
198
199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
200 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
201 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
202 MBEDTLS_DEBUG_C \
203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
204requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
205 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]206requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
207run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]208 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]209 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
210 0 \
211 -c "Protocol is TLSv1.3" \
212 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
213 -c "Saving session for reuse... ok" \
214 -c "Reconnecting with saved session... ok" \
215 -c "HTTP/1.0 200 OK" \
216 -s "Protocol is TLSv1.3" \
217 -s "key exchange mode: psk" \
218 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
219
220requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
221 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
222 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
223 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
225requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
227run_test "TLS 1.3 m->m: resumption with early data" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]228 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]229 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
230 0 \
231 -c "Protocol is TLSv1.3" \
232 -c "Saving session for reuse... ok" \
233 -c "Reconnecting with saved session" \
234 -c "HTTP/1.0 200 OK" \
235 -c "received max_early_data_size" \
236 -c "NewSessionTicket: early_data(42) extension received." \
237 -c "ClientHello: early_data(42) extension exists." \
238 -c "EncryptedExtensions: early_data(42) extension received." \
239 -c "bytes of early data written" \
240 -C "0 bytes of early data written" \
241 -s "Protocol is TLSv1.3" \
242 -s "key exchange mode: psk" \
243 -s "Select PSK ciphersuite" \
244 -s "Sent max_early_data_size" \
245 -s "NewSessionTicket: early_data(42) extension exists." \
246 -s "ClientHello: early_data(42) extension exists." \
247 -s "EncryptedExtensions: early_data(42) extension exists." \
248 -s "early data bytes read"
249
250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
251 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
252 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
253 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
255requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
257requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
258run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]259 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]260 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
261 0 \
262 -c "Protocol is TLSv1.3" \
263 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
264 -c "Saving session for reuse... ok" \
265 -c "Reconnecting with saved session" \
266 -c "HTTP/1.0 200 OK" \
267 -c "received max_early_data_size" \
268 -c "NewSessionTicket: early_data(42) extension received." \
269 -c "ClientHello: early_data(42) extension exists." \
270 -c "EncryptedExtensions: early_data(42) extension received." \
271 -c "bytes of early data written" \
272 -C "0 bytes of early data written" \
273 -s "Protocol is TLSv1.3" \
274 -s "key exchange mode: psk" \
275 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
276 -s "Sent max_early_data_size" \
277 -s "NewSessionTicket: early_data(42) extension exists." \
278 -s "ClientHello: early_data(42) extension exists." \
279 -s "EncryptedExtensions: early_data(42) extension exists." \
280 -s "early data bytes read"
281
282requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
283 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
284 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
285 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
287requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
288 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
289run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]290 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]291 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
292 0 \
293 -c "Protocol is TLSv1.3" \
294 -c "Saving session for reuse... ok" \
295 -c "Reconnecting with saved session" \
296 -c "HTTP/1.0 200 OK" \
297 -C "received max_early_data_size" \
298 -C "NewSessionTicket: early_data(42) extension received." \
299 -C "ClientHello: early_data(42) extension exists." \
300 -C "EncryptedExtensions: early_data(42) extension received." \
301 -c "0 bytes of early data written" \
302 -s "Protocol is TLSv1.3" \
303 -s "key exchange mode: psk" \
304 -s "Select PSK ciphersuite" \
305 -S "Sent max_early_data_size" \
306 -S "NewSessionTicket: early_data(42) extension exists." \
