mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl-opt.sh: Expand m->G resumption and early data tests

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-03-05 16:34:51 +01:00
parent c893779bb5
commit 05210086c0
1 changed files with 120 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
tests/opt-testcases/tls13-misc.sh
View File

@ -269,64 +269,142 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
-c "HTTP/1.0 200 ok" -c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
requires_config_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ run_test "TLS 1.3 m->G: resumption" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ "$P_CLI reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session... ok" \
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session... ok" \
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
MBEDTLS_SSL_EARLY_DATA \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption with early data" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
"$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \ -c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-s "This is a resumed session"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \
--earlydata --maxearlydata 16384 --disable-client-cert" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
0 \
-c "received max_early_data_size: 16384" \ -c "received max_early_data_size: 16384" \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \ -c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \ -c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \ -c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension exists." \ -c "bytes of early data written" \
-c "<= write EndOfEarlyData" \ -s "decrypted early data with length:"
-s "Parsing extension 'Early Data/42' (0 bytes)" \
-s "Sending extension Early Data/42 (0 bytes)" \
-s "END OF EARLY DATA (5) was received." \
-s "early data accepted"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
requires_config_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_EARLY_DATA \
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size: 16384" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "bytes of early data written" \
-s "decrypted early data with length:"
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
MBEDTLS_SSL_EARLY_DATA \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
"$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-C "received max_early_data_size: 16384" \
-C "NewSessionTicket: early_data(42) extension received." \ -C "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension does not exist." \
-C "EncryptedExtensions: early_data(42) extension received." \ requires_gnutls_tls1_3
-C "EncryptedExtensions: early_data(42) extension exists." requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
MBEDTLS_SSL_EARLY_DATA \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size: 16384" \
-c "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
MBEDTLS_SSL_EARLY_DATA \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
"$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size: 16384" \
-c "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS