1
0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-26 02:27:04 +08:00

ssl-opt.sh: Add m->m resumption and early data tests

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-03-15 10:08:32 +01:00
parent e739892cf8
commit dd2dc1578a

View File

@ -196,6 +196,205 @@ run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
"$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session... ok" \
-c "HTTP/1.0 200 OK" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with early data" \
"$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "bytes of early data written" \
-C "0 bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite" \
-s "Sent max_early_data_size" \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
"$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "bytes of early data written" \
-C "0 bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
-s "Sent max_early_data_size" \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-C "received max_early_data_size" \
-C "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
-C "EncryptedExtensions: early_data(42) extension received." \
-c "0 bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite" \
-S "Sent max_early_data_size" \
-S "NewSessionTicket: early_data(42) extension exists." \
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
"$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-C "received max_early_data_size" \
-C "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
-C "EncryptedExtensions: early_data(42) extension received." \
-c "0 bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite" \
-S "Sent max_early_data_size" \
-S "NewSessionTicket: early_data(42) extension exists." \
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
"$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size" \
-c "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
-C "EncryptedExtensions: early_data(42) extension received." \
-C "bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite" \
-s "Sent max_early_data_size" \
-s "NewSessionTicket: early_data(42) extension exists." \
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
"$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-c "received max_early_data_size" \
-c "NewSessionTicket: early_data(42) extension received." \
-C "ClientHello: early_data(42) extension exists." \
-C "EncryptedExtensions: early_data(42) extension received." \
-C "bytes of early data written" \
-s "Protocol is TLSv1.3" \
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite" \
-s "Sent max_early_data_size" \
-s "NewSessionTicket: early_data(42) extension exists." \
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \