mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 01:26:49 +00:00
Merge pull request #9136 from gilles-peskine-arm/ssl-opt-server2-detection-3.6
Backport 3.6: Fix skipped tests in configurations without RSA
This commit is contained in:
commit
281aa2ea6f
2
ChangeLog.d/pk-norsa-warning.txt
Normal file
2
ChangeLog.d/pk-norsa-warning.txt
Normal file
@ -0,0 +1,2 @@
|
||||
Bugfix
|
||||
* Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
|
@ -277,6 +277,11 @@ The same holds for the associated algorithm:
|
||||
`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
|
||||
removing builtin support (i.e. `MBEDTLS_DHM_C`).
|
||||
|
||||
Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
|
||||
Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer
|
||||
of Mbed TLS only supports DHE cipher suites if built-in FFDH
|
||||
(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
|
||||
|
||||
RSA
|
||||
---
|
||||
|
||||
|
@ -868,7 +868,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t key_type;
|
||||
psa_algorithm_t alg_type;
|
||||
size_t key_bits;
|
||||
/* Use a buffer size large enough to contain either a key pair or public key. */
|
||||
unsigned char exp_key[PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE];
|
||||
@ -899,7 +898,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
|
||||
}
|
||||
key_bits = psa_get_key_bits(&key_attr);
|
||||
alg_type = psa_get_key_algorithm(&key_attr);
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if ((key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||
@ -919,6 +917,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
psa_algorithm_t alg_type = psa_get_key_algorithm(&key_attr);
|
||||
mbedtls_md_type_t md_type = MBEDTLS_MD_NONE;
|
||||
if (PSA_ALG_GET_HASH(alg_type) != PSA_ALG_ANY_HASH) {
|
||||
md_type = mbedtls_md_type_from_psa_alg(alg_type);
|
||||
|
@ -468,6 +468,12 @@ KNOWN_TASKS = {
|
||||
'bignum.generated', 'bignum.misc',
|
||||
],
|
||||
'ignored_tests': {
|
||||
'ssl-opt': [
|
||||
# DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
|
||||
# (because it needs custom groups, which PSA does not
|
||||
# provide), even with MBEDTLS_USE_PSA_CRYPTO.
|
||||
re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
|
||||
],
|
||||
'test_suite_platform': [
|
||||
# Incompatible with sanitizers (e.g. ASan). If the driver
|
||||
# component uses a sanitizer but the reference component
|
||||
|
311
tests/ssl-opt.sh
311
tests/ssl-opt.sh
@ -70,6 +70,32 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl"
|
||||
|
||||
# alternative versions of OpenSSL and GnuTLS (no default path)
|
||||
|
||||
# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well.
|
||||
if [ -z "${OPENSSL_NEXT:-}" ]; then
|
||||
case $($OPENSSL version) in
|
||||
OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;;
|
||||
OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well.
|
||||
if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then
|
||||
case $($GNUTLS_CLI --version) in
|
||||
gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
|
||||
gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
|
||||
gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well.
|
||||
if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||
case $($GNUTLS_SERV --version) in
|
||||
gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
|
||||
gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
|
||||
gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||
O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key"
|
||||
@ -443,9 +469,9 @@ detect_required_features() {
|
||||
esac
|
||||
|
||||
case "$CMD_LINE" in
|
||||
*server5*|\
|
||||
*server7*|\
|
||||
*dir-maxpath*)
|
||||
*/server5*|\
|
||||
*/server7*|\
|
||||
*/dir-maxpath*)
|
||||
if [ "$TLS_VERSION" = "TLS13" ]; then
|
||||
# In case of TLS13 the support for ECDSA is enough
|
||||
requires_pk_alg "ECDSA"
|
||||
@ -477,9 +503,15 @@ detect_required_features() {
|
||||
esac
|
||||
|
||||
case "$CMD_LINE" in
|
||||
*server2*|\
|
||||
*server7*)
|
||||
# server2 and server7 certificates use RSA encryption
|
||||
*/server1*|\
|
||||
*/server2*|\
|
||||
*/server7*)
|
||||
# Certificates with an RSA key. The algorithm requirement is
|
||||
# some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature,
|
||||
# PSS signature}. We can't easily tell which subset works, and
|
||||
# we aren't currently running ssl-opt.sh in configurations
|
||||
# where partial RSA support is a problem, so generically, we
|
||||
# just require RSA and it works out for our tests so far.
|
||||
requires_config_enabled "MBEDTLS_RSA_C"
|
||||
esac
|
||||
|
||||
@ -494,9 +526,10 @@ requires_certificate_authentication () {
|
||||
|
||||
adapt_cmd_for_psk () {
|
||||
case "$2" in
|
||||
*openssl*) s='-psk abc123 -nocert';;
|
||||
*gnutls-*) s='--pskkey=abc123';;
|
||||
*) s='psk=abc123';;
|
||||
*openssl*s_server*) s='-psk 73776f726466697368 -nocert';;
|
||||
*openssl*) s='-psk 73776f726466697368';;
|
||||
*gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';;
|
||||
*) s='psk=73776f726466697368';;
|
||||
esac
|
||||
eval $1='"$2 $s"'
|
||||
unset s
|
||||
@ -2449,9 +2482,9 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: RSA-PSK" \
|
||||
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
|
||||
psk=abc123 psk_identity=foo" \
|
||||
psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk=abc123 psk_identity=foo" \
|
||||
psk=73776f726466697368 psk_identity=foo" \
|
||||
0 \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-RSA-PSK-" \
|
||||
@ -2698,12 +2731,14 @@ run_test "Context-specific CRT verification callback" \
|
||||
-C "error"
|
||||
|
||||
# Tests for SHA-1 support
|
||||
requires_hash_alg SHA_1
|
||||
run_test "SHA-1 forbidden by default in server certificate" \
|
||||
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||
"$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
|
||||
1 \
|
||||
-c "The certificate is signed with an unacceptable hash"
|
||||
|
||||
requires_hash_alg SHA_1
|
||||
run_test "SHA-1 explicitly allowed in server certificate" \
|
||||
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||
"$P_CLI force_version=tls12 allow_sha1=1" \
|
||||
@ -2714,17 +2749,23 @@ run_test "SHA-256 allowed by default in server certificate" \
|
||||
"$P_CLI force_version=tls12 allow_sha1=0" \
|
||||
0
|
||||
|
||||
requires_hash_alg SHA_1
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
run_test "SHA-1 forbidden by default in client certificate" \
|
||||
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
|
||||
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
|
||||
1 \
|
||||
-s "The certificate is signed with an unacceptable hash"
|
||||
|
||||
requires_hash_alg SHA_1
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
run_test "SHA-1 explicitly allowed in client certificate" \
|
||||
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
|
||||
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
|
||||
0
|
||||
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "SHA-256 allowed by default in client certificate" \
|
||||
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
|
||||
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
|
||||
@ -3820,7 +3861,7 @@ run_test "Session resume using tickets: openssl server" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
||||
run_test "Session resume using tickets: openssl client" \
|
||||
"$P_SRV debug_level=3 tickets=1" \
|
||||
"$P_SRV force_version=tls12 debug_level=3 tickets=1" \
|
||||
"( $O_CLI -sess_out $SESSION; \
|
||||
$O_CLI -sess_in $SESSION; \
|
||||
rm -f $SESSION )" \
|
||||
@ -5626,6 +5667,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
|
||||
# Test for the "secure renegotiation" extension only (no actual renegotiation)
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server strict, client default" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
|
||||
@ -5636,6 +5678,7 @@ run_test "Renego ext: gnutls server strict, client default" \
|
||||
-c "HTTP/1.0 200 [Oo][Kk]"
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server unsafe, client default" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
@ -5646,6 +5689,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \
|
||||
-c "HTTP/1.0 200 [Oo][Kk]"
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server unsafe, client break legacy" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
@ -5656,28 +5700,31 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \
|
||||
-C "HTTP/1.0 200 [Oo][Kk]"
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls client strict, server default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
|
||||
"$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension"
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls client unsafe, server default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
"$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||
-S "server hello, secure renegotiation extension"
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls client unsafe, server break legacy" \
|
||||
"$P_SRV debug_level=3 allow_legacy=-1" \
|
||||
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
"$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
1 \
|
||||
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||
-S "server hello, secure renegotiation extension"
|
||||
@ -7789,7 +7836,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
@ -7799,7 +7846,7 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
@ -7807,8 +7854,8 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
|
||||
"$P_SRV debug_level=1 auth_mode=required" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
"$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
|
||||
"$O_CLI -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
1 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
@ -7817,7 +7864,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.ku-ds.crt" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
@ -7827,7 +7874,7 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.ku-ka.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
@ -8004,7 +8051,7 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cli.crt" \
|
||||
0 \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
@ -8013,7 +8060,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-srv_cli.crt" \
|
||||
0 \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
@ -8022,7 +8069,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cs_any.crt" \
|
||||
0 \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
@ -8031,7 +8078,7 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
|
||||
"$P_SRV debug_level=1 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cs.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
@ -8040,7 +8087,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
|
||||
"$P_SRV debug_level=1 auth_mode=required" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
"$O_CLI -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cs.crt" \
|
||||
1 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
@ -8183,9 +8230,9 @@ run_test "DHM size: server default, client 2049, rejected" \
|
||||
# Tests for PSK callback
|
||||
|
||||
run_test "PSK callback: psk, no callback" \
|
||||
"$P_SRV psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
@ -8193,9 +8240,9 @@ run_test "PSK callback: psk, no callback" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8205,9 +8252,9 @@ run_test "PSK callback: opaque psk on client, no callback" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8217,9 +8264,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8229,9 +8276,9 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8241,9 +8288,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8253,9 +8300,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8265,9 +8312,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8277,9 +8324,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8289,9 +8336,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8301,9 +8348,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8313,9 +8360,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8325,9 +8372,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8337,9 +8384,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque dhe-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8349,9 +8396,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8361,9 +8408,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8373,9 +8420,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8385,9 +8432,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8397,9 +8444,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8409,10 +8456,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8422,10 +8469,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8435,9 +8482,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8447,9 +8494,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8459,10 +8506,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8472,10 +8519,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8485,9 +8532,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8497,9 +8544,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8509,10 +8556,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8522,10 +8569,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8535,9 +8582,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8547,9 +8594,9 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
@ -8559,10 +8606,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8572,10 +8619,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
@ -8785,7 +8832,7 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
@ -8797,7 +8844,7 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
@ -8809,7 +8856,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
@ -8821,7 +8868,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
@ -8833,7 +8880,7 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
1 \
|
||||
@ -8842,16 +8889,16 @@ run_test "PSK callback: raw psk on client, matching opaque PSK on server, wro
|
||||
run_test "PSK callback: no psk, no callback" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
1 \
|
||||
-s "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: callback overrides other settings" \
|
||||
"$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
|
||||
"$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \
|
||||
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
1 \
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-s "SSL - Unknown identity received" \
|
||||
@ -9069,11 +9116,25 @@ run_test "ECJPAKE: working, DTLS, nolog" \
|
||||
|
||||
# Test for ClientHello without extensions
|
||||
|
||||
# Without extensions, ECC is impossible (no curve negotiation).
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions" \
|
||||
run_test "ClientHello without extensions: RSA" \
|
||||
"$P_SRV force_version=tls12 debug_level=3" \
|
||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "Ciphersuite is .*-RSA-WITH-.*" \
|
||||
-S "Ciphersuite is .*-EC.*" \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions: PSK" \
|
||||
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
|
||||
"$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
|
||||
0 \
|
||||
-s "Ciphersuite is .*-PSK-.*" \
|
||||
-S "Ciphersuite is .*-EC.*" \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
||||
# Tests for mbedtls_ssl_get_bytes_avail()
|
||||
@ -9683,9 +9744,9 @@ run_test "SSL async private: decrypt, delay=1" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
|
||||
"$P_SRV psk=abc123 \
|
||||
"$P_SRV psk=73776f726466697368 \
|
||||
async_operations=d async_private_delay1=0 async_private_delay2=0" \
|
||||
"$P_CLI psk=abc123 \
|
||||
"$P_CLI psk=73776f726466697368 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-s "Async decrypt callback: using key slot " \
|
||||
@ -9693,9 +9754,9 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
|
||||
"$P_SRV psk=abc123 \
|
||||
"$P_SRV psk=73776f726466697368 \
|
||||
async_operations=d async_private_delay1=1 async_private_delay2=1" \
|
||||
"$P_CLI psk=abc123 \
|
||||
"$P_CLI psk=73776f726466697368 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-s "Async decrypt callback: using key slot " \
|
||||
@ -10145,8 +10206,8 @@ run_test "DTLS client auth: none, client has no cert" \
|
||||
-s "! Certificate verification was skipped"
|
||||
|
||||
run_test "DTLS wrong PSK: badmac alert" \
|
||||
"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI dtls=1 psk=abc124" \
|
||||
"$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI dtls=1 psk=73776f726466697374" \
|
||||
1 \
|
||||
-s "SSL - Verification of the message MAC failed" \
|
||||
-c "SSL - A fatal alert message was received from our peer"
|
||||
@ -11914,8 +11975,8 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
|
||||
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
|
||||
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
|
||||
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
|
||||
"$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
|
||||
"$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
|
||||
0 \
|
||||
-s "Buffer record from epoch 1" \
|
||||
-s "Found buffered record from current epoch - load" \
|
||||
@ -11929,8 +11990,8 @@ client_needs_more_time 2
|
||||
run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
psk=73776f726466697368" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
-s "Extra-header:" \
|
||||
@ -12005,8 +12066,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C
|
||||
run_test "DTLS proxy: 3d, min handshake, resumption" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 debug_level=3" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
psk=73776f726466697368 debug_level=3" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
@ -12020,8 +12081,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C
|
||||
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 debug_level=3 nbio=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
psk=73776f726466697368 debug_level=3 nbio=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
|
||||
0 \
|
||||
@ -12035,8 +12096,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 renegotiation=1 debug_level=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
psk=73776f726466697368 renegotiation=1 debug_level=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
renegotiate=1 debug_level=2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
@ -12050,8 +12111,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 renegotiation=1 debug_level=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
psk=73776f726466697368 renegotiation=1 debug_level=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
renegotiate=1 debug_level=2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
@ -12065,9 +12126,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
|
||||
psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
|
||||
debug_level=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
renegotiation=1 exchanges=4 debug_level=2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
@ -12081,9 +12142,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
|
||||
psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
|
||||
debug_level=2 nbio=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
|
||||
renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
@ -14062,8 +14123,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \
|
||||
"$P_SRV nbio=2 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \
|
||||
"$P_CLI nbio=2 debug_level=3 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
||||
"$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \
|
||||
"$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \
|
||||
0 \
|
||||
-C "received HelloRetryRequest message" \
|
||||
-c "Selected key exchange mode: psk$" \
|
||||
|
Loading…
x
Reference in New Issue
Block a user