From 40f3771e185f074935f8189e5a9e0b06b7768e5e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 26 Jul 2022 16:58:57 +0800 Subject: [PATCH 01/38] Add handshake psk export function. Rename `ssl_tls13_get_psk` and export the function. Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 49 ++++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 16 +++++++++++++ library/ssl_tls13_server.c | 41 +------------------------------ 3 files changed, 66 insertions(+), 40 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 583b8aa13d..35c3751c58 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1543,4 +1543,53 @@ cleanup: return( ret ); } + +int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, + unsigned char **psk, + size_t *psk_len ) +{ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + *psk_len = 0; + *psk = NULL; + + if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) + return( 0 ); + + status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); + if( status != PSA_SUCCESS) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) ); + *psk = mbedtls_calloc( 1, *psk_len ); + if( *psk == NULL ) + { + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } + + status = psa_export_key( ssl->handshake->psk_opaque, + (uint8_t *)*psk, *psk_len, psk_len ); + if( status != PSA_SUCCESS) + { + mbedtls_free( (void *)*psk ); + return( psa_ssl_status_to_mbedtls( status ) ); + } +#else + *psk = ssl->handshake->psk; + *psk_len = ssl->handshake->psk_len; +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + ((void) ssl); + *psk = NULL; + *psk_len = 0; +#endif /* !MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + return( 0 ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 76c1e93d8b..c5baf2885d 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -692,6 +692,22 @@ int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); +/** + * \brief Export TLS 1.3 PSK key from handshake context + * + * \param ssl The SSL context to operate on. + * \param psk PSK key output pointer. + * \param psk_len + * Length of PSK key. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, + unsigned char **psk, + size_t *psk_len ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4319ec3ca2..36a8119478 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -133,45 +133,6 @@ static int ssl_tls13_offered_psks_check_identity_match( return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH ); } -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_psk( mbedtls_ssl_context *ssl, - unsigned char **psk, - size_t *psk_len ) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - *psk_len = 0; - *psk = NULL; - - status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); - if( status != PSA_SUCCESS) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) ); - *psk = mbedtls_calloc( 1, *psk_len ); - if( *psk == NULL ) - { - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - } - - status = psa_export_key( ssl->handshake->psk_opaque, - (uint8_t *)*psk, *psk_len, psk_len ); - if( status != PSA_SUCCESS) - { - mbedtls_free( (void *)*psk ); - return( psa_ssl_status_to_mbedtls( status ) ); - } -#else - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - return( 0 ); -} - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, const unsigned char *binder, @@ -208,7 +169,7 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, if( ret != 0 ) return( ret ); - ret = ssl_tls13_get_psk( ssl, &psk, &psk_len ); + ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); if( ret != 0 ) return( ret ); From 295d93ebe821f0f2b3dc7693e0cb7408e7bc0bbe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 19 Jul 2022 08:21:29 +0200 Subject: [PATCH 02/38] Add psk handshake with gnutls Signed-off-by: Ronald Cron Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 23 +++++++++++++++++++++-- tests/ssl-opt.sh | 4 ++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 35c3751c58..8d01fc8ddc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -359,7 +359,7 @@ int mbedtls_ssl_tls13_evolve_secret( ret = 0; - if( input != NULL ) + if( ( input != NULL ) && ( input_len != 0 ) ) { memcpy( tmp_input, input, input_len ); ilen = input_len; @@ -825,6 +825,9 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, goto exit; } + MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder", + early_secret, hash_len ) ; + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) { ret = mbedtls_ssl_tls13_derive_secret( hash_alg, @@ -1052,6 +1055,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_algorithm_t hash_alg; mbedtls_ssl_handshake_params *handshake = ssl->handshake; + unsigned char *psk = NULL; + size_t psk_len = 0; if( handshake->ciphersuite_info == NULL ) { @@ -1061,14 +1066,28 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); - ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0, + ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); + if( ret != 0 && psk != NULL ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret ); + return( ret ); + } + + ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len, handshake->tls13_master_secrets.early ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + mbedtls_free( (void*)psk ); +#endif if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); return( ret ); } + MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early", + handshake->tls13_master_secrets.early, + PSA_HASH_LENGTH( hash_alg ) ); return( 0 ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d498d503cf..5c042ee182 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2337,10 +2337,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C run_test "TLS 1.3: PSK: basic check, G->m" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ localhost" \ - 1 \ + 0 \ -s "found psk key exchange modes extension" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ From ccc68a466eaff5096e4c3ffac3ece63cc890bbb6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 26 Jul 2022 16:39:20 +0800 Subject: [PATCH 03/38] change handshake psk key type for tls13 PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is decided when create binder Signed-off-by: Jerry Yu --- library/ssl_tls.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 19b8a41351..fe38a0939a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1693,7 +1693,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = psa_key_attributes_init(); psa_status_t status; - psa_algorithm_t alg; + psa_algorithm_t alg = PSA_ALG_ANY_HASH; mbedtls_svc_key_id_t key; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1706,17 +1706,26 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, ssl_remove_psk( ssl ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - else - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) + { + if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) + alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 ); + else + alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 ); + psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_set_key_usage_flags( &key_attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); -#else - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); -#endif + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) + { + alg = PSA_ALG_HKDF_EXTRACT( PSA_ALG_ANY_HASH ); + psa_set_key_usage_flags( &key_attributes, + PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + psa_set_key_algorithm( &key_attributes, alg ); psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); From e95c8af26636ca9573da0dad96c01f6ca0fdf3ff Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 26 Jul 2022 15:48:20 +0800 Subject: [PATCH 04/38] Align ciphersuite with psk key With OpenSSL and GnuTLS client, if the MAC of ciphersuite does not match selected binder, client will reject connection. This change is to select ciphersuite base on algo of psk binder. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 130 +++++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 47 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 36a8119478..91e6f4ef43 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -136,7 +136,8 @@ static int ssl_tls13_offered_psks_check_identity_match( MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, const unsigned char *binder, - size_t binder_len ) + size_t binder_len, + mbedtls_md_type_t *psk_alg ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int psk_type; @@ -149,6 +150,7 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, size_t psk_len; unsigned char server_computed_binder[PSA_HASH_MAX_SIZE]; + *psk_alg = MBEDTLS_MD_NONE; psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; switch( binder_len ) { @@ -192,6 +194,7 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, if( mbedtls_ct_memcmp( server_computed_binder, binder, binder_len ) == 0 ) { + *psk_alg = md_alg; return( SSL_TLS1_3_OFFERED_PSK_MATCH ); } @@ -223,7 +226,8 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, - const unsigned char *end ) + const unsigned char *end, + mbedtls_md_type_t *psk_alg ) { const unsigned char *identities = buf; const unsigned char *p_identity_len; @@ -236,6 +240,8 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, int matched_identity = -1; int identity_id = -1; + *psk_alg = MBEDTLS_MD_NONE; + MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension", buf, end - buf ); /* identities_len 2 bytes @@ -266,6 +272,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *binder; size_t binder_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t alg; MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 ); identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 ); @@ -286,11 +293,11 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, ret = ssl_tls13_offered_psks_check_identity_match( ssl, identity, identity_len ); - if( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH == ret ) + if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) continue; ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len ); + ssl, binder, binder_len, &alg ); if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) { MBEDTLS_SSL_DEBUG_RET( 1, @@ -300,10 +307,9 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( ret ); } - if( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH == ret ) - continue; matched_identity = identity_id; + *psk_alg = alg; } if( p_identity_len != identities_end || p_binder_len != binders_end ) @@ -914,10 +920,10 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *extensions_end; int hrr_required = 0; - const mbedtls_ssl_ciphersuite_t* ciphersuite_info; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) const unsigned char *pre_shared_key_ext_start = NULL; const unsigned char *pre_shared_key_ext_end = NULL; + mbedtls_md_type_t psk_alg = MBEDTLS_MD_NONE; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; @@ -1000,7 +1006,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, p, legacy_session_id_len ); /* * Check we have enough data for the legacy session identifier - * and the ciphersuite list length. + * and the ciphersuite list length. */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_len + 2 ); @@ -1012,59 +1018,42 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* Check we have enough data for the ciphersuite list, the legacy * compression methods and the length of the extensions. + * + * cipher_suites cipher_suites_len bytes + * legacy_compression_methods 2 bytes + * extensions_len 2 bytes */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 ); - /* ... - * CipherSuite cipher_suites<2..2^16-2>; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; + /* + * uint8 CipherSuite[2]; // Cryptographic suite selector + * + * struct { + * ... + * CipherSuite cipher_suites<2..2^16-2>; + * ... + * } ClientHello; */ cipher_suites = p; cipher_suites_end = p + cipher_suites_len; MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", p, cipher_suites_len ); - /* - * Search for a matching ciphersuite - */ - int ciphersuite_match = 0; +#if defined(MBEDTLS_DEBUG_C) for ( ; p < cipher_suites_end; p += 2 ) { uint16_t cipher_suite; + const mbedtls_ssl_ciphersuite_t* ciphersuite_info; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 ); cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - /* - * Check whether this ciphersuite is valid and offered. - */ - if( ( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, ssl->tls_version, - ssl->tls_version ) != 0 ) || - ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) - { - continue; - } - - ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; - ciphersuite_match = 1; - - break; - + MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello, received ciphersuite: %04x - %s", + cipher_suite, + ciphersuite_info == NULL ? + "Unkown": ciphersuite_info->name ) ); } - - if( ! ciphersuite_match ) - { - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", - ciphersuite_info->name ) ); - - p = cipher_suites + cipher_suites_len; +#else + p = cipher_suites_end; +#endif /* MBEDTLS_DEBUG_C */ /* ... * opaque legacy_compression_methods<1..2^8-1>; @@ -1298,6 +1287,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf ); +/* TODO: move later */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* Update checksum with either * - The entire content of the CH message, if no PSK extension is present @@ -1311,7 +1301,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, pre_shared_key_ext_start - buf ); ret = ssl_tls13_parse_pre_shared_key_ext( ssl, pre_shared_key_ext_start, - pre_shared_key_ext_end ); + pre_shared_key_ext_end, + &psk_alg ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; @@ -1329,6 +1320,51 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum( ssl, buf, p - buf ); } + /* + * Search for a matching ciphersuite + */ + for ( const unsigned char * p_chiper_suite = cipher_suites ; + p_chiper_suite < cipher_suites_end; p_chiper_suite += 2 ) + { + uint16_t cipher_suite; + const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p_chiper_suite, cipher_suites_end, 2 ); + + cipher_suite = MBEDTLS_GET_UINT16_BE( p_chiper_suite, 0 ); + if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + continue; + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, ssl->tls_version, + ssl->tls_version ) != 0 ) ) + { + continue; + } + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + /* MAC of selected ciphersuite MUST be same with PSK binder if exist. + * Otherwise, client should reject. + */ + if( psk_alg != MBEDTLS_MD_NONE && psk_alg != ciphersuite_info->mac ) + continue; +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + + ssl->session_negotiate->ciphersuite = cipher_suite; + ssl->handshake->ciphersuite_info = ciphersuite_info; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", + cipher_suite, + ciphersuite_info->name ) ); + } + + if( ssl->handshake->ciphersuite_info == NULL ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); From 32e1370fbc81973a2cebeee9eae856f93bea9a2d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 29 Jul 2022 13:04:08 +0800 Subject: [PATCH 05/38] Add config check for pre_shared_key parser Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 91e6f4ef43..5ae9f7cb21 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1295,6 +1295,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, */ /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && + mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) { ssl->handshake->update_checksum( ssl, buf, From f0bad2554af6a08d76369236a79e22e97ba9b7c7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Jul 2022 13:45:24 +0800 Subject: [PATCH 06/38] Continue check next psk key when binder mismatch with matched identity and mismatch binder, should check next psk key. Exit with error will break multi-psk cases. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5ae9f7cb21..6013079231 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -298,7 +298,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, &alg ); - if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) + if( ret < 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_offered_psks_check_binder_match" , ret ); @@ -308,6 +308,9 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( ret ); } + if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) + continue; + matched_identity = identity_id; *psk_alg = alg; } From 56acc9421ce52d7e508cbe4bfbe453be75949589 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Jul 2022 23:02:36 +0800 Subject: [PATCH 07/38] Write key_share base on key_exchange mode. In ServerHello, write key share should base on key_exchange mode, not base on configuration. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6013079231..15656fe7f8 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1803,7 +1803,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, } p += output_len; - if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + if( mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) ) { if( is_hrr ) ret = ssl_tls13_write_hrr_key_share_ext( ssl, p, end, &output_len ); From 5c28e7aa0ebfa3d025e7802ae29eb86e43b0e92f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Jul 2022 23:22:08 +0800 Subject: [PATCH 08/38] remove psk key when ephemeral selected ephemeral is selected, `handshake->psk` must be removed. Otherwise the encrypt key will be caculate fail. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 +++++++ library/ssl_tls.c | 27 +++++---------------------- library/ssl_tls13_server.c | 3 +++ 3 files changed, 15 insertions(+), 22 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e76086a12c..33a6533750 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2498,6 +2498,13 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ); + +/** + * \brief Remove psk from handshake context + * + * \param[in] ssl SSL context + */ +void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe38a0939a..1cda3a7444 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1662,7 +1662,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, return( ret ); } -static void ssl_remove_psk( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) @@ -1682,6 +1682,7 @@ static void ssl_remove_psk( mbedtls_ssl_context *ssl ) mbedtls_platform_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); + ssl->handshake->psk = NULL; ssl->handshake->psk_len = 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1703,7 +1704,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, if( psk_len > MBEDTLS_PSK_MAX_LEN ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl_remove_psk( ssl ); + mbedtls_ssl_remove_psk( ssl ); #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -1780,7 +1781,7 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl_remove_psk( ssl ); + mbedtls_ssl_remove_psk( ssl ); ssl->handshake->psk_opaque = psk; return( 0 ); } @@ -3522,25 +3523,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - { - /* The maintenance of the external PSK key slot is the - * user's responsibility. */ - if( ssl->handshake->psk_opaque_is_internal ) - { - psa_destroy_key( ssl->handshake->psk_opaque ); - ssl->handshake->psk_opaque_is_internal = 0; - } - ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#else - if( handshake->psk != NULL ) - { - mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); - mbedtls_free( handshake->psk ); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ssl_remove_psk( ssl ); #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 15656fe7f8..d527959542 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -761,6 +761,9 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl ) else if( ssl_tls13_check_ephemeral_key_exchange( ssl ) ) { +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + mbedtls_ssl_remove_psk( ssl ); +#endif ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) ); From 6a9bebaefd9e0816a5bed830d8522c8dfc8a181b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 12:45:25 +0800 Subject: [PATCH 09/38] Add psk mode tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 322 +++++++++++++++++++++++++ tests/ssl-opt.sh | 34 --- 2 files changed, 322 insertions(+), 34 deletions(-) create mode 100755 tests/opt-testcases/tls13-kex-modes.sh diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh new file mode 100755 index 0000000000..bbd6544260 --- /dev/null +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -0,0 +1,322 @@ +#!/bin/sh + +# tls13-kex-modes.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5c042ee182..a1990c1eee 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2313,40 +2313,6 @@ run_test "TLS 1.3: key exchange mode parameter passing: All" \ "$P_CLI tls13_kex_modes=all" \ 0 -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -run_test "TLS 1.3: PSK: basic check, O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -psk 1234 -psk 6162636465666768696a6b6c6d6e6f70 -allow_no_dhe_kex" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -run_test "TLS 1.3: PSK: basic check, G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" - # Tests for datagram packing requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client and server" \ From 9b83fa114913e90246204cb4f4be0b088372e2b8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 13:13:51 +0800 Subject: [PATCH 10/38] add psk_ephemeral tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 343 +++++++++++++++++++++++++ 1 file changed, 343 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index bbd6544260..257dd499f2 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -320,3 +320,346 @@ run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_dhe_ke. O->m" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + From fa8c306258d611284714fe0e139a71690c5449ee Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 13:14:56 +0800 Subject: [PATCH 11/38] add ephemeral tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 303 +++++++++++++++++++++++++ 1 file changed, 303 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 257dd499f2..d20026320d 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -663,3 +663,306 @@ run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_dhe_ke -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + From badd46f040c95fd107bdf238f555a1d67120265d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 13:16:44 +0800 Subject: [PATCH 12/38] add psk_all tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 318 +++++++++++++++++++++++++ 1 file changed, 318 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index d20026320d..88e053b7f2 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -966,3 +966,321 @@ run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_dhe_ke. O- -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 1 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" From 3b70b3cce9c87efa7e63d56b5bebd4f930d1e891 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 13:17:37 +0800 Subject: [PATCH 13/38] add epemeral_all tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 303 +++++++++++++++++++++++++ 1 file changed, 303 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 88e053b7f2..b44dd1b45c 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -1284,3 +1284,306 @@ run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_dhe_ke. O->m -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -S "Pre shared key found" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + From 63c78b869f26c7c092a14e72a52e271f3e2cb65f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 31 Jul 2022 13:19:11 +0800 Subject: [PATCH 14/38] add `all` mode tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 303 +++++++++++++++++++++++++ 1 file changed, 303 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index b44dd1b45c..f64c8c6df5 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -1587,3 +1587,306 @@ run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_dhe_ke -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + From 2b7a51ba8fa54d76df240cfff0c84dda8129d428 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 1 Aug 2022 10:19:13 +0800 Subject: [PATCH 15/38] Add psk_or_ephemeral mode and tests psk_or_ephemeral exists in theory. This change is for improving test coverage. Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 11 +- tests/opt-testcases/tls13-kex-modes.sh | 341 +++++++++++++++++++++++++ 2 files changed, 351 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 67b6ca22f2..d26fcc8ce1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,7 +471,8 @@ int main( void ) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " tls13_kex_modes=%%s default: all\n" \ - " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n" + " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \ + " ephemeral_all, all, psk_or_ephemeral\n" #else #define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -1859,6 +1860,14 @@ int main( int argc, char *argv[] ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; else if( strcmp( q, "all" ) == 0 ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; + /* `psk_or_ephemeral` exists in theory and is not recommend in practise. + * In server side, if needed extensions are received, psk or ephemeral + * mode will be set. Add this mode only for test purpose to improve + * test coverage. + */ + else if( strcmp( q, "psk_or_ephemeral" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ; else goto usage; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index f64c8c6df5..b9a8326a56 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -1890,3 +1890,344 @@ run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_dhe_ke. O->m" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg " \ + 0 \ + -s "found psk key exchange modes extension" \ + -S "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" From b25d10f153a78f0c8f47863d29a865bd2f8a8e40 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 21 Aug 2022 12:53:53 +0800 Subject: [PATCH 16/38] Add mismatch key tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 49 ++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index b9a8326a56..ccaf7784f1 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -2231,3 +2231,52 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_dhe -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Binder is not matched." \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Binder is not matched." \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" From 6cf6b47b5ce6de55ff6817b6733745b4c7dfdee7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 16 Aug 2022 14:50:28 +0800 Subject: [PATCH 17/38] fix format and comment issues Signed-off-by: Jerry Yu --- library/ssl_tls.c | 2 +- library/ssl_tls13_keys.c | 6 +++--- library/ssl_tls13_keys.h | 6 +++--- library/ssl_tls13_server.c | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1cda3a7444..c0703a2c3c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1710,7 +1710,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) { - if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) + if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 ); else alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 8d01fc8ddc..c5ec5bfbc4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -359,7 +359,7 @@ int mbedtls_ssl_tls13_evolve_secret( ret = 0; - if( ( input != NULL ) && ( input_len != 0 ) ) + if( input != NULL && input_len != 0 ) { memcpy( tmp_input, input, input_len ); ilen = input_len; @@ -1579,7 +1579,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, return( 0 ); status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); - if( status != PSA_SUCCESS) + if( status != PSA_SUCCESS ) { return( psa_ssl_status_to_mbedtls( status ) ); } @@ -1593,7 +1593,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, status = psa_export_key( ssl->handshake->psk_opaque, (uint8_t *)*psk, *psk_len, psk_len ); - if( status != PSA_SUCCESS) + if( status != PSA_SUCCESS ) { mbedtls_free( (void *)*psk ); return( psa_ssl_status_to_mbedtls( status ) ); diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index c5baf2885d..34c00a479d 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -693,12 +693,12 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); /** - * \brief Export TLS 1.3 PSK key from handshake context + * \brief Export TLS 1.3 PSK from handshake context * * \param ssl The SSL context to operate on. - * \param psk PSK key output pointer. + * \param psk PSK output pointer. * \param psk_len - * Length of PSK key. + * Length of PSK. * * \returns \c 0 on success. * \returns A negative error code on failure. diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d527959542..04fa5de329 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1057,9 +1057,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ciphersuite_info == NULL ? "Unkown": ciphersuite_info->name ) ); } -#else +#else /* MBEDTLS_DEBUG_C */ p = cipher_suites_end; -#endif /* MBEDTLS_DEBUG_C */ +#endif /* !MBEDTLS_DEBUG_C */ /* ... * opaque legacy_compression_methods<1..2^8-1>; @@ -1331,7 +1331,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * Search for a matching ciphersuite */ for ( const unsigned char * p_chiper_suite = cipher_suites ; - p_chiper_suite < cipher_suites_end; p_chiper_suite += 2 ) + p_chiper_suite < cipher_suites_end; p_chiper_suite += 2 ) { uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t* ciphersuite_info; From 5d01c05d938a3ed7cf4ba09165c8b20629e9b4ec Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 17 Aug 2022 10:18:10 +0800 Subject: [PATCH 18/38] fix various issues - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu --- library/ssl_tls.c | 4 ++-- library/ssl_tls13_keys.c | 23 +++++++++++++++++------ programs/ssl/ssl_server2.c | 4 ++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c0703a2c3c..74dd40bb36 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1693,9 +1693,9 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg = PSA_ALG_ANY_HASH; - mbedtls_svc_key_id_t key; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ if( psk == NULL || ssl->handshake == NULL ) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c5ec5bfbc4..01e956fbdf 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1065,13 +1065,18 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) } hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); - - ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); - if( ret != 0 && psk != NULL ) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret ); - return( ret ); + ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", + ret ); + return( ret ); + } } +#endif ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len, handshake->tls13_master_secrets.early ); @@ -1596,18 +1601,24 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) { mbedtls_free( (void *)*psk ); + *psk = NULL; return( psa_ssl_status_to_mbedtls( status ) ); } + return( 0 ); #else *psk = ssl->handshake->psk; *psk_len = ssl->handshake->psk_len; + if( *psk == NULL ) + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + return( 0 ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ ((void) ssl); *psk = NULL; *psk_len = 0; + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); #endif /* !MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - return( 0 ); + } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d26fcc8ce1..d0193e483f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1860,9 +1860,9 @@ int main( int argc, char *argv[] ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; else if( strcmp( q, "all" ) == 0 ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - /* `psk_or_ephemeral` exists in theory and is not recommend in practise. + /* `psk_or_ephemeral` exists in theory and is not recommended in practice. * In server side, if needed extensions are received, psk or ephemeral - * mode will be set. Add this mode only for test purpose to improve + * mode will be set. Add this mode only for test purposes to improve * test coverage. */ else if( strcmp( q, "psk_or_ephemeral" ) == 0 ) From 24b8c813c428d1756ae8985ac76d57f48eadd568 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 20 Aug 2022 19:06:56 +0800 Subject: [PATCH 19/38] fix comments and wrong initial value issues Signed-off-by: Jerry Yu --- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 14 +++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 74dd40bb36..639b18c92d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1694,7 +1694,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = psa_key_attributes_init(); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg = PSA_ALG_ANY_HASH; + psa_algorithm_t alg = PSA_ALG_NONE; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 04fa5de329..3c267cf10c 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1031,14 +1031,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 ); - /* - * uint8 CipherSuite[2]; // Cryptographic suite selector - * - * struct { - * ... - * CipherSuite cipher_suites<2..2^16-2>; - * ... - * } ClientHello; + /* ... + * CipherSuite cipher_suites<2..2^16-2>; + * ... + * with CipherSuite defined as: + * uint8 CipherSuite[2]; */ cipher_suites = p; cipher_suites_end = p + cipher_suites_len; @@ -1293,7 +1290,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf ); -/* TODO: move later */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* Update checksum with either * - The entire content of the CH message, if no PSK extension is present From e9d4fc09a39bdc688597f338b4022707910ae447 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 20 Aug 2022 19:21:15 +0800 Subject: [PATCH 20/38] fix binder value security issue Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3c267cf10c..e9a4f998c6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -100,8 +100,8 @@ static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 0 -#define SSL_TLS1_3_OFFERED_PSK_MATCH 1 +#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1 +#define SSL_TLS1_3_OFFERED_PSK_MATCH 0 MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match( mbedtls_ssl_context *ssl, @@ -286,7 +286,6 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( binder, binders_end, binder_len ); p_binder_len += binder_len + 1; - identity_id++; if( matched_identity != -1 ) continue; @@ -298,8 +297,11 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, &alg ); - if( ret < 0 ) + /* For the security rationale, handshake should be abort when binder + * value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ + if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Binder is not matched." ) ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_offered_psks_check_binder_match" , ret ); MBEDTLS_SSL_PEND_FATAL_ALERT( @@ -308,9 +310,6 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( ret ); } - if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) - continue; - matched_identity = identity_id; *psk_alg = alg; } @@ -329,7 +328,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, (size_t)( binders_end - identities_end ) ); if( matched_identity == -1 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "No matched pre shared key found" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "No matched PSK or ticket." ) ); return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ); } @@ -1306,7 +1305,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, pre_shared_key_ext_start, pre_shared_key_ext_end, &psk_alg ); - if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) + if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; } From 9f7f646b11d669341da088f0ee9c30e449f99e08 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 21 Aug 2022 10:22:33 +0800 Subject: [PATCH 21/38] Revert "remove psk key when ephemeral selected" This reverts commit 5c28e7aa0ebfa3d025e7802ae29eb86e43b0e92f. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 ------- library/ssl_tls.c | 27 ++++++++++++++++++++++----- library/ssl_tls13_server.c | 3 --- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 33a6533750..e76086a12c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2498,13 +2498,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ); - -/** - * \brief Remove psk from handshake context - * - * \param[in] ssl SSL context - */ -void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 639b18c92d..8aadeb143d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1662,7 +1662,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, return( ret ); } -void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ) +static void ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) @@ -1682,7 +1682,6 @@ void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ) mbedtls_platform_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); - ssl->handshake->psk = NULL; ssl->handshake->psk_len = 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1704,7 +1703,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, if( psk_len > MBEDTLS_PSK_MAX_LEN ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - mbedtls_ssl_remove_psk( ssl ); + ssl_remove_psk( ssl ); #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -1781,7 +1780,7 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - mbedtls_ssl_remove_psk( ssl ); + ssl_remove_psk( ssl ); ssl->handshake->psk_opaque = psk; return( 0 ); } @@ -3523,7 +3522,25 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - mbedtls_ssl_remove_psk( ssl ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) + { + /* The maintenance of the external PSK key slot is the + * user's responsibility. */ + if( ssl->handshake->psk_opaque_is_internal ) + { + psa_destroy_key( ssl->handshake->psk_opaque ); + ssl->handshake->psk_opaque_is_internal = 0; + } + ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; + } +#else + if( handshake->psk != NULL ) + { + mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); + mbedtls_free( handshake->psk ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e9a4f998c6..b37fe5a1e4 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -760,9 +760,6 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl ) else if( ssl_tls13_check_ephemeral_key_exchange( ssl ) ) { -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - mbedtls_ssl_remove_psk( ssl ); -#endif ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) ); From 01e42d2d4c2b5085d69cebe6babe711773041147 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 21 Aug 2022 12:55:51 +0800 Subject: [PATCH 22/38] fix issues in export handshake psk Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 14 ++++---------- library/ssl_tls13_keys.h | 11 ++++++----- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 01e956fbdf..c11ad28816 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1567,12 +1567,12 @@ cleanup: return( ret ); } - +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len ) { -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; @@ -1581,7 +1581,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, *psk = NULL; if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 0 ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); if( status != PSA_SUCCESS ) @@ -1612,14 +1612,8 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); return( 0 ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#else /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - ((void) ssl); - *psk = NULL; - *psk_len = 0; - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif /* !MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - } +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 34c00a479d..ea553e35df 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -692,21 +692,22 @@ int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /** * \brief Export TLS 1.3 PSK from handshake context * - * \param ssl The SSL context to operate on. - * \param psk PSK output pointer. - * \param psk_len - * Length of PSK. + * \param[in] ssl The SSL context to operate on. + * \param[out] psk PSK output pointer. + * \param[out] psk_len Length of PSK. * - * \returns \c 0 on success. + * \returns \c 0 if there is configured PSK and exported success. * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len ); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 5725f1cf3aa22d45327fec5ce3d90773ef58820b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 21 Aug 2022 17:27:16 +0800 Subject: [PATCH 23/38] Align ciphersuite with overwrite. Selected ciphersuite MUST be same with ciphsersuite of PSK. Overwrite the old ciphersuite with the one of PSK. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 224 +++++++++++++++++++++++-------------- 1 file changed, 142 insertions(+), 82 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b37fe5a1e4..e4ff3b125d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -106,8 +106,10 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match( mbedtls_ssl_context *ssl, const unsigned char *identity, - size_t identity_len ) + size_t identity_len, + int *psk_type ) { + *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; /* Check identity with external configured function */ if( ssl->conf->f_psk != NULL ) { @@ -137,12 +139,11 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, const unsigned char *binder, size_t binder_len, - mbedtls_md_type_t *psk_alg ) + int psk_type, + mbedtls_md_type_t psk_alg ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int psk_type; - mbedtls_md_type_t md_alg; psa_algorithm_t psa_md_alg; unsigned char transcript[PSA_HASH_MAX_SIZE]; size_t transcript_len; @@ -150,22 +151,9 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, size_t psk_len; unsigned char server_computed_binder[PSA_HASH_MAX_SIZE]; - *psk_alg = MBEDTLS_MD_NONE; - psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - switch( binder_len ) - { - case 32: - md_alg = MBEDTLS_MD_SHA256; - break; - case 48: - md_alg = MBEDTLS_MD_SHA384; - break; - default: - return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - } - psa_md_alg = mbedtls_psa_translate_md( md_alg ); + psa_md_alg = mbedtls_psa_translate_md( psk_alg ); /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( ssl, md_alg, + ret = mbedtls_ssl_get_handshake_transcript( ssl, psk_alg, transcript, sizeof( transcript ), &transcript_len ); if( ret != 0 ) @@ -194,7 +182,6 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, if( mbedtls_ct_memcmp( server_computed_binder, binder, binder_len ) == 0 ) { - *psk_alg = md_alg; return( SSL_TLS1_3_OFFERED_PSK_MATCH ); } @@ -203,6 +190,70 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH ); } +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end, + size_t binder_len, + uint16_t *selected_cipher_suite ) +{ + mbedtls_md_type_t psk_alg; + + *selected_cipher_suite = 0; + + switch( binder_len ) + { +#if defined(MBEDTLS_SHA256_C) + case 32: + psk_alg = MBEDTLS_MD_SHA256; + break; +#endif +#if defined(MBEDTLS_SHA384_C) + case 48: + psk_alg = MBEDTLS_MD_SHA384; + break; +#endif + default: + return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + } + /* + * Search for a matching ciphersuite + */ + for ( const unsigned char *p = buf ; p < end ; p += 2 ) + { + uint16_t cipher_suite; + const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + + cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); + if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + continue; + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, ssl->tls_version, + ssl->tls_version ) != 0 ) ) + { + continue; + } + + /* MAC of selected ciphersuite MUST be same with PSK binder if exist. + * Otherwise, client should reject. + */ + if( psk_alg != MBEDTLS_MD_NONE && psk_alg != ciphersuite_info->mac ) + continue; + + *selected_cipher_suite = cipher_suite; + + MBEDTLS_SSL_DEBUG_MSG( 5, ( "PSK matched ciphersuite: %04x - %s", + cipher_suite, + ciphersuite_info->name ) ); + return( 0 ); + } + + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} /* Parser for pre_shared_key extension in client hello * struct { * opaque identity<1..2^16-1>; @@ -227,7 +278,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end, - mbedtls_md_type_t *psk_alg ) + const unsigned char *ciphersuites, + const unsigned char *ciphersuites_end ) { const unsigned char *identities = buf; const unsigned char *p_identity_len; @@ -240,8 +292,6 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, int matched_identity = -1; int identity_id = -1; - *psk_alg = MBEDTLS_MD_NONE; - MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension", buf, end - buf ); /* identities_len 2 bytes @@ -272,7 +322,9 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *binder; size_t binder_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t alg; + int psk_type; + uint16_t cipher_suite; + const mbedtls_ssl_ciphersuite_t* ciphersuite_info; MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 ); identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 ); @@ -291,12 +343,34 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, continue; ret = ssl_tls13_offered_psks_check_identity_match( - ssl, identity, identity_len ); + ssl, identity, identity_len, &psk_type ); if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) continue; + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) + { + ret = ssl_tls13_psk_external_check_ciphersuites( + ssl, ciphersuites, ciphersuites_end, + binder_len, &cipher_suite ); + if( ret < 0 ) + { + /* See below, no cipher_suite available, abort handshake */ + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( ret ); + } + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "`psk_type = %d` not support yet", + psk_type ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } + ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len, &alg ); + ssl, binder, binder_len, psk_type, ciphersuite_info->mac ); /* For the security rationale, handshake should be abort when binder * value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) @@ -311,7 +385,16 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, } matched_identity = identity_id; - *psk_alg = alg; + + /* Update handshake parameters */ + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) + { + ssl->session_negotiate->ciphersuite = cipher_suite; + ssl->handshake->ciphersuite_info = ciphersuite_info; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s", + cipher_suite, + ciphersuite_info->name ) ); + } } if( p_identity_len != identities_end || p_binder_len != binders_end ) @@ -915,7 +998,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; size_t legacy_session_id_len; - const unsigned char *cipher_suites; size_t cipher_suites_len; const unsigned char *cipher_suites_end; size_t extensions_len; @@ -923,9 +1005,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, int hrr_required = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + const unsigned char *cipher_suites; const unsigned char *pre_shared_key_ext_start = NULL; const unsigned char *pre_shared_key_ext_end = NULL; - mbedtls_md_type_t psk_alg = MBEDTLS_MD_NONE; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; @@ -1033,26 +1115,48 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * with CipherSuite defined as: * uint8 CipherSuite[2]; */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) cipher_suites = p; +#endif cipher_suites_end = p + cipher_suites_len; MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", p, cipher_suites_len ); -#if defined(MBEDTLS_DEBUG_C) + + /* + * Search for a matching ciphersuite + */ for ( ; p < cipher_suites_end; p += 2 ) { uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 ); + cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); + if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + continue; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello, received ciphersuite: %04x - %s", + if( ( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, ssl->tls_version, + ssl->tls_version ) != 0 ) ) + { + continue; + } + + ssl->session_negotiate->ciphersuite = cipher_suite; + ssl->handshake->ciphersuite_info = ciphersuite_info; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", cipher_suite, - ciphersuite_info == NULL ? - "Unkown": ciphersuite_info->name ) ); + ciphersuite_info->name ) ); + } + + if( ssl->handshake->ciphersuite_info == NULL ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } -#else /* MBEDTLS_DEBUG_C */ - p = cipher_suites_end; -#endif /* !MBEDTLS_DEBUG_C */ /* ... * opaque legacy_compression_methods<1..2^8-1>; @@ -1301,7 +1405,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ret = ssl_tls13_parse_pre_shared_key_ext( ssl, pre_shared_key_ext_start, pre_shared_key_ext_end, - &psk_alg ); + cipher_suites, + cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; @@ -1319,51 +1424,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum( ssl, buf, p - buf ); } - /* - * Search for a matching ciphersuite - */ - for ( const unsigned char * p_chiper_suite = cipher_suites ; - p_chiper_suite < cipher_suites_end; p_chiper_suite += 2 ) - { - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t* ciphersuite_info; - - MBEDTLS_SSL_CHK_BUF_READ_PTR( p_chiper_suite, cipher_suites_end, 2 ); - - cipher_suite = MBEDTLS_GET_UINT16_BE( p_chiper_suite, 0 ); - if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) - continue; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - if( ( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, ssl->tls_version, - ssl->tls_version ) != 0 ) ) - { - continue; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - /* MAC of selected ciphersuite MUST be same with PSK binder if exist. - * Otherwise, client should reject. - */ - if( psk_alg != MBEDTLS_MD_NONE && psk_alg != ciphersuite_info->mac ) - continue; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - - ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", - cipher_suite, - ciphersuite_info->name ) ); - } - - if( ssl->handshake->ciphersuite_info == NULL ) - { - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); From 66f35f2402e90512bf8e7ebf548ff0d40ea36570 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 22 Aug 2022 17:27:41 +0800 Subject: [PATCH 24/38] fix wrong requires setting Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 101 +++++++++++++------------ 1 file changed, 51 insertions(+), 50 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index ccaf7784f1..e68016717d 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -18,7 +18,7 @@ # limitations under the License. # -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -65,7 +65,7 @@ run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke and p -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -89,7 +89,7 @@ run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke. G->m -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -136,7 +136,7 @@ run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_dhe_ke. -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -183,7 +183,7 @@ run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke and psk_dh -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -207,7 +207,7 @@ run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke. G->m" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -254,7 +254,7 @@ run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_dhe_ke. O->m" -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -321,7 +321,7 @@ run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_dhe_ke. O->m" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -374,7 +374,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with ps -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -401,7 +401,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with ps -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -454,7 +454,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with ps -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -507,7 +507,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -534,7 +534,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke. -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -587,7 +587,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_dhe -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -663,7 +663,7 @@ run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_dhe_ke -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -710,7 +710,7 @@ run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -734,7 +734,7 @@ run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -781,7 +781,7 @@ run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_dh -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -828,7 +828,7 @@ run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke and -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -852,7 +852,7 @@ run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke. G-> -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -899,7 +899,7 @@ run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_dhe_ke. -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -966,7 +966,7 @@ run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_dhe_ke. O- -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1011,7 +1011,7 @@ run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke a -s "Found PSK KEX MODE" \ -s "Pre shared key found" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1037,7 +1037,7 @@ run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke. -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1088,7 +1088,7 @@ run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_dhe_ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1141,7 +1141,7 @@ run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke and ps -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1168,7 +1168,7 @@ run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke. G->m" -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1221,7 +1221,7 @@ run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_dhe_ke. O -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1284,7 +1284,8 @@ run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_dhe_ke. O->m -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -S "Pre shared key found" -requires_openssl_tls1_3 + +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1331,7 +1332,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with ps -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1355,7 +1356,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with ps -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1402,7 +1403,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with ps -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1449,7 +1450,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1473,7 +1474,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke. -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1520,7 +1521,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_dhe -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1587,7 +1588,7 @@ run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_dhe_ke -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1634,7 +1635,7 @@ run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke and p -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1658,7 +1659,7 @@ run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke. G->m -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1705,7 +1706,7 @@ run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_dhe_ke. -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1752,7 +1753,7 @@ run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke and psk_dh -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1776,7 +1777,7 @@ run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke. G->m" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1823,7 +1824,7 @@ run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_dhe_ke. O->m" -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1890,7 +1891,7 @@ run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_dhe_ke. O->m" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1943,7 +1944,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1970,7 +1971,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2023,7 +2024,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2076,7 +2077,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2103,7 +2104,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2156,7 +2157,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2232,7 +2233,7 @@ run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_dhe -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" -requires_openssl_tls1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C From 29d9faa468a350285763938e2a5869fdd0e03c04 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 Aug 2022 17:52:45 +0800 Subject: [PATCH 25/38] fix various issues. - comments issues - code format style issues - naming improvement. - error return improvements Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 4 +-- library/ssl_tls13_keys.h | 5 ++-- library/ssl_tls13_server.c | 51 ++++++++++++++++++++------------------ 3 files changed, 32 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c11ad28816..3948ea6a21 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1581,7 +1581,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, *psk = NULL; if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); if( status != PSA_SUCCESS ) @@ -1609,7 +1609,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, *psk = ssl->handshake->psk; *psk_len = ssl->handshake->psk_len; if( *psk == NULL ) - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( 0 ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ } diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index ea553e35df..b1155fb2a6 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -700,8 +700,9 @@ int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); * \param[out] psk PSK output pointer. * \param[out] psk_len Length of PSK. * - * \returns \c 0 if there is configured PSK and exported success. - * \returns A negative error code on failure. + * \returns \c 0 if there is a configured PSK and it was exported + * successfully. + * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e4ff3b125d..43b633e8a2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -140,22 +140,20 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, const unsigned char *binder, size_t binder_len, int psk_type, - mbedtls_md_type_t psk_alg ) + psa_algorithm_t psk_hash_alg ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t psa_md_alg; unsigned char transcript[PSA_HASH_MAX_SIZE]; size_t transcript_len; unsigned char *psk; size_t psk_len; unsigned char server_computed_binder[PSA_HASH_MAX_SIZE]; - psa_md_alg = mbedtls_psa_translate_md( psk_alg ); /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( ssl, psk_alg, - transcript, sizeof( transcript ), - &transcript_len ); + ret = mbedtls_ssl_get_handshake_transcript( + ssl, mbedtls_hash_info_md_from_psa( psk_hash_alg ), + transcript, sizeof( transcript ), &transcript_len ); if( ret != 0 ) return( ret ); @@ -163,7 +161,7 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, if( ret != 0 ) return( ret ); - ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_md_alg, + ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psk_hash_alg, psk, psk_len, psk_type, transcript, server_computed_binder ); @@ -276,12 +274,12 @@ static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl, */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, + const unsigned char *pre_shared_key_ext, + const unsigned char *pre_shared_key_ext_end, const unsigned char *ciphersuites, const unsigned char *ciphersuites_end ) { - const unsigned char *identities = buf; + const unsigned char *identities = pre_shared_key_ext; const unsigned char *p_identity_len; size_t identities_len; const unsigned char *identities_end; @@ -292,28 +290,32 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, int matched_identity = -1; int identity_id = -1; - MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension", buf, end - buf ); + MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension", + pre_shared_key_ext, + pre_shared_key_ext_end - pre_shared_key_ext ); /* identities_len 2 bytes * identities_data >= 7 bytes */ - MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, end, 7 + 2 ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, pre_shared_key_ext_end, 7 + 2 ); identities_len = MBEDTLS_GET_UINT16_BE( identities, 0 ); p_identity_len = identities + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, end, identities_len ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, pre_shared_key_ext_end, + identities_len ); identities_end = p_identity_len + identities_len; /* binders_len 2 bytes * binders >= 33 bytes */ binders = identities_end; - MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, end, 33 + 2 ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, pre_shared_key_ext_end, 33 + 2 ); binders_len = MBEDTLS_GET_UINT16_BE( binders, 0 ); p_binder_len = binders + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, end, binders_len ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, pre_shared_key_ext_end, binders_len ); binders_end = p_binder_len + binders_len; - ssl->handshake->update_checksum( ssl, buf, identities_end - buf ); + ssl->handshake->update_checksum( ssl, pre_shared_key_ext, + identities_end - pre_shared_key_ext ); while( p_identity_len < identities_end && p_binder_len < binders_end ) { @@ -324,7 +326,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int psk_type; uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 ); identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 ); @@ -370,11 +372,12 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, } ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len, psk_type, ciphersuite_info->mac ); - /* For the security rationale, handshake should be abort when binder - * value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ + ssl, binder, binder_len, psk_type, + mbedtls_psa_translate_md( ciphersuite_info->mac ) ); if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) { + /* For the security rationale, handshake should be abort when binder + * value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Binder is not matched." ) ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_offered_psks_check_binder_match" , ret ); @@ -1006,7 +1009,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) const unsigned char *cipher_suites; - const unsigned char *pre_shared_key_ext_start = NULL; + const unsigned char *pre_shared_key_ext = NULL; const unsigned char *pre_shared_key_ext_end = NULL; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -1334,7 +1337,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * found out which algorithms to use. We keep a pointer * to the buffer and the size for later processing. */ - pre_shared_key_ext_start = p; + pre_shared_key_ext = p; pre_shared_key_ext_end = extension_data_end; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; @@ -1401,9 +1404,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) { ssl->handshake->update_checksum( ssl, buf, - pre_shared_key_ext_start - buf ); + pre_shared_key_ext - buf ); ret = ssl_tls13_parse_pre_shared_key_ext( ssl, - pre_shared_key_ext_start, + pre_shared_key_ext, pre_shared_key_ext_end, cipher_suites, cipher_suites_end ); From dd1bef788e4be1f3de968d6b79be462026674e24 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 Aug 2022 17:57:02 +0800 Subject: [PATCH 26/38] Add ciphersuite_info check return null if no valid ciphersuite info Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 43b633e8a2..f1fc1e5d22 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -188,6 +188,24 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH ); } +static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id( + mbedtls_ssl_context *ssl, + uint16_t cipher_suite ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + return( NULL ); + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, + ssl->tls_version, + ssl->tls_version ) != 0 ) ) + { + return( NULL ); + } + return( ciphersuite_info ); +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1136,17 +1154,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 ); cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); - if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( + ssl,cipher_suite ); + if( ciphersuite_info == NULL ) continue; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - if( ( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, ssl->tls_version, - ssl->tls_version ) != 0 ) ) - { - continue; - } - ssl->session_negotiate->ciphersuite = cipher_suite; ssl->handshake->ciphersuite_info = ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", From f35ba384ff3da79375a8b8c759403048fc70ea24 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 Aug 2022 17:58:26 +0800 Subject: [PATCH 27/38] Add select ciphersuite entry function Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 182 +++++++++++++++++++++---------------- 1 file changed, 102 insertions(+), 80 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f1fc1e5d22..2c4dd86af7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -46,6 +46,25 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" + +static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id( + mbedtls_ssl_context *ssl, + uint16_t cipher_suite ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + return( NULL ); + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, + ssl->tls_version, + ssl->tls_version ) != 0 ) ) + { + return( NULL ); + } + return( ciphersuite_info ); +} + #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* From RFC 8446: * @@ -188,88 +207,98 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH ); } -static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id( - mbedtls_ssl_context *ssl, - uint16_t cipher_suite ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) - return( NULL ); - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, - ssl->tls_version, - ssl->tls_version ) != 0 ) ) - { - return( NULL ); - } - return( ciphersuite_info ); -} - MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, - size_t binder_len, - uint16_t *selected_cipher_suite ) +static int ssl_tls13_select_ciphersuite_for_psk( + mbedtls_ssl_context *ssl, + const unsigned char *cipher_suites, + const unsigned char *cipher_suites_end, + uint16_t *selected_ciphersuite, + const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info ) { - mbedtls_md_type_t psk_alg; + psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256; - *selected_cipher_suite = 0; + /* RFC 8446, page 55. + * + * For externally established PSKs, the Hash algorithm MUST be set when the + * PSK is established or default to SHA-256 if no such algorithm is defined. + * + */ + psk_hash_alg = PSA_ALG_SHA_256; - switch( binder_len ) - { -#if defined(MBEDTLS_SHA256_C) - case 32: - psk_alg = MBEDTLS_MD_SHA256; - break; -#endif -#if defined(MBEDTLS_SHA384_C) - case 48: - psk_alg = MBEDTLS_MD_SHA384; - break; -#endif - default: - return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - } /* * Search for a matching ciphersuite */ - for ( const unsigned char *p = buf ; p < end ; p += 2 ) + for ( const unsigned char *p = cipher_suites ; + p < cipher_suites_end ; p += 2 ) { uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t* ciphersuite_info; - - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); - if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) + ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( + ssl,cipher_suite ); + if( ciphersuite_info == NULL ) continue; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - if( ( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, ssl->tls_version, - ssl->tls_version ) != 0 ) ) - { - continue; - } - /* MAC of selected ciphersuite MUST be same with PSK binder if exist. * Otherwise, client should reject. */ - if( psk_alg != MBEDTLS_MD_NONE && psk_alg != ciphersuite_info->mac ) - continue; + if( psk_hash_alg == mbedtls_psa_translate_md( ciphersuite_info->mac ) ) + { + *selected_ciphersuite = cipher_suite; + *selected_ciphersuite_info = ciphersuite_info; + return( 0 ); + } + } + MBEDTLS_SSL_DEBUG_MSG( 2, ( "No matched ciphersuite" ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); +} - *selected_cipher_suite = cipher_suite; +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_select_ciphersuite_for_resumption( + mbedtls_ssl_context *ssl, + const unsigned char *cipher_suites, + const unsigned char *cipher_suites_end, + mbedtls_ssl_session *session, + uint16_t *selected_ciphersuite, + const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info ) +{ + ((void) ssl); + ((void) session); + ((void) cipher_suites); + ((void) cipher_suites_end); + ((void) selected_ciphersuite); + ((void) selected_ciphersuite_info); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} - MBEDTLS_SSL_DEBUG_MSG( 5, ( "PSK matched ciphersuite: %04x - %s", - cipher_suite, - ciphersuite_info->name ) ); - return( 0 ); +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_select_ciphersuite( + mbedtls_ssl_context *ssl, + const unsigned char *cipher_suites, + const unsigned char *cipher_suites_end, + int psk_type, + mbedtls_ssl_session *session, + uint16_t *selected_ciphersuite, + const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info ) +{ + *selected_ciphersuite = 0; + *selected_ciphersuite_info = NULL; + switch( psk_type ) + { + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + return( ssl_tls13_select_ciphersuite_for_psk( + ssl, cipher_suites, cipher_suites_end, + selected_ciphersuite, selected_ciphersuite_info ) ); + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + return( ssl_tls13_select_ciphersuite_for_resumption( + ssl, cipher_suites, cipher_suites_end, session, + selected_ciphersuite, selected_ciphersuite_info ) ); } - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } + /* Parser for pre_shared_key extension in client hello * struct { * opaque identity<1..2^16-1>; @@ -367,26 +396,19 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) continue; - if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) + MBEDTLS_SSL_DEBUG_MSG( 4, ( "found matched identity" ) ); + ret = ssl_tls13_select_ciphersuite( ssl, ciphersuites, ciphersuites_end, + psk_type, NULL, &cipher_suite, + &ciphersuite_info ); + if( ret != 0 ) { - ret = ssl_tls13_psk_external_check_ciphersuites( - ssl, ciphersuites, ciphersuites_end, - binder_len, &cipher_suite ); - if( ret < 0 ) - { - /* See below, no cipher_suite available, abort handshake */ - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( ret ); - } - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "`psk_type = %d` not support yet", - psk_type ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* See below, no cipher_suite available, abort handshake */ + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_RET( + 2, "ssl_tls13_select_ciphersuite_for_psk", ret ); + return( ret ); } ret = ssl_tls13_offered_psks_check_binder_match( From 2185c0f2e9ee3f9fb6051762ce4fb1493cd510c5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 Aug 2022 16:12:43 +0800 Subject: [PATCH 28/38] add force ciphersuite tls-aes-256-gcm-sha384 test PSK hash alg of server is sha256. If client send only tls-aes-256-gcm-384, there is no valid ciphersuite available, handshake should be abort. Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 47 ++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index e68016717d..55159b43e3 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -2281,3 +2281,50 @@ run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +# SOME_ECDHE_ENABLED? +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "Pre shared key found" \ + -S "No matched PSK or ticket"\ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" From c5a23a0f1214d738491bd0a07d3fd0a3344738df Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 Aug 2022 10:51:44 +0800 Subject: [PATCH 29/38] fix various issues - code style - variable initialize - update comments Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 7 +------ library/ssl_tls13_server.c | 17 +++++++++-------- programs/ssl/ssl_server2.c | 10 ++++++---- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 3948ea6a21..32a4f2ab3a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1572,10 +1572,9 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len ) { - #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *psk_len = 0; *psk = NULL; @@ -1585,16 +1584,12 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); if( status != PSA_SUCCESS ) - { return( psa_ssl_status_to_mbedtls( status ) ); - } *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) ); *psk = mbedtls_calloc( 1, *psk_len ); if( *psk == NULL ) - { return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - } status = psa_export_key( ssl->handshake->psk_opaque, (uint8_t *)*psk, *psk_len, psk_len ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2c4dd86af7..906ead739a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -47,9 +47,9 @@ #include "ssl_debug_helpers.h" -static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id( +static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( mbedtls_ssl_context *ssl, - uint16_t cipher_suite ) + unsigned int cipher_suite ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) @@ -235,8 +235,8 @@ static int ssl_tls13_select_ciphersuite_for_psk( const mbedtls_ssl_ciphersuite_t *ciphersuite_info; cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); - ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( - ssl,cipher_suite ); + ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl, + cipher_suite ); if( ciphersuite_info == NULL ) continue; @@ -416,9 +416,10 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, mbedtls_psa_translate_md( ciphersuite_info->mac ) ); if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) { - /* For the security rationale, handshake should be abort when binder - * value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Binder is not matched." ) ); + /* For security reasons, the handshake should be aborted when we + * fail to validate a binder value. See RFC 8446 section 4.2.11.2 + * and appendix E.6. */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Invalid binder." ) ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_offered_psks_check_binder_match" , ret ); MBEDTLS_SSL_PEND_FATAL_ALERT( @@ -1176,7 +1177,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 ); cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); - ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( + ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,cipher_suite ); if( ciphersuite_info == NULL ) continue; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d0193e483f..3f1e01fb22 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1860,10 +1860,12 @@ int main( int argc, char *argv[] ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; else if( strcmp( q, "all" ) == 0 ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - /* `psk_or_ephemeral` exists in theory and is not recommended in practice. - * In server side, if needed extensions are received, psk or ephemeral - * mode will be set. Add this mode only for test purposes to improve - * test coverage. + /* The purpose of `psk_or_ephemeral` is to improve test coverage. That + * is not recommended in practice. + * `psk_or_ephemeral` exists in theory, we need this mode to test if + * this setting work correctly. With this key exchange setting, server + * should always perform `ephemeral` handshake. `psk` or `psk_ephermal` + * is not expected. */ else if( strcmp( q, "psk_or_ephemeral" ) == 0 ) opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | From 0baf907e11a8ff6e45f3ee788b7279ceacccabc7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 Aug 2022 11:21:04 +0800 Subject: [PATCH 30/38] remove `select_ciphersuite` Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 50 +++++++++++++++----------------------- 1 file changed, 19 insertions(+), 31 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 906ead739a..1faa6a791c 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -217,6 +217,9 @@ static int ssl_tls13_select_ciphersuite_for_psk( { psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256; + *selected_ciphersuite = 0; + *selected_ciphersuite_info = NULL; + /* RFC 8446, page 55. * * For externally established PSKs, the Hash algorithm MUST be set when the @@ -267,35 +270,8 @@ static int ssl_tls13_select_ciphersuite_for_resumption( ((void) session); ((void) cipher_suites); ((void) cipher_suites_end); - ((void) selected_ciphersuite); - ((void) selected_ciphersuite_info); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_select_ciphersuite( - mbedtls_ssl_context *ssl, - const unsigned char *cipher_suites, - const unsigned char *cipher_suites_end, - int psk_type, - mbedtls_ssl_session *session, - uint16_t *selected_ciphersuite, - const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info ) -{ *selected_ciphersuite = 0; *selected_ciphersuite_info = NULL; - switch( psk_type ) - { - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - return( ssl_tls13_select_ciphersuite_for_psk( - ssl, cipher_suites, cipher_suites_end, - selected_ciphersuite, selected_ciphersuite_info ) ); - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - return( ssl_tls13_select_ciphersuite_for_resumption( - ssl, cipher_suites, cipher_suites_end, session, - selected_ciphersuite, selected_ciphersuite_info ) ); - } - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -397,9 +373,21 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, continue; MBEDTLS_SSL_DEBUG_MSG( 4, ( "found matched identity" ) ); - ret = ssl_tls13_select_ciphersuite( ssl, ciphersuites, ciphersuites_end, - psk_type, NULL, &cipher_suite, - &ciphersuite_info ); + switch( psk_type ) + { + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + ret = ssl_tls13_select_ciphersuite_for_psk( + ssl, ciphersuites, ciphersuites_end, + &cipher_suite, &ciphersuite_info ); + break; + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + ret = ssl_tls13_select_ciphersuite_for_resumption( + ssl, ciphersuites, ciphersuites_end, NULL, + &cipher_suite, &ciphersuite_info ); + break; + default: + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } if( ret != 0 ) { /* See below, no cipher_suite available, abort handshake */ @@ -407,7 +395,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); MBEDTLS_SSL_DEBUG_RET( - 2, "ssl_tls13_select_ciphersuite_for_psk", ret ); + 2, "ssl_tls13_select_ciphersuite", ret ); return( ret ); } From 3c01d47ef791a2ed1cc702e9a332a8a6283634aa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 Aug 2022 11:34:36 +0800 Subject: [PATCH 31/38] Update test cases Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 55159b43e3..d66f79b2ee 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -2251,7 +2251,7 @@ run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "Binder is not matched." \ + -s "Invalid binder." \ -S "Pre shared key found" \ -S "No matched PSK or ticket"\ -S "key exchange mode: psk$" \ @@ -2275,7 +2275,7 @@ run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "Binder is not matched." \ + -s "Invalid binder." \ -S "Pre shared key found" \ -S "No matched PSK or ticket"\ -S "key exchange mode: psk$" \ From 3e06fce2607405d6ccb9f78ffbe3824e7a0bdb31 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 Aug 2022 17:51:57 +0800 Subject: [PATCH 32/38] Remove old tests. only reserve "no valid ciphersuite" test Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 2280 +----------------------- 1 file changed, 4 insertions(+), 2276 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index d66f79b2ee..869426d8ca 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -23,2274 +23,10 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # SOME_ECDHE_ENABLED? requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_all: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 1 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: ephemeral_all: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with matched key and identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: with mismatched identity, with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -s "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+VERS-TLS1.3 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: psk_or_ephemeral: without pre_shared_key,with psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg " \ - 0 \ - -s "found psk key exchange modes extension" \ - -S "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -# SOME_ECDHE_ENABLED? -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. G->m" \ +run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -2300,11 +36,7 @@ run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. G->m" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -s "No matched ciphersuite" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2314,7 +46,7 @@ requires_config_enabled MBEDTLS_DEBUG_C # SOME_ECDHE_ENABLED? requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. O->m" \ +run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -2323,8 +55,4 @@ run_test "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. O->m" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -S "Pre shared key found" \ - -S "No matched PSK or ticket"\ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -s "No matched ciphersuite" \ No newline at end of file From e7b4b584030fe12e37562e7818901816221d37e4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 Aug 2022 17:53:13 +0800 Subject: [PATCH 33/38] Add psk kex mode tests Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 1391 +++++++++++++++++++++++- 1 file changed, 1390 insertions(+), 1 deletion(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 869426d8ca..6f28ab9b29 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -55,4 +55,1393 @@ run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" \ No newline at end of file + -s "No matched ciphersuite" + + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk, fail -- no common key exchange mode" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_ephemeral, fail -- no common key exchange mode" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/ephemeral_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_or_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_or_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: G->m: psk&ephemeral/psk_or_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -S "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk, fail -- no common key exchange mode" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -s "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, good -- with fallback" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_or_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, good" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Pre shared key found" \ + -S "No matched PSK or ticket" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -s "key exchange mode: ephemeral" + +requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, fail -- different psk with same identity" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "Invalid binder." \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" From e5834fd0d703f04b400cb98b5e6e3c2e79394368 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 20:16:09 +0800 Subject: [PATCH 34/38] remove unnecessary test also optimize check sum Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1faa6a791c..20cb5c50b9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -419,14 +419,11 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl, matched_identity = identity_id; /* Update handshake parameters */ - if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) - { - ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s", - cipher_suite, - ciphersuite_info->name ) ); - } + ssl->session_negotiate->ciphersuite = cipher_suite; + ssl->handshake->ciphersuite_info = ciphersuite_info; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s", + cipher_suite, ciphersuite_info->name ) ); + } if( p_identity_len != identities_end || p_binder_len != binders_end ) @@ -1454,6 +1451,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, if( ret < 0 ) return( ret ); + mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); } From 63d40e6b4646bbb3bf2ecf3e3a11690658dff9af Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 20:38:39 +0800 Subject: [PATCH 35/38] shorten the description Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 148 ++++++++++++------------- 1 file changed, 74 insertions(+), 74 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 6f28ab9b29..8f5063008c 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -61,7 +61,7 @@ run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk, fail -- no common key exchange mode" \ +run_test "TLS 1.3: G->m: psk_all/psk, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -78,7 +78,7 @@ run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk, fail -- no common key exchang requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, good" \ +run_test "TLS 1.3: G->m: all/psk, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -97,7 +97,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, good" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -115,7 +115,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk, fail -- different psk wit requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk, good" \ +run_test "TLS 1.3: G->m: psk&dhe/psk, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -152,7 +152,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral/psk, good" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: psk&dhe/psk, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -170,7 +170,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral/psk, fail -- no same identity, no fall requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk&dhe/psk, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -189,7 +189,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, good" \ +run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -209,7 +209,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -228,7 +228,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -247,7 +247,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, good" \ +run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -267,7 +267,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -286,7 +286,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -305,7 +305,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_ephemeral, fail -- no common key exchange mode" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_ephemeral, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -323,7 +323,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, good" \ +run_test "TLS 1.3: G->m: psk_all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -343,7 +343,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: psk_all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -362,7 +362,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk_all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -381,7 +381,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, good" \ +run_test "TLS 1.3: G->m: all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -401,7 +401,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -420,7 +420,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -439,7 +439,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, good" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -459,7 +459,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -478,7 +478,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -497,7 +497,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, good" \ +run_test "TLS 1.3: G->m: psk_all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -517,7 +517,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ +run_test "TLS 1.3: G->m: psk_all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -536,7 +536,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk_all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -555,7 +555,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, good" \ +run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -575,7 +575,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ +run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -594,7 +594,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -613,7 +613,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/ephemeral_all, good" \ +run_test "TLS 1.3: G->m: psk&dhe/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -633,7 +633,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, good" \ +run_test "TLS 1.3: G->m: psk_all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -653,7 +653,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, good -- with fallback" \ +run_test "TLS 1.3: G->m: psk_all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -672,7 +672,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk_all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -691,7 +691,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, good" \ +run_test "TLS 1.3: G->m: all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -711,7 +711,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, good -- with fallback" \ +run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -730,7 +730,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -749,7 +749,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/all, good" \ +run_test "TLS 1.3: G->m: psk&dhe/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -769,7 +769,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/all, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk&dhe/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -788,7 +788,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral&psk_dhe/psk_or_ephemeral, good" \ +run_test "TLS 1.3: G->m: psk_all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -808,7 +808,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, good" \ +run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -828,7 +828,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -847,7 +847,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_or_ephemeral, good" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -867,7 +867,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&ephemeral/psk_or_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: G->m: psk&dhe/psk_or_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -885,7 +885,7 @@ run_test "TLS 1.3: G->m: psk&ephemeral/psk_or_ephemeral, fail -- different ps requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk, fail -- no common key exchange mode" \ +run_test "TLS 1.3: O->m: psk_all/psk, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -901,7 +901,7 @@ run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk, fail -- no common key exchang requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, good" \ +run_test "TLS 1.3: O->m: all/psk, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -919,7 +919,7 @@ run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, good" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -936,7 +936,7 @@ run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, fail -- no same identity, requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -954,7 +954,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, good" \ +run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -973,7 +973,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -991,7 +991,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1009,7 +1009,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, good" \ +run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1028,7 +1028,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1046,7 +1046,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1064,7 +1064,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, good" \ +run_test "TLS 1.3: O->m: psk_all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1083,7 +1083,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: O->m: psk_all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1101,7 +1101,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: psk_all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1119,7 +1119,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, good" \ +run_test "TLS 1.3: O->m: all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1138,7 +1138,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, fail -- no same identity, no fallback" \ +run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1156,7 +1156,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1174,7 +1174,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, good" \ +run_test "TLS 1.3: O->m: psk_all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1193,7 +1193,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ +run_test "TLS 1.3: O->m: psk_all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1211,7 +1211,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: psk_all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1229,7 +1229,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, good" \ +run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1248,7 +1248,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, good -- with fallback" \ +run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1266,7 +1266,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/ephemeral_all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1284,7 +1284,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, good" \ +run_test "TLS 1.3: O->m: psk_all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1303,7 +1303,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, good -- with fallback" \ +run_test "TLS 1.3: O->m: psk_all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1321,7 +1321,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: psk_all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1339,7 +1339,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, good" \ +run_test "TLS 1.3: O->m: all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1358,7 +1358,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, good -- with fallback" \ +run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1376,7 +1376,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/all, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1394,7 +1394,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral&psk_dhe/psk_or_ephemeral, good" \ +run_test "TLS 1.3: O->m: psk_all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1413,7 +1413,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, good" \ +run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1432,7 +1432,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk&ephemeral&psk_dhe/psk_or_ephemeral, fail -- different psk with same identity" \ +run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ From 1e05b6dd6d90001d9c29f39011e7ccfe52c13f7e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 31 Aug 2022 10:35:52 +0800 Subject: [PATCH 36/38] fix coding style and unnecessary assignment Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 20cb5c50b9..a5b414e974 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -226,13 +226,12 @@ static int ssl_tls13_select_ciphersuite_for_psk( * PSK is established or default to SHA-256 if no such algorithm is defined. * */ - psk_hash_alg = PSA_ALG_SHA_256; /* * Search for a matching ciphersuite */ - for ( const unsigned char *p = cipher_suites ; - p < cipher_suites_end ; p += 2 ) + for ( const unsigned char *p = cipher_suites; + p < cipher_suites_end; p += 2 ) { uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; From 7101b870400ac43187d1c202abe66037feaaf58f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 31 Aug 2022 14:15:23 +0800 Subject: [PATCH 37/38] fix wrong description Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 56 +++++++++++++------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 8f5063008c..1bfd1ede7c 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -61,7 +61,7 @@ run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk, fail, no common kex mode" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -189,7 +189,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, good" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -209,7 +209,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, fail, key id mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -228,7 +228,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_ephemeral, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -323,7 +323,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_all, good" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -343,7 +343,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_all, fail, key id mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -362,7 +362,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_all, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -497,7 +497,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/ephemeral_all, good" \ +run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -517,7 +517,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/ephemeral_all, good, key id mismatch, dhe." \ +run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -536,7 +536,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/ephemeral_all, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -633,7 +633,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/all, good" \ +run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -653,7 +653,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/all, good, key id mismatch, dhe." \ +run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -672,7 +672,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/all, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -788,7 +788,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_all/psk_or_ephemeral, good" \ +run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -885,7 +885,7 @@ run_test "TLS 1.3: G->m: psk&dhe/psk_or_ephemeral, fail, key material mismatc requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk, fail, no common kex mode" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -954,7 +954,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, good" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -973,7 +973,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, fail, key id mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -991,7 +991,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_ephemeral, fail, key material mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1064,7 +1064,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_all, good" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1083,7 +1083,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_all, fail, key id mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1101,7 +1101,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_all, fail, key material mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1174,7 +1174,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/ephemeral_all, good" \ +run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1193,7 +1193,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/ephemeral_all, good, key id mismatch, dhe." \ +run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1211,7 +1211,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/ephemeral_all, fail, key material mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1284,7 +1284,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/all, good" \ +run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1303,7 +1303,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/all, good, key id mismatch, dhe." \ +run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ @@ -1321,7 +1321,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/all, fail, key material mismatch" \ +run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ @@ -1394,7 +1394,7 @@ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: O->m: psk_all/psk_or_ephemeral, good" \ +run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg \ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ From 6688669124daa141f118f936c8d530597e14c756 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 31 Aug 2022 17:08:34 +0800 Subject: [PATCH 38/38] replace psk&dhe with psk_or_ephemeral Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 1bfd1ede7c..70a60672be 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk, good" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -152,7 +152,7 @@ run_test "TLS 1.3: G->m: psk&dhe/psk, good" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk, fail, key id mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -170,7 +170,7 @@ run_test "TLS 1.3: G->m: psk&dhe/psk, fail, key id mismatch" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -305,7 +305,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_ephemeral, fail, no common kex mode" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -439,7 +439,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_all, good" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -459,7 +459,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_all, fail, key id mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -478,7 +478,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_all, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -613,7 +613,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/ephemeral_all, good" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -749,7 +749,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/all, good" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -769,7 +769,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/all, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ @@ -847,7 +847,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_or_ephemeral, good" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ @@ -867,7 +867,7 @@ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk&dhe/psk_or_ephemeral, fail, key material mismatch" \ +run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \