From 25cf98a4171c220bf149e413c2aec52164648326 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Fri, 20 May 2022 10:00:40 +0200
Subject: [PATCH] test: add DTLSv1.3 test suites

---
 tests/include.am                 |   3 +
 tests/suites.c                   |  36 +++++
 tests/test-dtls13-downgrade.conf |  11 ++
 tests/test-dtls13-psk.conf       |  54 +++++++
 tests/test-dtls13.conf           | 262 +++++++++++++++++++++++++++++++
 5 files changed, 366 insertions(+)
 create mode 100644 tests/test-dtls13-downgrade.conf
 create mode 100644 tests/test-dtls13-psk.conf
 create mode 100644 tests/test-dtls13.conf

diff --git a/tests/include.am b/tests/include.am
index 555ca90f6..c4b6b7af4 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -40,6 +40,9 @@ EXTRA_DIST += tests/unit.h \
               tests/test-dtls-sha2.conf \
               tests/test-dtls-srtp.conf \
               tests/test-dtls-srtp-fails.conf \
+              tests/test-dtls13.conf \
+              tests/test-dtls13-downgrade.conf \
+              tests/test-dtls13-psk.conf \
               tests/test-sctp.conf \
               tests/test-sctp-sha2.conf \
               tests/test-sig.conf \
diff --git a/tests/suites.c b/tests/suites.c
index 86bdcf20c..5f1a1fb62 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1088,6 +1088,42 @@ int SuiteTest(int argc, char** argv)
     strcpy(argv0[2], "");
 #endif
 
+#ifdef WOLFSSL_DTLS13
+    args.argc = 2;
+    strcpy(argv0[1], "tests/test-dtls13.conf");
+    printf("starting DTLSv1.3 suite\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+
+#ifndef WOLFSSL_NO_TLS12
+    args.argc = 2;
+    strcpy(argv0[1], "tests/test-dtls13-downgrade.conf");
+    printf("starting DTLSv1.3 suite - downgrade\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif /* WOLFSSL_NO_TLS12 */
+
+#ifndef NO_PSK
+    XSTRLCPY(argv0[1], "tests/test-dtls13-psk.conf", sizeof(argv0[1]));
+    printf("starting DTLS 1.3 psk suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif /* NO_PSK */
+
+#endif /* WOLFSSL_DTLS13 */
+
 #endif
 #ifdef WOLFSSL_SCTP
     /* add dtls-sctp extra suites */
diff --git a/tests/test-dtls13-downgrade.conf b/tests/test-dtls13-downgrade.conf
new file mode 100644
index 000000000..4bde3259f
--- /dev/null
+++ b/tests/test-dtls13-downgrade.conf
@@ -0,0 +1,11 @@
+# server DTLSv1.3 allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+
+# client TLSv1.2 group message
+-v 3
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+-f
diff --git a/tests/test-dtls13-psk.conf b/tests/test-dtls13-psk.conf
new file mode 100644
index 000000000..bb4093f29
--- /dev/null
+++ b/tests/test-dtls13-psk.conf
@@ -0,0 +1,54 @@
+# server TLSv1.3 PSK
+# Use AES128-GCM and SHA256
+-v 4
+-u
+-s
+-l TLS13-AES128-GCM-SHA256
+-d
+
+# client TLSv1.3 PSK
+# Use AES128-GCM and SHA256
+-v 4
+-u
+-s
+-l TLS13-AES128-GCM-SHA256
+
+# server TLSv1.3 PSK plus
+-v 4
+-u
+-j
+-l TLS13-AES128-GCM-SHA256
+-d
+
+# client TLSv1.3 PSK
+-v 4
+-u
+-s
+-l TLS13-AES128-GCM-SHA256
+
+# server TLSv1.3 PSK
+-v 4
+-u
+-j
+-l TLS13-AES128-GCM-SHA256
+-d
+
+# client TLSv1.3 not-PSK
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+
+# server TLSv1.3 PSK
+# AES256-GCM and SHA384
+-v 4
+-u
+-s
+-l TLS13-AES256-GCM-SHA384
+-d
+
+# client TLSv1.3 PSK
+# AES256-GCM and SHA384
+-v 4
+-u
+-s
+-l TLS13-AES256-GCM-SHA384
diff --git a/tests/test-dtls13.conf b/tests/test-dtls13.conf
new file mode 100644
index 000000000..516a61796
--- /dev/null
+++ b/tests/test-dtls13.conf
@@ -0,0 +1,262 @@
+# server DTLSv1.3 defaults
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256
+
+# client DTLSv1.3 defaults
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256
+
+# server DTLSv1.3 defaults async I/O
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256
+-6
+
+# client DTLSv1.3 defaults async I/O
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256
+-6
+
+# server DTLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
+-u
+-v 4
+-l TLS13-CHACHA20-POLY1305-SHA256
+
+# client DTLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
+-u
+-v 4
+-l TLS13-CHACHA20-POLY1305-SHA256
+
+# server DTLSv1.3 TLS13-AES128-CCM-SHA256
+-v 4
+-u
+-l TLS13-AES128-CCM-SHA256
+
+# client DTLSv1.3 TLS13-AES128-CCM-SHA256
+-u
+-v 4
+-u
+-l TLS13-AES128-CCM-SHA256
+
+# server DTLSv1.3 resumption
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-r
+
+# client DTLSv1.3 resumption
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-r
+
+# server DTLSv1.3 resumption - SHA384
+-v 4
+-u
+-l TLS13-AES256-GCM-SHA384
+-r
+
+# client DTLSv1.3 resumption - SHA384
+-v 4
+-u
+-l TLS13-AES256-GCM-SHA384
+-r
+
+# server DTLSv1.3 PSK without (EC)DHE
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-r
+
+# client DTLSv1.3 PSK without (EC)DHE
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-r
+-K
+
+# server DTLSv1.3 accepting EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+-0
+
+# client DTLSv1.3 sending EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+-0
+
+# client DTLSv1.3 sending EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+-0
+
+# server DTLSv1.3 not accepting EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+
+# server DTLSv1.3 accepting EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+-0
+
+# client DTLSv1.3 not sending EarlyData
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-r
+
+# server DTLSv1.3
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+
+# client DTLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm
+-u
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-J
+
+# server DTLSv1.3
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-J
+
+# client DTLSv1.3 HelloRetryRequest with cookie
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-J
+
+# server DTLSv1.3
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+
+# client DTLSv1.3 DH key exchange
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-y
+
+# server DTLSv1.3
+-v 4
+-l TLS13-AES128-GCM-SHA256
+
+# client DTLSv1.3 ECC key exchange
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-Y
+
+# server DTLSv1.3 multiple cipher suites
+-v 4
+-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256
+
+# client DTLSv1.3
+-v 4
+-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256
+
+# server DTLSv1.3 KeyUpdate
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-U
+
+# client DTLSv1.3 KeyUpdate
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-I
+
+# server DTLSv1.3 KeyUpdate
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-U
+
+# client DTLSv1.3 KeyUpdate
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-I
+
+# server DTLSv1.3 No session ticket
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-u
+-T
+
+# client DTLSv1.3  No session ticket
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+
+# server DTLSv1.3 No session ticket
+-v 4
+-l TLS13-AES128-GCM-SHA256
+-u
+
+# client DTLSv1.3 wait ticket
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+--waitTicket
+
+# server DTLSv1.3 Post-Handshake Authentication
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-Q
+
+# client DTLSv1.3 Post-Handshake Authentication
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-Q
+
+# server DTLSv1.3 group messages
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-f
+
+# client DTLSv1.3 group message
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-f
+
+# server DTLSv1.3 group messages
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-f
+
+# client DTLSv1.3
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+
+# server DTLSv1.3
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+
+# client DTLSv1.3 group message
+-v 4
+-u
+-l TLS13-AES128-GCM-SHA256
+-f