Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / opt-testcases / tls13-kex-modes.sh
blob: 49f06e07159e84096e0bd408e427ebff27599d78 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1#!/bin/sh
2
3# tls13-kex-modes.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7#
8
9# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
10# scripts in future(#6280)
11
12requires_gnutls_tls1_3
13requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
15run_test "TLS 1.3: G->m: all/psk, good" \
16 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
17 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
18 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
19 localhost" \
20 0 \
21 -s "found psk key exchange modes extension" \
22 -s "found pre_shared_key extension" \
23 -s "Found PSK_EPHEMERAL KEX MODE" \
24 -s "Found PSK KEX MODE" \
25 -s "Pre shared key found" \
26 -S "No usable PSK or ticket" \
27 -s "key exchange mode: psk$" \
28 -S "key exchange mode: psk_ephemeral" \
29 -S "key exchange mode: ephemeral"
30
31requires_gnutls_tls1_3
32requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
34run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
35 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
36 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
37 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
38 localhost" \
39 1 \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No usable PSK or ticket" \
45 -S "key exchange mode: psk$" \
46 -S "key exchange mode: psk_ephemeral" \
47 -S "key exchange mode: ephemeral"
48
49requires_gnutls_tls1_3
50requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
51requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
52run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
53 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
54 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
55 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
56 localhost" \
57 1 \
58 -s "found psk key exchange modes extension" \
59 -s "found pre_shared_key extension" \
60 -s "Found PSK_EPHEMERAL KEX MODE" \
61 -s "Found PSK KEX MODE" \
62 -s "Invalid binder." \
63 -S "key exchange mode: psk$" \
64 -S "key exchange mode: psk_ephemeral" \
65 -S "key exchange mode: ephemeral"
66
67requires_gnutls_tls1_3
68requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
69requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
70run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
71 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
72 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
73 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
74 localhost" \
75 0 \
76 -s "found psk key exchange modes extension" \
77 -s "found pre_shared_key extension" \
78 -S "Found PSK_EPHEMERAL KEX MODE" \
79 -s "Found PSK KEX MODE" \
80 -s "Pre shared key found" \
81 -S "No usable PSK or ticket" \
82 -s "key exchange mode: psk$" \
83 -S "key exchange mode: psk_ephemeral" \
84 -S "key exchange mode: ephemeral"
85
86requires_gnutls_tls1_3
87requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
88requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
89run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
90 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
91 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
92 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
93 localhost" \
94 1 \
95 -s "found psk key exchange modes extension" \
96 -s "found pre_shared_key extension" \
97 -S "Found PSK_EPHEMERAL KEX MODE" \
98 -s "Found PSK KEX MODE" \
99 -s "No usable PSK or ticket" \
100 -S "key exchange mode: psk$" \
101 -S "key exchange mode: psk_ephemeral" \
102 -S "key exchange mode: ephemeral"
103
104requires_gnutls_tls1_3
105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
107run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
108 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
109 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
110 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
111 localhost" \
112 1 \
113 -s "found psk key exchange modes extension" \
114 -s "found pre_shared_key extension" \
115 -S "Found PSK_EPHEMERAL KEX MODE" \
116 -s "Found PSK KEX MODE" \
117 -s "Invalid binder." \
118 -S "key exchange mode: psk$" \
119 -S "key exchange mode: psk_ephemeral" \
120 -S "key exchange mode: ephemeral"
121
122requires_gnutls_tls1_3
123requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
125run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
126 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
127 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
128 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
129 localhost" \
130 0 \
131 -s "found psk key exchange modes extension" \
132 -s "found pre_shared_key extension" \
133 -s "Found PSK_EPHEMERAL KEX MODE" \
134 -S "Found PSK KEX MODE" \
135 -s "Pre shared key found" \
136 -S "No usable PSK or ticket" \
137 -S "key exchange mode: psk$" \
138 -s "key exchange mode: psk_ephemeral" \
139 -S "key exchange mode: ephemeral"
140
141requires_gnutls_tls1_3
142requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
144run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
145 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
146 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
147 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
148 localhost" \
149 1 \
150 -s "found psk key exchange modes extension" \
151 -s "found pre_shared_key extension" \
152 -s "Found PSK_EPHEMERAL KEX MODE" \
153 -S "Found PSK KEX MODE" \
154 -s "No usable PSK or ticket" \
155 -S "key exchange mode: psk$" \
156 -S "key exchange mode: psk_ephemeral" \
157 -S "key exchange mode: ephemeral"
158
159requires_gnutls_tls1_3
160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
162run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
163 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
164 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
165 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
166 localhost" \
167 1 \
168 -s "found psk key exchange modes extension" \
169 -s "found pre_shared_key extension" \
170 -s "Found PSK_EPHEMERAL KEX MODE" \
171 -S "Found PSK KEX MODE" \
172 -s "Invalid binder." \
173 -S "key exchange mode: psk$" \
174 -S "key exchange mode: psk_ephemeral" \
175 -S "key exchange mode: ephemeral"
176
177requires_gnutls_tls1_3
178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
180run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
181 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
182 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
183 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
184 localhost" \
185 0 \
186 -s "found psk key exchange modes extension" \
187 -s "found pre_shared_key extension" \
188 -s "Found PSK_EPHEMERAL KEX MODE" \
189 -s "Found PSK KEX MODE" \
190 -s "Pre shared key found" \
191 -S "No usable PSK or ticket" \
192 -S "key exchange mode: psk$" \
193 -s "key exchange mode: psk_ephemeral" \
194 -S "key exchange mode: ephemeral"
195
196requires_gnutls_tls1_3
197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
199run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
200 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
201 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
202 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
203 localhost" \
204 1 \
205 -s "found psk key exchange modes extension" \
206 -s "found pre_shared_key extension" \
207 -s "Found PSK_EPHEMERAL KEX MODE" \
208 -s "Found PSK KEX MODE" \
209 -s "No usable PSK or ticket" \
210 -S "key exchange mode: psk$" \
211 -S "key exchange mode: psk_ephemeral" \
212 -S "key exchange mode: ephemeral"
213
214requires_gnutls_tls1_3
215requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
217run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
218 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
219 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
220 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
221 localhost" \
222 1 \
223 -s "found psk key exchange modes extension" \
224 -s "found pre_shared_key extension" \
225 -s "Found PSK_EPHEMERAL KEX MODE" \
226 -s "Found PSK KEX MODE" \
227 -s "Invalid binder." \
228 -S "key exchange mode: psk$" \
229 -S "key exchange mode: psk_ephemeral" \
230 -S "key exchange mode: ephemeral"
231
232requires_gnutls_tls1_3
233requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
235run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
236 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
237 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
238 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
239 localhost" \
240 1 \
241 -s "found psk key exchange modes extension" \
242 -s "found pre_shared_key extension" \
243 -S "Found PSK_EPHEMERAL KEX MODE" \
244 -s "Found PSK KEX MODE" \
245 -S "key exchange mode: psk$" \
246 -S "key exchange mode: psk_ephemeral" \
247 -S "key exchange mode: ephemeral"
248
249requires_gnutls_tls1_3
250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
253run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
254 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
255 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
256 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
257 localhost" \
258 0 \
259 -s "found psk key exchange modes extension" \
260 -s "found pre_shared_key extension" \
261 -s "Found PSK_EPHEMERAL KEX MODE" \
262 -S "Found PSK KEX MODE" \
263 -s "Pre shared key found" \
264 -S "No usable PSK or ticket" \
265 -S "key exchange mode: psk$" \
266 -s "key exchange mode: psk_ephemeral" \
267 -S "key exchange mode: ephemeral"
268
269requires_gnutls_tls1_3
270requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
273run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
274 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
275 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
276 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
277 localhost" \
278 1 \
279 -s "found psk key exchange modes extension" \
280 -s "found pre_shared_key extension" \
281 -s "Found PSK_EPHEMERAL KEX MODE" \
282 -S "Found PSK KEX MODE" \
283 -s "No usable PSK or ticket" \
284 -S "key exchange mode: psk$" \
285 -S "key exchange mode: psk_ephemeral" \
286 -S "key exchange mode: ephemeral"
287
288requires_gnutls_tls1_3
289requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
292run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
293 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
294 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
295 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
296 localhost" \
297 1 \
298 -s "found psk key exchange modes extension" \
299 -s "found pre_shared_key extension" \
300 -s "Found PSK_EPHEMERAL KEX MODE" \
301 -S "Found PSK KEX MODE" \
302 -s "Invalid binder." \
303 -S "key exchange mode: psk$" \
304 -S "key exchange mode: psk_ephemeral" \
305 -S "key exchange mode: ephemeral"
306
307requires_gnutls_tls1_3
308requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
311run_test "TLS 1.3: G->m: all/psk_all, good" \
312 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
313 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
314 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
315 localhost" \
316 0 \
317 -s "found psk key exchange modes extension" \
318 -s "found pre_shared_key extension" \
319 -s "Found PSK_EPHEMERAL KEX MODE" \
320 -s "Found PSK KEX MODE" \
321 -s "Pre shared key found" \
322 -S "No usable PSK or ticket" \
323 -S "key exchange mode: psk$" \
324 -s "key exchange mode: psk_ephemeral" \
325 -S "key exchange mode: ephemeral"
326
327requires_gnutls_tls1_3
328requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
331run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
332 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
333 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
334 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
335 localhost" \
336 1 \
337 -s "found psk key exchange modes extension" \
338 -s "found pre_shared_key extension" \
339 -s "Found PSK_EPHEMERAL KEX MODE" \
340 -s "Found PSK KEX MODE" \
341 -s "No usable PSK or ticket" \
342 -S "key exchange mode: psk$" \
343 -S "key exchange mode: psk_ephemeral" \
344 -S "key exchange mode: ephemeral"
345
346requires_gnutls_tls1_3
347requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
350run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
351 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
352 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
353 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
354 localhost" \
355 1 \
356 -s "found psk key exchange modes extension" \
357 -s "found pre_shared_key extension" \
358 -s "Found PSK_EPHEMERAL KEX MODE" \
359 -s "Found PSK KEX MODE" \
360 -s "Invalid binder." \
361 -S "key exchange mode: psk$" \
362 -S "key exchange mode: psk_ephemeral" \
363 -S "key exchange mode: ephemeral"
364
365requires_gnutls_tls1_3
366requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
369run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
370 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
371 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
372 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
373 localhost" \
374 0 \
375 -s "found psk key exchange modes extension" \
376 -s "found pre_shared_key extension" \
377 -S "Found PSK_EPHEMERAL KEX MODE" \
378 -s "Found PSK KEX MODE" \
379 -s "Pre shared key found" \
380 -S "No usable PSK or ticket" \
381 -s "key exchange mode: psk$" \
382 -S "key exchange mode: psk_ephemeral" \
383 -S "key exchange mode: ephemeral"
384
385requires_gnutls_tls1_3
386requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
389run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
390 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
391 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
392 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
393 localhost" \
394 1 \
395 -s "found psk key exchange modes extension" \
396 -s "found pre_shared_key extension" \
397 -S "Found PSK_EPHEMERAL KEX MODE" \
398 -s "Found PSK KEX MODE" \
399 -s "No usable PSK or ticket" \
400 -S "key exchange mode: psk$" \
401 -S "key exchange mode: psk_ephemeral" \
402 -S "key exchange mode: ephemeral"
403
404requires_gnutls_tls1_3
405requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
408run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
409 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
