TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 1b149ef7467b6e2eaf856801aeb9dd98e6929f1f / . / tests / compat.sh
blob: db24d7ca5ad127efc2d3c8c202bc1cb533a5b8f9 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]6let "tests = 0"
7let "failed = 0"
8let "skipped = 0"
9
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]10# default values, can be overriden by the environment
11: ${P_SRV:=../programs/ssl/ssl_server2}
12: ${P_CLI:=../programs/ssl/ssl_client2}
13: ${OPENSSL:=openssl}
14
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]15MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]16VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]17TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]18FILTER=""
19VERBOSE=""
20
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]21print_usage() {
22 echo "Usage: $0"
23 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
24 echo -e " -h|--help\t\tPrint this help."
25 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
26 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
27 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
28 echo -e " -v|--verbose\t\tSet verbose output."
29}
30
31get_options() {
32 while [ $# -gt 0 ]; do
33 case "$1" in
34 -f|--filter)
35 shift; FILTER=$1
36 ;;
37 -m|--modes)
38 shift; MODES=$1
39 ;;
40 -t|--types)
41 shift; TYPES=$1
42 ;;
43 -V|--verify)
44 shift; VERIFIES=$1
45 ;;
46 -v|--verbose)
47 VERBOSE=1
48 ;;
49 -h|--help)
50 print_usage
51 exit 0
52 ;;
53 *)
54 echo "Unknown argument: '$1'"
55 print_usage
56 exit 1
57 ;;
58 esac
59 shift
60 done
61}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]62
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]63log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]64 if [ "X" != "X$VERBOSE" ]; then
65 echo "$@"
66 fi
67}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]68
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]69filter()
70{
71 LIST=$1
72 FILTER=$2
73
74 NEW_LIST=""
75
76 for i in $LIST;
77 do
78 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
79 done
80
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]81 # normalize whitespace
82 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]83}
84
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]85setup_ciphersuites()
86{
87 P_CIPHERS=""
88 O_CIPHERS=""
89
90 case $TYPE in
91
92 "ECDSA")
93 if [ "$MODE" != "ssl3" ];
94 then
95 P_CIPHERS="$P_CIPHERS \
96 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
97 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
98 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
99 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
100 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
101 TLS-ECDH-ECDSA-WITH-NULL-SHA \
102 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
103 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
104 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
105 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
106 "
107 O_CIPHERS="$O_CIPHERS \
108 ECDHE-ECDSA-NULL-SHA \
109 ECDHE-ECDSA-RC4-SHA \
110 ECDHE-ECDSA-DES-CBC3-SHA \
111 ECDHE-ECDSA-AES128-SHA \
112 ECDHE-ECDSA-AES256-SHA \
113 ECDH-ECDSA-NULL-SHA \
114 ECDH-ECDSA-RC4-SHA \
115 ECDH-ECDSA-DES-CBC3-SHA \
116 ECDH-ECDSA-AES128-SHA \
117 ECDH-ECDSA-AES256-SHA \
118 "
119 fi
120 if [ "$MODE" = "tls1_2" ];
121 then
122 P_CIPHERS="$P_CIPHERS \
123 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
124 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
125 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
126 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
127 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
128 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
129 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
130 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
131 "
132 O_CIPHERS="$O_CIPHERS \
133 ECDHE-ECDSA-AES128-SHA256 \
134 ECDHE-ECDSA-AES256-SHA384 \
135 ECDHE-ECDSA-AES128-GCM-SHA256 \
136 ECDHE-ECDSA-AES256-GCM-SHA384 \
137 ECDH-ECDSA-AES128-SHA256 \
138 ECDH-ECDSA-AES256-SHA384 \
139 ECDH-ECDSA-AES128-GCM-SHA256 \
140 ECDH-ECDSA-AES256-GCM-SHA384 \
141 "
142 fi
143 ;;
144
145 "RSA")
146 P_CIPHERS="$P_CIPHERS \
147 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
148 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
149 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
150 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
151 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
152 TLS-RSA-WITH-AES-256-CBC-SHA \
153 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
154 TLS-RSA-WITH-AES-128-CBC-SHA \
155 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
156 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
157 TLS-RSA-WITH-RC4-128-SHA \
158 TLS-RSA-WITH-RC4-128-MD5 \
159 TLS-RSA-WITH-NULL-MD5 \
160 TLS-RSA-WITH-NULL-SHA \
161 TLS-RSA-WITH-DES-CBC-SHA \
162 TLS-DHE-RSA-WITH-DES-CBC-SHA \
163 "
164 O_CIPHERS="$O_CIPHERS \
165 DHE-RSA-AES128-SHA \
166 DHE-RSA-AES256-SHA \
167 DHE-RSA-CAMELLIA128-SHA \
168 DHE-RSA-CAMELLIA256-SHA \
169 EDH-RSA-DES-CBC3-SHA \
170 AES256-SHA \
171 CAMELLIA256-SHA \
172 AES128-SHA \
173 CAMELLIA128-SHA \
174 DES-CBC3-SHA \
175 RC4-SHA \
176 RC4-MD5 \
177 NULL-MD5 \
178 NULL-SHA \
179 DES-CBC-SHA \
180 EDH-RSA-DES-CBC-SHA \
181 "
182 if [ "$MODE" != "ssl3" ];
183 then
184 P_CIPHERS="$P_CIPHERS \
185 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
186 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
187 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
188 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
189 TLS-ECDHE-RSA-WITH-NULL-SHA \
190 "
191 O_CIPHERS="$O_CIPHERS \
192 ECDHE-RSA-AES256-SHA \
193 ECDHE-RSA-AES128-SHA \
194 ECDHE-RSA-DES-CBC3-SHA \
195 ECDHE-RSA-RC4-SHA \
196 ECDHE-RSA-NULL-SHA \
197 "
198 fi
199 if [ "$MODE" = "tls1_2" ];
200 then
201 P_CIPHERS="$P_CIPHERS \
202 TLS-RSA-WITH-NULL-SHA256 \
203 TLS-RSA-WITH-AES-128-CBC-SHA256 \
204 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
205 TLS-RSA-WITH-AES-256-CBC-SHA256 \
206 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
207 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
208 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
209 TLS-RSA-WITH-AES-128-GCM-SHA256 \
210 TLS-RSA-WITH-AES-256-GCM-SHA384 \
211 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
212 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
213 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
214 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
215 "
216 O_CIPHERS="$O_CIPHERS \
217 NULL-SHA256 \
218 AES128-SHA256 \
219 DHE-RSA-AES128-SHA256 \
220 AES256-SHA256 \
221 DHE-RSA-AES256-SHA256 \
222 ECDHE-RSA-AES128-SHA256 \
223 ECDHE-RSA-AES256-SHA384 \
224 AES128-GCM-SHA256 \
225 DHE-RSA-AES128-GCM-SHA256 \
226 AES256-GCM-SHA384 \
227 DHE-RSA-AES256-GCM-SHA384 \
228 ECDHE-RSA-AES128-GCM-SHA256 \
229 ECDHE-RSA-AES256-GCM-SHA384 \
230 "
231 fi
232 ;;
233
234 "PSK")
235 P_CIPHERS="$P_CIPHERS \
236 TLS-PSK-WITH-RC4-128-SHA \
237 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
238 TLS-PSK-WITH-AES-128-CBC-SHA \
239 TLS-PSK-WITH-AES-256-CBC-SHA \
240 "
241 O_CIPHERS="$O_CIPHERS \
242 PSK-RC4-SHA \
243 PSK-3DES-EDE-CBC-SHA \
244 PSK-AES128-CBC-SHA \
245 PSK-AES256-CBC-SHA \
246 "
247 ;;
248 esac
249
250 # Filter ciphersuites
251 if [ "X" != "X$FILTER" ];
252 then
253 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
254 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
255 fi
256
257}
258
259add_polarssl_ciphersuites()
260{
261 ADD_CIPHERS=""
262
263 case $TYPE in
264
265 "ECDSA")
266 if [ "$MODE" != "ssl3" ];
267 then
268 ADD_CIPHERS="$ADD_CIPHERS \
269 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
270 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
271 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
272 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
273 "
274 fi
275 if [ "$MODE" = "tls1_2" ];
276 then
277 ADD_CIPHERS="$ADD_CIPHERS \
278 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
279 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
280 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
281 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
282 "
283 fi
284 ;;
285
286 "RSA")
287 if [ "$MODE" != "ssl3" ];
288 then
289 ADD_CIPHERS="$ADD_CIPHERS \
290 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
291 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
292 "
293 fi
294 if [ "$MODE" = "tls1_2" ];
295 then
296 ADD_CIPHERS="$ADD_CIPHERS \
297 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
298 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
299 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
300 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
301 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
302 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
303 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
304 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
305 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
306 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
307 "
308 fi
309 ;;
310
311 "PSK")
312 ADD_CIPHERS="$ADD_CIPHERS \
313 TLS-DHE-PSK-WITH-RC4-128-SHA \
314 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
315 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
316 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
317 TLS-DHE-PSK-WITH-NULL-SHA \
318 TLS-PSK-WITH-NULL-SHA \
319 TLS-RSA-PSK-WITH-RC4-128-SHA \
320 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
321 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
322 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
323 TLS-RSA-WITH-NULL-SHA \
324 TLS-RSA-WITH-NULL-MD5 \
325 TLS-PSK-WITH-AES-128-CBC-SHA256 \
326 TLS-PSK-WITH-AES-256-CBC-SHA384 \
327 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
328 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
329 TLS-PSK-WITH-NULL-SHA256 \
330 TLS-PSK-WITH-NULL-SHA384 \
331 TLS-DHE-PSK-WITH-NULL-SHA256 \
332 TLS-DHE-PSK-WITH-NULL-SHA384 \
333 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
334 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
335 TLS-RSA-PSK-WITH-NULL-SHA256 \
336 TLS-RSA-PSK-WITH-NULL-SHA384 \
337 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
338 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
339 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
340 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
341 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
342 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
343 "
344 if [ "$MODE" != "ssl3" ];
345 then
346 ADD_CIPHERS="$ADD_CIPHERS \
347 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
348 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
349 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
350 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
351 TLS-ECDHE-PSK-WITH-NULL-SHA \
352 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
353 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
354 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
355 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
356 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
357 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
358 "
359 fi
360 if [ "$MODE" = "tls1_2" ];
361 then
362 ADD_CIPHERS="$ADD_CIPHERS \
363 TLS-PSK-WITH-AES-128-GCM-SHA256 \
364 TLS-PSK-WITH-AES-256-GCM-SHA384 \
365 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
366 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
367 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
368 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
369 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
370 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
371 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
372 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
373 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
374 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
375 TLS-RSA-WITH-NULL-SHA256 \
376 "
377 fi
378 ;;
379 esac
380
381 # Filter new ciphersuites and add them
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]382 if [ "X" != "X$FILTER" ]; then
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]383 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
384 fi
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]385 # avoid P_CIPHERS being only ' '
386 if [ "X" != "X$P_CIPHERS" ]; then
387 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
388 else
389 P_CIPHERS="$ADD_CIPHERS"
390 fi
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]391}
392
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]393setup_arguments()
394{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]395 # avoid an avalanche of errors due to typos
396 case $MODE in
397 ssl3|tls1|tls1_1|tls1_2)
398 ;;
399 *)
400 echo "error: invalid mode: $MODE" >&2
401 exit 1;
402 esac
403
404 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]405 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]406 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
407 O_CLIENT_ARGS="-$MODE"
408
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]409 if [ "X$VERIFY" = "XYES" ];
410 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]411 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]412 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]413 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]414 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
415 else
416 # ssl_server2 defaults to optional, but we want to test handshakes
417 # that don't exchange client certificate at all too
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame^]418 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
419 # give dummy CA to clients
420 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/cli2.crt"
421 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/cli2.crt"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]422 fi
423
424 case $TYPE in
425 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]426 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]427 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame^]428 if [ "X$VERIFY" = "XYES" ]; then
429 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
430 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
431 else
432 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
433 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]434 ;;
435
436 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]437 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]438 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame^]439 if [ "X$VERIFY" = "XYES" ]; then
440 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
441 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
442 else
443 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
444 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]445 ;;
446
447 "PSK")
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame^]448 # give our server a certificate for RSA-PSK
449 # (should be a separate type, but harder to close with openssl)
450 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
451 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
452 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]453 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]454 ;;
455 esac
456}
457
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]458# start_server <name>
459# also saves name and command
460start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]461 case $1 in
462 [Oo]pen*)
463 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
464 ;;
465 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]466 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]467 ;;
468 *)
469 echo "error: invalid server name: $1" >&2
470 exit 1
471 ;;
472 esac
473 SERVER_NAME=$1
474
475 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]476 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]477 PROCESS_ID=$!
478
479 sleep 1
480}
481
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]482# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]483stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]484 case $SERVER_NAME in
485 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]486 # we must force a PSK suite when in PSK mode (otherwise client
487 # auth will fail), so use $O_CIPHERS
488 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
489 echo SERVERQUIT | \
490 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]491 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]492 *)
493 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]494 esac
495
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]496 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]497 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]498}
499
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]500# kill the running server (used when killed by signal)
501cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]502 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]503 kill $PROCESS_ID
504 exit 1
505}
506
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]507# run_client <name> <cipher>
508run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]509 # announce what we're going to do
510 let "tests++"
511 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
512 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
513 echo -n "$TITLE"
514 LEN=`echo "$TITLE" | wc -c`
515 LEN=`echo 72 - $LEN | bc`
516 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
517
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]518 # run the command and interpret result
519 case $1 in
520 [Oo]pen*)
521 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
522 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]523 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]524 EXIT=$?
525
526 if [ "$EXIT" == "0" ]; then
527 RESULT=0
528 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]529 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]530 RESULT=1
531 else
532 RESULT=2
533 fi
534 fi
535 ;;
536
537 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]538 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]539 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]540 $CLIENT_CMD > cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]541 EXIT=$?
542
543 case $EXIT in
544 "0") RESULT=0 ;;
545 "2") RESULT=1 ;;
546 *) RESULT=2 ;;
547 esac
548 ;;
549
550 *)
551 echo "error: invalid client name: $1" >&2
552 exit 1
553 ;;
554 esac
555
556 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]557 case $RESULT in
558 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]559 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]560 ;;
561 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]562 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]563 let "skipped++"
564 ;;
565 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]566 echo FAIL
567 echo " ! $SERVER_CMD"
568 echo " ! $CLIENT_CMD"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame^]569 echo -n " ! end of client output: "
570 tail -n5 cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]571 let "failed++"
572 ;;
573 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]574
575 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]576}
577
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]578#
579# MAIN
580#
581
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]582# sanity checks, avoid an avalanche of errors
583if [ ! -x "$P_SRV" ]; then
584 echo "Command '$P_SRV' is not an executable file"
585 exit 1
586fi
587if [ ! -x "$P_CLI" ]; then
588 echo "Command '$P_CLI' is not an executable file"
589 exit 1
590fi
591if which $OPENSSL >/dev/null 2>&1; then :; else
592 echo "Command '$OPENSSL' not found"
593 exit 1
594fi
595
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]596get_options "$@"
597
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]598killall -q openssl ssl_server ssl_server2
599trap cleanup INT TERM HUP
600
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]601for VERIFY in $VERIFIES; do
602 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]603 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]604
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]605 setup_arguments
606 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]607
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]608 if [ "X" != "X$P_CIPHERS" ]; then
609 start_server "OpenSSL"
610 for i in $P_CIPHERS; do
611 run_client PolarSSL $i
612 done
613 stop_server
614 fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]615
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]616 if [ "X" != "X$O_CIPHERS" ]; then
617 start_server "PolarSSL"
618 for i in $O_CIPHERS; do
619 run_client OpenSSL $i
620 done
621 stop_server
622 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]623
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]624 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]625
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]626 if [ "X" != "X$P_CIPHERS" ]; then
627 start_server "PolarSSL"
628 for i in $P_CIPHERS; do
629 run_client PolarSSL $i
630 done
631 stop_server
632 fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]633
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]634 done
635 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]636done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]637
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]638echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]639
640if (( failed != 0 ));
641then
642 echo -n "FAILED"
643else
644 echo -n "PASSED"
645fi
646
647let "passed = tests - failed"
648echo " ($passed / $tests tests ($skipped skipped))"
649
650exit $failed