307 -S "ClientHello: early_data(42) extension exists." \
308 -S "EncryptedExtensions: early_data(42) extension exists." \
309 -S "early data bytes read"
310
311requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
312 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
313 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
314 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
316requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
317 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
318run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]319 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]320 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
321 0 \
322 -c "Protocol is TLSv1.3" \
323 -c "Saving session for reuse... ok" \
324 -c "Reconnecting with saved session" \
325 -c "HTTP/1.0 200 OK" \
326 -C "received max_early_data_size" \
327 -C "NewSessionTicket: early_data(42) extension received." \
328 -C "ClientHello: early_data(42) extension exists." \
329 -C "EncryptedExtensions: early_data(42) extension received." \
330 -c "0 bytes of early data written" \
331 -s "Protocol is TLSv1.3" \
332 -s "key exchange mode: psk" \
333 -s "Select PSK ciphersuite" \
334 -S "Sent max_early_data_size" \
335 -S "NewSessionTicket: early_data(42) extension exists." \
336 -S "ClientHello: early_data(42) extension exists." \
337 -S "EncryptedExtensions: early_data(42) extension exists." \
338 -S "early data bytes read"
339
340requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
341 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
342 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
343 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
345requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
347run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]348 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]349 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
350 0 \
351 -c "Protocol is TLSv1.3" \
352 -c "Saving session for reuse... ok" \
353 -c "Reconnecting with saved session" \
354 -c "HTTP/1.0 200 OK" \
355 -c "received max_early_data_size" \
356 -c "NewSessionTicket: early_data(42) extension received." \
357 -C "ClientHello: early_data(42) extension exists." \
358 -C "EncryptedExtensions: early_data(42) extension received." \
359 -C "bytes of early data written" \
360 -s "Protocol is TLSv1.3" \
361 -s "key exchange mode: psk" \
362 -s "Select PSK ciphersuite" \
363 -s "Sent max_early_data_size" \
364 -s "NewSessionTicket: early_data(42) extension exists." \
365 -S "ClientHello: early_data(42) extension exists." \
366 -S "EncryptedExtensions: early_data(42) extension exists." \
367 -S "early data bytes read"
368
369requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
370 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
371 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
372 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
374requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
375 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
376run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]377 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]378 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
379 0 \
380 -c "Protocol is TLSv1.3" \
381 -c "Saving session for reuse... ok" \
382 -c "Reconnecting with saved session" \
383 -c "HTTP/1.0 200 OK" \
384 -c "received max_early_data_size" \
385 -c "NewSessionTicket: early_data(42) extension received." \
386 -C "ClientHello: early_data(42) extension exists." \
387 -C "EncryptedExtensions: early_data(42) extension received." \
388 -C "bytes of early data written" \
389 -s "Protocol is TLSv1.3" \
390 -s "key exchange mode: psk" \
391 -s "Select PSK ciphersuite" \
392 -s "Sent max_early_data_size" \
393 -s "NewSessionTicket: early_data(42) extension exists." \
394 -S "ClientHello: early_data(42) extension exists." \
395 -S "EncryptedExtensions: early_data(42) extension exists." \
396 -S "early data bytes read"
397
398requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
399 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
400 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
401 MBEDTLS_DEBUG_C \
402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
403requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
404 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]405run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]406 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]407 "$P_CLI reco_mode=1 reconnect=1" \
408 1 \
409 -c "Protocol is TLSv1.3" \
410 -C "Saving session for reuse... ok" \
411 -c "Reconnecting with saved session... failed" \
412 -S "Protocol is TLSv1.3" \
413 -S "key exchange mode: psk" \
414 -S "Select PSK ciphersuite" \
415 -s "Ticket lifetime (604801) is greater than 7 days."
416
417requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
418 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
419 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
420 MBEDTLS_DEBUG_C \
421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
422requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
423 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
424run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]425 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]426 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
427 1 \
428 -c "Protocol is TLSv1.3" \
429 -C "Saving session for reuse... ok" \
430 -c "Discard new session ticket" \
431 -c "Reconnecting with saved session... failed" \
432 -s "Protocol is TLSv1.3" \
433 -S "key exchange mode: psk" \
434 -S "Select PSK ciphersuite"
435
436requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
437 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
438 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
439 MBEDTLS_DEBUG_C \
440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
441requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
442 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
443run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]444 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
445 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]446 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
447 1 \
448 -c "Protocol is TLSv1.3" \
449 -c "Saving session for reuse... ok" \
450 -c "Reconnecting with saved session" \
451 -c "Hostname mismatch the session ticket, disable session resumption." \
452 -s "Protocol is TLSv1.3" \
453 -S "key exchange mode: psk" \
454 -S "Select PSK ciphersuite"
455
456requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
457 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
458 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
459 MBEDTLS_DEBUG_C \
460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
461requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
462 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
463run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]464 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]465 "$P_CLI reco_mode=1 reconnect=1" \
466 0 \
467 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]468 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]469 -s "Protocol is TLSv1.3" \
470 -c "Saving session for reuse... ok" \
471 -c "Reconnecting with saved session" \
472 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]473 -s "ticket is not authentic" \
474 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]475 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]476 -S "Ticket age exceeds limitation" \
477 -S "Ticket age outside tolerance window"
478
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]479requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
480 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
481 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
482 MBEDTLS_DEBUG_C \
483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
484requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]485 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]486run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]487 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]488 "$P_CLI reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]489 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]490 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]491 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]492 -s "Protocol is TLSv1.3" \
493 -c "Saving session for reuse... ok" \
494 -c "Reconnecting with saved session" \
495 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]496 -S "ticket is not authentic" \
497 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]498 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]499 -S "Ticket age exceeds limitation" \
500 -S "Ticket age outside tolerance window"
501
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
503 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
504 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
505 MBEDTLS_DEBUG_C \
506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
507requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]508 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]509run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]510 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]511 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
512 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]513 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]514 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]515 -s "Protocol is TLSv1.3" \
516 -c "Saving session for reuse... ok" \
517 -c "Reconnecting with saved session" \
518 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]519 -S "ticket is not authentic" \
520 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]521 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]522 -S "Ticket age exceeds limitation" \
523 -S "Ticket age outside tolerance window"
524
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]525requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
526 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
527 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
528 MBEDTLS_DEBUG_C \
529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
530requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]531 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]532run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]533 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]534 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
535 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]536 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]537 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]538 -s "Protocol is TLSv1.3" \
539 -c "Saving session for reuse... ok" \
540 -c "Reconnecting with saved session" \
541 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]542 -S "ticket is not authentic" \
543 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]544 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]545 -s "Ticket age exceeds limitation" \
546 -S "Ticket age outside tolerance window"
547
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]548requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
549 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
550 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
551 MBEDTLS_DEBUG_C \
552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
553requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]554 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]555run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]556 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]557 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
558 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]559 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]560 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]561 -s "Protocol is TLSv1.3" \
562 -c "Saving session for reuse... ok" \
563 -c "Reconnecting with saved session" \
564 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]565 -S "ticket is not authentic" \
566 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]567 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]568 -S "Ticket age exceeds limitation" \
569 -s "Ticket age outside tolerance window"
570
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]571requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
572 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
573 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
574 MBEDTLS_DEBUG_C \
575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
576requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]577 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]578run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]579 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]580 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
581 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]582 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]583 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]584 -s "Protocol is TLSv1.3" \
585 -c "Saving session for reuse... ok" \
586 -c "Reconnecting with saved session" \
587 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]588 -S "ticket is not authentic" \
589 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]590 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]591 -S "Ticket age exceeds limitation" \
592 -s "Ticket age outside tolerance window"
593
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]594requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
595 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
596 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
597 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]599 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]600run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]601 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]602 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
603 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]604 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]605 -s "key exchange mode: ephemeral" \
606 -S "key exchange mode: psk_ephemeral" \
607 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]608 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]609 -s "No suitable PSK key exchange mode" \
610 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]611
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]612requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
613 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
614 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
615 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]616 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
617 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]618run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]619 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]620 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
621 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]622 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]623 -s "key exchange mode: ephemeral" \
624 -S "key exchange mode: psk_ephemeral" \
625 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]626 -s "found matched identity" \
627 -S "No suitable PSK key exchange mode" \
628 -S "No usable PSK or ticket"
629
630requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
631 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
632 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
633 MBEDTLS_DEBUG_C \
634 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
635 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
636run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]637 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]638 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
639 0 \
640 -c "Protocol is TLSv1.3" \
641 -s "key exchange mode: ephemeral" \
642 -S "key exchange mode: psk_ephemeral" \
643 -S "key exchange mode: psk$" \
644 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]645 -s "No suitable PSK key exchange mode" \
646 -s "No usable PSK or ticket"
647
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]648requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
649 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
650 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
651 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]652 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
653 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]654run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]655 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]656 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
657 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]658 -c "Protocol is TLSv1.3" \
659 -s "key exchange mode: ephemeral" \
660 -S "key exchange mode: psk_ephemeral" \
661 -S "key exchange mode: psk$" \
662 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]663 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]664 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]665
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]666requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
667 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
668 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
669 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]670 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]671 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]672run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]673 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]674 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
675 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]676 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]677 -s "key exchange mode: ephemeral" \
678 -S "key exchange mode: psk_ephemeral" \
679 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]680 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]681 -s "No suitable PSK key exchange mode" \
682 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]683
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]684requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
685 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
686 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
687 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]688 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
689 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]690run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]691 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]692 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
693 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]694 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]695 -s "key exchange mode: ephemeral" \
696 -S "key exchange mode: psk_ephemeral" \
697 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]698 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]699 -s "No suitable PSK key exchange mode" \
700 -s "No usable PSK or ticket"
701
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]702requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
703 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
704 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
705 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]706 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
707 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]708run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]709 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]710 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
711 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]712 -c "Protocol is TLSv1.3" \
713 -s "key exchange mode: ephemeral" \
714 -s "key exchange mode: psk_ephemeral" \
715 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]716 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]717 -S "No suitable PSK key exchange mode" \
718 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]719
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]720requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
721 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
722 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
723 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]724 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
725 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]726run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]727 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]728 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
729 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]730 -c "Protocol is TLSv1.3" \
731 -s "key exchange mode: ephemeral" \
732 -s "key exchange mode: psk_ephemeral" \
733 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]734 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]735 -S "No suitable PSK key exchange mode" \
736 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]737
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]738requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
739 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
740 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
741 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
743 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
744 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]745run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]746 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]747 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
748 0 \
749 -c "Pre-configured PSK number = 1" \
750 -S "sent selected_identity:" \
751 -s "key exchange mode: ephemeral" \
752 -S "key exchange mode: psk_ephemeral" \
753 -S "key exchange mode: psk$" \
754 -s "No suitable PSK key exchange mode" \
755 -s "No usable PSK or ticket"
756
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]757requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
758 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
759 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
760 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
763 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]764run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]765 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]766 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
767 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]768 -c "Protocol is TLSv1.3" \
769 -s "key exchange mode: ephemeral" \
770 -S "key exchange mode: psk_ephemeral" \
771 -S "key exchange mode: psk$" \
772 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]773 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]774 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]775
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]776requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
777 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
778 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
779 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
781 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]783run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]784 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]785 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
786 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]787 -c "Protocol is TLSv1.3" \
788 -s "key exchange mode: ephemeral" \
789 -s "key exchange mode: psk_ephemeral" \
790 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]791 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]792 -S "No suitable PSK key exchange mode" \
793 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]794
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]795requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
796 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
797 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
798 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
800 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
801 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]802run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]803 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]804 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
805 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]806 -c "Protocol is TLSv1.3" \
807 -s "key exchange mode: ephemeral" \
808 -s "key exchange mode: psk_ephemeral" \
809 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]810 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]811 -S "No suitable PSK key exchange mode" \
812 -S "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]813
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]814requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]815requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]816 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]817 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
818 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
819requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
820 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
821run_test "TLS 1.3 m->O: resumption" \
822 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
823 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]824 0 \
825 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]826 -c "Saving session for reuse... ok" \
827 -c "Reconnecting with saved session... ok" \
828 -c "HTTP/1.0 200 ok"
829
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]830requires_openssl_tls1_3_with_compatible_ephemeral
831requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
832 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
833 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
834requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
835run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
836 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
837 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
838 1 \
839 -c "Protocol is TLSv1.3" \
840 -C "Saving session for reuse... ok" \
841 -C "Reconnecting with saved session... ok" \
842 -c "Ignore NewSessionTicket, not supported."
843
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]844requires_openssl_tls1_3_with_compatible_ephemeral
845requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
846 MBEDTLS_SSL_SESSION_TICKETS \
847 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
848 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
849run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled" \
850 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
851 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
852 1 \
853 -c "Protocol is TLSv1.3" \
854 -C "Saving session for reuse... ok" \
855 -C "Reconnecting with saved session... ok" \
856 -c "Ignore NewSessionTicket, disabled."
857
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]858# No early data m->O tests for the time being. The option -early_data is needed
859# to enable early data on OpenSSL server and it is not compatible with the
860# -www option we usually use for testing with OpenSSL server (see
861# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
862# ephemeral then ticket based scenario we use for early data testing the first
863# handshake fails. The following skipped test is here to illustrate the kind
864# of testing we would like to do.
865skip_next_test
866requires_openssl_tls1_3_with_compatible_ephemeral
867requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
868 MBEDTLS_SSL_EARLY_DATA \
869 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
870 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
871requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
872 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
873run_test "TLS 1.3 m->O: resumption with early data" \
874 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
875 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
876 0 \
877 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]878 -c "Saving session for reuse... ok" \
879 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]880 -c "HTTP/1.0 200 OK" \
881 -c "received max_early_data_size: 16384" \
882 -c "NewSessionTicket: early_data(42) extension received." \
883 -c "ClientHello: early_data(42) extension exists." \
884 -c "EncryptedExtensions: early_data(42) extension received." \
885 -c "bytes of early data written" \
886 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]887
888requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]889requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]890 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]891 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
892 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
893requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
894 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
895run_test "TLS 1.3 m->G: resumption" \
896 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
897 "$P_CLI reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]898 0 \
899 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]900 -c "Saving session for reuse... ok" \
901 -c "Reconnecting with saved session... ok" \
902 -c "HTTP/1.0 200 OK"
903
904requires_gnutls_tls1_3
905requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]906 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
907 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
908requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
909run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
910 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
911 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
912 1 \
913 -c "Protocol is TLSv1.3" \
914 -C "Saving session for reuse... ok" \
915 -C "Reconnecting with saved session... ok" \
916 -c "Ignore NewSessionTicket, not supported."
917
918requires_gnutls_tls1_3
919requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]920 MBEDTLS_SSL_SESSION_TICKETS \
921 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
922 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
923run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled" \
924 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
925 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
926 1 \
927 -c "Protocol is TLSv1.3" \
928 -C "Saving session for reuse... ok" \
929 -C "Reconnecting with saved session... ok" \
930 -c "Ignore NewSessionTicket, disabled."
931
932requires_gnutls_tls1_3
933requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]934 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]935 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
936 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
937requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
938 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
939requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
940run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
941 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
942 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
943 0 \
944 -c "Protocol is TLSv1.3" \
945 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
946 -c "Saving session for reuse... ok" \
947 -c "Reconnecting with saved session... ok" \
948 -c "HTTP/1.0 200 OK"
949
950requires_gnutls_tls1_3
951requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
952 MBEDTLS_SSL_EARLY_DATA \
953 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
954 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
955requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
956 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
957run_test "TLS 1.3 m->G: resumption with early data" \
958 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
959 --earlydata --maxearlydata 16384" \
960 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
961 0 \
962 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]963 -c "Saving session for reuse... ok" \
964 -c "Reconnecting with saved session" \
965 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]966 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]967 -c "NewSessionTicket: early_data(42) extension received." \
968 -c "ClientHello: early_data(42) extension exists." \
969 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]970 -c "bytes of early data written" \
971 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]972
973requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]974requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
975 MBEDTLS_SSL_EARLY_DATA \
976 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
977 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]978requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
979 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]980requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
981run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
982 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
983 --earlydata --maxearlydata 16384" \
984 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]985 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]986 -c "Protocol is TLSv1.3" \
987 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
988 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]989 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]990 -c "HTTP/1.0 200 OK" \
991 -c "received max_early_data_size: 16384" \
992 -c "NewSessionTicket: early_data(42) extension received." \
993 -c "ClientHello: early_data(42) extension exists." \
994 -c "EncryptedExtensions: early_data(42) extension received." \
995 -c "bytes of early data written" \
996 -s "decrypted early data with length:"
997
998requires_gnutls_tls1_3
999requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1000 MBEDTLS_SSL_EARLY_DATA \
1001 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1002 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1003requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1004 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1005run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
1006 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
1007 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
1008 0 \
1009 -c "Protocol is TLSv1.3" \
1010 -c "Saving session for reuse... ok" \
1011 -c "Reconnecting with saved session" \
1012 -c "HTTP/1.0 200 OK" \
1013 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1014 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1015
1016requires_gnutls_tls1_3
1017requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1018 MBEDTLS_SSL_EARLY_DATA \
1019 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1020 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1021requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1022 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1023run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
1024 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1025 --earlydata --maxearlydata 16384" \
1026 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
1027 0 \
1028 -c "Protocol is TLSv1.3" \
1029 -c "Saving session for reuse... ok" \
1030 -c "Reconnecting with saved session" \
1031 -c "HTTP/1.0 200 OK" \
1032 -c "received max_early_data_size: 16384" \
1033 -c "NewSessionTicket: early_data(42) extension received." \
1034 -C "ClientHello: early_data(42) extension exists." \
1035
1036requires_gnutls_tls1_3
1037requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1038 MBEDTLS_SSL_EARLY_DATA \
1039 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1040 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1041requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1042 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1043run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
1044 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1045 --earlydata --maxearlydata 16384" \
1046 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
1047 0 \
1048 -c "Protocol is TLSv1.3" \
1049 -c "Saving session for reuse... ok" \
1050 -c "Reconnecting with saved session" \
1051 -c "HTTP/1.0 200 OK" \
1052 -c "received max_early_data_size: 16384" \
1053 -c "NewSessionTicket: early_data(42) extension received." \
1054 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1055
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1056requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1057requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
1058 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1059 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1060requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1061 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1062# https://github.com/openssl/openssl/issues/10714
1063# Until now, OpenSSL client does not support reconnect.
1064skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1065run_test "TLS 1.3 O->m: resumption" \
1066 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1067 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
1068 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1069 -s "Protocol is TLSv1.3" \
1070 -s "key exchange mode: psk" \
1071 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1072
1073requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1074requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1075 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1076 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1077 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1078requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1079 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1080run_test "TLS 1.3 G->m: resumption" \
1081 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1082 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1083 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1084 -s "Protocol is TLSv1.3" \
1085 -s "key exchange mode: psk" \
1086 -s "Select PSK ciphersuite"
1087
1088requires_gnutls_tls1_3
1089requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1090 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1091 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1092 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1093requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1094 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1095requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1096# Test the session resumption when the cipher suite for the original session is
1097# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
1098# 256 bits long as with all the other TLS 1.3 cipher suites.
1099run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
1100 "$P_SRV debug_level=2 tickets=1" \
1101 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
1102 0 \
1103 -s "Protocol is TLSv1.3" \
1104 -s "key exchange mode: psk" \
1105 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1106
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1107EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
1108EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
1109
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1110requires_gnutls_tls1_3
1111requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1112 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1113 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1115requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1116 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1117run_test "TLS 1.3 G->m: resumption with early data" \
1118 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1119 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1120 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1121 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1122 -s "Protocol is TLSv1.3" \
1123 -s "key exchange mode: psk" \
1124 -s "Select PSK ciphersuite" \
1125 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1126 -s "NewSessionTicket: early_data(42) extension exists." \
1127 -s "ClientHello: early_data(42) extension exists." \
1128 -s "EncryptedExtensions: early_data(42) extension exists." \
1129 -s "$( head -1 $EARLY_DATA_INPUT )" \
1130 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1131 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1132 -s "106 early data bytes read"
1133
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1134requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1135requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1136 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1137 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1138 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1139requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1140 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1141requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1142run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
1143 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1144 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
1145 --earlydata $EARLY_DATA_INPUT" \
1146 0 \
1147 -s "Protocol is TLSv1.3" \
1148 -s "key exchange mode: psk" \
1149 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
1150 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1151 -s "NewSessionTicket: early_data(42) extension exists." \
1152 -s "ClientHello: early_data(42) extension exists." \
1153 -s "EncryptedExtensions: early_data(42) extension exists." \
1154 -s "$( head -1 $EARLY_DATA_INPUT )" \
1155 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1156 -s "200 early data bytes read" \
1157 -s "106 early data bytes read"
1158
1159# The Mbed TLS server does not allow early data for the ticket it sends but
1160# the GnuTLS indicates early data anyway when resuming with the ticket and
1161# sends early data. The Mbed TLS server does not expect early data in
1162# association with the ticket thus it eventually fails the resumption
1163# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1164# specification and thus its behavior may change in following versions.
1165requires_gnutls_tls1_3
1166requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1167 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1168 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1169 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1170requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1171 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1172run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
1173 "$P_SRV debug_level=4 tickets=1" \
1174 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1175 --earlydata $EARLY_DATA_INPUT" \
1176 1 \
1177 -s "Protocol is TLSv1.3" \
1178 -s "key exchange mode: psk" \
1179 -s "Select PSK ciphersuite" \
1180 -S "Sent max_early_data_size" \
1181 -S "NewSessionTicket: early_data(42) extension exists." \
1182 -s "ClientHello: early_data(42) extension exists." \
1183 -s "EarlyData: rejected, feature disabled in server configuration." \
1184 -S "EncryptedExtensions: early_data(42) extension exists." \
1185 -s "EarlyData: deprotect and discard app data records" \
1186 -s "EarlyData: Too much early data received"
1187
1188# The Mbed TLS server does not allow early data for the ticket it sends but
1189# the GnuTLS indicates early data anyway when resuming with the ticket and
1190# sends early data. The Mbed TLS server does not expect early data in
1191# association with the ticket thus it eventually fails the resumption
1192# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1193# specification and thus its behavior may change in following versions.
1194requires_gnutls_tls1_3
1195requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1196 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1197 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1198 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1199requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1200 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1201run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
1202 "$P_SRV debug_level=4 tickets=1 early_data=0" \
1203 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1204 --earlydata $EARLY_DATA_INPUT" \
1205 1 \
1206 -s "Protocol is TLSv1.3" \
1207 -s "key exchange mode: psk" \
1208 -s "Select PSK ciphersuite" \
1209 -S "Sent max_early_data_size" \
1210 -S "NewSessionTicket: early_data(42) extension exists." \
1211 -s "ClientHello: early_data(42) extension exists." \
1212 -s "EarlyData: rejected, feature disabled in server configuration." \
1213 -S "EncryptedExtensions: early_data(42) extension exists." \
1214 -s "EarlyData: deprotect and discard app data records" \
1215 -s "EarlyData: Too much early data received"
1216
1217requires_gnutls_tls1_3
1218requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1219 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1220 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1221 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1222requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1223 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1224run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
1225 "$P_SRV debug_level=4 tickets=1 early_data=1" \
1226 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1227 0 \
1228 -s "Protocol is TLSv1.3" \
1229 -s "key exchange mode: psk" \
1230 -s "Select PSK ciphersuite" \
1231 -s "Sent max_early_data_size" \
1232 -s "NewSessionTicket: early_data(42) extension exists." \
1233 -S "ClientHello: early_data(42) extension exists." \
1234 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1235
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1236requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
1237 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
1238 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
1239 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1240 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1241run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]1242 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Ronald Crone14770f2024-03-08 08:57:36 +0100[diff] [blame]1243 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1244 0 \
1245 -s "key exchange mode: ephemeral" \
1246 -S "key exchange mode: psk" \
1247 -s "found matched identity" \
1248 -s "EarlyData: rejected, not a session resumption" \
1249 -C "EncryptedExtensions: early_data(42) extension exists."