410 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
411 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
412 localhost" \
413 1 \
414 -s "found psk key exchange modes extension" \
415 -s "found pre_shared_key extension" \
416 -S "Found PSK_EPHEMERAL KEX MODE" \
417 -s "Found PSK KEX MODE" \
418 -s "Invalid binder." \
419 -S "key exchange mode: psk$" \
420 -S "key exchange mode: psk_ephemeral" \
421 -S "key exchange mode: ephemeral"
422
423requires_gnutls_tls1_3
424requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
427run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
428 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
429 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
430 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
431 localhost" \
432 0 \
433 -s "found psk key exchange modes extension" \
434 -s "found pre_shared_key extension" \
435 -s "Found PSK_EPHEMERAL KEX MODE" \
436 -S "Found PSK KEX MODE" \
437 -s "Pre shared key found" \
438 -S "No usable PSK or ticket" \
439 -S "key exchange mode: psk$" \
440 -s "key exchange mode: psk_ephemeral" \
441 -S "key exchange mode: ephemeral"
442
443requires_gnutls_tls1_3
444requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
447run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
448 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
449 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
450 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
451 localhost" \
452 0 \
453 -s "found psk key exchange modes extension" \
454 -s "found pre_shared_key extension" \
455 -s "Found PSK_EPHEMERAL KEX MODE" \
456 -S "Found PSK KEX MODE" \
457 -s "No usable PSK or ticket" \
458 -S "key exchange mode: psk$" \
459 -S "key exchange mode: psk_ephemeral" \
460 -s "key exchange mode: ephemeral"
461
462requires_gnutls_tls1_3
463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
466run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
467 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
468 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
469 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
470 localhost" \
471 1 \
472 -s "found psk key exchange modes extension" \
473 -s "found pre_shared_key extension" \
474 -s "Found PSK_EPHEMERAL KEX MODE" \
475 -S "Found PSK KEX MODE" \
476 -s "Invalid binder." \
477 -S "key exchange mode: psk$" \
478 -S "key exchange mode: psk_ephemeral" \
479 -S "key exchange mode: ephemeral"
480
481requires_gnutls_tls1_3
482requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
485run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
486 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
487 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
488 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
489 localhost" \
490 0 \
491 -s "found psk key exchange modes extension" \
492 -s "found pre_shared_key extension" \
493 -s "Found PSK_EPHEMERAL KEX MODE" \
494 -s "Found PSK KEX MODE" \
495 -s "Pre shared key found" \
496 -S "No usable PSK or ticket" \
497 -S "key exchange mode: psk$" \
498 -s "key exchange mode: psk_ephemeral" \
499 -S "key exchange mode: ephemeral"
500
501requires_gnutls_tls1_3
502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
505run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
506 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
507 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
508 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
509 localhost" \
510 0 \
511 -s "found psk key exchange modes extension" \
512 -s "found pre_shared_key extension" \
513 -s "Found PSK_EPHEMERAL KEX MODE" \
514 -s "Found PSK KEX MODE" \
515 -s "No usable PSK or ticket" \
516 -S "key exchange mode: psk$" \
517 -S "key exchange mode: psk_ephemeral" \
518 -s "key exchange mode: ephemeral"
519
520requires_gnutls_tls1_3
521requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
524run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
525 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
526 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
527 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
528 localhost" \
529 1 \
530 -s "found psk key exchange modes extension" \
531 -s "found pre_shared_key extension" \
532 -s "Found PSK_EPHEMERAL KEX MODE" \
533 -s "Found PSK KEX MODE" \
534 -s "Invalid binder." \
535 -S "key exchange mode: psk$" \
536 -S "key exchange mode: psk_ephemeral" \
537 -S "key exchange mode: ephemeral"
538
539requires_gnutls_tls1_3
540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
543run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
544 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
545 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
546 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
547 localhost" \
548 0 \
549 -s "found psk key exchange modes extension" \
550 -s "found pre_shared_key extension" \
551 -S "Found PSK_EPHEMERAL KEX MODE" \
552 -s "Found PSK KEX MODE" \
553 -s "No suitable PSK key exchange mode" \
554 -S "Pre shared key found" \
555 -s "No usable PSK or ticket" \
556 -S "key exchange mode: psk$" \
557 -S "key exchange mode: psk_ephemeral" \
558 -s "key exchange mode: ephemeral"
559
560requires_gnutls_tls1_3
561requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
565run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
566 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
567 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
568 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
569 localhost" \
570 0 \
571 -s "found psk key exchange modes extension" \
572 -s "found pre_shared_key extension" \
573 -s "Found PSK_EPHEMERAL KEX MODE" \
574 -S "Found PSK KEX MODE" \
575 -s "Pre shared key found" \
576 -S "No usable PSK or ticket" \
577 -S "key exchange mode: psk$" \
578 -s "key exchange mode: psk_ephemeral" \
579 -S "key exchange mode: ephemeral"
580
581requires_gnutls_tls1_3
582requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
586run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
587 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
588 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
589 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
590 localhost" \
591 0 \
592 -s "found psk key exchange modes extension" \
593 -s "found pre_shared_key extension" \
594 -s "Found PSK_EPHEMERAL KEX MODE" \
595 -S "Found PSK KEX MODE" \
596 -s "No usable PSK or ticket" \
597 -S "key exchange mode: psk$" \
598 -S "key exchange mode: psk_ephemeral" \
599 -s "key exchange mode: ephemeral"
600
601requires_gnutls_tls1_3
602requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
606run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \
607 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
608 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
609 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
610 localhost" \
611 1 \
612 -s "found psk key exchange modes extension" \
613 -s "found pre_shared_key extension" \
614 -s "Found PSK_EPHEMERAL KEX MODE" \
615 -S "Found PSK KEX MODE" \
616 -s "Invalid binder." \
617 -S "key exchange mode: psk$" \
618 -S "key exchange mode: psk_ephemeral" \
619 -S "key exchange mode: ephemeral"
620
621requires_gnutls_tls1_3
622requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
626run_test "TLS 1.3: G->m: all/all, good" \
627 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
628 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
629 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
630 localhost" \
631 0 \
632 -s "found psk key exchange modes extension" \
633 -s "found pre_shared_key extension" \
634 -s "Found PSK_EPHEMERAL KEX MODE" \
635 -s "Found PSK KEX MODE" \
636 -s "Pre shared key found" \
637 -S "No usable PSK or ticket" \
638 -S "key exchange mode: psk$" \
639 -s "key exchange mode: psk_ephemeral" \
640 -S "key exchange mode: ephemeral"
641
642requires_gnutls_tls1_3
643requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
647run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
648 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
649 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
650 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
651 localhost" \
652 0 \
653 -s "found psk key exchange modes extension" \
654 -s "found pre_shared_key extension" \
655 -s "Found PSK_EPHEMERAL KEX MODE" \
656 -s "Found PSK KEX MODE" \
657 -s "No usable PSK or ticket" \
658 -S "key exchange mode: psk$" \
659 -S "key exchange mode: psk_ephemeral" \
660 -s "key exchange mode: ephemeral"
661
662requires_gnutls_tls1_3
663requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
667run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \
668 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
669 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
670 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
671 localhost" \
672 1 \
673 -s "found psk key exchange modes extension" \
674 -s "found pre_shared_key extension" \
675 -s "Found PSK_EPHEMERAL KEX MODE" \
676 -s "Found PSK KEX MODE" \
677 -s "Invalid binder." \
678 -S "key exchange mode: psk$" \
679 -S "key exchange mode: psk_ephemeral" \
680 -S "key exchange mode: ephemeral"
681
682requires_gnutls_tls1_3
683requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
687run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
688 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
689 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
690 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
691 localhost" \
692 0 \
693 -s "found psk key exchange modes extension" \
694 -s "found pre_shared_key extension" \
695 -S "Found PSK_EPHEMERAL KEX MODE" \
696 -s "Found PSK KEX MODE" \
697 -s "Pre shared key found" \
698 -S "No usable PSK or ticket" \
699 -S "key exchange mode: psk$" \
700 -S "key exchange mode: psk_ephemeral" \
701 -s "key exchange mode: ephemeral"
702
703requires_gnutls_tls1_3
704requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
708run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \
709 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
710 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
711 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
712 localhost" \
713 1 \
714 -s "found psk key exchange modes extension" \
715 -s "found pre_shared_key extension" \
716 -S "Found PSK_EPHEMERAL KEX MODE" \
717 -s "Found PSK KEX MODE" \
718 -s "Invalid binder." \
719 -S "key exchange mode: psk$" \
720 -S "key exchange mode: psk_ephemeral" \
721 -S "key exchange mode: ephemeral"
722
723requires_gnutls_tls1_3
724requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
727run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
728 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
729 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
730 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
731 localhost" \
732 0 \
733 -s "found psk key exchange modes extension" \
734 -s "found pre_shared_key extension" \
735 -s "Found PSK_EPHEMERAL KEX MODE" \
736 -S "Found PSK KEX MODE" \
737 -s "No suitable PSK key exchange mode" \
738 -S "Pre shared key found" \
739 -s "No usable PSK or ticket" \
740 -S "key exchange mode: psk$" \
741 -S "key exchange mode: psk_ephemeral" \
742 -s "key exchange mode: ephemeral"
743
744requires_gnutls_tls1_3
745requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
747requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
748run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
749 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
750 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
751 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
752 localhost" \
753 0 \
754 -s "found psk key exchange modes extension" \
755 -s "found pre_shared_key extension" \
756 -s "Found PSK_EPHEMERAL KEX MODE" \
757 -s "Found PSK KEX MODE" \
758 -s "Pre shared key found" \
759 -S "No usable PSK or ticket" \
760 -S "key exchange mode: psk$" \
761 -S "key exchange mode: psk_ephemeral" \
762 -s "key exchange mode: ephemeral"
763
764requires_gnutls_tls1_3
765requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
768run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
769 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
770 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
771 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
772 localhost" \
773 1 \
774 -s "found psk key exchange modes extension" \
775 -s "found pre_shared_key extension" \
776 -s "Found PSK_EPHEMERAL KEX MODE" \
777 -s "Found PSK KEX MODE" \
778 -s "Invalid binder." \
779 -S "key exchange mode: psk$" \
780 -S "key exchange mode: psk_ephemeral" \
781 -S "key exchange mode: ephemeral"
782
783requires_gnutls_tls1_3
784requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
787run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
788 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
789 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
790 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
791 localhost" \
792 0 \
793 -s "found psk key exchange modes extension" \
794 -s "found pre_shared_key extension" \
795 -S "Found PSK_EPHEMERAL KEX MODE" \
796 -s "Found PSK KEX MODE" \
797 -s "Pre shared key found" \
798 -S "No usable PSK or ticket" \
799 -S "key exchange mode: psk$" \
800 -S "key exchange mode: psk_ephemeral" \
801 -s "key exchange mode: ephemeral"
802
803requires_gnutls_tls1_3
804requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
807run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
808 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
809 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
810 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
811 localhost" \
812 1 \
813 -s "found psk key exchange modes extension" \
814 -s "found pre_shared_key extension" \
815 -S "Found PSK_EPHEMERAL KEX MODE" \
816 -s "Found PSK KEX MODE" \
817 -s "Invalid binder." \
818 -S "key exchange mode: psk$" \
819 -S "key exchange mode: psk_ephemeral" \
820 -S "key exchange mode: ephemeral"
821
822requires_gnutls_tls1_3
823requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
825requires_config_enabled PSA_WANT_ALG_ECDH
826run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
827 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
828 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \
829 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
830 localhost" \
831 0 \
832 -s "write selected_group: secp256r1" \
833 -S "key exchange mode: psk$" \
834 -s "key exchange mode: psk_ephemeral" \
835 -S "key exchange mode: ephemeral"
836
837requires_gnutls_tls1_3
838requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
840requires_config_enabled PSA_WANT_ALG_ECDH
841run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
842 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
843 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \
844 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
845 localhost" \
846 0 \
847 -s "write selected_group: secp384r1" \
848 -S "key exchange mode: psk$" \
849 -s "key exchange mode: psk_ephemeral" \
850 -S "key exchange mode: ephemeral"
851
852requires_gnutls_tls1_3
853requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
855requires_config_enabled PSA_WANT_ALG_ECDH
856run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
857 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
858 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \
859 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
860 localhost" \
861 0 \
862 -s "write selected_group: secp521r1" \
863 -S "key exchange mode: psk$" \
864 -s "key exchange mode: psk_ephemeral" \
865 -S "key exchange mode: ephemeral"
866
867requires_gnutls_tls1_3
868requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
870requires_config_enabled PSA_WANT_ALG_ECDH
871run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
872 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
873 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \
874 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
875 localhost" \
876 0 \
877 -s "write selected_group: x25519" \
878 -S "key exchange mode: psk$" \
879 -s "key exchange mode: psk_ephemeral" \
880 -S "key exchange mode: ephemeral"
881
882requires_gnutls_tls1_3
883requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
885requires_config_enabled PSA_WANT_ALG_ECDH
886run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
887 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
888 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \
889 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
890 localhost" \
891 0 \
892 -s "write selected_group: x448" \
893 -S "key exchange mode: psk$" \
894 -s "key exchange mode: psk_ephemeral" \
895 -S "key exchange mode: ephemeral"
896
897requires_openssl_tls1_3
898requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
900run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
901 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
902 "$O_NEXT_CLI -tls1_3 -msg \
903 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
904 1 \
905 -s "found psk key exchange modes extension" \
906 -s "found pre_shared_key extension" \
907 -s "Found PSK_EPHEMERAL KEX MODE" \
908 -S "Found PSK KEX MODE" \
909 -S "key exchange mode: psk$" \
910 -S "key exchange mode: psk_ephemeral" \
911 -S "key exchange mode: ephemeral"
912
913requires_openssl_tls1_3
914requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
915requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
916run_test "TLS 1.3: O->m: all/psk, good" \
917 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
918 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
919 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
920 0 \
921 -s "found psk key exchange modes extension" \
922 -s "found pre_shared_key extension" \
923 -s "Found PSK_EPHEMERAL KEX MODE" \
924 -s "Found PSK KEX MODE" \
925 -s "Pre shared key found" \
926 -S "No usable PSK or ticket" \
927 -s "key exchange mode: psk$" \
928 -S "key exchange mode: psk_ephemeral" \
929 -S "key exchange mode: ephemeral"
930
931requires_openssl_tls1_3
932requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
934run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
935 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
936 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
937 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
938 1 \
939 -s "found psk key exchange modes extension" \
940 -s "found pre_shared_key extension" \
941 -s "Found PSK_EPHEMERAL KEX MODE" \
942 -s "Found PSK KEX MODE" \
943 -s "No usable PSK or ticket" \
944 -S "key exchange mode: psk$" \
945 -S "key exchange mode: psk_ephemeral" \
946 -S "key exchange mode: ephemeral"
947
948requires_openssl_tls1_3
949requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
951run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
952 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
953 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
954 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
955 1 \
956 -s "found psk key exchange modes extension" \
957 -s "found pre_shared_key extension" \
958 -s "Found PSK_EPHEMERAL KEX MODE" \
959 -s "Found PSK KEX MODE" \
960 -s "Invalid binder." \
961 -S "key exchange mode: psk$" \
962 -S "key exchange mode: psk_ephemeral" \
963 -S "key exchange mode: ephemeral"
964
965requires_openssl_tls1_3_with_compatible_ephemeral
966requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
968run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
969 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
970 "$O_NEXT_CLI -tls1_3 -msg \
971 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
972 0 \
973 -s "found psk key exchange modes extension" \
974 -s "found pre_shared_key extension" \
975 -s "Found PSK_EPHEMERAL KEX MODE" \
976 -S "Found PSK KEX MODE" \
977 -s "Pre shared key found" \
978 -S "No usable PSK or ticket" \
979 -S "key exchange mode: psk$" \
980 -s "key exchange mode: psk_ephemeral" \
981 -S "key exchange mode: ephemeral"
982
983requires_openssl_tls1_3_with_compatible_ephemeral
984requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
986run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
987 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
988 "$O_NEXT_CLI -tls1_3 -msg \
989 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
990 1 \
991 -s "found psk key exchange modes extension" \
992 -s "found pre_shared_key extension" \
993 -s "Found PSK_EPHEMERAL KEX MODE" \
994 -S "Found PSK KEX MODE" \
995 -s "No usable PSK or ticket" \
996 -S "key exchange mode: psk$" \
997 -S "key exchange mode: psk_ephemeral" \
998 -S "key exchange mode: ephemeral"
999
1000requires_openssl_tls1_3_with_compatible_ephemeral
1001requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1003run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
1004 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
1005 "$O_NEXT_CLI -tls1_3 -msg \
1006 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1007 1 \
1008 -s "found psk key exchange modes extension" \
1009 -s "found pre_shared_key extension" \
1010 -s "Found PSK_EPHEMERAL KEX MODE" \
1011 -S "Found PSK KEX MODE" \
1012 -s "Invalid binder." \
1013 -S "key exchange mode: psk$" \
1014 -S "key exchange mode: psk_ephemeral" \
1015 -S "key exchange mode: ephemeral"
1016
1017requires_openssl_tls1_3_with_compatible_ephemeral
1018requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1020run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
1021 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
1022 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1023 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1024 0 \
1025 -s "found psk key exchange modes extension" \
1026 -s "found pre_shared_key extension" \
1027 -s "Found PSK_EPHEMERAL KEX MODE" \
1028 -s "Found PSK KEX MODE" \
1029 -s "Pre shared key found" \
1030 -S "No usable PSK or ticket" \
1031 -S "key exchange mode: psk$" \
1032 -s "key exchange mode: psk_ephemeral" \
1033 -S "key exchange mode: ephemeral"
1034
1035requires_openssl_tls1_3_with_compatible_ephemeral
1036requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1038run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
1039 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
1040 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1041 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1042 1 \
1043 -s "found psk key exchange modes extension" \
1044 -s "found pre_shared_key extension" \
1045 -s "Found PSK_EPHEMERAL KEX MODE" \
1046 -s "Found PSK KEX MODE" \
1047 -s "No usable PSK or ticket" \
1048 -S "key exchange mode: psk$" \
1049 -S "key exchange mode: psk_ephemeral" \
1050 -S "key exchange mode: ephemeral"
1051
1052requires_openssl_tls1_3_with_compatible_ephemeral
1053requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1055run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
1056 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
1057 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1058 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1059 1 \
1060 -s "found psk key exchange modes extension" \
1061 -s "found pre_shared_key extension" \
1062 -s "Found PSK_EPHEMERAL KEX MODE" \
1063 -s "Found PSK KEX MODE" \
1064 -s "Invalid binder." \
1065 -S "key exchange mode: psk$" \
1066 -S "key exchange mode: psk_ephemeral" \
1067 -S "key exchange mode: ephemeral"
1068
1069requires_openssl_tls1_3_with_compatible_ephemeral
1070requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1073run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
1074 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1075 "$O_NEXT_CLI -tls1_3 -msg \
1076 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1077 0 \
1078 -s "found psk key exchange modes extension" \
1079 -s "found pre_shared_key extension" \
1080 -s "Found PSK_EPHEMERAL KEX MODE" \
1081 -S "Found PSK KEX MODE" \
1082 -s "Pre shared key found" \
1083 -S "No usable PSK or ticket" \
1084 -S "key exchange mode: psk$" \
1085 -s "key exchange mode: psk_ephemeral" \
1086 -S "key exchange mode: ephemeral"
1087
1088requires_openssl_tls1_3_with_compatible_ephemeral
1089requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1092run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
1093 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1094 "$O_NEXT_CLI -tls1_3 -msg \
1095 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1096 1 \
1097 -s "found psk key exchange modes extension" \
1098 -s "found pre_shared_key extension" \
1099 -s "Found PSK_EPHEMERAL KEX MODE" \
1100 -S "Found PSK KEX MODE" \
1101 -s "No usable PSK or ticket" \
1102 -S "key exchange mode: psk$" \
1103 -S "key exchange mode: psk_ephemeral" \
1104 -S "key exchange mode: ephemeral"
1105
1106requires_openssl_tls1_3_with_compatible_ephemeral
1107requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1110run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
1111 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1112 "$O_NEXT_CLI -tls1_3 -msg \
1113 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1114 1 \
1115 -s "found psk key exchange modes extension" \
1116 -s "found pre_shared_key extension" \
1117 -s "Found PSK_EPHEMERAL KEX MODE" \
1118 -S "Found PSK KEX MODE" \
1119 -s "Invalid binder." \
1120 -S "key exchange mode: psk$" \
1121 -S "key exchange mode: psk_ephemeral" \
1122 -S "key exchange mode: ephemeral"
1123
1124requires_openssl_tls1_3_with_compatible_ephemeral
1125requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1128run_test "TLS 1.3: O->m: all/psk_all, good" \
1129 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1130 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1131 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1132 0 \
1133 -s "found psk key exchange modes extension" \
1134 -s "found pre_shared_key extension" \
1135 -s "Found PSK_EPHEMERAL KEX MODE" \
1136 -s "Found PSK KEX MODE" \
1137 -s "Pre shared key found" \
1138 -S "No usable PSK or ticket" \
1139 -S "key exchange mode: psk$" \
1140 -s "key exchange mode: psk_ephemeral" \
1141 -S "key exchange mode: ephemeral"
1142
1143requires_openssl_tls1_3_with_compatible_ephemeral
1144requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1147run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
1148 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1149 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1150 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1151 1 \
1152 -s "found psk key exchange modes extension" \
1153 -s "found pre_shared_key extension" \
1154 -s "Found PSK_EPHEMERAL KEX MODE" \
1155 -s "Found PSK KEX MODE" \
1156 -s "No usable PSK or ticket" \
1157 -S "key exchange mode: psk$" \
1158 -S "key exchange mode: psk_ephemeral" \
1159 -S "key exchange mode: ephemeral"
1160
1161requires_openssl_tls1_3_with_compatible_ephemeral
1162requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1165run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
1166 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
1167 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1168 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1169 1 \
1170 -s "found psk key exchange modes extension" \
1171 -s "found pre_shared_key extension" \
1172 -s "Found PSK_EPHEMERAL KEX MODE" \
1173 -s "Found PSK KEX MODE" \
1174 -s "Invalid binder." \
1175 -S "key exchange mode: psk$" \
1176 -S "key exchange mode: psk_ephemeral" \
1177 -S "key exchange mode: ephemeral"
1178
1179requires_openssl_tls1_3_with_compatible_ephemeral
1180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1183run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
1184 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1185 "$O_NEXT_CLI -tls1_3 -msg \
1186 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1187 0 \
1188 -s "found psk key exchange modes extension" \
1189 -s "found pre_shared_key extension" \
1190 -s "Found PSK_EPHEMERAL KEX MODE" \
1191 -S "Found PSK KEX MODE" \
1192 -s "Pre shared key found" \
1193 -S "No usable PSK or ticket" \
1194 -S "key exchange mode: psk$" \
1195 -s "key exchange mode: psk_ephemeral" \
1196 -S "key exchange mode: ephemeral"
1197
1198requires_openssl_tls1_3_with_compatible_ephemeral
1199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1202run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
1203 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1204 "$O_NEXT_CLI -tls1_3 -msg \
1205 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1206 0 \
1207 -s "found psk key exchange modes extension" \
1208 -s "found pre_shared_key extension" \
1209 -s "Found PSK_EPHEMERAL KEX MODE" \
1210 -S "Found PSK KEX MODE" \
1211 -s "No usable PSK or ticket" \
1212 -S "key exchange mode: psk$" \
1213 -S "key exchange mode: psk_ephemeral" \
1214 -s "key exchange mode: ephemeral"
1215
1216requires_openssl_tls1_3_with_compatible_ephemeral
1217requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1220run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
1221 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1222 "$O_NEXT_CLI -tls1_3 -msg \
1223 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1224 1 \
1225 -s "found psk key exchange modes extension" \
1226 -s "found pre_shared_key extension" \
1227 -s "Found PSK_EPHEMERAL KEX MODE" \
1228 -S "Found PSK KEX MODE" \
1229 -s "Invalid binder." \
1230 -S "key exchange mode: psk$" \
1231 -S "key exchange mode: psk_ephemeral" \
1232 -S "key exchange mode: ephemeral"
1233
1234requires_openssl_tls1_3_with_compatible_ephemeral
1235requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1238run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
1239 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1240 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1241 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1242 0 \
1243 -s "found psk key exchange modes extension" \
1244 -s "found pre_shared_key extension" \
1245 -s "Found PSK_EPHEMERAL KEX MODE" \
1246 -s "Found PSK KEX MODE" \
1247 -s "Pre shared key found" \
1248 -S "No usable PSK or ticket" \
1249 -S "key exchange mode: psk$" \
1250 -s "key exchange mode: psk_ephemeral" \
1251 -S "key exchange mode: ephemeral"
1252
1253requires_openssl_tls1_3_with_compatible_ephemeral
1254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1257run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
1258 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1259 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1260 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1261 0 \
1262 -s "found psk key exchange modes extension" \
1263 -s "found pre_shared_key extension" \
1264 -s "Found PSK_EPHEMERAL KEX MODE" \
1265 -s "Found PSK KEX MODE" \
1266 -s "No usable PSK or ticket" \
1267 -S "key exchange mode: psk$" \
1268 -S "key exchange mode: psk_ephemeral" \
1269 -s "key exchange mode: ephemeral"
1270
1271requires_openssl_tls1_3_with_compatible_ephemeral
1272requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1275run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
1276 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
1277 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1278 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1279 1 \
1280 -s "found psk key exchange modes extension" \
1281 -s "found pre_shared_key extension" \
1282 -s "Found PSK_EPHEMERAL KEX MODE" \
1283 -s "Found PSK KEX MODE" \
1284 -s "Invalid binder." \
1285 -S "key exchange mode: psk$" \
1286 -S "key exchange mode: psk_ephemeral" \
1287 -S "key exchange mode: ephemeral"
1288
1289requires_openssl_tls1_3_with_compatible_ephemeral
1290requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1294run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
1295 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1296 "$O_NEXT_CLI -tls1_3 -msg \
1297 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1298 0 \
1299 -s "found psk key exchange modes extension" \
1300 -s "found pre_shared_key extension" \
1301 -s "Found PSK_EPHEMERAL KEX MODE" \
1302 -S "Found PSK KEX MODE" \
1303 -s "Pre shared key found" \
1304 -S "No usable PSK or ticket" \
1305 -S "key exchange mode: psk$" \
1306 -s "key exchange mode: psk_ephemeral" \
1307 -S "key exchange mode: ephemeral"
1308
1309requires_openssl_tls1_3_with_compatible_ephemeral
1310requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1314run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
1315 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1316 "$O_NEXT_CLI -tls1_3 -msg \
1317 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1318 0 \
1319 -s "found psk key exchange modes extension" \
1320 -s "found pre_shared_key extension" \
1321 -s "Found PSK_EPHEMERAL KEX MODE" \
1322 -S "Found PSK KEX MODE" \
1323 -s "No usable PSK or ticket" \
1324 -S "key exchange mode: psk$" \
1325 -S "key exchange mode: psk_ephemeral" \
1326 -s "key exchange mode: ephemeral"
1327
1328requires_openssl_tls1_3_with_compatible_ephemeral
1329requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1333run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
1334 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1335 "$O_NEXT_CLI -tls1_3 -msg \
1336 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1337 1 \
1338 -s "found psk key exchange modes extension" \
1339 -s "found pre_shared_key extension" \
1340 -s "Found PSK_EPHEMERAL KEX MODE" \
1341 -S "Found PSK KEX MODE" \
1342 -s "Invalid binder." \
1343 -S "key exchange mode: psk$" \
1344 -S "key exchange mode: psk_ephemeral" \
1345 -S "key exchange mode: ephemeral"
1346
1347requires_openssl_tls1_3_with_compatible_ephemeral
1348requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1352run_test "TLS 1.3: O->m: all/all, good" \
1353 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1354 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1355 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1356 0 \
1357 -s "found psk key exchange modes extension" \
1358 -s "found pre_shared_key extension" \
1359 -s "Found PSK_EPHEMERAL KEX MODE" \
1360 -s "Found PSK KEX MODE" \
1361 -s "Pre shared key found" \
1362 -S "No usable PSK or ticket" \
1363 -S "key exchange mode: psk$" \
1364 -s "key exchange mode: psk_ephemeral" \
1365 -S "key exchange mode: ephemeral"
1366
1367requires_openssl_tls1_3_with_compatible_ephemeral
1368requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1372run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
1373 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1374 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1375 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1376 0 \
1377 -s "found psk key exchange modes extension" \
1378 -s "found pre_shared_key extension" \
1379 -s "Found PSK_EPHEMERAL KEX MODE" \
1380 -s "Found PSK KEX MODE" \
1381 -s "No usable PSK or ticket" \
1382 -S "key exchange mode: psk$" \
1383 -S "key exchange mode: psk_ephemeral" \
1384 -s "key exchange mode: ephemeral"
1385
1386requires_openssl_tls1_3_with_compatible_ephemeral
1387requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1391run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
1392 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
1393 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1394 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1395 1 \
1396 -s "found psk key exchange modes extension" \
1397 -s "found pre_shared_key extension" \
1398 -s "Found PSK_EPHEMERAL KEX MODE" \
1399 -s "Found PSK KEX MODE" \
1400 -s "Invalid binder." \
1401 -S "key exchange mode: psk$" \
1402 -S "key exchange mode: psk_ephemeral" \
1403 -S "key exchange mode: ephemeral"
1404
1405requires_openssl_tls1_3_with_compatible_ephemeral
1406requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1409run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
1410 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
1411 "$O_NEXT_CLI -tls1_3 -msg \
1412 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1413 0 \
1414 -s "found psk key exchange modes extension" \
1415 -s "found pre_shared_key extension" \
1416 -s "Found PSK_EPHEMERAL KEX MODE" \
1417 -S "Found PSK KEX MODE" \
1418 -s "No suitable PSK key exchange mode" \
1419 -S "Pre shared key found" \
1420 -s "No usable PSK or ticket" \
1421 -S "key exchange mode: psk$" \
1422 -S "key exchange mode: psk_ephemeral" \
1423 -s "key exchange mode: ephemeral"
1424
1425requires_openssl_tls1_3_with_compatible_ephemeral
1426requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1429run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
1430 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
1431 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1432 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1433 0 \
1434 -s "found psk key exchange modes extension" \
1435 -s "found pre_shared_key extension" \
1436 -s "Found PSK_EPHEMERAL KEX MODE" \
1437 -s "Found PSK KEX MODE" \
1438 -s "Pre shared key found" \
1439 -S "No usable PSK or ticket" \
1440 -S "key exchange mode: psk$" \
1441 -S "key exchange mode: psk_ephemeral" \
1442 -s "key exchange mode: ephemeral"
1443
1444requires_openssl_tls1_3_with_compatible_ephemeral
1445requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1448run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
1449 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
1450 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
1451 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
1452 1 \
1453 -s "found psk key exchange modes extension" \
1454 -s "found pre_shared_key extension" \
1455 -s "Found PSK_EPHEMERAL KEX MODE" \
1456 -s "Found PSK KEX MODE" \
1457 -s "Invalid binder." \
1458 -S "key exchange mode: psk$" \
1459 -S "key exchange mode: psk_ephemeral" \
1460 -S "key exchange mode: ephemeral"
1461
1462requires_openssl_tls1_3_with_compatible_ephemeral
1463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1465run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
1466 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
1467 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
1468 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1469 0 \
1470 -s "write selected_group: secp256r1" \
1471 -S "key exchange mode: psk$" \
1472 -s "key exchange mode: psk_ephemeral" \
1473 -S "key exchange mode: ephemeral"
1474
1475requires_openssl_tls1_3_with_compatible_ephemeral
1476requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1478run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
1479 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
1480 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
1481 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1482 0 \
1483 -s "write selected_group: secp384r1" \
1484 -S "key exchange mode: psk$" \
1485 -s "key exchange mode: psk_ephemeral" \
1486 -S "key exchange mode: ephemeral"
1487
1488requires_openssl_tls1_3_with_compatible_ephemeral
1489requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1491run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
1492 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
1493 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
1494 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1495 0 \
1496 -s "write selected_group: secp521r1" \
1497 -S "key exchange mode: psk$" \
1498 -s "key exchange mode: psk_ephemeral" \
1499 -S "key exchange mode: ephemeral"
1500
1501requires_openssl_tls1_3_with_compatible_ephemeral
1502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1504run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
1505 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
1506 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
1507 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1508 0 \
1509 -s "write selected_group: x25519" \
1510 -S "key exchange mode: psk$" \
1511 -s "key exchange mode: psk_ephemeral" \
1512 -S "key exchange mode: ephemeral"
1513
1514requires_openssl_tls1_3_with_compatible_ephemeral
1515requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1517run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
1518 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
1519 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
1520 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
1521 0 \
1522 -s "write selected_group: x448" \
1523 -S "key exchange mode: psk$" \
1524 -s "key exchange mode: psk_ephemeral" \
1525 -S "key exchange mode: ephemeral"
1526
1527requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1528requires_openssl_tls1_3_with_compatible_ephemeral
1529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1530run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
1531 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
1532 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
1533 0 \
1534 -s "write selected_group: secp384r1" \
1535 -s "HRR selected_group: secp384r1" \
1536 -S "key exchange mode: psk$" \
1537 -s "key exchange mode: psk_ephemeral" \
1538 -S "key exchange mode: ephemeral"
1539
1540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
1541requires_gnutls_tls1_3
1542requires_gnutls_next_no_ticket
1543requires_gnutls_next_disable_tls13_compat
1544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1545requires_config_enabled PSA_WANT_ALG_ECDH
1546run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
1547 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
1548 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
1549 0 \
1550 -s "write selected_group: secp384r1" \
1551 -s "HRR selected_group: secp384r1" \
1552 -S "key exchange mode: psk$" \
1553 -s "key exchange mode: psk_ephemeral" \
1554 -S "key exchange mode: ephemeral"
1555
1556
1557# Add psk test cases for mbedtls client code
1558
1559# MbedTls->MbedTLS kinds of tls13_kex_modes
1560# PSK mode in client
1561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1562requires_config_enabled MBEDTLS_SSL_SRV_C
1563requires_config_enabled MBEDTLS_SSL_CLI_C
1564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1565run_test "TLS 1.3: m->m: psk/psk, good" \
1566 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1567 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1568 0 \
1569 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1570 -c "client hello, adding psk_key_exchange_modes extension" \
1571 -c "client hello, adding PSK binder list" \
1572 -c "Selected key exchange mode: psk$" \
1573 -c "HTTP/1.0 200 OK"
1574
1575requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1576requires_config_enabled MBEDTLS_SSL_SRV_C
1577requires_config_enabled MBEDTLS_SSL_CLI_C
1578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1579run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
1580 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1581 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
1582 1 \
1583 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1584 -c "client hello, adding psk_key_exchange_modes extension" \
1585 -c "client hello, adding PSK binder list" \
1586 -s "No usable PSK or ticket"
1587
1588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1589requires_config_enabled MBEDTLS_SSL_SRV_C
1590requires_config_enabled MBEDTLS_SSL_CLI_C
1591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1592run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \
1593 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1594 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
1595 1 \
1596 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1597 -c "client hello, adding psk_key_exchange_modes extension" \
1598 -c "client hello, adding PSK binder list" \
1599 -s "Invalid binder."
1600
1601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1602requires_config_enabled MBEDTLS_SSL_SRV_C
1603requires_config_enabled MBEDTLS_SSL_CLI_C
1604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1606run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \
1607 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1608 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1609 1 \
1610 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1611 -c "client hello, adding psk_key_exchange_modes extension" \
1612 -c "client hello, adding PSK binder list" \
1613 -s "ClientHello message misses mandatory extensions."
1614
1615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1616requires_config_enabled MBEDTLS_SSL_SRV_C
1617requires_config_enabled MBEDTLS_SSL_CLI_C
1618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1619requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1620run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \
1621 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1622 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1623 1 \
1624 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1625 -c "client hello, adding psk_key_exchange_modes extension" \
1626 -c "client hello, adding PSK binder list" \
1627 -s "ClientHello message misses mandatory extensions."
1628
1629requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1630requires_config_enabled MBEDTLS_SSL_SRV_C
1631requires_config_enabled MBEDTLS_SSL_CLI_C
1632requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1635run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \
1636 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
1637 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1638 1 \
1639 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1640 -c "client hello, adding psk_key_exchange_modes extension" \
1641 -c "client hello, adding PSK binder list" \
1642 -s "ClientHello message misses mandatory extensions."
1643
1644requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1645requires_config_enabled MBEDTLS_SSL_SRV_C
1646requires_config_enabled MBEDTLS_SSL_CLI_C
1647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1649run_test "TLS 1.3: m->m: psk/psk_all, good" \
1650 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1651 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1652 0 \
1653 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1654 -c "client hello, adding psk_key_exchange_modes extension" \
1655 -c "client hello, adding PSK binder list" \
1656 -c "Selected key exchange mode: psk$" \
1657 -c "HTTP/1.0 200 OK"
1658
1659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1660requires_config_enabled MBEDTLS_SSL_SRV_C
1661requires_config_enabled MBEDTLS_SSL_CLI_C
1662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1664run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
1665 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1666 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
1667 1 \
1668 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1669 -c "client hello, adding psk_key_exchange_modes extension" \
1670 -c "client hello, adding PSK binder list" \
1671 -s "No usable PSK or ticket" \
1672 -s "ClientHello message misses mandatory extensions."
1673
1674requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1675requires_config_enabled MBEDTLS_SSL_SRV_C
1676requires_config_enabled MBEDTLS_SSL_CLI_C
1677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1679run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \
1680 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1681 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
1682 1 \
1683 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1684 -c "client hello, adding psk_key_exchange_modes extension" \
1685 -c "client hello, adding PSK binder list" \
1686 -s "Invalid binder."
1687
1688requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1689requires_config_enabled MBEDTLS_SSL_SRV_C
1690requires_config_enabled MBEDTLS_SSL_CLI_C
1691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1694run_test "TLS 1.3: m->m: psk/all, good" \
1695 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1696 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1697 0 \
1698 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1699 -c "client hello, adding psk_key_exchange_modes extension" \
1700 -c "client hello, adding PSK binder list" \
1701 -c "Selected key exchange mode: psk$" \
1702 -c "HTTP/1.0 200 OK"
1703
1704requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1705requires_config_enabled MBEDTLS_SSL_SRV_C
1706requires_config_enabled MBEDTLS_SSL_CLI_C
1707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1710run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
1711 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1712 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
1713 1 \
1714 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1715 -c "client hello, adding psk_key_exchange_modes extension" \
1716 -c "client hello, adding PSK binder list" \
1717 -s "No usable PSK or ticket" \
1718 -s "ClientHello message misses mandatory extensions."
1719
1720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1721requires_config_enabled MBEDTLS_SSL_SRV_C
1722requires_config_enabled MBEDTLS_SSL_CLI_C
1723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1726run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \
1727 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1728 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
1729 1 \
1730 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1731 -c "client hello, adding psk_key_exchange_modes extension" \
1732 -c "client hello, adding PSK binder list" \
1733 -s "Invalid binder."
1734
1735# psk_ephemeral mode in client
1736requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1737requires_config_enabled MBEDTLS_SSL_SRV_C
1738requires_config_enabled MBEDTLS_SSL_CLI_C
1739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1741run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \
1742 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1743 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1744 1 \
1745 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1746 -c "client hello, adding psk_key_exchange_modes extension" \
1747 -c "client hello, adding PSK binder list" \
1748 -s "ClientHello message misses mandatory extensions."
1749
1750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1751requires_config_enabled MBEDTLS_SSL_SRV_C
1752requires_config_enabled MBEDTLS_SSL_CLI_C
1753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1754run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \
1755 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1756 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1757 0 \
1758 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1759 -c "client hello, adding psk_key_exchange_modes extension" \
1760 -c "client hello, adding PSK binder list" \
1761 -c "Selected key exchange mode: psk_ephemeral" \
1762 -c "HTTP/1.0 200 OK"
1763
1764requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1765requires_config_enabled MBEDTLS_SSL_SRV_C
1766requires_config_enabled MBEDTLS_SSL_CLI_C
1767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1768run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \
1769 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1770 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
1771 1 \
1772 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1773 -c "client hello, adding psk_key_exchange_modes extension" \
1774 -c "client hello, adding PSK binder list" \
1775 -s "No usable PSK or ticket" \
1776 -s "ClientHello message misses mandatory extensions."
1777
1778requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1779requires_config_enabled MBEDTLS_SSL_SRV_C
1780requires_config_enabled MBEDTLS_SSL_CLI_C
1781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1782run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \
1783 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1784 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
1785 1 \
1786 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1787 -c "client hello, adding psk_key_exchange_modes extension" \
1788 -c "client hello, adding PSK binder list" \
1789 -s "Invalid binder."
1790
1791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1792requires_config_enabled MBEDTLS_SSL_SRV_C
1793requires_config_enabled MBEDTLS_SSL_CLI_C
1794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1797run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
1798 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1799 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1800 1 \
1801 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1802 -c "client hello, adding psk_key_exchange_modes extension" \
1803 -c "client hello, adding PSK binder list"
1804
1805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1806requires_config_enabled MBEDTLS_SSL_SRV_C
1807requires_config_enabled MBEDTLS_SSL_CLI_C
1808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1810run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
1811 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
1812 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1813 0 \
1814 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1815 -c "client hello, adding psk_key_exchange_modes extension" \
1816 -c "client hello, adding PSK binder list" \
1817 -c "Selected key exchange mode: psk_ephemeral" \
1818 -c "HTTP/1.0 200 OK"
1819
1820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1822requires_config_enabled MBEDTLS_SSL_SRV_C
1823requires_config_enabled MBEDTLS_SSL_CLI_C
1824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1826run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \
1827 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
1828 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
1829 1 \
1830 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1831 -c "client hello, adding psk_key_exchange_modes extension" \
1832 -c "client hello, adding PSK binder list" \
1833 -s "No usable PSK or ticket"
1834
1835requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1836requires_config_enabled MBEDTLS_SSL_SRV_C
1837requires_config_enabled MBEDTLS_SSL_CLI_C
1838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1840run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \
1841 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
1842 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
1843 1 \
1844 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1845 -c "client hello, adding psk_key_exchange_modes extension" \
1846 -c "client hello, adding PSK binder list" \
1847 -s "Invalid binder."
1848
1849requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1850requires_config_enabled MBEDTLS_SSL_SRV_C
1851requires_config_enabled MBEDTLS_SSL_CLI_C
1852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1854run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \
1855 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1856 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1857 0 \
1858 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1859 -c "client hello, adding psk_key_exchange_modes extension" \
1860 -c "client hello, adding PSK binder list" \
1861 -c "Selected key exchange mode: psk_ephemeral" \
1862 -c "HTTP/1.0 200 OK"
1863
1864requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1865requires_config_enabled MBEDTLS_SSL_SRV_C
1866requires_config_enabled MBEDTLS_SSL_CLI_C
1867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1869run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
1870 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1871 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
1872 1 \
1873 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1874 -c "client hello, adding psk_key_exchange_modes extension" \
1875 -c "client hello, adding PSK binder list" \
1876 -s "No usable PSK or ticket" \
1877 -s "ClientHello message misses mandatory extensions."
1878
1879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1880requires_config_enabled MBEDTLS_SSL_SRV_C
1881requires_config_enabled MBEDTLS_SSL_CLI_C
1882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1883requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1884run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \
1885 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1886 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1887 1 \
1888 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1889 -c "client hello, adding psk_key_exchange_modes extension" \
1890 -c "client hello, adding PSK binder list" \
1891 -s "Invalid binder."
1892
1893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1894requires_config_enabled MBEDTLS_SSL_SRV_C
1895requires_config_enabled MBEDTLS_SSL_CLI_C
1896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1899run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
1900 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1901 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1902 0 \
1903 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1904 -c "client hello, adding psk_key_exchange_modes extension" \
1905 -c "client hello, adding PSK binder list" \
1906 -c "Selected key exchange mode: psk_ephemeral" \
1907 -c "HTTP/1.0 200 OK"
1908
1909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1910requires_config_enabled MBEDTLS_SSL_SRV_C
1911requires_config_enabled MBEDTLS_SSL_CLI_C
1912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1915run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
1916 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1917 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
1918 1 \
1919 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1920 -c "client hello, adding psk_key_exchange_modes extension" \
1921 -c "client hello, adding PSK binder list" \
1922 -s "No usable PSK or ticket" \
1923
1924requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1925requires_config_enabled MBEDTLS_SSL_SRV_C
1926requires_config_enabled MBEDTLS_SSL_CLI_C
1927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1930run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \
1931 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
1932 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1933 1 \
1934 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
1935 -c "client hello, adding psk_key_exchange_modes extension" \
1936 -c "client hello, adding PSK binder list" \
1937 -s "Invalid binder."
1938
1939# ephemeral mode in client
1940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1941requires_config_enabled MBEDTLS_SSL_SRV_C
1942requires_config_enabled MBEDTLS_SSL_CLI_C
1943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1945run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \
1946 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1947 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1948 1 \
1949 -s "ClientHello message misses mandatory extensions."
1950
1951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1952requires_config_enabled MBEDTLS_SSL_SRV_C
1953requires_config_enabled MBEDTLS_SSL_CLI_C
1954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1956run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \
1957 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
1958 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1959 1 \
1960 -s "ClientHello message misses mandatory extensions."
1961
1962requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1963requires_config_enabled MBEDTLS_SSL_SRV_C
1964requires_config_enabled MBEDTLS_SSL_CLI_C
1965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1966run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \
1967 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1968 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1969 0 \
1970 -c "Selected key exchange mode: ephemeral" \
1971 -c "HTTP/1.0 200 OK"
1972
1973requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1974requires_config_enabled MBEDTLS_SSL_SRV_C
1975requires_config_enabled MBEDTLS_SSL_CLI_C
1976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1978run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \
1979 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
1980 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1981 0 \
1982 -c "Selected key exchange mode: ephemeral" \
1983 -c "HTTP/1.0 200 OK"
1984
1985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1986requires_config_enabled MBEDTLS_SSL_SRV_C
1987requires_config_enabled MBEDTLS_SSL_CLI_C
1988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1991run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \
1992 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1993 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
1994 1 \
1995 -s "ClientHello message misses mandatory extensions."
1996
1997requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1998requires_config_enabled MBEDTLS_SSL_SRV_C
1999requires_config_enabled MBEDTLS_SSL_CLI_C
2000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2003run_test "TLS 1.3: m->m: ephemeral/all, good" \
2004 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2005 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2006 0 \
2007 -c "Selected key exchange mode: ephemeral" \
2008 -c "HTTP/1.0 200 OK"
2009
2010# ephemeral_all mode in client
2011requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2012requires_config_enabled MBEDTLS_SSL_SRV_C
2013requires_config_enabled MBEDTLS_SSL_CLI_C
2014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2016requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2017run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \
2018 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2019 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2020 1 \
2021 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2022 -c "client hello, adding psk_key_exchange_modes extension" \
2023 -c "client hello, adding PSK binder list" \
2024 -s "ClientHello message misses mandatory extensions."
2025
2026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2027requires_config_enabled MBEDTLS_SSL_SRV_C
2028requires_config_enabled MBEDTLS_SSL_CLI_C
2029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2031run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \
2032 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2033 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2034 0 \
2035 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2036 -c "client hello, adding psk_key_exchange_modes extension" \
2037 -c "client hello, adding PSK binder list" \
2038 -c "Selected key exchange mode: psk_ephemeral" \
2039 -c "HTTP/1.0 200 OK"
2040
2041requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2042requires_config_enabled MBEDTLS_SSL_SRV_C
2043requires_config_enabled MBEDTLS_SSL_CLI_C
2044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2046run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
2047 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2048 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
2049 1 \
2050 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2051 -c "client hello, adding psk_key_exchange_modes extension" \
2052 -c "client hello, adding PSK binder list" \
2053 -s "No usable PSK or ticket"
2054
2055requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2056requires_config_enabled MBEDTLS_SSL_SRV_C
2057requires_config_enabled MBEDTLS_SSL_CLI_C
2058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2060run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
2061 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2062 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2063 1 \
2064 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2065 -c "client hello, adding psk_key_exchange_modes extension" \
2066 -c "client hello, adding PSK binder list" \
2067 -s "Invalid binder."
2068
2069requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2070requires_config_enabled MBEDTLS_SSL_SRV_C
2071requires_config_enabled MBEDTLS_SSL_CLI_C
2072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2074run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \
2075 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2076 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2077 0 \
2078 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2079 -c "client hello, adding psk_key_exchange_modes extension" \
2080 -c "client hello, adding PSK binder list" \
2081 -s "key exchange mode: ephemeral" \
2082 -c "Selected key exchange mode: ephemeral" \
2083 -c "HTTP/1.0 200 OK"
2084
2085requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2086requires_config_enabled MBEDTLS_SSL_SRV_C
2087requires_config_enabled MBEDTLS_SSL_CLI_C
2088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2090run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \
2091 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2092 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2093 0 \
2094 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2095 -c "client hello, adding psk_key_exchange_modes extension" \
2096 -c "client hello, adding PSK binder list" \
2097 -c "Selected key exchange mode: psk_ephemeral" \
2098 -c "HTTP/1.0 200 OK"
2099
2100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2101requires_config_enabled MBEDTLS_SSL_SRV_C
2102requires_config_enabled MBEDTLS_SSL_CLI_C
2103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2105run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \
2106 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2107 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
2108 0 \
2109 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2110 -c "client hello, adding psk_key_exchange_modes extension" \
2111 -c "client hello, adding PSK binder list" \
2112 -s "No usable PSK or ticket" \
2113 -s "key exchange mode: ephemeral"
2114
2115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2116requires_config_enabled MBEDTLS_SSL_SRV_C
2117requires_config_enabled MBEDTLS_SSL_CLI_C
2118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2120run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
2121 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2122 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2123 1 \
2124 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2125 -c "client hello, adding psk_key_exchange_modes extension" \
2126 -c "client hello, adding PSK binder list" \
2127 -s "Invalid binder."
2128
2129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2130requires_config_enabled MBEDTLS_SSL_SRV_C
2131requires_config_enabled MBEDTLS_SSL_CLI_C
2132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2135run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \
2136 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2137 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2138 0 \
2139 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2140 -c "client hello, adding psk_key_exchange_modes extension" \
2141 -c "client hello, adding PSK binder list" \
2142 -c "Selected key exchange mode: psk_ephemeral" \
2143 -c "HTTP/1.0 200 OK"
2144
2145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2146requires_config_enabled MBEDTLS_SSL_SRV_C
2147requires_config_enabled MBEDTLS_SSL_CLI_C
2148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2149requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2151run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
2152 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2153 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
2154 1 \
2155 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2156 -c "client hello, adding psk_key_exchange_modes extension" \
2157 -c "client hello, adding PSK binder list" \
2158 -s "No usable PSK or ticket" \
2159 -s "ClientHello message misses mandatory extensions."
2160
2161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2162requires_config_enabled MBEDTLS_SSL_SRV_C
2163requires_config_enabled MBEDTLS_SSL_CLI_C
2164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2167run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \
2168 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2169 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2170 1 \
2171 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2172 -c "client hello, adding psk_key_exchange_modes extension" \
2173 -c "client hello, adding PSK binder list" \
2174 -s "Invalid binder."
2175
2176requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2177requires_config_enabled MBEDTLS_SSL_SRV_C
2178requires_config_enabled MBEDTLS_SSL_CLI_C
2179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2182run_test "TLS 1.3: m->m: ephemeral_all/all, good" \
2183 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2184 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2185 0 \
2186 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2187 -c "client hello, adding psk_key_exchange_modes extension" \
2188 -c "client hello, adding PSK binder list" \
2189 -c "Selected key exchange mode: psk_ephemeral" \
2190 -c "HTTP/1.0 200 OK"
2191
2192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2193requires_config_enabled MBEDTLS_SSL_SRV_C
2194requires_config_enabled MBEDTLS_SSL_CLI_C
2195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2198run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \
2199 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2200 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
2201 0 \
2202 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2203 -c "client hello, adding psk_key_exchange_modes extension" \
2204 -c "client hello, adding PSK binder list" \
2205 -s "No usable PSK or ticket" \
2206 -s "key exchange mode: ephemeral"
2207
2208requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2209requires_config_enabled MBEDTLS_SSL_SRV_C
2210requires_config_enabled MBEDTLS_SSL_CLI_C
2211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2212requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2214run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \
2215 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2216 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2217 1 \
2218 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2219 -c "client hello, adding psk_key_exchange_modes extension" \
2220 -c "client hello, adding PSK binder list" \
2221 -s "Invalid binder."
2222
2223# psk_all mode in client
2224requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2225requires_config_enabled MBEDTLS_SSL_SRV_C
2226requires_config_enabled MBEDTLS_SSL_CLI_C
2227requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2229run_test "TLS 1.3: m->m: psk_all/psk, good" \
2230 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2231 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2232 0 \
2233 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2234 -c "client hello, adding psk_key_exchange_modes extension" \
2235 -c "client hello, adding PSK binder list" \
2236 -c "Selected key exchange mode: psk$" \
2237 -c "HTTP/1.0 200 OK"
2238
2239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2240requires_config_enabled MBEDTLS_SSL_SRV_C
2241requires_config_enabled MBEDTLS_SSL_CLI_C
2242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2244run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \
2245 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2246 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
2247 1 \
2248 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2249 -c "client hello, adding psk_key_exchange_modes extension" \
2250 -c "client hello, adding PSK binder list" \
2251 -s "ClientHello message misses mandatory extensions."
2252
2253requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2254requires_config_enabled MBEDTLS_SSL_SRV_C
2255requires_config_enabled MBEDTLS_SSL_CLI_C
2256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2258run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \
2259 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2260 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2261 1 \
2262 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2263 -c "client hello, adding psk_key_exchange_modes extension" \
2264 -c "client hello, adding PSK binder list" \
2265 -s "Invalid binder."
2266
2267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2268requires_config_enabled MBEDTLS_SSL_SRV_C
2269requires_config_enabled MBEDTLS_SSL_CLI_C
2270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2272run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \
2273 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2274 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2275 0 \
2276 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2277 -c "client hello, adding psk_key_exchange_modes extension" \
2278 -c "client hello, adding PSK binder list" \
2279 -c "Selected key exchange mode: psk_ephemeral" \
2280 -c "HTTP/1.0 200 OK"
2281
2282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2283requires_config_enabled MBEDTLS_SSL_SRV_C
2284requires_config_enabled MBEDTLS_SSL_CLI_C
2285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2287run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
2288 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2289 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
2290 1 \
2291 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2292 -c "client hello, adding psk_key_exchange_modes extension" \
2293 -c "client hello, adding PSK binder list" \
2294 -s "No usable PSK or ticket" \
2295 -s "ClientHello message misses mandatory extensions."
2296
2297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2298requires_config_enabled MBEDTLS_SSL_SRV_C
2299requires_config_enabled MBEDTLS_SSL_CLI_C
2300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2302run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \
2303 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2304 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2305 1 \
2306 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2307 -c "client hello, adding psk_key_exchange_modes extension" \
2308 -c "client hello, adding PSK binder list" \
2309 -s "Invalid binder."
2310
2311requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2312requires_config_enabled MBEDTLS_SSL_SRV_C
2313requires_config_enabled MBEDTLS_SSL_CLI_C
2314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2317run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
2318 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2319 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2320 1 \
2321 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2322 -c "client hello, adding psk_key_exchange_modes extension" \
2323 -c "client hello, adding PSK binder list"
2324
2325requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2326requires_config_enabled MBEDTLS_SSL_SRV_C
2327requires_config_enabled MBEDTLS_SSL_CLI_C
2328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2331run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
2332 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2333 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2334 0 \
2335 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2336 -c "client hello, adding psk_key_exchange_modes extension" \
2337 -c "client hello, adding PSK binder list" \
2338 -c "Selected key exchange mode: psk_ephemeral" \
2339 -c "HTTP/1.0 200 OK"
2340
2341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2342requires_config_enabled MBEDTLS_SSL_SRV_C
2343requires_config_enabled MBEDTLS_SSL_CLI_C
2344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2347run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
2348 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2349 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
2350 1 \
2351 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2352 -c "client hello, adding psk_key_exchange_modes extension" \
2353 -c "client hello, adding PSK binder list" \
2354 -s "No usable PSK or ticket"
2355
2356requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2357requires_config_enabled MBEDTLS_SSL_SRV_C
2358requires_config_enabled MBEDTLS_SSL_CLI_C
2359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2362run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \
2363 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2364 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2365 1 \
2366 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2367 -c "client hello, adding psk_key_exchange_modes extension" \
2368 -c "client hello, adding PSK binder list" \
2369 -s "Invalid binder."
2370
2371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2372requires_config_enabled MBEDTLS_SSL_SRV_C
2373requires_config_enabled MBEDTLS_SSL_CLI_C
2374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2376run_test "TLS 1.3: m->m: psk_all/psk_all, good" \
2377 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2378 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2379 0 \
2380 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2381 -c "client hello, adding psk_key_exchange_modes extension" \
2382 -c "client hello, adding PSK binder list" \
2383 -c "Selected key exchange mode: psk_ephemeral" \
2384 -c "HTTP/1.0 200 OK"
2385
2386requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2387requires_config_enabled MBEDTLS_SSL_SRV_C
2388requires_config_enabled MBEDTLS_SSL_CLI_C
2389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2391run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
2392 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2393 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
2394 1 \
2395 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2396 -c "client hello, adding psk_key_exchange_modes extension" \
2397 -c "client hello, adding PSK binder list" \
2398 -s "No usable PSK or ticket" \
2399 -s "ClientHello message misses mandatory extensions."
2400
2401requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2402requires_config_enabled MBEDTLS_SSL_SRV_C
2403requires_config_enabled MBEDTLS_SSL_CLI_C
2404requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2406run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \
2407 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2408 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2409 1 \
2410 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2411 -c "client hello, adding psk_key_exchange_modes extension" \
2412 -c "client hello, adding PSK binder list" \
2413 -s "Invalid binder."
2414
2415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2416requires_config_enabled MBEDTLS_SSL_SRV_C
2417requires_config_enabled MBEDTLS_SSL_CLI_C
2418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2421run_test "TLS 1.3: m->m: psk_all/all, good" \
2422 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2423 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2424 0 \
2425 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2426 -c "client hello, adding psk_key_exchange_modes extension" \
2427 -c "client hello, adding PSK binder list" \
2428 -c "Selected key exchange mode: psk_ephemeral" \
2429 -c "HTTP/1.0 200 OK"
2430
2431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2432requires_config_enabled MBEDTLS_SSL_SRV_C
2433requires_config_enabled MBEDTLS_SSL_CLI_C
2434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2437run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
2438 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2439 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
2440 1 \
2441 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2442 -c "client hello, adding psk_key_exchange_modes extension" \
2443 -c "client hello, adding PSK binder list" \
2444 -s "No usable PSK or ticket"
2445
2446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2447requires_config_enabled MBEDTLS_SSL_SRV_C
2448requires_config_enabled MBEDTLS_SSL_CLI_C
2449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2452run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \
2453 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2454 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2455 1 \
2456 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2457 -c "client hello, adding psk_key_exchange_modes extension" \
2458 -c "client hello, adding PSK binder list" \
2459 -s "Invalid binder."
2460
2461# all mode in client
2462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2463requires_config_enabled MBEDTLS_SSL_SRV_C
2464requires_config_enabled MBEDTLS_SSL_CLI_C
2465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2468run_test "TLS 1.3: m->m: all/psk, good" \
2469 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2470 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2471 0 \
2472 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2473 -c "client hello, adding psk_key_exchange_modes extension" \
2474 -c "client hello, adding PSK binder list" \
2475 -c "Selected key exchange mode: psk$" \
2476 -c "HTTP/1.0 200 OK"
2477
2478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2479requires_config_enabled MBEDTLS_SSL_SRV_C
2480requires_config_enabled MBEDTLS_SSL_CLI_C
2481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2484run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
2485 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2486 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
2487 1 \
2488 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2489 -c "client hello, adding psk_key_exchange_modes extension" \
2490 -c "client hello, adding PSK binder list" \
2491 -s "No usable PSK or ticket" \
2492 -s "ClientHello message misses mandatory extensions."
2493
2494requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2495requires_config_enabled MBEDTLS_SSL_SRV_C
2496requires_config_enabled MBEDTLS_SSL_CLI_C
2497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2498requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2500run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \
2501 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2502 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2503 1 \
2504 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2505 -c "client hello, adding psk_key_exchange_modes extension" \
2506 -c "client hello, adding PSK binder list" \
2507 -s "Invalid binder."
2508
2509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2510requires_config_enabled MBEDTLS_SSL_SRV_C
2511requires_config_enabled MBEDTLS_SSL_CLI_C
2512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2515run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \
2516 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2517 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2518 0 \
2519 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2520 -c "client hello, adding psk_key_exchange_modes extension" \
2521 -c "client hello, adding PSK binder list" \
2522 -c "Selected key exchange mode: psk_ephemeral" \
2523 -c "HTTP/1.0 200 OK"
2524
2525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2526requires_config_enabled MBEDTLS_SSL_SRV_C
2527requires_config_enabled MBEDTLS_SSL_CLI_C
2528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2531run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
2532 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2533 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
2534 1 \
2535 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2536 -c "client hello, adding psk_key_exchange_modes extension" \
2537 -c "client hello, adding PSK binder list" \
2538 -s "No usable PSK or ticket" \
2539 -s "ClientHello message misses mandatory extensions."
2540
2541requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2542requires_config_enabled MBEDTLS_SSL_SRV_C
2543requires_config_enabled MBEDTLS_SSL_CLI_C
2544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2547run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \
2548 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2549 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2550 1 \
2551 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2552 -c "client hello, adding psk_key_exchange_modes extension" \
2553 -c "client hello, adding PSK binder list" \
2554 -s "Invalid binder."
2555
2556requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2557requires_config_enabled MBEDTLS_SSL_SRV_C
2558requires_config_enabled MBEDTLS_SSL_CLI_C
2559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2562run_test "TLS 1.3: m->m: all/ephemeral, good" \
2563 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2564 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2565 0 \
2566 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2567 -c "client hello, adding psk_key_exchange_modes extension" \
2568 -c "client hello, adding PSK binder list" \
2569 -c "Selected key exchange mode: ephemeral" \
2570 -c "HTTP/1.0 200 OK"
2571
2572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2573requires_config_enabled MBEDTLS_SSL_SRV_C
2574requires_config_enabled MBEDTLS_SSL_CLI_C
2575requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2578run_test "TLS 1.3: m->m: all/ephemeral_all, good" \
2579 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2580 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2581 0 \
2582 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2583 -c "client hello, adding psk_key_exchange_modes extension" \
2584 -c "client hello, adding PSK binder list" \
2585 -c "Selected key exchange mode: psk_ephemeral" \
2586 -c "HTTP/1.0 200 OK"
2587
2588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2589requires_config_enabled MBEDTLS_SSL_SRV_C
2590requires_config_enabled MBEDTLS_SSL_CLI_C
2591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2594run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \
2595 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2596 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
2597 0 \
2598 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2599 -c "client hello, adding psk_key_exchange_modes extension" \
2600 -c "client hello, adding PSK binder list" \
2601 -s "No usable PSK or ticket" \
2602 -c "Selected key exchange mode: ephemeral" \
2603 -c "HTTP/1.0 200 OK"
2604
2605requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2606requires_config_enabled MBEDTLS_SSL_SRV_C
2607requires_config_enabled MBEDTLS_SSL_CLI_C
2608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2609requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2611run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \
2612 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2613 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2614 1 \
2615 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2616 -c "client hello, adding psk_key_exchange_modes extension" \
2617 -c "client hello, adding PSK binder list" \
2618 -s "Invalid binder."
2619
2620requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2621requires_config_enabled MBEDTLS_SSL_SRV_C
2622requires_config_enabled MBEDTLS_SSL_CLI_C
2623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2626run_test "TLS 1.3: m->m: all/psk_all, good" \
2627 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2628 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2629 0 \
2630 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2631 -c "client hello, adding psk_key_exchange_modes extension" \
2632 -c "client hello, adding PSK binder list" \
2633 -c "Selected key exchange mode: psk_ephemeral" \
2634 -c "HTTP/1.0 200 OK"
2635
2636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2637requires_config_enabled MBEDTLS_SSL_SRV_C
2638requires_config_enabled MBEDTLS_SSL_CLI_C
2639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2642run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
2643 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2644 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
2645 1 \
2646 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2647 -c "client hello, adding psk_key_exchange_modes extension" \
2648 -c "client hello, adding PSK binder list" \
2649 -s "No usable PSK or ticket" \
2650 -s "ClientHello message misses mandatory extensions."
2651
2652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2653requires_config_enabled MBEDTLS_SSL_SRV_C
2654requires_config_enabled MBEDTLS_SSL_CLI_C
2655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2658run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \
2659 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2660 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2661 1 \
2662 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2663 -c "client hello, adding psk_key_exchange_modes extension" \
2664 -c "client hello, adding PSK binder list" \
2665 -s "Invalid binder."
2666
2667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2668requires_config_enabled MBEDTLS_SSL_SRV_C
2669requires_config_enabled MBEDTLS_SSL_CLI_C
2670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2673run_test "TLS 1.3: m->m: all/all, good" \
2674 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2675 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2676 0 \
2677 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2678 -c "client hello, adding psk_key_exchange_modes extension" \
2679 -c "client hello, adding PSK binder list" \
2680 -c "Selected key exchange mode: psk_ephemeral" \
2681 -c "HTTP/1.0 200 OK"
2682
2683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2684requires_config_enabled MBEDTLS_SSL_SRV_C
2685requires_config_enabled MBEDTLS_SSL_CLI_C
2686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2689run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
2690 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2691 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
2692 0 \
2693 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2694 -c "client hello, adding psk_key_exchange_modes extension" \
2695 -c "client hello, adding PSK binder list" \
2696 -s "No usable PSK or ticket" \
2697 -s "key exchange mode: ephemeral"
2698
2699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2700requires_config_enabled MBEDTLS_SSL_SRV_C
2701requires_config_enabled MBEDTLS_SSL_CLI_C
2702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2705run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \
2706 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2707 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
2708 1 \
2709 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2710 -c "client hello, adding psk_key_exchange_modes extension" \
2711 -c "client hello, adding PSK binder list" \
2712 -s "Invalid binder."
2713
2714#OPENSSL-SERVER psk mode
2715requires_openssl_tls1_3
2716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2718requires_config_enabled MBEDTLS_DEBUG_C
2719requires_config_enabled MBEDTLS_SSL_CLI_C
2720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2721run_test "TLS 1.3: m->O: psk/all, good" \
2722 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
2723 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2724 0 \
2725 -c "=> write client hello" \
2726 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2727 -c "client hello, adding psk_key_exchange_modes extension" \
2728 -c "client hello, adding PSK binder list" \
2729 -c "<= write client hello" \
2730 -c "Selected key exchange mode: psk$" \
2731 -c "HTTP/1.0 200 ok"
2732
2733requires_openssl_tls1_3
2734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2736requires_config_enabled MBEDTLS_DEBUG_C
2737requires_config_enabled MBEDTLS_SSL_CLI_C
2738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2739run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
2740 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2741 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2742 1 \
2743 -c "=> write client hello" \
2744 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2745 -c "client hello, adding psk_key_exchange_modes extension" \
2746 -c "client hello, adding PSK binder list" \
2747 -c "<= write client hello" \
2748 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
2749
2750#OPENSSL-SERVER psk_all mode
2751requires_openssl_tls1_3_with_compatible_ephemeral
2752requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2754requires_config_enabled MBEDTLS_DEBUG_C
2755requires_config_enabled MBEDTLS_SSL_CLI_C
2756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2758run_test "TLS 1.3: m->O: psk_all/all, good" \
2759 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
2760 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2761 0 \
2762 -c "=> write client hello" \
2763 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2764 -c "client hello, adding psk_key_exchange_modes extension" \
2765 -c "client hello, adding PSK binder list" \
2766 -c "<= write client hello" \
2767 -c "Selected key exchange mode: psk_ephemeral" \
2768 -c "HTTP/1.0 200 ok"
2769
2770requires_openssl_tls1_3_with_compatible_ephemeral
2771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2773requires_config_enabled MBEDTLS_DEBUG_C
2774requires_config_enabled MBEDTLS_SSL_CLI_C
2775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2777run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
2778 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2779 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2780 0 \
2781 -c "=> write client hello" \
2782 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2783 -c "client hello, adding psk_key_exchange_modes extension" \
2784 -c "client hello, adding PSK binder list" \
2785 -c "<= write client hello" \
2786 -c "Selected key exchange mode: psk_ephemeral" \
2787 -c "HTTP/1.0 200 ok"
2788
2789#OPENSSL-SERVER psk_ephemeral mode
2790requires_openssl_tls1_3_with_compatible_ephemeral
2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2793requires_config_enabled MBEDTLS_DEBUG_C
2794requires_config_enabled MBEDTLS_SSL_CLI_C
2795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2796run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
2797 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
2798 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2799 0 \
2800 -c "=> write client hello" \
2801 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2802 -c "client hello, adding psk_key_exchange_modes extension" \
2803 -c "client hello, adding PSK binder list" \
2804 -c "<= write client hello" \
2805 -c "Selected key exchange mode: psk_ephemeral" \
2806 -c "HTTP/1.0 200 ok"
2807
2808requires_openssl_tls1_3_with_compatible_ephemeral
2809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2811requires_config_enabled MBEDTLS_DEBUG_C
2812requires_config_enabled MBEDTLS_SSL_CLI_C
2813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2814run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
2815 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2816 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
2817 0 \
2818 -c "=> write client hello" \
2819 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2820 -c "client hello, adding psk_key_exchange_modes extension" \
2821 -c "client hello, adding PSK binder list" \
2822 -c "<= write client hello" \
2823 -c "Selected key exchange mode: psk_ephemeral" \
2824 -c "HTTP/1.0 200 ok"
2825
2826#OPENSSL-SERVER ephemeral mode
2827requires_openssl_tls1_3_with_compatible_ephemeral
2828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2830requires_config_enabled MBEDTLS_DEBUG_C
2831requires_config_enabled MBEDTLS_SSL_CLI_C
2832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2833run_test "TLS 1.3: m->O: ephemeral/all, good" \
2834 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \
2835 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2836 0 \
2837 -c "Selected key exchange mode: ephemeral" \
2838 -c "HTTP/1.0 200 ok"
2839
2840requires_openssl_tls1_3_with_compatible_ephemeral
2841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2843requires_config_enabled MBEDTLS_DEBUG_C
2844requires_config_enabled MBEDTLS_SSL_CLI_C
2845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2846run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
2847 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2848 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
2849 0 \
2850 -c "Selected key exchange mode: ephemeral" \
2851 -c "HTTP/1.0 200 ok"
2852
2853#OPENSSL-SERVER ephemeral_all mode
2854requires_openssl_tls1_3_with_compatible_ephemeral
2855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2857requires_config_enabled MBEDTLS_DEBUG_C
2858requires_config_enabled MBEDTLS_SSL_CLI_C
2859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2861run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
2862 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
2863 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2864 0 \
2865 -c "=> write client hello" \
2866 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2867 -c "client hello, adding psk_key_exchange_modes extension" \
2868 -c "client hello, adding PSK binder list" \
2869 -c "Selected key exchange mode: psk_ephemeral" \
2870 -c "<= write client hello" \
2871 -c "HTTP/1.0 200 ok"
2872
2873requires_openssl_tls1_3_with_compatible_ephemeral
2874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2876requires_config_enabled MBEDTLS_DEBUG_C
2877requires_config_enabled MBEDTLS_SSL_CLI_C
2878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2880run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
2881 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2882 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
2883 0 \
2884 -c "=> write client hello" \
2885 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2886 -c "client hello, adding psk_key_exchange_modes extension" \
2887 -c "client hello, adding PSK binder list" \
2888 -c "Selected key exchange mode: psk_ephemeral" \
2889 -c "<= write client hello" \
2890 -c "HTTP/1.0 200 ok"
2891
2892#OPENSSL-SERVER all mode
2893requires_openssl_tls1_3_with_compatible_ephemeral
2894requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2896requires_config_enabled MBEDTLS_DEBUG_C
2897requires_config_enabled MBEDTLS_SSL_CLI_C
2898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2901run_test "TLS 1.3: m->O: all/all, good" \
2902 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
2903 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2904 0 \
2905 -c "=> write client hello" \
2906 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2907 -c "client hello, adding psk_key_exchange_modes extension" \
2908 -c "client hello, adding PSK binder list" \
2909 -c "Selected key exchange mode: psk_ephemeral" \
2910 -c "<= write client hello" \
2911 -c "HTTP/1.0 200 ok"
2912
2913requires_openssl_tls1_3_with_compatible_ephemeral
2914requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2916requires_config_enabled MBEDTLS_DEBUG_C
2917requires_config_enabled MBEDTLS_SSL_CLI_C
2918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2921run_test "TLS 1.3: m->O: all/ephemeral_all, good" \
2922 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
2923 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
2924 0 \
2925 -c "=> write client hello" \
2926 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2927 -c "client hello, adding psk_key_exchange_modes extension" \
2928 -c "client hello, adding PSK binder list" \
2929 -c "Selected key exchange mode: psk_ephemeral" \
2930 -c "<= write client hello" \
2931 -c "HTTP/1.0 200 ok"
2932
2933#GNUTLS-SERVER psk mode
2934requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2935requires_gnutls_tls1_3
2936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2937requires_config_enabled MBEDTLS_DEBUG_C
2938requires_config_enabled MBEDTLS_SSL_CLI_C
2939requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2940run_test "TLS 1.3: m->G: psk/all, good" \
2941 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
2942 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2943 0 \
2944 -c "=> write client hello" \
2945 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2946 -c "client hello, adding psk_key_exchange_modes extension" \
2947 -c "client hello, adding PSK binder list" \
2948 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
2949 -s "Parsing extension 'Pre Shared Key/41'" \
2950 -c "<= write client hello" \
2951 -c "Selected key exchange mode: psk$" \
2952 -c "HTTP/1.0 200 OK"
2953
2954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2955requires_gnutls_tls1_3
2956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2957requires_config_enabled MBEDTLS_DEBUG_C
2958requires_config_enabled MBEDTLS_SSL_CLI_C
2959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2960run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
2961 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
2962 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
2963 1 \
2964 -c "=> write client hello" \
2965 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2966 -c "client hello, adding psk_key_exchange_modes extension" \
2967 -c "client hello, adding PSK binder list" \
2968 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
2969 -s "Parsing extension 'Pre Shared Key/41'" \
2970 -c "<= write client hello" \
2971 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
2972
2973#GNUTLS-SERVER psk_all mode
2974requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2975requires_gnutls_tls1_3
2976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2977requires_config_enabled MBEDTLS_DEBUG_C
2978requires_config_enabled MBEDTLS_SSL_CLI_C
2979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
2980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
2981run_test "TLS 1.3: m->G: psk_all/all, good" \
2982 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
2983 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
2984 0 \
2985 -c "=> write client hello" \
2986 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
2987 -c "client hello, adding psk_key_exchange_modes extension" \
2988 -c "client hello, adding PSK binder list" \
2989 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
2990 -s "Parsing extension 'Pre Shared Key/41'" \
2991 -c "<= write client hello" \
2992 -c "Selected key exchange mode: psk_ephemeral" \
2993 -c "HTTP/1.0 200 OK"
2994
2995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2996requires_gnutls_tls1_3
2997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2998requires_config_enabled MBEDTLS_DEBUG_C
2999requires_config_enabled MBEDTLS_SSL_CLI_C
3000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3002run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
3003 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
3004 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
3005 0 \
3006 -c "=> write client hello" \
3007 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3008 -c "client hello, adding psk_key_exchange_modes extension" \
3009 -c "client hello, adding PSK binder list" \
3010 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3011 -s "Parsing extension 'Pre Shared Key/41'" \
3012 -c "<= write client hello" \
3013 -c "Selected key exchange mode: psk_ephemeral" \
3014 -c "HTTP/1.0 200 OK"
3015
3016#GNUTLS-SERVER psk_ephemeral mode
3017requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3018requires_gnutls_tls1_3
3019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3020requires_config_enabled MBEDTLS_DEBUG_C
3021requires_config_enabled MBEDTLS_SSL_CLI_C
3022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3023run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
3024 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
3025 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
3026 0 \
3027 -c "=> write client hello" \
3028 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3029 -c "client hello, adding psk_key_exchange_modes extension" \
3030 -c "client hello, adding PSK binder list" \
3031 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3032 -s "Parsing extension 'Pre Shared Key/41'" \
3033 -c "<= write client hello" \
3034 -c "Selected key exchange mode: psk_ephemeral" \
3035 -c "HTTP/1.0 200 OK"
3036
3037requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3038requires_gnutls_tls1_3
3039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3040requires_config_enabled MBEDTLS_DEBUG_C
3041requires_config_enabled MBEDTLS_SSL_CLI_C
3042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3043run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
3044 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
3045 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
3046 0 \
3047 -c "=> write client hello" \
3048 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3049 -c "client hello, adding psk_key_exchange_modes extension" \
3050 -c "client hello, adding PSK binder list" \
3051 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3052 -s "Parsing extension 'Pre Shared Key/41'" \
3053 -c "<= write client hello" \
3054 -c "Selected key exchange mode: psk_ephemeral" \
3055 -c "HTTP/1.0 200 OK"
3056
3057#GNUTLS-SERVER ephemeral mode
3058requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3059requires_gnutls_tls1_3
3060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3061requires_config_enabled MBEDTLS_DEBUG_C
3062requires_config_enabled MBEDTLS_SSL_CLI_C
3063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3064run_test "TLS 1.3: m->G: ephemeral/all, good" \
3065 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
3066 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
3067 0 \
3068 -c "Selected key exchange mode: ephemeral" \
3069 -c "HTTP/1.0 200 OK"
3070
3071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3072requires_gnutls_tls1_3
3073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3074requires_config_enabled MBEDTLS_DEBUG_C
3075requires_config_enabled MBEDTLS_SSL_CLI_C
3076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3077run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
3078 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
3079 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
3080 0 \
3081 -c "Selected key exchange mode: ephemeral" \
3082 -c "HTTP/1.0 200 OK"
3083
3084#GNUTLS-SERVER ephemeral_all mode
3085requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3086requires_gnutls_tls1_3
3087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3088requires_config_enabled MBEDTLS_DEBUG_C
3089requires_config_enabled MBEDTLS_SSL_CLI_C
3090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3092run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
3093 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
3094 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
3095 0 \
3096 -c "=> write client hello" \
3097 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3098 -c "client hello, adding psk_key_exchange_modes extension" \
3099 -c "client hello, adding PSK binder list" \
3100 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3101 -s "Parsing extension 'Pre Shared Key/41'" \
3102 -c "<= write client hello" \
3103 -c "Selected key exchange mode: psk_ephemeral" \
3104 -c "HTTP/1.0 200 OK"
3105
3106requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3107requires_gnutls_tls1_3
3108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3109requires_config_enabled MBEDTLS_DEBUG_C
3110requires_config_enabled MBEDTLS_SSL_CLI_C
3111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3113run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
3114 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
3115 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
3116 0 \
3117 -c "=> write client hello" \
3118 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3119 -c "client hello, adding psk_key_exchange_modes extension" \
3120 -c "client hello, adding PSK binder list" \
3121 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3122 -s "Parsing extension 'Pre Shared Key/41'" \
3123 -c "<= write client hello" \
3124 -c "Selected key exchange mode: psk_ephemeral" \
3125 -c "HTTP/1.0 200 OK"
3126
3127#GNUTLS-SERVER all mode
3128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3129requires_gnutls_tls1_3
3130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3131requires_config_enabled MBEDTLS_DEBUG_C
3132requires_config_enabled MBEDTLS_SSL_CLI_C
3133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3136run_test "TLS 1.3: m->G: all/all, good" \
3137 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
3138 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
3139 0 \
3140 -c "=> write client hello" \
3141 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3142 -c "client hello, adding psk_key_exchange_modes extension" \
3143 -c "client hello, adding PSK binder list" \
3144 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3145 -s "Parsing extension 'Pre Shared Key/41'" \
3146 -c "<= write client hello" \
3147 -c "Selected key exchange mode: psk_ephemeral" \
3148 -c "HTTP/1.0 200 OK"
3149
3150requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3151requires_gnutls_tls1_3
3152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3153requires_config_enabled MBEDTLS_DEBUG_C
3154requires_config_enabled MBEDTLS_SSL_CLI_C
3155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
3156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
3158run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
3159 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
3160 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
3161 0 \
3162 -c "=> write client hello" \
3163 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
3164 -c "client hello, adding psk_key_exchange_modes extension" \
3165 -c "client hello, adding PSK binder list" \
3166 -s "Parsing extension 'PSK Key Exchange Modes/45'" \
3167 -s "Parsing extension 'Pre Shared Key/41'" \
3168 -c "<= write client hello" \
3169 -c "Selected key exchange mode: psk_ephemeral" \
3170 -c "HTTP/1.0 200 OK"