mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-09 15:40:19 +00:00
edc8f35ed3
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is no longer required, except in test
cases that are specifically about it. This commit removes the requirement on
all test cases except those whose description contains "middlebox".
Exclude tls13-compat.sh which is automatically generated and will be handled
in a separate commit.
```
perl -0777 -i -pe '
# With -0777, we act on the whole file.
# s[REGEXP][EXPR]gm replaces every occurrence of REGEXP by EXPR.
# The regexp matches "requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE",
# followed by zero or more non-empty lines, followed by a line starting
# with "run_test" and not containing "middlebox".
# The replacement is everything matched except the first line.
s[^requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE\n((?:.+\n)*run_test (?!.*middlebox))]
[$1]gm' tests/ssl-opt.sh tests/opt-testcases/tls13-kex-modes.sh tests/opt-testcases/tls13-misc.sh
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
3326 lines
179 KiB
Bash
3326 lines
179 KiB
Bash
# Systematic testing of TLS 1.3 key exchange modes.
|
|
|
|
# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
|
|
# scripts in future(#6280)
|
|
|
|
# Copyright The Mbed TLS Contributors
|
|
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
#
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk, good" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-s "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-s "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_all, good" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-s "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No suitable PSK key exchange mode" \
|
|
-S "Pre shared key found" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/all, good" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No suitable PSK key exchange mode" \
|
|
-S "Pre shared key found" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
|
|
localhost" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-S "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "write selected_group: secp256r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "write selected_group: secp384r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "write selected_group: secp521r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "write selected_group: x25519" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \
|
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
|
localhost" \
|
|
0 \
|
|
-s "write selected_group: x448" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk, good" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-s "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_all, good" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/all, good" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-S "Found PSK KEX MODE" \
|
|
-s "No suitable PSK key exchange mode" \
|
|
-S "Pre shared key found" \
|
|
-s "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Pre shared key found" \
|
|
-S "No usable PSK or ticket" \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
|
|
1 \
|
|
-s "found psk key exchange modes extension" \
|
|
-s "found pre_shared_key extension" \
|
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
|
-s "Found PSK KEX MODE" \
|
|
-s "Invalid binder." \
|
|
-S "key exchange mode: psk$" \
|
|
-S "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_SECP_R1_256
|
|
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "write selected_group: secp256r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_SECP_R1_384
|
|
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "write selected_group: secp384r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_SECP_R1_521
|
|
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "write selected_group: secp521r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
|
|
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "write selected_group: x25519" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448
|
|
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
|
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
|
|
-psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
|
|
0 \
|
|
-s "write selected_group: x448" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_SECP_R1_384
|
|
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
|
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
|
|
0 \
|
|
-s "write selected_group: secp384r1" \
|
|
-s "HRR selected_group: secp384r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
requires_gnutls_tls1_3
|
|
requires_gnutls_next_no_ticket
|
|
requires_gnutls_next_disable_tls13_compat
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
requires_config_enabled PSA_WANT_ALG_ECDH
|
|
requires_config_enabled PSA_WANT_ECC_SECP_R1_384
|
|
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
|
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
|
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
|
|
0 \
|
|
-s "write selected_group: secp384r1" \
|
|
-s "HRR selected_group: secp384r1" \
|
|
-S "key exchange mode: psk$" \
|
|
-s "key exchange mode: psk_ephemeral" \
|
|
-S "key exchange mode: ephemeral"
|
|
|
|
|
|
# Add psk test cases for mbedtls client code
|
|
|
|
# MbedTls->MbedTLS kinds of tls13_kex_modes
|
|
# PSK mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
# psk_ephemeral mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
# ephemeral mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
1 \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
1 \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
1 \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
# ephemeral_all mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "key exchange mode: ephemeral" \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
# psk_all mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
# all mode in client
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/ephemeral, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/ephemeral_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "ClientHello message misses mandatory extensions."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/all, good" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
|
|
0 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "No usable PSK or ticket" \
|
|
-s "key exchange mode: ephemeral"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \
|
|
"$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
1 \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Invalid binder."
|
|
|
|
#OPENSSL-SERVER psk mode
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->O: psk/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
|
|
|
|
#OPENSSL-SERVER psk_all mode
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: psk_all/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
#OPENSSL-SERVER psk_ephemeral mode
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
#OPENSSL-SERVER ephemeral mode
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: ephemeral/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
#OPENSSL-SERVER ephemeral_all mode
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "<= write client hello" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "<= write client hello" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
#OPENSSL-SERVER all mode
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: all/all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "<= write client hello" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
requires_openssl_tls1_3_with_compatible_ephemeral
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->O: all/ephemeral_all, good" \
|
|
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
|
|
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "<= write client hello" \
|
|
-c "HTTP/1.0 200 ok"
|
|
|
|
#GNUTLS-SERVER psk mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->G: psk/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk$" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
|
1 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
|
|
|
|
#GNUTLS-SERVER psk_all mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: psk_all/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
#GNUTLS-SERVER psk_ephemeral mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
#GNUTLS-SERVER ephemeral mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: ephemeral/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
|
0 \
|
|
-c "Selected key exchange mode: ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
#GNUTLS-SERVER ephemeral_all mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
#GNUTLS-SERVER all mode
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: all/all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|
|
|
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
|
requires_gnutls_tls1_3
|
|
requires_config_enabled MBEDTLS_DEBUG_C
|
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
|
|
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \
|
|
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
|
0 \
|
|
-c "=> write client hello" \
|
|
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
|
-c "client hello, adding psk_key_exchange_modes extension" \
|
|
-c "client hello, adding PSK binder list" \
|
|
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
|
-s "Parsing extension 'Pre Shared Key/41'" \
|
|
-c "<= write client hello" \
|
|
-c "Selected key exchange mode: psk_ephemeral" \
|
|
-c "HTTP/1.0 200 OK"
|