TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 31a23258109be5c813be5b91fef145224e68806c / . / tests / compat.sh
blob: 03c6bfe79ddaa7174370f2213fc314ae8ed319be [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]123case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]124
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]125 "ECDSA")
126
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]127 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
128 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
129 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
130 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]131
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]132 if [ "$MODE" != "ssl3" ];
133 then
134 P_CIPHERS=" \
135 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
136 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
137 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
138 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
139 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame^]140 TLS-ECDH-ECDSA-WITH-NULL-SHA \
141 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
142 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
143 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
144 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]145 "
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]146
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]147 O_CIPHERS=" \
148 ECDHE-ECDSA-NULL-SHA \
149 ECDHE-ECDSA-RC4-SHA \
150 ECDHE-ECDSA-DES-CBC3-SHA \
151 ECDHE-ECDSA-AES128-SHA \
152 ECDHE-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame^]153 ECDH-ECDSA-NULL-SHA \
154 ECDH-ECDSA-RC4-SHA \
155 ECDH-ECDSA-DES-CBC3-SHA \
156 ECDH-ECDSA-AES128-SHA \
157 ECDH-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]158 "
159 fi
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]160
161 if [ "$MODE" = "tls1_2" ];
162 then
163 P_CIPHERS="$P_CIPHERS \
164 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
165 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
166 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
167 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame^]168 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
169 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
170 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
171 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]172 "
173
174 O_CIPHERS=" \
175 ECDHE-ECDSA-AES128-SHA256 \
176 ECDHE-ECDSA-AES256-SHA384 \
177 ECDHE-ECDSA-AES128-GCM-SHA256 \
178 ECDHE-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame^]179 ECDH-ECDSA-AES128-SHA256 \
180 ECDH-ECDSA-AES256-SHA384 \
181 ECDH-ECDSA-AES128-GCM-SHA256 \
182 ECDH-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]183 "
184 fi
185
186 ;;
187
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]188 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]189
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]190 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
191 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
192 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
193 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]194
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]195 P_CIPHERS=" \
196 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
197 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
198 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
199 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
200 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
201 TLS-RSA-WITH-AES-256-CBC-SHA \
202 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
203 TLS-RSA-WITH-AES-128-CBC-SHA \
204 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
205 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
206 TLS-RSA-WITH-RC4-128-SHA \
207 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]208 TLS-RSA-WITH-NULL-MD5 \
209 TLS-RSA-WITH-NULL-SHA \
210 TLS-RSA-WITH-DES-CBC-SHA \
211 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]212 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]213
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]214 O_CIPHERS=" \
215 DHE-RSA-AES128-SHA \
216 DHE-RSA-AES256-SHA \
217 DHE-RSA-CAMELLIA128-SHA \
218 DHE-RSA-CAMELLIA256-SHA \
219 EDH-RSA-DES-CBC3-SHA \
220 AES256-SHA \
221 CAMELLIA256-SHA \
222 AES128-SHA \
223 CAMELLIA128-SHA \
224 DES-CBC3-SHA \
225 RC4-SHA \
226 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]227 NULL-MD5 \
228 NULL-SHA \
229 DES-CBC-SHA \
230 EDH-RSA-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]231 "
232
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]233 if [ "$MODE" != "ssl3" ];
234 then
235 P_CIPHERS=" \
236 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
237 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
238 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
239 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
240 TLS-ECDHE-RSA-WITH-NULL-SHA \
241 "
242
243 O_CIPHERS=" \
244 ECDHE-RSA-AES256-SHA \
245 ECDHE-RSA-AES128-SHA \
246 ECDHE-RSA-DES-CBC3-SHA \
247 ECDHE-RSA-RC4-SHA \
248 ECDHE-RSA-NULL-SHA \
249 "
250 fi
251
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]252 if [ "$MODE" = "tls1_2" ];
253 then
254 P_CIPHERS="$P_CIPHERS \
255 TLS-RSA-WITH-NULL-SHA256 \
256 TLS-RSA-WITH-AES-128-CBC-SHA256 \
257 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
258 TLS-RSA-WITH-AES-256-CBC-SHA256 \
259 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
260 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
261 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
262 TLS-RSA-WITH-AES-128-GCM-SHA256 \
263 TLS-RSA-WITH-AES-256-GCM-SHA384 \
264 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
265 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
266 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
267 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
268 "
269
270 O_CIPHERS="$O_CIPHERS \
271 NULL-SHA256 \
272 AES128-SHA256 \
273 DHE-RSA-AES128-SHA256 \
274 AES256-SHA256 \
275 DHE-RSA-AES256-SHA256 \
276 ECDHE-RSA-AES128-SHA256 \
277 ECDHE-RSA-AES256-SHA384 \
278 AES128-GCM-SHA256 \
279 DHE-RSA-AES128-GCM-SHA256 \
280 AES256-GCM-SHA384 \
281 DHE-RSA-AES256-GCM-SHA384 \
282 ECDHE-RSA-AES128-GCM-SHA256 \
283 ECDHE-RSA-AES256-GCM-SHA384 \
284 "
285 fi
286
287 ;;
288
289 "PSK")
290
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]291 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
292 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]293 # openssl s_server won't start without certificates...
294 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]295 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]296
297 P_CIPHERS=" \
298 TLS-PSK-WITH-RC4-128-SHA \
299 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
300 TLS-PSK-WITH-AES-128-CBC-SHA \
301 TLS-PSK-WITH-AES-256-CBC-SHA \
302 "
303
304 O_CIPHERS=" \
305 PSK-RC4-SHA \
306 PSK-3DES-EDE-CBC-SHA \
307 PSK-AES128-CBC-SHA \
308 PSK-AES256-CBC-SHA \
309 "
310
311 ;;
312
313esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]314
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]315# Filter ciphersuites
316if [ "X" != "X$FILTER" ];
317then
318 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
319 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
320fi
321
322
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]323log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
324$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]325PROCESS_ID=$!
326
327sleep 1
328
329for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]330do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]331 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]332 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]333 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]334 EXIT=$?
335 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
336 if [ "$EXIT" = "2" ];
337 then
338 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]339 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]340 elif [ "$EXIT" != "0" ];
341 then
342 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]343 echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
344 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]345 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]346 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]347 else
348 echo Success
349 fi
350done
351kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]352wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]353
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]354log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]355../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]356PROCESS_ID=$!
357
358sleep 1
359
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]360for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]361do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]362 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]363 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]364 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]365 EXIT=$?
366 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
367
368 if [ "$EXIT" != "0" ];
369 then
370 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
371 if [ "X$SUPPORTED" != "X" ]
372 then
373 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]374 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]375 else
376 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]377 echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
378 echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]379 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]380 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]381 fi
382 else
383 echo Success
384 fi
385done
386
387kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]388wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]389
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]390log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]391../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]392PROCESS_ID=$!
393
394sleep 1
395
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]396# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]397
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]398case $TYPE in
399
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]400 "ECDSA")
401
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]402 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]403 then
404 P_CIPHERS="$P_CIPHERS \
405 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
406 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame^]407 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
408 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
409 "
410 fi
411
412 if [ "$MODE" = "tls1_2" ];
413 then
414 P_CIPHERS="$P_CIPHERS \
415 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
416 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
417 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
418 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]419 "
420 fi
421
422 ;;
423
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]424 "RSA")
425
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]426 if [ "$MODE" != "ssl3" ];
427 then
428 P_CIPHERS="$P_CIPHERS \
429 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
430 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
431 "
432 fi
433
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]434 if [ "$MODE" = "tls1_2" ];
435 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]436 P_CIPHERS="$P_CIPHERS \
437 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]438 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]439 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]440 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]441 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
442 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]443 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
444 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
445 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
446 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]447 "
448 fi
449
450 ;;
451
452 "PSK")
453
454 P_CIPHERS="$P_CIPHERS \
455 TLS-DHE-PSK-WITH-RC4-128-SHA \
456 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
457 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
458 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]459 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]460 TLS-PSK-WITH-NULL-SHA \
461 TLS-RSA-PSK-WITH-RC4-128-SHA \
462 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
463 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
464 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
465 TLS-RSA-WITH-NULL-SHA \
466 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]467 TLS-PSK-WITH-AES-128-CBC-SHA256 \
468 TLS-PSK-WITH-AES-256-CBC-SHA384 \
469 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
470 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
471 TLS-PSK-WITH-NULL-SHA256 \
472 TLS-PSK-WITH-NULL-SHA384 \
473 TLS-DHE-PSK-WITH-NULL-SHA256 \
474 TLS-DHE-PSK-WITH-NULL-SHA384 \
475 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
476 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
477 TLS-RSA-PSK-WITH-NULL-SHA256 \
478 TLS-RSA-PSK-WITH-NULL-SHA384 \
479 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
480 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
481 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
482 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
483 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
484 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]485 "
486
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]487
488 if [ "$MODE" != "ssl3" ];
489 then
490 P_CIPHERS="$P_CIPHERS \
491 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
492 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
493 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
494 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
495 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]496 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
497 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
498 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
499 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
500 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
501 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]502 "
503 fi
504
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]505 if [ "$MODE" = "tls1_2" ];
506 then
507 P_CIPHERS="$P_CIPHERS \
508 TLS-PSK-WITH-AES-128-GCM-SHA256 \
509 TLS-PSK-WITH-AES-256-GCM-SHA384 \
510 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
511 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
512 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
513 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
514 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
515 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
516 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
517 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
518 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
519 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
520 TLS-RSA-WITH-NULL-SHA256 \
521 "
522 fi
523
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]524esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]525
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]526# Filter ciphersuites
527if [ "X" != "X$FILTER" ];
528then
529 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
530 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
531fi
532
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]533for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]534do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]535 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]536 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]537 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]538 EXIT=$?
539 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
540 if [ "$EXIT" = "2" ];
541 then
542 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]543 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]544 elif [ "$EXIT" != "0" ];
545 then
546 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]547 echo "ssl_server2 $P_SERVER_ARGS"
548 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]549 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]550 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]551 else
552 echo Success
553 fi
554done
555kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]556wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]557
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]558done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]559done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]560done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]561
562echo ""
563echo "-------------------------------------------------------------------------"
564echo ""
565
566if (( failed != 0 ));
567then
568 echo -n "FAILED"
569else
570 echo -n "PASSED"
571fi
572
573let "passed = tests - failed"
574echo " ($passed / $tests tests ($skipped skipped))"
575
576exit $failed