diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f9393d779..547a0f55c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8010,7 +8010,7 @@ run_test "ECJPAKE: working, TLS" \ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password" \ +run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password client+server" \ "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ @@ -8028,6 +8028,48 @@ run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password" \ -S "SSL - The handshake negotiation failed" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password client only" \ + "$P_SRV debug_level=3 ecjpake_pw=bla" \ + "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ + force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ + 0 \ + -c "add ciphersuite: c0ff" \ + -c "adding ecjpake_kkpp extension" \ + -c "using opaque password" \ + -S "using opaque password" \ + -C "re-using cached ecjpake parameters" \ + -s "found ecjpake kkpp extension" \ + -S "skip ecjpake kkpp extension" \ + -S "ciphersuite mismatch: ecjpake not configured" \ + -s "server hello, ecjpake kkpp extension" \ + -c "found ecjpake_kkpp extension" \ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password server only" \ + "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ + "$P_CLI debug_level=3 ecjpake_pw=bla\ + force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ + 0 \ + -c "add ciphersuite: c0ff" \ + -c "adding ecjpake_kkpp extension" \ + -C "using opaque password" \ + -s "using opaque password" \ + -C "re-using cached ecjpake parameters" \ + -s "found ecjpake kkpp extension" \ + -S "skip ecjpake kkpp extension" \ + -S "ciphersuite mismatch: ecjpake not configured" \ + -s "server hello, ecjpake kkpp extension" \ + -c "found ecjpake_kkpp extension" \ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Verification of the message MAC failed" + server_needs_more_time 1 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8039,6 +8081,20 @@ run_test "ECJPAKE: password mismatch, TLS" \ -C "re-using cached ecjpake parameters" \ -s "SSL - Verification of the message MAC failed" +server_needs_more_time 1 +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \ + "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ + "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \ + force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ + 1 \ + -c "using opaque password" \ + -s "using opaque password" \ + -C "re-using cached ecjpake parameters" \ + -s "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: working, DTLS" \