lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-26 15:08:51 +03:00
Code

Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex

Browse Source 
TLS 1.3: SRV: Improve key exchange mode selection
This commit is contained in:
Janos Follath 2024-03-08 14:58:36 +00:00 committed by GitHub
commit 080a5171e2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 399 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

595
library/ssl_tls13_server.c
View File

@ -39,6 +39,63 @@ static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
return ciphersuite_info;
}
static void ssl_tls13_select_ciphersuite(
mbedtls_ssl_context *ssl,
const unsigned char *cipher_suites,
const unsigned char *cipher_suites_end,
int psk_ciphersuite_id,
psa_algorithm_t psk_hash_alg,
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
{
*selected_ciphersuite_info = NULL;
/*
* In a compliant ClientHello the byte-length of the list of ciphersuites
* is even and this function relies on this fact. This should have been
* checked in the main ClientHello parsing function. Double check here.
*/
if ((cipher_suites_end - cipher_suites) & 1) {
return;
}
for (const unsigned char *p = cipher_suites;
p < cipher_suites_end; p += 2) {
/*
* "cipher_suites_end - p is even" is an invariant of the loop. As
* cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and it
* is thus safe to read two bytes.
*/
uint16_t id = MBEDTLS_GET_UINT16_BE(p, 0);
const mbedtls_ssl_ciphersuite_t *info =
ssl_tls13_validate_peer_ciphersuite(ssl, id);
if (info == NULL) {
continue;
}
/*
* If a valid PSK ciphersuite identifier has been passed in, we want
* an exact match.
*/
if (psk_ciphersuite_id != 0) {
if (id != psk_ciphersuite_id) {
continue;
}
} else if (psk_hash_alg != PSA_ALG_NONE) {
if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac) !=
psk_hash_alg) {
continue;
}
}
*selected_ciphersuite_info = info;
return;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x",
(unsigned) psk_ciphersuite_id, psk_hash_alg));
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* From RFC 8446:
*
@ -90,8 +147,30 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
return 0;
}
#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
/*
* Non-error return values of
* ssl_tls13_offered_psks_check_identity_match_ticket() and
* ssl_tls13_offered_psks_check_identity_match(). They are positive to
* not collide with error codes that are negative. Zero
* (SSL_TLS1_3_PSK_IDENTITY_MATCH) in case of success as it may be propagated
* up by the callers of this function as a generic success condition.
*
* The return value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE means
* that the pre-shared-key identity matches that of a ticket or an externally-
* provisioned pre-shared-key. We have thus been able to retrieve the
* attributes of the pre-shared-key but at least one of them does not meet
* some criteria and the pre-shared-key cannot be used. For example, a ticket
* is expired or its version is not TLS 1.3. Note eventually that the return
* value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE does not have
* anything to do with binder check. A binder check is done only when a
* suitable pre-shared-key has been selected and only for that selected
* pre-shared-key: if the binder check fails, we fail the handshake and we do
* not try to find another pre-shared-key for which the binder check would
* succeed as recommended by the specification.
*/
#define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2
#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1
#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
@ -109,7 +188,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer;
unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_ms_time_t now;
mbedtls_ms_time_t server_age;
@ -123,7 +201,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
/* Ticket parser is not configured, Skip */
if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
return 0;
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
}
/* We create a copy of the encrypted ticket since the ticket parsing
@ -133,63 +211,51 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
*/
ticket_buffer = mbedtls_calloc(1, identity_len);
if (ticket_buffer == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(ticket_buffer, identity, identity_len);
if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
session,
ticket_buffer, identity_len)) != 0) {
if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
} else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
ticket_buffer, identity_len);
switch (ret) {
case 0:
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
break;
case MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED:
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
} else {
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
break;
case MBEDTLS_ERR_SSL_INVALID_MAC:
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
break;
default:
MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret);
}
ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
}
/* We delete the temporary buffer */
mbedtls_free(ticket_buffer);
if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
/* TODO: Define new return value for this case. */
ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
}
if (ret != 0) {
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
goto exit;
}
/* RFC 8446 section 4.2.9
*
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
* compatible with the advertised modes; however, if a server does so,
* the impact will just be that the client's attempts at resumption fail.
*
* We regard the ticket with incompatible key exchange modes as not match.
/*
* The identity matches that of a ticket. Now check that it has suitable
* attributes and bet it will not be the case.
*/
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
key_exchanges = 0;
if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) &&
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) &&
ssl_tls13_key_exchange_is_psk_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
if (key_exchanges == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
goto exit;
}
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_HAVE_TIME)
now = mbedtls_ms_time();
@ -242,13 +308,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
age_diff));
goto exit;
}
ret = 0;
#endif /* MBEDTLS_HAVE_TIME */
/*
* All good, we have found a suitable ticket.
*/
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
exit:
if (ret != 0) {
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
mbedtls_ssl_session_free(session);
}
@ -273,13 +341,11 @@ static int ssl_tls13_offered_psks_check_identity_match(
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len);
ssl->handshake->resume = 0;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl_tls13_offered_psks_check_identity_match_ticket(
ssl, identity, identity_len, obfuscated_ticket_age,
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
ssl->handshake->resume = 1;
ret = ssl_tls13_offered_psks_check_identity_match_ticket(
ssl, identity, identity_len, obfuscated_ticket_age, session);
if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH) {
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
ret = mbedtls_ssl_set_hs_psk(ssl,
session->resumption_key,
@ -294,7 +360,9 @@ static int ssl_tls13_offered_psks_check_identity_match(
session->resumption_key_len);
MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u",
(unsigned) obfuscated_ticket_age));
return SSL_TLS1_3_OFFERED_PSK_MATCH;
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
} else if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE) {
return SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@ -302,9 +370,9 @@ static int ssl_tls13_offered_psks_check_identity_match(
if (ssl->conf->f_psk != NULL) {
if (ssl->conf->f_psk(
ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
return SSL_TLS1_3_OFFERED_PSK_MATCH;
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
}
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
}
MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len);
@ -318,12 +386,20 @@ static int ssl_tls13_offered_psks_check_identity_match(
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
return ret;
}
return SSL_TLS1_3_OFFERED_PSK_MATCH;
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
}
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
}
/*
* Non-error return values of ssl_tls13_offered_psks_check_binder_match().
* They are positive to not collide with error codes that are negative. Zero
* (SSL_TLS1_3_BINDER_MATCH) in case of success as it may be propagated up
* by the callers of this function as a generic success condition.
*/
#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1
#define SSL_TLS1_3_BINDER_MATCH 0
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_binder_match(
mbedtls_ssl_context *ssl,
@ -368,99 +444,15 @@ static int ssl_tls13_offered_psks_check_binder_match(
MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len);
if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) {
return SSL_TLS1_3_OFFERED_PSK_MATCH;
return SSL_TLS1_3_BINDER_MATCH;
}
mbedtls_platform_zeroize(server_computed_binder,
sizeof(server_computed_binder));
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_ciphersuite_for_psk(
mbedtls_ssl_context *ssl,
const unsigned char *cipher_suites,
const unsigned char *cipher_suites_end,
uint16_t *selected_ciphersuite,
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
{
psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
*selected_ciphersuite = 0;
*selected_ciphersuite_info = NULL;
/* RFC 8446, page 55.
*
* For externally established PSKs, the Hash algorithm MUST be set when the
* PSK is established or default to SHA-256 if no such algorithm is defined.
*
*/
/*
* Search for a matching ciphersuite
*/
for (const unsigned char *p = cipher_suites;
p < cipher_suites_end; p += 2) {
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
cipher_suite);
if (ciphersuite_info == NULL) {
continue;
}
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
* Otherwise, client should reject.
*/
if (psk_hash_alg ==
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) {
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return 0;
}
}
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite"));
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
return SSL_TLS1_3_BINDER_DOES_NOT_MATCH;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_ciphersuite_for_resumption(
mbedtls_ssl_context *ssl,
const unsigned char *cipher_suites,
const unsigned char *cipher_suites_end,
mbedtls_ssl_session *session,
uint16_t *selected_ciphersuite,
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
{
*selected_ciphersuite = 0;
*selected_ciphersuite_info = NULL;
for (const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2) {
uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
if (cipher_suite != session->ciphersuite) {
continue;
}
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
cipher_suite);
if (ciphersuite_info == NULL) {
continue;
}
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return 0;
}
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
const mbedtls_ssl_session *src)
@ -481,6 +473,13 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
struct psk_attributes {
int type;
int key_exchange_mode;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
};
#define PSK_ATTRIBUTES_INIT { 0, 0, NULL }
/* Parser for pre_shared_key extension in client hello
* struct {
* opaque identity<1..2^16-1>;
@ -507,7 +506,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
const unsigned char *pre_shared_key_ext,
const unsigned char *pre_shared_key_ext_end,
const unsigned char *ciphersuites,
const unsigned char *ciphersuites_end)
const unsigned char *ciphersuites_end,
struct psk_attributes *psk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext;
@ -558,9 +558,10 @@ static int ssl_tls13_parse_pre_shared_key_ext(
uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
int psk_type;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int psk_ciphersuite_id;
psa_algorithm_t psk_hash_alg;
int allowed_key_exchange_modes;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session session;
mbedtls_ssl_session_init(&session);
@ -586,47 +587,74 @@ static int ssl_tls13_parse_pre_shared_key_ext(
ret = ssl_tls13_offered_psks_check_identity_match(
ssl, identity, identity_len, obfuscated_ticket_age,
&psk_type, &session);
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
&psk->type, &session);
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
continue;
}
MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity"));
switch (psk_type) {
switch (psk->type) {
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
ret = ssl_tls13_select_ciphersuite_for_psk(
ssl, ciphersuites, ciphersuites_end,
&cipher_suite, &ciphersuite_info);
psk_ciphersuite_id = 0;
psk_hash_alg = PSA_ALG_SHA_256;
allowed_key_exchange_modes =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
break;
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
ret = ssl_tls13_select_ciphersuite_for_resumption(
ssl, ciphersuites, ciphersuites_end, &session,
&cipher_suite, &ciphersuite_info);
if (ret != 0) {
mbedtls_ssl_session_free(&session);
}
#else
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
#endif
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
psk_ciphersuite_id = session.ciphersuite;
psk_hash_alg = PSA_ALG_NONE;
ssl->session_negotiate->ticket_flags = session.ticket_flags;
allowed_key_exchange_modes =
session.ticket_flags &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
break;
#endif
default:
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
if (ret != 0) {
/* See below, no cipher_suite available, abort handshake */
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
if ((allowed_key_exchange_modes &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
} else if ((allowed_key_exchange_modes &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
ssl_tls13_key_exchange_is_psk_available(ssl)) {
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
if (psk->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode"));
continue;
}
ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end,
psk_ciphersuite_id, psk_hash_alg,
&psk->ciphersuite_info);
if (psk->ciphersuite_info == NULL) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session_free(&session);
#endif
/*
* We consider finding a ciphersuite suitable for the PSK as part
* of the validation of its binder. Thus if we do not find one, we
* abort the handshake with a decrypt_error alert.
*/
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
MBEDTLS_SSL_DEBUG_RET(
2, "ssl_tls13_select_ciphersuite", ret);
return ret;
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
ret = ssl_tls13_offered_psks_check_binder_match(
ssl, binder, binder_len, psk_type,
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac));
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
ssl, binder, binder_len, psk->type,
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) psk->ciphersuite_info->mac));
if (ret != SSL_TLS1_3_BINDER_MATCH) {
/* For security reasons, the handshake should be aborted when we
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
* and appendix E.6. */
@ -644,13 +672,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
matched_identity = identity_id;
/* Update handshake parameters */
ssl->handshake->ciphersuite_info = ciphersuite_info;
ssl->session_negotiate->ciphersuite = cipher_suite;
MBEDTLS_SSL_DEBUG_MSG(2, ("overwrite ciphersuite: %04x - %s",
cipher_suite, ciphersuite_info->name));
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
if (psk->type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate,
&session);
mbedtls_ssl_session_free(&session);
@ -676,7 +699,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(
return ret;
}
if (matched_identity == -1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket."));
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
@ -1003,21 +1026,29 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl,
unsigned int kex_mode)
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl->handshake->resume) {
if (!mbedtls_ssl_tls13_session_ticket_has_flags(
ssl->session_negotiate, kex_mode)) {
return 0;
}
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
((void) ssl);
((void) kex_mode);
return 0;
#endif
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
((void) ssl);
return 0;
#endif
return 1;
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@ -1033,83 +1064,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss
#endif
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
((void) ssl);
return 0;
#endif
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
((void) ssl);
return 0;
#endif
}
static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
{
/*
* Determine the key exchange algorithm to use.
* There are three types of key exchanges supported in TLS 1.3:
* - (EC)DH with ECDSA,
* - (EC)DH with PSK,
* - plain PSK.
*
* The PSK-based key exchanges may additionally be used with 0-RTT.
*
* Our built-in order of preference is
* 1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
* 2 ) Certificate Mode ( ephemeral )
* 3 ) Plain PSK Mode ( psk )
*/
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
} else
if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
} else
if (ssl_tls13_key_exchange_is_psk_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
} else {
MBEDTLS_SSL_DEBUG_MSG(
1,
("ClientHello message misses mandatory extensions."));
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
return 0;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
@ -1301,6 +1255,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
int no_usable_share_for_key_agreement = 0;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
int got_psk = 0;
struct psk_attributes psk = PSK_ATTRIBUTES_INIT;
const unsigned char *pre_shared_key_ext = NULL;
const unsigned char *pre_shared_key_ext_end = NULL;
#endif
@ -1464,37 +1420,20 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
*/
MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites",
cipher_suites, cipher_suites_len);
for (const unsigned char *cipher_suites_p = cipher_suites;
cipher_suites_p < cipher_suites_end; cipher_suites_p += 2) {
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
/*
* "cipher_suites_end - cipher_suites_p is even" is an invariant of the
* loop. As cipher_suites_end - cipher_suites_p > 0, we have
* cipher_suites_end - cipher_suites_p >= 2 and it is thus safe to read
* two bytes.
*/
cipher_suite = MBEDTLS_GET_UINT16_BE(cipher_suites_p, 0);
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
ssl, cipher_suite);
if (ciphersuite_info == NULL) {
continue;
}
ssl->session_negotiate->ciphersuite = cipher_suite;
handshake->ciphersuite_info = ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
cipher_suite,
ciphersuite_info->name));
break;
}
ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end,
0, PSA_ALG_NONE, &handshake->ciphersuite_info);
if (handshake->ciphersuite_info == NULL) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
((unsigned) handshake->ciphersuite_info->id),
handshake->ciphersuite_info->name));
/* ...
* opaque legacy_compression_methods<1..2^8-1>;
@ -1734,10 +1673,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
/* Update checksum with either
* - The entire content of the CH message, if no PSK extension is present
* - The content up to but excluding the PSK extension, if present.
* Always parse the pre-shared-key extension when present in the
* ClientHello even if some pre-requisites for PSK key exchange modes are
* not met. That way we always validate the syntax of the extension.
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
if (ssl_tls13_key_exchange_is_psk_available(ssl) ||
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
@ -1748,10 +1688,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
pre_shared_key_ext,
pre_shared_key_ext_end,
cipher_suites,
cipher_suites_end);
if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY);
} else if (ret != 0) {
cipher_suites_end,
&psk);
if (ret == 0) {
got_psk = 1;
} else if (ret != MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
MBEDTLS_SSL_DEBUG_RET(
1, "ssl_tls13_parse_pre_shared_key_ext", ret);
return ret;
@ -1766,12 +1707,68 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
}
}
ret = ssl_tls13_determine_key_exchange_mode(ssl);
if (ret < 0) {
return ret;
/*
* Determine the key exchange algorithm to use.
* There are three types of key exchanges supported in TLS 1.3:
* - (EC)DH with ECDSA,
* - (EC)DH with PSK,
* - plain PSK.
*
* The PSK-based key exchanges may additionally be used with 0-RTT.
*
* Our built-in order of preference is
* 1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
* 2 ) Certificate Mode ( ephemeral )
* 3 ) Plain PSK Mode ( psk )
*/
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (got_psk && (psk.key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) {
handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
} else
#endif
if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
else if (got_psk && (psk.key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) {
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
}
#endif
else {
MBEDTLS_SSL_DEBUG_MSG(
1,
("ClientHello message misses mandatory extensions."));
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
if (ssl->handshake->key_exchange_mode !=
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (handshake->key_exchange_mode &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) {
handshake->ciphersuite_info = psk.ciphersuite_info;
ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id;
MBEDTLS_SSL_DEBUG_MSG(2, ("Select PSK ciphersuite: %04x - %s",
((unsigned) psk.ciphersuite_info->id),
psk.ciphersuite_info->name));
if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
handshake->resume = 1;
}
}
#endif
if (handshake->key_exchange_mode !=
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) {
hrr_required = (no_usable_share_for_key_agreement != 0);
}

137
tests/opt-testcases/tls13-kex-modes.sh
View File

@ -23,7 +23,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -41,7 +41,7 @@ run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -78,7 +78,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -96,7 +96,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -151,7 +151,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -188,7 +188,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -206,7 +206,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -261,7 +261,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -280,7 +280,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -319,7 +319,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -338,7 +338,7 @@ run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -377,7 +377,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -396,7 +396,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -435,7 +435,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -454,7 +454,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -493,7 +493,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -512,7 +512,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -550,8 +550,9 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
-s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No suitable PSK key exchange mode" \
-S "Pre shared key found" \
-S "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -572,7 +573,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -592,7 +593,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -633,7 +634,7 @@ run_test "TLS 1.3: G->m: all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -653,7 +654,7 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -694,7 +695,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -733,8 +734,9 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No suitable PSK key exchange mode" \
-S "Pre shared key found" \
-S "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -754,7 +756,7 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -793,7 +795,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -921,7 +923,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -938,7 +940,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -973,7 +975,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -990,7 +992,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1025,7 +1027,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1042,7 +1044,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1078,7 +1080,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1096,7 +1098,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1133,7 +1135,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1151,7 +1153,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1188,7 +1190,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1206,7 +1208,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1243,7 +1245,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1261,7 +1263,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1299,7 +1301,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1318,7 +1320,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1357,7 +1359,7 @@ run_test "TLS 1.3: O->m: all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
@ -1376,7 +1378,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1413,8 +1415,9 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
-s "No suitable PSK key exchange mode" \
-S "Pre shared key found" \
-S "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1433,7 +1436,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
-s "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
@ -1580,7 +1583,7 @@ run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket"
-s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1665,7 +1668,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1711,7 +1714,7 @@ run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1769,7 +1772,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1827,7 +1830,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket"
-s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1870,7 +1873,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1916,7 +1919,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2047,7 +2050,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket"
-s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2106,7 +2109,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fal
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2152,7 +2155,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2199,7 +2202,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2288,7 +2291,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2348,7 +2351,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket"
-s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2392,7 +2395,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2438,7 +2441,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket"
-s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2485,7 +2488,7 @@ run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2532,7 +2535,7 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2595,7 +2598,7 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 OK"
@ -2643,7 +2646,7 @@ run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2690,7 +2693,7 @@ run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3

49
tests/opt-testcases/tls13-misc.sh
View File

@ -353,8 +353,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \
-s "No matched PSK or ticket"
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -365,7 +365,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -381,8 +381,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \
-s "No matched PSK or ticket"
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -393,7 +393,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -409,8 +409,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \
-s "No matched PSK or ticket"
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -425,8 +425,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \
-s "No matched PSK or ticket"
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -437,7 +437,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemera
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity" \
-s "key exchange mode: psk_ephemeral"
@ -450,7 +450,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity" \
-s "key exchange mode: psk_ephemeral"
@ -468,8 +468,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \
-s "No matched PSK or ticket"
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -481,7 +481,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -494,7 +494,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity" \
-s "key exchange mode: psk_ephemeral"
@ -508,7 +508,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
-S "No suitable PSK key exchange mode" \
-s "found matched identity" \
-s "key exchange mode: psk_ephemeral"
@ -535,3 +535,18 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
-s "$( tail -1 $EARLY_DATA_INPUT )" \
-s "200 early data bytes read" \
-s "106 early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \
"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
0 \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk" \
-s "found matched identity" \
-s "EarlyData: rejected, not a session resumption" \
-C "EncryptedExtensions: early_data(42) extension exists."