lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

tls13: srv: Determine best key exchange mode for a PSK

Browse Source 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2024-02-16 18:54:10 +01:00
parent 89089cc69b
commit cf284565c5
3 changed files with 114 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
library/ssl_tls13_server.c
View File

@ -166,7 +166,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer; unsigned char *ticket_buffer;
unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_ms_time_t now; mbedtls_ms_time_t now;
mbedtls_ms_time_t server_age; mbedtls_ms_time_t server_age;
@ -228,31 +227,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
goto exit; goto exit;
} }
/* RFC 8446 section 4.2.9
*
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
* compatible with the advertised modes; however, if a server does so,
* the impact will just be that the client's attempts at resumption fail.
*
* We regard the ticket with incompatible key exchange modes as not match.
*/
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
key_exchanges = 0;
if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) &&
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) &&
ssl_tls13_key_exchange_is_psk_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
if (key_exchanges == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
goto exit;
}
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
now = mbedtls_ms_time(); now = mbedtls_ms_time();
@ -543,6 +517,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
int psk_type; int psk_type;
int psk_ciphersuite_id; int psk_ciphersuite_id;
psa_algorithm_t psk_hash_alg; psa_algorithm_t psk_hash_alg;
int allowed_key_exchange_modes;
int key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session session; mbedtls_ssl_session session;
@ -580,17 +556,38 @@ static int ssl_tls13_parse_pre_shared_key_ext(
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
psk_ciphersuite_id = 0; psk_ciphersuite_id = 0;
psk_hash_alg = PSA_ALG_SHA_256; psk_hash_alg = PSA_ALG_SHA_256;
allowed_key_exchange_modes =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
break; break;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
psk_ciphersuite_id = session.ciphersuite; psk_ciphersuite_id = session.ciphersuite;
psk_hash_alg = PSA_ALG_NONE; psk_hash_alg = PSA_ALG_NONE;
ssl->session_negotiate->ticket_flags = session.ticket_flags;
allowed_key_exchange_modes =
session.ticket_flags &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
break; break;
#endif #endif
default: default:
return MBEDTLS_ERR_SSL_INTERNAL_ERROR; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
} }
if ((allowed_key_exchange_modes &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
} else if ((allowed_key_exchange_modes &
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
ssl_tls13_key_exchange_is_psk_available(ssl)) {
key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
if (key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode"));
continue;
}
ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end,
psk_ciphersuite_id, psk_hash_alg, psk_ciphersuite_id, psk_hash_alg,
&ciphersuite_info); &ciphersuite_info);
@ -664,7 +661,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(
return ret; return ret;
} }
if (matched_identity == -1) { if (matched_identity == -1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket.")); MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket."));
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
} }

143
tests/opt-testcases/tls13-kex-modes.sh
View File

@ -23,7 +23,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \ -s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -41,7 +41,7 @@ run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -78,7 +78,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \ -s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -96,7 +96,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -151,7 +151,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -188,7 +188,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -206,7 +206,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -261,7 +261,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -280,7 +280,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -319,7 +319,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -338,7 +338,7 @@ run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -377,7 +377,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \ -s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -396,7 +396,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -435,7 +435,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -454,7 +454,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -493,7 +493,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -512,7 +512,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -550,8 +550,9 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "No suitable PSK key exchange mode" \
-S "No matched PSK or ticket" \ -S "Pre shared key found" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -572,7 +573,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -592,7 +593,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -633,7 +634,7 @@ run_test "TLS 1.3: G->m: all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -653,7 +654,7 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -694,7 +695,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -733,8 +734,9 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "No suitable PSK key exchange mode" \
-S "No matched PSK or ticket" \ -S "Pre shared key found" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -754,7 +756,7 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -793,7 +795,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
-S "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -921,7 +923,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-s "key exchange mode: psk$" \ -s "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -938,7 +940,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -973,7 +975,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -990,7 +992,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1025,7 +1027,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1042,7 +1044,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1078,7 +1080,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1096,7 +1098,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1133,7 +1135,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1151,7 +1153,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1188,7 +1190,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1206,7 +1208,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1243,7 +1245,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1261,7 +1263,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1299,7 +1301,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1318,7 +1320,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1357,7 +1359,7 @@ run_test "TLS 1.3: O->m: all/all, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \ -s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral" -S "key exchange mode: ephemeral"
@ -1376,7 +1378,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1413,8 +1415,9 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \ -S "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "No suitable PSK key exchange mode" \
-S "No matched PSK or ticket" \ -S "Pre shared key found" \
-s "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1433,7 +1436,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \ -s "Found PSK KEX MODE" \
-s "Pre shared key found" \ -s "Pre shared key found" \
-S "No matched PSK or ticket" \ -S "No usable PSK or ticket" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
@ -1580,7 +1583,7 @@ run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1665,7 +1668,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1711,7 +1714,7 @@ run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1769,7 +1772,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1827,7 +1830,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1870,7 +1873,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -1916,7 +1919,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2047,7 +2050,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2106,7 +2109,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fal
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2152,7 +2155,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2199,7 +2202,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2288,7 +2291,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2348,7 +2351,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2392,7 +2395,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2438,7 +2441,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2485,7 +2488,7 @@ run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2532,7 +2535,7 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2595,7 +2598,7 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback"
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-c "Selected key exchange mode: ephemeral" \ -c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
@ -2643,7 +2646,7 @@ run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -2690,7 +2693,7 @@ run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No usable PSK or ticket" \
-s "key exchange mode: ephemeral" -s "key exchange mode: ephemeral"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3

34
tests/opt-testcases/tls13-misc.sh
View File

@ -353,8 +353,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
-s "key exchange mode: ephemeral" \ -s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \ -s "No suitable PSK key exchange mode" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -365,7 +365,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" -s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -381,8 +381,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
-s "key exchange mode: ephemeral" \ -s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \ -s "No suitable PSK key exchange mode" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -393,7 +393,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" -s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -409,8 +409,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
-s "key exchange mode: ephemeral" \ -s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \ -s "No suitable PSK key exchange mode" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -425,8 +425,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
-s "key exchange mode: ephemeral" \ -s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \ -s "No suitable PSK key exchange mode" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -437,7 +437,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemera
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" \ -s "found matched identity" \
-s "key exchange mode: psk_ephemeral" -s "key exchange mode: psk_ephemeral"
@ -450,7 +450,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" \ -s "found matched identity" \
-s "key exchange mode: psk_ephemeral" -s "key exchange mode: psk_ephemeral"
@ -468,8 +468,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
-s "key exchange mode: ephemeral" \ -s "key exchange mode: ephemeral" \
-S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: psk$" \ -S "key exchange mode: psk$" \
-s "No suitable key exchange mode" \ -s "No suitable PSK key exchange mode" \
-s "No matched PSK or ticket" -s "No usable PSK or ticket"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@ -481,7 +481,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" -s "found matched identity"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
@ -494,7 +494,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" \ -s "found matched identity" \
-s "key exchange mode: psk_ephemeral" -s "key exchange mode: psk_ephemeral"
@ -508,7 +508,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
0 \ 0 \
-c "Pre-configured PSK number = 1" \ -c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \ -S "No suitable PSK key exchange mode" \
-s "found matched identity" \ -s "found matched identity" \
-s "key exchange mode: psk_ephemeral" -s "key exchange mode: psk_ephemeral"