diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1702885fd..250bae90f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4814,6 +4814,8 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de psa_algorithm_t alg, const unsigned char* seed, size_t seed_length, const unsigned char* label, size_t label_length, + const unsigned char* other_secret, + size_t other_secret_length, size_t capacity ) { psa_status_t status; @@ -4830,6 +4832,15 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de if( status != PSA_SUCCESS ) return( status ); + if ( other_secret != NULL ) + { + status = psa_key_derivation_input_bytes( derivation, + PSA_KEY_DERIVATION_INPUT_OTHER_SECRET, + other_secret, other_secret_length ); + if( status != PSA_SUCCESS ) + return( status ); + } + if( mbedtls_svc_key_id_is_null( key ) ) { status = psa_key_derivation_input_bytes( @@ -4903,6 +4914,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, random, rlen, (unsigned char const *) label, (size_t) strlen( label ), + NULL, 0, dlen ); if( status != PSA_SUCCESS ) { @@ -5088,8 +5100,10 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, return( 0 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) + + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED ) static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { if( ssl->conf->f_psk != NULL ) @@ -5108,7 +5122,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) return( 0 ); } #endif /* MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ + MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ /* * Compute master secret if needed @@ -5144,15 +5158,15 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, * is used. */ char const *lbl = "master secret"; - /* The salt for the KDF used for key expansion. + /* The seed for the KDF used for key expansion. * - If the Extended Master Secret extension is not used, * this is ClientHello.Random + ServerHello.Random * (see Sect. 8.1 in RFC 5246). * - If the Extended Master Secret extension is used, * this is the transcript of the handshake so far. * (see Sect. 4 in RFC 7627). */ - unsigned char const *salt = handshake->randbytes; - size_t salt_len = 64; + unsigned char const *seed = handshake->randbytes; + size_t seed_len = 64; #if !defined(MBEDTLS_DEBUG_C) && \ !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ @@ -5172,17 +5186,17 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) { lbl = "extended master secret"; - salt = session_hash; - handshake->calc_verify( ssl, session_hash, &salt_len ); + seed = session_hash; + handshake->calc_verify( ssl, session_hash, &seed_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret", - session_hash, salt_len ); + session_hash, seed_len ); } -#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ +#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + if( mbedtls_ssl_ciphersuite_uses_psk( handshake->ciphersuite_info ) == 1 && ssl_use_opaque_psk( ssl ) == 1 ) { /* Perform PSK-to-MS expansion in a single step. */ @@ -5202,10 +5216,34 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, else alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); + size_t other_secret_len = 0; + unsigned char* other_secret = NULL; + + switch( handshake->ciphersuite_info->key_exchange ) + { + /* Provide other secret. + * Other secret is stored in premaster, where first 2 bytes hold the + * length of the other key. + */ + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + /* For RSA-PSK other key length is always 48 bytes. */ + other_secret_len = 48; + other_secret = handshake->premaster + 2; + break; + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); + other_secret = handshake->premaster + 2; + break; + default: + break; + } + status = setup_psa_key_derivation( &derivation, psk, alg, - salt, salt_len, + seed, seed_len, (unsigned char const *) lbl, (size_t) strlen( lbl ), + other_secret, other_secret_len, master_secret_len ); if( status != PSA_SUCCESS ) { @@ -5230,7 +5268,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, #endif { ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - lbl, salt, salt_len, + lbl, seed, seed_len, master, master_secret_len ); if( ret != 0 ) @@ -5441,21 +5479,27 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch unsigned char *end = p + sizeof( ssl->handshake->premaster ); const unsigned char *psk = NULL; size_t psk_len = 0; + int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len ); #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) (void) key_ex; #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) { /* * This should never happen because the existence of a PSK is always - * checked before calling this function + * checked before calling this function. + * + * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with + * the shared secret without PSK. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ( key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } } /* @@ -5516,6 +5560,14 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch p += 2 + len; MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); + + /* For opaque PSK fill premaster with the the shared secret without PSK. */ + if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque DHE-PSK" ) ); + return( 0 ); + } } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index dcc7dfb0d..d286764c5 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -73,7 +73,9 @@ int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) return( 0 ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \ + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ) static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) { if( conf->psk_identity == NULL || @@ -87,7 +89,9 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) return( 0 ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || + MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ) */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -2959,10 +2963,6 @@ ecdh_calc_secret: * ciphersuites we offered, so this should never happen. */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - /* uint16 to store content length */ const size_t content_len_size = 2; @@ -3068,30 +3068,40 @@ ecdh_calc_secret: MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 ); pms += zlen_size + zlen; - const unsigned char *psk = NULL; - size_t psk_len = 0; + /* In case of opaque psk skip writting psk to pms. + * Opaque key will be handled later. */ + if( ssl_conf_has_static_raw_psk( ssl->conf ) == 1 ) + { + const unsigned char *psk = NULL; + size_t psk_len = 0; - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function - */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + /* + * This should never happen because the existence of a PSK is always + * checked before calling this function + */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - /* opaque psk<0..2^16-1>; */ - if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* opaque psk<0..2^16-1>; */ + if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - /* Write the PSK length as uint16 */ - MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 ); - pms += 2; + /* Write the PSK length as uint16 */ + MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 ); + pms += 2; - /* Write the PSK itself */ - memcpy( pms, psk, psk_len ); - pms += psk_len; + /* Write the PSK itself */ + memcpy( pms, psk, psk_len ); + pms += psk_len; - ssl->handshake->pmslen = pms - ssl->handshake->premaster; + ssl->handshake->pmslen = pms - ssl->handshake->premaster; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque ECDHE-PSK" ) ); + } } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3138,12 +3148,6 @@ ecdh_calc_secret: #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = ssl_write_encrypted_pms( ssl, header_len, &content_len, 2 ) ) != 0 ) return( ret ); @@ -3153,12 +3157,6 @@ ecdh_calc_secret: #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ @@ -3224,6 +3222,13 @@ ecdh_calc_secret: ( "skip PMS generation for opaque PSK" ) ); } else + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK && + ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque RSA-PSK" ) ); + } + else #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8866d4f38..a60b5adbd 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -171,7 +171,10 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) return( 0 ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \ + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { if( ssl->conf->f_psk != NULL ) @@ -190,7 +193,10 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) return( 0 ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || + MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || + MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, @@ -4041,18 +4047,19 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif - if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret ); return( ret ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + /* For opaque PSKs, we perform the PSK-to-MS derivation automatically + * and skip the intermediate PMS. */ + if( ssl_use_opaque_psk( ssl ) == 1 ) + MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) ); + else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { @@ -4076,12 +4083,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif - if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); @@ -4105,10 +4106,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t ecpoint_len; - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - mbedtls_ssl_handshake_params *handshake = ssl->handshake; if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) @@ -4181,28 +4178,38 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) const unsigned char *psk = NULL; size_t psk_len = 0; - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function - */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + /* In case of opaque psk skip writting psk to pms. + * Opaque key will be handled later. */ + if( ssl_use_opaque_psk( ssl ) == 0 ) + { + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + /* + * This should never happen because the existence of a PSK is always + * checked before calling this function + */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - /* opaque psk<0..2^16-1>; */ - if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* opaque psk<0..2^16-1>; */ + if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - /* Write the PSK length as uint16 */ - MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 ); - psm += 2; + /* Write the PSK length as uint16 */ + MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 ); + psm += 2; - /* Write the PSK itself */ - memcpy( psm, psk, psk_len ); - psm += psk_len; + /* Write the PSK itself */ + memcpy( psm, psk, psk_len ); + psm += psk_len; - ssl->handshake->pmslen = psm - ssl->handshake->premaster; -#else + ssl->handshake->pmslen = psm - ssl->handshake->premaster; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque ECDHE-PSK" ) ); + } +#else /* MBEDTLS_USE_PSA_CRYPTO */ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cd6098682..2f33d8f59 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1406,17 +1406,6 @@ int main( int argc, char *argv[] ) #if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if( opt.psk_opaque != 0 ) { - /* Ensure that the chosen ciphersuite is PSK-only; we must know - * the ciphersuite in advance to set the correct policy for the - * PSK key slot. This limitation might go away in the future. */ - if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK || - opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 ) - { - mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" ); - ret = 2; - goto usage; - } - /* Determine KDF algorithm the opaque PSK will be used in. */ #if defined(MBEDTLS_SHA384_C) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a91af0eb5..46c6b7601 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2207,17 +2207,6 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 ) { - /* Ensure that the chosen ciphersuite is PSK-only; we must know - * the ciphersuite in advance to set the correct policy for the - * PSK key slot. This limitation might go away in the future. */ - if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK || - opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 ) - { - mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" ); - ret = 2; - goto usage; - } - /* Determine KDF algorithm the opaque PSK will be used in. */ #if defined(MBEDTLS_SHA384_C) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4f282699b..dcee5df60 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6452,6 +6452,186 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque rsa-psk on client, no callback" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque RSA-PSK"\ + -S "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque RSA-PSK"\ + -S "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque RSA-PSK"\ + -S "skip PMS generation for opaque RSA-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque RSA-PSK"\ + -S "skip PMS generation for opaque RSA-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque dhe-psk on client, no callback" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque DHE-PSK"\ + -S "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque DHE-PSK"\ + -S "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque DHE-PSK"\ + -S "skip PMS generation for opaque DHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque DHE-PSK"\ + -S "skip PMS generation for opaque DHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ @@ -6514,6 +6694,192 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ + "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ + "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ + "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ @@ -6576,6 +6942,192 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque RSA-PSK"\ + -s "skip PMS generation for opaque RSA-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque DHE-PSK"\ + -s "skip PMS generation for opaque DHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \