From 2185c0f2e9ee3f9fb6051762ce4fb1493cd510c5 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 23 Aug 2022 16:12:43 +0800
Subject: [PATCH] add force ciphersuite tls-aes-256-gcm-sha384 test

PSK hash alg of server is sha256. If client send only
tls-aes-256-gcm-384, there is no valid ciphersuite
available, handshake should be abort.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/opt-testcases/tls13-kex-modes.sh | 47 ++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index e68016717..55159b43e 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -2281,3 +2281,50 @@ run_test    "TLS 1.3: PSK: all: with mismatched key, with psk_ke and psk_dhe_ke.
             -S "key exchange mode: psk$" \
             -S "key exchange mode: psk_ephemeral" \
             -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+# SOME_ECDHE_ENABLED?
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+                             MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test    "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. G->m" \
+            "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+            "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+                         --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+                         localhost" \
+            1 \
+            -s "found psk key exchange modes extension" \
+            -s "found pre_shared_key extension" \
+            -s "Found PSK_EPHEMERAL KEX MODE" \
+            -s "Found PSK KEX MODE" \
+            -S "Pre shared key found" \
+            -S "No matched PSK or ticket"\
+            -S "key exchange mode: psk$" \
+            -S "key exchange mode: psk_ephemeral" \
+            -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+# SOME_ECDHE_ENABLED?
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+                             MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test    "TLS 1.3: PSK: test ciphersuite TLS_AES_256_GCM_SHA384. O->m" \
+            "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+            "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
+                         -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+            1 \
+            -s "found psk key exchange modes extension" \
+            -s "found pre_shared_key extension" \
+            -s "Found PSK_EPHEMERAL KEX MODE" \
+            -s "Found PSK KEX MODE" \
+            -S "Pre shared key found" \
+            -S "No matched PSK or ticket"\
+            -S "key exchange mode: psk$" \
+            -S "key exchange mode: psk_ephemeral" \
+            -S "key exchange mode: ephemeral"