1#!/bin/sh 2 3# tls13-misc.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19# 20 21requires_gnutls_tls1_3 22requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 23requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 24requires_config_enabled MBEDTLS_SSL_SRV_C 25requires_config_enabled MBEDTLS_DEBUG_C 26requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 27 28run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 29 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 30 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 31 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 32 localhost" \ 33 1 \ 34 -s "found psk key exchange modes extension" \ 35 -s "found pre_shared_key extension" \ 36 -s "Found PSK_EPHEMERAL KEX MODE" \ 37 -s "Found PSK KEX MODE" \ 38 -s "No matched ciphersuite" 39 40requires_openssl_tls1_3 41requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 42requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 43requires_config_enabled MBEDTLS_SSL_SRV_C 44requires_config_enabled MBEDTLS_DEBUG_C 45requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 46 47run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 48 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 49 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 50 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 51 1 \ 52 -s "found psk key exchange modes extension" \ 53 -s "found pre_shared_key extension" \ 54 -s "Found PSK_EPHEMERAL KEX MODE" \ 55 -s "Found PSK KEX MODE" \ 56 -s "No matched ciphersuite" 57 58requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 59 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 60 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 61run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 62 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 63 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 64 0 \ 65 -c "Pre-configured PSK number = 2" \ 66 -s "sent selected_identity: 0" \ 67 -s "key exchange mode: psk_ephemeral" \ 68 -S "key exchange mode: psk$" \ 69 -S "key exchange mode: ephemeral$" \ 70 -S "ticket is not authentic" 71 72requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 73 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 74 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 75run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 76 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 77 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 78 0 \ 79 -c "Pre-configured PSK number = 2" \ 80 -s "sent selected_identity: 1" \ 81 -s "key exchange mode: psk_ephemeral" \ 82 -S "key exchange mode: psk$" \ 83 -S "key exchange mode: ephemeral$" \ 84 -s "ticket is not authentic" 85 86requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 87 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 88 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 89 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 90run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ 91 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ 92 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 93 0 \ 94 -c "Pre-configured PSK number = 1" \ 95 -S "sent selected_identity:" \ 96 -s "key exchange mode: ephemeral" \ 97 -S "key exchange mode: psk_ephemeral" \ 98 -S "key exchange mode: psk$" \ 99 -s "ticket is not authentic" \ 100 -S "ticket is expired" \ 101 -S "Invalid ticket start time" \ 102 -S "Ticket age exceeds limitation" \ 103 -S "Ticket age outside tolerance window" 104 105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 106 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 107 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 108 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 109run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ 110 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ 111 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 112 0 \ 113 -c "Pre-configured PSK number = 1" \ 114 -S "sent selected_identity:" \ 115 -s "key exchange mode: ephemeral" \ 116 -S "key exchange mode: psk_ephemeral" \ 117 -S "key exchange mode: psk$" \ 118 -S "ticket is not authentic" \ 119 -s "ticket is expired" \ 120 -S "Invalid ticket start time" \ 121 -S "Ticket age exceeds limitation" \ 122 -S "Ticket age outside tolerance window" 123 124requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 125 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 126 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 127 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 128run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ 129 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ 130 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 131 0 \ 132 -c "Pre-configured PSK number = 1" \ 133 -S "sent selected_identity:" \ 134 -s "key exchange mode: ephemeral" \ 135 -S "key exchange mode: psk_ephemeral" \ 136 -S "key exchange mode: psk$" \ 137 -S "ticket is not authentic" \ 138 -S "ticket is expired" \ 139 -s "Invalid ticket start time" \ 140 -S "Ticket age exceeds limitation" \ 141 -S "Ticket age outside tolerance window" 142 143requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 144 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 146 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 147run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ 148 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ 149 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 150 0 \ 151 -c "Pre-configured PSK number = 1" \ 152 -S "sent selected_identity:" \ 153 -s "key exchange mode: ephemeral" \ 154 -S "key exchange mode: psk_ephemeral" \ 155 -S "key exchange mode: psk$" \ 156 -S "ticket is not authentic" \ 157 -S "ticket is expired" \ 158 -S "Invalid ticket start time" \ 159 -s "Ticket age exceeds limitation" \ 160 -S "Ticket age outside tolerance window" 161 162requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 163 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 165 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 166run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ 167 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ 168 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 169 0 \ 170 -c "Pre-configured PSK number = 1" \ 171 -S "sent selected_identity:" \ 172 -s "key exchange mode: ephemeral" \ 173 -S "key exchange mode: psk_ephemeral" \ 174 -S "key exchange mode: psk$" \ 175 -S "ticket is not authentic" \ 176 -S "ticket is expired" \ 177 -S "Invalid ticket start time" \ 178 -S "Ticket age exceeds limitation" \ 179 -s "Ticket age outside tolerance window" 180 181requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 182 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 183 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 185run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ 186 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ 187 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 188 0 \ 189 -c "Pre-configured PSK number = 1" \ 190 -S "sent selected_identity:" \ 191 -s "key exchange mode: ephemeral" \ 192 -S "key exchange mode: psk_ephemeral" \ 193 -S "key exchange mode: psk$" \ 194 -S "ticket is not authentic" \ 195 -S "ticket is expired" \ 196 -S "Invalid ticket start time" \ 197 -S "Ticket age exceeds limitation" \ 198 -s "Ticket age outside tolerance window" 199 200requires_gnutls_tls1_3 201requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 203run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 204 "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 205 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 206 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 207 localhost" \ 208 1 \ 209 -s "found psk key exchange modes extension" \ 210 -s "found pre_shared_key extension" \ 211 -s "Found PSK_EPHEMERAL KEX MODE" \ 212 -S "Found PSK KEX MODE" \ 213 -S "key exchange mode: psk$" \ 214 -S "key exchange mode: psk_ephemeral" \ 215 -S "key exchange mode: ephemeral" 216 217requires_gnutls_tls1_3 218requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 219 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 220 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 221requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 222 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 223run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 224 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 225 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 226 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 227 localhost" \ 228 0 \ 229 -s "found psk key exchange modes extension" \ 230 -s "found pre_shared_key extension" \ 231 -s "Found PSK_EPHEMERAL KEX MODE" \ 232 -s "Found PSK KEX MODE" \ 233 -s "key exchange mode: psk$" 234 235requires_gnutls_tls1_3 236requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 237 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 238 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 239requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 240 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 241run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 242 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 243 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 244 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 245 localhost" \ 246 0 \ 247 -s "found psk key exchange modes extension" \ 248 -s "found pre_shared_key extension" \ 249 -s "Found PSK_EPHEMERAL KEX MODE" \ 250 -s "Found PSK KEX MODE" \ 251 -s "key exchange mode: psk_ephemeral$" 252 253requires_gnutls_tls1_3 254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 255 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 257requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 258 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 259run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 260 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 261 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 262 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 263 localhost" \ 264 0 \ 265 -s "key exchange mode: ephemeral$" 266 267requires_gnutls_tls1_3 268requires_config_enabled MBEDTLS_DEBUG_C 269requires_config_enabled MBEDTLS_SSL_CLI_C 270requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 271 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 272 MBEDTLS_SSL_EARLY_DATA 273requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 274 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 275run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ 276 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ 277 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ 278 0 \ 279 -c "Reconnecting with saved session" \ 280 -c "NewSessionTicket: early_data(42) extension received." \ 281 -c "ClientHello: early_data(42) extension exists." \ 282 -c "EncryptedExtensions: early_data(42) extension received." \ 283 -c "EncryptedExtensions: early_data(42) extension exists." \ 284 -c "<= write EndOfEarlyData" \ 285 -s "Parsing extension 'Early Data/42' (0 bytes)" \ 286 -s "Sending extension Early Data/42 (0 bytes)" \ 287 -s "END OF EARLY DATA (5) was received." \ 288 -s "early data accepted" 289 290requires_gnutls_tls1_3 291requires_config_enabled MBEDTLS_DEBUG_C 292requires_config_enabled MBEDTLS_SSL_CLI_C 293requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 294 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 295 MBEDTLS_SSL_EARLY_DATA 296requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 297 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 298run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ 299 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 300 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 301 0 \ 302 -c "Reconnecting with saved session" \ 303 -C "NewSessionTicket: early_data(42) extension received." \ 304 -c "ClientHello: early_data(42) extension does not exist." \ 305 -C "EncryptedExtensions: early_data(42) extension received." \ 306 -C "EncryptedExtensions: early_data(42) extension exists." 307 308#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. 309skip_next_test 310requires_openssl_tls1_3 311requires_config_enabled MBEDTLS_DEBUG_C 312requires_config_enabled MBEDTLS_SSL_CLI_C 313requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 314 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 315 MBEDTLS_SSL_EARLY_DATA 316requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 317 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 318run_test "TLS 1.3, ext PSK, early data" \ 319 "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 320 "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ 321 1 \ 322 -c "Reconnecting with saved session" \ 323 -c "NewSessionTicket: early_data(42) extension received." \ 324 -c "ClientHello: early_data(42) extension exists." \ 325 -c "EncryptedExtensions: early_data(42) extension received." \ 326 -c "EncryptedExtensions: early_data(42) extension ( ignored )." 327 328requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 329 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 330 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 331 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 332run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ 333 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ 334 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 335 0 \ 336 -c "Pre-configured PSK number = 1" \ 337 -S "sent selected_identity:" \ 338 -s "key exchange mode: ephemeral" \ 339 -S "key exchange mode: psk_ephemeral" \ 340 -S "key exchange mode: psk$" \ 341 -s "No suitable key exchange mode" \ 342 -s "No matched PSK or ticket" 343 344requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 345 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 347 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 348run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ 349 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ 350 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 351 0 \ 352 -c "Pre-configured PSK number = 1" \ 353 -S "No suitable key exchange mode" \ 354 -s "found matched identity" 355 356requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 357 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 358 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 359 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 360run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ 361 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ 362 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 363 0 \ 364 -c "Pre-configured PSK number = 1" \ 365 -S "sent selected_identity:" \ 366 -s "key exchange mode: ephemeral" \ 367 -S "key exchange mode: psk_ephemeral" \ 368 -S "key exchange mode: psk$" \ 369 -s "No suitable key exchange mode" \ 370 -s "No matched PSK or ticket" 371 372requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 373 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 374 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 375 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 376run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ 377 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ 378 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 379 0 \ 380 -c "Pre-configured PSK number = 1" \ 381 -S "No suitable key exchange mode" \ 382 -s "found matched identity" 383 384requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 385 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 386 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 387 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 388run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ 389 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ 390 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 391 0 \ 392 -c "Pre-configured PSK number = 1" \ 393 -S "sent selected_identity:" \ 394 -s "key exchange mode: ephemeral" \ 395 -S "key exchange mode: psk_ephemeral" \ 396 -S "key exchange mode: psk$" \ 397 -s "No suitable key exchange mode" \ 398 -s "No matched PSK or ticket" 399 400requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 401 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 403 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 404run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ 405 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ 406 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 407 0 \ 408 -c "Pre-configured PSK number = 1" \ 409 -S "sent selected_identity:" \ 410 -s "key exchange mode: ephemeral" \ 411 -S "key exchange mode: psk_ephemeral" \ 412 -S "key exchange mode: psk$" \ 413 -s "No suitable key exchange mode" \ 414 -s "No matched PSK or ticket" 415 416requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 417 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 418 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 419 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 420run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \ 421 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ 422 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 423 0 \ 424 -c "Pre-configured PSK number = 1" \ 425 -S "No suitable key exchange mode" \ 426 -s "found matched identity" 427 428requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 429 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 430 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 431 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 432run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ 433 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ 434 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 435 0 \ 436 -c "Pre-configured PSK number = 1" \ 437 -S "No suitable key exchange mode" \ 438 -s "found matched identity" 439 440requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 441 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 442 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 443 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 444 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 445run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ 446 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ 447 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 448 0 \ 449 -c "Pre-configured PSK number = 1" \ 450 -S "sent selected_identity:" \ 451 -s "key exchange mode: ephemeral" \ 452 -S "key exchange mode: psk_ephemeral" \ 453 -S "key exchange mode: psk$" \ 454 -s "No suitable key exchange mode" \ 455 -s "No matched PSK or ticket" 456 457requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 458 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 459 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 461 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 462run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ 463 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ 464 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 465 0 \ 466 -c "Pre-configured PSK number = 1" \ 467 -S "No suitable key exchange mode" \ 468 -s "found matched identity" 469 470requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 471 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 472 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 473 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 474 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 475run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ 476 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ 477 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 478 0 \ 479 -c "Pre-configured PSK number = 1" \ 480 -S "No suitable key exchange mode" \ 481 -s "found matched identity" 482 483requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ 484 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 485 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 486 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 487 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 488run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ 489 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ 490 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 491 0 \ 492 -c "Pre-configured PSK number = 1" \ 493 -S "No suitable key exchange mode" \ 494 -s "found matched identity" 495 496