1#!/bin/sh 2 3# tls13-kex-modes.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8 9# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by 10# scripts in future(#6280) 11 12requires_gnutls_tls1_3 13requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15run_test "TLS 1.3: G->m: all/psk, good" \ 16 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 17 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 18 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 19 localhost" \ 20 0 \ 21 -s "found psk key exchange modes extension" \ 22 -s "found pre_shared_key extension" \ 23 -s "Found PSK_EPHEMERAL KEX MODE" \ 24 -s "Found PSK KEX MODE" \ 25 -s "Pre shared key found" \ 26 -S "No usable PSK or ticket" \ 27 -s "key exchange mode: psk$" \ 28 -S "key exchange mode: psk_ephemeral" \ 29 -S "key exchange mode: ephemeral" 30 31requires_gnutls_tls1_3 32requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ 35 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 36 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 37 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 38 localhost" \ 39 1 \ 40 -s "found psk key exchange modes extension" \ 41 -s "found pre_shared_key extension" \ 42 -s "Found PSK_EPHEMERAL KEX MODE" \ 43 -s "Found PSK KEX MODE" \ 44 -s "No usable PSK or ticket" \ 45 -S "key exchange mode: psk$" \ 46 -S "key exchange mode: psk_ephemeral" \ 47 -S "key exchange mode: ephemeral" 48 49requires_gnutls_tls1_3 50requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 51requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 52run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ 53 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 54 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 55 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 56 localhost" \ 57 1 \ 58 -s "found psk key exchange modes extension" \ 59 -s "found pre_shared_key extension" \ 60 -s "Found PSK_EPHEMERAL KEX MODE" \ 61 -s "Found PSK KEX MODE" \ 62 -s "Invalid binder." \ 63 -S "key exchange mode: psk$" \ 64 -S "key exchange mode: psk_ephemeral" \ 65 -S "key exchange mode: ephemeral" 66 67requires_gnutls_tls1_3 68requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 69requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 70run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ 71 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 72 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 73 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 74 localhost" \ 75 0 \ 76 -s "found psk key exchange modes extension" \ 77 -s "found pre_shared_key extension" \ 78 -S "Found PSK_EPHEMERAL KEX MODE" \ 79 -s "Found PSK KEX MODE" \ 80 -s "Pre shared key found" \ 81 -S "No usable PSK or ticket" \ 82 -s "key exchange mode: psk$" \ 83 -S "key exchange mode: psk_ephemeral" \ 84 -S "key exchange mode: ephemeral" 85 86requires_gnutls_tls1_3 87requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 88requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 89run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ 90 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 91 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 92 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 93 localhost" \ 94 1 \ 95 -s "found psk key exchange modes extension" \ 96 -s "found pre_shared_key extension" \ 97 -S "Found PSK_EPHEMERAL KEX MODE" \ 98 -s "Found PSK KEX MODE" \ 99 -s "No usable PSK or ticket" \ 100 -S "key exchange mode: psk$" \ 101 -S "key exchange mode: psk_ephemeral" \ 102 -S "key exchange mode: ephemeral" 103 104requires_gnutls_tls1_3 105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 107run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ 108 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 109 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 110 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 111 localhost" \ 112 1 \ 113 -s "found psk key exchange modes extension" \ 114 -s "found pre_shared_key extension" \ 115 -S "Found PSK_EPHEMERAL KEX MODE" \ 116 -s "Found PSK KEX MODE" \ 117 -s "Invalid binder." \ 118 -S "key exchange mode: psk$" \ 119 -S "key exchange mode: psk_ephemeral" \ 120 -S "key exchange mode: ephemeral" 121 122requires_gnutls_tls1_3 123requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 125run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ 126 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 127 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 128 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 129 localhost" \ 130 0 \ 131 -s "found psk key exchange modes extension" \ 132 -s "found pre_shared_key extension" \ 133 -s "Found PSK_EPHEMERAL KEX MODE" \ 134 -S "Found PSK KEX MODE" \ 135 -s "Pre shared key found" \ 136 -S "No usable PSK or ticket" \ 137 -S "key exchange mode: psk$" \ 138 -s "key exchange mode: psk_ephemeral" \ 139 -S "key exchange mode: ephemeral" 140 141requires_gnutls_tls1_3 142requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 144run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 145 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 146 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 147 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 148 localhost" \ 149 1 \ 150 -s "found psk key exchange modes extension" \ 151 -s "found pre_shared_key extension" \ 152 -s "Found PSK_EPHEMERAL KEX MODE" \ 153 -S "Found PSK KEX MODE" \ 154 -s "No usable PSK or ticket" \ 155 -S "key exchange mode: psk$" \ 156 -S "key exchange mode: psk_ephemeral" \ 157 -S "key exchange mode: ephemeral" 158 159requires_gnutls_tls1_3 160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 162run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 163 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 164 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 165 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 166 localhost" \ 167 1 \ 168 -s "found psk key exchange modes extension" \ 169 -s "found pre_shared_key extension" \ 170 -s "Found PSK_EPHEMERAL KEX MODE" \ 171 -S "Found PSK KEX MODE" \ 172 -s "Invalid binder." \ 173 -S "key exchange mode: psk$" \ 174 -S "key exchange mode: psk_ephemeral" \ 175 -S "key exchange mode: ephemeral" 176 177requires_gnutls_tls1_3 178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 180run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ 181 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 182 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 183 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 184 localhost" \ 185 0 \ 186 -s "found psk key exchange modes extension" \ 187 -s "found pre_shared_key extension" \ 188 -s "Found PSK_EPHEMERAL KEX MODE" \ 189 -s "Found PSK KEX MODE" \ 190 -s "Pre shared key found" \ 191 -S "No usable PSK or ticket" \ 192 -S "key exchange mode: psk$" \ 193 -s "key exchange mode: psk_ephemeral" \ 194 -S "key exchange mode: ephemeral" 195 196requires_gnutls_tls1_3 197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 199run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ 200 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 201 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 202 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 203 localhost" \ 204 1 \ 205 -s "found psk key exchange modes extension" \ 206 -s "found pre_shared_key extension" \ 207 -s "Found PSK_EPHEMERAL KEX MODE" \ 208 -s "Found PSK KEX MODE" \ 209 -s "No usable PSK or ticket" \ 210 -S "key exchange mode: psk$" \ 211 -S "key exchange mode: psk_ephemeral" \ 212 -S "key exchange mode: ephemeral" 213 214requires_gnutls_tls1_3 215requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 217run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ 218 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 219 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 220 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 221 localhost" \ 222 1 \ 223 -s "found psk key exchange modes extension" \ 224 -s "found pre_shared_key extension" \ 225 -s "Found PSK_EPHEMERAL KEX MODE" \ 226 -s "Found PSK KEX MODE" \ 227 -s "Invalid binder." \ 228 -S "key exchange mode: psk$" \ 229 -S "key exchange mode: psk_ephemeral" \ 230 -S "key exchange mode: ephemeral" 231 232requires_gnutls_tls1_3 233requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 235run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ 236 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 237 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 238 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 239 localhost" \ 240 1 \ 241 -s "found psk key exchange modes extension" \ 242 -s "found pre_shared_key extension" \ 243 -S "Found PSK_EPHEMERAL KEX MODE" \ 244 -s "Found PSK KEX MODE" \ 245 -S "key exchange mode: psk$" \ 246 -S "key exchange mode: psk_ephemeral" \ 247 -S "key exchange mode: ephemeral" 248 249requires_gnutls_tls1_3 250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 253run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ 254 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 255 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 256 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 257 localhost" \ 258 0 \ 259 -s "found psk key exchange modes extension" \ 260 -s "found pre_shared_key extension" \ 261 -s "Found PSK_EPHEMERAL KEX MODE" \ 262 -S "Found PSK KEX MODE" \ 263 -s "Pre shared key found" \ 264 -S "No usable PSK or ticket" \ 265 -S "key exchange mode: psk$" \ 266 -s "key exchange mode: psk_ephemeral" \ 267 -S "key exchange mode: ephemeral" 268 269requires_gnutls_tls1_3 270requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 273run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ 274 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 275 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 276 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 277 localhost" \ 278 1 \ 279 -s "found psk key exchange modes extension" \ 280 -s "found pre_shared_key extension" \ 281 -s "Found PSK_EPHEMERAL KEX MODE" \ 282 -S "Found PSK KEX MODE" \ 283 -s "No usable PSK or ticket" \ 284 -S "key exchange mode: psk$" \ 285 -S "key exchange mode: psk_ephemeral" \ 286 -S "key exchange mode: ephemeral" 287 288requires_gnutls_tls1_3 289requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 292run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ 293 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 294 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 295 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 296 localhost" \ 297 1 \ 298 -s "found psk key exchange modes extension" \ 299 -s "found pre_shared_key extension" \ 300 -s "Found PSK_EPHEMERAL KEX MODE" \ 301 -S "Found PSK KEX MODE" \ 302 -s "Invalid binder." \ 303 -S "key exchange mode: psk$" \ 304 -S "key exchange mode: psk_ephemeral" \ 305 -S "key exchange mode: ephemeral" 306 307requires_gnutls_tls1_3 308requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 311run_test "TLS 1.3: G->m: all/psk_all, good" \ 312 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 313 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 314 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 315 localhost" \ 316 0 \ 317 -s "found psk key exchange modes extension" \ 318 -s "found pre_shared_key extension" \ 319 -s "Found PSK_EPHEMERAL KEX MODE" \ 320 -s "Found PSK KEX MODE" \ 321 -s "Pre shared key found" \ 322 -S "No usable PSK or ticket" \ 323 -S "key exchange mode: psk$" \ 324 -s "key exchange mode: psk_ephemeral" \ 325 -S "key exchange mode: ephemeral" 326 327requires_gnutls_tls1_3 328requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 331run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ 332 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 333 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 334 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 335 localhost" \ 336 1 \ 337 -s "found psk key exchange modes extension" \ 338 -s "found pre_shared_key extension" \ 339 -s "Found PSK_EPHEMERAL KEX MODE" \ 340 -s "Found PSK KEX MODE" \ 341 -s "No usable PSK or ticket" \ 342 -S "key exchange mode: psk$" \ 343 -S "key exchange mode: psk_ephemeral" \ 344 -S "key exchange mode: ephemeral" 345 346requires_gnutls_tls1_3 347requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 350run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ 351 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 352 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 353 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 354 localhost" \ 355 1 \ 356 -s "found psk key exchange modes extension" \ 357 -s "found pre_shared_key extension" \ 358 -s "Found PSK_EPHEMERAL KEX MODE" \ 359 -s "Found PSK KEX MODE" \ 360 -s "Invalid binder." \ 361 -S "key exchange mode: psk$" \ 362 -S "key exchange mode: psk_ephemeral" \ 363 -S "key exchange mode: ephemeral" 364 365requires_gnutls_tls1_3 366requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 369run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ 370 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 371 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 372 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 373 localhost" \ 374 0 \ 375 -s "found psk key exchange modes extension" \ 376 -s "found pre_shared_key extension" \ 377 -S "Found PSK_EPHEMERAL KEX MODE" \ 378 -s "Found PSK KEX MODE" \ 379 -s "Pre shared key found" \ 380 -S "No usable PSK or ticket" \ 381 -s "key exchange mode: psk$" \ 382 -S "key exchange mode: psk_ephemeral" \ 383 -S "key exchange mode: ephemeral" 384 385requires_gnutls_tls1_3 386requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 389run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ 390 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 391 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 392 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 393 localhost" \ 394 1 \ 395 -s "found psk key exchange modes extension" \ 396 -s "found pre_shared_key extension" \ 397 -S "Found PSK_EPHEMERAL KEX MODE" \ 398 -s "Found PSK KEX MODE" \ 399 -s "No usable PSK or ticket" \ 400 -S "key exchange mode: psk$" \ 401 -S "key exchange mode: psk_ephemeral" \ 402 -S "key exchange mode: ephemeral" 403 404requires_gnutls_tls1_3 405requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 408run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ 409 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 410 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 411 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 412 localhost" \ 413 1 \ 414 -s "found psk key exchange modes extension" \ 415 -s "found pre_shared_key extension" \ 416 -S "Found PSK_EPHEMERAL KEX MODE" \ 417 -s "Found PSK KEX MODE" \ 418 -s "Invalid binder." \ 419 -S "key exchange mode: psk$" \ 420 -S "key exchange mode: psk_ephemeral" \ 421 -S "key exchange mode: ephemeral" 422 423requires_gnutls_tls1_3 424requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 427run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ 428 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 429 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 430 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 431 localhost" \ 432 0 \ 433 -s "found psk key exchange modes extension" \ 434 -s "found pre_shared_key extension" \ 435 -s "Found PSK_EPHEMERAL KEX MODE" \ 436 -S "Found PSK KEX MODE" \ 437 -s "Pre shared key found" \ 438 -S "No usable PSK or ticket" \ 439 -S "key exchange mode: psk$" \ 440 -s "key exchange mode: psk_ephemeral" \ 441 -S "key exchange mode: ephemeral" 442 443requires_gnutls_tls1_3 444requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 447run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 448 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 449 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 450 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 451 localhost" \ 452 0 \ 453 -s "found psk key exchange modes extension" \ 454 -s "found pre_shared_key extension" \ 455 -s "Found PSK_EPHEMERAL KEX MODE" \ 456 -S "Found PSK KEX MODE" \ 457 -s "No usable PSK or ticket" \ 458 -S "key exchange mode: psk$" \ 459 -S "key exchange mode: psk_ephemeral" \ 460 -s "key exchange mode: ephemeral" 461 462requires_gnutls_tls1_3 463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 466run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 467 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 468 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 469 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 470 localhost" \ 471 1 \ 472 -s "found psk key exchange modes extension" \ 473 -s "found pre_shared_key extension" \ 474 -s "Found PSK_EPHEMERAL KEX MODE" \ 475 -S "Found PSK KEX MODE" \ 476 -s "Invalid binder." \ 477 -S "key exchange mode: psk$" \ 478 -S "key exchange mode: psk_ephemeral" \ 479 -S "key exchange mode: ephemeral" 480 481requires_gnutls_tls1_3 482requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 485run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ 486 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 487 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 488 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 489 localhost" \ 490 0 \ 491 -s "found psk key exchange modes extension" \ 492 -s "found pre_shared_key extension" \ 493 -s "Found PSK_EPHEMERAL KEX MODE" \ 494 -s "Found PSK KEX MODE" \ 495 -s "Pre shared key found" \ 496 -S "No usable PSK or ticket" \ 497 -S "key exchange mode: psk$" \ 498 -s "key exchange mode: psk_ephemeral" \ 499 -S "key exchange mode: ephemeral" 500 501requires_gnutls_tls1_3 502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 505run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ 506 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 507 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 508 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 509 localhost" \ 510 0 \ 511 -s "found psk key exchange modes extension" \ 512 -s "found pre_shared_key extension" \ 513 -s "Found PSK_EPHEMERAL KEX MODE" \ 514 -s "Found PSK KEX MODE" \ 515 -s "No usable PSK or ticket" \ 516 -S "key exchange mode: psk$" \ 517 -S "key exchange mode: psk_ephemeral" \ 518 -s "key exchange mode: ephemeral" 519 520requires_gnutls_tls1_3 521requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 524run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ 525 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 526 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 527 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 528 localhost" \ 529 1 \ 530 -s "found psk key exchange modes extension" \ 531 -s "found pre_shared_key extension" \ 532 -s "Found PSK_EPHEMERAL KEX MODE" \ 533 -s "Found PSK KEX MODE" \ 534 -s "Invalid binder." \ 535 -S "key exchange mode: psk$" \ 536 -S "key exchange mode: psk_ephemeral" \ 537 -S "key exchange mode: ephemeral" 538 539requires_gnutls_tls1_3 540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 543run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ 544 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 545 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 546 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 547 localhost" \ 548 0 \ 549 -s "found psk key exchange modes extension" \ 550 -s "found pre_shared_key extension" \ 551 -S "Found PSK_EPHEMERAL KEX MODE" \ 552 -s "Found PSK KEX MODE" \ 553 -s "No suitable PSK key exchange mode" \ 554 -S "Pre shared key found" \ 555 -s "No usable PSK or ticket" \ 556 -S "key exchange mode: psk$" \ 557 -S "key exchange mode: psk_ephemeral" \ 558 -s "key exchange mode: ephemeral" 559 560requires_gnutls_tls1_3 561requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 565run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ 566 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 567 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 568 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 569 localhost" \ 570 0 \ 571 -s "found psk key exchange modes extension" \ 572 -s "found pre_shared_key extension" \ 573 -s "Found PSK_EPHEMERAL KEX MODE" \ 574 -S "Found PSK KEX MODE" \ 575 -s "Pre shared key found" \ 576 -S "No usable PSK or ticket" \ 577 -S "key exchange mode: psk$" \ 578 -s "key exchange mode: psk_ephemeral" \ 579 -S "key exchange mode: ephemeral" 580 581requires_gnutls_tls1_3 582requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 586run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ 587 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 588 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 589 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 590 localhost" \ 591 0 \ 592 -s "found psk key exchange modes extension" \ 593 -s "found pre_shared_key extension" \ 594 -s "Found PSK_EPHEMERAL KEX MODE" \ 595 -S "Found PSK KEX MODE" \ 596 -s "No usable PSK or ticket" \ 597 -S "key exchange mode: psk$" \ 598 -S "key exchange mode: psk_ephemeral" \ 599 -s "key exchange mode: ephemeral" 600 601requires_gnutls_tls1_3 602requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 606run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ 607 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 608 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 609 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 610 localhost" \ 611 1 \ 612 -s "found psk key exchange modes extension" \ 613 -s "found pre_shared_key extension" \ 614 -s "Found PSK_EPHEMERAL KEX MODE" \ 615 -S "Found PSK KEX MODE" \ 616 -s "Invalid binder." \ 617 -S "key exchange mode: psk$" \ 618 -S "key exchange mode: psk_ephemeral" \ 619 -S "key exchange mode: ephemeral" 620 621requires_gnutls_tls1_3 622requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 626run_test "TLS 1.3: G->m: all/all, good" \ 627 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 628 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 629 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 630 localhost" \ 631 0 \ 632 -s "found psk key exchange modes extension" \ 633 -s "found pre_shared_key extension" \ 634 -s "Found PSK_EPHEMERAL KEX MODE" \ 635 -s "Found PSK KEX MODE" \ 636 -s "Pre shared key found" \ 637 -S "No usable PSK or ticket" \ 638 -S "key exchange mode: psk$" \ 639 -s "key exchange mode: psk_ephemeral" \ 640 -S "key exchange mode: ephemeral" 641 642requires_gnutls_tls1_3 643requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 647run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ 648 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 649 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 650 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 651 localhost" \ 652 0 \ 653 -s "found psk key exchange modes extension" \ 654 -s "found pre_shared_key extension" \ 655 -s "Found PSK_EPHEMERAL KEX MODE" \ 656 -s "Found PSK KEX MODE" \ 657 -s "No usable PSK or ticket" \ 658 -S "key exchange mode: psk$" \ 659 -S "key exchange mode: psk_ephemeral" \ 660 -s "key exchange mode: ephemeral" 661 662requires_gnutls_tls1_3 663requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 667run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ 668 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 669 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 670 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 671 localhost" \ 672 1 \ 673 -s "found psk key exchange modes extension" \ 674 -s "found pre_shared_key extension" \ 675 -s "Found PSK_EPHEMERAL KEX MODE" \ 676 -s "Found PSK KEX MODE" \ 677 -s "Invalid binder." \ 678 -S "key exchange mode: psk$" \ 679 -S "key exchange mode: psk_ephemeral" \ 680 -S "key exchange mode: ephemeral" 681 682requires_gnutls_tls1_3 683requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 687run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ 688 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 689 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 690 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 691 localhost" \ 692 0 \ 693 -s "found psk key exchange modes extension" \ 694 -s "found pre_shared_key extension" \ 695 -S "Found PSK_EPHEMERAL KEX MODE" \ 696 -s "Found PSK KEX MODE" \ 697 -s "Pre shared key found" \ 698 -S "No usable PSK or ticket" \ 699 -S "key exchange mode: psk$" \ 700 -S "key exchange mode: psk_ephemeral" \ 701 -s "key exchange mode: ephemeral" 702 703requires_gnutls_tls1_3 704requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 708run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ 709 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 710 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 711 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 712 localhost" \ 713 1 \ 714 -s "found psk key exchange modes extension" \ 715 -s "found pre_shared_key extension" \ 716 -S "Found PSK_EPHEMERAL KEX MODE" \ 717 -s "Found PSK KEX MODE" \ 718 -s "Invalid binder." \ 719 -S "key exchange mode: psk$" \ 720 -S "key exchange mode: psk_ephemeral" \ 721 -S "key exchange mode: ephemeral" 722 723requires_gnutls_tls1_3 724requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 727run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ 728 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 729 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 730 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 731 localhost" \ 732 0 \ 733 -s "found psk key exchange modes extension" \ 734 -s "found pre_shared_key extension" \ 735 -s "Found PSK_EPHEMERAL KEX MODE" \ 736 -S "Found PSK KEX MODE" \ 737 -s "No suitable PSK key exchange mode" \ 738 -S "Pre shared key found" \ 739 -s "No usable PSK or ticket" \ 740 -S "key exchange mode: psk$" \ 741 -S "key exchange mode: psk_ephemeral" \ 742 -s "key exchange mode: ephemeral" 743 744requires_gnutls_tls1_3 745requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 747requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 748run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ 749 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 750 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 751 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 752 localhost" \ 753 0 \ 754 -s "found psk key exchange modes extension" \ 755 -s "found pre_shared_key extension" \ 756 -s "Found PSK_EPHEMERAL KEX MODE" \ 757 -s "Found PSK KEX MODE" \ 758 -s "Pre shared key found" \ 759 -S "No usable PSK or ticket" \ 760 -S "key exchange mode: psk$" \ 761 -S "key exchange mode: psk_ephemeral" \ 762 -s "key exchange mode: ephemeral" 763 764requires_gnutls_tls1_3 765requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 768run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ 769 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 770 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 771 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 772 localhost" \ 773 1 \ 774 -s "found psk key exchange modes extension" \ 775 -s "found pre_shared_key extension" \ 776 -s "Found PSK_EPHEMERAL KEX MODE" \ 777 -s "Found PSK KEX MODE" \ 778 -s "Invalid binder." \ 779 -S "key exchange mode: psk$" \ 780 -S "key exchange mode: psk_ephemeral" \ 781 -S "key exchange mode: ephemeral" 782 783requires_gnutls_tls1_3 784requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 787run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ 788 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 789 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 790 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 791 localhost" \ 792 0 \ 793 -s "found psk key exchange modes extension" \ 794 -s "found pre_shared_key extension" \ 795 -S "Found PSK_EPHEMERAL KEX MODE" \ 796 -s "Found PSK KEX MODE" \ 797 -s "Pre shared key found" \ 798 -S "No usable PSK or ticket" \ 799 -S "key exchange mode: psk$" \ 800 -S "key exchange mode: psk_ephemeral" \ 801 -s "key exchange mode: ephemeral" 802 803requires_gnutls_tls1_3 804requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 807run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ 808 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 809 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 810 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 811 localhost" \ 812 1 \ 813 -s "found psk key exchange modes extension" \ 814 -s "found pre_shared_key extension" \ 815 -S "Found PSK_EPHEMERAL KEX MODE" \ 816 -s "Found PSK KEX MODE" \ 817 -s "Invalid binder." \ 818 -S "key exchange mode: psk$" \ 819 -S "key exchange mode: psk_ephemeral" \ 820 -S "key exchange mode: ephemeral" 821 822requires_gnutls_tls1_3 823requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 825requires_config_enabled PSA_WANT_ALG_ECDH 826run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ 827 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 828 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ 829 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 830 localhost" \ 831 0 \ 832 -s "write selected_group: secp256r1" \ 833 -S "key exchange mode: psk$" \ 834 -s "key exchange mode: psk_ephemeral" \ 835 -S "key exchange mode: ephemeral" 836 837requires_gnutls_tls1_3 838requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 840requires_config_enabled PSA_WANT_ALG_ECDH 841run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ 842 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 843 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ 844 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 845 localhost" \ 846 0 \ 847 -s "write selected_group: secp384r1" \ 848 -S "key exchange mode: psk$" \ 849 -s "key exchange mode: psk_ephemeral" \ 850 -S "key exchange mode: ephemeral" 851 852requires_gnutls_tls1_3 853requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 855requires_config_enabled PSA_WANT_ALG_ECDH 856run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ 857 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 858 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ 859 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 860 localhost" \ 861 0 \ 862 -s "write selected_group: secp521r1" \ 863 -S "key exchange mode: psk$" \ 864 -s "key exchange mode: psk_ephemeral" \ 865 -S "key exchange mode: ephemeral" 866 867requires_gnutls_tls1_3 868requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 870requires_config_enabled PSA_WANT_ALG_ECDH 871run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ 872 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 873 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ 874 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 875 localhost" \ 876 0 \ 877 -s "write selected_group: x25519" \ 878 -S "key exchange mode: psk$" \ 879 -s "key exchange mode: psk_ephemeral" \ 880 -S "key exchange mode: ephemeral" 881 882requires_gnutls_tls1_3 883requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 885requires_config_enabled PSA_WANT_ALG_ECDH 886run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ 887 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 888 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ 889 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 890 localhost" \ 891 0 \ 892 -s "write selected_group: x448" \ 893 -S "key exchange mode: psk$" \ 894 -s "key exchange mode: psk_ephemeral" \ 895 -S "key exchange mode: ephemeral" 896 897requires_openssl_tls1_3 898requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 900run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ 901 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 902 "$O_NEXT_CLI -tls1_3 -msg \ 903 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 904 1 \ 905 -s "found psk key exchange modes extension" \ 906 -s "found pre_shared_key extension" \ 907 -s "Found PSK_EPHEMERAL KEX MODE" \ 908 -S "Found PSK KEX MODE" \ 909 -S "key exchange mode: psk$" \ 910 -S "key exchange mode: psk_ephemeral" \ 911 -S "key exchange mode: ephemeral" 912 913requires_openssl_tls1_3 914requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 915requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 916run_test "TLS 1.3: O->m: all/psk, good" \ 917 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 918 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 919 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 920 0 \ 921 -s "found psk key exchange modes extension" \ 922 -s "found pre_shared_key extension" \ 923 -s "Found PSK_EPHEMERAL KEX MODE" \ 924 -s "Found PSK KEX MODE" \ 925 -s "Pre shared key found" \ 926 -S "No usable PSK or ticket" \ 927 -s "key exchange mode: psk$" \ 928 -S "key exchange mode: psk_ephemeral" \ 929 -S "key exchange mode: ephemeral" 930 931requires_openssl_tls1_3 932requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 934run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ 935 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 936 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 937 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 938 1 \ 939 -s "found psk key exchange modes extension" \ 940 -s "found pre_shared_key extension" \ 941 -s "Found PSK_EPHEMERAL KEX MODE" \ 942 -s "Found PSK KEX MODE" \ 943 -s "No usable PSK or ticket" \ 944 -S "key exchange mode: psk$" \ 945 -S "key exchange mode: psk_ephemeral" \ 946 -S "key exchange mode: ephemeral" 947 948requires_openssl_tls1_3 949requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 951run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ 952 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 953 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 954 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 955 1 \ 956 -s "found psk key exchange modes extension" \ 957 -s "found pre_shared_key extension" \ 958 -s "Found PSK_EPHEMERAL KEX MODE" \ 959 -s "Found PSK KEX MODE" \ 960 -s "Invalid binder." \ 961 -S "key exchange mode: psk$" \ 962 -S "key exchange mode: psk_ephemeral" \ 963 -S "key exchange mode: ephemeral" 964 965requires_openssl_tls1_3_with_compatible_ephemeral 966requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 968run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ 969 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 970 "$O_NEXT_CLI -tls1_3 -msg \ 971 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 972 0 \ 973 -s "found psk key exchange modes extension" \ 974 -s "found pre_shared_key extension" \ 975 -s "Found PSK_EPHEMERAL KEX MODE" \ 976 -S "Found PSK KEX MODE" \ 977 -s "Pre shared key found" \ 978 -S "No usable PSK or ticket" \ 979 -S "key exchange mode: psk$" \ 980 -s "key exchange mode: psk_ephemeral" \ 981 -S "key exchange mode: ephemeral" 982 983requires_openssl_tls1_3_with_compatible_ephemeral 984requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 986run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 987 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 988 "$O_NEXT_CLI -tls1_3 -msg \ 989 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 990 1 \ 991 -s "found psk key exchange modes extension" \ 992 -s "found pre_shared_key extension" \ 993 -s "Found PSK_EPHEMERAL KEX MODE" \ 994 -S "Found PSK KEX MODE" \ 995 -s "No usable PSK or ticket" \ 996 -S "key exchange mode: psk$" \ 997 -S "key exchange mode: psk_ephemeral" \ 998 -S "key exchange mode: ephemeral" 999 1000requires_openssl_tls1_3_with_compatible_ephemeral 1001requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1003run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 1004 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1005 "$O_NEXT_CLI -tls1_3 -msg \ 1006 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1007 1 \ 1008 -s "found psk key exchange modes extension" \ 1009 -s "found pre_shared_key extension" \ 1010 -s "Found PSK_EPHEMERAL KEX MODE" \ 1011 -S "Found PSK KEX MODE" \ 1012 -s "Invalid binder." \ 1013 -S "key exchange mode: psk$" \ 1014 -S "key exchange mode: psk_ephemeral" \ 1015 -S "key exchange mode: ephemeral" 1016 1017requires_openssl_tls1_3_with_compatible_ephemeral 1018requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1020run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ 1021 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1022 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1023 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1024 0 \ 1025 -s "found psk key exchange modes extension" \ 1026 -s "found pre_shared_key extension" \ 1027 -s "Found PSK_EPHEMERAL KEX MODE" \ 1028 -s "Found PSK KEX MODE" \ 1029 -s "Pre shared key found" \ 1030 -S "No usable PSK or ticket" \ 1031 -S "key exchange mode: psk$" \ 1032 -s "key exchange mode: psk_ephemeral" \ 1033 -S "key exchange mode: ephemeral" 1034 1035requires_openssl_tls1_3_with_compatible_ephemeral 1036requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1038run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ 1039 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1040 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1041 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1042 1 \ 1043 -s "found psk key exchange modes extension" \ 1044 -s "found pre_shared_key extension" \ 1045 -s "Found PSK_EPHEMERAL KEX MODE" \ 1046 -s "Found PSK KEX MODE" \ 1047 -s "No usable PSK or ticket" \ 1048 -S "key exchange mode: psk$" \ 1049 -S "key exchange mode: psk_ephemeral" \ 1050 -S "key exchange mode: ephemeral" 1051 1052requires_openssl_tls1_3_with_compatible_ephemeral 1053requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1055run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ 1056 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1057 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1058 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1059 1 \ 1060 -s "found psk key exchange modes extension" \ 1061 -s "found pre_shared_key extension" \ 1062 -s "Found PSK_EPHEMERAL KEX MODE" \ 1063 -s "Found PSK KEX MODE" \ 1064 -s "Invalid binder." \ 1065 -S "key exchange mode: psk$" \ 1066 -S "key exchange mode: psk_ephemeral" \ 1067 -S "key exchange mode: ephemeral" 1068 1069requires_openssl_tls1_3_with_compatible_ephemeral 1070requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1073run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ 1074 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1075 "$O_NEXT_CLI -tls1_3 -msg \ 1076 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1077 0 \ 1078 -s "found psk key exchange modes extension" \ 1079 -s "found pre_shared_key extension" \ 1080 -s "Found PSK_EPHEMERAL KEX MODE" \ 1081 -S "Found PSK KEX MODE" \ 1082 -s "Pre shared key found" \ 1083 -S "No usable PSK or ticket" \ 1084 -S "key exchange mode: psk$" \ 1085 -s "key exchange mode: psk_ephemeral" \ 1086 -S "key exchange mode: ephemeral" 1087 1088requires_openssl_tls1_3_with_compatible_ephemeral 1089requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1092run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ 1093 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1094 "$O_NEXT_CLI -tls1_3 -msg \ 1095 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1096 1 \ 1097 -s "found psk key exchange modes extension" \ 1098 -s "found pre_shared_key extension" \ 1099 -s "Found PSK_EPHEMERAL KEX MODE" \ 1100 -S "Found PSK KEX MODE" \ 1101 -s "No usable PSK or ticket" \ 1102 -S "key exchange mode: psk$" \ 1103 -S "key exchange mode: psk_ephemeral" \ 1104 -S "key exchange mode: ephemeral" 1105 1106requires_openssl_tls1_3_with_compatible_ephemeral 1107requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1110run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ 1111 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1112 "$O_NEXT_CLI -tls1_3 -msg \ 1113 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1114 1 \ 1115 -s "found psk key exchange modes extension" \ 1116 -s "found pre_shared_key extension" \ 1117 -s "Found PSK_EPHEMERAL KEX MODE" \ 1118 -S "Found PSK KEX MODE" \ 1119 -s "Invalid binder." \ 1120 -S "key exchange mode: psk$" \ 1121 -S "key exchange mode: psk_ephemeral" \ 1122 -S "key exchange mode: ephemeral" 1123 1124requires_openssl_tls1_3_with_compatible_ephemeral 1125requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1128run_test "TLS 1.3: O->m: all/psk_all, good" \ 1129 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1130 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1131 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1132 0 \ 1133 -s "found psk key exchange modes extension" \ 1134 -s "found pre_shared_key extension" \ 1135 -s "Found PSK_EPHEMERAL KEX MODE" \ 1136 -s "Found PSK KEX MODE" \ 1137 -s "Pre shared key found" \ 1138 -S "No usable PSK or ticket" \ 1139 -S "key exchange mode: psk$" \ 1140 -s "key exchange mode: psk_ephemeral" \ 1141 -S "key exchange mode: ephemeral" 1142 1143requires_openssl_tls1_3_with_compatible_ephemeral 1144requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1147run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ 1148 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1149 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1150 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1151 1 \ 1152 -s "found psk key exchange modes extension" \ 1153 -s "found pre_shared_key extension" \ 1154 -s "Found PSK_EPHEMERAL KEX MODE" \ 1155 -s "Found PSK KEX MODE" \ 1156 -s "No usable PSK or ticket" \ 1157 -S "key exchange mode: psk$" \ 1158 -S "key exchange mode: psk_ephemeral" \ 1159 -S "key exchange mode: ephemeral" 1160 1161requires_openssl_tls1_3_with_compatible_ephemeral 1162requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1165run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ 1166 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1167 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1168 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1169 1 \ 1170 -s "found psk key exchange modes extension" \ 1171 -s "found pre_shared_key extension" \ 1172 -s "Found PSK_EPHEMERAL KEX MODE" \ 1173 -s "Found PSK KEX MODE" \ 1174 -s "Invalid binder." \ 1175 -S "key exchange mode: psk$" \ 1176 -S "key exchange mode: psk_ephemeral" \ 1177 -S "key exchange mode: ephemeral" 1178 1179requires_openssl_tls1_3_with_compatible_ephemeral 1180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1183run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ 1184 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1185 "$O_NEXT_CLI -tls1_3 -msg \ 1186 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1187 0 \ 1188 -s "found psk key exchange modes extension" \ 1189 -s "found pre_shared_key extension" \ 1190 -s "Found PSK_EPHEMERAL KEX MODE" \ 1191 -S "Found PSK KEX MODE" \ 1192 -s "Pre shared key found" \ 1193 -S "No usable PSK or ticket" \ 1194 -S "key exchange mode: psk$" \ 1195 -s "key exchange mode: psk_ephemeral" \ 1196 -S "key exchange mode: ephemeral" 1197 1198requires_openssl_tls1_3_with_compatible_ephemeral 1199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1202run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 1203 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1204 "$O_NEXT_CLI -tls1_3 -msg \ 1205 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1206 0 \ 1207 -s "found psk key exchange modes extension" \ 1208 -s "found pre_shared_key extension" \ 1209 -s "Found PSK_EPHEMERAL KEX MODE" \ 1210 -S "Found PSK KEX MODE" \ 1211 -s "No usable PSK or ticket" \ 1212 -S "key exchange mode: psk$" \ 1213 -S "key exchange mode: psk_ephemeral" \ 1214 -s "key exchange mode: ephemeral" 1215 1216requires_openssl_tls1_3_with_compatible_ephemeral 1217requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1220run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 1221 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1222 "$O_NEXT_CLI -tls1_3 -msg \ 1223 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1224 1 \ 1225 -s "found psk key exchange modes extension" \ 1226 -s "found pre_shared_key extension" \ 1227 -s "Found PSK_EPHEMERAL KEX MODE" \ 1228 -S "Found PSK KEX MODE" \ 1229 -s "Invalid binder." \ 1230 -S "key exchange mode: psk$" \ 1231 -S "key exchange mode: psk_ephemeral" \ 1232 -S "key exchange mode: ephemeral" 1233 1234requires_openssl_tls1_3_with_compatible_ephemeral 1235requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1238run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ 1239 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1240 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1241 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1242 0 \ 1243 -s "found psk key exchange modes extension" \ 1244 -s "found pre_shared_key extension" \ 1245 -s "Found PSK_EPHEMERAL KEX MODE" \ 1246 -s "Found PSK KEX MODE" \ 1247 -s "Pre shared key found" \ 1248 -S "No usable PSK or ticket" \ 1249 -S "key exchange mode: psk$" \ 1250 -s "key exchange mode: psk_ephemeral" \ 1251 -S "key exchange mode: ephemeral" 1252 1253requires_openssl_tls1_3_with_compatible_ephemeral 1254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1257run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ 1258 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1259 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1260 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1261 0 \ 1262 -s "found psk key exchange modes extension" \ 1263 -s "found pre_shared_key extension" \ 1264 -s "Found PSK_EPHEMERAL KEX MODE" \ 1265 -s "Found PSK KEX MODE" \ 1266 -s "No usable PSK or ticket" \ 1267 -S "key exchange mode: psk$" \ 1268 -S "key exchange mode: psk_ephemeral" \ 1269 -s "key exchange mode: ephemeral" 1270 1271requires_openssl_tls1_3_with_compatible_ephemeral 1272requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1275run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ 1276 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1277 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1278 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1279 1 \ 1280 -s "found psk key exchange modes extension" \ 1281 -s "found pre_shared_key extension" \ 1282 -s "Found PSK_EPHEMERAL KEX MODE" \ 1283 -s "Found PSK KEX MODE" \ 1284 -s "Invalid binder." \ 1285 -S "key exchange mode: psk$" \ 1286 -S "key exchange mode: psk_ephemeral" \ 1287 -S "key exchange mode: ephemeral" 1288 1289requires_openssl_tls1_3_with_compatible_ephemeral 1290requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1294run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ 1295 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1296 "$O_NEXT_CLI -tls1_3 -msg \ 1297 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1298 0 \ 1299 -s "found psk key exchange modes extension" \ 1300 -s "found pre_shared_key extension" \ 1301 -s "Found PSK_EPHEMERAL KEX MODE" \ 1302 -S "Found PSK KEX MODE" \ 1303 -s "Pre shared key found" \ 1304 -S "No usable PSK or ticket" \ 1305 -S "key exchange mode: psk$" \ 1306 -s "key exchange mode: psk_ephemeral" \ 1307 -S "key exchange mode: ephemeral" 1308 1309requires_openssl_tls1_3_with_compatible_ephemeral 1310requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1314run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ 1315 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1316 "$O_NEXT_CLI -tls1_3 -msg \ 1317 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1318 0 \ 1319 -s "found psk key exchange modes extension" \ 1320 -s "found pre_shared_key extension" \ 1321 -s "Found PSK_EPHEMERAL KEX MODE" \ 1322 -S "Found PSK KEX MODE" \ 1323 -s "No usable PSK or ticket" \ 1324 -S "key exchange mode: psk$" \ 1325 -S "key exchange mode: psk_ephemeral" \ 1326 -s "key exchange mode: ephemeral" 1327 1328requires_openssl_tls1_3_with_compatible_ephemeral 1329requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1333run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ 1334 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1335 "$O_NEXT_CLI -tls1_3 -msg \ 1336 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1337 1 \ 1338 -s "found psk key exchange modes extension" \ 1339 -s "found pre_shared_key extension" \ 1340 -s "Found PSK_EPHEMERAL KEX MODE" \ 1341 -S "Found PSK KEX MODE" \ 1342 -s "Invalid binder." \ 1343 -S "key exchange mode: psk$" \ 1344 -S "key exchange mode: psk_ephemeral" \ 1345 -S "key exchange mode: ephemeral" 1346 1347requires_openssl_tls1_3_with_compatible_ephemeral 1348requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1352run_test "TLS 1.3: O->m: all/all, good" \ 1353 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1354 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1355 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1356 0 \ 1357 -s "found psk key exchange modes extension" \ 1358 -s "found pre_shared_key extension" \ 1359 -s "Found PSK_EPHEMERAL KEX MODE" \ 1360 -s "Found PSK KEX MODE" \ 1361 -s "Pre shared key found" \ 1362 -S "No usable PSK or ticket" \ 1363 -S "key exchange mode: psk$" \ 1364 -s "key exchange mode: psk_ephemeral" \ 1365 -S "key exchange mode: ephemeral" 1366 1367requires_openssl_tls1_3_with_compatible_ephemeral 1368requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1372run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ 1373 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1374 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1375 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1376 0 \ 1377 -s "found psk key exchange modes extension" \ 1378 -s "found pre_shared_key extension" \ 1379 -s "Found PSK_EPHEMERAL KEX MODE" \ 1380 -s "Found PSK KEX MODE" \ 1381 -s "No usable PSK or ticket" \ 1382 -S "key exchange mode: psk$" \ 1383 -S "key exchange mode: psk_ephemeral" \ 1384 -s "key exchange mode: ephemeral" 1385 1386requires_openssl_tls1_3_with_compatible_ephemeral 1387requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1391run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ 1392 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1393 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1394 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1395 1 \ 1396 -s "found psk key exchange modes extension" \ 1397 -s "found pre_shared_key extension" \ 1398 -s "Found PSK_EPHEMERAL KEX MODE" \ 1399 -s "Found PSK KEX MODE" \ 1400 -s "Invalid binder." \ 1401 -S "key exchange mode: psk$" \ 1402 -S "key exchange mode: psk_ephemeral" \ 1403 -S "key exchange mode: ephemeral" 1404 1405requires_openssl_tls1_3_with_compatible_ephemeral 1406requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1409run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ 1410 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1411 "$O_NEXT_CLI -tls1_3 -msg \ 1412 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1413 0 \ 1414 -s "found psk key exchange modes extension" \ 1415 -s "found pre_shared_key extension" \ 1416 -s "Found PSK_EPHEMERAL KEX MODE" \ 1417 -S "Found PSK KEX MODE" \ 1418 -s "No suitable PSK key exchange mode" \ 1419 -S "Pre shared key found" \ 1420 -s "No usable PSK or ticket" \ 1421 -S "key exchange mode: psk$" \ 1422 -S "key exchange mode: psk_ephemeral" \ 1423 -s "key exchange mode: ephemeral" 1424 1425requires_openssl_tls1_3_with_compatible_ephemeral 1426requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1429run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ 1430 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1431 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1432 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1433 0 \ 1434 -s "found psk key exchange modes extension" \ 1435 -s "found pre_shared_key extension" \ 1436 -s "Found PSK_EPHEMERAL KEX MODE" \ 1437 -s "Found PSK KEX MODE" \ 1438 -s "Pre shared key found" \ 1439 -S "No usable PSK or ticket" \ 1440 -S "key exchange mode: psk$" \ 1441 -S "key exchange mode: psk_ephemeral" \ 1442 -s "key exchange mode: ephemeral" 1443 1444requires_openssl_tls1_3_with_compatible_ephemeral 1445requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1448run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ 1449 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1450 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1451 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1452 1 \ 1453 -s "found psk key exchange modes extension" \ 1454 -s "found pre_shared_key extension" \ 1455 -s "Found PSK_EPHEMERAL KEX MODE" \ 1456 -s "Found PSK KEX MODE" \ 1457 -s "Invalid binder." \ 1458 -S "key exchange mode: psk$" \ 1459 -S "key exchange mode: psk_ephemeral" \ 1460 -S "key exchange mode: ephemeral" 1461 1462requires_openssl_tls1_3_with_compatible_ephemeral 1463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1465run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ 1466 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1467 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ 1468 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1469 0 \ 1470 -s "write selected_group: secp256r1" \ 1471 -S "key exchange mode: psk$" \ 1472 -s "key exchange mode: psk_ephemeral" \ 1473 -S "key exchange mode: ephemeral" 1474 1475requires_openssl_tls1_3_with_compatible_ephemeral 1476requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1478run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ 1479 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1480 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ 1481 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1482 0 \ 1483 -s "write selected_group: secp384r1" \ 1484 -S "key exchange mode: psk$" \ 1485 -s "key exchange mode: psk_ephemeral" \ 1486 -S "key exchange mode: ephemeral" 1487 1488requires_openssl_tls1_3_with_compatible_ephemeral 1489requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1491run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ 1492 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1493 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ 1494 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1495 0 \ 1496 -s "write selected_group: secp521r1" \ 1497 -S "key exchange mode: psk$" \ 1498 -s "key exchange mode: psk_ephemeral" \ 1499 -S "key exchange mode: ephemeral" 1500 1501requires_openssl_tls1_3_with_compatible_ephemeral 1502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1504run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ 1505 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1506 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ 1507 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1508 0 \ 1509 -s "write selected_group: x25519" \ 1510 -S "key exchange mode: psk$" \ 1511 -s "key exchange mode: psk_ephemeral" \ 1512 -S "key exchange mode: ephemeral" 1513 1514requires_openssl_tls1_3_with_compatible_ephemeral 1515requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1517run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ 1518 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1519 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ 1520 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1521 0 \ 1522 -s "write selected_group: x448" \ 1523 -S "key exchange mode: psk$" \ 1524 -s "key exchange mode: psk_ephemeral" \ 1525 -S "key exchange mode: ephemeral" 1526 1527requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1528requires_openssl_tls1_3_with_compatible_ephemeral 1529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1530run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1531 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1532 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ 1533 0 \ 1534 -s "write selected_group: secp384r1" \ 1535 -s "HRR selected_group: secp384r1" \ 1536 -S "key exchange mode: psk$" \ 1537 -s "key exchange mode: psk_ephemeral" \ 1538 -S "key exchange mode: ephemeral" 1539 1540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1541requires_gnutls_tls1_3 1542requires_gnutls_next_no_ticket 1543requires_gnutls_next_disable_tls13_compat 1544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1545requires_config_enabled PSA_WANT_ALG_ECDH 1546run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1547 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1548 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ 1549 0 \ 1550 -s "write selected_group: secp384r1" \ 1551 -s "HRR selected_group: secp384r1" \ 1552 -S "key exchange mode: psk$" \ 1553 -s "key exchange mode: psk_ephemeral" \ 1554 -S "key exchange mode: ephemeral" 1555 1556 1557# Add psk test cases for mbedtls client code 1558 1559# MbedTls->MbedTLS kinds of tls13_kex_modes 1560# PSK mode in client 1561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1562requires_config_enabled MBEDTLS_SSL_SRV_C 1563requires_config_enabled MBEDTLS_SSL_CLI_C 1564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1565run_test "TLS 1.3: m->m: psk/psk, good" \ 1566 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1567 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1568 0 \ 1569 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1570 -c "client hello, adding psk_key_exchange_modes extension" \ 1571 -c "client hello, adding PSK binder list" \ 1572 -c "Selected key exchange mode: psk$" \ 1573 -c "HTTP/1.0 200 OK" 1574 1575requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1576requires_config_enabled MBEDTLS_SSL_SRV_C 1577requires_config_enabled MBEDTLS_SSL_CLI_C 1578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1579run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ 1580 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1581 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1582 1 \ 1583 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1584 -c "client hello, adding psk_key_exchange_modes extension" \ 1585 -c "client hello, adding PSK binder list" \ 1586 -s "No usable PSK or ticket" 1587 1588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1589requires_config_enabled MBEDTLS_SSL_SRV_C 1590requires_config_enabled MBEDTLS_SSL_CLI_C 1591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1592run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ 1593 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1594 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1595 1 \ 1596 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1597 -c "client hello, adding psk_key_exchange_modes extension" \ 1598 -c "client hello, adding PSK binder list" \ 1599 -s "Invalid binder." 1600 1601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1602requires_config_enabled MBEDTLS_SSL_SRV_C 1603requires_config_enabled MBEDTLS_SSL_CLI_C 1604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1606run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ 1607 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1608 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1609 1 \ 1610 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1611 -c "client hello, adding psk_key_exchange_modes extension" \ 1612 -c "client hello, adding PSK binder list" \ 1613 -s "ClientHello message misses mandatory extensions." 1614 1615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1616requires_config_enabled MBEDTLS_SSL_SRV_C 1617requires_config_enabled MBEDTLS_SSL_CLI_C 1618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1619requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1620run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ 1621 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1622 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1623 1 \ 1624 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1625 -c "client hello, adding psk_key_exchange_modes extension" \ 1626 -c "client hello, adding PSK binder list" \ 1627 -s "ClientHello message misses mandatory extensions." 1628 1629requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1630requires_config_enabled MBEDTLS_SSL_SRV_C 1631requires_config_enabled MBEDTLS_SSL_CLI_C 1632requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1635run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ 1636 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1637 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1638 1 \ 1639 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1640 -c "client hello, adding psk_key_exchange_modes extension" \ 1641 -c "client hello, adding PSK binder list" \ 1642 -s "ClientHello message misses mandatory extensions." 1643 1644requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1645requires_config_enabled MBEDTLS_SSL_SRV_C 1646requires_config_enabled MBEDTLS_SSL_CLI_C 1647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1649run_test "TLS 1.3: m->m: psk/psk_all, good" \ 1650 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1651 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1652 0 \ 1653 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1654 -c "client hello, adding psk_key_exchange_modes extension" \ 1655 -c "client hello, adding PSK binder list" \ 1656 -c "Selected key exchange mode: psk$" \ 1657 -c "HTTP/1.0 200 OK" 1658 1659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1660requires_config_enabled MBEDTLS_SSL_SRV_C 1661requires_config_enabled MBEDTLS_SSL_CLI_C 1662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1664run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ 1665 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1666 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1667 1 \ 1668 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1669 -c "client hello, adding psk_key_exchange_modes extension" \ 1670 -c "client hello, adding PSK binder list" \ 1671 -s "No usable PSK or ticket" \ 1672 -s "ClientHello message misses mandatory extensions." 1673 1674requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1675requires_config_enabled MBEDTLS_SSL_SRV_C 1676requires_config_enabled MBEDTLS_SSL_CLI_C 1677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1679run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ 1680 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1681 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1682 1 \ 1683 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1684 -c "client hello, adding psk_key_exchange_modes extension" \ 1685 -c "client hello, adding PSK binder list" \ 1686 -s "Invalid binder." 