1#!/bin/sh 2 3# tls13-kex-modes.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8 9# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by 10# scripts in future(#6280) 11 12requires_gnutls_tls1_3 13requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15run_test "TLS 1.3: G->m: all/psk, good" \ 16 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 17 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 18 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 19 localhost" \ 20 0 \ 21 -s "found psk key exchange modes extension" \ 22 -s "found pre_shared_key extension" \ 23 -s "Found PSK_EPHEMERAL KEX MODE" \ 24 -s "Found PSK KEX MODE" \ 25 -s "Pre shared key found" \ 26 -S "No usable PSK or ticket" \ 27 -s "key exchange mode: psk$" \ 28 -S "key exchange mode: psk_ephemeral" \ 29 -S "key exchange mode: ephemeral" 30 31requires_gnutls_tls1_3 32requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ 35 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 36 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 37 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 38 localhost" \ 39 1 \ 40 -s "found psk key exchange modes extension" \ 41 -s "found pre_shared_key extension" \ 42 -s "Found PSK_EPHEMERAL KEX MODE" \ 43 -s "Found PSK KEX MODE" \ 44 -s "No usable PSK or ticket" \ 45 -S "key exchange mode: psk$" \ 46 -S "key exchange mode: psk_ephemeral" \ 47 -S "key exchange mode: ephemeral" 48 49requires_gnutls_tls1_3 50requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 51requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 52run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ 53 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 54 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 55 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 56 localhost" \ 57 1 \ 58 -s "found psk key exchange modes extension" \ 59 -s "found pre_shared_key extension" \ 60 -s "Found PSK_EPHEMERAL KEX MODE" \ 61 -s "Found PSK KEX MODE" \ 62 -s "Invalid binder." \ 63 -S "key exchange mode: psk$" \ 64 -S "key exchange mode: psk_ephemeral" \ 65 -S "key exchange mode: ephemeral" 66 67requires_gnutls_tls1_3 68requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 69requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 70run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ 71 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 72 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 73 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 74 localhost" \ 75 0 \ 76 -s "found psk key exchange modes extension" \ 77 -s "found pre_shared_key extension" \ 78 -S "Found PSK_EPHEMERAL KEX MODE" \ 79 -s "Found PSK KEX MODE" \ 80 -s "Pre shared key found" \ 81 -S "No usable PSK or ticket" \ 82 -s "key exchange mode: psk$" \ 83 -S "key exchange mode: psk_ephemeral" \ 84 -S "key exchange mode: ephemeral" 85 86requires_gnutls_tls1_3 87requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 88requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 89run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ 90 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 91 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 92 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 93 localhost" \ 94 1 \ 95 -s "found psk key exchange modes extension" \ 96 -s "found pre_shared_key extension" \ 97 -S "Found PSK_EPHEMERAL KEX MODE" \ 98 -s "Found PSK KEX MODE" \ 99 -s "No usable PSK or ticket" \ 100 -S "key exchange mode: psk$" \ 101 -S "key exchange mode: psk_ephemeral" \ 102 -S "key exchange mode: ephemeral" 103 104requires_gnutls_tls1_3 105requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 107run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ 108 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 109 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 110 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 111 localhost" \ 112 1 \ 113 -s "found psk key exchange modes extension" \ 114 -s "found pre_shared_key extension" \ 115 -S "Found PSK_EPHEMERAL KEX MODE" \ 116 -s "Found PSK KEX MODE" \ 117 -s "Invalid binder." \ 118 -S "key exchange mode: psk$" \ 119 -S "key exchange mode: psk_ephemeral" \ 120 -S "key exchange mode: ephemeral" 121 122requires_gnutls_tls1_3 123requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 125run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ 126 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 127 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 128 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 129 localhost" \ 130 0 \ 131 -s "found psk key exchange modes extension" \ 132 -s "found pre_shared_key extension" \ 133 -s "Found PSK_EPHEMERAL KEX MODE" \ 134 -S "Found PSK KEX MODE" \ 135 -s "Pre shared key found" \ 136 -S "No usable PSK or ticket" \ 137 -S "key exchange mode: psk$" \ 138 -s "key exchange mode: psk_ephemeral" \ 139 -S "key exchange mode: ephemeral" 140 141requires_gnutls_tls1_3 142requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 144run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 145 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 146 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 147 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 148 localhost" \ 149 1 \ 150 -s "found psk key exchange modes extension" \ 151 -s "found pre_shared_key extension" \ 152 -s "Found PSK_EPHEMERAL KEX MODE" \ 153 -S "Found PSK KEX MODE" \ 154 -s "No usable PSK or ticket" \ 155 -S "key exchange mode: psk$" \ 156 -S "key exchange mode: psk_ephemeral" \ 157 -S "key exchange mode: ephemeral" 158 159requires_gnutls_tls1_3 160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 162run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 163 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 164 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 165 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 166 localhost" \ 167 1 \ 168 -s "found psk key exchange modes extension" \ 169 -s "found pre_shared_key extension" \ 170 -s "Found PSK_EPHEMERAL KEX MODE" \ 171 -S "Found PSK KEX MODE" \ 172 -s "Invalid binder." \ 173 -S "key exchange mode: psk$" \ 174 -S "key exchange mode: psk_ephemeral" \ 175 -S "key exchange mode: ephemeral" 176 177requires_gnutls_tls1_3 178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 180run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ 181 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 182 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 183 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 184 localhost" \ 185 0 \ 186 -s "found psk key exchange modes extension" \ 187 -s "found pre_shared_key extension" \ 188 -s "Found PSK_EPHEMERAL KEX MODE" \ 189 -s "Found PSK KEX MODE" \ 190 -s "Pre shared key found" \ 191 -S "No usable PSK or ticket" \ 192 -S "key exchange mode: psk$" \ 193 -s "key exchange mode: psk_ephemeral" \ 194 -S "key exchange mode: ephemeral" 195 196requires_gnutls_tls1_3 197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 199run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ 200 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 201 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 202 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 203 localhost" \ 204 1 \ 205 -s "found psk key exchange modes extension" \ 206 -s "found pre_shared_key extension" \ 207 -s "Found PSK_EPHEMERAL KEX MODE" \ 208 -s "Found PSK KEX MODE" \ 209 -s "No usable PSK or ticket" \ 210 -S "key exchange mode: psk$" \ 211 -S "key exchange mode: psk_ephemeral" \ 212 -S "key exchange mode: ephemeral" 213 214requires_gnutls_tls1_3 215requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 217run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ 218 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 219 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 220 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 221 localhost" \ 222 1 \ 223 -s "found psk key exchange modes extension" \ 224 -s "found pre_shared_key extension" \ 225 -s "Found PSK_EPHEMERAL KEX MODE" \ 226 -s "Found PSK KEX MODE" \ 227 -s "Invalid binder." \ 228 -S "key exchange mode: psk$" \ 229 -S "key exchange mode: psk_ephemeral" \ 230 -S "key exchange mode: ephemeral" 231 232requires_gnutls_tls1_3 233requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 235run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ 236 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 237 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 238 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 239 localhost" \ 240 1 \ 241 -s "found psk key exchange modes extension" \ 242 -s "found pre_shared_key extension" \ 243 -S "Found PSK_EPHEMERAL KEX MODE" \ 244 -s "Found PSK KEX MODE" \ 245 -S "key exchange mode: psk$" \ 246 -S "key exchange mode: psk_ephemeral" \ 247 -S "key exchange mode: ephemeral" 248 249requires_gnutls_tls1_3 250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 253run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ 254 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 255 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 256 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 257 localhost" \ 258 0 \ 259 -s "found psk key exchange modes extension" \ 260 -s "found pre_shared_key extension" \ 261 -s "Found PSK_EPHEMERAL KEX MODE" \ 262 -S "Found PSK KEX MODE" \ 263 -s "Pre shared key found" \ 264 -S "No usable PSK or ticket" \ 265 -S "key exchange mode: psk$" \ 266 -s "key exchange mode: psk_ephemeral" \ 267 -S "key exchange mode: ephemeral" 268 269requires_gnutls_tls1_3 270requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 273run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ 274 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 275 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 276 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 277 localhost" \ 278 1 \ 279 -s "found psk key exchange modes extension" \ 280 -s "found pre_shared_key extension" \ 281 -s "Found PSK_EPHEMERAL KEX MODE" \ 282 -S "Found PSK KEX MODE" \ 283 -s "No usable PSK or ticket" \ 284 -S "key exchange mode: psk$" \ 285 -S "key exchange mode: psk_ephemeral" \ 286 -S "key exchange mode: ephemeral" 287 288requires_gnutls_tls1_3 289requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 292run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ 293 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 294 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 295 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 296 localhost" \ 297 1 \ 298 -s "found psk key exchange modes extension" \ 299 -s "found pre_shared_key extension" \ 300 -s "Found PSK_EPHEMERAL KEX MODE" \ 301 -S "Found PSK KEX MODE" \ 302 -s "Invalid binder." \ 303 -S "key exchange mode: psk$" \ 304 -S "key exchange mode: psk_ephemeral" \ 305 -S "key exchange mode: ephemeral" 306 307requires_gnutls_tls1_3 308requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 311run_test "TLS 1.3: G->m: all/psk_all, good" \ 312 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 313 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 314 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 315 localhost" \ 316 0 \ 317 -s "found psk key exchange modes extension" \ 318 -s "found pre_shared_key extension" \ 319 -s "Found PSK_EPHEMERAL KEX MODE" \ 320 -s "Found PSK KEX MODE" \ 321 -s "Pre shared key found" \ 322 -S "No usable PSK or ticket" \ 323 -S "key exchange mode: psk$" \ 324 -s "key exchange mode: psk_ephemeral" \ 325 -S "key exchange mode: ephemeral" 326 327requires_gnutls_tls1_3 328requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 331run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ 332 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 333 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 334 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 335 localhost" \ 336 1 \ 337 -s "found psk key exchange modes extension" \ 338 -s "found pre_shared_key extension" \ 339 -s "Found PSK_EPHEMERAL KEX MODE" \ 340 -s "Found PSK KEX MODE" \ 341 -s "No usable PSK or ticket" \ 342 -S "key exchange mode: psk$" \ 343 -S "key exchange mode: psk_ephemeral" \ 344 -S "key exchange mode: ephemeral" 345 346requires_gnutls_tls1_3 347requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 350run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ 351 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 352 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 353 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 354 localhost" \ 355 1 \ 356 -s "found psk key exchange modes extension" \ 357 -s "found pre_shared_key extension" \ 358 -s "Found PSK_EPHEMERAL KEX MODE" \ 359 -s "Found PSK KEX MODE" \ 360 -s "Invalid binder." \ 361 -S "key exchange mode: psk$" \ 362 -S "key exchange mode: psk_ephemeral" \ 363 -S "key exchange mode: ephemeral" 364 365requires_gnutls_tls1_3 366requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 369run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ 370 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 371 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 372 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 373 localhost" \ 374 0 \ 375 -s "found psk key exchange modes extension" \ 376 -s "found pre_shared_key extension" \ 377 -S "Found PSK_EPHEMERAL KEX MODE" \ 378 -s "Found PSK KEX MODE" \ 379 -s "Pre shared key found" \ 380 -S "No usable PSK or ticket" \ 381 -s "key exchange mode: psk$" \ 382 -S "key exchange mode: psk_ephemeral" \ 383 -S "key exchange mode: ephemeral" 384 385requires_gnutls_tls1_3 386requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 389run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ 390 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 391 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 392 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 393 localhost" \ 394 1 \ 395 -s "found psk key exchange modes extension" \ 396 -s "found pre_shared_key extension" \ 397 -S "Found PSK_EPHEMERAL KEX MODE" \ 398 -s "Found PSK KEX MODE" \ 399 -s "No usable PSK or ticket" \ 400 -S "key exchange mode: psk$" \ 401 -S "key exchange mode: psk_ephemeral" \ 402 -S "key exchange mode: ephemeral" 403 404requires_gnutls_tls1_3 405requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 408run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ 409 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 410 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 411 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 412 localhost" \ 413 1 \ 414 -s "found psk key exchange modes extension" \ 415 -s "found pre_shared_key extension" \ 416 -S "Found PSK_EPHEMERAL KEX MODE" \ 417 -s "Found PSK KEX MODE" \ 418 -s "Invalid binder." \ 419 -S "key exchange mode: psk$" \ 420 -S "key exchange mode: psk_ephemeral" \ 421 -S "key exchange mode: ephemeral" 422 423requires_gnutls_tls1_3 424requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 427run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ 428 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 429 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 430 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 431 localhost" \ 432 0 \ 433 -s "found psk key exchange modes extension" \ 434 -s "found pre_shared_key extension" \ 435 -s "Found PSK_EPHEMERAL KEX MODE" \ 436 -S "Found PSK KEX MODE" \ 437 -s "Pre shared key found" \ 438 -S "No usable PSK or ticket" \ 439 -S "key exchange mode: psk$" \ 440 -s "key exchange mode: psk_ephemeral" \ 441 -S "key exchange mode: ephemeral" 442 443requires_gnutls_tls1_3 444requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 447run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 448 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 449 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 450 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 451 localhost" \ 452 0 \ 453 -s "found psk key exchange modes extension" \ 454 -s "found pre_shared_key extension" \ 455 -s "Found PSK_EPHEMERAL KEX MODE" \ 456 -S "Found PSK KEX MODE" \ 457 -s "No usable PSK or ticket" \ 458 -S "key exchange mode: psk$" \ 459 -S "key exchange mode: psk_ephemeral" \ 460 -s "key exchange mode: ephemeral" 461 462requires_gnutls_tls1_3 463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 466run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 467 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 468 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 469 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 470 localhost" \ 471 1 \ 472 -s "found psk key exchange modes extension" \ 473 -s "found pre_shared_key extension" \ 474 -s "Found PSK_EPHEMERAL KEX MODE" \ 475 -S "Found PSK KEX MODE" \ 476 -s "Invalid binder." \ 477 -S "key exchange mode: psk$" \ 478 -S "key exchange mode: psk_ephemeral" \ 479 -S "key exchange mode: ephemeral" 480 481requires_gnutls_tls1_3 482requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 485run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ 486 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 487 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 488 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 489 localhost" \ 490 0 \ 491 -s "found psk key exchange modes extension" \ 492 -s "found pre_shared_key extension" \ 493 -s "Found PSK_EPHEMERAL KEX MODE" \ 494 -s "Found PSK KEX MODE" \ 495 -s "Pre shared key found" \ 496 -S "No usable PSK or ticket" \ 497 -S "key exchange mode: psk$" \ 498 -s "key exchange mode: psk_ephemeral" \ 499 -S "key exchange mode: ephemeral" 500 501requires_gnutls_tls1_3 502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 505run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ 506 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 507 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 508 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 509 localhost" \ 510 0 \ 511 -s "found psk key exchange modes extension" \ 512 -s "found pre_shared_key extension" \ 513 -s "Found PSK_EPHEMERAL KEX MODE" \ 514 -s "Found PSK KEX MODE" \ 515 -s "No usable PSK or ticket" \ 516 -S "key exchange mode: psk$" \ 517 -S "key exchange mode: psk_ephemeral" \ 518 -s "key exchange mode: ephemeral" 519 520requires_gnutls_tls1_3 521requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 524run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ 525 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 526 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 527 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 528 localhost" \ 529 1 \ 530 -s "found psk key exchange modes extension" \ 531 -s "found pre_shared_key extension" \ 532 -s "Found PSK_EPHEMERAL KEX MODE" \ 533 -s "Found PSK KEX MODE" \ 534 -s "Invalid binder." \ 535 -S "key exchange mode: psk$" \ 536 -S "key exchange mode: psk_ephemeral" \ 537 -S "key exchange mode: ephemeral" 538 539requires_gnutls_tls1_3 540requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 543run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ 544 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 545 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 546 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 547 localhost" \ 548 0 \ 549 -s "found psk key exchange modes extension" \ 550 -s "found pre_shared_key extension" \ 551 -S "Found PSK_EPHEMERAL KEX MODE" \ 552 -s "Found PSK KEX MODE" \ 553 -s "No suitable PSK key exchange mode" \ 554 -S "Pre shared key found" \ 555 -s "No usable PSK or ticket" \ 556 -S "key exchange mode: psk$" \ 557 -S "key exchange mode: psk_ephemeral" \ 558 -s "key exchange mode: ephemeral" 559 560requires_gnutls_tls1_3 561requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 565run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ 566 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 567 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 568 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 569 localhost" \ 570 0 \ 571 -s "found psk key exchange modes extension" \ 572 -s "found pre_shared_key extension" \ 573 -s "Found PSK_EPHEMERAL KEX MODE" \ 574 -S "Found PSK KEX MODE" \ 575 -s "Pre shared key found" \ 576 -S "No usable PSK or ticket" \ 577 -S "key exchange mode: psk$" \ 578 -s "key exchange mode: psk_ephemeral" \ 579 -S "key exchange mode: ephemeral" 580 581requires_gnutls_tls1_3 582requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 586run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ 587 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 588 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 589 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 590 localhost" \ 591 0 \ 592 -s "found psk key exchange modes extension" \ 593 -s "found pre_shared_key extension" \ 594 -s "Found PSK_EPHEMERAL KEX MODE" \ 595 -S "Found PSK KEX MODE" \ 596 -s "No usable PSK or ticket" \ 597 -S "key exchange mode: psk$" \ 598 -S "key exchange mode: psk_ephemeral" \ 599 -s "key exchange mode: ephemeral" 600 601requires_gnutls_tls1_3 602requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 606run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ 607 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 608 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 609 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 610 localhost" \ 611 1 \ 612 -s "found psk key exchange modes extension" \ 613 -s "found pre_shared_key extension" \ 614 -s "Found PSK_EPHEMERAL KEX MODE" \ 615 -S "Found PSK KEX MODE" \ 616 -s "Invalid binder." \ 617 -S "key exchange mode: psk$" \ 618 -S "key exchange mode: psk_ephemeral" \ 619 -S "key exchange mode: ephemeral" 620 621requires_gnutls_tls1_3 622requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 626run_test "TLS 1.3: G->m: all/all, good" \ 627 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 628 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 629 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 630 localhost" \ 631 0 \ 632 -s "found psk key exchange modes extension" \ 633 -s "found pre_shared_key extension" \ 634 -s "Found PSK_EPHEMERAL KEX MODE" \ 635 -s "Found PSK KEX MODE" \ 636 -s "Pre shared key found" \ 637 -S "No usable PSK or ticket" \ 638 -S "key exchange mode: psk$" \ 639 -s "key exchange mode: psk_ephemeral" \ 640 -S "key exchange mode: ephemeral" 641 642requires_gnutls_tls1_3 643requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 647run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ 648 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 649 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 650 --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 651 localhost" \ 652 0 \ 653 -s "found psk key exchange modes extension" \ 654 -s "found pre_shared_key extension" \ 655 -s "Found PSK_EPHEMERAL KEX MODE" \ 656 -s "Found PSK KEX MODE" \ 657 -s "No usable PSK or ticket" \ 658 -S "key exchange mode: psk$" \ 659 -S "key exchange mode: psk_ephemeral" \ 660 -s "key exchange mode: ephemeral" 661 662requires_gnutls_tls1_3 663requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 667run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ 668 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 669 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 670 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 671 localhost" \ 672 1 \ 673 -s "found psk key exchange modes extension" \ 674 -s "found pre_shared_key extension" \ 675 -s "Found PSK_EPHEMERAL KEX MODE" \ 676 -s "Found PSK KEX MODE" \ 677 -s "Invalid binder." \ 678 -S "key exchange mode: psk$" \ 679 -S "key exchange mode: psk_ephemeral" \ 680 -S "key exchange mode: ephemeral" 681 682requires_gnutls_tls1_3 683requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 687run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ 688 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 689 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 690 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 691 localhost" \ 692 0 \ 693 -s "found psk key exchange modes extension" \ 694 -s "found pre_shared_key extension" \ 695 -S "Found PSK_EPHEMERAL KEX MODE" \ 696 -s "Found PSK KEX MODE" \ 697 -s "Pre shared key found" \ 698 -S "No usable PSK or ticket" \ 699 -S "key exchange mode: psk$" \ 700 -S "key exchange mode: psk_ephemeral" \ 701 -s "key exchange mode: ephemeral" 702 703requires_gnutls_tls1_3 704requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 708run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ 709 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 710 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 711 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 712 localhost" \ 713 1 \ 714 -s "found psk key exchange modes extension" \ 715 -s "found pre_shared_key extension" \ 716 -S "Found PSK_EPHEMERAL KEX MODE" \ 717 -s "Found PSK KEX MODE" \ 718 -s "Invalid binder." \ 719 -S "key exchange mode: psk$" \ 720 -S "key exchange mode: psk_ephemeral" \ 721 -S "key exchange mode: ephemeral" 722 723requires_gnutls_tls1_3 724requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 727run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ 728 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 729 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 730 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 731 localhost" \ 732 0 \ 733 -s "found psk key exchange modes extension" \ 734 -s "found pre_shared_key extension" \ 735 -s "Found PSK_EPHEMERAL KEX MODE" \ 736 -S "Found PSK KEX MODE" \ 737 -s "No suitable PSK key exchange mode" \ 738 -S "Pre shared key found" \ 739 -s "No usable PSK or ticket" \ 740 -S "key exchange mode: psk$" \ 741 -S "key exchange mode: psk_ephemeral" \ 742 -s "key exchange mode: ephemeral" 743 744requires_gnutls_tls1_3 745requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 747requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 748run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ 749 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 750 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 751 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 752 localhost" \ 753 0 \ 754 -s "found psk key exchange modes extension" \ 755 -s "found pre_shared_key extension" \ 756 -s "Found PSK_EPHEMERAL KEX MODE" \ 757 -s "Found PSK KEX MODE" \ 758 -s "Pre shared key found" \ 759 -S "No usable PSK or ticket" \ 760 -S "key exchange mode: psk$" \ 761 -S "key exchange mode: psk_ephemeral" \ 762 -s "key exchange mode: ephemeral" 763 764requires_gnutls_tls1_3 765requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 768run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ 769 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 770 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 771 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 772 localhost" \ 773 1 \ 774 -s "found psk key exchange modes extension" \ 775 -s "found pre_shared_key extension" \ 776 -s "Found PSK_EPHEMERAL KEX MODE" \ 777 -s "Found PSK KEX MODE" \ 778 -s "Invalid binder." \ 779 -S "key exchange mode: psk$" \ 780 -S "key exchange mode: psk_ephemeral" \ 781 -S "key exchange mode: ephemeral" 782 783requires_gnutls_tls1_3 784requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 787run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ 788 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 789 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 790 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 791 localhost" \ 792 0 \ 793 -s "found psk key exchange modes extension" \ 794 -s "found pre_shared_key extension" \ 795 -S "Found PSK_EPHEMERAL KEX MODE" \ 796 -s "Found PSK KEX MODE" \ 797 -s "Pre shared key found" \ 798 -S "No usable PSK or ticket" \ 799 -S "key exchange mode: psk$" \ 800 -S "key exchange mode: psk_ephemeral" \ 801 -s "key exchange mode: ephemeral" 802 803requires_gnutls_tls1_3 804requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 807run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ 808 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 809 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ 810 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ 811 localhost" \ 812 1 \ 813 -s "found psk key exchange modes extension" \ 814 -s "found pre_shared_key extension" \ 815 -S "Found PSK_EPHEMERAL KEX MODE" \ 816 -s "Found PSK KEX MODE" \ 817 -s "Invalid binder." \ 818 -S "key exchange mode: psk$" \ 819 -S "key exchange mode: psk_ephemeral" \ 820 -S "key exchange mode: ephemeral" 821 822requires_gnutls_tls1_3 823requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 825requires_config_enabled PSA_WANT_ALG_ECDH 826run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ 827 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 828 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ 829 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 830 localhost" \ 831 0 \ 832 -s "write selected_group: secp256r1" \ 833 -S "key exchange mode: psk$" \ 834 -s "key exchange mode: psk_ephemeral" \ 835 -S "key exchange mode: ephemeral" 836 837requires_gnutls_tls1_3 838requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 840requires_config_enabled PSA_WANT_ALG_ECDH 841run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ 842 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 843 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ 844 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 845 localhost" \ 846 0 \ 847 -s "write selected_group: secp384r1" \ 848 -S "key exchange mode: psk$" \ 849 -s "key exchange mode: psk_ephemeral" \ 850 -S "key exchange mode: ephemeral" 851 852requires_gnutls_tls1_3 853requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 855requires_config_enabled PSA_WANT_ALG_ECDH 856run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ 857 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 858 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ 859 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 860 localhost" \ 861 0 \ 862 -s "write selected_group: secp521r1" \ 863 -S "key exchange mode: psk$" \ 864 -s "key exchange mode: psk_ephemeral" \ 865 -S "key exchange mode: ephemeral" 866 867requires_gnutls_tls1_3 868requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 870requires_config_enabled PSA_WANT_ALG_ECDH 871run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ 872 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 873 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ 874 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 875 localhost" \ 876 0 \ 877 -s "write selected_group: x25519" \ 878 -S "key exchange mode: psk$" \ 879 -s "key exchange mode: psk_ephemeral" \ 880 -S "key exchange mode: ephemeral" 881 882requires_gnutls_tls1_3 883requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 885requires_config_enabled PSA_WANT_ALG_ECDH 886run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ 887 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 888 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ 889 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 890 localhost" \ 891 0 \ 892 -s "write selected_group: x448" \ 893 -S "key exchange mode: psk$" \ 894 -s "key exchange mode: psk_ephemeral" \ 895 -S "key exchange mode: ephemeral" 896 897requires_openssl_tls1_3 898requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 900run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ 901 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 902 "$O_NEXT_CLI -tls1_3 -msg \ 903 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 904 1 \ 905 -s "found psk key exchange modes extension" \ 906 -s "found pre_shared_key extension" \ 907 -s "Found PSK_EPHEMERAL KEX MODE" \ 908 -S "Found PSK KEX MODE" \ 909 -S "key exchange mode: psk$" \ 910 -S "key exchange mode: psk_ephemeral" \ 911 -S "key exchange mode: ephemeral" 912 913requires_openssl_tls1_3 914requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 915requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 916run_test "TLS 1.3: O->m: all/psk, good" \ 917 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 918 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 919 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 920 0 \ 921 -s "found psk key exchange modes extension" \ 922 -s "found pre_shared_key extension" \ 923 -s "Found PSK_EPHEMERAL KEX MODE" \ 924 -s "Found PSK KEX MODE" \ 925 -s "Pre shared key found" \ 926 -S "No usable PSK or ticket" \ 927 -s "key exchange mode: psk$" \ 928 -S "key exchange mode: psk_ephemeral" \ 929 -S "key exchange mode: ephemeral" 930 931requires_openssl_tls1_3 932requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 934run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ 935 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 936 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 937 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 938 1 \ 939 -s "found psk key exchange modes extension" \ 940 -s "found pre_shared_key extension" \ 941 -s "Found PSK_EPHEMERAL KEX MODE" \ 942 -s "Found PSK KEX MODE" \ 943 -s "No usable PSK or ticket" \ 944 -S "key exchange mode: psk$" \ 945 -S "key exchange mode: psk_ephemeral" \ 946 -S "key exchange mode: ephemeral" 947 948requires_openssl_tls1_3 949requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 951run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ 952 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 953 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 954 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 955 1 \ 956 -s "found psk key exchange modes extension" \ 957 -s "found pre_shared_key extension" \ 958 -s "Found PSK_EPHEMERAL KEX MODE" \ 959 -s "Found PSK KEX MODE" \ 960 -s "Invalid binder." \ 961 -S "key exchange mode: psk$" \ 962 -S "key exchange mode: psk_ephemeral" \ 963 -S "key exchange mode: ephemeral" 964 965requires_openssl_tls1_3_with_compatible_ephemeral 966requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 968run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ 969 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 970 "$O_NEXT_CLI -tls1_3 -msg \ 971 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 972 0 \ 973 -s "found psk key exchange modes extension" \ 974 -s "found pre_shared_key extension" \ 975 -s "Found PSK_EPHEMERAL KEX MODE" \ 976 -S "Found PSK KEX MODE" \ 977 -s "Pre shared key found" \ 978 -S "No usable PSK or ticket" \ 979 -S "key exchange mode: psk$" \ 980 -s "key exchange mode: psk_ephemeral" \ 981 -S "key exchange mode: ephemeral" 982 983requires_openssl_tls1_3_with_compatible_ephemeral 984requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 986run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 987 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 988 "$O_NEXT_CLI -tls1_3 -msg \ 989 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 990 1 \ 991 -s "found psk key exchange modes extension" \ 992 -s "found pre_shared_key extension" \ 993 -s "Found PSK_EPHEMERAL KEX MODE" \ 994 -S "Found PSK KEX MODE" \ 995 -s "No usable PSK or ticket" \ 996 -S "key exchange mode: psk$" \ 997 -S "key exchange mode: psk_ephemeral" \ 998 -S "key exchange mode: ephemeral" 999 1000requires_openssl_tls1_3_with_compatible_ephemeral 1001requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1003run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 1004 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1005 "$O_NEXT_CLI -tls1_3 -msg \ 1006 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1007 1 \ 1008 -s "found psk key exchange modes extension" \ 1009 -s "found pre_shared_key extension" \ 1010 -s "Found PSK_EPHEMERAL KEX MODE" \ 1011 -S "Found PSK KEX MODE" \ 1012 -s "Invalid binder." \ 1013 -S "key exchange mode: psk$" \ 1014 -S "key exchange mode: psk_ephemeral" \ 1015 -S "key exchange mode: ephemeral" 1016 1017requires_openssl_tls1_3_with_compatible_ephemeral 1018requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1020run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ 1021 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1022 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1023 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1024 0 \ 1025 -s "found psk key exchange modes extension" \ 1026 -s "found pre_shared_key extension" \ 1027 -s "Found PSK_EPHEMERAL KEX MODE" \ 1028 -s "Found PSK KEX MODE" \ 1029 -s "Pre shared key found" \ 1030 -S "No usable PSK or ticket" \ 1031 -S "key exchange mode: psk$" \ 1032 -s "key exchange mode: psk_ephemeral" \ 1033 -S "key exchange mode: ephemeral" 1034 1035requires_openssl_tls1_3_with_compatible_ephemeral 1036requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1038run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ 1039 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1040 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1041 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1042 1 \ 1043 -s "found psk key exchange modes extension" \ 1044 -s "found pre_shared_key extension" \ 1045 -s "Found PSK_EPHEMERAL KEX MODE" \ 1046 -s "Found PSK KEX MODE" \ 1047 -s "No usable PSK or ticket" \ 1048 -S "key exchange mode: psk$" \ 1049 -S "key exchange mode: psk_ephemeral" \ 1050 -S "key exchange mode: ephemeral" 1051 1052requires_openssl_tls1_3_with_compatible_ephemeral 1053requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1055run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ 1056 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1057 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1058 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1059 1 \ 1060 -s "found psk key exchange modes extension" \ 1061 -s "found pre_shared_key extension" \ 1062 -s "Found PSK_EPHEMERAL KEX MODE" \ 1063 -s "Found PSK KEX MODE" \ 1064 -s "Invalid binder." \ 1065 -S "key exchange mode: psk$" \ 1066 -S "key exchange mode: psk_ephemeral" \ 1067 -S "key exchange mode: ephemeral" 1068 1069requires_openssl_tls1_3_with_compatible_ephemeral 1070requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1073run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ 1074 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1075 "$O_NEXT_CLI -tls1_3 -msg \ 1076 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1077 0 \ 1078 -s "found psk key exchange modes extension" \ 1079 -s "found pre_shared_key extension" \ 1080 -s "Found PSK_EPHEMERAL KEX MODE" \ 1081 -S "Found PSK KEX MODE" \ 1082 -s "Pre shared key found" \ 1083 -S "No usable PSK or ticket" \ 1084 -S "key exchange mode: psk$" \ 1085 -s "key exchange mode: psk_ephemeral" \ 1086 -S "key exchange mode: ephemeral" 1087 1088requires_openssl_tls1_3_with_compatible_ephemeral 1089requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1092run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ 1093 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1094 "$O_NEXT_CLI -tls1_3 -msg \ 1095 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1096 1 \ 1097 -s "found psk key exchange modes extension" \ 1098 -s "found pre_shared_key extension" \ 1099 -s "Found PSK_EPHEMERAL KEX MODE" \ 1100 -S "Found PSK KEX MODE" \ 1101 -s "No usable PSK or ticket" \ 1102 -S "key exchange mode: psk$" \ 1103 -S "key exchange mode: psk_ephemeral" \ 1104 -S "key exchange mode: ephemeral" 1105 1106requires_openssl_tls1_3_with_compatible_ephemeral 1107requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1110run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ 1111 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1112 "$O_NEXT_CLI -tls1_3 -msg \ 1113 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1114 1 \ 1115 -s "found psk key exchange modes extension" \ 1116 -s "found pre_shared_key extension" \ 1117 -s "Found PSK_EPHEMERAL KEX MODE" \ 1118 -S "Found PSK KEX MODE" \ 1119 -s "Invalid binder." \ 1120 -S "key exchange mode: psk$" \ 1121 -S "key exchange mode: psk_ephemeral" \ 1122 -S "key exchange mode: ephemeral" 1123 1124requires_openssl_tls1_3_with_compatible_ephemeral 1125requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1128run_test "TLS 1.3: O->m: all/psk_all, good" \ 1129 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1130 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1131 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1132 0 \ 1133 -s "found psk key exchange modes extension" \ 1134 -s "found pre_shared_key extension" \ 1135 -s "Found PSK_EPHEMERAL KEX MODE" \ 1136 -s "Found PSK KEX MODE" \ 1137 -s "Pre shared key found" \ 1138 -S "No usable PSK or ticket" \ 1139 -S "key exchange mode: psk$" \ 1140 -s "key exchange mode: psk_ephemeral" \ 1141 -S "key exchange mode: ephemeral" 1142 1143requires_openssl_tls1_3_with_compatible_ephemeral 1144requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1147run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ 1148 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1149 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1150 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1151 1 \ 1152 -s "found psk key exchange modes extension" \ 1153 -s "found pre_shared_key extension" \ 1154 -s "Found PSK_EPHEMERAL KEX MODE" \ 1155 -s "Found PSK KEX MODE" \ 1156 -s "No usable PSK or ticket" \ 1157 -S "key exchange mode: psk$" \ 1158 -S "key exchange mode: psk_ephemeral" \ 1159 -S "key exchange mode: ephemeral" 1160 1161requires_openssl_tls1_3_with_compatible_ephemeral 1162requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1165run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ 1166 "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ 1167 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1168 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1169 1 \ 1170 -s "found psk key exchange modes extension" \ 1171 -s "found pre_shared_key extension" \ 1172 -s "Found PSK_EPHEMERAL KEX MODE" \ 1173 -s "Found PSK KEX MODE" \ 1174 -s "Invalid binder." \ 1175 -S "key exchange mode: psk$" \ 1176 -S "key exchange mode: psk_ephemeral" \ 1177 -S "key exchange mode: ephemeral" 1178 1179requires_openssl_tls1_3_with_compatible_ephemeral 1180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1183run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ 1184 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1185 "$O_NEXT_CLI -tls1_3 -msg \ 1186 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1187 0 \ 1188 -s "found psk key exchange modes extension" \ 1189 -s "found pre_shared_key extension" \ 1190 -s "Found PSK_EPHEMERAL KEX MODE" \ 1191 -S "Found PSK KEX MODE" \ 1192 -s "Pre shared key found" \ 1193 -S "No usable PSK or ticket" \ 1194 -S "key exchange mode: psk$" \ 1195 -s "key exchange mode: psk_ephemeral" \ 1196 -S "key exchange mode: ephemeral" 1197 1198requires_openssl_tls1_3_with_compatible_ephemeral 1199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1202run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ 1203 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1204 "$O_NEXT_CLI -tls1_3 -msg \ 1205 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1206 0 \ 1207 -s "found psk key exchange modes extension" \ 1208 -s "found pre_shared_key extension" \ 1209 -s "Found PSK_EPHEMERAL KEX MODE" \ 1210 -S "Found PSK KEX MODE" \ 1211 -s "No usable PSK or ticket" \ 1212 -S "key exchange mode: psk$" \ 1213 -S "key exchange mode: psk_ephemeral" \ 1214 -s "key exchange mode: ephemeral" 1215 1216requires_openssl_tls1_3_with_compatible_ephemeral 1217requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1220run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 1221 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1222 "$O_NEXT_CLI -tls1_3 -msg \ 1223 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1224 1 \ 1225 -s "found psk key exchange modes extension" \ 1226 -s "found pre_shared_key extension" \ 1227 -s "Found PSK_EPHEMERAL KEX MODE" \ 1228 -S "Found PSK KEX MODE" \ 1229 -s "Invalid binder." \ 1230 -S "key exchange mode: psk$" \ 1231 -S "key exchange mode: psk_ephemeral" \ 1232 -S "key exchange mode: ephemeral" 1233 1234requires_openssl_tls1_3_with_compatible_ephemeral 1235requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1238run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ 1239 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1240 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1241 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1242 0 \ 1243 -s "found psk key exchange modes extension" \ 1244 -s "found pre_shared_key extension" \ 1245 -s "Found PSK_EPHEMERAL KEX MODE" \ 1246 -s "Found PSK KEX MODE" \ 1247 -s "Pre shared key found" \ 1248 -S "No usable PSK or ticket" \ 1249 -S "key exchange mode: psk$" \ 1250 -s "key exchange mode: psk_ephemeral" \ 1251 -S "key exchange mode: ephemeral" 1252 1253requires_openssl_tls1_3_with_compatible_ephemeral 1254requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1257run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ 1258 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1259 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1260 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1261 0 \ 1262 -s "found psk key exchange modes extension" \ 1263 -s "found pre_shared_key extension" \ 1264 -s "Found PSK_EPHEMERAL KEX MODE" \ 1265 -s "Found PSK KEX MODE" \ 1266 -s "No usable PSK or ticket" \ 1267 -S "key exchange mode: psk$" \ 1268 -S "key exchange mode: psk_ephemeral" \ 1269 -s "key exchange mode: ephemeral" 1270 1271requires_openssl_tls1_3_with_compatible_ephemeral 1272requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1275run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ 1276 "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ 1277 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1278 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1279 1 \ 1280 -s "found psk key exchange modes extension" \ 1281 -s "found pre_shared_key extension" \ 1282 -s "Found PSK_EPHEMERAL KEX MODE" \ 1283 -s "Found PSK KEX MODE" \ 1284 -s "Invalid binder." \ 1285 -S "key exchange mode: psk$" \ 1286 -S "key exchange mode: psk_ephemeral" \ 1287 -S "key exchange mode: ephemeral" 1288 1289requires_openssl_tls1_3_with_compatible_ephemeral 1290requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1294run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ 1295 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1296 "$O_NEXT_CLI -tls1_3 -msg \ 1297 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1298 0 \ 1299 -s "found psk key exchange modes extension" \ 1300 -s "found pre_shared_key extension" \ 1301 -s "Found PSK_EPHEMERAL KEX MODE" \ 1302 -S "Found PSK KEX MODE" \ 1303 -s "Pre shared key found" \ 1304 -S "No usable PSK or ticket" \ 1305 -S "key exchange mode: psk$" \ 1306 -s "key exchange mode: psk_ephemeral" \ 1307 -S "key exchange mode: ephemeral" 1308 1309requires_openssl_tls1_3_with_compatible_ephemeral 1310requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1314run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ 1315 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1316 "$O_NEXT_CLI -tls1_3 -msg \ 1317 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1318 0 \ 1319 -s "found psk key exchange modes extension" \ 1320 -s "found pre_shared_key extension" \ 