add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode in SessionTicket works well. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
parent
9356678047
commit
302feb3955
3 changed files with 81 additions and 1 deletions
|
@ -1215,6 +1215,9 @@ usage:
|
|||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||
} else if (strcmp(q, "all") == 0) {
|
||||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
} else if (strcmp(q, "psk_or_ephemeral") == 0) {
|
||||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
|
|
|
@ -1412,7 +1412,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
return ret;
|
||||
}
|
||||
|
||||
switch (opt.dummy_ticket % 7) {
|
||||
switch (opt.dummy_ticket % 11) {
|
||||
case 1:
|
||||
return MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
case 2:
|
||||
|
@ -1432,6 +1432,20 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
session->ticket_age_add -= 1000;
|
||||
#endif
|
||||
break;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
case 7:
|
||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
|
||||
break;
|
||||
case 8:
|
||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
break;
|
||||
case 9:
|
||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
break;
|
||||
case 10:
|
||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -323,3 +323,66 @@ run_test "TLS 1.3, ext PSK, early data" \
|
|||
-c "EncryptedExtensions: early_data(42) extension received." \
|
||||
-c "EncryptedExtensions: early_data(42) extension ( ignored )."
|
||||
|
||||
get_resumption_with_ticket_flags_criteria()
|
||||
{
|
||||
ticket_flags=$1
|
||||
psk_modes=$2
|
||||
if [ "$ticket_flags" = "none" ] || \
|
||||
( [ "$psk_modes" != "psk_all" ] && \
|
||||
[ "$ticket_flags" != "psk_all" ] && \
|
||||
[ "$psk_modes" != "$ticket_flags" ] );
|
||||
then
|
||||
# ticket_flags is incompatible with the psk_kex_modes
|
||||
echo ' -c "Pre-configured PSK number = 1"' \
|
||||
' -S "sent selected_identity:"' \
|
||||
' -s "key exchange mode: ephemeral"' \
|
||||
' -S "key exchange mode: psk_ephemeral"' \
|
||||
' -S "key exchange mode: psk$"' \
|
||||
' -s "No suitable key exchange mode"' \
|
||||
' -s "No matched PSK or ticket"'
|
||||
else
|
||||
# ticket_flags is compatible with the psk_kex_modes
|
||||
echo ' -c "Pre-configured PSK number = 1"' \
|
||||
' -S "No suitable key exchange mode"' \
|
||||
' -s "found matched identity"'
|
||||
fi
|
||||
}
|
||||
|
||||
run_tests_tls13_resumption_with_ticket_flags()
|
||||
{
|
||||
# all tests in this sequence requires the same configuration.
|
||||
SKIP_THIS_TESTS="$SKIP_NEXT"
|
||||
|
||||
DUMMY_TICKET_BASE=6
|
||||
TLS13_KEX_MODES="ephemeral:psk_or_ephemeral:ephemeral_all:all"
|
||||
PSK_KEX_MODES="none:psk:psk_ephemeral:psk_all"
|
||||
|
||||
for m in $(seq 4); do
|
||||
kex_mode="$(echo "$TLS13_KEX_MODES" | cut -d ":" -f "$m")"
|
||||
# ephemeral only mode doesn't support resumption
|
||||
if [ "$kex_mode" = "ephemeral" ]; then continue; fi
|
||||
|
||||
for n in $(seq 4); do
|
||||
supported_psk_modes="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$m")"
|
||||
dummy_ticket_flags="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$n")"
|
||||
|
||||
eval "set -- $(get_resumption_with_ticket_flags_criteria "$dummy_ticket_flags" "$supported_psk_modes")"
|
||||
|
||||
SKIP_NEXT="$SKIP_THIS_TESTS"
|
||||
run_test "TLS 1.3 m->m: Resumption with ticket flags, $supported_psk_modes->$dummy_ticket_flags." \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=$((n + DUMMY_TICKET_BASE))" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 tls13_kex_modes=$kex_mode reconnect=1" \
|
||||
0 \
|
||||
"$@"
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
|
||||
requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
run_tests_tls13_resumption_with_ticket_flags
|
||||
|
||||
|
|
Loading…
Reference in a new issue