1#!/bin/sh 2 3# tls13-misc.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19# 20 21requires_gnutls_tls1_3 22requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 23requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 24requires_config_enabled MBEDTLS_SSL_SRV_C 25requires_config_enabled MBEDTLS_DEBUG_C 26requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 27 28run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 29 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 30 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 31 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 32 localhost" \ 33 1 \ 34 -s "found psk key exchange modes extension" \ 35 -s "found pre_shared_key extension" \ 36 -s "Found PSK_EPHEMERAL KEX MODE" \ 37 -s "Found PSK KEX MODE" \ 38 -s "No matched ciphersuite" 39 40requires_openssl_tls1_3 41requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 42requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 43requires_config_enabled MBEDTLS_SSL_SRV_C 44requires_config_enabled MBEDTLS_DEBUG_C 45requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 46 47run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 48 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 49 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 50 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 51 1 \ 52 -s "found psk key exchange modes extension" \ 53 -s "found pre_shared_key extension" \ 54 -s "Found PSK_EPHEMERAL KEX MODE" \ 55 -s "Found PSK KEX MODE" \ 56 -s "No matched ciphersuite" 57 58requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 59 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 60requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 61 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 62requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 63 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 64run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 65 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 66 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 67 0 \ 68 -c "Pre-configured PSK number = 2" \ 69 -s "sent selected_identity: 0" \ 70 -s "key exchange mode: psk_ephemeral" \ 71 -S "key exchange mode: psk$" \ 72 -S "key exchange mode: ephemeral$" \ 73 -S "ticket is not authentic" 74 75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 76 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 77requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 78 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 79requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 80 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 81run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 82 "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 83 "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 84 0 \ 85 -c "Pre-configured PSK number = 2" \ 86 -s "sent selected_identity: 1" \ 87 -s "key exchange mode: psk_ephemeral" \ 88 -S "key exchange mode: psk$" \ 89 -S "key exchange mode: ephemeral$" \ 90 -s "ticket is not authentic" 91 92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 93 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 94requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 95 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 96requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 97 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 98run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ 99 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ 100 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 101 0 \ 102 -c "Pre-configured PSK number = 1" \ 103 -S "sent selected_identity:" \ 104 -s "key exchange mode: ephemeral" \ 105 -S "key exchange mode: psk_ephemeral" \ 106 -S "key exchange mode: psk$" \ 107 -s "ticket is not authentic" \ 108 -S "ticket is expired" \ 109 -S "Invalid ticket start time" \ 110 -S "Ticket age exceeds limitation" \ 111 -S "Ticket age outside tolerance window" 112 113requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 114 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 115requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 116 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 117requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 118 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 119run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ 120 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ 121 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 122 0 \ 123 -c "Pre-configured PSK number = 1" \ 124 -S "sent selected_identity:" \ 125 -s "key exchange mode: ephemeral" \ 126 -S "key exchange mode: psk_ephemeral" \ 127 -S "key exchange mode: psk$" \ 128 -S "ticket is not authentic" \ 129 -s "ticket is expired" \ 130 -S "Invalid ticket start time" \ 131 -S "Ticket age exceeds limitation" \ 132 -S "Ticket age outside tolerance window" 133 134requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 135 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 136requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 137 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 138requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 139 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 140run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ 141 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ 142 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 143 0 \ 144 -c "Pre-configured PSK number = 1" \ 145 -S "sent selected_identity:" \ 146 -s "key exchange mode: ephemeral" \ 147 -S "key exchange mode: psk_ephemeral" \ 148 -S "key exchange mode: psk$" \ 149 -S "ticket is not authentic" \ 150 -S "ticket is expired" \ 151 -s "Invalid ticket start time" \ 152 -S "Ticket age exceeds limitation" \ 153 -S "Ticket age outside tolerance window" 154 155requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 156 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 157requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 158 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 159requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 160 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 161run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ 162 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ 163 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 164 0 \ 165 -c "Pre-configured PSK number = 1" \ 166 -S "sent selected_identity:" \ 167 -s "key exchange mode: ephemeral" \ 168 -S "key exchange mode: psk_ephemeral" \ 169 -S "key exchange mode: psk$" \ 170 -S "ticket is not authentic" \ 171 -S "ticket is expired" \ 172 -S "Invalid ticket start time" \ 173 -s "Ticket age exceeds limitation" \ 174 -S "Ticket age outside tolerance window" 175 176requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 177 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 178requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 179 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 180requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 181 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 182run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ 183 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ 184 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 185 0 \ 186 -c "Pre-configured PSK number = 1" \ 187 -S "sent selected_identity:" \ 188 -s "key exchange mode: ephemeral" \ 189 -S "key exchange mode: psk_ephemeral" \ 190 -S "key exchange mode: psk$" \ 191 -S "ticket is not authentic" \ 192 -S "ticket is expired" \ 193 -S "Invalid ticket start time" \ 194 -S "Ticket age exceeds limitation" \ 195 -s "Ticket age outside tolerance window" 196 197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 198 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME 199requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 200 MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 201requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 202 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 203run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ 204 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ 205 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 206 0 \ 207 -c "Pre-configured PSK number = 1" \ 208 -S "sent selected_identity:" \ 209 -s "key exchange mode: ephemeral" \ 210 -S "key exchange mode: psk_ephemeral" \ 211 -S "key exchange mode: psk$" \ 212 -S "ticket is not authentic" \ 213 -S "ticket is expired" \ 214 -S "Invalid ticket start time" \ 215 -S "Ticket age exceeds limitation" \ 216 -s "Ticket age outside tolerance window" 217 218requires_gnutls_tls1_3 219requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 221run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 222 "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 223 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 224 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 225 localhost" \ 226 1 \ 227 -s "found psk key exchange modes extension" \ 228 -s "found pre_shared_key extension" \ 229 -s "Found PSK_EPHEMERAL KEX MODE" \ 230 -S "Found PSK KEX MODE" \ 231 -S "key exchange mode: psk$" \ 232 -S "key exchange mode: psk_ephemeral" \ 233 -S "key exchange mode: ephemeral" 234 235requires_gnutls_tls1_3 236requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 237 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 238 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 239requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 240 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 241run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 242 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 243 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 244 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 245 localhost" \ 246 0 \ 247 -s "found psk key exchange modes extension" \ 248 -s "found pre_shared_key extension" \ 249 -s "Found PSK_EPHEMERAL KEX MODE" \ 250 -s "Found PSK KEX MODE" \ 251 -s "key exchange mode: psk$" 252 253requires_gnutls_tls1_3 254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 255 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 257requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 258 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 259run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 260 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 261 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 262 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 263 localhost" \ 264 0 \ 265 -s "found psk key exchange modes extension" \ 266 -s "found pre_shared_key extension" \ 267 -s "Found PSK_EPHEMERAL KEX MODE" \ 268 -s "Found PSK KEX MODE" \ 269 -s "key exchange mode: psk_ephemeral$" 270 271requires_gnutls_tls1_3 272requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 273 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 274 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 275requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 276 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 277run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 278 "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 279 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 280 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 281 localhost" \ 282 0 \ 283 -s "key exchange mode: ephemeral$" 284 285# skip the basic check now cause it will randomly trigger the anti-replay protection in gnutls_server 286# Add it back once we fix the issue 287skip_next_test 288requires_gnutls_tls1_3 289requires_config_enabled MBEDTLS_DEBUG_C 290requires_config_enabled MBEDTLS_SSL_CLI_C 291requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 292 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 293 MBEDTLS_SSL_EARLY_DATA 294requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 295 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 296run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ 297 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ 298 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 299 1 \ 300 -c "Reconnecting with saved session" \ 301 -c "NewSessionTicket: early_data(42) extension received." \ 302 -c "ClientHello: early_data(42) extension exists." \ 303 -c "EncryptedExtensions: early_data(42) extension received." \ 304 -c "EncryptedExtensions: early_data(42) extension exists." \ 305 -s "Parsing extension 'Early Data/42' (0 bytes)" \ 306 -s "Sending extension Early Data/42 (0 bytes)" \ 307 -s "early data accepted" 308 309requires_gnutls_tls1_3 310requires_config_enabled MBEDTLS_DEBUG_C 311requires_config_enabled MBEDTLS_SSL_CLI_C 312requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 313 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 314 MBEDTLS_SSL_EARLY_DATA 315requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 316 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 317run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ 318 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 319 "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 320 0 \ 321 -c "Reconnecting with saved session" \ 322 -C "NewSessionTicket: early_data(42) extension received." \ 323 -c "ClientHello: early_data(42) extension does not exist." \ 324 -C "EncryptedExtensions: early_data(42) extension received." \ 325 -C "EncryptedExtensions: early_data(42) extension exists." 326 327#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. 328skip_next_test 329requires_openssl_tls1_3 330requires_config_enabled MBEDTLS_DEBUG_C 331requires_config_enabled MBEDTLS_SSL_CLI_C 332requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 333 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 334 MBEDTLS_SSL_EARLY_DATA 335requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 336 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 337run_test "TLS 1.3, ext PSK, early data" \ 338 "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 339 "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ 340 1 \ 341 -c "Reconnecting with saved session" \ 342 -c "NewSessionTicket: early_data(42) extension received." \ 343 -c "ClientHello: early_data(42) extension exists." \ 344 -c "EncryptedExtensions: early_data(42) extension received." \ 345 -c "EncryptedExtensions: early_data(42) extension ( ignored )." 346 347
