add cases to test session resumption with different ticket_flags

This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
Pengyu Lv 2022-12-09 14:27:08 +08:00
parent 9356678047
commit 302feb3955
3 changed files with 81 additions and 1 deletions

View file

@ -1215,6 +1215,9 @@ usage:
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
} else if (strcmp(q, "all") == 0) {
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
} else if (strcmp(q, "psk_or_ephemeral") == 0) {
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
} else {
goto usage;
}

View file

@ -1412,7 +1412,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
return ret;
}
switch (opt.dummy_ticket % 7) {
switch (opt.dummy_ticket % 11) {
case 1:
return MBEDTLS_ERR_SSL_INVALID_MAC;
case 2:
@ -1432,6 +1432,20 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
session->ticket_age_add -= 1000;
#endif
break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 7:
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
break;
case 8:
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
case 9:
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
case 10:
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
break;
#endif
default:
break;
}

View file

@ -323,3 +323,66 @@ run_test "TLS 1.3, ext PSK, early data" \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )."
get_resumption_with_ticket_flags_criteria()
{
ticket_flags=$1
psk_modes=$2
if [ "$ticket_flags" = "none" ] || \
( [ "$psk_modes" != "psk_all" ] && \
[ "$ticket_flags" != "psk_all" ] && \
[ "$psk_modes" != "$ticket_flags" ] );
then
# ticket_flags is incompatible with the psk_kex_modes
echo ' -c "Pre-configured PSK number = 1"' \
' -S "sent selected_identity:"' \
' -s "key exchange mode: ephemeral"' \
' -S "key exchange mode: psk_ephemeral"' \
' -S "key exchange mode: psk$"' \
' -s "No suitable key exchange mode"' \
' -s "No matched PSK or ticket"'
else
# ticket_flags is compatible with the psk_kex_modes
echo ' -c "Pre-configured PSK number = 1"' \
' -S "No suitable key exchange mode"' \
' -s "found matched identity"'
fi
}
run_tests_tls13_resumption_with_ticket_flags()
{
# all tests in this sequence requires the same configuration.
SKIP_THIS_TESTS="$SKIP_NEXT"
DUMMY_TICKET_BASE=6
TLS13_KEX_MODES="ephemeral:psk_or_ephemeral:ephemeral_all:all"
PSK_KEX_MODES="none:psk:psk_ephemeral:psk_all"
for m in $(seq 4); do
kex_mode="$(echo "$TLS13_KEX_MODES" | cut -d ":" -f "$m")"
# ephemeral only mode doesn't support resumption
if [ "$kex_mode" = "ephemeral" ]; then continue; fi
for n in $(seq 4); do
supported_psk_modes="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$m")"
dummy_ticket_flags="$(echo "$PSK_KEX_MODES" | cut -d ":" -f "$n")"
eval "set -- $(get_resumption_with_ticket_flags_criteria "$dummy_ticket_flags" "$supported_psk_modes")"
SKIP_NEXT="$SKIP_THIS_TESTS"
run_test "TLS 1.3 m->m: Resumption with ticket flags, $supported_psk_modes->$dummy_ticket_flags." \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=$((n + DUMMY_TICKET_BASE))" \
"$P_CLI debug_level=4 force_version=tls13 tls13_kex_modes=$kex_mode reconnect=1" \
0 \
"$@"
done
done
}
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
run_tests_tls13_resumption_with_ticket_flags