From dd2dc1578a2707d24ff516ca133def42f06bcaf4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 15 Mar 2024 10:08:32 +0100 Subject: [PATCH] ssl-opt.sh: Add m->m resumption and early data tests Signed-off-by: Ronald Cron --- tests/opt-testcases/tls13-misc.sh | 199 ++++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 534ebb9630..5e43921710 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -196,6 +196,205 @@ run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ -s "key exchange mode: psk" \ -s "Select PSK ciphersuite" +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 +run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ + "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: resumption with early data" \ + "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -c "received max_early_data_size" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "bytes of early data written" \ + -C "0 bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite" \ + -s "Sent max_early_data_size" \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -s "ClientHello: early_data(42) extension exists." \ + -s "EncryptedExtensions: early_data(42) extension exists." \ + -s "early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 +run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ + "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -c "received max_early_data_size" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "bytes of early data written" \ + -C "0 bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ + -s "Sent max_early_data_size" \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -s "ClientHello: early_data(42) extension exists." \ + -s "EncryptedExtensions: early_data(42) extension exists." \ + -s "early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -C "received max_early_data_size" \ + -C "NewSessionTicket: early_data(42) extension received." \ + -C "ClientHello: early_data(42) extension exists." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -c "0 bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite" \ + -S "Sent max_early_data_size" \ + -S "NewSessionTicket: early_data(42) extension exists." \ + -S "ClientHello: early_data(42) extension exists." \ + -S "EncryptedExtensions: early_data(42) extension exists." \ + -S "early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ + "$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -C "received max_early_data_size" \ + -C "NewSessionTicket: early_data(42) extension received." \ + -C "ClientHello: early_data(42) extension exists." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -c "0 bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite" \ + -S "Sent max_early_data_size" \ + -S "NewSessionTicket: early_data(42) extension exists." \ + -S "ClientHello: early_data(42) extension exists." \ + -S "EncryptedExtensions: early_data(42) extension exists." \ + -S "early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ + "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -c "received max_early_data_size" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -C "ClientHello: early_data(42) extension exists." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -C "bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite" \ + -s "Sent max_early_data_size" \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -S "ClientHello: early_data(42) extension exists." \ + -S "EncryptedExtensions: early_data(42) extension exists." \ + -S "early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ + "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -c "received max_early_data_size" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -C "ClientHello: early_data(42) extension exists." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -C "bytes of early data written" \ + -s "Protocol is TLSv1.3" \ + -s "key exchange mode: psk" \ + -s "Select PSK ciphersuite" \ + -s "Sent max_early_data_size" \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -S "ClientHello: early_data(42) extension exists." \ + -S "EncryptedExtensions: early_data(42) extension exists." \ + -S "early data bytes read" + requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \