From e36397d13b8877a648479ff327db5fb5e8d71871 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 9 Jul 2022 04:20:59 +0000 Subject: [PATCH] add tests for psk_key_exchange_mode To confirm, psk_key_exchange_modes were received and parsed. Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 80b7806e7..c93481121 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2229,41 +2229,95 @@ run_test "SHA-256 allowed by default in client certificate" \ # ssl_client2/ssl_server2 example programs works. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: PSK only" \ "$P_SRV tls13_kex_modes=psk debug_level=4" \ "$P_CLI tls13_kex_modes=psk debug_level=4" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: PSK-ephemeral only" \ "$P_SRV tls13_kex_modes=psk_ephemeral" \ "$P_CLI tls13_kex_modes=psk_ephemeral" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: Pure-ephemeral only" \ "$P_SRV tls13_kex_modes=ephemeral" \ "$P_CLI tls13_kex_modes=ephemeral" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All ephemeral" \ "$P_SRV tls13_kex_modes=ephemeral_all" \ "$P_CLI tls13_kex_modes=ephemeral_all" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All PSK" \ "$P_SRV tls13_kex_modes=psk_all" \ "$P_CLI tls13_kex_modes=psk_all" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All" \ "$P_SRV tls13_kex_modes=all" \ "$P_CLI tls13_kex_modes=all" \ 0 +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->m" \ + "$P_SRV force_version=tls13 debug_level=5" \ + "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70 -allow_no_dhe_kex" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, G->m" \ + "$P_SRV force_version=tls13 debug_level=5" \ + "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->G" \ + "$G_NEXT_SRV -d 50 --pskpasswd data_files/passwd.psk --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ + "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 + # Tests for datagram packing requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client and server" \