1321 -s "Found PSK_EPHEMERAL KEX MODE" \ 1322 -S "Found PSK KEX MODE" \ 1323 -s "No usable PSK or ticket" \ 1324 -S "key exchange mode: psk$" \ 1325 -S "key exchange mode: psk_ephemeral" \ 1326 -s "key exchange mode: ephemeral" 1327 1328requires_openssl_tls1_3_with_compatible_ephemeral 1329requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1333run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ 1334 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1335 "$O_NEXT_CLI -tls1_3 -msg \ 1336 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1337 1 \ 1338 -s "found psk key exchange modes extension" \ 1339 -s "found pre_shared_key extension" \ 1340 -s "Found PSK_EPHEMERAL KEX MODE" \ 1341 -S "Found PSK KEX MODE" \ 1342 -s "Invalid binder." \ 1343 -S "key exchange mode: psk$" \ 1344 -S "key exchange mode: psk_ephemeral" \ 1345 -S "key exchange mode: ephemeral" 1346 1347requires_openssl_tls1_3_with_compatible_ephemeral 1348requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1352run_test "TLS 1.3: O->m: all/all, good" \ 1353 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1354 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1355 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1356 0 \ 1357 -s "found psk key exchange modes extension" \ 1358 -s "found pre_shared_key extension" \ 1359 -s "Found PSK_EPHEMERAL KEX MODE" \ 1360 -s "Found PSK KEX MODE" \ 1361 -s "Pre shared key found" \ 1362 -S "No usable PSK or ticket" \ 1363 -S "key exchange mode: psk$" \ 1364 -s "key exchange mode: psk_ephemeral" \ 1365 -S "key exchange mode: ephemeral" 1366 1367requires_openssl_tls1_3_with_compatible_ephemeral 1368requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1372run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ 1373 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1374 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1375 -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1376 0 \ 1377 -s "found psk key exchange modes extension" \ 1378 -s "found pre_shared_key extension" \ 1379 -s "Found PSK_EPHEMERAL KEX MODE" \ 1380 -s "Found PSK KEX MODE" \ 1381 -s "No usable PSK or ticket" \ 1382 -S "key exchange mode: psk$" \ 1383 -S "key exchange mode: psk_ephemeral" \ 1384 -s "key exchange mode: ephemeral" 1385 1386requires_openssl_tls1_3_with_compatible_ephemeral 1387requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1391run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ 1392 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 1393 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1394 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1395 1 \ 1396 -s "found psk key exchange modes extension" \ 1397 -s "found pre_shared_key extension" \ 1398 -s "Found PSK_EPHEMERAL KEX MODE" \ 1399 -s "Found PSK KEX MODE" \ 1400 -s "Invalid binder." \ 1401 -S "key exchange mode: psk$" \ 1402 -S "key exchange mode: psk_ephemeral" \ 1403 -S "key exchange mode: ephemeral" 1404 1405requires_openssl_tls1_3_with_compatible_ephemeral 1406requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1409run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ 1410 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1411 "$O_NEXT_CLI -tls1_3 -msg \ 1412 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1413 0 \ 1414 -s "found psk key exchange modes extension" \ 1415 -s "found pre_shared_key extension" \ 1416 -s "Found PSK_EPHEMERAL KEX MODE" \ 1417 -S "Found PSK KEX MODE" \ 1418 -s "No suitable PSK key exchange mode" \ 1419 -S "Pre shared key found" \ 1420 -s "No usable PSK or ticket" \ 1421 -S "key exchange mode: psk$" \ 1422 -S "key exchange mode: psk_ephemeral" \ 1423 -s "key exchange mode: ephemeral" 1424 1425requires_openssl_tls1_3_with_compatible_ephemeral 1426requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1429run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ 1430 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1431 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1432 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1433 0 \ 1434 -s "found psk key exchange modes extension" \ 1435 -s "found pre_shared_key extension" \ 1436 -s "Found PSK_EPHEMERAL KEX MODE" \ 1437 -s "Found PSK KEX MODE" \ 1438 -s "Pre shared key found" \ 1439 -S "No usable PSK or ticket" \ 1440 -S "key exchange mode: psk$" \ 1441 -S "key exchange mode: psk_ephemeral" \ 1442 -s "key exchange mode: ephemeral" 1443 1444requires_openssl_tls1_3_with_compatible_ephemeral 1445requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 1446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1448run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ 1449 "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ 1450 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ 1451 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ 1452 1 \ 1453 -s "found psk key exchange modes extension" \ 1454 -s "found pre_shared_key extension" \ 1455 -s "Found PSK_EPHEMERAL KEX MODE" \ 1456 -s "Found PSK KEX MODE" \ 1457 -s "Invalid binder." \ 1458 -S "key exchange mode: psk$" \ 1459 -S "key exchange mode: psk_ephemeral" \ 1460 -S "key exchange mode: ephemeral" 1461 1462requires_openssl_tls1_3_with_compatible_ephemeral 1463requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1464 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1465 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1466 PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256 1467run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ 1468 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1469 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ 1470 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1471 0 \ 1472 -s "write selected_group: secp256r1" \ 1473 -S "key exchange mode: psk$" \ 1474 -s "key exchange mode: psk_ephemeral" \ 1475 -S "key exchange mode: ephemeral" 1476 1477requires_openssl_tls1_3_with_compatible_ephemeral 1478requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1479 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1480 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1481 PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 1482run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ 1483 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1484 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ 1485 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1486 0 \ 1487 -s "write selected_group: secp384r1" \ 1488 -S "key exchange mode: psk$" \ 1489 -s "key exchange mode: psk_ephemeral" \ 1490 -S "key exchange mode: ephemeral" 1491 1492requires_openssl_tls1_3_with_compatible_ephemeral 1493requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1494 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1495 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1496 PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521 1497run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ 1498 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1499 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ 1500 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1501 0 \ 1502 -s "write selected_group: secp521r1" \ 1503 -S "key exchange mode: psk$" \ 1504 -s "key exchange mode: psk_ephemeral" \ 1505 -S "key exchange mode: ephemeral" 1506 1507requires_openssl_tls1_3_with_compatible_ephemeral 1508requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1509 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1510 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1511 PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255 1512run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ 1513 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1514 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ 1515 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1516 0 \ 1517 -s "write selected_group: x25519" \ 1518 -S "key exchange mode: psk$" \ 1519 -s "key exchange mode: psk_ephemeral" \ 1520 -S "key exchange mode: ephemeral" 1521 1522requires_openssl_tls1_3_with_compatible_ephemeral 1523requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1524 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1525 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1526 PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448 1527run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ 1528 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ 1529 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ 1530 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 1531 0 \ 1532 -s "write selected_group: x448" \ 1533 -S "key exchange mode: psk$" \ 1534 -s "key exchange mode: psk_ephemeral" \ 1535 -S "key exchange mode: ephemeral" 1536 1537requires_openssl_tls1_3_with_compatible_ephemeral 1538requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1539 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1540 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1541 PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 1542run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1543 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1544 "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ 1545 0 \ 1546 -s "write selected_group: secp384r1" \ 1547 -s "HRR selected_group: secp384r1" \ 1548 -S "key exchange mode: psk$" \ 1549 -s "key exchange mode: psk_ephemeral" \ 1550 -S "key exchange mode: ephemeral" 1551 1552requires_gnutls_tls1_3 1553requires_gnutls_next_no_ticket 1554requires_gnutls_next_disable_tls13_compat 1555requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1556 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1557 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1558 PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 1559run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ 1560 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ 1561 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ 1562 0 \ 1563 -s "write selected_group: secp384r1" \ 1564 -s "HRR selected_group: secp384r1" \ 1565 -S "key exchange mode: psk$" \ 1566 -s "key exchange mode: psk_ephemeral" \ 1567 -S "key exchange mode: ephemeral" 1568 1569 1570# Add psk test cases for mbedtls client code 1571 1572# MbedTls->MbedTLS kinds of tls13_kex_modes 1573# PSK mode in client 1574requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1575requires_config_enabled MBEDTLS_SSL_SRV_C 1576requires_config_enabled MBEDTLS_SSL_CLI_C 1577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1578run_test "TLS 1.3: m->m: psk/psk, good" \ 1579 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1580 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1581 0 \ 1582 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1583 -c "client hello, adding psk_key_exchange_modes extension" \ 1584 -c "client hello, adding PSK binder list" \ 1585 -c "Selected key exchange mode: psk$" \ 1586 -c "HTTP/1.0 200 OK" 1587 1588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1589requires_config_enabled MBEDTLS_SSL_SRV_C 1590requires_config_enabled MBEDTLS_SSL_CLI_C 1591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1592run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ 1593 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1594 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1595 1 \ 1596 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1597 -c "client hello, adding psk_key_exchange_modes extension" \ 1598 -c "client hello, adding PSK binder list" \ 1599 -s "No usable PSK or ticket" 1600 1601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1602requires_config_enabled MBEDTLS_SSL_SRV_C 1603requires_config_enabled MBEDTLS_SSL_CLI_C 1604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1605run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ 1606 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1607 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1608 1 \ 1609 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1610 -c "client hello, adding psk_key_exchange_modes extension" \ 1611 -c "client hello, adding PSK binder list" \ 1612 -s "Invalid binder." 1613 1614requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1615requires_config_enabled MBEDTLS_SSL_SRV_C 1616requires_config_enabled MBEDTLS_SSL_CLI_C 1617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1619run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ 1620 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1621 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1622 1 \ 1623 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1624 -c "client hello, adding psk_key_exchange_modes extension" \ 1625 -c "client hello, adding PSK binder list" \ 1626 -s "ClientHello message misses mandatory extensions." 1627 1628requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1629requires_config_enabled MBEDTLS_SSL_SRV_C 1630requires_config_enabled MBEDTLS_SSL_CLI_C 1631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1632requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1633run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ 1634 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1635 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1636 1 \ 1637 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1638 -c "client hello, adding psk_key_exchange_modes extension" \ 1639 -c "client hello, adding PSK binder list" \ 1640 -s "ClientHello message misses mandatory extensions." 1641 1642requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1643requires_config_enabled MBEDTLS_SSL_SRV_C 1644requires_config_enabled MBEDTLS_SSL_CLI_C 1645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1648run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ 1649 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1650 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1651 1 \ 1652 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1653 -c "client hello, adding psk_key_exchange_modes extension" \ 1654 -c "client hello, adding PSK binder list" \ 1655 -s "ClientHello message misses mandatory extensions." 1656 1657requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1658requires_config_enabled MBEDTLS_SSL_SRV_C 1659requires_config_enabled MBEDTLS_SSL_CLI_C 1660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1662run_test "TLS 1.3: m->m: psk/psk_all, good" \ 1663 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1664 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1665 0 \ 1666 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1667 -c "client hello, adding psk_key_exchange_modes extension" \ 1668 -c "client hello, adding PSK binder list" \ 1669 -c "Selected key exchange mode: psk$" \ 1670 -c "HTTP/1.0 200 OK" 1671 1672requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1673requires_config_enabled MBEDTLS_SSL_SRV_C 1674requires_config_enabled MBEDTLS_SSL_CLI_C 1675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1676requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1677run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ 1678 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1679 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1680 1 \ 1681 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1682 -c "client hello, adding psk_key_exchange_modes extension" \ 1683 -c "client hello, adding PSK binder list" \ 1684 -s "No usable PSK or ticket" \ 1685 -s "ClientHello message misses mandatory extensions." 1686 1687requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1688requires_config_enabled MBEDTLS_SSL_SRV_C 1689requires_config_enabled MBEDTLS_SSL_CLI_C 1690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1692run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ 1693 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1694 "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1695 1 \ 1696 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1697 -c "client hello, adding psk_key_exchange_modes extension" \ 1698 -c "client hello, adding PSK binder list" \ 1699 -s "Invalid binder." 1700 1701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1702requires_config_enabled MBEDTLS_SSL_SRV_C 1703requires_config_enabled MBEDTLS_SSL_CLI_C 1704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1707run_test "TLS 1.3: m->m: psk/all, good" \ 1708 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1709 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1710 0 \ 1711 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1712 -c "client hello, adding psk_key_exchange_modes extension" \ 1713 -c "client hello, adding PSK binder list" \ 1714 -c "Selected key exchange mode: psk$" \ 1715 -c "HTTP/1.0 200 OK" 1716 1717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1718requires_config_enabled MBEDTLS_SSL_SRV_C 1719requires_config_enabled MBEDTLS_SSL_CLI_C 1720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1723run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ 1724 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1725 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ 1726 1 \ 1727 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1728 -c "client hello, adding psk_key_exchange_modes extension" \ 1729 -c "client hello, adding PSK binder list" \ 1730 -s "No usable PSK or ticket" \ 1731 -s "ClientHello message misses mandatory extensions." 1732 1733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1734requires_config_enabled MBEDTLS_SSL_SRV_C 1735requires_config_enabled MBEDTLS_SSL_CLI_C 1736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1739run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ 1740 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1741 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ 1742 1 \ 1743 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1744 -c "client hello, adding psk_key_exchange_modes extension" \ 1745 -c "client hello, adding PSK binder list" \ 1746 -s "Invalid binder." 1747 1748# psk_ephemeral mode in client 1749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1750requires_config_enabled MBEDTLS_SSL_SRV_C 1751requires_config_enabled MBEDTLS_SSL_CLI_C 1752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1754run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ 1755 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1756 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1757 1 \ 1758 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1759 -c "client hello, adding psk_key_exchange_modes extension" \ 1760 -c "client hello, adding PSK binder list" \ 1761 -s "ClientHello message misses mandatory extensions." 1762 1763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1764requires_config_enabled MBEDTLS_SSL_SRV_C 1765requires_config_enabled MBEDTLS_SSL_CLI_C 1766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1767run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ 1768 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1769 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1770 0 \ 1771 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1772 -c "client hello, adding psk_key_exchange_modes extension" \ 1773 -c "client hello, adding PSK binder list" \ 1774 -c "Selected key exchange mode: psk_ephemeral" \ 1775 -c "HTTP/1.0 200 OK" 1776 1777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1778requires_config_enabled MBEDTLS_SSL_SRV_C 1779requires_config_enabled MBEDTLS_SSL_CLI_C 1780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1781run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ 1782 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1783 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1784 1 \ 1785 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1786 -c "client hello, adding psk_key_exchange_modes extension" \ 1787 -c "client hello, adding PSK binder list" \ 1788 -s "No usable PSK or ticket" \ 1789 -s "ClientHello message misses mandatory extensions." 1790 1791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1792requires_config_enabled MBEDTLS_SSL_SRV_C 1793requires_config_enabled MBEDTLS_SSL_CLI_C 1794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1795run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ 1796 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1797 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1798 1 \ 1799 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1800 -c "client hello, adding psk_key_exchange_modes extension" \ 1801 -c "client hello, adding PSK binder list" \ 1802 -s "Invalid binder." 1803 1804requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1805requires_config_enabled MBEDTLS_SSL_SRV_C 1806requires_config_enabled MBEDTLS_SSL_CLI_C 1807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1810run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ 1811 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1812 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1813 1 \ 1814 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1815 -c "client hello, adding psk_key_exchange_modes extension" \ 1816 -c "client hello, adding PSK binder list" 1817 1818requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1819requires_config_enabled MBEDTLS_SSL_SRV_C 1820requires_config_enabled MBEDTLS_SSL_CLI_C 1821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1823run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ 1824 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1825 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1826 0 \ 1827 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1828 -c "client hello, adding psk_key_exchange_modes extension" \ 1829 -c "client hello, adding PSK binder list" \ 1830 -c "Selected key exchange mode: psk_ephemeral" \ 1831 -c "HTTP/1.0 200 OK" 1832 1833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 1835requires_config_enabled MBEDTLS_SSL_SRV_C 1836requires_config_enabled MBEDTLS_SSL_CLI_C 1837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1839run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ 1840 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1841 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1842 1 \ 1843 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1844 -c "client hello, adding psk_key_exchange_modes extension" \ 1845 -c "client hello, adding PSK binder list" \ 1846 -s "No usable PSK or ticket" 1847 1848requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1849requires_config_enabled MBEDTLS_SSL_SRV_C 1850requires_config_enabled MBEDTLS_SSL_CLI_C 1851requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1853run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ 1854 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1855 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ 1856 1 \ 1857 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1858 -c "client hello, adding psk_key_exchange_modes extension" \ 1859 -c "client hello, adding PSK binder list" \ 1860 -s "Invalid binder." 1861 1862requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1863requires_config_enabled MBEDTLS_SSL_SRV_C 1864requires_config_enabled MBEDTLS_SSL_CLI_C 1865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1867run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ 1868 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1869 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1870 0 \ 1871 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1872 -c "client hello, adding psk_key_exchange_modes extension" \ 1873 -c "client hello, adding PSK binder list" \ 1874 -c "Selected key exchange mode: psk_ephemeral" \ 1875 -c "HTTP/1.0 200 OK" 1876 1877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1878requires_config_enabled MBEDTLS_SSL_SRV_C 1879requires_config_enabled MBEDTLS_SSL_CLI_C 1880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1882run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ 1883 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1884 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1885 1 \ 1886 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1887 -c "client hello, adding psk_key_exchange_modes extension" \ 1888 -c "client hello, adding PSK binder list" \ 1889 -s "No usable PSK or ticket" \ 1890 -s "ClientHello message misses mandatory extensions." 1891 1892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1893requires_config_enabled MBEDTLS_SSL_SRV_C 1894requires_config_enabled MBEDTLS_SSL_CLI_C 1895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1897run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ 1898 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 1899 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1900 1 \ 1901 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1902 -c "client hello, adding psk_key_exchange_modes extension" \ 1903 -c "client hello, adding PSK binder list" \ 1904 -s "Invalid binder." 1905 1906requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1907requires_config_enabled MBEDTLS_SSL_SRV_C 1908requires_config_enabled MBEDTLS_SSL_CLI_C 1909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1912run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ 1913 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1914 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1915 0 \ 1916 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1917 -c "client hello, adding psk_key_exchange_modes extension" \ 1918 -c "client hello, adding PSK binder list" \ 1919 -c "Selected key exchange mode: psk_ephemeral" \ 1920 -c "HTTP/1.0 200 OK" 1921 1922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1923requires_config_enabled MBEDTLS_SSL_SRV_C 1924requires_config_enabled MBEDTLS_SSL_CLI_C 1925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1926requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1928run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ 1929 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1930 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ 1931 1 \ 1932 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1933 -c "client hello, adding psk_key_exchange_modes extension" \ 1934 -c "client hello, adding PSK binder list" \ 1935 -s "No usable PSK or ticket" \ 1936 1937requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1938requires_config_enabled MBEDTLS_SSL_SRV_C 1939requires_config_enabled MBEDTLS_SSL_CLI_C 1940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1942requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1943run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ 1944 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 1945 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1946 1 \ 1947 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 1948 -c "client hello, adding psk_key_exchange_modes extension" \ 1949 -c "client hello, adding PSK binder list" \ 1950 -s "Invalid binder." 1951 1952# ephemeral mode in client 1953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1954requires_config_enabled MBEDTLS_SSL_SRV_C 1955requires_config_enabled MBEDTLS_SSL_CLI_C 1956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1958run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ 1959 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 1960 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1961 1 \ 1962 -s "ClientHello message misses mandatory extensions." 1963 1964requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1965requires_config_enabled MBEDTLS_SSL_SRV_C 1966requires_config_enabled MBEDTLS_SSL_CLI_C 1967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1969run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ 1970 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 1971 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1972 1 \ 1973 -s "ClientHello message misses mandatory extensions." 1974 1975requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1976requires_config_enabled MBEDTLS_SSL_SRV_C 1977requires_config_enabled MBEDTLS_SSL_CLI_C 1978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1979run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ 1980 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1981 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1982 0 \ 1983 -c "Selected key exchange mode: ephemeral" \ 1984 -c "HTTP/1.0 200 OK" 1985 1986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1987requires_config_enabled MBEDTLS_SSL_SRV_C 1988requires_config_enabled MBEDTLS_SSL_CLI_C 1989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1991run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ 1992 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 1993 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 1994 0 \ 1995 -c "Selected key exchange mode: ephemeral" \ 1996 -c "HTTP/1.0 200 OK" 1997 1998requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1999requires_config_enabled MBEDTLS_SSL_SRV_C 2000requires_config_enabled MBEDTLS_SSL_CLI_C 2001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2004run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ 2005 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2006 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2007 1 \ 2008 -s "ClientHello message misses mandatory extensions." 2009 2010requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2011requires_config_enabled MBEDTLS_SSL_SRV_C 2012requires_config_enabled MBEDTLS_SSL_CLI_C 2013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2016run_test "TLS 1.3: m->m: ephemeral/all, good" \ 2017 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2018 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2019 0 \ 2020 -c "Selected key exchange mode: ephemeral" \ 2021 -c "HTTP/1.0 200 OK" 2022 2023# ephemeral_all mode in client 2024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2025requires_config_enabled MBEDTLS_SSL_SRV_C 2026requires_config_enabled MBEDTLS_SSL_CLI_C 2027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2030run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ 2031 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2032 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2033 1 \ 2034 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2035 -c "client hello, adding psk_key_exchange_modes extension" \ 2036 -c "client hello, adding PSK binder list" \ 2037 -s "ClientHello message misses mandatory extensions." 2038 2039requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2040requires_config_enabled MBEDTLS_SSL_SRV_C 2041requires_config_enabled MBEDTLS_SSL_CLI_C 2042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2043requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2044run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ 2045 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2046 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2047 0 \ 2048 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2049 -c "client hello, adding psk_key_exchange_modes extension" \ 2050 -c "client hello, adding PSK binder list" \ 2051 -c "Selected key exchange mode: psk_ephemeral" \ 2052 -c "HTTP/1.0 200 OK" 2053 2054requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2055requires_config_enabled MBEDTLS_SSL_SRV_C 2056requires_config_enabled MBEDTLS_SSL_CLI_C 2057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2059run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ 2060 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2061 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2062 1 \ 2063 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2064 -c "client hello, adding psk_key_exchange_modes extension" \ 2065 -c "client hello, adding PSK binder list" \ 2066 -s "No usable PSK or ticket" 2067 2068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2069requires_config_enabled MBEDTLS_SSL_SRV_C 2070requires_config_enabled MBEDTLS_SSL_CLI_C 2071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2073run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ 2074 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2075 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2076 1 \ 2077 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2078 -c "client hello, adding psk_key_exchange_modes extension" \ 2079 -c "client hello, adding PSK binder list" \ 2080 -s "Invalid binder." 2081 2082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2083requires_config_enabled MBEDTLS_SSL_SRV_C 2084requires_config_enabled MBEDTLS_SSL_CLI_C 2085requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2087run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ 2088 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2089 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2090 0 \ 2091 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2092 -c "client hello, adding psk_key_exchange_modes extension" \ 2093 -c "client hello, adding PSK binder list" \ 2094 -s "key exchange mode: ephemeral" \ 2095 -c "Selected key exchange mode: ephemeral" \ 2096 -c "HTTP/1.0 200 OK" 2097 2098requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2099requires_config_enabled MBEDTLS_SSL_SRV_C 2100requires_config_enabled MBEDTLS_SSL_CLI_C 2101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2103run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ 2104 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2105 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2106 0 \ 2107 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2108 -c "client hello, adding psk_key_exchange_modes extension" \ 2109 -c "client hello, adding PSK binder list" \ 2110 -c "Selected key exchange mode: psk_ephemeral" \ 2111 -c "HTTP/1.0 200 OK" 2112 2113requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2114requires_config_enabled MBEDTLS_SSL_SRV_C 2115requires_config_enabled MBEDTLS_SSL_CLI_C 2116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2118run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ 2119 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2120 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2121 0 \ 2122 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2123 -c "client hello, adding psk_key_exchange_modes extension" \ 2124 -c "client hello, adding PSK binder list" \ 2125 -s "No usable PSK or ticket" \ 2126 -s "key exchange mode: ephemeral" 2127 2128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2129requires_config_enabled MBEDTLS_SSL_SRV_C 2130requires_config_enabled MBEDTLS_SSL_CLI_C 2131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2133run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ 2134 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2135 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2136 1 \ 2137 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2138 -c "client hello, adding psk_key_exchange_modes extension" \ 2139 -c "client hello, adding PSK binder list" \ 2140 -s "Invalid binder." 2141 2142requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2143requires_config_enabled MBEDTLS_SSL_SRV_C 2144requires_config_enabled MBEDTLS_SSL_CLI_C 2145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2148run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ 2149 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2150 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2151 0 \ 2152 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2153 -c "client hello, adding psk_key_exchange_modes extension" \ 2154 -c "client hello, adding PSK binder list" \ 2155 -c "Selected key exchange mode: psk_ephemeral" \ 2156 -c "HTTP/1.0 200 OK" 2157 2158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2159requires_config_enabled MBEDTLS_SSL_SRV_C 2160requires_config_enabled MBEDTLS_SSL_CLI_C 2161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2164run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ 2165 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2166 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2167 1 \ 2168 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2169 -c "client hello, adding psk_key_exchange_modes extension" \ 2170 -c "client hello, adding PSK binder list" \ 2171 -s "No usable PSK or ticket" \ 2172 -s "ClientHello message misses mandatory extensions." 2173 2174requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2175requires_config_enabled MBEDTLS_SSL_SRV_C 2176requires_config_enabled MBEDTLS_SSL_CLI_C 2177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2180run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ 2181 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2182 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2183 1 \ 2184 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2185 -c "client hello, adding psk_key_exchange_modes extension" \ 2186 -c "client hello, adding PSK binder list" \ 2187 -s "Invalid binder." 2188 2189requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2190requires_config_enabled MBEDTLS_SSL_SRV_C 2191requires_config_enabled MBEDTLS_SSL_CLI_C 2192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2195run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ 2196 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2197 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2198 0 \ 2199 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2200 -c "client hello, adding psk_key_exchange_modes extension" \ 2201 -c "client hello, adding PSK binder list" \ 2202 -c "Selected key exchange mode: psk_ephemeral" \ 2203 -c "HTTP/1.0 200 OK" 2204 2205requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2206requires_config_enabled MBEDTLS_SSL_SRV_C 2207requires_config_enabled MBEDTLS_SSL_CLI_C 2208requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2211run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ 2212 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2213 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ 2214 0 \ 2215 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2216 -c "client hello, adding psk_key_exchange_modes extension" \ 2217 -c "client hello, adding PSK binder list" \ 2218 -s "No usable PSK or ticket" \ 2219 -s "key exchange mode: ephemeral" 2220 2221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2222requires_config_enabled MBEDTLS_SSL_SRV_C 2223requires_config_enabled MBEDTLS_SSL_CLI_C 2224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2227run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ 2228 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2229 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2230 1 \ 2231 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2232 -c "client hello, adding psk_key_exchange_modes extension" \ 2233 -c "client hello, adding PSK binder list" \ 2234 -s "Invalid binder." 2235 2236# psk_all mode in client 2237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2238requires_config_enabled MBEDTLS_SSL_SRV_C 2239requires_config_enabled MBEDTLS_SSL_CLI_C 2240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2241requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2242run_test "TLS 1.3: m->m: psk_all/psk, good" \ 2243 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2244 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2245 0 \ 2246 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2247 -c "client hello, adding psk_key_exchange_modes extension" \ 2248 -c "client hello, adding PSK binder list" \ 2249 -c "Selected key exchange mode: psk$" \ 2250 -c "HTTP/1.0 200 OK" 2251 2252requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2253requires_config_enabled MBEDTLS_SSL_SRV_C 2254requires_config_enabled MBEDTLS_SSL_CLI_C 2255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2257run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ 2258 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2259 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2260 1 \ 2261 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2262 -c "client hello, adding psk_key_exchange_modes extension" \ 2263 -c "client hello, adding PSK binder list" \ 2264 -s "ClientHello message misses mandatory extensions." 2265 2266requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2267requires_config_enabled MBEDTLS_SSL_SRV_C 2268requires_config_enabled MBEDTLS_SSL_CLI_C 2269requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2271run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ 2272 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2273 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2274 1 \ 2275 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2276 -c "client hello, adding psk_key_exchange_modes extension" \ 2277 -c "client hello, adding PSK binder list" \ 2278 -s "Invalid binder." 2279 2280requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2281requires_config_enabled MBEDTLS_SSL_SRV_C 2282requires_config_enabled MBEDTLS_SSL_CLI_C 2283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2285run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ 2286 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2287 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2288 0 \ 2289 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2290 -c "client hello, adding psk_key_exchange_modes extension" \ 2291 -c "client hello, adding PSK binder list" \ 2292 -c "Selected key exchange mode: psk_ephemeral" \ 2293 -c "HTTP/1.0 200 OK" 2294 2295requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2296requires_config_enabled MBEDTLS_SSL_SRV_C 2297requires_config_enabled MBEDTLS_SSL_CLI_C 2298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2300run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ 2301 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2302 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2303 1 \ 2304 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2305 -c "client hello, adding psk_key_exchange_modes extension" \ 2306 -c "client hello, adding PSK binder list" \ 2307 -s "No usable PSK or ticket" \ 2308 -s "ClientHello message misses mandatory extensions." 2309 2310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2311requires_config_enabled MBEDTLS_SSL_SRV_C 2312requires_config_enabled MBEDTLS_SSL_CLI_C 2313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2315run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ 2316 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2317 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2318 1 \ 2319 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2320 -c "client hello, adding psk_key_exchange_modes extension" \ 2321 -c "client hello, adding PSK binder list" \ 2322 -s "Invalid binder." 2323 2324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2325requires_config_enabled MBEDTLS_SSL_SRV_C 2326requires_config_enabled MBEDTLS_SSL_CLI_C 2327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2330run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ 2331 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2332 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2333 1 \ 2334 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2335 -c "client hello, adding psk_key_exchange_modes extension" \ 2336 -c "client hello, adding PSK binder list" 2337 2338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2339requires_config_enabled MBEDTLS_SSL_SRV_C 2340requires_config_enabled MBEDTLS_SSL_CLI_C 2341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2342requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2344run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ 2345 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2346 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2347 0 \ 2348 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2349 -c "client hello, adding psk_key_exchange_modes extension" \ 2350 -c "client hello, adding PSK binder list" \ 2351 -c "Selected key exchange mode: psk_ephemeral" \ 2352 -c "HTTP/1.0 200 OK" 2353 2354requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2355requires_config_enabled MBEDTLS_SSL_SRV_C 2356requires_config_enabled MBEDTLS_SSL_CLI_C 2357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2360run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ 2361 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2362 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2363 1 \ 2364 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2365 -c "client hello, adding psk_key_exchange_modes extension" \ 2366 -c "client hello, adding PSK binder list" \ 2367 -s "No usable PSK or ticket" 2368 2369requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2370requires_config_enabled MBEDTLS_SSL_SRV_C 2371requires_config_enabled MBEDTLS_SSL_CLI_C 2372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2375run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ 2376 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2377 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2378 1 \ 2379 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2380 -c "client hello, adding psk_key_exchange_modes extension" \ 2381 -c "client hello, adding PSK binder list" \ 2382 -s "Invalid binder." 2383 2384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2385requires_config_enabled MBEDTLS_SSL_SRV_C 2386requires_config_enabled MBEDTLS_SSL_CLI_C 2387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2389run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ 2390 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2391 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2392 0 \ 2393 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2394 -c "client hello, adding psk_key_exchange_modes extension" \ 2395 -c "client hello, adding PSK binder list" \ 2396 -c "Selected key exchange mode: psk_ephemeral" \ 2397 -c "HTTP/1.0 200 OK" 2398 2399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2400requires_config_enabled MBEDTLS_SSL_SRV_C 2401requires_config_enabled MBEDTLS_SSL_CLI_C 2402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2404run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ 2405 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2406 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2407 1 \ 2408 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2409 -c "client hello, adding psk_key_exchange_modes extension" \ 2410 -c "client hello, adding PSK binder list" \ 2411 -s "No usable PSK or ticket" \ 2412 -s "ClientHello message misses mandatory extensions." 2413 2414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2415requires_config_enabled MBEDTLS_SSL_SRV_C 2416requires_config_enabled MBEDTLS_SSL_CLI_C 2417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2419run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ 2420 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2421 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2422 1 \ 2423 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2424 -c "client hello, adding psk_key_exchange_modes extension" \ 2425 -c "client hello, adding PSK binder list" \ 2426 -s "Invalid binder." 2427 2428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2429requires_config_enabled MBEDTLS_SSL_SRV_C 2430requires_config_enabled MBEDTLS_SSL_CLI_C 2431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2433requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2434run_test "TLS 1.3: m->m: psk_all/all, good" \ 2435 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2436 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2437 0 \ 2438 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2439 -c "client hello, adding psk_key_exchange_modes extension" \ 2440 -c "client hello, adding PSK binder list" \ 2441 -c "Selected key exchange mode: psk_ephemeral" \ 2442 -c "HTTP/1.0 200 OK" 2443 2444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2445requires_config_enabled MBEDTLS_SSL_SRV_C 2446requires_config_enabled MBEDTLS_SSL_CLI_C 2447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2448requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2450run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ 2451 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2452 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ 2453 1 \ 2454 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2455 -c "client hello, adding psk_key_exchange_modes extension" \ 2456 -c "client hello, adding PSK binder list" \ 2457 -s "No usable PSK or ticket" 2458 2459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2460requires_config_enabled MBEDTLS_SSL_SRV_C 2461requires_config_enabled MBEDTLS_SSL_CLI_C 2462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2463requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2465run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ 2466 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2467 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2468 1 \ 2469 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2470 -c "client hello, adding psk_key_exchange_modes extension" \ 2471 -c "client hello, adding PSK binder list" \ 2472 -s "Invalid binder." 2473 2474# all mode in client 2475requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2476requires_config_enabled MBEDTLS_SSL_SRV_C 2477requires_config_enabled MBEDTLS_SSL_CLI_C 2478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2481run_test "TLS 1.3: m->m: all/psk, good" \ 2482 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2483 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2484 0 \ 2485 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2486 -c "client hello, adding psk_key_exchange_modes extension" \ 2487 -c "client hello, adding PSK binder list" \ 2488 -c "Selected key exchange mode: psk$" \ 2489 -c "HTTP/1.0 200 OK" 2490 2491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2492requires_config_enabled MBEDTLS_SSL_SRV_C 2493requires_config_enabled MBEDTLS_SSL_CLI_C 2494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2497run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ 2498 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2499 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2500 1 \ 2501 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2502 -c "client hello, adding psk_key_exchange_modes extension" \ 2503 -c "client hello, adding PSK binder list" \ 2504 -s "No usable PSK or ticket" \ 2505 -s "ClientHello message misses mandatory extensions." 2506 2507requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2508requires_config_enabled MBEDTLS_SSL_SRV_C 2509requires_config_enabled MBEDTLS_SSL_CLI_C 2510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2513run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ 2514 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2515 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2516 1 \ 2517 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2518 -c "client hello, adding psk_key_exchange_modes extension" \ 2519 -c "client hello, adding PSK binder list" \ 2520 -s "Invalid binder." 2521 2522requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2523requires_config_enabled MBEDTLS_SSL_SRV_C 2524requires_config_enabled MBEDTLS_SSL_CLI_C 2525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2528run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ 2529 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2530 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2531 0 \ 2532 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2533 -c "client hello, adding psk_key_exchange_modes extension" \ 2534 -c "client hello, adding PSK binder list" \ 2535 -c "Selected key exchange mode: psk_ephemeral" \ 2536 -c "HTTP/1.0 200 OK" 2537 2538requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2539requires_config_enabled MBEDTLS_SSL_SRV_C 2540requires_config_enabled MBEDTLS_SSL_CLI_C 2541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2544run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ 2545 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2546 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2547 1 \ 2548 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2549 -c "client hello, adding psk_key_exchange_modes extension" \ 2550 -c "client hello, adding PSK binder list" \ 2551 -s "No usable PSK or ticket" \ 2552 -s "ClientHello message misses mandatory extensions." 2553 2554requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2555requires_config_enabled MBEDTLS_SSL_SRV_C 2556requires_config_enabled MBEDTLS_SSL_CLI_C 2557requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2560run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ 2561 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2562 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2563 1 \ 2564 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2565 -c "client hello, adding psk_key_exchange_modes extension" \ 2566 -c "client hello, adding PSK binder list" \ 2567 -s "Invalid binder." 2568 2569requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2570requires_config_enabled MBEDTLS_SSL_SRV_C 2571requires_config_enabled MBEDTLS_SSL_CLI_C 2572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2573requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2575run_test "TLS 1.3: m->m: all/ephemeral, good" \ 2576 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2577 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2578 0 \ 2579 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2580 -c "client hello, adding psk_key_exchange_modes extension" \ 2581 -c "client hello, adding PSK binder list" \ 2582 -c "Selected key exchange mode: ephemeral" \ 2583 -c "HTTP/1.0 200 OK" 2584 2585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2586requires_config_enabled MBEDTLS_SSL_SRV_C 2587requires_config_enabled MBEDTLS_SSL_CLI_C 2588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2591run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ 2592 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2593 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2594 0 \ 2595 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2596 -c "client hello, adding psk_key_exchange_modes extension" \ 2597 -c "client hello, adding PSK binder list" \ 2598 -c "Selected key exchange mode: psk_ephemeral" \ 2599 -c "HTTP/1.0 200 OK" 2600 2601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2602requires_config_enabled MBEDTLS_SSL_SRV_C 2603requires_config_enabled MBEDTLS_SSL_CLI_C 2604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2607run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ 2608 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2609 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2610 0 \ 2611 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2612 -c "client hello, adding psk_key_exchange_modes extension" \ 2613 -c "client hello, adding PSK binder list" \ 2614 -s "No usable PSK or ticket" \ 2615 -c "Selected key exchange mode: ephemeral" \ 2616 -c "HTTP/1.0 200 OK" 2617 2618requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2619requires_config_enabled MBEDTLS_SSL_SRV_C 2620requires_config_enabled MBEDTLS_SSL_CLI_C 2621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2624run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ 2625 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2626 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2627 1 \ 2628 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2629 -c "client hello, adding psk_key_exchange_modes extension" \ 2630 -c "client hello, adding PSK binder list" \ 2631 -s "Invalid binder." 2632 2633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2634requires_config_enabled MBEDTLS_SSL_SRV_C 2635requires_config_enabled MBEDTLS_SSL_CLI_C 2636requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2639run_test "TLS 1.3: m->m: all/psk_all, good" \ 2640 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2641 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2642 0 \ 2643 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2644 -c "client hello, adding psk_key_exchange_modes extension" \ 2645 -c "client hello, adding PSK binder list" \ 2646 -c "Selected key exchange mode: psk_ephemeral" \ 2647 -c "HTTP/1.0 200 OK" 2648 2649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2650requires_config_enabled MBEDTLS_SSL_SRV_C 2651requires_config_enabled MBEDTLS_SSL_CLI_C 2652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2655run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ 2656 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2657 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2658 1 \ 2659 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2660 -c "client hello, adding psk_key_exchange_modes extension" \ 2661 -c "client hello, adding PSK binder list" \ 2662 -s "No usable PSK or ticket" \ 2663 -s "ClientHello message misses mandatory extensions." 2664 2665requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2666requires_config_enabled MBEDTLS_SSL_SRV_C 2667requires_config_enabled MBEDTLS_SSL_CLI_C 2668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2669requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2671run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ 2672 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2673 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2674 1 \ 2675 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2676 -c "client hello, adding psk_key_exchange_modes extension" \ 2677 -c "client hello, adding PSK binder list" \ 2678 -s "Invalid binder." 2679 2680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2681requires_config_enabled MBEDTLS_SSL_SRV_C 2682requires_config_enabled MBEDTLS_SSL_CLI_C 2683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2686run_test "TLS 1.3: m->m: all/all, good" \ 2687 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2688 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2689 0 \ 2690 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2691 -c "client hello, adding psk_key_exchange_modes extension" \ 2692 -c "client hello, adding PSK binder list" \ 2693 -c "Selected key exchange mode: psk_ephemeral" \ 2694 -c "HTTP/1.0 200 OK" 2695 2696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2697requires_config_enabled MBEDTLS_SSL_SRV_C 2698requires_config_enabled MBEDTLS_SSL_CLI_C 2699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2702run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ 2703 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2704 "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ 2705 0 \ 2706 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2707 -c "client hello, adding psk_key_exchange_modes extension" \ 2708 -c "client hello, adding PSK binder list" \ 2709 -s "No usable PSK or ticket" \ 2710 -s "key exchange mode: ephemeral" 2711 2712requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2713requires_config_enabled MBEDTLS_SSL_SRV_C 2714requires_config_enabled MBEDTLS_SSL_CLI_C 2715requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2718run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ 2719 "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2720 "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ 2721 1 \ 2722 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2723 -c "client hello, adding psk_key_exchange_modes extension" \ 2724 -c "client hello, adding PSK binder list" \ 2725 -s "Invalid binder." 2726 2727#OPENSSL-SERVER psk mode 2728requires_openssl_tls1_3 2729requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2730requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2731requires_config_enabled MBEDTLS_DEBUG_C 2732requires_config_enabled MBEDTLS_SSL_CLI_C 2733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2734run_test "TLS 1.3: m->O: psk/all, good" \ 2735 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2736 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2737 0 \ 2738 -c "=> write client hello" \ 2739 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2740 -c "client hello, adding psk_key_exchange_modes extension" \ 2741 -c "client hello, adding PSK binder list" \ 2742 -c "<= write client hello" \ 2743 -c "Selected key exchange mode: psk$" \ 2744 -c "HTTP/1.0 200 ok" 2745 2746requires_openssl_tls1_3 2747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2748requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2749requires_config_enabled MBEDTLS_DEBUG_C 2750requires_config_enabled MBEDTLS_SSL_CLI_C 2751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2752run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ 2753 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2754 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2755 1 \ 2756 -c "=> write client hello" \ 2757 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2758 -c "client hello, adding psk_key_exchange_modes extension" \ 2759 -c "client hello, adding PSK binder list" \ 2760 -c "<= write client hello" \ 2761 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2762 2763#OPENSSL-SERVER psk_all mode 2764requires_openssl_tls1_3_with_compatible_ephemeral 2765requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2767requires_config_enabled MBEDTLS_DEBUG_C 2768requires_config_enabled MBEDTLS_SSL_CLI_C 2769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2770requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2771run_test "TLS 1.3: m->O: psk_all/all, good" \ 2772 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2773 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2774 0 \ 2775 -c "=> write client hello" \ 2776 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2777 -c "client hello, adding psk_key_exchange_modes extension" \ 2778 -c "client hello, adding PSK binder list" \ 2779 -c "<= write client hello" \ 2780 -c "Selected key exchange mode: psk_ephemeral" \ 2781 -c "HTTP/1.0 200 ok" 2782 2783requires_openssl_tls1_3_with_compatible_ephemeral 2784requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2786requires_config_enabled MBEDTLS_DEBUG_C 2787requires_config_enabled MBEDTLS_SSL_CLI_C 2788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2790run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ 2791 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2792 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2793 0 \ 2794 -c "=> write client hello" \ 2795 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2796 -c "client hello, adding psk_key_exchange_modes extension" \ 2797 -c "client hello, adding PSK binder list" \ 2798 -c "<= write client hello" \ 2799 -c "Selected key exchange mode: psk_ephemeral" \ 2800 -c "HTTP/1.0 200 ok" 2801 2802#OPENSSL-SERVER psk_ephemeral mode 2803requires_openssl_tls1_3_with_compatible_ephemeral 2804requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2806requires_config_enabled MBEDTLS_DEBUG_C 2807requires_config_enabled MBEDTLS_SSL_CLI_C 2808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2809run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ 2810 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2811 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2812 0 \ 2813 -c "=> write client hello" \ 2814 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2815 -c "client hello, adding psk_key_exchange_modes extension" \ 2816 -c "client hello, adding PSK binder list" \ 2817 -c "<= write client hello" \ 2818 -c "Selected key exchange mode: psk_ephemeral" \ 2819 -c "HTTP/1.0 200 ok" 2820 2821requires_openssl_tls1_3_with_compatible_ephemeral 2822requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2824requires_config_enabled MBEDTLS_DEBUG_C 2825requires_config_enabled MBEDTLS_SSL_CLI_C 2826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2827run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ 2828 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2829 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 2830 0 \ 2831 -c "=> write client hello" \ 2832 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2833 -c "client hello, adding psk_key_exchange_modes extension" \ 2834 -c "client hello, adding PSK binder list" \ 2835 -c "<= write client hello" \ 2836 -c "Selected key exchange mode: psk_ephemeral" \ 2837 -c "HTTP/1.0 200 ok" 2838 2839#OPENSSL-SERVER ephemeral mode 2840requires_openssl_tls1_3_with_compatible_ephemeral 2841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2843requires_config_enabled MBEDTLS_DEBUG_C 2844requires_config_enabled MBEDTLS_SSL_CLI_C 2845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2846run_test "TLS 1.3: m->O: ephemeral/all, good" \ 2847 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ 2848 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2849 0 \ 2850 -c "Selected key exchange mode: ephemeral" \ 2851 -c "HTTP/1.0 200 ok" 2852 2853requires_openssl_tls1_3_with_compatible_ephemeral 2854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2856requires_config_enabled MBEDTLS_DEBUG_C 2857requires_config_enabled MBEDTLS_SSL_CLI_C 2858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2859run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ 2860 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2861 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 2862 0 \ 2863 -c "Selected key exchange mode: ephemeral" \ 2864 -c "HTTP/1.0 200 ok" 2865 2866#OPENSSL-SERVER ephemeral_all mode 2867requires_openssl_tls1_3_with_compatible_ephemeral 2868requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2870requires_config_enabled MBEDTLS_DEBUG_C 2871requires_config_enabled MBEDTLS_SSL_CLI_C 2872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2874run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ 2875 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2876 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2877 0 \ 2878 -c "=> write client hello" \ 2879 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2880 -c "client hello, adding psk_key_exchange_modes extension" \ 2881 -c "client hello, adding PSK binder list" \ 2882 -c "Selected key exchange mode: psk_ephemeral" \ 2883 -c "<= write client hello" \ 2884 -c "HTTP/1.0 200 ok" 2885 2886requires_openssl_tls1_3_with_compatible_ephemeral 2887requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2889requires_config_enabled MBEDTLS_DEBUG_C 2890requires_config_enabled MBEDTLS_SSL_CLI_C 2891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2893run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ 2894 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2895 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 2896 0 \ 2897 -c "=> write client hello" \ 2898 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2899 -c "client hello, adding psk_key_exchange_modes extension" \ 2900 -c "client hello, adding PSK binder list" \ 2901 -c "Selected key exchange mode: psk_ephemeral" \ 2902 -c "<= write client hello" \ 2903 -c "HTTP/1.0 200 ok" 2904 2905#OPENSSL-SERVER all mode 2906requires_openssl_tls1_3_with_compatible_ephemeral 2907requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2909requires_config_enabled MBEDTLS_DEBUG_C 2910requires_config_enabled MBEDTLS_SSL_CLI_C 2911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2914run_test "TLS 1.3: m->O: all/all, good" \ 2915 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ 2916 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2917 0 \ 2918 -c "=> write client hello" \ 2919 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2920 -c "client hello, adding psk_key_exchange_modes extension" \ 2921 -c "client hello, adding PSK binder list" \ 2922 -c "Selected key exchange mode: psk_ephemeral" \ 2923 -c "<= write client hello" \ 2924 -c "HTTP/1.0 200 ok" 2925 2926requires_openssl_tls1_3_with_compatible_ephemeral 2927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2929requires_config_enabled MBEDTLS_DEBUG_C 2930requires_config_enabled MBEDTLS_SSL_CLI_C 2931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2934run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ 2935 "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ 2936 "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 2937 0 \ 2938 -c "=> write client hello" \ 2939 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2940 -c "client hello, adding psk_key_exchange_modes extension" \ 2941 -c "client hello, adding PSK binder list" \ 2942 -c "Selected key exchange mode: psk_ephemeral" \ 2943 -c "<= write client hello" \ 2944 -c "HTTP/1.0 200 ok" 2945 2946#GNUTLS-SERVER psk mode 2947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2948requires_gnutls_tls1_3 2949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2950requires_config_enabled MBEDTLS_DEBUG_C 2951requires_config_enabled MBEDTLS_SSL_CLI_C 2952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2953run_test "TLS 1.3: m->G: psk/all, good" \ 2954 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 2955 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2956 0 \ 2957 -c "=> write client hello" \ 2958 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2959 -c "client hello, adding psk_key_exchange_modes extension" \ 2960 -c "client hello, adding PSK binder list" \ 2961 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2962 -s "Parsing extension 'Pre Shared Key/41'" \ 2963 -c "<= write client hello" \ 2964 -c "Selected key exchange mode: psk$" \ 2965 -c "HTTP/1.0 200 OK" 2966 2967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2968requires_gnutls_tls1_3 2969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2970requires_config_enabled MBEDTLS_DEBUG_C 2971requires_config_enabled MBEDTLS_SSL_CLI_C 2972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2973run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ 2974 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 2975 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ 2976 1 \ 2977 -c "=> write client hello" \ 2978 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 2979 -c "client hello, adding psk_key_exchange_modes extension" \ 2980 -c "client hello, adding PSK binder list" \ 2981 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 2982 -s "Parsing extension 'Pre Shared Key/41'" \ 2983 -c "<= write client hello" \ 2984 -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" 2985 2986#GNUTLS-SERVER psk_all mode 2987requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2988requires_gnutls_tls1_3 2989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2990requires_config_enabled MBEDTLS_DEBUG_C 2991requires_config_enabled MBEDTLS_SSL_CLI_C 2992requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 2993requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 2994run_test "TLS 1.3: m->G: psk_all/all, good" \ 2995 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 2996 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 2997 0 \ 2998 -c "=> write client hello" \ 2999 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3000 -c "client hello, adding psk_key_exchange_modes extension" \ 3001 -c "client hello, adding PSK binder list" \ 3002 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3003 -s "Parsing extension 'Pre Shared Key/41'" \ 3004 -c "<= write client hello" \ 3005 -c "Selected key exchange mode: psk_ephemeral" \ 3006 -c "HTTP/1.0 200 OK" 3007 3008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3009requires_gnutls_tls1_3 3010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3011requires_config_enabled MBEDTLS_DEBUG_C 3012requires_config_enabled MBEDTLS_SSL_CLI_C 3013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3015run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ 3016 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3017 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ 3018 0 \ 3019 -c "=> write client hello" \ 3020 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3021 -c "client hello, adding psk_key_exchange_modes extension" \ 3022 -c "client hello, adding PSK binder list" \ 3023 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3024 -s "Parsing extension 'Pre Shared Key/41'" \ 3025 -c "<= write client hello" \ 3026 -c "Selected key exchange mode: psk_ephemeral" \ 3027 -c "HTTP/1.0 200 OK" 3028 3029#GNUTLS-SERVER psk_ephemeral mode 3030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3031requires_gnutls_tls1_3 3032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3033requires_config_enabled MBEDTLS_DEBUG_C 3034requires_config_enabled MBEDTLS_SSL_CLI_C 3035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3036run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ 3037 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3038 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3039 0 \ 3040 -c "=> write client hello" \ 3041 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3042 -c "client hello, adding psk_key_exchange_modes extension" \ 3043 -c "client hello, adding PSK binder list" \ 3044 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3045 -s "Parsing extension 'Pre Shared Key/41'" \ 3046 -c "<= write client hello" \ 3047 -c "Selected key exchange mode: psk_ephemeral" \ 3048 -c "HTTP/1.0 200 OK" 3049 3050requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3051requires_gnutls_tls1_3 3052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3053requires_config_enabled MBEDTLS_DEBUG_C 3054requires_config_enabled MBEDTLS_SSL_CLI_C 3055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3056run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ 3057 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3058 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ 3059 0 \ 3060 -c "=> write client hello" \ 3061 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3062 -c "client hello, adding psk_key_exchange_modes extension" \ 3063 -c "client hello, adding PSK binder list" \ 3064 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3065 -s "Parsing extension 'Pre Shared Key/41'" \ 3066 -c "<= write client hello" \ 3067 -c "Selected key exchange mode: psk_ephemeral" \ 3068 -c "HTTP/1.0 200 OK" 3069 3070#GNUTLS-SERVER ephemeral mode 3071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3072requires_gnutls_tls1_3 3073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3074requires_config_enabled MBEDTLS_DEBUG_C 3075requires_config_enabled MBEDTLS_SSL_CLI_C 3076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3077run_test "TLS 1.3: m->G: ephemeral/all, good" \ 3078 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3079 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3080 0 \ 3081 -c "Selected key exchange mode: ephemeral" \ 3082 -c "HTTP/1.0 200 OK" 3083 3084requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3085requires_gnutls_tls1_3 3086requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3087requires_config_enabled MBEDTLS_DEBUG_C 3088requires_config_enabled MBEDTLS_SSL_CLI_C 3089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3090run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ 3091 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3092 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ 3093 0 \ 3094 -c "Selected key exchange mode: ephemeral" \ 3095 -c "HTTP/1.0 200 OK" 3096 3097#GNUTLS-SERVER ephemeral_all mode 3098requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3099requires_gnutls_tls1_3 3100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3101requires_config_enabled MBEDTLS_DEBUG_C 3102requires_config_enabled MBEDTLS_SSL_CLI_C 3103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3105run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ 3106 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3107 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3108 0 \ 3109 -c "=> write client hello" \ 3110 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3111 -c "client hello, adding psk_key_exchange_modes extension" \ 3112 -c "client hello, adding PSK binder list" \ 3113 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3114 -s "Parsing extension 'Pre Shared Key/41'" \ 3115 -c "<= write client hello" \ 3116 -c "Selected key exchange mode: psk_ephemeral" \ 3117 -c "HTTP/1.0 200 OK" 3118 3119requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3120requires_gnutls_tls1_3 3121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3122requires_config_enabled MBEDTLS_DEBUG_C 3123requires_config_enabled MBEDTLS_SSL_CLI_C 3124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3126run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ 3127 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3128 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ 3129 0 \ 3130 -c "=> write client hello" \ 3131 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3132 -c "client hello, adding psk_key_exchange_modes extension" \ 3133 -c "client hello, adding PSK binder list" \ 3134 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3135 -s "Parsing extension 'Pre Shared Key/41'" \ 3136 -c "<= write client hello" \ 3137 -c "Selected key exchange mode: psk_ephemeral" \ 3138 -c "HTTP/1.0 200 OK" 3139 3140#GNUTLS-SERVER all mode 3141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3142requires_gnutls_tls1_3 3143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3144requires_config_enabled MBEDTLS_DEBUG_C 3145requires_config_enabled MBEDTLS_SSL_CLI_C 3146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3149run_test "TLS 1.3: m->G: all/all, good" \ 3150 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3151 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3152 0 \ 3153 -c "=> write client hello" \ 3154 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3155 -c "client hello, adding psk_key_exchange_modes extension" \ 3156 -c "client hello, adding PSK binder list" \ 3157 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3158 -s "Parsing extension 'Pre Shared Key/41'" \ 3159 -c "<= write client hello" \ 3160 -c "Selected key exchange mode: psk_ephemeral" \ 3161 -c "HTTP/1.0 200 OK" 3162 3163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 3164requires_gnutls_tls1_3 3165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 3166requires_config_enabled MBEDTLS_DEBUG_C 3167requires_config_enabled MBEDTLS_SSL_CLI_C 3168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 3169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 3171run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ 3172 "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ 3173 "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 3174 0 \ 3175 -c "=> write client hello" \ 3176 -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ 3177 -c "client hello, adding psk_key_exchange_modes extension" \ 3178 -c "client hello, adding PSK binder list" \ 3179 -s "Parsing extension 'PSK Key Exchange Modes/45'" \ 3180 -s "Parsing extension 'Pre Shared Key/41'" \ 3181 -c "<= write client hello" \ 3182 -c "Selected key exchange mode: psk_ephemeral" \ 3183 -c "HTTP/1.0 200 OK" 3184
