TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 524691c0a0849c9f271992b61d828afaa849a01a / . / tests / compat.sh
blob: eaa12deaf649b9d593fc2aef5ae9bbbb8128841d [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]5MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]6VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]7OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]8FILTER=""
9VERBOSE=""
10
11# Parse arguments
12#
13until [ -z "$1" ]
14do
15 case "$1" in
16 -f|--filter)
17 # Filter ciphersuites
18 shift
19 FILTER=$1
20 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame^]21 -m|--modes)
22 # Perform modes
23 shift
24 MODES=$1
25 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]26 -v|--verbose)
27 # Set verbosity
28 shift
29 VERBOSE=1
30 ;;
31 -h|--help)
32 # print help
33 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame^]34 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]35 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame^]36 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]37 echo -e " -v|--verbose\t\tSet verbose output."
38 exit 1
39 ;;
40 *)
41 # print error
42 echo "Unknown argument: '$1'"
43 exit 1
44 ;;
45 esac
46 shift
47done
48
49log () {
50 if [ "X" != "X$VERBOSE" ]; then
51 echo "$@"
52 fi
53}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]54
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]55for VERIFY in $VERIFIES;
56do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]57P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
58P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
59O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
60O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
61
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]62if [ "X$VERIFY" = "XYES" ];
63then
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]64 P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
65 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
66 O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
67 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]68fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]69
70for MODE in $MODES;
71do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]72echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]73echo "-----------"
74
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]75P_CIPHERS=" \
76 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
77 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
78 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
79 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
80 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
81 TLS-RSA-WITH-AES-256-CBC-SHA \
82 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
83 TLS-RSA-WITH-AES-128-CBC-SHA \
84 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
85 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
86 TLS-RSA-WITH-RC4-128-SHA \
87 TLS-RSA-WITH-RC4-128-MD5 \
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]88 TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]89 TLS-RSA-WITH-NULL-MD5 \
90 TLS-RSA-WITH-NULL-SHA \
91 TLS-RSA-WITH-DES-CBC-SHA \
92 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]93 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
94 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
95 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
96 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]97 TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]98 TLS-PSK-WITH-RC4-128-SHA \
99 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
100 TLS-PSK-WITH-AES-128-CBC-SHA \
101 TLS-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]102 "
103
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]104O_CIPHERS=" \
105 DHE-RSA-AES128-SHA \
106 DHE-RSA-AES256-SHA \
107 DHE-RSA-CAMELLIA128-SHA \
108 DHE-RSA-CAMELLIA256-SHA \
109 EDH-RSA-DES-CBC3-SHA \
110 AES256-SHA \
111 CAMELLIA256-SHA \
112 AES128-SHA \
113 CAMELLIA128-SHA \
114 DES-CBC3-SHA \
115 RC4-SHA \
116 RC4-MD5 \
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]117 EXP-RC4-MD5 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]118 NULL-MD5 \
119 NULL-SHA \
120 DES-CBC-SHA \
121 EDH-RSA-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]122 ECDHE-RSA-AES256-SHA \
123 ECDHE-RSA-AES128-SHA \
124 ECDHE-RSA-DES-CBC3-SHA \
125 ECDHE-RSA-RC4-SHA \
126 ECDHE-RSA-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]127 PSK-RC4-SHA \
128 PSK-3DES-EDE-CBC-SHA \
129 PSK-AES128-CBC-SHA \
130 PSK-AES256-CBC-SHA
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]131 "
132
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]133# Also add SHA256 ciphersuites
134#
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]135if [ "$MODE" = "tls1_2" ];
136then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]137 P_CIPHERS="$P_CIPHERS \
138 TLS-RSA-WITH-NULL-SHA256 \
139 TLS-RSA-WITH-AES-128-CBC-SHA256 \
140 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
141 TLS-RSA-WITH-AES-256-CBC-SHA256 \
142 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]143 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
144 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]145 "
146
147 O_CIPHERS="$O_CIPHERS \
148 NULL-SHA256 \
149 AES128-SHA256 \
150 DHE-RSA-AES128-SHA256 \
151 AES256-SHA256 \
152 DHE-RSA-AES256-SHA256 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]153 ECDHE-RSA-AES128-SHA256 \
154 ECDHE-RSA-AES256-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]155 "
156
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]157 P_CIPHERS="$P_CIPHERS \
158 TLS-RSA-WITH-AES-128-GCM-SHA256 \
159 TLS-RSA-WITH-AES-256-GCM-SHA384 \
160 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
161 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]162 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
163 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]164 "
165
166 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]167 AES128-GCM-SHA256 \
168 DHE-RSA-AES128-GCM-SHA256 \
169 AES256-GCM-SHA384 \
170 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]171 ECDHE-RSA-AES128-GCM-SHA256 \
172 ECDHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]173 "
174fi
175
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]176filter()
177{
178 LIST=$1
179 FILTER=$2
180
181 NEW_LIST=""
182
183 for i in $LIST;
184 do
185 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
186 done
187
188 echo "$NEW_LIST"
189}
190
191# Filter ciphersuites
192if [ "X" != "X$FILTER" ];
193then
194 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
195 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
196fi
197
198
199log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]200$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]201PROCESS_ID=$!
202
203sleep 1
204
205for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]206do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]207 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]208 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]209 EXIT=$?
210 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
211 if [ "$EXIT" = "2" ];
212 then
213 echo Ciphersuite not supported in client
214 elif [ "$EXIT" != "0" ];
215 then
216 echo Failed
217 echo $RESULT
218 else
219 echo Success
220 fi
221done
222kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]223wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]224
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]225log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]226../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]227PROCESS_ID=$!
228
229sleep 1
230
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]231for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]232do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]233 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]234 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]235 EXIT=$?
236 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
237
238 if [ "$EXIT" != "0" ];
239 then
240 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
241 if [ "X$SUPPORTED" != "X" ]
242 then
243 echo "Ciphersuite not supported in server"
244 else
245 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]246 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
247 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]248 echo $RESULT
249 fi
250 else
251 echo Success
252 fi
253done
254
255kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]256wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]257
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]258log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]259../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]260PROCESS_ID=$!
261
262sleep 1
263
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]264# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
265# or SHA384
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]266# Add for PolarSSL only test, which does support them.
267#
268if [ "$MODE" = "tls1_2" ];
269then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]270 P_CIPHERS="$P_CIPHERS \
271 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
272 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
273 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
274 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]275 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
276 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]277 TLS-PSK-WITH-AES-128-CBC-SHA256 \
278 TLS-PSK-WITH-AES-256-CBC-SHA384 \
279 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
280 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
281 TLS-PSK-WITH-AES-128-GCM-SHA256 \
282 TLS-PSK-WITH-AES-256-GCM-SHA384 \
283 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
284 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
285 TLS-PSK-WITH-NULL-SHA256 \
286 TLS-PSK-WITH-NULL-SHA384 \
287 TLS-DHE-PSK-WITH-NULL-SHA256 \
288 TLS-DHE-PSK-WITH-NULL-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]289 "
290fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]291
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]292# OpenSSL does not support DHE-PSK ciphers
293# Add for PolarSSL only test, which does support them.
294#
295P_CIPHERS="$P_CIPHERS \
296 TLS-DHE-PSK-WITH-RC4-128-SHA \
297 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
298 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
299 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]300 TLS-PSK-WITH-NULL-SHA \
301 TLS-DHE-PSK-WITH-NULL-SHA \
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]302 "
303
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]304# Filter ciphersuites
305if [ "X" != "X$FILTER" ];
306then
307 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
308 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
309fi
310
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]311for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]312do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]313 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]314 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]315 EXIT=$?
316 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
317 if [ "$EXIT" = "2" ];
318 then
319 echo Ciphersuite not supported in client
320 elif [ "$EXIT" != "0" ];
321 then
322 echo Failed
323 echo $RESULT
324 else
325 echo Success
326 fi
327done
328kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]329wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]330
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]331done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]332done