1687 1688requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1689requires_config_enabled MBEDTLS_SSL_SRV_C 1690requires_config_enabled MBEDTLS_SSL_CLI_C 1691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1694run_test "TLS 1.3: m->m: psk/all, good" \ 1695 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1696 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1697 0 \ 1698 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1699 -c "client hello, adding psk_key_exchange_modes extension" \ 1700 -c "client hello, adding PSK binder list" \ 1701 -c "Selected key exchange mode: psk$" \ 1702 -c "HTTP/1.0 200 OK" 1703 1704requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1705requires_config_enabled MBEDTLS_SSL_SRV_C 1706requires_config_enabled MBEDTLS_SSL_CLI_C 1707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1710run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ 1711 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1712 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1713 1 \ 1714 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1715 -c "client hello, adding psk_key_exchange_modes extension" \ 1716 -c "client hello, adding PSK binder list" \ 1717 -s "No usable PSK or ticket" \ 1718 -s "ClientHello message misses mandatory extensions." 1719 1720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1721requires_config_enabled MBEDTLS_SSL_SRV_C 1722requires_config_enabled MBEDTLS_SSL_CLI_C 1723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1726run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ 1727 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1728 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1729 1 \ 1730 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1731 -c "client hello, adding psk_key_exchange_modes extension" \ 1732 -c "client hello, adding PSK binder list" \ 1733 -s "Invalid binder." 1734 1735# psk_ephemeral mode in client 1736requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1737requires_config_enabled MBEDTLS_SSL_SRV_C 1738requires_config_enabled MBEDTLS_SSL_CLI_C 1739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1741run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ 1742 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1743 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1744 1 \ 1745 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1746 -c "client hello, adding psk_key_exchange_modes extension" \ 1747 -c "client hello, adding PSK binder list" \ 1748 -s "ClientHello message misses mandatory extensions." 1749 1750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1751requires_config_enabled MBEDTLS_SSL_SRV_C 1752requires_config_enabled MBEDTLS_SSL_CLI_C 1753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1754run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ 1755 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1756 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1757 0 \ 1758 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1759 -c "client hello, adding psk_key_exchange_modes extension" \ 1760 -c "client hello, adding PSK binder list" \ 1761 -c "Selected key exchange mode: psk_ephemeral" \ 1762 -c "HTTP/1.0 200 OK" 1763 1764requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1765requires_config_enabled MBEDTLS_SSL_SRV_C 1766requires_config_enabled MBEDTLS_SSL_CLI_C 1767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1768run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ 1769 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1770 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1771 1 \ 1772 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1773 -c "client hello, adding psk_key_exchange_modes extension" \ 1774 -c "client hello, adding PSK binder list" \ 1775 -s "No usable PSK or ticket" \ 1776 -s "ClientHello message misses mandatory extensions." 1777 1778requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1779requires_config_enabled MBEDTLS_SSL_SRV_C 1780requires_config_enabled MBEDTLS_SSL_CLI_C 1781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1782run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ 1783 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1784 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1785 1 \ 1786 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1787 -c "client hello, adding psk_key_exchange_modes extension" \ 1788 -c "client hello, adding PSK binder list" \ 1789 -s "Invalid binder." 1790 1791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1792requires_config_enabled MBEDTLS_SSL_SRV_C 1793requires_config_enabled MBEDTLS_SSL_CLI_C 1794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1797run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ 1798 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1799 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1800 1 \ 1801 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1802 -c "client hello, adding psk_key_exchange_modes extension" \ 1803 -c "client hello, adding PSK binder list" 1804 1805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1806requires_config_enabled MBEDTLS_SSL_SRV_C 1807requires_config_enabled MBEDTLS_SSL_CLI_C 1808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1810run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ 1811 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1812 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1813 0 \ 1814 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1815 -c "client hello, adding psk_key_exchange_modes extension" \ 1816 -c "client hello, adding PSK binder list" \ 1817 -c "Selected key exchange mode: psk_ephemeral" \ 1818 -c "HTTP/1.0 200 OK" 1819 1820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1822requires_config_enabled MBEDTLS_SSL_SRV_C 1823requires_config_enabled MBEDTLS_SSL_CLI_C 1824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1826run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ 1827 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1828 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1829 1 \ 1830 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1831 -c "client hello, adding psk_key_exchange_modes extension" \ 1832 -c "client hello, adding PSK binder list" \ 1833 -s "No usable PSK or ticket" 1834 1835requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1836requires_config_enabled MBEDTLS_SSL_SRV_C 1837requires_config_enabled MBEDTLS_SSL_CLI_C 1838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1840run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ 1841 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1842 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1843 1 \ 1844 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1845 -c "client hello, adding psk_key_exchange_modes extension" \ 1846 -c "client hello, adding PSK binder list" \ 1847 -s "Invalid binder." 1848 1849requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1850requires_config_enabled MBEDTLS_SSL_SRV_C 1851requires_config_enabled MBEDTLS_SSL_CLI_C 1852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1854run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ 1855 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1856 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1857 0 \ 1858 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1859 -c "client hello, adding psk_key_exchange_modes extension" \ 1860 -c "client hello, adding PSK binder list" \ 1861 -c "Selected key exchange mode: psk_ephemeral" \ 1862 -c "HTTP/1.0 200 OK" 1863 1864requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1865requires_config_enabled MBEDTLS_SSL_SRV_C 1866requires_config_enabled MBEDTLS_SSL_CLI_C 1867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1869run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ 1870 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1871 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1872 1 \ 1873 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1874 -c "client hello, adding psk_key_exchange_modes extension" \ 1875 -c "client hello, adding PSK binder list" \ 1876 -s "No usable PSK or ticket" \ 1877 -s "ClientHello message misses mandatory extensions." 1878 1879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1880requires_config_enabled MBEDTLS_SSL_SRV_C 1881requires_config_enabled MBEDTLS_SSL_CLI_C 1882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1883requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1884run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ 1885 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1886 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1887 1 \ 1888 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1889 -c "client hello, adding psk_key_exchange_modes extension" \ 1890 -c "client hello, adding PSK binder list" \ 1891 -s "Invalid binder." 1892 1893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1894requires_config_enabled MBEDTLS_SSL_SRV_C 1895requires_config_enabled MBEDTLS_SSL_CLI_C 1896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1899run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ 1900 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1901 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1902 0 \ 1903 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1904 -c "client hello, adding psk_key_exchange_modes extension" \ 1905 -c "client hello, adding PSK binder list" \ 1906 -c "Selected key exchange mode: psk_ephemeral" \ 1907 -c "HTTP/1.0 200 OK" 1908 1909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1910requires_config_enabled MBEDTLS_SSL_SRV_C 1911requires_config_enabled MBEDTLS_SSL_CLI_C 1912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1915run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ 1916 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1917 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1918 1 \ 1919 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1920 -c "client hello, adding psk_key_exchange_modes extension" \ 1921 -c "client hello, adding PSK binder list" \ 1922 -s "No usable PSK or ticket" \ 1923 1924requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1925requires_config_enabled MBEDTLS_SSL_SRV_C 1926requires_config_enabled MBEDTLS_SSL_CLI_C 1927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1930run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ 1931 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1932 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1933 1 \ 1934 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1935 -c "client hello, adding psk_key_exchange_modes extension" \ 1936 -c "client hello, adding PSK binder list" \ 1937 -s "Invalid binder." 1938 1939# ephemeral mode in client 1940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1941requires_config_enabled MBEDTLS_SSL_SRV_C 1942requires_config_enabled MBEDTLS_SSL_CLI_C 1943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1945run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ 1946 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1947 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1948 1 \ 1949 -s "ClientHello message misses mandatory extensions." 1950 1951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1952requires_config_enabled MBEDTLS_SSL_SRV_C 1953requires_config_enabled MBEDTLS_SSL_CLI_C 1954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1956run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ 1957 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1958 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1959 1 \ 1960 -s "ClientHello message misses mandatory extensions." 1961 1962requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1963requires_config_enabled MBEDTLS_SSL_SRV_C 1964requires_config_enabled MBEDTLS_SSL_CLI_C 1965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1966run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ 1967 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1968 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1969 0 \ 1970 -c "Selected key exchange mode: ephemeral" \ 1971 -c "HTTP/1.0 200 OK" 1972 1973requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1974requires_config_enabled MBEDTLS_SSL_SRV_C 1975requires_config_enabled MBEDTLS_SSL_CLI_C 1976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1978run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ 1979 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1980 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1981 0 \ 1982 -c "Selected key exchange mode: ephemeral" \ 1983 -c "HTTP/1.0 200 OK" 1984 1985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1986requires_config_enabled MBEDTLS_SSL_SRV_C 1987requires_config_enabled MBEDTLS_SSL_CLI_C 1988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1991run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ 1992 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1993 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1994 1 \ 1995 -s "ClientHello message misses mandatory extensions." 1996 1997requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1998requires_config_enabled MBEDTLS_SSL_SRV_C 1999requires_config_enabled MBEDTLS_SSL_CLI_C 2000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2003run_test "TLS 1.3: m->m: ephemeral/all, good" \ 2004 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2005 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2006 0 \ 2007 -c "Selected key exchange mode: ephemeral" \ 2008 -c "HTTP/1.0 200 OK" 2009 2010# ephemeral_all mode in client 2011requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2012requires_config_enabled MBEDTLS_SSL_SRV_C 2013requires_config_enabled MBEDTLS_SSL_CLI_C 2014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2016requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2017run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ 2018 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2019 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2020 1 \ 2021 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2022 -c "client hello, adding psk_key_exchange_modes extension" \ 2023 -c "client hello, adding PSK binder list" \ 2024 -s "ClientHello message misses mandatory extensions." 2025 2026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2027requires_config_enabled MBEDTLS_SSL_SRV_C 2028requires_config_enabled MBEDTLS_SSL_CLI_C 2029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2031run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ 2032 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2033 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2034 0 \ 2035 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2036 -c "client hello, adding psk_key_exchange_modes extension" \ 2037 -c "client hello, adding PSK binder list" \ 2038 -c "Selected key exchange mode: psk_ephemeral" \ 2039 -c "HTTP/1.0 200 OK" 2040 2041requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2042requires_config_enabled MBEDTLS_SSL_SRV_C 2043requires_config_enabled MBEDTLS_SSL_CLI_C 2044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2046run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 2047 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2048 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2049 1 \ 2050 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2051 -c "client hello, adding psk_key_exchange_modes extension" \ 2052 -c "client hello, adding PSK binder list" \ 2053 -s "No usable PSK or ticket" 2054 2055requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2056requires_config_enabled MBEDTLS_SSL_SRV_C 2057requires_config_enabled MBEDTLS_SSL_CLI_C 2058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2060run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 2061 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2062 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2063 1 \ 2064 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2065 -c "client hello, adding psk_key_exchange_modes extension" \ 2066 -c "client hello, adding PSK binder list" \ 2067 -s "Invalid binder." 2068 2069requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2070requires_config_enabled MBEDTLS_SSL_SRV_C 2071requires_config_enabled MBEDTLS_SSL_CLI_C 2072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2074run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ 2075 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2076 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2077 0 \ 2078 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2079 -c "client hello, adding psk_key_exchange_modes extension" \ 2080 -c "client hello, adding PSK binder list" \ 2081 -s "key exchange mode: ephemeral" \ 2082 -c "Selected key exchange mode: ephemeral" \ 2083 -c "HTTP/1.0 200 OK" 2084 2085requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2086requires_config_enabled MBEDTLS_SSL_SRV_C 2087requires_config_enabled MBEDTLS_SSL_CLI_C 2088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2090run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ 2091 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2092 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2093 0 \ 2094 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2095 -c "client hello, adding psk_key_exchange_modes extension" \ 2096 -c "client hello, adding PSK binder list" \ 2097 -c "Selected key exchange mode: psk_ephemeral" \ 2098 -c "HTTP/1.0 200 OK" 2099 2100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2101requires_config_enabled MBEDTLS_SSL_SRV_C 2102requires_config_enabled MBEDTLS_SSL_CLI_C 2103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2105run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ 2106 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2107 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2108 0 \ 2109 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2110 -c "client hello, adding psk_key_exchange_modes extension" \ 2111 -c "client hello, adding PSK binder list" \ 2112 -s "No usable PSK or ticket" \ 2113 -s "key exchange mode: ephemeral" 2114 2115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2116requires_config_enabled MBEDTLS_SSL_SRV_C 2117requires_config_enabled MBEDTLS_SSL_CLI_C 2118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2120run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 2121 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2122 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2123 1 \ 2124 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2125 -c "client hello, adding psk_key_exchange_modes extension" \ 2126 -c "client hello, adding PSK binder list" \ 2127 -s "Invalid binder." 2128 2129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2130requires_config_enabled MBEDTLS_SSL_SRV_C 2131requires_config_enabled MBEDTLS_SSL_CLI_C 2132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2135run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ 2136 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2137 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2138 0 \ 2139 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2140 -c "client hello, adding psk_key_exchange_modes extension" \ 2141 -c "client hello, adding PSK binder list" \ 2142 -c "Selected key exchange mode: psk_ephemeral" \ 2143 -c "HTTP/1.0 200 OK" 2144 2145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2146requires_config_enabled MBEDTLS_SSL_SRV_C 2147requires_config_enabled MBEDTLS_SSL_CLI_C 2148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2149requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2151run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ 2152 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2153 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2154 1 \ 2155 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2156 -c "client hello, adding psk_key_exchange_modes extension" \ 2157 -c "client hello, adding PSK binder list" \ 2158 -s "No usable PSK or ticket" \ 2159 -s "ClientHello message misses mandatory extensions." 2160 2161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2162requires_config_enabled MBEDTLS_SSL_SRV_C 2163requires_config_enabled MBEDTLS_SSL_CLI_C 2164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2167run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ 2168 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2169 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2170 1 \ 2171 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2172 -c "client hello, adding psk_key_exchange_modes extension" \ 2173 -c "client hello, adding PSK binder list" \ 2174 -s "Invalid binder." 2175 2176requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2177requires_config_enabled MBEDTLS_SSL_SRV_C 2178requires_config_enabled MBEDTLS_SSL_CLI_C 2179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2182run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ 2183 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2184 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2185 0 \ 2186 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2187 -c "client hello, adding psk_key_exchange_modes extension" \ 2188 -c "client hello, adding PSK binder list" \ 2189 -c "Selected key exchange mode: psk_ephemeral" \ 2190 -c "HTTP/1.0 200 OK" 2191 2192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2193requires_config_enabled MBEDTLS_SSL_SRV_C 2194requires_config_enabled MBEDTLS_SSL_CLI_C 2195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2198run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ 2199 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2200 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2201 0 \ 2202 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2203 -c "client hello, adding psk_key_exchange_modes extension" \ 2204 -c "client hello, adding PSK binder list" \ 2205 -s "No usable PSK or ticket" \ 2206 -s "key exchange mode: ephemeral" 2207 2208requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2209requires_config_enabled MBEDTLS_SSL_SRV_C 2210requires_config_enabled MBEDTLS_SSL_CLI_C 2211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2212requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2214run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ 2215 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2216 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2217 1 \ 2218 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2219 -c "client hello, adding psk_key_exchange_modes extension" \ 2220 -c "client hello, adding PSK binder list" \ 2221 -s "Invalid binder." 2222 2223# psk_all mode in client 2224requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2225requires_config_enabled MBEDTLS_SSL_SRV_C 2226requires_config_enabled MBEDTLS_SSL_CLI_C 2227requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2229run_test "TLS 1.3: m->m: psk_all/psk, good" \ 2230 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2231 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2232 0 \ 2233 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2234 -c "client hello, adding psk_key_exchange_modes extension" \ 2235 -c "client hello, adding PSK binder list" \ 2236 -c "Selected key exchange mode: psk$" \ 2237 -c "HTTP/1.0 200 OK" 2238 2239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2240requires_config_enabled MBEDTLS_SSL_SRV_C 2241requires_config_enabled MBEDTLS_SSL_CLI_C 2242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2244run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ 2245 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2246 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2247 1 \ 2248 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2249 -c "client hello, adding psk_key_exchange_modes extension" \ 2250 -c "client hello, adding PSK binder list" \ 2251 -s "ClientHello message misses mandatory extensions." 2252 2253requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2254requires_config_enabled MBEDTLS_SSL_SRV_C 2255requires_config_enabled MBEDTLS_SSL_CLI_C 2256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2258run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ 2259 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2260 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2261 1 \ 2262 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2263 -c "client hello, adding psk_key_exchange_modes extension" \ 2264 -c "client hello, adding PSK binder list" \ 2265 -s "Invalid binder." 2266 2267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2268requires_config_enabled MBEDTLS_SSL_SRV_C 2269requires_config_enabled MBEDTLS_SSL_CLI_C 2270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2272run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ 2273 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2274 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2275 0 \ 2276 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2277 -c "client hello, adding psk_key_exchange_modes extension" \ 2278 -c "client hello, adding PSK binder list" \ 2279 -c "Selected key exchange mode: psk_ephemeral" \ 2280 -c "HTTP/1.0 200 OK" 2281 2282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2283requires_config_enabled MBEDTLS_SSL_SRV_C 2284requires_config_enabled MBEDTLS_SSL_CLI_C 2285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2287run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ 2288 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2289 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2290 1 \ 2291 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2292 -c "client hello, adding psk_key_exchange_modes extension" \ 2293 -c "client hello, adding PSK binder list" \ 2294 -s "No usable PSK or ticket" \ 2295 -s "ClientHello message misses mandatory extensions." 2296 2297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2298requires_config_enabled MBEDTLS_SSL_SRV_C 2299requires_config_enabled MBEDTLS_SSL_CLI_C 2300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2302run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ 2303 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2304 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2305 1 \ 2306 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2307 -c "client hello, adding psk_key_exchange_modes extension" \ 2308 -c "client hello, adding PSK binder list" \ 2309 -s "Invalid binder." 2310 2311requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2312requires_config_enabled MBEDTLS_SSL_SRV_C 2313requires_config_enabled MBEDTLS_SSL_CLI_C 2314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2317run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ 2318 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2319 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2320 1 \ 2321 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2322 -c "client hello, adding psk_key_exchange_modes extension" \ 2323 -c "client hello, adding PSK binder list" 2324 2325requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2326requires_config_enabled MBEDTLS_SSL_SRV_C 2327requires_config_enabled MBEDTLS_SSL_CLI_C 2328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2331run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ 2332 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2333 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2334 0 \ 2335 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2336 -c "client hello, adding psk_key_exchange_modes extension" \ 2337 -c "client hello, adding PSK binder list" \ 2338 -c "Selected key exchange mode: psk_ephemeral" \ 2339 -c "HTTP/1.0 200 OK" 2340 2341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2342requires_config_enabled MBEDTLS_SSL_SRV_C 2343requires_config_enabled MBEDTLS_SSL_CLI_C 2344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2347run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ 2348 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2349 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2350 1 \ 2351 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2352 -c "client hello, adding psk_key_exchange_modes extension" \ 2353 -c "client hello, adding PSK binder list" \ 2354 -s "No usable PSK or ticket" 2355 2356requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2357requires_config_enabled MBEDTLS_SSL_SRV_C 2358requires_config_enabled MBEDTLS_SSL_CLI_C 2359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2362run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ 2363 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2364 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2365 1 \ 2366 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2367 -c "client hello, adding psk_key_exchange_modes extension" \ 2368 -c "client hello, adding PSK binder list" \ 2369 -s "Invalid binder." 2370 2371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2372requires_config_enabled MBEDTLS_SSL_SRV_C 2373requires_config_enabled MBEDTLS_SSL_CLI_C 2374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2376run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ 2377 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2378 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2379 0 \ 2380 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2381 -c "client hello, adding psk_key_exchange_modes extension" \ 2382 -c "client hello, adding PSK binder list" \ 2383 -c "Selected key exchange mode: psk_ephemeral" \ 2384 -c "HTTP/1.0 200 OK" 2385 2386requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2387requires_config_enabled MBEDTLS_SSL_SRV_C 2388requires_config_enabled MBEDTLS_SSL_CLI_C 2389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2391run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ 2392 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2393 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2394 1 \ 2395 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2396 -c "client hello, adding psk_key_exchange_modes extension" \ 2397 -c "client hello, adding PSK binder list" \ 2398 -s "No usable PSK or ticket" \ 2399 -s "ClientHello message misses mandatory extensions." 2400 2401requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2402requires_config_enabled MBEDTLS_SSL_SRV_C 2403requires_config_enabled MBEDTLS_SSL_CLI_C 2404requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2406run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ 2407 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2408 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2409 1 \ 2410 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2411 -c "client hello, adding psk_key_exchange_modes extension" \ 2412 -c "client hello, adding PSK binder list" \ 2413 -s "Invalid binder." 2414 2415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2416requires_config_enabled MBEDTLS_SSL_SRV_C 2417requires_config_enabled MBEDTLS_SSL_CLI_C 2418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2421run_test "TLS 1.3: m->m: psk_all/all, good" \ 2422 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2423 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2424 0 \ 2425 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2426 -c "client hello, adding psk_key_exchange_modes extension" \ 2427 -c "client hello, adding PSK binder list" \ 2428 -c "Selected key exchange mode: psk_ephemeral" \ 2429 -c "HTTP/1.0 200 OK" 2430 2431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2432requires_config_enabled MBEDTLS_SSL_SRV_C 2433requires_config_enabled MBEDTLS_SSL_CLI_C 2434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2437run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ 2438 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2439 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2440 1 \ 2441 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2442 -c "client hello, adding psk_key_exchange_modes extension" \ 2443 -c "client hello, adding PSK binder list" \ 2444 -s "No usable PSK or ticket" 2445 2446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2447requires_config_enabled MBEDTLS_SSL_SRV_C 2448requires_config_enabled MBEDTLS_SSL_CLI_C 2449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2452run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ 2453 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2454 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2455 1 \ 2456 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2457 -c "client hello, adding psk_key_exchange_modes extension" \ 2458 -c "client hello, adding PSK binder list" \ 2459 -s "Invalid binder." 2460 2461# all mode in client 2462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2463requires_config_enabled MBEDTLS_SSL_SRV_C 2464requires_config_enabled MBEDTLS_SSL_CLI_C 2465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2468run_test "TLS 1.3: m->m: all/psk, good" \ 2469 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2470 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2471 0 \ 2472 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2473 -c "client hello, adding psk_key_exchange_modes extension" \ 2474 -c "client hello, adding PSK binder list" \ 2475 -c "Selected key exchange mode: psk$" \ 2476 -c "HTTP/1.0 200 OK" 2477 2478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2479requires_config_enabled MBEDTLS_SSL_SRV_C 2480requires_config_enabled MBEDTLS_SSL_CLI_C 2481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2484run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ 2485 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2486 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2487 1 \ 2488 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2489 -c "client hello, adding psk_key_exchange_modes extension" \ 2490 -c "client hello, adding PSK binder list" \ 2491 -s "No usable PSK or ticket" \ 2492 -s "ClientHello message misses mandatory extensions." 2493 2494requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2495requires_config_enabled MBEDTLS_SSL_SRV_C 2496requires_config_enabled MBEDTLS_SSL_CLI_C 2497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2498requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2500run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ 2501 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2502 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2503 1 \ 2504 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2505 -c "client hello, adding psk_key_exchange_modes extension" \ 2506 -c "client hello, adding PSK binder list" \ 2507 -s "Invalid binder." 2508 2509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2510requires_config_enabled MBEDTLS_SSL_SRV_C 2511requires_config_enabled MBEDTLS_SSL_CLI_C 2512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2515run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ 2516 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2517 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2518 0 \ 2519 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2520 -c "client hello, adding psk_key_exchange_modes extension" \ 2521 -c "client hello, adding PSK binder list" \ 2522 -c "Selected key exchange mode: psk_ephemeral" \ 2523 -c "HTTP/1.0 200 OK" 2524 2525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2526requires_config_enabled MBEDTLS_SSL_SRV_C 2527requires_config_enabled MBEDTLS_SSL_CLI_C 2528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2531run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ 2532 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2533 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2534 1 \ 2535 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2536 -c "client hello, adding psk_key_exchange_modes extension" \ 2537 -c "client hello, adding PSK binder list" \ 2538 -s "No usable PSK or ticket" \ 2539 -s "ClientHello message misses mandatory extensions." 2540 2541requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2542requires_config_enabled MBEDTLS_SSL_SRV_C 2543requires_config_enabled MBEDTLS_SSL_CLI_C 2544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2547run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ 2548 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2549 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2550 1 \ 2551 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2552 -c "client hello, adding psk_key_exchange_modes extension" \ 2553 -c "client hello, adding PSK binder list" \ 2554 -s "Invalid binder." 2555 2556requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2557requires_config_enabled MBEDTLS_SSL_SRV_C 2558requires_config_enabled MBEDTLS_SSL_CLI_C 2559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2562run_test "TLS 1.3: m->m: all/ephemeral, good" \ 2563 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2564 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2565 0 \ 2566 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2567 -c "client hello, adding psk_key_exchange_modes extension" \ 2568 -c "client hello, adding PSK binder list" \ 2569 -c "Selected key exchange mode: ephemeral" \ 2570 -c "HTTP/1.0 200 OK" 2571 2572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2573requires_config_enabled MBEDTLS_SSL_SRV_C 2574requires_config_enabled MBEDTLS_SSL_CLI_C 2575requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2578run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ 2579 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2580 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2581 0 \ 2582 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2583 -c "client hello, adding psk_key_exchange_modes extension" \ 2584 -c "client hello, adding PSK binder list" \ 2585 -c "Selected key exchange mode: psk_ephemeral" \ 2586 -c "HTTP/1.0 200 OK" 2587 2588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2589requires_config_enabled MBEDTLS_SSL_SRV_C 2590requires_config_enabled MBEDTLS_SSL_CLI_C 2591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2594run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ 2595 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2596 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2597 0 \ 2598 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2599 -c "client hello, adding psk_key_exchange_modes extension" \ 2600 -c "client hello, adding PSK binder list" \ 2601 -s "No usable PSK or ticket" \ 2602 -c "Selected key exchange mode: ephemeral" \ 2603 -c "HTTP/1.0 200 OK" 2604 2605requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2606requires_config_enabled MBEDTLS_SSL_SRV_C 2607requires_config_enabled MBEDTLS_SSL_CLI_C 2608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2609requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2611run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ 2612 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2613 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2614 1 \ 2615 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2616 -c "client hello, adding psk_key_exchange_modes extension" \ 2617 -c "client hello, adding PSK binder list" \ 2618 -s "Invalid binder." 2619 2620requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2621requires_config_enabled MBEDTLS_SSL_SRV_C 2622requires_config_enabled MBEDTLS_SSL_CLI_C 2623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2626run_test "TLS 1.3: m->m: all/psk_all, good" \ 2627 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2628 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2629 0 \ 2630 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2631 -c "client hello, adding psk_key_exchange_modes extension" \ 2632 -c "client hello, adding PSK binder list" \ 2633 -c "Selected key exchange mode: psk_ephemeral" \ 2634 -c "HTTP/1.0 200 OK" 2635 2636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2637requires_config_enabled MBEDTLS_SSL_SRV_C 2638requires_config_enabled MBEDTLS_SSL_CLI_C 2639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2642run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ 2643 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2644 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2645 1 \ 2646 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2647 -c "client hello, adding psk_key_exchange_modes extension" \ 2648 -c "client hello, adding PSK binder list" \ 2649 -s "No usable PSK or ticket" \ 2650 -s "ClientHello message misses mandatory extensions." 2651 2652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2653requires_config_enabled MBEDTLS_SSL_SRV_C 2654requires_config_enabled MBEDTLS_SSL_CLI_C 2655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2658run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ 2659 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2660 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2661 1 \ 2662 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2663 -c "client hello, adding psk_key_exchange_modes extension" \ 2664 -c "client hello, adding PSK binder list" \ 2665 -s "Invalid binder." 2666 2667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2668requires_config_enabled MBEDTLS_SSL_SRV_C 2669requires_config_enabled MBEDTLS_SSL_CLI_C 2670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2673run_test "TLS 1.3: m->m: all/all, good" \ 2674 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2675 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2676 0 \ 2677 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2678 -c "client hello, adding psk_key_exchange_modes extension" \ 2679 -c "client hello, adding PSK binder list" \ 2680 -c "Selected key exchange mode: psk_ephemeral" \ 2681 -c "HTTP/1.0 200 OK" 2682 2683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2684requires_config_enabled MBEDTLS_SSL_SRV_C 2685requires_config_enabled MBEDTLS_SSL_CLI_C 2686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2689run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ 2690 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2691 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2692 0 \ 2693 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2694 -c "client hello, adding psk_key_exchange_modes extension" \ 2695 -c "client hello, adding PSK binder list" \ 2696 -s "No usable PSK or ticket" \ 2697 -s "key exchange mode: ephemeral" 2698 2699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2700requires_config_enabled MBEDTLS_SSL_SRV_C 2701requires_config_enabled MBEDTLS_SSL_CLI_C 2702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2705run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ 2706 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2707 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2708 1 \ 2709 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2710 -c "client hello, adding psk_key_exchange_modes extension" \ 2711 -c "client hello, adding PSK binder list" \ 2712 -s "Invalid binder." 2713 2714#OPENSSL-SERVER psk mode 2715requires_openssl_tls1_3 2716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2718requires_config_enabled MBEDTLS_DEBUG_C 2719requires_config_enabled MBEDTLS_SSL_CLI_C 2720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2721run_test "TLS 1.3: m->O: psk/all, good" \ 2722 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2723 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2724 0 \ 2725 -c "=> write client hello" \ 2726 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2727 -c "client hello, adding psk_key_exchange_modes extension" \ 2728 -c "client hello, adding PSK binder list" \ 2729 -c "<= write client hello" \ 2730 -c "Selected key exchange mode: psk$" \ 2731 -c "HTTP/1.0 200 ok" 2732 2733requires_openssl_tls1_3 2734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2736requires_config_enabled MBEDTLS_DEBUG_C 2737requires_config_enabled MBEDTLS_SSL_CLI_C 2738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2739run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ 2740 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2741 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2742 1 \ 2743 -c "=> write client hello" \ 2744 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2745 -c "client hello, adding psk_key_exchange_modes extension" \ 2746 -c "client hello, adding PSK binder list" \ 2747 -c "<= write client hello" \ 2748 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2749 2750#OPENSSL-SERVER psk_all mode 2751requires_openssl_tls1_3_with_compatible_ephemeral 2752requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2754requires_config_enabled MBEDTLS_DEBUG_C 2755requires_config_enabled MBEDTLS_SSL_CLI_C 2756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2758run_test "TLS 1.3: m->O: psk_all/all, good" \ 2759 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2760 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2761 0 \ 2762 -c "=> write client hello" \ 2763 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2764 -c "client hello, adding psk_key_exchange_modes extension" \ 2765 -c "client hello, adding PSK binder list" \ 2766 -c "<= write client hello" \ 2767 -c "Selected key exchange mode: psk_ephemeral" \ 2768 -c "HTTP/1.0 200 ok" 2769 2770requires_openssl_tls1_3_with_compatible_ephemeral 2771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2773requires_config_enabled MBEDTLS_DEBUG_C 2774requires_config_enabled MBEDTLS_SSL_CLI_C 2775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2777run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ 2778 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2779 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2780 0 \ 2781 -c "=> write client hello" \ 2782 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2783 -c "client hello, adding psk_key_exchange_modes extension" \ 2784 -c "client hello, adding PSK binder list" \ 2785 -c "<= write client hello" \ 2786 -c "Selected key exchange mode: psk_ephemeral" \ 2787 -c "HTTP/1.0 200 ok" 2788 2789#OPENSSL-SERVER psk_ephemeral mode 2790requires_openssl_tls1_3_with_compatible_ephemeral 2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2793requires_config_enabled MBEDTLS_DEBUG_C 2794requires_config_enabled MBEDTLS_SSL_CLI_C 2795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2796run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ 2797 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2798 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2799 0 \ 2800 -c "=> write client hello" \ 2801 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2802 -c "client hello, adding psk_key_exchange_modes extension" \ 2803 -c "client hello, adding PSK binder list" \ 2804 -c "<= write client hello" \ 2805 -c "Selected key exchange mode: psk_ephemeral" \ 2806 -c "HTTP/1.0 200 ok" 2807 2808requires_openssl_tls1_3_with_compatible_ephemeral 2809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2811requires_config_enabled MBEDTLS_DEBUG_C 2812requires_config_enabled MBEDTLS_SSL_CLI_C 2813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2814run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ 2815 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2816 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2817 0 \ 2818 -c "=> write client hello" \ 2819 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2820 -c "client hello, adding psk_key_exchange_modes extension" \ 2821 -c "client hello, adding PSK binder list" \ 2822 -c "<= write client hello" \ 2823 -c "Selected key exchange mode: psk_ephemeral" \ 2824 -c "HTTP/1.0 200 ok" 2825 2826#OPENSSL-SERVER ephemeral mode 2827requires_openssl_tls1_3_with_compatible_ephemeral 2828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2830requires_config_enabled MBEDTLS_DEBUG_C 2831requires_config_enabled MBEDTLS_SSL_CLI_C 2832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2833run_test "TLS 1.3: m->O: ephemeral/all, good" \ 2834 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ 2835 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2836 0 \ 2837 -c "Selected key exchange mode: ephemeral" \ 2838 -c "HTTP/1.0 200 ok" 2839 2840requires_openssl_tls1_3_with_compatible_ephemeral 2841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2843requires_config_enabled MBEDTLS_DEBUG_C 2844requires_config_enabled MBEDTLS_SSL_CLI_C 2845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2846run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ 2847 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2848 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2849 0 \ 2850 -c "Selected key exchange mode: ephemeral" \ 2851 -c "HTTP/1.0 200 ok" 2852 2853#OPENSSL-SERVER ephemeral_all mode 2854requires_openssl_tls1_3_with_compatible_ephemeral 2855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2857requires_config_enabled MBEDTLS_DEBUG_C 2858requires_config_enabled MBEDTLS_SSL_CLI_C 2859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2861run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ 2862 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2863 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2864 0 \ 2865 -c "=> write client hello" \ 2866 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2867 -c "client hello, adding psk_key_exchange_modes extension" \ 2868 -c "client hello, adding PSK binder list" \ 2869 -c "Selected key exchange mode: psk_ephemeral" \ 2870 -c "<= write client hello" \ 2871 -c "HTTP/1.0 200 ok" 2872 2873requires_openssl_tls1_3_with_compatible_ephemeral 2874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2876requires_config_enabled MBEDTLS_DEBUG_C 2877requires_config_enabled MBEDTLS_SSL_CLI_C 2878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2880run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ 2881 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2882 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2883 0 \ 2884 -c "=> write client hello" \ 2885 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2886 -c "client hello, adding psk_key_exchange_modes extension" \ 2887 -c "client hello, adding PSK binder list" \ 2888 -c "Selected key exchange mode: psk_ephemeral" \ 2889 -c "<= write client hello" \ 2890 -c "HTTP/1.0 200 ok" 2891 2892#OPENSSL-SERVER all mode 2893requires_openssl_tls1_3_with_compatible_ephemeral 2894requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2896requires_config_enabled MBEDTLS_DEBUG_C 2897requires_config_enabled MBEDTLS_SSL_CLI_C 2898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2901run_test "TLS 1.3: m->O: all/all, good" \ 2902 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2903 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2904 0 \ 2905 -c "=> write client hello" \ 2906 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2907 -c "client hello, adding psk_key_exchange_modes extension" \ 2908 -c "client hello, adding PSK binder list" \ 2909 -c "Selected key exchange mode: psk_ephemeral" \ 2910 -c "<= write client hello" \ 2911 -c "HTTP/1.0 200 ok" 2912 2913requires_openssl_tls1_3_with_compatible_ephemeral 2914requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2916requires_config_enabled MBEDTLS_DEBUG_C 2917requires_config_enabled MBEDTLS_SSL_CLI_C 2918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2921run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ 2922 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2923 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2924 0 \ 2925 -c "=> write client hello" \ 2926 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2927 -c "client hello, adding psk_key_exchange_modes extension" \ 2928 -c "client hello, adding PSK binder list" \ 2929 -c "Selected key exchange mode: psk_ephemeral" \ 2930 -c "<= write client hello" \ 2931 -c "HTTP/1.0 200 ok" 2932 2933#GNUTLS-SERVER psk mode 2934requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2935requires_gnutls_tls1_3 2936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2937requires_config_enabled MBEDTLS_DEBUG_C 2938requires_config_enabled MBEDTLS_SSL_CLI_C 2939requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2940run_test "TLS 1.3: m->G: psk/all, good" \ 2941 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 2942 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2943 0 \ 2944 -c "=> write client hello" \ 2945 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2946 -c "client hello, adding psk_key_exchange_modes extension" \ 2947 -c "client hello, adding PSK binder list" \ 2948 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2949 -s "Parsing extension 'Pre Shared Key/41'" \ 2950 -c "<= write client hello" \ 2951 -c "Selected key exchange mode: psk$" \ 2952 -c "HTTP/1.0 200 OK" 2953 2954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2955requires_gnutls_tls1_3 2956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2957requires_config_enabled MBEDTLS_DEBUG_C 2958requires_config_enabled MBEDTLS_SSL_CLI_C 2959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2960run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ 2961 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 2962 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2963 1 \ 2964 -c "=> write client hello" \ 2965 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2966 -c "client hello, adding psk_key_exchange_modes extension" \ 2967 -c "client hello, adding PSK binder list" \ 2968 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2969 -s "Parsing extension 'Pre Shared Key/41'" \ 2970 -c "<= write client hello" \ 2971 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2972 2973#GNUTLS-SERVER psk_all mode 2974requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2975requires_gnutls_tls1_3 2976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2977requires_config_enabled MBEDTLS_DEBUG_C 2978requires_config_enabled MBEDTLS_SSL_CLI_C 2979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2981run_test "TLS 1.3: m->G: psk_all/all, good" \ 2982 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 2983 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2984 0 \ 2985 -c "=> write client hello" \ 2986 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2987 -c "client hello, adding psk_key_exchange_modes extension" \ 2988 -c "client hello, adding PSK binder list" \ 2989 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2990 -s "Parsing extension 'Pre Shared Key/41'" \ 2991 -c "<= write client hello" \ 2992 -c "Selected key exchange mode: psk_ephemeral" \ 2993 -c "HTTP/1.0 200 OK" 2994 2995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2996requires_gnutls_tls1_3 2997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2998requires_config_enabled MBEDTLS_DEBUG_C 2999requires_config_enabled MBEDTLS_SSL_CLI_C 3000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3002run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ 3003 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3004 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 3005 0 \ 3006 -c "=> write client hello" \ 3007 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3008 -c "client hello, adding psk_key_exchange_modes extension" \ 3009 -c "client hello, adding PSK binder list" \ 3010 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3011 -s "Parsing extension 'Pre Shared Key/41'" \ 3012 -c "<= write client hello" \ 3013 -c "Selected key exchange mode: psk_ephemeral" \ 3014 -c "HTTP/1.0 200 OK" 3015 3016#GNUTLS-SERVER psk_ephemeral mode 3017requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3018requires_gnutls_tls1_3 3019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3020requires_config_enabled MBEDTLS_DEBUG_C 3021requires_config_enabled MBEDTLS_SSL_CLI_C 3022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3023run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ 3024 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3025 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3026 0 \ 3027 -c "=> write client hello" \ 3028 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3029 -c "client hello, adding psk_key_exchange_modes extension" \ 3030 -c "client hello, adding PSK binder list" \ 3031 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3032 -s "Parsing extension 'Pre Shared Key/41'" \ 3033 -c "<= write client hello" \ 3034 -c "Selected key exchange mode: psk_ephemeral" \ 3035 -c "HTTP/1.0 200 OK" 3036 3037requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3038requires_gnutls_tls1_3 3039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3040requires_config_enabled MBEDTLS_DEBUG_C 3041requires_config_enabled MBEDTLS_SSL_CLI_C 3042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3043run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ 3044 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3045 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3046 0 \ 3047 -c "=> write client hello" \ 3048 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3049 -c "client hello, adding psk_key_exchange_modes extension" \ 3050 -c "client hello, adding PSK binder list" \ 3051 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3052 -s "Parsing extension 'Pre Shared Key/41'" \ 3053 -c "<= write client hello" \ 3054 -c "Selected key exchange mode: psk_ephemeral" \ 3055 -c "HTTP/1.0 200 OK" 3056 3057#GNUTLS-SERVER ephemeral mode 3058requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3059requires_gnutls_tls1_3 3060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3061requires_config_enabled MBEDTLS_DEBUG_C 3062requires_config_enabled MBEDTLS_SSL_CLI_C 3063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3064run_test "TLS 1.3: m->G: ephemeral/all, good" \ 3065 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3066 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3067 0 \ 3068 -c "Selected key exchange mode: ephemeral" \ 3069 -c "HTTP/1.0 200 OK" 3070 3071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3072requires_gnutls_tls1_3 3073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3074requires_config_enabled MBEDTLS_DEBUG_C 3075requires_config_enabled MBEDTLS_SSL_CLI_C 3076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3077run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ 3078 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3079 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3080 0 \ 3081 -c "Selected key exchange mode: ephemeral" \ 3082 -c "HTTP/1.0 200 OK" 3083 3084#GNUTLS-SERVER ephemeral_all mode 3085requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3086requires_gnutls_tls1_3 3087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3088requires_config_enabled MBEDTLS_DEBUG_C 3089requires_config_enabled MBEDTLS_SSL_CLI_C 3090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3092run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ 3093 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3094 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3095 0 \ 3096 -c "=> write client hello" \ 3097 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3098 -c "client hello, adding psk_key_exchange_modes extension" \ 3099 -c "client hello, adding PSK binder list" \ 3100 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3101 -s "Parsing extension 'Pre Shared Key/41'" \ 3102 -c "<= write client hello" \ 3103 -c "Selected key exchange mode: psk_ephemeral" \ 3104 -c "HTTP/1.0 200 OK" 3105 3106requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3107requires_gnutls_tls1_3 3108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3109requires_config_enabled MBEDTLS_DEBUG_C 3110requires_config_enabled MBEDTLS_SSL_CLI_C 3111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3113run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ 3114 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3115 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3116 0 \ 3117 -c "=> write client hello" \ 3118 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3119 -c "client hello, adding psk_key_exchange_modes extension" \ 3120 -c "client hello, adding PSK binder list" \ 3121 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3122 -s "Parsing extension 'Pre Shared Key/41'" \ 3123 -c "<= write client hello" \ 3124 -c "Selected key exchange mode: psk_ephemeral" \ 3125 -c "HTTP/1.0 200 OK" 3126 3127#GNUTLS-SERVER all mode 3128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3129requires_gnutls_tls1_3 3130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3131requires_config_enabled MBEDTLS_DEBUG_C 3132requires_config_enabled MBEDTLS_SSL_CLI_C 3133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3136run_test "TLS 1.3: m->G: all/all, good" \ 3137 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ 3138 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3139 0 \ 3140 -c "=> write client hello" \ 3141 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3142 -c "client hello, adding psk_key_exchange_modes extension" \ 3143 -c "client hello, adding PSK binder list" \ 3144 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3145 -s "Parsing extension 'Pre Shared Key/41'" \ 3146 -c "<= write client hello" \ 3147 -c "Selected key exchange mode: psk_ephemeral" \ 3148 -c "HTTP/1.0 200 OK" 3149 3150requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3151requires_gnutls_tls1_3 3152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3153requires_config_enabled MBEDTLS_DEBUG_C 3154requires_config_enabled MBEDTLS_SSL_CLI_C 3155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3158run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ 3159 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ 3160 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3161 0 \ 3162 -c "=> write client hello" \ 3163 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3164 -c "client hello, adding psk_key_exchange_modes extension" \ 3165 -c "client hello, adding PSK binder list" \ 3166 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3167 -s "Parsing extension 'Pre Shared Key/41'" \ 3168 -c "<= write client hello" \ 3169 -c "Selected key exchange mode: psk_ephemeral" \ 3170 -c "HTTP/1.0 200 OK" 3171