1#!/bin/sh 2 3# tls13-kex-modes.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8 9# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by 10# scripts in future(#6280) 11 12requires_gnutls_tls1_3 13requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15run_test "TLS 1.3: G->m: all/psk, good" \ 16 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 17 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 18 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 19 localhost" \ 20 0 \ 21 -s "found psk key exchange modes extension" \ 22 -s "found pre_shared_key extension" \ 23 -s "Found PSK_EPHEMERAL KEX MODE" \ 24 -s "Found PSK KEX MODE" \ 25 -s "Pre shared key found" \ 26 -S "No matched PSK or ticket" \ 27 -s "key exchange mode: psk$" \ 28 -S "key exchange mode: psk_ephemeral" \ 29 -S "key exchange mode: ephemeral" 30 31requires_gnutls_tls1_3 32requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ 35 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 36 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 37 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 38 localhost" \ 39 1 \ 40 -s "found psk key exchange modes extension" \ 41 -s "found pre_shared_key extension" \ 42 -s "Found PSK_EPHEMERAL KEX MODE" \ 43 -s "Found PSK KEX MODE" \ 44 -s "No matched PSK or ticket" \ 45 -S "key exchange mode: psk$" \ 46 -S "key exchange mode: psk_ephemeral" \ 47 -S "key exchange mode: ephemeral" 48 49requires_gnutls_tls1_3 50requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 51requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 52run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ 53 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 54 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 55 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 56 localhost" \ 57 1 \ 58 -s "found psk key exchange modes extension" \ 59 -s "found pre_shared_key extension" \ 60 -s "Found PSK_EPHEMERAL KEX MODE" \ 61 -s "Found PSK KEX MODE" \ 62 -s "Invalid binder." \ 63 -S "key exchange mode: psk$" \ 64 -S "key exchange mode: psk_ephemeral" \ 65 -S "key exchange mode: ephemeral" 66 67requires_gnutls_tls1_3 68requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 69requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 70run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ 71 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 72 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 73 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 74 localhost" \ 75 0 \ 76 -s "found psk key exchange modes extension" \ 77 -s "found pre_shared_key extension" \ 78 -S "Found PSK_EPHEMERAL KEX MODE" \ 79 -s "Found PSK KEX MODE" \ 80 -s "Pre shared key found" \ 81 -S "No matched PSK or ticket" \ 82 -s "key exchange mode: psk$" \ 83 -S "key exchange mode: psk_ephemeral" \ 84 -S "key exchange mode: ephemeral" 85 86requires_gnutls_tls1_3 87requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 88requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 89run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ 90 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 91 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 92 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 93 localhost" \ 94 1 \ 95 -s "found psk key exchange modes extension" \ 96 -s "found pre_shared_key extension" \ 97 -S "Found PSK_EPHEMERAL KEX MODE" \ 98 -s "Found PSK KEX MODE" \ 99 -s "No matched PSK or ticket" \ 100 -S "key exchange mode: psk$" \ 101 -S "key exchange mode: psk_ephemeral" \ 102 -S "key exchange mode: ephemeral" 103 104requires_gnutls_tls1_3 105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 107run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ 108 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 109 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 110 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 111 localhost" \ 112 1 \ 113 -s "found psk key exchange modes extension" \ 114 -s "found pre_shared_key extension" \ 115 -S "Found PSK_EPHEMERAL KEX MODE" \ 116 -s "Found PSK KEX MODE" \ 117 -s "Invalid binder." \ 118 -S "key exchange mode: psk$" \ 119 -S "key exchange mode: psk_ephemeral" \ 120 -S "key exchange mode: ephemeral" 121 122requires_gnutls_tls1_3 123requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 125run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ 126 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 127 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 128 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 129 localhost" \ 130 0 \ 131 -s "found psk key exchange modes extension" \ 132 -s "found pre_shared_key extension" \ 133 -s "Found PSK_EPHEMERAL KEX MODE" \ 134 -S "Found PSK KEX MODE" \ 135 -s "Pre shared key found" \ 136 -S "No matched PSK or ticket" \ 137 -S "key exchange mode: psk$" \ 138 -s "key exchange mode: psk_ephemeral" \ 139 -S "key exchange mode: ephemeral" 140 141requires_gnutls_tls1_3 142requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 144run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 145 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 146 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 147 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 148 localhost" \ 149 1 \ 150 -s "found psk key exchange modes extension" \ 151 -s "found pre_shared_key extension" \ 152 -s "Found PSK_EPHEMERAL KEX MODE" \ 153 -S "Found PSK KEX MODE" \ 154 -s "No matched PSK or ticket" \ 155 -S "key exchange mode: psk$" \ 156 -S "key exchange mode: psk_ephemeral" \ 157 -S "key exchange mode: ephemeral" 158 159requires_gnutls_tls1_3 160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 162run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 163 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 164 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 165 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 166 localhost" \ 167 1 \ 168 -s "found psk key exchange modes extension" \ 169 -s "found pre_shared_key extension" \ 170 -s "Found PSK_EPHEMERAL KEX MODE" \ 171 -S "Found PSK KEX MODE" \ 172 -s "Invalid binder." \ 173 -S "key exchange mode: psk$" \ 174 -S "key exchange mode: psk_ephemeral" \ 175 -S "key exchange mode: ephemeral" 176 177requires_gnutls_tls1_3 178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 180run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ 181 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 182 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 183 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 184 localhost" \ 185 0 \ 186 -s "found psk key exchange modes extension" \ 187 -s "found pre_shared_key extension" \ 188 -s "Found PSK_EPHEMERAL KEX MODE" \ 189 -s "Found PSK KEX MODE" \ 190 -s "Pre shared key found" \ 191 -S "No matched PSK or ticket" \ 192 -S "key exchange mode: psk$" \ 193 -s "key exchange mode: psk_ephemeral" \ 194 -S "key exchange mode: ephemeral" 195 196requires_gnutls_tls1_3 197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 199run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ 200 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 201 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 202 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 203 localhost" \ 204 1 \ 205 -s "found psk key exchange modes extension" \ 206 -s "found pre_shared_key extension" \ 207 -s "Found PSK_EPHEMERAL KEX MODE" \ 208 -s "Found PSK KEX MODE" \ 209 -s "No matched PSK or ticket" \ 210 -S "key exchange mode: psk$" \ 211 -S "key exchange mode: psk_ephemeral" \ 212 -S "key exchange mode: ephemeral" 213 214requires_gnutls_tls1_3 215requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 217run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ 218 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 219 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 220 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 221 localhost" \ 222 1 \ 223 -s "found psk key exchange modes extension" \ 224 -s "found pre_shared_key extension" \ 225 -s "Found PSK_EPHEMERAL KEX MODE" \ 226 -s "Found PSK KEX MODE" \ 227 -s "Invalid binder." \ 228 -S "key exchange mode: psk$" \ 229 -S "key exchange mode: psk_ephemeral" \ 230 -S "key exchange mode: ephemeral" 231 232requires_gnutls_tls1_3 233requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 235run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ 236 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 237 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 238 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 239 localhost" \ 240 1 \ 241 -s "found psk key exchange modes extension" \ 242 -s "found pre_shared_key extension" \ 243 -S "Found PSK_EPHEMERAL KEX MODE" \ 244 -s "Found PSK KEX MODE" \ 245 -S "key exchange mode: psk$" \ 246 -S "key exchange mode: psk_ephemeral" \ 247 -S "key exchange mode: ephemeral" 248 249requires_gnutls_tls1_3 250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 253run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ 254 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 255 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 256 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 257 localhost" \ 258 0 \ 259 -s "found psk key exchange modes extension" \ 260 -s "found pre_shared_key extension" \ 261 -s "Found PSK_EPHEMERAL KEX MODE" \ 262 -S "Found PSK KEX MODE" \ 263 -s "Pre shared key found" \ 264 -S "No matched PSK or ticket" \ 265 -S "key exchange mode: psk$" \ 266 -s "key exchange mode: psk_ephemeral" \ 267 -S "key exchange mode: ephemeral" 268 269requires_gnutls_tls1_3 270requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 273run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ 274 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 275 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 276 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 277 localhost" \ 278 1 \ 279 -s "found psk key exchange modes extension" \ 280 -s "found pre_shared_key extension" \ 281 -s "Found PSK_EPHEMERAL KEX MODE" \ 282 -S "Found PSK KEX MODE" \ 283 -s "No matched PSK or ticket" \ 284 -S "key exchange mode: psk$" \ 285 -S "key exchange mode: psk_ephemeral" \ 286 -S "key exchange mode: ephemeral" 287 288requires_gnutls_tls1_3 289requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 292run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ 293 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 294 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 295 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 296 localhost" \ 297 1 \ 298 -s "found psk key exchange modes extension" \ 299 -s "found pre_shared_key extension" \ 300 -s "Found PSK_EPHEMERAL KEX MODE" \ 301 -S "Found PSK KEX MODE" \ 302 -s "Invalid binder." \ 303 -S "key exchange mode: psk$" \ 304 -S "key exchange mode: psk_ephemeral" \ 305 -S "key exchange mode: ephemeral" 306 307requires_gnutls_tls1_3 308requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 311run_test "TLS 1.3: G->m: all/psk_all, good" \ 312 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 313 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 314 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 315 localhost" \ 316 0 \ 317 -s "found psk key exchange modes extension" \ 318 -s "found pre_shared_key extension" \ 319 -s "Found PSK_EPHEMERAL KEX MODE" \ 320 -s "Found PSK KEX MODE" \ 321 -s "Pre shared key found" \ 322 -S "No matched PSK or ticket" \ 323 -S "key exchange mode: psk$" \ 324 -s "key exchange mode: psk_ephemeral" \ 325 -S "key exchange mode: ephemeral" 326 327requires_gnutls_tls1_3 328requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 331run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ 332 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 333 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 334 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 335 localhost" \ 336 1 \ 337 -s "found psk key exchange modes extension" \ 338 -s "found pre_shared_key extension" \ 339 -s "Found PSK_EPHEMERAL KEX MODE" \ 340 -s "Found PSK KEX MODE" \ 341 -s "No matched PSK or ticket" \ 342 -S "key exchange mode: psk$" \ 343 -S "key exchange mode: psk_ephemeral" \ 344 -S "key exchange mode: ephemeral" 345 346requires_gnutls_tls1_3 347requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 350run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ 351 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 352 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 353 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 354 localhost" \ 355 1 \ 356 -s "found psk key exchange modes extension" \ 357 -s "found pre_shared_key extension" \ 358 -s "Found PSK_EPHEMERAL KEX MODE" \ 359 -s "Found PSK KEX MODE" \ 360 -s "Invalid binder." \ 361 -S "key exchange mode: psk$" \ 362 -S "key exchange mode: psk_ephemeral" \ 363 -S "key exchange mode: ephemeral" 364 365requires_gnutls_tls1_3 366requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 369run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ 370 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 371 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 372 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 373 localhost" \ 374 0 \ 375 -s "found psk key exchange modes extension" \ 376 -s "found pre_shared_key extension" \ 377 -S "Found PSK_EPHEMERAL KEX MODE" \ 378 -s "Found PSK KEX MODE" \ 379 -s "Pre shared key found" \ 380 -S "No matched PSK or ticket" \ 381 -s "key exchange mode: psk$" \ 382 -S "key exchange mode: psk_ephemeral" \ 383 -S "key exchange mode: ephemeral" 384 385requires_gnutls_tls1_3 386requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 389run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ 390 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 391 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 392 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 393 localhost" \ 394 1 \ 395 -s "found psk key exchange modes extension" \ 396 -s "found pre_shared_key extension" \ 397 -S "Found PSK_EPHEMERAL KEX MODE" \ 398 -s "Found PSK KEX MODE" \ 399 -s "No matched PSK or ticket" \ 400 -S "key exchange mode: psk$" \ 401 -S "key exchange mode: psk_ephemeral" \ 402 -S "key exchange mode: ephemeral" 403 404requires_gnutls_tls1_3 405requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 408run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ 409 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 410 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 411 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 412 localhost" \ 413 1 \ 414 -s "found psk key exchange modes extension" \ 415 -s "found pre_shared_key extension" \ 416 -S "Found PSK_EPHEMERAL KEX MODE" \ 417 -s "Found PSK KEX MODE" \ 418 -s "Invalid binder." \ 419 -S "key exchange mode: psk$" \ 420 -S "key exchange mode: psk_ephemeral" \ 421 -S "key exchange mode: ephemeral" 422 423requires_gnutls_tls1_3 424requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 427run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ 428 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 429 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 430 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 431 localhost" \ 432 0 \ 433 -s "found psk key exchange modes extension" \ 434 -s "found pre_shared_key extension" \ 435 -s "Found PSK_EPHEMERAL KEX MODE" \ 436 -S "Found PSK KEX MODE" \ 437 -s "Pre shared key found" \ 438 -S "No matched PSK or ticket" \ 439 -S "key exchange mode: psk$" \ 440 -s "key exchange mode: psk_ephemeral" \ 441 -S "key exchange mode: ephemeral" 442 443requires_gnutls_tls1_3 444requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 447run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 448 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 449 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 450 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 451 localhost" \ 452 0 \ 453 -s "found psk key exchange modes extension" \ 454 -s "found pre_shared_key extension" \ 455 -s "Found PSK_EPHEMERAL KEX MODE" \ 456 -S "Found PSK KEX MODE" \ 457 -s "No matched PSK or ticket" \ 458 -S "key exchange mode: psk$" \ 459 -S "key exchange mode: psk_ephemeral" \ 460 -s "key exchange mode: ephemeral" 461 462requires_gnutls_tls1_3 463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 466run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 467 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 468 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 469 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 470 localhost" \ 471 1 \ 472 -s "found psk key exchange modes extension" \ 473 -s "found pre_shared_key extension" \ 474 -s "Found PSK_EPHEMERAL KEX MODE" \ 475 -S "Found PSK KEX MODE" \ 476 -s "Invalid binder." \ 477 -S "key exchange mode: psk$" \ 478 -S "key exchange mode: psk_ephemeral" \ 479 -S "key exchange mode: ephemeral" 480 481requires_gnutls_tls1_3 482requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 485run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ 486 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 487 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 488 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 489 localhost" \ 490 0 \ 491 -s "found psk key exchange modes extension" \ 492 -s "found pre_shared_key extension" \ 493 -s "Found PSK_EPHEMERAL KEX MODE" \ 494 -s "Found PSK KEX MODE" \ 495 -s "Pre shared key found" \ 496 -S "No matched PSK or ticket" \ 497 -S "key exchange mode: psk$" \ 498 -s "key exchange mode: psk_ephemeral" \ 499 -S "key exchange mode: ephemeral" 500 501requires_gnutls_tls1_3 502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 505run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ 506 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 507 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 508 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 509 localhost" \ 510 0 \ 511 -s "found psk key exchange modes extension" \ 512 -s "found pre_shared_key extension" \ 513 -s "Found PSK_EPHEMERAL KEX MODE" \ 514 -s "Found PSK KEX MODE" \ 515 -s "No matched PSK or ticket" \ 516 -S "key exchange mode: psk$" \ 517 -S "key exchange mode: psk_ephemeral" \ 518 -s "key exchange mode: ephemeral" 519 520requires_gnutls_tls1_3 521requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 524run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ 525 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 526 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 527 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 528 localhost" \ 529 1 \ 530 -s "found psk key exchange modes extension" \ 531 -s "found pre_shared_key extension" \ 532 -s "Found PSK_EPHEMERAL KEX MODE" \ 533 -s "Found PSK KEX MODE" \ 534 -s "Invalid binder." \ 535 -S "key exchange mode: psk$" \ 536 -S "key exchange mode: psk_ephemeral" \ 537 -S "key exchange mode: ephemeral" 538 539requires_gnutls_tls1_3 540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 543run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ 544 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 545 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 546 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 547 localhost" \ 548 0 \ 549 -s "found psk key exchange modes extension" \ 550 -s "found pre_shared_key extension" \ 551 -S "Found PSK_EPHEMERAL KEX MODE" \ 552 -s "Found PSK KEX MODE" \ 553 -s "Pre shared key found" \ 554 -S "No matched PSK or ticket" \ 555 -S "key exchange mode: psk$" \ 556 -S "key exchange mode: psk_ephemeral" \ 557 -s "key exchange mode: ephemeral" 558 559requires_gnutls_tls1_3 560requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 564run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ 565 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 566 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 567 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 568 localhost" \ 569 0 \ 570 -s "found psk key exchange modes extension" \ 571 -s "found pre_shared_key extension" \ 572 -s "Found PSK_EPHEMERAL KEX MODE" \ 573 -S "Found PSK KEX MODE" \ 574 -s "Pre shared key found" \ 575 -S "No matched PSK or ticket" \ 576 -S "key exchange mode: psk$" \ 577 -s "key exchange mode: psk_ephemeral" \ 578 -S "key exchange mode: ephemeral" 579 580requires_gnutls_tls1_3 581requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 585run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ 586 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 587 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 588 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 589 localhost" \ 590 0 \ 591 -s "found psk key exchange modes extension" \ 592 -s "found pre_shared_key extension" \ 593 -s "Found PSK_EPHEMERAL KEX MODE" \ 594 -S "Found PSK KEX MODE" \ 595 -s "No matched PSK or ticket" \ 596 -S "key exchange mode: psk$" \ 597 -S "key exchange mode: psk_ephemeral" \ 598 -s "key exchange mode: ephemeral" 599 600requires_gnutls_tls1_3 601requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 605run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ 606 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 607 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 608 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 609 localhost" \ 610 1 \ 611 -s "found psk key exchange modes extension" \ 612 -s "found pre_shared_key extension" \ 613 -s "Found PSK_EPHEMERAL KEX MODE" \ 614 -S "Found PSK KEX MODE" \ 615 -s "Invalid binder." \ 616 -S "key exchange mode: psk$" \ 617 -S "key exchange mode: psk_ephemeral" \ 618 -S "key exchange mode: ephemeral" 619 620requires_gnutls_tls1_3 621requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 625run_test "TLS 1.3: G->m: all/all, good" \ 626 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 627 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 628 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 629 localhost" \ 630 0 \ 631 -s "found psk key exchange modes extension" \ 632 -s "found pre_shared_key extension" \ 633 -s "Found PSK_EPHEMERAL KEX MODE" \ 634 -s "Found PSK KEX MODE" \ 635 -s "Pre shared key found" \ 636 -S "No matched PSK or ticket" \ 637 -S "key exchange mode: psk$" \ 638 -s "key exchange mode: psk_ephemeral" \ 639 -S "key exchange mode: ephemeral" 640 641requires_gnutls_tls1_3 642requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 646run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ 647 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 648 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 649 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 650 localhost" \ 651 0 \ 652 -s "found psk key exchange modes extension" \ 653 -s "found pre_shared_key extension" \ 654 -s "Found PSK_EPHEMERAL KEX MODE" \ 655 -s "Found PSK KEX MODE" \ 656 -s "No matched PSK or ticket" \ 657 -S "key exchange mode: psk$" \ 658 -S "key exchange mode: psk_ephemeral" \ 659 -s "key exchange mode: ephemeral" 660 661requires_gnutls_tls1_3 662requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 666run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ 667 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 668 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 669 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 670 localhost" \ 671 1 \ 672 -s "found psk key exchange modes extension" \ 673 -s "found pre_shared_key extension" \ 674 -s "Found PSK_EPHEMERAL KEX MODE" \ 675 -s "Found PSK KEX MODE" \ 676 -s "Invalid binder." \ 677 -S "key exchange mode: psk$" \ 678 -S "key exchange mode: psk_ephemeral" \ 679 -S "key exchange mode: ephemeral" 680 681requires_gnutls_tls1_3 682requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 686run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ 687 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 688 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 689 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 690 localhost" \ 691 0 \ 692 -s "found psk key exchange modes extension" \ 693 -s "found pre_shared_key extension" \ 694 -S "Found PSK_EPHEMERAL KEX MODE" \ 695 -s "Found PSK KEX MODE" \ 696 -s "Pre shared key found" \ 697 -S "No matched PSK or ticket" \ 698 -S "key exchange mode: psk$" \ 699 -S "key exchange mode: psk_ephemeral" \ 700 -s "key exchange mode: ephemeral" 701 702requires_gnutls_tls1_3 703requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 707run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ 708 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 709 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 710 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 711 localhost" \ 712 1 \ 713 -s "found psk key exchange modes extension" \ 714 -s "found pre_shared_key extension" \ 715 -S "Found PSK_EPHEMERAL KEX MODE" \ 716 -s "Found PSK KEX MODE" \ 717 -s "Invalid binder." \ 718 -S "key exchange mode: psk$" \ 719 -S "key exchange mode: psk_ephemeral" \ 720 -S "key exchange mode: ephemeral" 721 722requires_gnutls_tls1_3 723requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 726run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ 727 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 728 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 729 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 730 localhost" \ 731 0 \ 732 -s "found psk key exchange modes extension" \ 733 -s "found pre_shared_key extension" \ 734 -s "Found PSK_EPHEMERAL KEX MODE" \ 735 -S "Found PSK KEX MODE" \ 736 -s "Pre shared key found" \ 737 -S "No matched PSK or ticket" \ 738 -S "key exchange mode: psk$" \ 739 -S "key exchange mode: psk_ephemeral" \ 740 -s "key exchange mode: ephemeral" 741 742requires_gnutls_tls1_3 743requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 746run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ 747 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 748 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 749 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 750 localhost" \ 751 0 \ 752 -s "found psk key exchange modes extension" \ 753 -s "found pre_shared_key extension" \ 754 -s "Found PSK_EPHEMERAL KEX MODE" \ 755 -s "Found PSK KEX MODE" \ 756 -s "Pre shared key found" \ 757 -S "No matched PSK or ticket" \ 758 -S "key exchange mode: psk$" \ 759 -S "key exchange mode: psk_ephemeral" \ 760 -s "key exchange mode: ephemeral" 761 762requires_gnutls_tls1_3 763requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 766run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ 767 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 768 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 769 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 770 localhost" \ 771 1 \ 772 -s "found psk key exchange modes extension" \ 773 -s "found pre_shared_key extension" \ 774 -s "Found PSK_EPHEMERAL KEX MODE" \ 775 -s "Found PSK KEX MODE" \ 776 -s "Invalid binder." \ 777 -S "key exchange mode: psk$" \ 778 -S "key exchange mode: psk_ephemeral" \ 779 -S "key exchange mode: ephemeral" 780 781requires_gnutls_tls1_3 782requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 784requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 785run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ 786 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 787 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 788 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 789 localhost" \ 790 0 \ 791 -s "found psk key exchange modes extension" \ 792 -s "found pre_shared_key extension" \ 793 -S "Found PSK_EPHEMERAL KEX MODE" \ 794 -s "Found PSK KEX MODE" \ 795 -s "Pre shared key found" \ 796 -S "No matched PSK or ticket" \ 797 -S "key exchange mode: psk$" \ 798 -S "key exchange mode: psk_ephemeral" \ 799 -s "key exchange mode: ephemeral" 800 801requires_gnutls_tls1_3 802requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 804requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 805run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ 806 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 807 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 808 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 809 localhost" \ 810 1 \ 811 -s "found psk key exchange modes extension" \ 812 -s "found pre_shared_key extension" \ 813 -S "Found PSK_EPHEMERAL KEX MODE" \ 814 -s "Found PSK KEX MODE" \ 815 -s "Invalid binder." \ 816 -S "key exchange mode: psk$" \ 817 -S "key exchange mode: psk_ephemeral" \ 818 -S "key exchange mode: ephemeral" 819 820requires_gnutls_tls1_3 821requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 823requires_config_enabled PSA_WANT_ALG_ECDH 824run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ 825 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 826 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ 827 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 828 localhost" \ 829 0 \ 830 -s "write selected_group: secp256r1" \ 831 -S "key exchange mode: psk$" \ 832 -s "key exchange mode: psk_ephemeral" \ 833 -S "key exchange mode: ephemeral" 834 835requires_gnutls_tls1_3 836requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 838requires_config_enabled PSA_WANT_ALG_ECDH 839run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ 840 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 841 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ 842 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 843 localhost" \ 844 0 \ 845 -s "write selected_group: secp384r1" \ 846 -S "key exchange mode: psk$" \ 847 -s "key exchange mode: psk_ephemeral" \ 848 -S "key exchange mode: ephemeral" 849 850requires_gnutls_tls1_3 851requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 853requires_config_enabled PSA_WANT_ALG_ECDH 854run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ 855 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 856 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ 857 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 858 localhost" \ 859 0 \ 860 -s "write selected_group: secp521r1" \ 861 -S "key exchange mode: psk$" \ 862 -s "key exchange mode: psk_ephemeral" \ 863 -S "key exchange mode: ephemeral" 864 865requires_gnutls_tls1_3 866requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 868requires_config_enabled PSA_WANT_ALG_ECDH 869run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ 870 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 871 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ 872 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 873 localhost" \ 874 0 \ 875 -s "write selected_group: x25519" \ 876 -S "key exchange mode: psk$" \ 877 -s "key exchange mode: psk_ephemeral" \ 878 -S "key exchange mode: ephemeral" 879 880requires_gnutls_tls1_3 881requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 883requires_config_enabled PSA_WANT_ALG_ECDH 884run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ 885 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 886 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ 887 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 888 localhost" \ 889 0 \ 890 -s "write selected_group: x448" \ 891 -S "key exchange mode: psk$" \ 892 -s "key exchange mode: psk_ephemeral" \ 893 -S "key exchange mode: ephemeral" 894 895requires_openssl_tls1_3 896requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 898run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ 899 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 900 "$O_NEXT_CLI -tls1_3 -msg \ 901 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 902 1 \ 903 -s "found psk key exchange modes extension" \ 904 -s "found pre_shared_key extension" \ 905 -s "Found PSK_EPHEMERAL KEX MODE" \ 906 -S "Found PSK KEX MODE" \ 907 -S "key exchange mode: psk$" \ 908 -S "key exchange mode: psk_ephemeral" \ 909 -S "key exchange mode: ephemeral" 910 911requires_openssl_tls1_3 912requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 914run_test "TLS 1.3: O->m: all/psk, good" \ 915 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 916 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 917 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 918 0 \ 919 -s "found psk key exchange modes extension" \ 920 -s "found pre_shared_key extension" \ 921 -s "Found PSK_EPHEMERAL KEX MODE" \ 922 -s "Found PSK KEX MODE" \ 923 -s "Pre shared key found" \ 924 -S "No matched PSK or ticket" \ 925 -s "key exchange mode: psk$" \ 926 -S "key exchange mode: psk_ephemeral" \ 927 -S "key exchange mode: ephemeral" 928 929requires_openssl_tls1_3 930requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 932run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ 933 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 934 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 935 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 936 1 \ 937 -s "found psk key exchange modes extension" \ 938 -s "found pre_shared_key extension" \ 939 -s "Found PSK_EPHEMERAL KEX MODE" \ 940 -s "Found PSK KEX MODE" \ 941 -s "No matched PSK or ticket" \ 942 -S "key exchange mode: psk$" \ 943 -S "key exchange mode: psk_ephemeral" \ 944 -S "key exchange mode: ephemeral" 945 946requires_openssl_tls1_3 947requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 949run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ 950 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 951 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 952 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 953 1 \ 954 -s "found psk key exchange modes extension" \ 955 -s "found pre_shared_key extension" \ 956 -s "Found PSK_EPHEMERAL KEX MODE" \ 957 -s "Found PSK KEX MODE" \ 958 -s "Invalid binder." \ 959 -S "key exchange mode: psk$" \ 960 -S "key exchange mode: psk_ephemeral" \ 961 -S "key exchange mode: ephemeral" 962 963requires_openssl_tls1_3_with_compatible_ephemeral 964requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 966run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ 967 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 968 "$O_NEXT_CLI -tls1_3 -msg \ 969 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 970 0 \ 971 -s "found psk key exchange modes extension" \ 972 -s "found pre_shared_key extension" \ 973 -s "Found PSK_EPHEMERAL KEX MODE" \ 974 -S "Found PSK KEX MODE" \ 975 -s "Pre shared key found" \ 976 -S "No matched PSK or ticket" \ 977 -S "key exchange mode: psk$" \ 978 -s "key exchange mode: psk_ephemeral" \ 979 -S "key exchange mode: ephemeral" 980 981requires_openssl_tls1_3_with_compatible_ephemeral 982requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 983requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 984run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 985 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 986 "$O_NEXT_CLI -tls1_3 -msg \ 987 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 988 1 \ 989 -s "found psk key exchange modes extension" \ 990 -s "found pre_shared_key extension" \ 991 -s "Found PSK_EPHEMERAL KEX MODE" \ 992 -S "Found PSK KEX MODE" \ 993 -s "No matched PSK or ticket" \ 994 -S "key exchange mode: psk$" \ 995 -S "key exchange mode: psk_ephemeral" \ 996 -S "key exchange mode: ephemeral" 997 998requires_openssl_tls1_3_with_compatible_ephemeral 999requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1001run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 1002 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1003 "$O_NEXT_CLI -tls1_3 -msg \ 1004 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1005 1 \ 1006 -s "found psk key exchange modes extension" \ 1007 -s "found pre_shared_key extension" \ 1008 -s "Found PSK_EPHEMERAL KEX MODE" \ 1009 -S "Found PSK KEX MODE" \ 1010 -s "Invalid binder." \ 1011 -S "key exchange mode: psk$" \ 1012 -S "key exchange mode: psk_ephemeral" \ 1013 -S "key exchange mode: ephemeral" 1014 1015requires_openssl_tls1_3_with_compatible_ephemeral 1016requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1017requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1018run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ 1019 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1020 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1021 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1022 0 \ 1023 -s "found psk key exchange modes extension" \ 1024 -s "found pre_shared_key extension" \ 1025 -s "Found PSK_EPHEMERAL KEX MODE" \ 1026 -s "Found PSK KEX MODE" \ 1027 -s "Pre shared key found" \ 1028 -S "No matched PSK or ticket" \ 1029 -S "key exchange mode: psk$" \ 1030 -s "key exchange mode: psk_ephemeral" \ 1031 -S "key exchange mode: ephemeral" 1032 1033requires_openssl_tls1_3_with_compatible_ephemeral 1034requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1036run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ 1037 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1038 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1039 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1040 1 \ 1041 -s "found psk key exchange modes extension" \ 1042 -s "found pre_shared_key extension" \ 1043 -s "Found PSK_EPHEMERAL KEX MODE" \ 1044 -s "Found PSK KEX MODE" \ 1045 -s "No matched PSK or ticket" \ 1046 -S "key exchange mode: psk$" \ 1047 -S "key exchange mode: psk_ephemeral" \ 1048 -S "key exchange mode: ephemeral" 1049 1050requires_openssl_tls1_3_with_compatible_ephemeral 1051requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1053run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ 1054 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1055 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1056 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1057 1 \ 1058 -s "found psk key exchange modes extension" \ 1059 -s "found pre_shared_key extension" \ 1060 -s "Found PSK_EPHEMERAL KEX MODE" \ 1061 -s "Found PSK KEX MODE" \ 1062 -s "Invalid binder." \ 1063 -S "key exchange mode: psk$" \ 1064 -S "key exchange mode: psk_ephemeral" \ 1065 -S "key exchange mode: ephemeral" 1066 1067requires_openssl_tls1_3_with_compatible_ephemeral 1068requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1069requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1071run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ 1072 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1073 "$O_NEXT_CLI -tls1_3 -msg \ 1074 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1075 0 \ 1076 -s "found psk key exchange modes extension" \ 1077 -s "found pre_shared_key extension" \ 1078 -s "Found PSK_EPHEMERAL KEX MODE" \ 1079 -S "Found PSK KEX MODE" \ 1080 -s "Pre shared key found" \ 1081 -S "No matched PSK or ticket" \ 1082 -S "key exchange mode: psk$" \ 1083 -s "key exchange mode: psk_ephemeral" \ 1084 -S "key exchange mode: ephemeral" 1085 1086requires_openssl_tls1_3_with_compatible_ephemeral 1087requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1090run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ 1091 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1092 "$O_NEXT_CLI -tls1_3 -msg \ 1093 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1094 1 \ 1095 -s "found psk key exchange modes extension" \ 1096 -s "found pre_shared_key extension" \ 1097 -s "Found PSK_EPHEMERAL KEX MODE" \ 1098 -S "Found PSK KEX MODE" \ 1099 -s "No matched PSK or ticket" \ 1100 -S "key exchange mode: psk$" \ 1101 -S "key exchange mode: psk_ephemeral" \ 1102 -S "key exchange mode: ephemeral" 1103 1104requires_openssl_tls1_3_with_compatible_ephemeral 1105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1107requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1108run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ 1109 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1110 "$O_NEXT_CLI -tls1_3 -msg \ 1111 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1112 1 \ 1113 -s "found psk key exchange modes extension" \ 1114 -s "found pre_shared_key extension" \ 1115 -s "Found PSK_EPHEMERAL KEX MODE" \ 1116 -S "Found PSK KEX MODE" \ 1117 -s "Invalid binder." \ 1118 -S "key exchange mode: psk$" \ 1119 -S "key exchange mode: psk_ephemeral" \ 1120 -S "key exchange mode: ephemeral" 1121 1122requires_openssl_tls1_3_with_compatible_ephemeral 1123requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1126run_test "TLS 1.3: O->m: all/psk_all, good" \ 1127 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1128 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1129 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1130 0 \ 1131 -s "found psk key exchange modes extension" \ 1132 -s "found pre_shared_key extension" \ 1133 -s "Found PSK_EPHEMERAL KEX MODE" \ 1134 -s "Found PSK KEX MODE" \ 1135 -s "Pre shared key found" \ 1136 -S "No matched PSK or ticket" \ 1137 -S "key exchange mode: psk$" \ 1138 -s "key exchange mode: psk_ephemeral" \ 1139 -S "key exchange mode: ephemeral" 1140 1141requires_openssl_tls1_3_with_compatible_ephemeral 1142requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1145run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ 1146 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1147 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1148 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1149 1 \ 1150 -s "found psk key exchange modes extension" \ 1151 -s "found pre_shared_key extension" \ 1152 -s "Found PSK_EPHEMERAL KEX MODE" \ 1153 -s "Found PSK KEX MODE" \ 1154 -s "No matched PSK or ticket" \ 1155 -S "key exchange mode: psk$" \ 1156 -S "key exchange mode: psk_ephemeral" \ 1157 -S "key exchange mode: ephemeral" 1158 1159requires_openssl_tls1_3_with_compatible_ephemeral 1160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1163run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ 1164 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1165 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1166 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1167 1 \ 1168 -s "found psk key exchange modes extension" \ 1169 -s "found pre_shared_key extension" \ 1170 -s "Found PSK_EPHEMERAL KEX MODE" \ 1171 -s "Found PSK KEX MODE" \ 1172 -s "Invalid binder." \ 1173 -S "key exchange mode: psk$" \ 1174 -S "key exchange mode: psk_ephemeral" \ 1175 -S "key exchange mode: ephemeral" 1176 1177requires_openssl_tls1_3_with_compatible_ephemeral 1178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1181run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ 1182 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1183 "$O_NEXT_CLI -tls1_3 -msg \ 1184 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1185 0 \ 1186 -s "found psk key exchange modes extension" \ 1187 -s "found pre_shared_key extension" \ 1188 -s "Found PSK_EPHEMERAL KEX MODE" \ 1189 -S "Found PSK KEX MODE" \ 1190 -s "Pre shared key found" \ 1191 -S "No matched PSK or ticket" \ 1192 -S "key exchange mode: psk$" \ 1193 -s "key exchange mode: psk_ephemeral" \ 1194 -S "key exchange mode: ephemeral" 1195 1196requires_openssl_tls1_3_with_compatible_ephemeral 1197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1200run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 1201 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1202 "$O_NEXT_CLI -tls1_3 -msg \ 1203 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1204 0 \ 1205 -s "found psk key exchange modes extension" \ 1206 -s "found pre_shared_key extension" \ 1207 -s "Found PSK_EPHEMERAL KEX MODE" \ 1208 -S "Found PSK KEX MODE" \ 1209 -s "No matched PSK or ticket" \ 1210 -S "key exchange mode: psk$" \ 1211 -S "key exchange mode: psk_ephemeral" \ 1212 -s "key exchange mode: ephemeral" 1213 1214requires_openssl_tls1_3_with_compatible_ephemeral 1215requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1218run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 1219 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1220 "$O_NEXT_CLI -tls1_3 -msg \ 1221 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1222 1 \ 1223 -s "found psk key exchange modes extension" \ 1224 -s "found pre_shared_key extension" \ 1225 -s "Found PSK_EPHEMERAL KEX MODE" \ 1226 -S "Found PSK KEX MODE" \ 1227 -s "Invalid binder." \ 1228 -S "key exchange mode: psk$" \ 1229 -S "key exchange mode: psk_ephemeral" \ 1230 -S "key exchange mode: ephemeral" 1231 1232requires_openssl_tls1_3_with_compatible_ephemeral 1233requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1235requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1236run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ 1237 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1238 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1239 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1240 0 \ 1241 -s "found psk key exchange modes extension" \ 1242 -s "found pre_shared_key extension" \ 1243 -s "Found PSK_EPHEMERAL KEX MODE" \ 1244 -s "Found PSK KEX MODE" \ 1245 -s "Pre shared key found" \ 1246 -S "No matched PSK or ticket" \ 1247 -S "key exchange mode: psk$" \ 1248 -s "key exchange mode: psk_ephemeral" \ 1249 -S "key exchange mode: ephemeral" 1250 1251requires_openssl_tls1_3_with_compatible_ephemeral 1252requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1253requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1255run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ 1256 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1257 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1258 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1259 0 \ 1260 -s "found psk key exchange modes extension" \ 1261 -s "found pre_shared_key extension" \ 1262 -s "Found PSK_EPHEMERAL KEX MODE" \ 1263 -s "Found PSK KEX MODE" \ 1264 -s "No matched PSK or ticket" \ 1265 -S "key exchange mode: psk$" \ 1266 -S "key exchange mode: psk_ephemeral" \ 1267 -s "key exchange mode: ephemeral" 1268 1269requires_openssl_tls1_3_with_compatible_ephemeral 1270requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1273run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ 1274 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1275 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1276 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1277 1 \ 1278 -s "found psk key exchange modes extension" \ 1279 -s "found pre_shared_key extension" \ 1280 -s "Found PSK_EPHEMERAL KEX MODE" \ 1281 -s "Found PSK KEX MODE" \ 1282 -s "Invalid binder." \ 1283 -S "key exchange mode: psk$" \ 1284 -S "key exchange mode: psk_ephemeral" \ 1285 -S "key exchange mode: ephemeral" 1286 1287requires_openssl_tls1_3_with_compatible_ephemeral 1288requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1289requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1292run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ 1293 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1294 "$O_NEXT_CLI -tls1_3 -msg \ 1295 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1296 0 \ 1297 -s "found psk key exchange modes extension" \ 1298 -s "found pre_shared_key extension" \ 1299 -s "Found PSK_EPHEMERAL KEX MODE" \ 1300 -S "Found PSK KEX MODE" \ 1301 -s "Pre shared key found" \ 1302 -S "No matched PSK or ticket" \ 1303 -S "key exchange mode: psk$" \ 1304 -s "key exchange mode: psk_ephemeral" \ 1305 -S "key exchange mode: ephemeral" 1306 1307requires_openssl_tls1_3_with_compatible_ephemeral 1308requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1312run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ 1313 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1314 "$O_NEXT_CLI -tls1_3 -msg \ 1315 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1316 0 \ 1317 -s "found psk key exchange modes extension" \ 1318 -s "found pre_shared_key extension" \ 1319 -s "Found PSK_EPHEMERAL KEX MODE" \ 1320 -S "Found PSK KEX MODE" \ 1321 -s "No matched PSK or ticket" \ 1322 -S "key exchange mode: psk$" \ 1323 -S "key exchange mode: psk_ephemeral" \ 1324 -s "key exchange mode: ephemeral" 1325 1326requires_openssl_tls1_3_with_compatible_ephemeral 1327requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1331run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ 1332 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1333 "$O_NEXT_CLI -tls1_3 -msg \ 1334 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1335 1 \ 1336 -s "found psk key exchange modes extension" \ 1337 -s "found pre_shared_key extension" \ 1338 -s "Found PSK_EPHEMERAL KEX MODE" \ 1339 -S "Found PSK KEX MODE" \ 1340 -s "Invalid binder." \ 1341 -S "key exchange mode: psk$" \ 1342 -S "key exchange mode: psk_ephemeral" \ 1343 -S "key exchange mode: ephemeral" 1344 1345requires_openssl_tls1_3_with_compatible_ephemeral 1346requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1347requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1350run_test "TLS 1.3: O->m: all/all, good" \ 1351 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1352 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1353 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1354 0 \ 1355 -s "found psk key exchange modes extension" \ 1356 -s "found pre_shared_key extension" \ 1357 -s "Found PSK_EPHEMERAL KEX MODE" \ 1358 -s "Found PSK KEX MODE" \ 1359 -s "Pre shared key found" \ 1360 -S "No matched PSK or ticket" \ 1361 -S "key exchange mode: psk$" \ 1362 -s "key exchange mode: psk_ephemeral" \ 1363 -S "key exchange mode: ephemeral" 1364 1365requires_openssl_tls1_3_with_compatible_ephemeral 1366requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1370run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ 1371 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1372 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1373 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1374 0 \ 1375 -s "found psk key exchange modes extension" \ 1376 -s "found pre_shared_key extension" \ 1377 -s "Found PSK_EPHEMERAL KEX MODE" \ 1378 -s "Found PSK KEX MODE" \ 1379 -s "No matched PSK or ticket" \ 1380 -S "key exchange mode: psk$" \ 1381 -S "key exchange mode: psk_ephemeral" \ 1382 -s "key exchange mode: ephemeral" 1383 1384requires_openssl_tls1_3_with_compatible_ephemeral 1385requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1389run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ 1390 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1391 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1392 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1393 1 \ 1394 -s "found psk key exchange modes extension" \ 1395 -s "found pre_shared_key extension" \ 1396 -s "Found PSK_EPHEMERAL KEX MODE" \ 1397 -s "Found PSK KEX MODE" \ 1398 -s "Invalid binder." \ 1399 -S "key exchange mode: psk$" \ 1400 -S "key exchange mode: psk_ephemeral" \ 1401 -S "key exchange mode: ephemeral" 1402 1403requires_openssl_tls1_3_with_compatible_ephemeral 1404requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1407run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ 1408 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1409 "$O_NEXT_CLI -tls1_3 -msg \ 1410 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1411 0 \ 1412 -s "found psk key exchange modes extension" \ 1413 -s "found pre_shared_key extension" \ 1414 -s "Found PSK_EPHEMERAL KEX MODE" \ 1415 -S "Found PSK KEX MODE" \ 1416 -s "Pre shared key found" \ 1417 -S "No matched PSK or ticket" \ 1418 -S "key exchange mode: psk$" \ 1419 -S "key exchange mode: psk_ephemeral" \ 1420 -s "key exchange mode: ephemeral" 1421 1422requires_openssl_tls1_3_with_compatible_ephemeral 1423requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1426run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ 1427 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1428 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1429 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1430 0 \ 1431 -s "found psk key exchange modes extension" \ 1432 -s "found pre_shared_key extension" \ 1433 -s "Found PSK_EPHEMERAL KEX MODE" \ 1434 -s "Found PSK KEX MODE" \ 1435 -s "Pre shared key found" \ 1436 -S "No matched PSK or ticket" \ 1437 -S "key exchange mode: psk$" \ 1438 -S "key exchange mode: psk_ephemeral" \ 1439 -s "key exchange mode: ephemeral" 1440 1441requires_openssl_tls1_3_with_compatible_ephemeral 1442requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1444requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1445run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ 1446 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1447 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1448 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1449 1 \ 1450 -s "found psk key exchange modes extension" \ 1451 -s "found pre_shared_key extension" \ 1452 -s "Found PSK_EPHEMERAL KEX MODE" \ 1453 -s "Found PSK KEX MODE" \ 1454 -s "Invalid binder." \ 1455 -S "key exchange mode: psk$" \ 1456 -S "key exchange mode: psk_ephemeral" \ 1457 -S "key exchange mode: ephemeral" 1458 1459requires_openssl_tls1_3_with_compatible_ephemeral 1460requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1462run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ 1463 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1464 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ 1465 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1466 0 \ 1467 -s "write selected_group: secp256r1" \ 1468 -S "key exchange mode: psk$" \ 1469 -s "key exchange mode: psk_ephemeral" \ 1470 -S "key exchange mode: ephemeral" 1471 1472requires_openssl_tls1_3_with_compatible_ephemeral 1473requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1475run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ 1476 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1477 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ 1478 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1479 0 \ 1480 -s "write selected_group: secp384r1" \ 1481 -S "key exchange mode: psk$" \ 1482 -s "key exchange mode: psk_ephemeral" \ 1483 -S "key exchange mode: ephemeral" 1484 1485requires_openssl_tls1_3_with_compatible_ephemeral 1486requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1488run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ 1489 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1490 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ 1491 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1492 0 \ 1493 -s "write selected_group: secp521r1" \ 1494 -S "key exchange mode: psk$" \ 1495 -s "key exchange mode: psk_ephemeral" \ 1496 -S "key exchange mode: ephemeral" 1497 1498requires_openssl_tls1_3_with_compatible_ephemeral 1499requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1501run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ 1502 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1503 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ 1504 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1505 0 \ 1506 -s "write selected_group: x25519" \ 1507 -S "key exchange mode: psk$" \ 1508 -s "key exchange mode: psk_ephemeral" \ 1509 -S "key exchange mode: ephemeral" 1510 1511requires_openssl_tls1_3_with_compatible_ephemeral 1512requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1514run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ 1515 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1516 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ 1517 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1518 0 \ 1519 -s "write selected_group: x448" \ 1520 -S "key exchange mode: psk$" \ 1521 -s "key exchange mode: psk_ephemeral" \ 1522 -S "key exchange mode: ephemeral" 1523 1524requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1525requires_openssl_tls1_3_with_compatible_ephemeral 1526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1527run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1528 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1529 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ 1530 0 \ 1531 -s "write selected_group: secp384r1" \ 1532 -s "HRR selected_group: secp384r1" \ 1533 -S "key exchange mode: psk$" \ 1534 -s "key exchange mode: psk_ephemeral" \ 1535 -S "key exchange mode: ephemeral" 1536 1537requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1538requires_gnutls_tls1_3 1539requires_gnutls_next_no_ticket 1540requires_gnutls_next_disable_tls13_compat 1541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1542requires_config_enabled PSA_WANT_ALG_ECDH 1543run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1544 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1545 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ 1546 0 \ 1547 -s "write selected_group: secp384r1" \ 1548 -s "HRR selected_group: secp384r1" \ 1549 -S "key exchange mode: psk$" \ 1550 -s "key exchange mode: psk_ephemeral" \ 1551 -S "key exchange mode: ephemeral" 1552 1553 1554# Add psk test cases for mbedtls client code 1555 1556# MbedTls->MbedTLS kinds of tls13_kex_modes 1557# PSK mode in client 1558requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1559requires_config_enabled MBEDTLS_SSL_SRV_C 1560requires_config_enabled MBEDTLS_SSL_CLI_C 1561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1562run_test "TLS 1.3: m->m: psk/psk, good" \ 1563 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1564 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1565 0 \ 1566 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1567 -c "client hello, adding psk_key_exchange_modes extension" \ 1568 -c "client hello, adding PSK binder list" \ 1569 -c "Selected key exchange mode: psk$" \ 1570 -c "HTTP/1.0 200 OK" 1571 1572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1573requires_config_enabled MBEDTLS_SSL_SRV_C 1574requires_config_enabled MBEDTLS_SSL_CLI_C 1575requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1576run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ 1577 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1578 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1579 1 \ 1580 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1581 -c "client hello, adding psk_key_exchange_modes extension" \ 1582 -c "client hello, adding PSK binder list" \ 1583 -s "No matched PSK or ticket" 1584 1585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1586requires_config_enabled MBEDTLS_SSL_SRV_C 1587requires_config_enabled MBEDTLS_SSL_CLI_C 1588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1589run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ 1590 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1591 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1592 1 \ 1593 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1594 -c "client hello, adding psk_key_exchange_modes extension" \ 1595 -c "client hello, adding PSK binder list" \ 1596 -s "Invalid binder." 1597 1598requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1599requires_config_enabled MBEDTLS_SSL_SRV_C 1600requires_config_enabled MBEDTLS_SSL_CLI_C 1601requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1603run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ 1604 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1605 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1606 1 \ 1607 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1608 -c "client hello, adding psk_key_exchange_modes extension" \ 1609 -c "client hello, adding PSK binder list" \ 1610 -s "ClientHello message misses mandatory extensions." 1611 1612requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1613requires_config_enabled MBEDTLS_SSL_SRV_C 1614requires_config_enabled MBEDTLS_SSL_CLI_C 1615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1616requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1617run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ 1618 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1619 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1620 1 \ 1621 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1622 -c "client hello, adding psk_key_exchange_modes extension" \ 1623 -c "client hello, adding PSK binder list" \ 1624 -s "ClientHello message misses mandatory extensions." 1625 1626requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1627requires_config_enabled MBEDTLS_SSL_SRV_C 1628requires_config_enabled MBEDTLS_SSL_CLI_C 1629requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1632run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ 1633 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1634 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1635 1 \ 1636 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1637 -c "client hello, adding psk_key_exchange_modes extension" \ 1638 -c "client hello, adding PSK binder list" \ 1639 -s "ClientHello message misses mandatory extensions." 1640 1641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1642requires_config_enabled MBEDTLS_SSL_SRV_C 1643requires_config_enabled MBEDTLS_SSL_CLI_C 1644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1646run_test "TLS 1.3: m->m: psk/psk_all, good" \ 1647 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1648 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1649 0 \ 1650 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1651 -c "client hello, adding psk_key_exchange_modes extension" \ 1652 -c "client hello, adding PSK binder list" \ 1653 -c "Selected key exchange mode: psk$" \ 1654 -c "HTTP/1.0 200 OK" 1655 1656requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1657requires_config_enabled MBEDTLS_SSL_SRV_C 1658requires_config_enabled MBEDTLS_SSL_CLI_C 1659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1661run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ 1662 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1663 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1664 1 \ 1665 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1666 -c "client hello, adding psk_key_exchange_modes extension" \ 1667 -c "client hello, adding PSK binder list" \ 1668 -s "No matched PSK or ticket" \ 1669 -s "ClientHello message misses mandatory extensions." 1670 1671requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1672requires_config_enabled MBEDTLS_SSL_SRV_C 1673requires_config_enabled MBEDTLS_SSL_CLI_C 1674requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1676run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ 1677 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1678 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1679 1 \ 1680 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1681 -c "client hello, adding psk_key_exchange_modes extension" \ 1682 -c "client hello, adding PSK binder list" \ 1683 -s "Invalid binder." 1684 1685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1686requires_config_enabled MBEDTLS_SSL_SRV_C 1687requires_config_enabled MBEDTLS_SSL_CLI_C 1688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1689requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1691run_test "TLS 1.3: m->m: psk/all, good" \ 1692 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1693 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1694 0 \ 1695 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1696 -c "client hello, adding psk_key_exchange_modes extension" \ 1697 -c "client hello, adding PSK binder list" \ 1698 -c "Selected key exchange mode: psk$" \ 1699 -c "HTTP/1.0 200 OK" 1700 1701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1702requires_config_enabled MBEDTLS_SSL_SRV_C 1703requires_config_enabled MBEDTLS_SSL_CLI_C 1704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1707run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ 1708 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1709 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1710 1 \ 1711 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1712 -c "client hello, adding psk_key_exchange_modes extension" \ 1713 -c "client hello, adding PSK binder list" \ 1714 -s "No matched PSK or ticket" \ 1715 -s "ClientHello message misses mandatory extensions." 1716 1717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1718requires_config_enabled MBEDTLS_SSL_SRV_C 1719requires_config_enabled MBEDTLS_SSL_CLI_C 1720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1723run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ 1724 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1725 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1726 1 \ 1727 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1728 -c "client hello, adding psk_key_exchange_modes extension" \ 1729 -c "client hello, adding PSK binder list" \ 1730 -s "Invalid binder." 1731 1732# psk_ephemeral mode in client 1733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1734requires_config_enabled MBEDTLS_SSL_SRV_C 1735requires_config_enabled MBEDTLS_SSL_CLI_C 1736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1738run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ 1739 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1740 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1741 1 \ 1742 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1743 -c "client hello, adding psk_key_exchange_modes extension" \ 1744 -c "client hello, adding PSK binder list" \ 1745 -s "ClientHello message misses mandatory extensions." 1746 1747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1748requires_config_enabled MBEDTLS_SSL_SRV_C 1749requires_config_enabled MBEDTLS_SSL_CLI_C 1750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1751run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ 1752 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1753 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1754 0 \ 1755 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1756 -c "client hello, adding psk_key_exchange_modes extension" \ 1757 -c "client hello, adding PSK binder list" \ 1758 -c "Selected key exchange mode: psk_ephemeral" \ 1759 -c "HTTP/1.0 200 OK" 1760 1761requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1762requires_config_enabled MBEDTLS_SSL_SRV_C 1763requires_config_enabled MBEDTLS_SSL_CLI_C 1764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1765run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ 1766 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1767 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1768 1 \ 1769 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1770 -c "client hello, adding psk_key_exchange_modes extension" \ 1771 -c "client hello, adding PSK binder list" \ 1772 -s "No matched PSK or ticket" \ 1773 -s "ClientHello message misses mandatory extensions." 1774 1775requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1776requires_config_enabled MBEDTLS_SSL_SRV_C 1777requires_config_enabled MBEDTLS_SSL_CLI_C 1778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1779run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ 1780 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1781 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1782 1 \ 1783 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1784 -c "client hello, adding psk_key_exchange_modes extension" \ 1785 -c "client hello, adding PSK binder list" \ 1786 -s "Invalid binder." 1787 1788requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1789requires_config_enabled MBEDTLS_SSL_SRV_C 1790requires_config_enabled MBEDTLS_SSL_CLI_C 1791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1793requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1794run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ 1795 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1796 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1797 1 \ 1798 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1799 -c "client hello, adding psk_key_exchange_modes extension" \ 1800 -c "client hello, adding PSK binder list" 1801 1802requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1803requires_config_enabled MBEDTLS_SSL_SRV_C 1804requires_config_enabled MBEDTLS_SSL_CLI_C 1805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1807run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ 1808 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1809 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1810 0 \ 1811 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1812 -c "client hello, adding psk_key_exchange_modes extension" \ 1813 -c "client hello, adding PSK binder list" \ 1814 -c "Selected key exchange mode: psk_ephemeral" \ 1815 -c "HTTP/1.0 200 OK" 1816 1817requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1819requires_config_enabled MBEDTLS_SSL_SRV_C 1820requires_config_enabled MBEDTLS_SSL_CLI_C 1821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1823run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ 1824 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1825 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1826 1 \ 1827 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1828 -c "client hello, adding psk_key_exchange_modes extension" \ 1829 -c "client hello, adding PSK binder list" \ 1830 -s "No matched PSK or ticket" 1831 1832requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1833requires_config_enabled MBEDTLS_SSL_SRV_C 1834requires_config_enabled MBEDTLS_SSL_CLI_C 1835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1837run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ 1838 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1839 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1840 1 \ 1841 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1842 -c "client hello, adding psk_key_exchange_modes extension" \ 1843 -c "client hello, adding PSK binder list" \ 1844 -s "Invalid binder." 1845 1846requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1847requires_config_enabled MBEDTLS_SSL_SRV_C 1848requires_config_enabled MBEDTLS_SSL_CLI_C 1849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1851run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ 1852 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1853 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1854 0 \ 1855 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1856 -c "client hello, adding psk_key_exchange_modes extension" \ 1857 -c "client hello, adding PSK binder list" \ 1858 -c "Selected key exchange mode: psk_ephemeral" \ 1859 -c "HTTP/1.0 200 OK" 1860 1861requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1862requires_config_enabled MBEDTLS_SSL_SRV_C 1863requires_config_enabled MBEDTLS_SSL_CLI_C 1864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1866run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ 1867 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1868 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1869 1 \ 1870 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1871 -c "client hello, adding psk_key_exchange_modes extension" \ 1872 -c "client hello, adding PSK binder list" \ 1873 -s "No matched PSK or ticket" \ 1874 -s "ClientHello message misses mandatory extensions." 1875 1876requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1877requires_config_enabled MBEDTLS_SSL_SRV_C 1878requires_config_enabled MBEDTLS_SSL_CLI_C 1879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1881run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ 1882 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1883 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1884 1 \ 1885 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1886 -c "client hello, adding psk_key_exchange_modes extension" \ 1887 -c "client hello, adding PSK binder list" \ 1888 -s "Invalid binder." 1889 1890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1891requires_config_enabled MBEDTLS_SSL_SRV_C 1892requires_config_enabled MBEDTLS_SSL_CLI_C 1893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1896run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ 1897 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1898 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1899 0 \ 1900 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1901 -c "client hello, adding psk_key_exchange_modes extension" \ 1902 -c "client hello, adding PSK binder list" \ 1903 -c "Selected key exchange mode: psk_ephemeral" \ 1904 -c "HTTP/1.0 200 OK" 1905 1906requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1907requires_config_enabled MBEDTLS_SSL_SRV_C 1908requires_config_enabled MBEDTLS_SSL_CLI_C 1909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1912run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ 1913 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1914 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1915 1 \ 1916 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1917 -c "client hello, adding psk_key_exchange_modes extension" \ 1918 -c "client hello, adding PSK binder list" \ 1919 -s "No matched PSK or ticket" \ 1920 1921requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1922requires_config_enabled MBEDTLS_SSL_SRV_C 1923requires_config_enabled MBEDTLS_SSL_CLI_C 1924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1926requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1927run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ 1928 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1929 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1930 1 \ 1931 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1932 -c "client hello, adding psk_key_exchange_modes extension" \ 1933 -c "client hello, adding PSK binder list" \ 1934 -s "Invalid binder." 1935 1936# ephemeral mode in client 1937requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1938requires_config_enabled MBEDTLS_SSL_SRV_C 1939requires_config_enabled MBEDTLS_SSL_CLI_C 1940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1942run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ 1943 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1944 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1945 1 \ 1946 -s "ClientHello message misses mandatory extensions." 1947 1948requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1949requires_config_enabled MBEDTLS_SSL_SRV_C 1950requires_config_enabled MBEDTLS_SSL_CLI_C 1951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1953run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ 1954 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1955 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1956 1 \ 1957 -s "ClientHello message misses mandatory extensions." 1958 1959requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1960requires_config_enabled MBEDTLS_SSL_SRV_C 1961requires_config_enabled MBEDTLS_SSL_CLI_C 1962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1963run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ 1964 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1965 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1966 0 \ 1967 -c "Selected key exchange mode: ephemeral" \ 1968 -c "HTTP/1.0 200 OK" 1969 1970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1971requires_config_enabled MBEDTLS_SSL_SRV_C 1972requires_config_enabled MBEDTLS_SSL_CLI_C 1973requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1975run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ 1976 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1977 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1978 0 \ 1979 -c "Selected key exchange mode: ephemeral" \ 1980 -c "HTTP/1.0 200 OK" 1981 1982requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1983requires_config_enabled MBEDTLS_SSL_SRV_C 1984requires_config_enabled MBEDTLS_SSL_CLI_C 1985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1988run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ 1989 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1990 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1991 1 \ 1992 -s "ClientHello message misses mandatory extensions." 1993 1994requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1995requires_config_enabled MBEDTLS_SSL_SRV_C 1996requires_config_enabled MBEDTLS_SSL_CLI_C 1997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1999requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2000run_test "TLS 1.3: m->m: ephemeral/all, good" \ 2001 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2002 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2003 0 \ 2004 -c "Selected key exchange mode: ephemeral" \ 2005 -c "HTTP/1.0 200 OK" 2006 2007# ephemeral_all mode in client 2008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2009requires_config_enabled MBEDTLS_SSL_SRV_C 2010requires_config_enabled MBEDTLS_SSL_CLI_C 2011requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2014run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ 2015 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2016 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2017 1 \ 2018 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2019 -c "client hello, adding psk_key_exchange_modes extension" \ 2020 -c "client hello, adding PSK binder list" \ 2021 -s "ClientHello message misses mandatory extensions." 2022 2023requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2024requires_config_enabled MBEDTLS_SSL_SRV_C 2025requires_config_enabled MBEDTLS_SSL_CLI_C 2026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2028run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ 2029 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2030 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2031 0 \ 2032 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2033 -c "client hello, adding psk_key_exchange_modes extension" \ 2034 -c "client hello, adding PSK binder list" \ 2035 -c "Selected key exchange mode: psk_ephemeral" \ 2036 -c "HTTP/1.0 200 OK" 2037 2038requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2039requires_config_enabled MBEDTLS_SSL_SRV_C 2040requires_config_enabled MBEDTLS_SSL_CLI_C 2041requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2043run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 2044 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2045 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2046 1 \ 2047 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2048 -c "client hello, adding psk_key_exchange_modes extension" \ 2049 -c "client hello, adding PSK binder list" \ 2050 -s "No matched PSK or ticket" 2051 2052requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2053requires_config_enabled MBEDTLS_SSL_SRV_C 2054requires_config_enabled MBEDTLS_SSL_CLI_C 2055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2057run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 2058 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2059 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2060 1 \ 2061 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2062 -c "client hello, adding psk_key_exchange_modes extension" \ 2063 -c "client hello, adding PSK binder list" \ 2064 -s "Invalid binder." 2065 2066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2067requires_config_enabled MBEDTLS_SSL_SRV_C 2068requires_config_enabled MBEDTLS_SSL_CLI_C 2069requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2071run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ 2072 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2073 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2074 0 \ 2075 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2076 -c "client hello, adding psk_key_exchange_modes extension" \ 2077 -c "client hello, adding PSK binder list" \ 2078 -s "key exchange mode: ephemeral" \ 2079 -c "Selected key exchange mode: ephemeral" \ 2080 -c "HTTP/1.0 200 OK" 2081 2082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2083requires_config_enabled MBEDTLS_SSL_SRV_C 2084requires_config_enabled MBEDTLS_SSL_CLI_C 2085requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2087run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ 2088 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2089 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2090 0 \ 2091 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2092 -c "client hello, adding psk_key_exchange_modes extension" \ 2093 -c "client hello, adding PSK binder list" \ 2094 -c "Selected key exchange mode: psk_ephemeral" \ 2095 -c "HTTP/1.0 200 OK" 2096 2097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2098requires_config_enabled MBEDTLS_SSL_SRV_C 2099requires_config_enabled MBEDTLS_SSL_CLI_C 2100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2102run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ 2103 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2104 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2105 0 \ 2106 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2107 -c "client hello, adding psk_key_exchange_modes extension" \ 2108 -c "client hello, adding PSK binder list" \ 2109 -s "No matched PSK or ticket" \ 2110 -s "key exchange mode: ephemeral" 2111 2112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2113requires_config_enabled MBEDTLS_SSL_SRV_C 2114requires_config_enabled MBEDTLS_SSL_CLI_C 2115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2117run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 2118 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2119 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2120 1 \ 2121 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2122 -c "client hello, adding psk_key_exchange_modes extension" \ 2123 -c "client hello, adding PSK binder list" \ 2124 -s "Invalid binder." 2125 2126requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2127requires_config_enabled MBEDTLS_SSL_SRV_C 2128requires_config_enabled MBEDTLS_SSL_CLI_C 2129requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2132run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ 2133 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2134 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2135 0 \ 2136 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2137 -c "client hello, adding psk_key_exchange_modes extension" \ 2138 -c "client hello, adding PSK binder list" \ 2139 -c "Selected key exchange mode: psk_ephemeral" \ 2140 -c "HTTP/1.0 200 OK" 2141 2142requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2143requires_config_enabled MBEDTLS_SSL_SRV_C 2144requires_config_enabled MBEDTLS_SSL_CLI_C 2145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2148run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ 2149 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2150 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2151 1 \ 2152 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2153 -c "client hello, adding psk_key_exchange_modes extension" \ 2154 -c "client hello, adding PSK binder list" \ 2155 -s "No matched PSK or ticket" \ 2156 -s "ClientHello message misses mandatory extensions." 2157 2158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2159requires_config_enabled MBEDTLS_SSL_SRV_C 2160requires_config_enabled MBEDTLS_SSL_CLI_C 2161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2164run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ 2165 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2166 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2167 1 \ 2168 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2169 -c "client hello, adding psk_key_exchange_modes extension" \ 2170 -c "client hello, adding PSK binder list" \ 2171 -s "Invalid binder." 2172 2173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2174requires_config_enabled MBEDTLS_SSL_SRV_C 2175requires_config_enabled MBEDTLS_SSL_CLI_C 2176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2179run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ 2180 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2181 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2182 0 \ 2183 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2184 -c "client hello, adding psk_key_exchange_modes extension" \ 2185 -c "client hello, adding PSK binder list" \ 2186 -c "Selected key exchange mode: psk_ephemeral" \ 2187 -c "HTTP/1.0 200 OK" 2188 2189requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2190requires_config_enabled MBEDTLS_SSL_SRV_C 2191requires_config_enabled MBEDTLS_SSL_CLI_C 2192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2195run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ 2196 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2197 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2198 0 \ 2199 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2200 -c "client hello, adding psk_key_exchange_modes extension" \ 2201 -c "client hello, adding PSK binder list" \ 2202 -s "No matched PSK or ticket" \ 2203 -s "key exchange mode: ephemeral" 2204 2205requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2206requires_config_enabled MBEDTLS_SSL_SRV_C 2207requires_config_enabled MBEDTLS_SSL_CLI_C 2208requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2211run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ 2212 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2213 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2214 1 \ 2215 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2216 -c "client hello, adding psk_key_exchange_modes extension" \ 2217 -c "client hello, adding PSK binder list" \ 2218 -s "Invalid binder." 2219 2220# psk_all mode in client 2221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2222requires_config_enabled MBEDTLS_SSL_SRV_C 2223requires_config_enabled MBEDTLS_SSL_CLI_C 2224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2226run_test "TLS 1.3: m->m: psk_all/psk, good" \ 2227 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2228 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2229 0 \ 2230 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2231 -c "client hello, adding psk_key_exchange_modes extension" \ 2232 -c "client hello, adding PSK binder list" \ 2233 -c "Selected key exchange mode: psk$" \ 2234 -c "HTTP/1.0 200 OK" 2235 2236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2237requires_config_enabled MBEDTLS_SSL_SRV_C 2238requires_config_enabled MBEDTLS_SSL_CLI_C 2239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2241run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ 2242 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2243 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2244 1 \ 2245 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2246 -c "client hello, adding psk_key_exchange_modes extension" \ 2247 -c "client hello, adding PSK binder list" \ 2248 -s "ClientHello message misses mandatory extensions." 2249 2250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2251requires_config_enabled MBEDTLS_SSL_SRV_C 2252requires_config_enabled MBEDTLS_SSL_CLI_C 2253requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2255run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ 2256 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2257 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2258 1 \ 2259 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2260 -c "client hello, adding psk_key_exchange_modes extension" \ 2261 -c "client hello, adding PSK binder list" \ 2262 -s "Invalid binder." 2263 2264requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2265requires_config_enabled MBEDTLS_SSL_SRV_C 2266requires_config_enabled MBEDTLS_SSL_CLI_C 2267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2269run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ 2270 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2271 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2272 0 \ 2273 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2274 -c "client hello, adding psk_key_exchange_modes extension" \ 2275 -c "client hello, adding PSK binder list" \ 2276 -c "Selected key exchange mode: psk_ephemeral" \ 2277 -c "HTTP/1.0 200 OK" 2278 2279requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2280requires_config_enabled MBEDTLS_SSL_SRV_C 2281requires_config_enabled MBEDTLS_SSL_CLI_C 2282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2284run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ 2285 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2286 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2287 1 \ 2288 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2289 -c "client hello, adding psk_key_exchange_modes extension" \ 2290 -c "client hello, adding PSK binder list" \ 2291 -s "No matched PSK or ticket" \ 2292 -s "ClientHello message misses mandatory extensions." 2293 2294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2295requires_config_enabled MBEDTLS_SSL_SRV_C 2296requires_config_enabled MBEDTLS_SSL_CLI_C 2297requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2299run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ 2300 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2301 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2302 1 \ 2303 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2304 -c "client hello, adding psk_key_exchange_modes extension" \ 2305 -c "client hello, adding PSK binder list" \ 2306 -s "Invalid binder." 2307 2308requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2309requires_config_enabled MBEDTLS_SSL_SRV_C 2310requires_config_enabled MBEDTLS_SSL_CLI_C 2311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2314run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ 2315 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2316 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2317 1 \ 2318 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2319 -c "client hello, adding psk_key_exchange_modes extension" \ 2320 -c "client hello, adding PSK binder list" 2321 2322requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2323requires_config_enabled MBEDTLS_SSL_SRV_C 2324requires_config_enabled MBEDTLS_SSL_CLI_C 2325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2326requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2328run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ 2329 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2330 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2331 0 \ 2332 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2333 -c "client hello, adding psk_key_exchange_modes extension" \ 2334 -c "client hello, adding PSK binder list" \ 2335 -c "Selected key exchange mode: psk_ephemeral" \ 2336 -c "HTTP/1.0 200 OK" 2337 2338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2339requires_config_enabled MBEDTLS_SSL_SRV_C 2340requires_config_enabled MBEDTLS_SSL_CLI_C 2341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2342requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2344run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ 2345 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2346 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2347 1 \ 2348 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2349 -c "client hello, adding psk_key_exchange_modes extension" \ 2350 -c "client hello, adding PSK binder list" \ 2351 -s "No matched PSK or ticket" 2352 2353requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2354requires_config_enabled MBEDTLS_SSL_SRV_C 2355requires_config_enabled MBEDTLS_SSL_CLI_C 2356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2359run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ 2360 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2361 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2362 1 \ 2363 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2364 -c "client hello, adding psk_key_exchange_modes extension" \ 2365 -c "client hello, adding PSK binder list" \ 2366 -s "Invalid binder." 2367 2368requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2369requires_config_enabled MBEDTLS_SSL_SRV_C 2370requires_config_enabled MBEDTLS_SSL_CLI_C 2371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2373run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ 2374 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2375 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2376 0 \ 2377 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2378 -c "client hello, adding psk_key_exchange_modes extension" \ 2379 -c "client hello, adding PSK binder list" \ 2380 -c "Selected key exchange mode: psk_ephemeral" \ 2381 -c "HTTP/1.0 200 OK" 2382 2383requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2384requires_config_enabled MBEDTLS_SSL_SRV_C 2385requires_config_enabled MBEDTLS_SSL_CLI_C 2386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2388run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ 2389 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2390 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2391 1 \ 2392 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2393 -c "client hello, adding psk_key_exchange_modes extension" \ 2394 -c "client hello, adding PSK binder list" \ 2395 -s "No matched PSK or ticket" \ 2396 -s "ClientHello message misses mandatory extensions." 2397 2398requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2399requires_config_enabled MBEDTLS_SSL_SRV_C 2400requires_config_enabled MBEDTLS_SSL_CLI_C 2401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2403run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ 2404 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2405 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2406 1 \ 2407 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2408 -c "client hello, adding psk_key_exchange_modes extension" \ 2409 -c "client hello, adding PSK binder list" \ 2410 -s "Invalid binder." 2411 2412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2413requires_config_enabled MBEDTLS_SSL_SRV_C 2414requires_config_enabled MBEDTLS_SSL_CLI_C 2415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2418run_test "TLS 1.3: m->m: psk_all/all, good" \ 2419 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2420 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2421 0 \ 2422 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2423 -c "client hello, adding psk_key_exchange_modes extension" \ 2424 -c "client hello, adding PSK binder list" \ 2425 -c "Selected key exchange mode: psk_ephemeral" \ 2426 -c "HTTP/1.0 200 OK" 2427 2428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2429requires_config_enabled MBEDTLS_SSL_SRV_C 2430requires_config_enabled MBEDTLS_SSL_CLI_C 2431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2433requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2434run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ 2435 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2436 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2437 1 \ 2438 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2439 -c "client hello, adding psk_key_exchange_modes extension" \ 2440 -c "client hello, adding PSK binder list" \ 2441 -s "No matched PSK or ticket" 2442 2443requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2444requires_config_enabled MBEDTLS_SSL_SRV_C 2445requires_config_enabled MBEDTLS_SSL_CLI_C 2446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2448requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2449run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ 2450 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2451 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2452 1 \ 2453 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2454 -c "client hello, adding psk_key_exchange_modes extension" \ 2455 -c "client hello, adding PSK binder list" \ 2456 -s "Invalid binder." 2457 2458# all mode in client 2459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2460requires_config_enabled MBEDTLS_SSL_SRV_C 2461requires_config_enabled MBEDTLS_SSL_CLI_C 2462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2463requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2465run_test "TLS 1.3: m->m: all/psk, good" \ 2466 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2467 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2468 0 \ 2469 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2470 -c "client hello, adding psk_key_exchange_modes extension" \ 2471 -c "client hello, adding PSK binder list" \ 2472 -c "Selected key exchange mode: psk$" \ 2473 -c "HTTP/1.0 200 OK" 2474 2475requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2476requires_config_enabled MBEDTLS_SSL_SRV_C 2477requires_config_enabled MBEDTLS_SSL_CLI_C 2478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2481run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ 2482 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2483 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2484 1 \ 2485 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2486 -c "client hello, adding psk_key_exchange_modes extension" \ 2487 -c "client hello, adding PSK binder list" \ 2488 -s "No matched PSK or ticket" \ 2489 -s "ClientHello message misses mandatory extensions." 2490 2491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2492requires_config_enabled MBEDTLS_SSL_SRV_C 2493requires_config_enabled MBEDTLS_SSL_CLI_C 2494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2497run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ 2498 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2499 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2500 1 \ 2501 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2502 -c "client hello, adding psk_key_exchange_modes extension" \ 2503 -c "client hello, adding PSK binder list" \ 2504 -s "Invalid binder." 2505 2506requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2507requires_config_enabled MBEDTLS_SSL_SRV_C 2508requires_config_enabled MBEDTLS_SSL_CLI_C 2509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2512run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ 2513 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2514 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2515 0 \ 2516 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2517 -c "client hello, adding psk_key_exchange_modes extension" \ 2518 -c "client hello, adding PSK binder list" \ 2519 -c "Selected key exchange mode: psk_ephemeral" \ 2520 -c "HTTP/1.0 200 OK" 2521 2522requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2523requires_config_enabled MBEDTLS_SSL_SRV_C 2524requires_config_enabled MBEDTLS_SSL_CLI_C 2525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2528run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ 2529 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2530 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2531 1 \ 2532 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2533 -c "client hello, adding psk_key_exchange_modes extension" \ 2534 -c "client hello, adding PSK binder list" \ 2535 -s "No matched PSK or ticket" \ 2536 -s "ClientHello message misses mandatory extensions." 2537 2538requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2539requires_config_enabled MBEDTLS_SSL_SRV_C 2540requires_config_enabled MBEDTLS_SSL_CLI_C 2541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2544run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ 2545 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2546 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2547 1 \ 2548 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2549 -c "client hello, adding psk_key_exchange_modes extension" \ 2550 -c "client hello, adding PSK binder list" \ 2551 -s "Invalid binder." 2552 2553requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2554requires_config_enabled MBEDTLS_SSL_SRV_C 2555requires_config_enabled MBEDTLS_SSL_CLI_C 2556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2557requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2559run_test "TLS 1.3: m->m: all/ephemeral, good" \ 2560 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2561 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2562 0 \ 2563 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2564 -c "client hello, adding psk_key_exchange_modes extension" \ 2565 -c "client hello, adding PSK binder list" \ 2566 -c "Selected key exchange mode: ephemeral" \ 2567 -c "HTTP/1.0 200 OK" 2568 2569requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2570requires_config_enabled MBEDTLS_SSL_SRV_C 2571requires_config_enabled MBEDTLS_SSL_CLI_C 2572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2573requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2575run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ 2576 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2577 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2578 0 \ 2579 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2580 -c "client hello, adding psk_key_exchange_modes extension" \ 2581 -c "client hello, adding PSK binder list" \ 2582 -c "Selected key exchange mode: psk_ephemeral" \ 2583 -c "HTTP/1.0 200 OK" 2584 2585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2586requires_config_enabled MBEDTLS_SSL_SRV_C 2587requires_config_enabled MBEDTLS_SSL_CLI_C 2588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2591run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ 2592 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2593 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2594 0 \ 2595 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2596 -c "client hello, adding psk_key_exchange_modes extension" \ 2597 -c "client hello, adding PSK binder list" \ 2598 -s "No matched PSK or ticket" \ 2599 -c "Selected key exchange mode: ephemeral" \ 2600 -c "HTTP/1.0 200 OK" 2601 2602requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2603requires_config_enabled MBEDTLS_SSL_SRV_C 2604requires_config_enabled MBEDTLS_SSL_CLI_C 2605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2607requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2608run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ 2609 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2610 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2611 1 \ 2612 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2613 -c "client hello, adding psk_key_exchange_modes extension" \ 2614 -c "client hello, adding PSK binder list" \ 2615 -s "Invalid binder." 2616 2617requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2618requires_config_enabled MBEDTLS_SSL_SRV_C 2619requires_config_enabled MBEDTLS_SSL_CLI_C 2620requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2623run_test "TLS 1.3: m->m: all/psk_all, good" \ 2624 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2625 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2626 0 \ 2627 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2628 -c "client hello, adding psk_key_exchange_modes extension" \ 2629 -c "client hello, adding PSK binder list" \ 2630 -c "Selected key exchange mode: psk_ephemeral" \ 2631 -c "HTTP/1.0 200 OK" 2632 2633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2634requires_config_enabled MBEDTLS_SSL_SRV_C 2635requires_config_enabled MBEDTLS_SSL_CLI_C 2636requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2639run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ 2640 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2641 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2642 1 \ 2643 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2644 -c "client hello, adding psk_key_exchange_modes extension" \ 2645 -c "client hello, adding PSK binder list" \ 2646 -s "No matched PSK or ticket" \ 2647 -s "ClientHello message misses mandatory extensions." 2648 2649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2650requires_config_enabled MBEDTLS_SSL_SRV_C 2651requires_config_enabled MBEDTLS_SSL_CLI_C 2652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2655run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ 2656 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2657 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2658 1 \ 2659 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2660 -c "client hello, adding psk_key_exchange_modes extension" \ 2661 -c "client hello, adding PSK binder list" \ 2662 -s "Invalid binder." 2663 2664requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2665requires_config_enabled MBEDTLS_SSL_SRV_C 2666requires_config_enabled MBEDTLS_SSL_CLI_C 2667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2669requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2670run_test "TLS 1.3: m->m: all/all, good" \ 2671 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2672 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2673 0 \ 2674 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2675 -c "client hello, adding psk_key_exchange_modes extension" \ 2676 -c "client hello, adding PSK binder list" \ 2677 -c "Selected key exchange mode: psk_ephemeral" \ 2678 -c "HTTP/1.0 200 OK" 2679 2680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2681requires_config_enabled MBEDTLS_SSL_SRV_C 2682requires_config_enabled MBEDTLS_SSL_CLI_C 2683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2686run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ 2687 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2688 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2689 0 \ 2690 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2691 -c "client hello, adding psk_key_exchange_modes extension" \ 2692 -c "client hello, adding PSK binder list" \ 2693 -s "No matched PSK or ticket" \ 2694 -s "key exchange mode: ephemeral" 2695 2696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2697requires_config_enabled MBEDTLS_SSL_SRV_C 2698requires_config_enabled MBEDTLS_SSL_CLI_C 2699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2702run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ 2703 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2704 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2705 1 \ 2706 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2707 -c "client hello, adding psk_key_exchange_modes extension" \ 2708 -c "client hello, adding PSK binder list" \ 2709 -s "Invalid binder." 2710 2711#OPENSSL-SERVER psk mode 2712requires_openssl_tls1_3 2713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2715requires_config_enabled MBEDTLS_DEBUG_C 2716requires_config_enabled MBEDTLS_SSL_CLI_C 2717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2718run_test "TLS 1.3: m->O: psk/all, good" \ 2719 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2720 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2721 0 \ 2722 -c "=> write client hello" \ 2723 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2724 -c "client hello, adding psk_key_exchange_modes extension" \ 2725 -c "client hello, adding PSK binder list" \ 2726 -c "<= write client hello" \ 2727 -c "Selected key exchange mode: psk$" \ 2728 -c "HTTP/1.0 200 ok" 2729 2730requires_openssl_tls1_3 2731requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2733requires_config_enabled MBEDTLS_DEBUG_C 2734requires_config_enabled MBEDTLS_SSL_CLI_C 2735requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2736run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ 2737 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2738 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2739 1 \ 2740 -c "=> write client hello" \ 2741 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2742 -c "client hello, adding psk_key_exchange_modes extension" \ 2743 -c "client hello, adding PSK binder list" \ 2744 -c "<= write client hello" \ 2745 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2746 2747#OPENSSL-SERVER psk_all mode 2748requires_openssl_tls1_3_with_compatible_ephemeral 2749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2751requires_config_enabled MBEDTLS_DEBUG_C 2752requires_config_enabled MBEDTLS_SSL_CLI_C 2753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2755run_test "TLS 1.3: m->O: psk_all/all, good" \ 2756 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2757 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2758 0 \ 2759 -c "=> write client hello" \ 2760 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2761 -c "client hello, adding psk_key_exchange_modes extension" \ 2762 -c "client hello, adding PSK binder list" \ 2763 -c "<= write client hello" \ 2764 -c "Selected key exchange mode: psk_ephemeral" \ 2765 -c "HTTP/1.0 200 ok" 2766 2767requires_openssl_tls1_3_with_compatible_ephemeral 2768requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2770requires_config_enabled MBEDTLS_DEBUG_C 2771requires_config_enabled MBEDTLS_SSL_CLI_C 2772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2773requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2774run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ 2775 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2776 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2777 0 \ 2778 -c "=> write client hello" \ 2779 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2780 -c "client hello, adding psk_key_exchange_modes extension" \ 2781 -c "client hello, adding PSK binder list" \ 2782 -c "<= write client hello" \ 2783 -c "Selected key exchange mode: psk_ephemeral" \ 2784 -c "HTTP/1.0 200 ok" 2785 2786#OPENSSL-SERVER psk_ephemeral mode 2787requires_openssl_tls1_3_with_compatible_ephemeral 2788requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2790requires_config_enabled MBEDTLS_DEBUG_C 2791requires_config_enabled MBEDTLS_SSL_CLI_C 2792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2793run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ 2794 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2795 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2796 0 \ 2797 -c "=> write client hello" \ 2798 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2799 -c "client hello, adding psk_key_exchange_modes extension" \ 2800 -c "client hello, adding PSK binder list" \ 2801 -c "<= write client hello" \ 2802 -c "Selected key exchange mode: psk_ephemeral" \ 2803 -c "HTTP/1.0 200 ok" 2804 2805requires_openssl_tls1_3_with_compatible_ephemeral 2806requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2808requires_config_enabled MBEDTLS_DEBUG_C 2809requires_config_enabled MBEDTLS_SSL_CLI_C 2810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2811run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ 2812 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2813 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2814 0 \ 2815 -c "=> write client hello" \ 2816 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2817 -c "client hello, adding psk_key_exchange_modes extension" \ 2818 -c "client hello, adding PSK binder list" \ 2819 -c "<= write client hello" \ 2820 -c "Selected key exchange mode: psk_ephemeral" \ 2821 -c "HTTP/1.0 200 ok" 2822 2823#OPENSSL-SERVER ephemeral mode 2824requires_openssl_tls1_3_with_compatible_ephemeral 2825requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2827requires_config_enabled MBEDTLS_DEBUG_C 2828requires_config_enabled MBEDTLS_SSL_CLI_C 2829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2830run_test "TLS 1.3: m->O: ephemeral/all, good" \ 2831 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ 2832 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2833 0 \ 2834 -c "Selected key exchange mode: ephemeral" \ 2835 -c "HTTP/1.0 200 ok" 2836 2837requires_openssl_tls1_3_with_compatible_ephemeral 2838requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2840requires_config_enabled MBEDTLS_DEBUG_C 2841requires_config_enabled MBEDTLS_SSL_CLI_C 2842requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2843run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ 2844 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2845 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2846 0 \ 2847 -c "Selected key exchange mode: ephemeral" \ 2848 -c "HTTP/1.0 200 ok" 2849 2850#OPENSSL-SERVER ephemeral_all mode 2851requires_openssl_tls1_3_with_compatible_ephemeral 2852requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2854requires_config_enabled MBEDTLS_DEBUG_C 2855requires_config_enabled MBEDTLS_SSL_CLI_C 2856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2858run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ 2859 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2860 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2861 0 \ 2862 -c "=> write client hello" \ 2863 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2864 -c "client hello, adding psk_key_exchange_modes extension" \ 2865 -c "client hello, adding PSK binder list" \ 2866 -c "Selected key exchange mode: psk_ephemeral" \ 2867 -c "<= write client hello" \ 2868 -c "HTTP/1.0 200 ok" 2869 2870requires_openssl_tls1_3_with_compatible_ephemeral 2871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2873requires_config_enabled MBEDTLS_DEBUG_C 2874requires_config_enabled MBEDTLS_SSL_CLI_C 2875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2877run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ 2878 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2879 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2880 0 \ 2881 -c "=> write client hello" \ 2882 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2883 -c "client hello, adding psk_key_exchange_modes extension" \ 2884 -c "client hello, adding PSK binder list" \ 2885 -c "Selected key exchange mode: psk_ephemeral" \ 2886 -c "<= write client hello" \ 2887 -c "HTTP/1.0 200 ok" 2888 2889#OPENSSL-SERVER all mode 2890requires_openssl_tls1_3_with_compatible_ephemeral 2891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2893requires_config_enabled MBEDTLS_DEBUG_C 2894requires_config_enabled MBEDTLS_SSL_CLI_C 2895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2898run_test "TLS 1.3: m->O: all/all, good" \ 2899 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2900 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2901 0 \ 2902 -c "=> write client hello" \ 2903 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2904 -c "client hello, adding psk_key_exchange_modes extension" \ 2905 -c "client hello, adding PSK binder list" \ 2906 -c "Selected key exchange mode: psk_ephemeral" \ 2907 -c "<= write client hello" \ 2908 -c "HTTP/1.0 200 ok" 2909 2910requires_openssl_tls1_3_with_compatible_ephemeral 2911requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2913requires_config_enabled MBEDTLS_DEBUG_C 2914requires_config_enabled MBEDTLS_SSL_CLI_C 2915requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2918run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ 2919 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2920 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2921 0 \ 2922 -c "=> write client hello" \ 2923 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2924 -c "client hello, adding psk_key_exchange_modes extension" \ 2925 -c "client hello, adding PSK binder list" \ 2926 -c "Selected key exchange mode: psk_ephemeral" \ 2927 -c "<= write client hello" \ 2928 -c "HTTP/1.0 200 ok" 2929 2930#GNUTLS-SERVER psk mode 2931requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2932requires_gnutls_tls1_3 2933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2934requires_config_enabled MBEDTLS_DEBUG_C 2935requires_config_enabled MBEDTLS_SSL_CLI_C 2936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2937run_test "TLS 1.3: m->G: psk/all, good" \ 2938 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 2939 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2940 0 \ 2941 -c "=> write client hello" \ 2942 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2943 -c "client hello, adding psk_key_exchange_modes extension" \ 2944 -c "client hello, adding PSK binder list" \ 2945 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2946 -s "Parsing extension 'Pre Shared Key/41'" \ 2947 -c "<= write client hello" \ 2948 -c "Selected key exchange mode: psk$" \ 2949 -c "HTTP/1.0 200 OK" 2950 2951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2952requires_gnutls_tls1_3 2953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2954requires_config_enabled MBEDTLS_DEBUG_C 2955requires_config_enabled MBEDTLS_SSL_CLI_C 2956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2957run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ 2958 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 2959 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2960 1 \ 2961 -c "=> write client hello" \ 2962 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2963 -c "client hello, adding psk_key_exchange_modes extension" \ 2964 -c "client hello, adding PSK binder list" \ 2965 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2966 -s "Parsing extension 'Pre Shared Key/41'" \ 2967 -c "<= write client hello" \ 2968 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2969 2970#GNUTLS-SERVER psk_all mode 2971requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2972requires_gnutls_tls1_3 2973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2974requires_config_enabled MBEDTLS_DEBUG_C 2975requires_config_enabled MBEDTLS_SSL_CLI_C 2976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2978run_test "TLS 1.3: m->G: psk_all/all, good" \ 2979 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 2980 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2981 0 \ 2982 -c "=> write client hello" \ 2983 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2984 -c "client hello, adding psk_key_exchange_modes extension" \ 2985 -c "client hello, adding PSK binder list" \ 2986 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2987 -s "Parsing extension 'Pre Shared Key/41'" \ 2988 -c "<= write client hello" \ 2989 -c "Selected key exchange mode: psk_ephemeral" \ 2990 -c "HTTP/1.0 200 OK" 2991 2992requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2993requires_gnutls_tls1_3 2994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2995requires_config_enabled MBEDTLS_DEBUG_C 2996requires_config_enabled MBEDTLS_SSL_CLI_C 2997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2999run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ 3000 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3001 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 3002 0 \ 3003 -c "=> write client hello" \ 3004 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3005 -c "client hello, adding psk_key_exchange_modes extension" \ 3006 -c "client hello, adding PSK binder list" \ 3007 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3008 -s "Parsing extension 'Pre Shared Key/41'" \ 3009 -c "<= write client hello" \ 3010 -c "Selected key exchange mode: psk_ephemeral" \ 3011 -c "HTTP/1.0 200 OK" 3012 3013#GNUTLS-SERVER psk_ephemeral mode 3014requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3015requires_gnutls_tls1_3 3016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3017requires_config_enabled MBEDTLS_DEBUG_C 3018requires_config_enabled MBEDTLS_SSL_CLI_C 3019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3020run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ 3021 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3022 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3023 0 \ 3024 -c "=> write client hello" \ 3025 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3026 -c "client hello, adding psk_key_exchange_modes extension" \ 3027 -c "client hello, adding PSK binder list" \ 3028 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3029 -s "Parsing extension 'Pre Shared Key/41'" \ 3030 -c "<= write client hello" \ 3031 -c "Selected key exchange mode: psk_ephemeral" \ 3032 -c "HTTP/1.0 200 OK" 3033 3034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3035requires_gnutls_tls1_3 3036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3037requires_config_enabled MBEDTLS_DEBUG_C 3038requires_config_enabled MBEDTLS_SSL_CLI_C 3039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3040run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ 3041 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3042 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3043 0 \ 3044 -c "=> write client hello" \ 3045 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3046 -c "client hello, adding psk_key_exchange_modes extension" \ 3047 -c "client hello, adding PSK binder list" \ 3048 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3049 -s "Parsing extension 'Pre Shared Key/41'" \ 3050 -c "<= write client hello" \ 3051 -c "Selected key exchange mode: psk_ephemeral" \ 3052 -c "HTTP/1.0 200 OK" 3053 3054#GNUTLS-SERVER ephemeral mode 3055requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3056requires_gnutls_tls1_3 3057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3058requires_config_enabled MBEDTLS_DEBUG_C 3059requires_config_enabled MBEDTLS_SSL_CLI_C 3060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3061run_test "TLS 1.3: m->G: ephemeral/all, good" \ 3062 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3063 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3064 0 \ 3065 -c "Selected key exchange mode: ephemeral" \ 3066 -c "HTTP/1.0 200 OK" 3067 3068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3069requires_gnutls_tls1_3 3070requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3071requires_config_enabled MBEDTLS_DEBUG_C 3072requires_config_enabled MBEDTLS_SSL_CLI_C 3073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3074run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ 3075 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3076 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3077 0 \ 3078 -c "Selected key exchange mode: ephemeral" \ 3079 -c "HTTP/1.0 200 OK" 3080 3081#GNUTLS-SERVER ephemeral_all mode 3082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3083requires_gnutls_tls1_3 3084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3085requires_config_enabled MBEDTLS_DEBUG_C 3086requires_config_enabled MBEDTLS_SSL_CLI_C 3087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3089run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ 3090 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3091 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3092 0 \ 3093 -c "=> write client hello" \ 3094 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3095 -c "client hello, adding psk_key_exchange_modes extension" \ 3096 -c "client hello, adding PSK binder list" \ 3097 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3098 -s "Parsing extension 'Pre Shared Key/41'" \ 3099 -c "<= write client hello" \ 3100 -c "Selected key exchange mode: psk_ephemeral" \ 3101 -c "HTTP/1.0 200 OK" 3102 3103requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3104requires_gnutls_tls1_3 3105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3106requires_config_enabled MBEDTLS_DEBUG_C 3107requires_config_enabled MBEDTLS_SSL_CLI_C 3108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3110run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ 3111 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3112 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3113 0 \ 3114 -c "=> write client hello" \ 3115 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3116 -c "client hello, adding psk_key_exchange_modes extension" \ 3117 -c "client hello, adding PSK binder list" \ 3118 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3119 -s "Parsing extension 'Pre Shared Key/41'" \ 3120 -c "<= write client hello" \ 3121 -c "Selected key exchange mode: psk_ephemeral" \ 3122 -c "HTTP/1.0 200 OK" 3123 3124#GNUTLS-SERVER all mode 3125requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3126requires_gnutls_tls1_3 3127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3128requires_config_enabled MBEDTLS_DEBUG_C 3129requires_config_enabled MBEDTLS_SSL_CLI_C 3130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3133run_test "TLS 1.3: m->G: all/all, good" \ 3134 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3135 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3136 0 \ 3137 -c "=> write client hello" \ 3138 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3139 -c "client hello, adding psk_key_exchange_modes extension" \ 3140 -c "client hello, adding PSK binder list" \ 3141 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3142 -s "Parsing extension 'Pre Shared Key/41'" \ 3143 -c "<= write client hello" \ 3144 -c "Selected key exchange mode: psk_ephemeral" \ 3145 -c "HTTP/1.0 200 OK" 3146 3147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3148requires_gnutls_tls1_3 3149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3150requires_config_enabled MBEDTLS_DEBUG_C 3151requires_config_enabled MBEDTLS_SSL_CLI_C 3152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3155run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ 3156 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3157 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3158 0 \ 3159 -c "=> write client hello" \ 3160 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3161 -c "client hello, adding psk_key_exchange_modes extension" \ 3162 -c "client hello, adding PSK binder list" \ 3163 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3164 -s "Parsing extension 'Pre Shared Key/41'" \ 3165 -c "<= write client hello" \ 3166 -c "Selected key exchange mode: psk_ephemeral" \ 3167 -c "HTTP/1.0 200 OK" 3168