tls13-kex-modes.sh (183641B)
1 # Systematic testing of TLS 1.3 key exchange modes. 2 3 # DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by 4 # scripts in future(#6280) 5 6 # Copyright The Mbed TLS Contributors 7 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 # 9 10 requires_gnutls_tls1_3 11 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 12 requires_config_enabled MBEDTLS_SSL_SRV_C 13 requires_config_enabled MBEDTLS_DEBUG_C 14 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15 run_test "TLS 1.3: G->m: all/psk, good" \ 16 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 17 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 18 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 19 localhost" \ 20 0 \ 21 -s "found psk key exchange modes extension" \ 22 -s "found pre_shared_key extension" \ 23 -s "Found PSK_EPHEMERAL KEX MODE" \ 24 -s "Found PSK KEX MODE" \ 25 -s "Pre shared key found" \ 26 -S "No usable PSK or ticket" \ 27 -s "key exchange mode: psk$" \ 28 -S "key exchange mode: psk_ephemeral" \ 29 -S "key exchange mode: ephemeral" 30 31 requires_gnutls_tls1_3 32 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 33 requires_config_enabled MBEDTLS_SSL_SRV_C 34 requires_config_enabled MBEDTLS_DEBUG_C 35 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 36 run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ 37 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 38 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 39 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 40 localhost" \ 41 1 \ 42 -s "found psk key exchange modes extension" \ 43 -s "found pre_shared_key extension" \ 44 -s "Found PSK_EPHEMERAL KEX MODE" \ 45 -s "Found PSK KEX MODE" \ 46 -s "No usable PSK or ticket" \ 47 -S "key exchange mode: psk$" \ 48 -S "key exchange mode: psk_ephemeral" \ 49 -S "key exchange mode: ephemeral" 50 51 requires_gnutls_tls1_3 52 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 53 requires_config_enabled MBEDTLS_SSL_SRV_C 54 requires_config_enabled MBEDTLS_DEBUG_C 55 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 56 run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ 57 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 58 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 59 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 60 localhost" \ 61 1 \ 62 -s "found psk key exchange modes extension" \ 63 -s "found pre_shared_key extension" \ 64 -s "Found PSK_EPHEMERAL KEX MODE" \ 65 -s "Found PSK KEX MODE" \ 66 -s "Invalid binder." \ 67 -S "key exchange mode: psk$" \ 68 -S "key exchange mode: psk_ephemeral" \ 69 -S "key exchange mode: ephemeral" 70 71 requires_gnutls_tls1_3 72 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 73 requires_config_enabled MBEDTLS_SSL_SRV_C 74 requires_config_enabled MBEDTLS_DEBUG_C 75 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 76 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ 77 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 78 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 79 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 80 localhost" \ 81 0 \ 82 -s "found psk key exchange modes extension" \ 83 -s "found pre_shared_key extension" \ 84 -S "Found PSK_EPHEMERAL KEX MODE" \ 85 -s "Found PSK KEX MODE" \ 86 -s "Pre shared key found" \ 87 -S "No usable PSK or ticket" \ 88 -s "key exchange mode: psk$" \ 89 -S "key exchange mode: psk_ephemeral" \ 90 -S "key exchange mode: ephemeral" 91 92 requires_gnutls_tls1_3 93 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 94 requires_config_enabled MBEDTLS_SSL_SRV_C 95 requires_config_enabled MBEDTLS_DEBUG_C 96 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 97 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ 98 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 100 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 101 localhost" \ 102 1 \ 103 -s "found psk key exchange modes extension" \ 104 -s "found pre_shared_key extension" \ 105 -S "Found PSK_EPHEMERAL KEX MODE" \ 106 -s "Found PSK KEX MODE" \ 107 -s "No usable PSK or ticket" \ 108 -S "key exchange mode: psk$" \ 109 -S "key exchange mode: psk_ephemeral" \ 110 -S "key exchange mode: ephemeral" 111 112 requires_gnutls_tls1_3 113 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 114 requires_config_enabled MBEDTLS_SSL_SRV_C 115 requires_config_enabled MBEDTLS_DEBUG_C 116 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 117 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ 118 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 119 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 120 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 121 localhost" \ 122 1 \ 123 -s "found psk key exchange modes extension" \ 124 -s "found pre_shared_key extension" \ 125 -S "Found PSK_EPHEMERAL KEX MODE" \ 126 -s "Found PSK KEX MODE" \ 127 -s "Invalid binder." \ 128 -S "key exchange mode: psk$" \ 129 -S "key exchange mode: psk_ephemeral" \ 130 -S "key exchange mode: ephemeral" 131 132 requires_gnutls_tls1_3 133 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 134 requires_config_enabled MBEDTLS_SSL_SRV_C 135 requires_config_enabled MBEDTLS_DEBUG_C 136 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 137 run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ 138 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 139 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 140 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 141 localhost" \ 142 0 \ 143 -s "found psk key exchange modes extension" \ 144 -s "found pre_shared_key extension" \ 145 -s "Found PSK_EPHEMERAL KEX MODE" \ 146 -S "Found PSK KEX MODE" \ 147 -s "Pre shared key found" \ 148 -S "No usable PSK or ticket" \ 149 -S "key exchange mode: psk$" \ 150 -s "key exchange mode: psk_ephemeral" \ 151 -S "key exchange mode: ephemeral" 152 153 requires_gnutls_tls1_3 154 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 155 requires_config_enabled MBEDTLS_SSL_SRV_C 156 requires_config_enabled MBEDTLS_DEBUG_C 157 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 158 run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 159 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 160 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 161 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 162 localhost" \ 163 1 \ 164 -s "found psk key exchange modes extension" \ 165 -s "found pre_shared_key extension" \ 166 -s "Found PSK_EPHEMERAL KEX MODE" \ 167 -S "Found PSK KEX MODE" \ 168 -s "No usable PSK or ticket" \ 169 -S "key exchange mode: psk$" \ 170 -S "key exchange mode: psk_ephemeral" \ 171 -S "key exchange mode: ephemeral" 172 173 requires_gnutls_tls1_3 174 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 175 requires_config_enabled MBEDTLS_SSL_SRV_C 176 requires_config_enabled MBEDTLS_DEBUG_C 177 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 178 run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 179 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 180 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 181 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 182 localhost" \ 183 1 \ 184 -s "found psk key exchange modes extension" \ 185 -s "found pre_shared_key extension" \ 186 -s "Found PSK_EPHEMERAL KEX MODE" \ 187 -S "Found PSK KEX MODE" \ 188 -s "Invalid binder." \ 189 -S "key exchange mode: psk$" \ 190 -S "key exchange mode: psk_ephemeral" \ 191 -S "key exchange mode: ephemeral" 192 193 requires_gnutls_tls1_3 194 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 195 requires_config_enabled MBEDTLS_SSL_SRV_C 196 requires_config_enabled MBEDTLS_DEBUG_C 197 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 198 run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ 199 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 200 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 201 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 202 localhost" \ 203 0 \ 204 -s "found psk key exchange modes extension" \ 205 -s "found pre_shared_key extension" \ 206 -s "Found PSK_EPHEMERAL KEX MODE" \ 207 -s "Found PSK KEX MODE" \ 208 -s "Pre shared key found" \ 209 -S "No usable PSK or ticket" \ 210 -S "key exchange mode: psk$" \ 211 -s "key exchange mode: psk_ephemeral" \ 212 -S "key exchange mode: ephemeral" 213 214 requires_gnutls_tls1_3 215 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 216 requires_config_enabled MBEDTLS_SSL_SRV_C 217 requires_config_enabled MBEDTLS_DEBUG_C 218 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 219 run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ 220 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 221 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 222 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 223 localhost" \ 224 1 \ 225 -s "found psk key exchange modes extension" \ 226 -s "found pre_shared_key extension" \ 227 -s "Found PSK_EPHEMERAL KEX MODE" \ 228 -s "Found PSK KEX MODE" \ 229 -s "No usable PSK or ticket" \ 230 -S "key exchange mode: psk$" \ 231 -S "key exchange mode: psk_ephemeral" \ 232 -S "key exchange mode: ephemeral" 233 234 requires_gnutls_tls1_3 235 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 236 requires_config_enabled MBEDTLS_SSL_SRV_C 237 requires_config_enabled MBEDTLS_DEBUG_C 238 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 239 run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ 240 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 241 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 242 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 243 localhost" \ 244 1 \ 245 -s "found psk key exchange modes extension" \ 246 -s "found pre_shared_key extension" \ 247 -s "Found PSK_EPHEMERAL KEX MODE" \ 248 -s "Found PSK KEX MODE" \ 249 -s "Invalid binder." \ 250 -S "key exchange mode: psk$" \ 251 -S "key exchange mode: psk_ephemeral" \ 252 -S "key exchange mode: ephemeral" 253 254 requires_gnutls_tls1_3 255 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 256 requires_config_enabled MBEDTLS_SSL_SRV_C 257 requires_config_enabled MBEDTLS_DEBUG_C 258 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 259 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ 260 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 261 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 262 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 263 localhost" \ 264 1 \ 265 -s "found psk key exchange modes extension" \ 266 -s "found pre_shared_key extension" \ 267 -S "Found PSK_EPHEMERAL KEX MODE" \ 268 -s "Found PSK KEX MODE" \ 269 -S "key exchange mode: psk$" \ 270 -S "key exchange mode: psk_ephemeral" \ 271 -S "key exchange mode: ephemeral" 272 273 requires_gnutls_tls1_3 274 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 275 requires_config_enabled MBEDTLS_SSL_SRV_C 276 requires_config_enabled MBEDTLS_DEBUG_C 277 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 278 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 279 run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ 280 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 281 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 282 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 283 localhost" \ 284 0 \ 285 -s "found psk key exchange modes extension" \ 286 -s "found pre_shared_key extension" \ 287 -s "Found PSK_EPHEMERAL KEX MODE" \ 288 -S "Found PSK KEX MODE" \ 289 -s "Pre shared key found" \ 290 -S "No usable PSK or ticket" \ 291 -S "key exchange mode: psk$" \ 292 -s "key exchange mode: psk_ephemeral" \ 293 -S "key exchange mode: ephemeral" 294 295 requires_gnutls_tls1_3 296 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 297 requires_config_enabled MBEDTLS_SSL_SRV_C 298 requires_config_enabled MBEDTLS_DEBUG_C 299 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 300 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 301 run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ 302 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 303 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 304 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 305 localhost" \ 306 1 \ 307 -s "found psk key exchange modes extension" \ 308 -s "found pre_shared_key extension" \ 309 -s "Found PSK_EPHEMERAL KEX MODE" \ 310 -S "Found PSK KEX MODE" \ 311 -s "No usable PSK or ticket" \ 312 -S "key exchange mode: psk$" \ 313 -S "key exchange mode: psk_ephemeral" \ 314 -S "key exchange mode: ephemeral" 315 316 requires_gnutls_tls1_3 317 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 318 requires_config_enabled MBEDTLS_SSL_SRV_C 319 requires_config_enabled MBEDTLS_DEBUG_C 320 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 321 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 322 run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ 323 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 324 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 325 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 326 localhost" \ 327 1 \ 328 -s "found psk key exchange modes extension" \ 329 -s "found pre_shared_key extension" \ 330 -s "Found PSK_EPHEMERAL KEX MODE" \ 331 -S "Found PSK KEX MODE" \ 332 -s "Invalid binder." \ 333 -S "key exchange mode: psk$" \ 334 -S "key exchange mode: psk_ephemeral" \ 335 -S "key exchange mode: ephemeral" 336 337 requires_gnutls_tls1_3 338 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 339 requires_config_enabled MBEDTLS_SSL_SRV_C 340 requires_config_enabled MBEDTLS_DEBUG_C 341 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 342 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 343 run_test "TLS 1.3: G->m: all/psk_all, good" \ 344 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 345 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 346 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 347 localhost" \ 348 0 \ 349 -s "found psk key exchange modes extension" \ 350 -s "found pre_shared_key extension" \ 351 -s "Found PSK_EPHEMERAL KEX MODE" \ 352 -s "Found PSK KEX MODE" \ 353 -s "Pre shared key found" \ 354 -S "No usable PSK or ticket" \ 355 -S "key exchange mode: psk$" \ 356 -s "key exchange mode: psk_ephemeral" \ 357 -S "key exchange mode: ephemeral" 358 359 requires_gnutls_tls1_3 360 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 361 requires_config_enabled MBEDTLS_SSL_SRV_C 362 requires_config_enabled MBEDTLS_DEBUG_C 363 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 364 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 365 run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ 366 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 367 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 368 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 369 localhost" \ 370 1 \ 371 -s "found psk key exchange modes extension" \ 372 -s "found pre_shared_key extension" \ 373 -s "Found PSK_EPHEMERAL KEX MODE" \ 374 -s "Found PSK KEX MODE" \ 375 -s "No usable PSK or ticket" \ 376 -S "key exchange mode: psk$" \ 377 -S "key exchange mode: psk_ephemeral" \ 378 -S "key exchange mode: ephemeral" 379 380 requires_gnutls_tls1_3 381 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 382 requires_config_enabled MBEDTLS_SSL_SRV_C 383 requires_config_enabled MBEDTLS_DEBUG_C 384 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 385 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 386 run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ 387 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 388 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 389 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 390 localhost" \ 391 1 \ 392 -s "found psk key exchange modes extension" \ 393 -s "found pre_shared_key extension" \ 394 -s "Found PSK_EPHEMERAL KEX MODE" \ 395 -s "Found PSK KEX MODE" \ 396 -s "Invalid binder." \ 397 -S "key exchange mode: psk$" \ 398 -S "key exchange mode: psk_ephemeral" \ 399 -S "key exchange mode: ephemeral" 400 401 requires_gnutls_tls1_3 402 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 403 requires_config_enabled MBEDTLS_SSL_SRV_C 404 requires_config_enabled MBEDTLS_DEBUG_C 405 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 406 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 407 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ 408 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 409 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 410 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 411 localhost" \ 412 0 \ 413 -s "found psk key exchange modes extension" \ 414 -s "found pre_shared_key extension" \ 415 -S "Found PSK_EPHEMERAL KEX MODE" \ 416 -s "Found PSK KEX MODE" \ 417 -s "Pre shared key found" \ 418 -S "No usable PSK or ticket" \ 419 -s "key exchange mode: psk$" \ 420 -S "key exchange mode: psk_ephemeral" \ 421 -S "key exchange mode: ephemeral" 422 423 requires_gnutls_tls1_3 424 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 425 requires_config_enabled MBEDTLS_SSL_SRV_C 426 requires_config_enabled MBEDTLS_DEBUG_C 427 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 428 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 429 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ 430 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 431 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 432 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 433 localhost" \ 434 1 \ 435 -s "found psk key exchange modes extension" \ 436 -s "found pre_shared_key extension" \ 437 -S "Found PSK_EPHEMERAL KEX MODE" \ 438 -s "Found PSK KEX MODE" \ 439 -s "No usable PSK or ticket" \ 440 -S "key exchange mode: psk$" \ 441 -S "key exchange mode: psk_ephemeral" \ 442 -S "key exchange mode: ephemeral" 443 444 requires_gnutls_tls1_3 445 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 446 requires_config_enabled MBEDTLS_SSL_SRV_C 447 requires_config_enabled MBEDTLS_DEBUG_C 448 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 449 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 450 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ 451 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 452 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 453 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 454 localhost" \ 455 1 \ 456 -s "found psk key exchange modes extension" \ 457 -s "found pre_shared_key extension" \ 458 -S "Found PSK_EPHEMERAL KEX MODE" \ 459 -s "Found PSK KEX MODE" \ 460 -s "Invalid binder." \ 461 -S "key exchange mode: psk$" \ 462 -S "key exchange mode: psk_ephemeral" \ 463 -S "key exchange mode: ephemeral" 464 465 requires_gnutls_tls1_3 466 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 467 requires_config_enabled MBEDTLS_SSL_SRV_C 468 requires_config_enabled MBEDTLS_DEBUG_C 469 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 470 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 471 run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ 472 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 473 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 474 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 475 localhost" \ 476 0 \ 477 -s "found psk key exchange modes extension" \ 478 -s "found pre_shared_key extension" \ 479 -s "Found PSK_EPHEMERAL KEX MODE" \ 480 -S "Found PSK KEX MODE" \ 481 -s "Pre shared key found" \ 482 -S "No usable PSK or ticket" \ 483 -S "key exchange mode: psk$" \ 484 -s "key exchange mode: psk_ephemeral" \ 485 -S "key exchange mode: ephemeral" 486 487 requires_gnutls_tls1_3 488 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 489 requires_config_enabled MBEDTLS_SSL_SRV_C 490 requires_config_enabled MBEDTLS_DEBUG_C 491 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 492 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 493 run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 494 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 495 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 496 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 497 localhost" \ 498 0 \ 499 -s "found psk key exchange modes extension" \ 500 -s "found pre_shared_key extension" \ 501 -s "Found PSK_EPHEMERAL KEX MODE" \ 502 -S "Found PSK KEX MODE" \ 503 -s "No usable PSK or ticket" \ 504 -S "key exchange mode: psk$" \ 505 -S "key exchange mode: psk_ephemeral" \ 506 -s "key exchange mode: ephemeral" 507 508 requires_gnutls_tls1_3 509 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 510 requires_config_enabled MBEDTLS_SSL_SRV_C 511 requires_config_enabled MBEDTLS_DEBUG_C 512 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 513 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 514 run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 515 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 516 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 517 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 518 localhost" \ 519 1 \ 520 -s "found psk key exchange modes extension" \ 521 -s "found pre_shared_key extension" \ 522 -s "Found PSK_EPHEMERAL KEX MODE" \ 523 -S "Found PSK KEX MODE" \ 524 -s "Invalid binder." \ 525 -S "key exchange mode: psk$" \ 526 -S "key exchange mode: psk_ephemeral" \ 527 -S "key exchange mode: ephemeral" 528 529 requires_gnutls_tls1_3 530 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 531 requires_config_enabled MBEDTLS_SSL_SRV_C 532 requires_config_enabled MBEDTLS_DEBUG_C 533 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 534 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 535 run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ 536 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 537 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 538 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 539 localhost" \ 540 0 \ 541 -s "found psk key exchange modes extension" \ 542 -s "found pre_shared_key extension" \ 543 -s "Found PSK_EPHEMERAL KEX MODE" \ 544 -s "Found PSK KEX MODE" \ 545 -s "Pre shared key found" \ 546 -S "No usable PSK or ticket" \ 547 -S "key exchange mode: psk$" \ 548 -s "key exchange mode: psk_ephemeral" \ 549 -S "key exchange mode: ephemeral" 550 551 requires_gnutls_tls1_3 552 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 553 requires_config_enabled MBEDTLS_SSL_SRV_C 554 requires_config_enabled MBEDTLS_DEBUG_C 555 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 556 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 557 run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ 558 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 559 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 560 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 561 localhost" \ 562 0 \ 563 -s "found psk key exchange modes extension" \ 564 -s "found pre_shared_key extension" \ 565 -s "Found PSK_EPHEMERAL KEX MODE" \ 566 -s "Found PSK KEX MODE" \ 567 -s "No usable PSK or ticket" \ 568 -S "key exchange mode: psk$" \ 569 -S "key exchange mode: psk_ephemeral" \ 570 -s "key exchange mode: ephemeral" 571 572 requires_gnutls_tls1_3 573 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 574 requires_config_enabled MBEDTLS_SSL_SRV_C 575 requires_config_enabled MBEDTLS_DEBUG_C 576 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 577 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 578 run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ 579 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 580 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 581 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 582 localhost" \ 583 1 \ 584 -s "found psk key exchange modes extension" \ 585 -s "found pre_shared_key extension" \ 586 -s "Found PSK_EPHEMERAL KEX MODE" \ 587 -s "Found PSK KEX MODE" \ 588 -s "Invalid binder." \ 589 -S "key exchange mode: psk$" \ 590 -S "key exchange mode: psk_ephemeral" \ 591 -S "key exchange mode: ephemeral" 592 593 requires_gnutls_tls1_3 594 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 595 requires_config_enabled MBEDTLS_SSL_SRV_C 596 requires_config_enabled MBEDTLS_DEBUG_C 597 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 598 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 599 run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ 600 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 601 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 602 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 603 localhost" \ 604 0 \ 605 -s "found psk key exchange modes extension" \ 606 -s "found pre_shared_key extension" \ 607 -S "Found PSK_EPHEMERAL KEX MODE" \ 608 -s "Found PSK KEX MODE" \ 609 -s "No suitable PSK key exchange mode" \ 610 -S "Pre shared key found" \ 611 -s "No usable PSK or ticket" \ 612 -S "key exchange mode: psk$" \ 613 -S "key exchange mode: psk_ephemeral" \ 614 -s "key exchange mode: ephemeral" 615 616 requires_gnutls_tls1_3 617 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 618 requires_config_enabled MBEDTLS_SSL_SRV_C 619 requires_config_enabled MBEDTLS_DEBUG_C 620 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 621 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 622 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 623 run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ 624 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 625 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 626 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 627 localhost" \ 628 0 \ 629 -s "found psk key exchange modes extension" \ 630 -s "found pre_shared_key extension" \ 631 -s "Found PSK_EPHEMERAL KEX MODE" \ 632 -S "Found PSK KEX MODE" \ 633 -s "Pre shared key found" \ 634 -S "No usable PSK or ticket" \ 635 -S "key exchange mode: psk$" \ 636 -s "key exchange mode: psk_ephemeral" \ 637 -S "key exchange mode: ephemeral" 638 639 requires_gnutls_tls1_3 640 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 641 requires_config_enabled MBEDTLS_SSL_SRV_C 642 requires_config_enabled MBEDTLS_DEBUG_C 643 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 644 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 645 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 646 run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ 647 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 648 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 649 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 650 localhost" \ 651 0 \ 652 -s "found psk key exchange modes extension" \ 653 -s "found pre_shared_key extension" \ 654 -s "Found PSK_EPHEMERAL KEX MODE" \ 655 -S "Found PSK KEX MODE" \ 656 -s "No usable PSK or ticket" \ 657 -S "key exchange mode: psk$" \ 658 -S "key exchange mode: psk_ephemeral" \ 659 -s "key exchange mode: ephemeral" 660 661 requires_gnutls_tls1_3 662 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 663 requires_config_enabled MBEDTLS_SSL_SRV_C 664 requires_config_enabled MBEDTLS_DEBUG_C 665 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 666 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 667 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 668 run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ 669 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 670 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 671 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 672 localhost" \ 673 1 \ 674 -s "found psk key exchange modes extension" \ 675 -s "found pre_shared_key extension" \ 676 -s "Found PSK_EPHEMERAL KEX MODE" \ 677 -S "Found PSK KEX MODE" \ 678 -s "Invalid binder." \ 679 -S "key exchange mode: psk$" \ 680 -S "key exchange mode: psk_ephemeral" \ 681 -S "key exchange mode: ephemeral" 682 683 requires_gnutls_tls1_3 684 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 685 requires_config_enabled MBEDTLS_SSL_SRV_C 686 requires_config_enabled MBEDTLS_DEBUG_C 687 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 688 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 689 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 690 run_test "TLS 1.3: G->m: all/all, good" \ 691 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 692 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 693 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 694 localhost" \ 695 0 \ 696 -s "found psk key exchange modes extension" \ 697 -s "found pre_shared_key extension" \ 698 -s "Found PSK_EPHEMERAL KEX MODE" \ 699 -s "Found PSK KEX MODE" \ 700 -s "Pre shared key found" \ 701 -S "No usable PSK or ticket" \ 702 -S "key exchange mode: psk$" \ 703 -s "key exchange mode: psk_ephemeral" \ 704 -S "key exchange mode: ephemeral" 705 706 requires_gnutls_tls1_3 707 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 708 requires_config_enabled MBEDTLS_SSL_SRV_C 709 requires_config_enabled MBEDTLS_DEBUG_C 710 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 711 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 712 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 713 run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ 714 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 715 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 716 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 717 localhost" \ 718 0 \ 719 -s "found psk key exchange modes extension" \ 720 -s "found pre_shared_key extension" \ 721 -s "Found PSK_EPHEMERAL KEX MODE" \ 722 -s "Found PSK KEX MODE" \ 723 -s "No usable PSK or ticket" \ 724 -S "key exchange mode: psk$" \ 725 -S "key exchange mode: psk_ephemeral" \ 726 -s "key exchange mode: ephemeral" 727 728 requires_gnutls_tls1_3 729 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 730 requires_config_enabled MBEDTLS_SSL_SRV_C 731 requires_config_enabled MBEDTLS_DEBUG_C 732 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 733 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 734 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 735 run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ 736 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 737 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 738 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 739 localhost" \ 740 1 \ 741 -s "found psk key exchange modes extension" \ 742 -s "found pre_shared_key extension" \ 743 -s "Found PSK_EPHEMERAL KEX MODE" \ 744 -s "Found PSK KEX MODE" \ 745 -s "Invalid binder." \ 746 -S "key exchange mode: psk$" \ 747 -S "key exchange mode: psk_ephemeral" \ 748 -S "key exchange mode: ephemeral" 749 750 requires_gnutls_tls1_3 751 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 752 requires_config_enabled MBEDTLS_SSL_SRV_C 753 requires_config_enabled MBEDTLS_DEBUG_C 754 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 755 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 756 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 757 run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ 758 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 759 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 760 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 761 localhost" \ 762 0 \ 763 -s "found psk key exchange modes extension" \ 764 -s "found pre_shared_key extension" \ 765 -S "Found PSK_EPHEMERAL KEX MODE" \ 766 -s "Found PSK KEX MODE" \ 767 -s "Pre shared key found" \ 768 -S "No usable PSK or ticket" \ 769 -S "key exchange mode: psk$" \ 770 -S "key exchange mode: psk_ephemeral" \ 771 -s "key exchange mode: ephemeral" 772 773 requires_gnutls_tls1_3 774 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 775 requires_config_enabled MBEDTLS_SSL_SRV_C 776 requires_config_enabled MBEDTLS_DEBUG_C 777 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 778 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 779 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 780 run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ 781 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 782 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 783 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 784 localhost" \ 785 1 \ 786 -s "found psk key exchange modes extension" \ 787 -s "found pre_shared_key extension" \ 788 -S "Found PSK_EPHEMERAL KEX MODE" \ 789 -s "Found PSK KEX MODE" \ 790 -s "Invalid binder." \ 791 -S "key exchange mode: psk$" \ 792 -S "key exchange mode: psk_ephemeral" \ 793 -S "key exchange mode: ephemeral" 794 795 requires_gnutls_tls1_3 796 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 797 requires_config_enabled MBEDTLS_SSL_SRV_C 798 requires_config_enabled MBEDTLS_DEBUG_C 799 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 800 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 801 run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ 802 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 803 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 804 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 805 localhost" \ 806 0 \ 807 -s "found psk key exchange modes extension" \ 808 -s "found pre_shared_key extension" \ 809 -s "Found PSK_EPHEMERAL KEX MODE" \ 810 -S "Found PSK KEX MODE" \ 811 -s "No suitable PSK key exchange mode" \ 812 -S "Pre shared key found" \ 813 -s "No usable PSK or ticket" \ 814 -S "key exchange mode: psk$" \ 815 -S "key exchange mode: psk_ephemeral" \ 816 -s "key exchange mode: ephemeral" 817 818 requires_gnutls_tls1_3 819 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 820 requires_config_enabled MBEDTLS_SSL_SRV_C 821 requires_config_enabled MBEDTLS_DEBUG_C 822 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 823 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 824 run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ 825 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 826 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 827 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 828 localhost" \ 829 0 \ 830 -s "found psk key exchange modes extension" \ 831 -s "found pre_shared_key extension" \ 832 -s "Found PSK_EPHEMERAL KEX MODE" \ 833 -s "Found PSK KEX MODE" \ 834 -s "Pre shared key found" \ 835 -S "No usable PSK or ticket" \ 836 -S "key exchange mode: psk$" \ 837 -S "key exchange mode: psk_ephemeral" \ 838 -s "key exchange mode: ephemeral" 839 840 requires_gnutls_tls1_3 841 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 842 requires_config_enabled MBEDTLS_SSL_SRV_C 843 requires_config_enabled MBEDTLS_DEBUG_C 844 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 845 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 846 run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ 847 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 848 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 849 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 850 localhost" \ 851 1 \ 852 -s "found psk key exchange modes extension" \ 853 -s "found pre_shared_key extension" \ 854 -s "Found PSK_EPHEMERAL KEX MODE" \ 855 -s "Found PSK KEX MODE" \ 856 -s "Invalid binder." \ 857 -S "key exchange mode: psk$" \ 858 -S "key exchange mode: psk_ephemeral" \ 859 -S "key exchange mode: ephemeral" 860 861 requires_gnutls_tls1_3 862 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 863 requires_config_enabled MBEDTLS_SSL_SRV_C 864 requires_config_enabled MBEDTLS_DEBUG_C 865 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 866 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 867 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ 868 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 869 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 870 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 871 localhost" \ 872 0 \ 873 -s "found psk key exchange modes extension" \ 874 -s "found pre_shared_key extension" \ 875 -S "Found PSK_EPHEMERAL KEX MODE" \ 876 -s "Found PSK KEX MODE" \ 877 -s "Pre shared key found" \ 878 -S "No usable PSK or ticket" \ 879 -S "key exchange mode: psk$" \ 880 -S "key exchange mode: psk_ephemeral" \ 881 -s "key exchange mode: ephemeral" 882 883 requires_gnutls_tls1_3 884 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 885 requires_config_enabled MBEDTLS_SSL_SRV_C 886 requires_config_enabled MBEDTLS_DEBUG_C 887 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 888 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 889 run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ 890 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 891 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 892 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 893 localhost" \ 894 1 \ 895 -s "found psk key exchange modes extension" \ 896 -s "found pre_shared_key extension" \ 897 -S "Found PSK_EPHEMERAL KEX MODE" \ 898 -s "Found PSK KEX MODE" \ 899 -s "Invalid binder." \ 900 -S "key exchange mode: psk$" \ 901 -S "key exchange mode: psk_ephemeral" \ 902 -S "key exchange mode: ephemeral" 903 904 requires_gnutls_tls1_3 905 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 906 requires_config_enabled MBEDTLS_SSL_SRV_C 907 requires_config_enabled MBEDTLS_DEBUG_C 908 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 909 requires_config_enabled PSA_WANT_ALG_ECDH 910 run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ 911 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 912 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ 913 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 914 localhost" \ 915 0 \ 916 -s "write selected_group: secp256r1" \ 917 -S "key exchange mode: psk$" \ 918 -s "key exchange mode: psk_ephemeral" \ 919 -S "key exchange mode: ephemeral" 920 921 requires_gnutls_tls1_3 922 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 923 requires_config_enabled MBEDTLS_SSL_SRV_C 924 requires_config_enabled MBEDTLS_DEBUG_C 925 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 926 requires_config_enabled PSA_WANT_ALG_ECDH 927 run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ 928 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 929 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ 930 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 931 localhost" \ 932 0 \ 933 -s "write selected_group: secp384r1" \ 934 -S "key exchange mode: psk$" \ 935 -s "key exchange mode: psk_ephemeral" \ 936 -S "key exchange mode: ephemeral" 937 938 requires_gnutls_tls1_3 939 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 940 requires_config_enabled MBEDTLS_SSL_SRV_C 941 requires_config_enabled MBEDTLS_DEBUG_C 942 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 943 requires_config_enabled PSA_WANT_ALG_ECDH 944 run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ 945 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 946 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ 947 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 948 localhost" \ 949 0 \ 950 -s "write selected_group: secp521r1" \ 951 -S "key exchange mode: psk$" \ 952 -s "key exchange mode: psk_ephemeral" \ 953 -S "key exchange mode: ephemeral" 954 955 requires_gnutls_tls1_3 956 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 957 requires_config_enabled MBEDTLS_SSL_SRV_C 958 requires_config_enabled MBEDTLS_DEBUG_C 959 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 960 requires_config_enabled PSA_WANT_ALG_ECDH 961 run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ 962 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 963 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ 964 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 965 localhost" \ 966 0 \ 967 -s "write selected_group: x25519" \ 968 -S "key exchange mode: psk$" \ 969 -s "key exchange mode: psk_ephemeral" \ 970 -S "key exchange mode: ephemeral" 971 972 requires_gnutls_tls1_3 973 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 974 requires_config_enabled MBEDTLS_SSL_SRV_C 975 requires_config_enabled MBEDTLS_DEBUG_C 976 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 977 requires_config_enabled PSA_WANT_ALG_ECDH 978 run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ 979 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 980 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ 981 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 982 localhost" \ 983 0 \ 984 -s "write selected_group: x448" \ 985 -S "key exchange mode: psk$" \ 986 -s "key exchange mode: psk_ephemeral" \ 987 -S "key exchange mode: ephemeral" 988 989 requires_openssl_tls1_3 990 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 991 requires_config_enabled MBEDTLS_SSL_SRV_C 992 requires_config_enabled MBEDTLS_DEBUG_C 993 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 994 run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ 995 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 996 "$O_NEXT_CLI -tls1_3 -msg \ 997 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 998 1 \ 999 -s "found psk key exchange modes extension" \ 1000 -s "found pre_shared_key extension" \ 1001 -s "Found PSK_EPHEMERAL KEX MODE" \ 1002 -S "Found PSK KEX MODE" \ 1003 -S "key exchange mode: psk$" \ 1004 -S "key exchange mode: psk_ephemeral" \ 1005 -S "key exchange mode: ephemeral" 1006 1007 requires_openssl_tls1_3 1008 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1009 requires_config_enabled MBEDTLS_SSL_SRV_C 1010 requires_config_enabled MBEDTLS_DEBUG_C 1011 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1012 run_test "TLS 1.3: O->m: all/psk, good" \ 1013 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 1014 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1015 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1016 0 \ 1017 -s "found psk key exchange modes extension" \ 1018 -s "found pre_shared_key extension" \ 1019 -s "Found PSK_EPHEMERAL KEX MODE" \ 1020 -s "Found PSK KEX MODE" \ 1021 -s "Pre shared key found" \ 1022 -S "No usable PSK or ticket" \ 1023 -s "key exchange mode: psk$" \ 1024 -S "key exchange mode: psk_ephemeral" \ 1025 -S "key exchange mode: ephemeral" 1026 1027 requires_openssl_tls1_3 1028 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1029 requires_config_enabled MBEDTLS_SSL_SRV_C 1030 requires_config_enabled MBEDTLS_DEBUG_C 1031 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1032 run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ 1033 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 1034 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1035 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1036 1 \ 1037 -s "found psk key exchange modes extension" \ 1038 -s "found pre_shared_key extension" \ 1039 -s "Found PSK_EPHEMERAL KEX MODE" \ 1040 -s "Found PSK KEX MODE" \ 1041 -s "No usable PSK or ticket" \ 1042 -S "key exchange mode: psk$" \ 1043 -S "key exchange mode: psk_ephemeral" \ 1044 -S "key exchange mode: ephemeral" 1045 1046 requires_openssl_tls1_3 1047 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1048 requires_config_enabled MBEDTLS_SSL_SRV_C 1049 requires_config_enabled MBEDTLS_DEBUG_C 1050 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1051 run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ 1052 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 1053 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1054 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1055 1 \ 1056 -s "found psk key exchange modes extension" \ 1057 -s "found pre_shared_key extension" \ 1058 -s "Found PSK_EPHEMERAL KEX MODE" \ 1059 -s "Found PSK KEX MODE" \ 1060 -s "Invalid binder." \ 1061 -S "key exchange mode: psk$" \ 1062 -S "key exchange mode: psk_ephemeral" \ 1063 -S "key exchange mode: ephemeral" 1064 1065 requires_openssl_tls1_3_with_compatible_ephemeral 1066 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1067 requires_config_enabled MBEDTLS_SSL_SRV_C 1068 requires_config_enabled MBEDTLS_DEBUG_C 1069 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1070 run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ 1071 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1072 "$O_NEXT_CLI -tls1_3 -msg \ 1073 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1074 0 \ 1075 -s "found psk key exchange modes extension" \ 1076 -s "found pre_shared_key extension" \ 1077 -s "Found PSK_EPHEMERAL KEX MODE" \ 1078 -S "Found PSK KEX MODE" \ 1079 -s "Pre shared key found" \ 1080 -S "No usable PSK or ticket" \ 1081 -S "key exchange mode: psk$" \ 1082 -s "key exchange mode: psk_ephemeral" \ 1083 -S "key exchange mode: ephemeral" 1084 1085 requires_openssl_tls1_3_with_compatible_ephemeral 1086 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1087 requires_config_enabled MBEDTLS_SSL_SRV_C 1088 requires_config_enabled MBEDTLS_DEBUG_C 1089 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1090 run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 1091 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1092 "$O_NEXT_CLI -tls1_3 -msg \ 1093 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1094 1 \ 1095 -s "found psk key exchange modes extension" \ 1096 -s "found pre_shared_key extension" \ 1097 -s "Found PSK_EPHEMERAL KEX MODE" \ 1098 -S "Found PSK KEX MODE" \ 1099 -s "No usable PSK or ticket" \ 1100 -S "key exchange mode: psk$" \ 1101 -S "key exchange mode: psk_ephemeral" \ 1102 -S "key exchange mode: ephemeral" 1103 1104 requires_openssl_tls1_3_with_compatible_ephemeral 1105 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1106 requires_config_enabled MBEDTLS_SSL_SRV_C 1107 requires_config_enabled MBEDTLS_DEBUG_C 1108 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1109 run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 1110 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1111 "$O_NEXT_CLI -tls1_3 -msg \ 1112 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1113 1 \ 1114 -s "found psk key exchange modes extension" \ 1115 -s "found pre_shared_key extension" \ 1116 -s "Found PSK_EPHEMERAL KEX MODE" \ 1117 -S "Found PSK KEX MODE" \ 1118 -s "Invalid binder." \ 1119 -S "key exchange mode: psk$" \ 1120 -S "key exchange mode: psk_ephemeral" \ 1121 -S "key exchange mode: ephemeral" 1122 1123 requires_openssl_tls1_3_with_compatible_ephemeral 1124 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1125 requires_config_enabled MBEDTLS_SSL_SRV_C 1126 requires_config_enabled MBEDTLS_DEBUG_C 1127 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1128 run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ 1129 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1130 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1131 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1132 0 \ 1133 -s "found psk key exchange modes extension" \ 1134 -s "found pre_shared_key extension" \ 1135 -s "Found PSK_EPHEMERAL KEX MODE" \ 1136 -s "Found PSK KEX MODE" \ 1137 -s "Pre shared key found" \ 1138 -S "No usable PSK or ticket" \ 1139 -S "key exchange mode: psk$" \ 1140 -s "key exchange mode: psk_ephemeral" \ 1141 -S "key exchange mode: ephemeral" 1142 1143 requires_openssl_tls1_3_with_compatible_ephemeral 1144 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1145 requires_config_enabled MBEDTLS_SSL_SRV_C 1146 requires_config_enabled MBEDTLS_DEBUG_C 1147 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1148 run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ 1149 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1150 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1151 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1152 1 \ 1153 -s "found psk key exchange modes extension" \ 1154 -s "found pre_shared_key extension" \ 1155 -s "Found PSK_EPHEMERAL KEX MODE" \ 1156 -s "Found PSK KEX MODE" \ 1157 -s "No usable PSK or ticket" \ 1158 -S "key exchange mode: psk$" \ 1159 -S "key exchange mode: psk_ephemeral" \ 1160 -S "key exchange mode: ephemeral" 1161 1162 requires_openssl_tls1_3_with_compatible_ephemeral 1163 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1164 requires_config_enabled MBEDTLS_SSL_SRV_C 1165 requires_config_enabled MBEDTLS_DEBUG_C 1166 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1167 run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ 1168 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1169 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1170 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1171 1 \ 1172 -s "found psk key exchange modes extension" \ 1173 -s "found pre_shared_key extension" \ 1174 -s "Found PSK_EPHEMERAL KEX MODE" \ 1175 -s "Found PSK KEX MODE" \ 1176 -s "Invalid binder." \ 1177 -S "key exchange mode: psk$" \ 1178 -S "key exchange mode: psk_ephemeral" \ 1179 -S "key exchange mode: ephemeral" 1180 1181 requires_openssl_tls1_3_with_compatible_ephemeral 1182 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1183 requires_config_enabled MBEDTLS_SSL_SRV_C 1184 requires_config_enabled MBEDTLS_DEBUG_C 1185 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1186 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1187 run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ 1188 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1189 "$O_NEXT_CLI -tls1_3 -msg \ 1190 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1191 0 \ 1192 -s "found psk key exchange modes extension" \ 1193 -s "found pre_shared_key extension" \ 1194 -s "Found PSK_EPHEMERAL KEX MODE" \ 1195 -S "Found PSK KEX MODE" \ 1196 -s "Pre shared key found" \ 1197 -S "No usable PSK or ticket" \ 1198 -S "key exchange mode: psk$" \ 1199 -s "key exchange mode: psk_ephemeral" \ 1200 -S "key exchange mode: ephemeral" 1201 1202 requires_openssl_tls1_3_with_compatible_ephemeral 1203 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1204 requires_config_enabled MBEDTLS_SSL_SRV_C 1205 requires_config_enabled MBEDTLS_DEBUG_C 1206 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1207 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1208 run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ 1209 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1210 "$O_NEXT_CLI -tls1_3 -msg \ 1211 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1212 1 \ 1213 -s "found psk key exchange modes extension" \ 1214 -s "found pre_shared_key extension" \ 1215 -s "Found PSK_EPHEMERAL KEX MODE" \ 1216 -S "Found PSK KEX MODE" \ 1217 -s "No usable PSK or ticket" \ 1218 -S "key exchange mode: psk$" \ 1219 -S "key exchange mode: psk_ephemeral" \ 1220 -S "key exchange mode: ephemeral" 1221 1222 requires_openssl_tls1_3_with_compatible_ephemeral 1223 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1224 requires_config_enabled MBEDTLS_SSL_SRV_C 1225 requires_config_enabled MBEDTLS_DEBUG_C 1226 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1227 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1228 run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ 1229 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1230 "$O_NEXT_CLI -tls1_3 -msg \ 1231 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1232 1 \ 1233 -s "found psk key exchange modes extension" \ 1234 -s "found pre_shared_key extension" \ 1235 -s "Found PSK_EPHEMERAL KEX MODE" \ 1236 -S "Found PSK KEX MODE" \ 1237 -s "Invalid binder." \ 1238 -S "key exchange mode: psk$" \ 1239 -S "key exchange mode: psk_ephemeral" \ 1240 -S "key exchange mode: ephemeral" 1241 1242 requires_openssl_tls1_3_with_compatible_ephemeral 1243 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1244 requires_config_enabled MBEDTLS_SSL_SRV_C 1245 requires_config_enabled MBEDTLS_DEBUG_C 1246 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1247 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1248 run_test "TLS 1.3: O->m: all/psk_all, good" \ 1249 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1250 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1251 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1252 0 \ 1253 -s "found psk key exchange modes extension" \ 1254 -s "found pre_shared_key extension" \ 1255 -s "Found PSK_EPHEMERAL KEX MODE" \ 1256 -s "Found PSK KEX MODE" \ 1257 -s "Pre shared key found" \ 1258 -S "No usable PSK or ticket" \ 1259 -S "key exchange mode: psk$" \ 1260 -s "key exchange mode: psk_ephemeral" \ 1261 -S "key exchange mode: ephemeral" 1262 1263 requires_openssl_tls1_3_with_compatible_ephemeral 1264 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1265 requires_config_enabled MBEDTLS_SSL_SRV_C 1266 requires_config_enabled MBEDTLS_DEBUG_C 1267 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1268 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1269 run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ 1270 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1271 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1272 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1273 1 \ 1274 -s "found psk key exchange modes extension" \ 1275 -s "found pre_shared_key extension" \ 1276 -s "Found PSK_EPHEMERAL KEX MODE" \ 1277 -s "Found PSK KEX MODE" \ 1278 -s "No usable PSK or ticket" \ 1279 -S "key exchange mode: psk$" \ 1280 -S "key exchange mode: psk_ephemeral" \ 1281 -S "key exchange mode: ephemeral" 1282 1283 requires_openssl_tls1_3_with_compatible_ephemeral 1284 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1285 requires_config_enabled MBEDTLS_SSL_SRV_C 1286 requires_config_enabled MBEDTLS_DEBUG_C 1287 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1288 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1289 run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ 1290 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1291 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1292 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1293 1 \ 1294 -s "found psk key exchange modes extension" \ 1295 -s "found pre_shared_key extension" \ 1296 -s "Found PSK_EPHEMERAL KEX MODE" \ 1297 -s "Found PSK KEX MODE" \ 1298 -s "Invalid binder." \ 1299 -S "key exchange mode: psk$" \ 1300 -S "key exchange mode: psk_ephemeral" \ 1301 -S "key exchange mode: ephemeral" 1302 1303 requires_openssl_tls1_3_with_compatible_ephemeral 1304 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1305 requires_config_enabled MBEDTLS_SSL_SRV_C 1306 requires_config_enabled MBEDTLS_DEBUG_C 1307 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1308 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1309 run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ 1310 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1311 "$O_NEXT_CLI -tls1_3 -msg \ 1312 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1313 0 \ 1314 -s "found psk key exchange modes extension" \ 1315 -s "found pre_shared_key extension" \ 1316 -s "Found PSK_EPHEMERAL KEX MODE" \ 1317 -S "Found PSK KEX MODE" \ 1318 -s "Pre shared key found" \ 1319 -S "No usable PSK or ticket" \ 1320 -S "key exchange mode: psk$" \ 1321 -s "key exchange mode: psk_ephemeral" \ 1322 -S "key exchange mode: ephemeral" 1323 1324 requires_openssl_tls1_3_with_compatible_ephemeral 1325 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1326 requires_config_enabled MBEDTLS_SSL_SRV_C 1327 requires_config_enabled MBEDTLS_DEBUG_C 1328 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1329 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1330 run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 1331 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1332 "$O_NEXT_CLI -tls1_3 -msg \ 1333 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1334 0 \ 1335 -s "found psk key exchange modes extension" \ 1336 -s "found pre_shared_key extension" \ 1337 -s "Found PSK_EPHEMERAL KEX MODE" \ 1338 -S "Found PSK KEX MODE" \ 1339 -s "No usable PSK or ticket" \ 1340 -S "key exchange mode: psk$" \ 1341 -S "key exchange mode: psk_ephemeral" \ 1342 -s "key exchange mode: ephemeral" 1343 1344 requires_openssl_tls1_3_with_compatible_ephemeral 1345 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1346 requires_config_enabled MBEDTLS_SSL_SRV_C 1347 requires_config_enabled MBEDTLS_DEBUG_C 1348 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1349 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1350 run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 1351 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1352 "$O_NEXT_CLI -tls1_3 -msg \ 1353 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1354 1 \ 1355 -s "found psk key exchange modes extension" \ 1356 -s "found pre_shared_key extension" \ 1357 -s "Found PSK_EPHEMERAL KEX MODE" \ 1358 -S "Found PSK KEX MODE" \ 1359 -s "Invalid binder." \ 1360 -S "key exchange mode: psk$" \ 1361 -S "key exchange mode: psk_ephemeral" \ 1362 -S "key exchange mode: ephemeral" 1363 1364 requires_openssl_tls1_3_with_compatible_ephemeral 1365 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1366 requires_config_enabled MBEDTLS_SSL_SRV_C 1367 requires_config_enabled MBEDTLS_DEBUG_C 1368 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1369 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1370 run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ 1371 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1372 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1373 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1374 0 \ 1375 -s "found psk key exchange modes extension" \ 1376 -s "found pre_shared_key extension" \ 1377 -s "Found PSK_EPHEMERAL KEX MODE" \ 1378 -s "Found PSK KEX MODE" \ 1379 -s "Pre shared key found" \ 1380 -S "No usable PSK or ticket" \ 1381 -S "key exchange mode: psk$" \ 1382 -s "key exchange mode: psk_ephemeral" \ 1383 -S "key exchange mode: ephemeral" 1384 1385 requires_openssl_tls1_3_with_compatible_ephemeral 1386 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1387 requires_config_enabled MBEDTLS_SSL_SRV_C 1388 requires_config_enabled MBEDTLS_DEBUG_C 1389 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1390 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1391 run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ 1392 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1393 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1394 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1395 0 \ 1396 -s "found psk key exchange modes extension" \ 1397 -s "found pre_shared_key extension" \ 1398 -s "Found PSK_EPHEMERAL KEX MODE" \ 1399 -s "Found PSK KEX MODE" \ 1400 -s "No usable PSK or ticket" \ 1401 -S "key exchange mode: psk$" \ 1402 -S "key exchange mode: psk_ephemeral" \ 1403 -s "key exchange mode: ephemeral" 1404 1405 requires_openssl_tls1_3_with_compatible_ephemeral 1406 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1407 requires_config_enabled MBEDTLS_SSL_SRV_C 1408 requires_config_enabled MBEDTLS_DEBUG_C 1409 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1410 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1411 run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ 1412 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1413 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1414 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1415 1 \ 1416 -s "found psk key exchange modes extension" \ 1417 -s "found pre_shared_key extension" \ 1418 -s "Found PSK_EPHEMERAL KEX MODE" \ 1419 -s "Found PSK KEX MODE" \ 1420 -s "Invalid binder." \ 1421 -S "key exchange mode: psk$" \ 1422 -S "key exchange mode: psk_ephemeral" \ 1423 -S "key exchange mode: ephemeral" 1424 1425 requires_openssl_tls1_3_with_compatible_ephemeral 1426 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1427 requires_config_enabled MBEDTLS_SSL_SRV_C 1428 requires_config_enabled MBEDTLS_DEBUG_C 1429 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1430 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1431 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1432 run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ 1433 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1434 "$O_NEXT_CLI -tls1_3 -msg \ 1435 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1436 0 \ 1437 -s "found psk key exchange modes extension" \ 1438 -s "found pre_shared_key extension" \ 1439 -s "Found PSK_EPHEMERAL KEX MODE" \ 1440 -S "Found PSK KEX MODE" \ 1441 -s "Pre shared key found" \ 1442 -S "No usable PSK or ticket" \ 1443 -S "key exchange mode: psk$" \ 1444 -s "key exchange mode: psk_ephemeral" \ 1445 -S "key exchange mode: ephemeral" 1446 1447 requires_openssl_tls1_3_with_compatible_ephemeral 1448 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1449 requires_config_enabled MBEDTLS_SSL_SRV_C 1450 requires_config_enabled MBEDTLS_DEBUG_C 1451 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1452 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1453 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1454 run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ 1455 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1456 "$O_NEXT_CLI -tls1_3 -msg \ 1457 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1458 0 \ 1459 -s "found psk key exchange modes extension" \ 1460 -s "found pre_shared_key extension" \ 1461 -s "Found PSK_EPHEMERAL KEX MODE" \ 1462 -S "Found PSK KEX MODE" \ 1463 -s "No usable PSK or ticket" \ 1464 -S "key exchange mode: psk$" \ 1465 -S "key exchange mode: psk_ephemeral" \ 1466 -s "key exchange mode: ephemeral" 1467 1468 requires_openssl_tls1_3_with_compatible_ephemeral 1469 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1470 requires_config_enabled MBEDTLS_SSL_SRV_C 1471 requires_config_enabled MBEDTLS_DEBUG_C 1472 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1473 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1474 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1475 run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ 1476 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1477 "$O_NEXT_CLI -tls1_3 -msg \ 1478 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1479 1 \ 1480 -s "found psk key exchange modes extension" \ 1481 -s "found pre_shared_key extension" \ 1482 -s "Found PSK_EPHEMERAL KEX MODE" \ 1483 -S "Found PSK KEX MODE" \ 1484 -s "Invalid binder." \ 1485 -S "key exchange mode: psk$" \ 1486 -S "key exchange mode: psk_ephemeral" \ 1487 -S "key exchange mode: ephemeral" 1488 1489 requires_openssl_tls1_3_with_compatible_ephemeral 1490 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1491 requires_config_enabled MBEDTLS_SSL_SRV_C 1492 requires_config_enabled MBEDTLS_DEBUG_C 1493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1494 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1495 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1496 run_test "TLS 1.3: O->m: all/all, good" \ 1497 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1498 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1499 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1500 0 \ 1501 -s "found psk key exchange modes extension" \ 1502 -s "found pre_shared_key extension" \ 1503 -s "Found PSK_EPHEMERAL KEX MODE" \ 1504 -s "Found PSK KEX MODE" \ 1505 -s "Pre shared key found" \ 1506 -S "No usable PSK or ticket" \ 1507 -S "key exchange mode: psk$" \ 1508 -s "key exchange mode: psk_ephemeral" \ 1509 -S "key exchange mode: ephemeral" 1510 1511 requires_openssl_tls1_3_with_compatible_ephemeral 1512 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1513 requires_config_enabled MBEDTLS_SSL_SRV_C 1514 requires_config_enabled MBEDTLS_DEBUG_C 1515 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1516 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1517 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1518 run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ 1519 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1520 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1521 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1522 0 \ 1523 -s "found psk key exchange modes extension" \ 1524 -s "found pre_shared_key extension" \ 1525 -s "Found PSK_EPHEMERAL KEX MODE" \ 1526 -s "Found PSK KEX MODE" \ 1527 -s "No usable PSK or ticket" \ 1528 -S "key exchange mode: psk$" \ 1529 -S "key exchange mode: psk_ephemeral" \ 1530 -s "key exchange mode: ephemeral" 1531 1532 requires_openssl_tls1_3_with_compatible_ephemeral 1533 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1534 requires_config_enabled MBEDTLS_SSL_SRV_C 1535 requires_config_enabled MBEDTLS_DEBUG_C 1536 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1537 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1538 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1539 run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ 1540 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1541 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1542 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1543 1 \ 1544 -s "found psk key exchange modes extension" \ 1545 -s "found pre_shared_key extension" \ 1546 -s "Found PSK_EPHEMERAL KEX MODE" \ 1547 -s "Found PSK KEX MODE" \ 1548 -s "Invalid binder." \ 1549 -S "key exchange mode: psk$" \ 1550 -S "key exchange mode: psk_ephemeral" \ 1551 -S "key exchange mode: ephemeral" 1552 1553 requires_openssl_tls1_3_with_compatible_ephemeral 1554 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1555 requires_config_enabled MBEDTLS_SSL_SRV_C 1556 requires_config_enabled MBEDTLS_DEBUG_C 1557 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1558 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1559 run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ 1560 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1561 "$O_NEXT_CLI -tls1_3 -msg \ 1562 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1563 0 \ 1564 -s "found psk key exchange modes extension" \ 1565 -s "found pre_shared_key extension" \ 1566 -s "Found PSK_EPHEMERAL KEX MODE" \ 1567 -S "Found PSK KEX MODE" \ 1568 -s "No suitable PSK key exchange mode" \ 1569 -S "Pre shared key found" \ 1570 -s "No usable PSK or ticket" \ 1571 -S "key exchange mode: psk$" \ 1572 -S "key exchange mode: psk_ephemeral" \ 1573 -s "key exchange mode: ephemeral" 1574 1575 requires_openssl_tls1_3_with_compatible_ephemeral 1576 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1577 requires_config_enabled MBEDTLS_SSL_SRV_C 1578 requires_config_enabled MBEDTLS_DEBUG_C 1579 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1580 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1581 run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ 1582 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1583 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1584 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1585 0 \ 1586 -s "found psk key exchange modes extension" \ 1587 -s "found pre_shared_key extension" \ 1588 -s "Found PSK_EPHEMERAL KEX MODE" \ 1589 -s "Found PSK KEX MODE" \ 1590 -s "Pre shared key found" \ 1591 -S "No usable PSK or ticket" \ 1592 -S "key exchange mode: psk$" \ 1593 -S "key exchange mode: psk_ephemeral" \ 1594 -s "key exchange mode: ephemeral" 1595 1596 requires_openssl_tls1_3_with_compatible_ephemeral 1597 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1598 requires_config_enabled MBEDTLS_SSL_SRV_C 1599 requires_config_enabled MBEDTLS_DEBUG_C 1600 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1601 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1602 run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ 1603 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1604 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1605 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1606 1 \ 1607 -s "found psk key exchange modes extension" \ 1608 -s "found pre_shared_key extension" \ 1609 -s "Found PSK_EPHEMERAL KEX MODE" \ 1610 -s "Found PSK KEX MODE" \ 1611 -s "Invalid binder." \ 1612 -S "key exchange mode: psk$" \ 1613 -S "key exchange mode: psk_ephemeral" \ 1614 -S "key exchange mode: ephemeral" 1615 1616 requires_openssl_tls1_3_with_compatible_ephemeral 1617 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1618 requires_config_enabled MBEDTLS_SSL_SRV_C 1619 requires_config_enabled MBEDTLS_DEBUG_C 1620 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1621 requires_config_enabled PSA_WANT_ALG_ECDH 1622 requires_config_enabled PSA_WANT_ECC_SECP_R1_256 1623 run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ 1624 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1625 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ 1626 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1627 0 \ 1628 -s "write selected_group: secp256r1" \ 1629 -S "key exchange mode: psk$" \ 1630 -s "key exchange mode: psk_ephemeral" \ 1631 -S "key exchange mode: ephemeral" 1632 1633 requires_openssl_tls1_3_with_compatible_ephemeral 1634 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1635 requires_config_enabled MBEDTLS_SSL_SRV_C 1636 requires_config_enabled MBEDTLS_DEBUG_C 1637 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1638 requires_config_enabled PSA_WANT_ALG_ECDH 1639 requires_config_enabled PSA_WANT_ECC_SECP_R1_384 1640 run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ 1641 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1642 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ 1643 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1644 0 \ 1645 -s "write selected_group: secp384r1" \ 1646 -S "key exchange mode: psk$" \ 1647 -s "key exchange mode: psk_ephemeral" \ 1648 -S "key exchange mode: ephemeral" 1649 1650 requires_openssl_tls1_3_with_compatible_ephemeral 1651 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1652 requires_config_enabled MBEDTLS_SSL_SRV_C 1653 requires_config_enabled MBEDTLS_DEBUG_C 1654 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1655 requires_config_enabled PSA_WANT_ALG_ECDH 1656 requires_config_enabled PSA_WANT_ECC_SECP_R1_521 1657 run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ 1658 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1659 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ 1660 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1661 0 \ 1662 -s "write selected_group: secp521r1" \ 1663 -S "key exchange mode: psk$" \ 1664 -s "key exchange mode: psk_ephemeral" \ 1665 -S "key exchange mode: ephemeral" 1666 1667 requires_openssl_tls1_3_with_compatible_ephemeral 1668 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1669 requires_config_enabled MBEDTLS_SSL_SRV_C 1670 requires_config_enabled MBEDTLS_DEBUG_C 1671 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1672 requires_config_enabled PSA_WANT_ALG_ECDH 1673 requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 1674 run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ 1675 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1676 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ 1677 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1678 0 \ 1679 -s "write selected_group: x25519" \ 1680 -S "key exchange mode: psk$" \ 1681 -s "key exchange mode: psk_ephemeral" \ 1682 -S "key exchange mode: ephemeral" 1683 1684 requires_openssl_tls1_3_with_compatible_ephemeral 1685 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1686 requires_config_enabled MBEDTLS_SSL_SRV_C 1687 requires_config_enabled MBEDTLS_DEBUG_C 1688 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1689 requires_config_enabled PSA_WANT_ALG_ECDH 1690 requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448 1691 run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ 1692 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1693 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ 1694 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1695 0 \ 1696 -s "write selected_group: x448" \ 1697 -S "key exchange mode: psk$" \ 1698 -s "key exchange mode: psk_ephemeral" \ 1699 -S "key exchange mode: ephemeral" 1700 1701 requires_openssl_tls1_3_with_compatible_ephemeral 1702 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1703 requires_config_enabled MBEDTLS_SSL_SRV_C 1704 requires_config_enabled MBEDTLS_DEBUG_C 1705 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1706 requires_config_enabled PSA_WANT_ALG_ECDH 1707 requires_config_enabled PSA_WANT_ECC_SECP_R1_384 1708 run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1709 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1710 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ 1711 0 \ 1712 -s "write selected_group: secp384r1" \ 1713 -s "HRR selected_group: secp384r1" \ 1714 -S "key exchange mode: psk$" \ 1715 -s "key exchange mode: psk_ephemeral" \ 1716 -S "key exchange mode: ephemeral" 1717 1718 requires_gnutls_tls1_3 1719 requires_gnutls_next_no_ticket 1720 requires_gnutls_next_disable_tls13_compat 1721 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1722 requires_config_enabled MBEDTLS_SSL_SRV_C 1723 requires_config_enabled MBEDTLS_DEBUG_C 1724 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1725 requires_config_enabled PSA_WANT_ALG_ECDH 1726 requires_config_enabled PSA_WANT_ECC_SECP_R1_384 1727 run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1728 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1729 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ 1730 0 \ 1731 -s "write selected_group: secp384r1" \ 1732 -s "HRR selected_group: secp384r1" \ 1733 -S "key exchange mode: psk$" \ 1734 -s "key exchange mode: psk_ephemeral" \ 1735 -S "key exchange mode: ephemeral" 1736 1737 1738 # Add psk test cases for mbedtls client code 1739 1740 # MbedTls->MbedTLS kinds of tls13_kex_modes 1741 # PSK mode in client 1742 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1743 requires_config_enabled MBEDTLS_SSL_SRV_C 1744 requires_config_enabled MBEDTLS_SSL_CLI_C 1745 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1746 run_test "TLS 1.3: m->m: psk/psk, good" \ 1747 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1748 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1749 0 \ 1750 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1751 -c "client hello, adding psk_key_exchange_modes extension" \ 1752 -c "client hello, adding PSK binder list" \ 1753 -c "Selected key exchange mode: psk$" \ 1754 -c "HTTP/1.0 200 OK" 1755 1756 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1757 requires_config_enabled MBEDTLS_SSL_SRV_C 1758 requires_config_enabled MBEDTLS_SSL_CLI_C 1759 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1760 run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ 1761 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1762 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1763 1 \ 1764 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1765 -c "client hello, adding psk_key_exchange_modes extension" \ 1766 -c "client hello, adding PSK binder list" \ 1767 -s "No usable PSK or ticket" 1768 1769 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1770 requires_config_enabled MBEDTLS_SSL_SRV_C 1771 requires_config_enabled MBEDTLS_SSL_CLI_C 1772 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1773 run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ 1774 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1775 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1776 1 \ 1777 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1778 -c "client hello, adding psk_key_exchange_modes extension" \ 1779 -c "client hello, adding PSK binder list" \ 1780 -s "Invalid binder." 1781 1782 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1783 requires_config_enabled MBEDTLS_SSL_SRV_C 1784 requires_config_enabled MBEDTLS_SSL_CLI_C 1785 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1786 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1787 run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ 1788 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1789 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1790 1 \ 1791 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1792 -c "client hello, adding psk_key_exchange_modes extension" \ 1793 -c "client hello, adding PSK binder list" \ 1794 -s "ClientHello message misses mandatory extensions." 1795 1796 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1797 requires_config_enabled MBEDTLS_SSL_SRV_C 1798 requires_config_enabled MBEDTLS_SSL_CLI_C 1799 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1800 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1801 run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ 1802 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1803 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1804 1 \ 1805 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1806 -c "client hello, adding psk_key_exchange_modes extension" \ 1807 -c "client hello, adding PSK binder list" \ 1808 -s "ClientHello message misses mandatory extensions." 1809 1810 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1811 requires_config_enabled MBEDTLS_SSL_SRV_C 1812 requires_config_enabled MBEDTLS_SSL_CLI_C 1813 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1814 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1815 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1816 run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ 1817 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1818 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1819 1 \ 1820 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1821 -c "client hello, adding psk_key_exchange_modes extension" \ 1822 -c "client hello, adding PSK binder list" \ 1823 -s "ClientHello message misses mandatory extensions." 1824 1825 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1826 requires_config_enabled MBEDTLS_SSL_SRV_C 1827 requires_config_enabled MBEDTLS_SSL_CLI_C 1828 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1829 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1830 run_test "TLS 1.3: m->m: psk/psk_all, good" \ 1831 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1832 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1833 0 \ 1834 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1835 -c "client hello, adding psk_key_exchange_modes extension" \ 1836 -c "client hello, adding PSK binder list" \ 1837 -c "Selected key exchange mode: psk$" \ 1838 -c "HTTP/1.0 200 OK" 1839 1840 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1841 requires_config_enabled MBEDTLS_SSL_SRV_C 1842 requires_config_enabled MBEDTLS_SSL_CLI_C 1843 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1844 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1845 run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ 1846 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1847 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1848 1 \ 1849 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1850 -c "client hello, adding psk_key_exchange_modes extension" \ 1851 -c "client hello, adding PSK binder list" \ 1852 -s "No usable PSK or ticket" \ 1853 -s "ClientHello message misses mandatory extensions." 1854 1855 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1856 requires_config_enabled MBEDTLS_SSL_SRV_C 1857 requires_config_enabled MBEDTLS_SSL_CLI_C 1858 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1859 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1860 run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ 1861 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1862 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1863 1 \ 1864 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1865 -c "client hello, adding psk_key_exchange_modes extension" \ 1866 -c "client hello, adding PSK binder list" \ 1867 -s "Invalid binder." 1868 1869 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1870 requires_config_enabled MBEDTLS_SSL_SRV_C 1871 requires_config_enabled MBEDTLS_SSL_CLI_C 1872 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1873 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1874 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1875 run_test "TLS 1.3: m->m: psk/all, good" \ 1876 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1877 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1878 0 \ 1879 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1880 -c "client hello, adding psk_key_exchange_modes extension" \ 1881 -c "client hello, adding PSK binder list" \ 1882 -c "Selected key exchange mode: psk$" \ 1883 -c "HTTP/1.0 200 OK" 1884 1885 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1886 requires_config_enabled MBEDTLS_SSL_SRV_C 1887 requires_config_enabled MBEDTLS_SSL_CLI_C 1888 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1889 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1890 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1891 run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ 1892 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1893 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1894 1 \ 1895 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1896 -c "client hello, adding psk_key_exchange_modes extension" \ 1897 -c "client hello, adding PSK binder list" \ 1898 -s "No usable PSK or ticket" \ 1899 -s "ClientHello message misses mandatory extensions." 1900 1901 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1902 requires_config_enabled MBEDTLS_SSL_SRV_C 1903 requires_config_enabled MBEDTLS_SSL_CLI_C 1904 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1905 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1906 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1907 run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ 1908 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1909 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1910 1 \ 1911 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1912 -c "client hello, adding psk_key_exchange_modes extension" \ 1913 -c "client hello, adding PSK binder list" \ 1914 -s "Invalid binder." 1915 1916 # psk_ephemeral mode in client 1917 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1918 requires_config_enabled MBEDTLS_SSL_SRV_C 1919 requires_config_enabled MBEDTLS_SSL_CLI_C 1920 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1921 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1922 run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ 1923 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1924 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1925 1 \ 1926 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1927 -c "client hello, adding psk_key_exchange_modes extension" \ 1928 -c "client hello, adding PSK binder list" \ 1929 -s "ClientHello message misses mandatory extensions." 1930 1931 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1932 requires_config_enabled MBEDTLS_SSL_SRV_C 1933 requires_config_enabled MBEDTLS_SSL_CLI_C 1934 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1935 run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ 1936 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1937 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1938 0 \ 1939 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1940 -c "client hello, adding psk_key_exchange_modes extension" \ 1941 -c "client hello, adding PSK binder list" \ 1942 -c "Selected key exchange mode: psk_ephemeral" \ 1943 -c "HTTP/1.0 200 OK" 1944 1945 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1946 requires_config_enabled MBEDTLS_SSL_SRV_C 1947 requires_config_enabled MBEDTLS_SSL_CLI_C 1948 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1949 run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ 1950 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1951 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1952 1 \ 1953 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1954 -c "client hello, adding psk_key_exchange_modes extension" \ 1955 -c "client hello, adding PSK binder list" \ 1956 -s "No usable PSK or ticket" \ 1957 -s "ClientHello message misses mandatory extensions." 1958 1959 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1960 requires_config_enabled MBEDTLS_SSL_SRV_C 1961 requires_config_enabled MBEDTLS_SSL_CLI_C 1962 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1963 run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ 1964 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1965 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1966 1 \ 1967 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1968 -c "client hello, adding psk_key_exchange_modes extension" \ 1969 -c "client hello, adding PSK binder list" \ 1970 -s "Invalid binder." 1971 1972 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1973 requires_config_enabled MBEDTLS_SSL_SRV_C 1974 requires_config_enabled MBEDTLS_SSL_CLI_C 1975 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1976 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1977 run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ 1978 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1979 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1980 1 \ 1981 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1982 -c "client hello, adding psk_key_exchange_modes extension" \ 1983 -c "client hello, adding PSK binder list" 1984 1985 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1986 requires_config_enabled MBEDTLS_SSL_SRV_C 1987 requires_config_enabled MBEDTLS_SSL_CLI_C 1988 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1989 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1990 run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ 1991 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1992 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1993 0 \ 1994 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1995 -c "client hello, adding psk_key_exchange_modes extension" \ 1996 -c "client hello, adding PSK binder list" \ 1997 -c "Selected key exchange mode: psk_ephemeral" \ 1998 -c "HTTP/1.0 200 OK" 1999 2000 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2001 requires_config_enabled MBEDTLS_SSL_SRV_C 2002 requires_config_enabled MBEDTLS_SSL_CLI_C 2003 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2004 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2005 run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ 2006 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2007 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 2008 1 \ 2009 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2010 -c "client hello, adding psk_key_exchange_modes extension" \ 2011 -c "client hello, adding PSK binder list" \ 2012 -s "No usable PSK or ticket" 2013 2014 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2015 requires_config_enabled MBEDTLS_SSL_SRV_C 2016 requires_config_enabled MBEDTLS_SSL_CLI_C 2017 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2018 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2019 run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ 2020 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2021 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 2022 1 \ 2023 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2024 -c "client hello, adding psk_key_exchange_modes extension" \ 2025 -c "client hello, adding PSK binder list" \ 2026 -s "Invalid binder." 2027 2028 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2029 requires_config_enabled MBEDTLS_SSL_SRV_C 2030 requires_config_enabled MBEDTLS_SSL_CLI_C 2031 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2032 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2033 run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ 2034 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2035 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2036 0 \ 2037 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2038 -c "client hello, adding psk_key_exchange_modes extension" \ 2039 -c "client hello, adding PSK binder list" \ 2040 -c "Selected key exchange mode: psk_ephemeral" \ 2041 -c "HTTP/1.0 200 OK" 2042 2043 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2044 requires_config_enabled MBEDTLS_SSL_SRV_C 2045 requires_config_enabled MBEDTLS_SSL_CLI_C 2046 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2047 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2048 run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ 2049 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2050 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 2051 1 \ 2052 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2053 -c "client hello, adding psk_key_exchange_modes extension" \ 2054 -c "client hello, adding PSK binder list" \ 2055 -s "No usable PSK or ticket" \ 2056 -s "ClientHello message misses mandatory extensions." 2057 2058 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2059 requires_config_enabled MBEDTLS_SSL_SRV_C 2060 requires_config_enabled MBEDTLS_SSL_CLI_C 2061 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2062 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2063 run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ 2064 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2065 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2066 1 \ 2067 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2068 -c "client hello, adding psk_key_exchange_modes extension" \ 2069 -c "client hello, adding PSK binder list" \ 2070 -s "Invalid binder." 2071 2072 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2073 requires_config_enabled MBEDTLS_SSL_SRV_C 2074 requires_config_enabled MBEDTLS_SSL_CLI_C 2075 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2076 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2077 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2078 run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ 2079 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2080 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2081 0 \ 2082 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2083 -c "client hello, adding psk_key_exchange_modes extension" \ 2084 -c "client hello, adding PSK binder list" \ 2085 -c "Selected key exchange mode: psk_ephemeral" \ 2086 -c "HTTP/1.0 200 OK" 2087 2088 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2089 requires_config_enabled MBEDTLS_SSL_SRV_C 2090 requires_config_enabled MBEDTLS_SSL_CLI_C 2091 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2092 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2093 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2094 run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ 2095 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2096 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 2097 1 \ 2098 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2099 -c "client hello, adding psk_key_exchange_modes extension" \ 2100 -c "client hello, adding PSK binder list" \ 2101 -s "No usable PSK or ticket" \ 2102 2103 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2104 requires_config_enabled MBEDTLS_SSL_SRV_C 2105 requires_config_enabled MBEDTLS_SSL_CLI_C 2106 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2107 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2108 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2109 run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ 2110 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2111 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2112 1 \ 2113 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2114 -c "client hello, adding psk_key_exchange_modes extension" \ 2115 -c "client hello, adding PSK binder list" \ 2116 -s "Invalid binder." 2117 2118 # ephemeral mode in client 2119 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2120 requires_config_enabled MBEDTLS_SSL_SRV_C 2121 requires_config_enabled MBEDTLS_SSL_CLI_C 2122 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2123 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2124 run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ 2125 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2126 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2127 1 \ 2128 -s "ClientHello message misses mandatory extensions." 2129 2130 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2131 requires_config_enabled MBEDTLS_SSL_SRV_C 2132 requires_config_enabled MBEDTLS_SSL_CLI_C 2133 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2134 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2135 run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ 2136 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2137 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2138 1 \ 2139 -s "ClientHello message misses mandatory extensions." 2140 2141 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2142 requires_config_enabled MBEDTLS_SSL_SRV_C 2143 requires_config_enabled MBEDTLS_SSL_CLI_C 2144 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2145 run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ 2146 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2147 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2148 0 \ 2149 -c "Selected key exchange mode: ephemeral" \ 2150 -c "HTTP/1.0 200 OK" 2151 2152 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2153 requires_config_enabled MBEDTLS_SSL_SRV_C 2154 requires_config_enabled MBEDTLS_SSL_CLI_C 2155 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2156 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2157 run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ 2158 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2159 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2160 0 \ 2161 -c "Selected key exchange mode: ephemeral" \ 2162 -c "HTTP/1.0 200 OK" 2163 2164 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2165 requires_config_enabled MBEDTLS_SSL_SRV_C 2166 requires_config_enabled MBEDTLS_SSL_CLI_C 2167 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2168 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2169 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2170 run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ 2171 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2172 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2173 1 \ 2174 -s "ClientHello message misses mandatory extensions." 2175 2176 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2177 requires_config_enabled MBEDTLS_SSL_SRV_C 2178 requires_config_enabled MBEDTLS_SSL_CLI_C 2179 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2180 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2181 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2182 run_test "TLS 1.3: m->m: ephemeral/all, good" \ 2183 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2184 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2185 0 \ 2186 -c "Selected key exchange mode: ephemeral" \ 2187 -c "HTTP/1.0 200 OK" 2188 2189 # ephemeral_all mode in client 2190 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2191 requires_config_enabled MBEDTLS_SSL_SRV_C 2192 requires_config_enabled MBEDTLS_SSL_CLI_C 2193 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2194 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2195 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2196 run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ 2197 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2198 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2199 1 \ 2200 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2201 -c "client hello, adding psk_key_exchange_modes extension" \ 2202 -c "client hello, adding PSK binder list" \ 2203 -s "ClientHello message misses mandatory extensions." 2204 2205 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2206 requires_config_enabled MBEDTLS_SSL_SRV_C 2207 requires_config_enabled MBEDTLS_SSL_CLI_C 2208 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2209 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2210 run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ 2211 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2212 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2213 0 \ 2214 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2215 -c "client hello, adding psk_key_exchange_modes extension" \ 2216 -c "client hello, adding PSK binder list" \ 2217 -c "Selected key exchange mode: psk_ephemeral" \ 2218 -c "HTTP/1.0 200 OK" 2219 2220 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2221 requires_config_enabled MBEDTLS_SSL_SRV_C 2222 requires_config_enabled MBEDTLS_SSL_CLI_C 2223 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2224 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2225 run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 2226 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2227 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2228 1 \ 2229 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2230 -c "client hello, adding psk_key_exchange_modes extension" \ 2231 -c "client hello, adding PSK binder list" \ 2232 -s "No usable PSK or ticket" 2233 2234 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2235 requires_config_enabled MBEDTLS_SSL_SRV_C 2236 requires_config_enabled MBEDTLS_SSL_CLI_C 2237 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2238 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2239 run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 2240 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2241 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2242 1 \ 2243 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2244 -c "client hello, adding psk_key_exchange_modes extension" \ 2245 -c "client hello, adding PSK binder list" \ 2246 -s "Invalid binder." 2247 2248 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2249 requires_config_enabled MBEDTLS_SSL_SRV_C 2250 requires_config_enabled MBEDTLS_SSL_CLI_C 2251 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2252 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2253 run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ 2254 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2255 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2256 0 \ 2257 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2258 -c "client hello, adding psk_key_exchange_modes extension" \ 2259 -c "client hello, adding PSK binder list" \ 2260 -s "key exchange mode: ephemeral" \ 2261 -c "Selected key exchange mode: ephemeral" \ 2262 -c "HTTP/1.0 200 OK" 2263 2264 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2265 requires_config_enabled MBEDTLS_SSL_SRV_C 2266 requires_config_enabled MBEDTLS_SSL_CLI_C 2267 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2268 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2269 run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ 2270 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2271 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2272 0 \ 2273 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2274 -c "client hello, adding psk_key_exchange_modes extension" \ 2275 -c "client hello, adding PSK binder list" \ 2276 -c "Selected key exchange mode: psk_ephemeral" \ 2277 -c "HTTP/1.0 200 OK" 2278 2279 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2280 requires_config_enabled MBEDTLS_SSL_SRV_C 2281 requires_config_enabled MBEDTLS_SSL_CLI_C 2282 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2283 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2284 run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ 2285 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2286 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2287 0 \ 2288 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2289 -c "client hello, adding psk_key_exchange_modes extension" \ 2290 -c "client hello, adding PSK binder list" \ 2291 -s "No usable PSK or ticket" \ 2292 -s "key exchange mode: ephemeral" 2293 2294 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2295 requires_config_enabled MBEDTLS_SSL_SRV_C 2296 requires_config_enabled MBEDTLS_SSL_CLI_C 2297 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2298 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2299 run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 2300 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2301 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2302 1 \ 2303 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2304 -c "client hello, adding psk_key_exchange_modes extension" \ 2305 -c "client hello, adding PSK binder list" \ 2306 -s "Invalid binder." 2307 2308 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2309 requires_config_enabled MBEDTLS_SSL_SRV_C 2310 requires_config_enabled MBEDTLS_SSL_CLI_C 2311 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2312 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2313 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2314 run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ 2315 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2316 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2317 0 \ 2318 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2319 -c "client hello, adding psk_key_exchange_modes extension" \ 2320 -c "client hello, adding PSK binder list" \ 2321 -c "Selected key exchange mode: psk_ephemeral" \ 2322 -c "HTTP/1.0 200 OK" 2323 2324 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2325 requires_config_enabled MBEDTLS_SSL_SRV_C 2326 requires_config_enabled MBEDTLS_SSL_CLI_C 2327 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2328 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2329 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2330 run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ 2331 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2332 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2333 1 \ 2334 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2335 -c "client hello, adding psk_key_exchange_modes extension" \ 2336 -c "client hello, adding PSK binder list" \ 2337 -s "No usable PSK or ticket" \ 2338 -s "ClientHello message misses mandatory extensions." 2339 2340 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2341 requires_config_enabled MBEDTLS_SSL_SRV_C 2342 requires_config_enabled MBEDTLS_SSL_CLI_C 2343 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2344 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2345 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2346 run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ 2347 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2348 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2349 1 \ 2350 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2351 -c "client hello, adding psk_key_exchange_modes extension" \ 2352 -c "client hello, adding PSK binder list" \ 2353 -s "Invalid binder." 2354 2355 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2356 requires_config_enabled MBEDTLS_SSL_SRV_C 2357 requires_config_enabled MBEDTLS_SSL_CLI_C 2358 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2359 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2360 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2361 run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ 2362 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2363 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2364 0 \ 2365 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2366 -c "client hello, adding psk_key_exchange_modes extension" \ 2367 -c "client hello, adding PSK binder list" \ 2368 -c "Selected key exchange mode: psk_ephemeral" \ 2369 -c "HTTP/1.0 200 OK" 2370 2371 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2372 requires_config_enabled MBEDTLS_SSL_SRV_C 2373 requires_config_enabled MBEDTLS_SSL_CLI_C 2374 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2375 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2376 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2377 run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ 2378 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2379 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2380 0 \ 2381 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2382 -c "client hello, adding psk_key_exchange_modes extension" \ 2383 -c "client hello, adding PSK binder list" \ 2384 -s "No usable PSK or ticket" \ 2385 -s "key exchange mode: ephemeral" 2386 2387 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2388 requires_config_enabled MBEDTLS_SSL_SRV_C 2389 requires_config_enabled MBEDTLS_SSL_CLI_C 2390 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2391 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2392 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2393 run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ 2394 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2395 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2396 1 \ 2397 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2398 -c "client hello, adding psk_key_exchange_modes extension" \ 2399 -c "client hello, adding PSK binder list" \ 2400 -s "Invalid binder." 2401 2402 # psk_all mode in client 2403 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2404 requires_config_enabled MBEDTLS_SSL_SRV_C 2405 requires_config_enabled MBEDTLS_SSL_CLI_C 2406 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2407 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2408 run_test "TLS 1.3: m->m: psk_all/psk, good" \ 2409 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2410 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2411 0 \ 2412 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2413 -c "client hello, adding psk_key_exchange_modes extension" \ 2414 -c "client hello, adding PSK binder list" \ 2415 -c "Selected key exchange mode: psk$" \ 2416 -c "HTTP/1.0 200 OK" 2417 2418 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2419 requires_config_enabled MBEDTLS_SSL_SRV_C 2420 requires_config_enabled MBEDTLS_SSL_CLI_C 2421 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2422 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2423 run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ 2424 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2425 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2426 1 \ 2427 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2428 -c "client hello, adding psk_key_exchange_modes extension" \ 2429 -c "client hello, adding PSK binder list" \ 2430 -s "ClientHello message misses mandatory extensions." 2431 2432 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2433 requires_config_enabled MBEDTLS_SSL_SRV_C 2434 requires_config_enabled MBEDTLS_SSL_CLI_C 2435 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2436 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2437 run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ 2438 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2439 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2440 1 \ 2441 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2442 -c "client hello, adding psk_key_exchange_modes extension" \ 2443 -c "client hello, adding PSK binder list" \ 2444 -s "Invalid binder." 2445 2446 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2447 requires_config_enabled MBEDTLS_SSL_SRV_C 2448 requires_config_enabled MBEDTLS_SSL_CLI_C 2449 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2450 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2451 run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ 2452 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2453 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2454 0 \ 2455 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2456 -c "client hello, adding psk_key_exchange_modes extension" \ 2457 -c "client hello, adding PSK binder list" \ 2458 -c "Selected key exchange mode: psk_ephemeral" \ 2459 -c "HTTP/1.0 200 OK" 2460 2461 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2462 requires_config_enabled MBEDTLS_SSL_SRV_C 2463 requires_config_enabled MBEDTLS_SSL_CLI_C 2464 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2465 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2466 run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ 2467 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2468 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2469 1 \ 2470 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2471 -c "client hello, adding psk_key_exchange_modes extension" \ 2472 -c "client hello, adding PSK binder list" \ 2473 -s "No usable PSK or ticket" \ 2474 -s "ClientHello message misses mandatory extensions." 2475 2476 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2477 requires_config_enabled MBEDTLS_SSL_SRV_C 2478 requires_config_enabled MBEDTLS_SSL_CLI_C 2479 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2480 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2481 run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ 2482 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2483 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2484 1 \ 2485 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2486 -c "client hello, adding psk_key_exchange_modes extension" \ 2487 -c "client hello, adding PSK binder list" \ 2488 -s "Invalid binder." 2489 2490 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2491 requires_config_enabled MBEDTLS_SSL_SRV_C 2492 requires_config_enabled MBEDTLS_SSL_CLI_C 2493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2494 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2495 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2496 run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ 2497 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2498 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2499 1 \ 2500 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2501 -c "client hello, adding psk_key_exchange_modes extension" \ 2502 -c "client hello, adding PSK binder list" 2503 2504 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2505 requires_config_enabled MBEDTLS_SSL_SRV_C 2506 requires_config_enabled MBEDTLS_SSL_CLI_C 2507 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2508 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2509 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2510 run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ 2511 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2512 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2513 0 \ 2514 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2515 -c "client hello, adding psk_key_exchange_modes extension" \ 2516 -c "client hello, adding PSK binder list" \ 2517 -c "Selected key exchange mode: psk_ephemeral" \ 2518 -c "HTTP/1.0 200 OK" 2519 2520 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2521 requires_config_enabled MBEDTLS_SSL_SRV_C 2522 requires_config_enabled MBEDTLS_SSL_CLI_C 2523 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2524 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2525 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2526 run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ 2527 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2528 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2529 1 \ 2530 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2531 -c "client hello, adding psk_key_exchange_modes extension" \ 2532 -c "client hello, adding PSK binder list" \ 2533 -s "No usable PSK or ticket" 2534 2535 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2536 requires_config_enabled MBEDTLS_SSL_SRV_C 2537 requires_config_enabled MBEDTLS_SSL_CLI_C 2538 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2539 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2540 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2541 run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ 2542 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2543 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2544 1 \ 2545 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2546 -c "client hello, adding psk_key_exchange_modes extension" \ 2547 -c "client hello, adding PSK binder list" \ 2548 -s "Invalid binder." 2549 2550 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2551 requires_config_enabled MBEDTLS_SSL_SRV_C 2552 requires_config_enabled MBEDTLS_SSL_CLI_C 2553 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2554 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2555 run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ 2556 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2557 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2558 0 \ 2559 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2560 -c "client hello, adding psk_key_exchange_modes extension" \ 2561 -c "client hello, adding PSK binder list" \ 2562 -c "Selected key exchange mode: psk_ephemeral" \ 2563 -c "HTTP/1.0 200 OK" 2564 2565 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2566 requires_config_enabled MBEDTLS_SSL_SRV_C 2567 requires_config_enabled MBEDTLS_SSL_CLI_C 2568 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2569 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2570 run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ 2571 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2572 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2573 1 \ 2574 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2575 -c "client hello, adding psk_key_exchange_modes extension" \ 2576 -c "client hello, adding PSK binder list" \ 2577 -s "No usable PSK or ticket" \ 2578 -s "ClientHello message misses mandatory extensions." 2579 2580 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2581 requires_config_enabled MBEDTLS_SSL_SRV_C 2582 requires_config_enabled MBEDTLS_SSL_CLI_C 2583 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2584 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2585 run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ 2586 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2587 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2588 1 \ 2589 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2590 -c "client hello, adding psk_key_exchange_modes extension" \ 2591 -c "client hello, adding PSK binder list" \ 2592 -s "Invalid binder." 2593 2594 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2595 requires_config_enabled MBEDTLS_SSL_SRV_C 2596 requires_config_enabled MBEDTLS_SSL_CLI_C 2597 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2598 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2599 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2600 run_test "TLS 1.3: m->m: psk_all/all, good" \ 2601 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2602 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2603 0 \ 2604 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2605 -c "client hello, adding psk_key_exchange_modes extension" \ 2606 -c "client hello, adding PSK binder list" \ 2607 -c "Selected key exchange mode: psk_ephemeral" \ 2608 -c "HTTP/1.0 200 OK" 2609 2610 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2611 requires_config_enabled MBEDTLS_SSL_SRV_C 2612 requires_config_enabled MBEDTLS_SSL_CLI_C 2613 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2614 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2615 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2616 run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ 2617 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2618 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2619 1 \ 2620 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2621 -c "client hello, adding psk_key_exchange_modes extension" \ 2622 -c "client hello, adding PSK binder list" \ 2623 -s "No usable PSK or ticket" 2624 2625 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2626 requires_config_enabled MBEDTLS_SSL_SRV_C 2627 requires_config_enabled MBEDTLS_SSL_CLI_C 2628 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2629 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2630 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2631 run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ 2632 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2633 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2634 1 \ 2635 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2636 -c "client hello, adding psk_key_exchange_modes extension" \ 2637 -c "client hello, adding PSK binder list" \ 2638 -s "Invalid binder." 2639 2640 # all mode in client 2641 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2642 requires_config_enabled MBEDTLS_SSL_SRV_C 2643 requires_config_enabled MBEDTLS_SSL_CLI_C 2644 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2645 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2646 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2647 run_test "TLS 1.3: m->m: all/psk, good" \ 2648 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2649 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2650 0 \ 2651 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2652 -c "client hello, adding psk_key_exchange_modes extension" \ 2653 -c "client hello, adding PSK binder list" \ 2654 -c "Selected key exchange mode: psk$" \ 2655 -c "HTTP/1.0 200 OK" 2656 2657 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2658 requires_config_enabled MBEDTLS_SSL_SRV_C 2659 requires_config_enabled MBEDTLS_SSL_CLI_C 2660 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2661 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2662 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2663 run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ 2664 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2665 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2666 1 \ 2667 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2668 -c "client hello, adding psk_key_exchange_modes extension" \ 2669 -c "client hello, adding PSK binder list" \ 2670 -s "No usable PSK or ticket" \ 2671 -s "ClientHello message misses mandatory extensions." 2672 2673 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2674 requires_config_enabled MBEDTLS_SSL_SRV_C 2675 requires_config_enabled MBEDTLS_SSL_CLI_C 2676 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2677 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2678 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2679 run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ 2680 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2681 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2682 1 \ 2683 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2684 -c "client hello, adding psk_key_exchange_modes extension" \ 2685 -c "client hello, adding PSK binder list" \ 2686 -s "Invalid binder." 2687 2688 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2689 requires_config_enabled MBEDTLS_SSL_SRV_C 2690 requires_config_enabled MBEDTLS_SSL_CLI_C 2691 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2692 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2693 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2694 run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ 2695 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2696 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2697 0 \ 2698 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2699 -c "client hello, adding psk_key_exchange_modes extension" \ 2700 -c "client hello, adding PSK binder list" \ 2701 -c "Selected key exchange mode: psk_ephemeral" \ 2702 -c "HTTP/1.0 200 OK" 2703 2704 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2705 requires_config_enabled MBEDTLS_SSL_SRV_C 2706 requires_config_enabled MBEDTLS_SSL_CLI_C 2707 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2708 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2709 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2710 run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ 2711 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2712 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2713 1 \ 2714 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2715 -c "client hello, adding psk_key_exchange_modes extension" \ 2716 -c "client hello, adding PSK binder list" \ 2717 -s "No usable PSK or ticket" \ 2718 -s "ClientHello message misses mandatory extensions." 2719 2720 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2721 requires_config_enabled MBEDTLS_SSL_SRV_C 2722 requires_config_enabled MBEDTLS_SSL_CLI_C 2723 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2724 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2725 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2726 run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ 2727 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2728 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2729 1 \ 2730 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2731 -c "client hello, adding psk_key_exchange_modes extension" \ 2732 -c "client hello, adding PSK binder list" \ 2733 -s "Invalid binder." 2734 2735 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2736 requires_config_enabled MBEDTLS_SSL_SRV_C 2737 requires_config_enabled MBEDTLS_SSL_CLI_C 2738 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2739 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2740 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2741 run_test "TLS 1.3: m->m: all/ephemeral, good" \ 2742 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2743 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2744 0 \ 2745 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2746 -c "client hello, adding psk_key_exchange_modes extension" \ 2747 -c "client hello, adding PSK binder list" \ 2748 -c "Selected key exchange mode: ephemeral" \ 2749 -c "HTTP/1.0 200 OK" 2750 2751 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2752 requires_config_enabled MBEDTLS_SSL_SRV_C 2753 requires_config_enabled MBEDTLS_SSL_CLI_C 2754 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2755 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2756 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2757 run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ 2758 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2759 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2760 0 \ 2761 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2762 -c "client hello, adding psk_key_exchange_modes extension" \ 2763 -c "client hello, adding PSK binder list" \ 2764 -c "Selected key exchange mode: psk_ephemeral" \ 2765 -c "HTTP/1.0 200 OK" 2766 2767 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2768 requires_config_enabled MBEDTLS_SSL_SRV_C 2769 requires_config_enabled MBEDTLS_SSL_CLI_C 2770 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2771 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2772 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2773 run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ 2774 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2775 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2776 0 \ 2777 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2778 -c "client hello, adding psk_key_exchange_modes extension" \ 2779 -c "client hello, adding PSK binder list" \ 2780 -s "No usable PSK or ticket" \ 2781 -c "Selected key exchange mode: ephemeral" \ 2782 -c "HTTP/1.0 200 OK" 2783 2784 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2785 requires_config_enabled MBEDTLS_SSL_SRV_C 2786 requires_config_enabled MBEDTLS_SSL_CLI_C 2787 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2788 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2789 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2790 run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ 2791 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2792 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2793 1 \ 2794 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2795 -c "client hello, adding psk_key_exchange_modes extension" \ 2796 -c "client hello, adding PSK binder list" \ 2797 -s "Invalid binder." 2798 2799 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2800 requires_config_enabled MBEDTLS_SSL_SRV_C 2801 requires_config_enabled MBEDTLS_SSL_CLI_C 2802 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2803 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2804 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2805 run_test "TLS 1.3: m->m: all/psk_all, good" \ 2806 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2807 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2808 0 \ 2809 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2810 -c "client hello, adding psk_key_exchange_modes extension" \ 2811 -c "client hello, adding PSK binder list" \ 2812 -c "Selected key exchange mode: psk_ephemeral" \ 2813 -c "HTTP/1.0 200 OK" 2814 2815 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2816 requires_config_enabled MBEDTLS_SSL_SRV_C 2817 requires_config_enabled MBEDTLS_SSL_CLI_C 2818 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2819 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2820 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2821 run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ 2822 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2823 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2824 1 \ 2825 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2826 -c "client hello, adding psk_key_exchange_modes extension" \ 2827 -c "client hello, adding PSK binder list" \ 2828 -s "No usable PSK or ticket" \ 2829 -s "ClientHello message misses mandatory extensions." 2830 2831 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2832 requires_config_enabled MBEDTLS_SSL_SRV_C 2833 requires_config_enabled MBEDTLS_SSL_CLI_C 2834 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2835 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2836 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2837 run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ 2838 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2839 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2840 1 \ 2841 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2842 -c "client hello, adding psk_key_exchange_modes extension" \ 2843 -c "client hello, adding PSK binder list" \ 2844 -s "Invalid binder." 2845 2846 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2847 requires_config_enabled MBEDTLS_SSL_SRV_C 2848 requires_config_enabled MBEDTLS_SSL_CLI_C 2849 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2850 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2851 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2852 run_test "TLS 1.3: m->m: all/all, good" \ 2853 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2854 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2855 0 \ 2856 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2857 -c "client hello, adding psk_key_exchange_modes extension" \ 2858 -c "client hello, adding PSK binder list" \ 2859 -c "Selected key exchange mode: psk_ephemeral" \ 2860 -c "HTTP/1.0 200 OK" 2861 2862 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2863 requires_config_enabled MBEDTLS_SSL_SRV_C 2864 requires_config_enabled MBEDTLS_SSL_CLI_C 2865 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2866 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2867 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2868 run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ 2869 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2870 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2871 0 \ 2872 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2873 -c "client hello, adding psk_key_exchange_modes extension" \ 2874 -c "client hello, adding PSK binder list" \ 2875 -s "No usable PSK or ticket" \ 2876 -s "key exchange mode: ephemeral" 2877 2878 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2879 requires_config_enabled MBEDTLS_SSL_SRV_C 2880 requires_config_enabled MBEDTLS_SSL_CLI_C 2881 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2882 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2883 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2884 run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ 2885 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2886 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2887 1 \ 2888 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2889 -c "client hello, adding psk_key_exchange_modes extension" \ 2890 -c "client hello, adding PSK binder list" \ 2891 -s "Invalid binder." 2892 2893 #OPENSSL-SERVER psk mode 2894 requires_openssl_tls1_3 2895 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2896 requires_config_enabled MBEDTLS_DEBUG_C 2897 requires_config_enabled MBEDTLS_SSL_CLI_C 2898 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2899 run_test "TLS 1.3: m->O: psk/all, good" \ 2900 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2901 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2902 0 \ 2903 -c "=> write client hello" \ 2904 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2905 -c "client hello, adding psk_key_exchange_modes extension" \ 2906 -c "client hello, adding PSK binder list" \ 2907 -c "<= write client hello" \ 2908 -c "Selected key exchange mode: psk$" \ 2909 -c "HTTP/1.0 200 ok" 2910 2911 requires_openssl_tls1_3 2912 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2913 requires_config_enabled MBEDTLS_DEBUG_C 2914 requires_config_enabled MBEDTLS_SSL_CLI_C 2915 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2916 run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ 2917 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2918 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2919 1 \ 2920 -c "=> write client hello" \ 2921 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2922 -c "client hello, adding psk_key_exchange_modes extension" \ 2923 -c "client hello, adding PSK binder list" \ 2924 -c "<= write client hello" \ 2925 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2926 2927 #OPENSSL-SERVER psk_all mode 2928 requires_openssl_tls1_3_with_compatible_ephemeral 2929 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2930 requires_config_enabled MBEDTLS_DEBUG_C 2931 requires_config_enabled MBEDTLS_SSL_CLI_C 2932 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2933 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2934 run_test "TLS 1.3: m->O: psk_all/all, good" \ 2935 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2936 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2937 0 \ 2938 -c "=> write client hello" \ 2939 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2940 -c "client hello, adding psk_key_exchange_modes extension" \ 2941 -c "client hello, adding PSK binder list" \ 2942 -c "<= write client hello" \ 2943 -c "Selected key exchange mode: psk_ephemeral" \ 2944 -c "HTTP/1.0 200 ok" 2945 2946 requires_openssl_tls1_3_with_compatible_ephemeral 2947 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2948 requires_config_enabled MBEDTLS_DEBUG_C 2949 requires_config_enabled MBEDTLS_SSL_CLI_C 2950 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2951 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2952 run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ 2953 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2954 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2955 0 \ 2956 -c "=> write client hello" \ 2957 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2958 -c "client hello, adding psk_key_exchange_modes extension" \ 2959 -c "client hello, adding PSK binder list" \ 2960 -c "<= write client hello" \ 2961 -c "Selected key exchange mode: psk_ephemeral" \ 2962 -c "HTTP/1.0 200 ok" 2963 2964 #OPENSSL-SERVER psk_ephemeral mode 2965 requires_openssl_tls1_3_with_compatible_ephemeral 2966 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2967 requires_config_enabled MBEDTLS_DEBUG_C 2968 requires_config_enabled MBEDTLS_SSL_CLI_C 2969 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2970 run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ 2971 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2972 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2973 0 \ 2974 -c "=> write client hello" \ 2975 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2976 -c "client hello, adding psk_key_exchange_modes extension" \ 2977 -c "client hello, adding PSK binder list" \ 2978 -c "<= write client hello" \ 2979 -c "Selected key exchange mode: psk_ephemeral" \ 2980 -c "HTTP/1.0 200 ok" 2981 2982 requires_openssl_tls1_3_with_compatible_ephemeral 2983 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2984 requires_config_enabled MBEDTLS_DEBUG_C 2985 requires_config_enabled MBEDTLS_SSL_CLI_C 2986 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2987 run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ 2988 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2989 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2990 0 \ 2991 -c "=> write client hello" \ 2992 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2993 -c "client hello, adding psk_key_exchange_modes extension" \ 2994 -c "client hello, adding PSK binder list" \ 2995 -c "<= write client hello" \ 2996 -c "Selected key exchange mode: psk_ephemeral" \ 2997 -c "HTTP/1.0 200 ok" 2998 2999 #OPENSSL-SERVER ephemeral mode 3000 requires_openssl_tls1_3_with_compatible_ephemeral 3001 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3002 requires_config_enabled MBEDTLS_DEBUG_C 3003 requires_config_enabled MBEDTLS_SSL_CLI_C 3004 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3005 run_test "TLS 1.3: m->O: ephemeral/all, good" \ 3006 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ 3007 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3008 0 \ 3009 -c "Selected key exchange mode: ephemeral" \ 3010 -c "HTTP/1.0 200 ok" 3011 3012 requires_openssl_tls1_3_with_compatible_ephemeral 3013 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3014 requires_config_enabled MBEDTLS_DEBUG_C 3015 requires_config_enabled MBEDTLS_SSL_CLI_C 3016 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3017 run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ 3018 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 3019 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3020 0 \ 3021 -c "Selected key exchange mode: ephemeral" \ 3022 -c "HTTP/1.0 200 ok" 3023 3024 #OPENSSL-SERVER ephemeral_all mode 3025 requires_openssl_tls1_3_with_compatible_ephemeral 3026 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3027 requires_config_enabled MBEDTLS_DEBUG_C 3028 requires_config_enabled MBEDTLS_SSL_CLI_C 3029 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3030 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3031 run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ 3032 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 3033 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3034 0 \ 3035 -c "=> write client hello" \ 3036 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3037 -c "client hello, adding psk_key_exchange_modes extension" \ 3038 -c "client hello, adding PSK binder list" \ 3039 -c "Selected key exchange mode: psk_ephemeral" \ 3040 -c "<= write client hello" \ 3041 -c "HTTP/1.0 200 ok" 3042 3043 requires_openssl_tls1_3_with_compatible_ephemeral 3044 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3045 requires_config_enabled MBEDTLS_DEBUG_C 3046 requires_config_enabled MBEDTLS_SSL_CLI_C 3047 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3048 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3049 run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ 3050 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 3051 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3052 0 \ 3053 -c "=> write client hello" \ 3054 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3055 -c "client hello, adding psk_key_exchange_modes extension" \ 3056 -c "client hello, adding PSK binder list" \ 3057 -c "Selected key exchange mode: psk_ephemeral" \ 3058 -c "<= write client hello" \ 3059 -c "HTTP/1.0 200 ok" 3060 3061 #OPENSSL-SERVER all mode 3062 requires_openssl_tls1_3_with_compatible_ephemeral 3063 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3064 requires_config_enabled MBEDTLS_DEBUG_C 3065 requires_config_enabled MBEDTLS_SSL_CLI_C 3066 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3067 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3068 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3069 run_test "TLS 1.3: m->O: all/all, good" \ 3070 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 3071 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3072 0 \ 3073 -c "=> write client hello" \ 3074 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3075 -c "client hello, adding psk_key_exchange_modes extension" \ 3076 -c "client hello, adding PSK binder list" \ 3077 -c "Selected key exchange mode: psk_ephemeral" \ 3078 -c "<= write client hello" \ 3079 -c "HTTP/1.0 200 ok" 3080 3081 requires_openssl_tls1_3_with_compatible_ephemeral 3082 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3083 requires_config_enabled MBEDTLS_DEBUG_C 3084 requires_config_enabled MBEDTLS_SSL_CLI_C 3085 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3086 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3087 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3088 run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ 3089 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 3090 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3091 0 \ 3092 -c "=> write client hello" \ 3093 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3094 -c "client hello, adding psk_key_exchange_modes extension" \ 3095 -c "client hello, adding PSK binder list" \ 3096 -c "Selected key exchange mode: psk_ephemeral" \ 3097 -c "<= write client hello" \ 3098 -c "HTTP/1.0 200 ok" 3099 3100 #GNUTLS-SERVER psk mode 3101 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3102 requires_gnutls_tls1_3 3103 requires_config_enabled MBEDTLS_DEBUG_C 3104 requires_config_enabled MBEDTLS_SSL_CLI_C 3105 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3106 run_test "TLS 1.3: m->G: psk/all, good" \ 3107 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3108 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 3109 0 \ 3110 -c "=> write client hello" \ 3111 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3112 -c "client hello, adding psk_key_exchange_modes extension" \ 3113 -c "client hello, adding PSK binder list" \ 3114 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3115 -s "Parsing extension 'Pre Shared Key/41'" \ 3116 -c "<= write client hello" \ 3117 -c "Selected key exchange mode: psk$" \ 3118 -c "HTTP/1.0 200 OK" 3119 3120 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3121 requires_gnutls_tls1_3 3122 requires_config_enabled MBEDTLS_DEBUG_C 3123 requires_config_enabled MBEDTLS_SSL_CLI_C 3124 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3125 run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ 3126 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3127 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 3128 1 \ 3129 -c "=> write client hello" \ 3130 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3131 -c "client hello, adding psk_key_exchange_modes extension" \ 3132 -c "client hello, adding PSK binder list" \ 3133 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3134 -s "Parsing extension 'Pre Shared Key/41'" \ 3135 -c "<= write client hello" \ 3136 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 3137 3138 #GNUTLS-SERVER psk_all mode 3139 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3140 requires_gnutls_tls1_3 3141 requires_config_enabled MBEDTLS_DEBUG_C 3142 requires_config_enabled MBEDTLS_SSL_CLI_C 3143 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3144 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3145 run_test "TLS 1.3: m->G: psk_all/all, good" \ 3146 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3147 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 3148 0 \ 3149 -c "=> write client hello" \ 3150 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3151 -c "client hello, adding psk_key_exchange_modes extension" \ 3152 -c "client hello, adding PSK binder list" \ 3153 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3154 -s "Parsing extension 'Pre Shared Key/41'" \ 3155 -c "<= write client hello" \ 3156 -c "Selected key exchange mode: psk_ephemeral" \ 3157 -c "HTTP/1.0 200 OK" 3158 3159 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3160 requires_gnutls_tls1_3 3161 requires_config_enabled MBEDTLS_DEBUG_C 3162 requires_config_enabled MBEDTLS_SSL_CLI_C 3163 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3164 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3165 run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ 3166 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3167 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 3168 0 \ 3169 -c "=> write client hello" \ 3170 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3171 -c "client hello, adding psk_key_exchange_modes extension" \ 3172 -c "client hello, adding PSK binder list" \ 3173 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3174 -s "Parsing extension 'Pre Shared Key/41'" \ 3175 -c "<= write client hello" \ 3176 -c "Selected key exchange mode: psk_ephemeral" \ 3177 -c "HTTP/1.0 200 OK" 3178 3179 #GNUTLS-SERVER psk_ephemeral mode 3180 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3181 requires_gnutls_tls1_3 3182 requires_config_enabled MBEDTLS_DEBUG_C 3183 requires_config_enabled MBEDTLS_SSL_CLI_C 3184 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3185 run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ 3186 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3187 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3188 0 \ 3189 -c "=> write client hello" \ 3190 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3191 -c "client hello, adding psk_key_exchange_modes extension" \ 3192 -c "client hello, adding PSK binder list" \ 3193 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3194 -s "Parsing extension 'Pre Shared Key/41'" \ 3195 -c "<= write client hello" \ 3196 -c "Selected key exchange mode: psk_ephemeral" \ 3197 -c "HTTP/1.0 200 OK" 3198 3199 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3200 requires_gnutls_tls1_3 3201 requires_config_enabled MBEDTLS_DEBUG_C 3202 requires_config_enabled MBEDTLS_SSL_CLI_C 3203 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3204 run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ 3205 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3206 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3207 0 \ 3208 -c "=> write client hello" \ 3209 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3210 -c "client hello, adding psk_key_exchange_modes extension" \ 3211 -c "client hello, adding PSK binder list" \ 3212 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3213 -s "Parsing extension 'Pre Shared Key/41'" \ 3214 -c "<= write client hello" \ 3215 -c "Selected key exchange mode: psk_ephemeral" \ 3216 -c "HTTP/1.0 200 OK" 3217 3218 #GNUTLS-SERVER ephemeral mode 3219 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3220 requires_gnutls_tls1_3 3221 requires_config_enabled MBEDTLS_DEBUG_C 3222 requires_config_enabled MBEDTLS_SSL_CLI_C 3223 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3224 run_test "TLS 1.3: m->G: ephemeral/all, good" \ 3225 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3226 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3227 0 \ 3228 -c "Selected key exchange mode: ephemeral" \ 3229 -c "HTTP/1.0 200 OK" 3230 3231 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3232 requires_gnutls_tls1_3 3233 requires_config_enabled MBEDTLS_DEBUG_C 3234 requires_config_enabled MBEDTLS_SSL_CLI_C 3235 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3236 run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ 3237 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3238 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3239 0 \ 3240 -c "Selected key exchange mode: ephemeral" \ 3241 -c "HTTP/1.0 200 OK" 3242 3243 #GNUTLS-SERVER ephemeral_all mode 3244 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3245 requires_gnutls_tls1_3 3246 requires_config_enabled MBEDTLS_DEBUG_C 3247 requires_config_enabled MBEDTLS_SSL_CLI_C 3248 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3249 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3250 run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ 3251 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3252 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3253 0 \ 3254 -c "=> write client hello" \ 3255 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3256 -c "client hello, adding psk_key_exchange_modes extension" \ 3257 -c "client hello, adding PSK binder list" \ 3258 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3259 -s "Parsing extension 'Pre Shared Key/41'" \ 3260 -c "<= write client hello" \ 3261 -c "Selected key exchange mode: psk_ephemeral" \ 3262 -c "HTTP/1.0 200 OK" 3263 3264 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3265 requires_gnutls_tls1_3 3266 requires_config_enabled MBEDTLS_DEBUG_C 3267 requires_config_enabled MBEDTLS_SSL_CLI_C 3268 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3269 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3270 run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ 3271 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3272 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3273 0 \ 3274 -c "=> write client hello" \ 3275 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3276 -c "client hello, adding psk_key_exchange_modes extension" \ 3277 -c "client hello, adding PSK binder list" \ 3278 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3279 -s "Parsing extension 'Pre Shared Key/41'" \ 3280 -c "<= write client hello" \ 3281 -c "Selected key exchange mode: psk_ephemeral" \ 3282 -c "HTTP/1.0 200 OK" 3283 3284 #GNUTLS-SERVER all mode 3285 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3286 requires_gnutls_tls1_3 3287 requires_config_enabled MBEDTLS_DEBUG_C 3288 requires_config_enabled MBEDTLS_SSL_CLI_C 3289 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3290 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3291 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3292 run_test "TLS 1.3: m->G: all/all, good" \ 3293 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3294 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3295 0 \ 3296 -c "=> write client hello" \ 3297 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3298 -c "client hello, adding psk_key_exchange_modes extension" \ 3299 -c "client hello, adding PSK binder list" \ 3300 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3301 -s "Parsing extension 'Pre Shared Key/41'" \ 3302 -c "<= write client hello" \ 3303 -c "Selected key exchange mode: psk_ephemeral" \ 3304 -c "HTTP/1.0 200 OK" 3305 3306 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3307 requires_gnutls_tls1_3 3308 requires_config_enabled MBEDTLS_DEBUG_C 3309 requires_config_enabled MBEDTLS_SSL_CLI_C 3310 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3311 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3312 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3313 run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ 3314 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3315 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3316 0 \ 3317 -c "=> write client hello" \ 3318 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3319 -c "client hello, adding psk_key_exchange_modes extension" \ 3320 -c "client hello, adding PSK binder list" \ 3321 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3322 -s "Parsing extension 'Pre Shared Key/41'" \ 3323 -c "<= write client hello" \ 3324 -c "Selected key exchange mode: psk_ephemeral" \ 3325 -c "HTTP/1.0 200 OK"