TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / fe40f484fb16b4c32fc8e3160065184b6c27d606 / . / tests / compat.sh
blob: bf1691b3b49b6119a0434a52ce548c338f0586a0 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]123P_CIPHERS=""
124O_CIPHERS=""
125
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]126case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]127
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]128 "ECDSA")
129
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]130 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
131 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
132 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
133 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]134
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]135 if [ "$MODE" != "ssl3" ];
136 then
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]137 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]138 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
139 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
140 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
141 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
142 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]143 TLS-ECDH-ECDSA-WITH-NULL-SHA \
144 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
145 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
146 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
147 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]148 "
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]149
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]150 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]151 ECDHE-ECDSA-NULL-SHA \
152 ECDHE-ECDSA-RC4-SHA \
153 ECDHE-ECDSA-DES-CBC3-SHA \
154 ECDHE-ECDSA-AES128-SHA \
155 ECDHE-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]156 ECDH-ECDSA-NULL-SHA \
157 ECDH-ECDSA-RC4-SHA \
158 ECDH-ECDSA-DES-CBC3-SHA \
159 ECDH-ECDSA-AES128-SHA \
160 ECDH-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]161 "
162 fi
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]163
164 if [ "$MODE" = "tls1_2" ];
165 then
166 P_CIPHERS="$P_CIPHERS \
167 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
168 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
169 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
170 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]171 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
172 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
173 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
174 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]175 "
176
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]177 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]178 ECDHE-ECDSA-AES128-SHA256 \
179 ECDHE-ECDSA-AES256-SHA384 \
180 ECDHE-ECDSA-AES128-GCM-SHA256 \
181 ECDHE-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]182 ECDH-ECDSA-AES128-SHA256 \
183 ECDH-ECDSA-AES256-SHA384 \
184 ECDH-ECDSA-AES128-GCM-SHA256 \
185 ECDH-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]186 "
187 fi
188
189 ;;
190
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]191 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]192
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]193 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
194 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
195 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
196 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]197
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]198 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]199 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
200 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
201 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
202 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
203 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
204 TLS-RSA-WITH-AES-256-CBC-SHA \
205 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
206 TLS-RSA-WITH-AES-128-CBC-SHA \
207 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
208 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
209 TLS-RSA-WITH-RC4-128-SHA \
210 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]211 TLS-RSA-WITH-NULL-MD5 \
212 TLS-RSA-WITH-NULL-SHA \
213 TLS-RSA-WITH-DES-CBC-SHA \
214 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]215 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]216
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]217 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]218 DHE-RSA-AES128-SHA \
219 DHE-RSA-AES256-SHA \
220 DHE-RSA-CAMELLIA128-SHA \
221 DHE-RSA-CAMELLIA256-SHA \
222 EDH-RSA-DES-CBC3-SHA \
223 AES256-SHA \
224 CAMELLIA256-SHA \
225 AES128-SHA \
226 CAMELLIA128-SHA \
227 DES-CBC3-SHA \
228 RC4-SHA \
229 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]230 NULL-MD5 \
231 NULL-SHA \
232 DES-CBC-SHA \
233 EDH-RSA-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]234 "
235
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]236 if [ "$MODE" != "ssl3" ];
237 then
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]238 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]239 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
240 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
241 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
242 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
243 TLS-ECDHE-RSA-WITH-NULL-SHA \
244 "
245
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]246 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]247 ECDHE-RSA-AES256-SHA \
248 ECDHE-RSA-AES128-SHA \
249 ECDHE-RSA-DES-CBC3-SHA \
250 ECDHE-RSA-RC4-SHA \
251 ECDHE-RSA-NULL-SHA \
252 "
253 fi
254
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]255 if [ "$MODE" = "tls1_2" ];
256 then
257 P_CIPHERS="$P_CIPHERS \
258 TLS-RSA-WITH-NULL-SHA256 \
259 TLS-RSA-WITH-AES-128-CBC-SHA256 \
260 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
261 TLS-RSA-WITH-AES-256-CBC-SHA256 \
262 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
263 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
264 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
265 TLS-RSA-WITH-AES-128-GCM-SHA256 \
266 TLS-RSA-WITH-AES-256-GCM-SHA384 \
267 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
268 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
269 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
270 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
271 "
272
273 O_CIPHERS="$O_CIPHERS \
274 NULL-SHA256 \
275 AES128-SHA256 \
276 DHE-RSA-AES128-SHA256 \
277 AES256-SHA256 \
278 DHE-RSA-AES256-SHA256 \
279 ECDHE-RSA-AES128-SHA256 \
280 ECDHE-RSA-AES256-SHA384 \
281 AES128-GCM-SHA256 \
282 DHE-RSA-AES128-GCM-SHA256 \
283 AES256-GCM-SHA384 \
284 DHE-RSA-AES256-GCM-SHA384 \
285 ECDHE-RSA-AES128-GCM-SHA256 \
286 ECDHE-RSA-AES256-GCM-SHA384 \
287 "
288 fi
289
290 ;;
291
292 "PSK")
293
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]294 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
295 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]296 # openssl s_server won't start without certificates...
297 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]298 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]299
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]300 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]301 TLS-PSK-WITH-RC4-128-SHA \
302 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
303 TLS-PSK-WITH-AES-128-CBC-SHA \
304 TLS-PSK-WITH-AES-256-CBC-SHA \
305 "
306
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]307 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]308 PSK-RC4-SHA \
309 PSK-3DES-EDE-CBC-SHA \
310 PSK-AES128-CBC-SHA \
311 PSK-AES256-CBC-SHA \
312 "
313
314 ;;
315
316esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]317
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]318# Filter ciphersuites
319if [ "X" != "X$FILTER" ];
320then
321 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
322 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
323fi
324
325
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]326log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
327$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]328PROCESS_ID=$!
329
330sleep 1
331
332for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]333do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]334 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]335 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]336 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]337 EXIT=$?
338 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
339 if [ "$EXIT" = "2" ];
340 then
341 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]342 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]343 elif [ "$EXIT" != "0" ];
344 then
345 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]346 echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
347 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]348 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]349 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]350 else
351 echo Success
352 fi
353done
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame^]354kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]355wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]356
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame]357log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null"
358../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]359PROCESS_ID=$!
360
361sleep 1
362
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]363for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]364do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]365 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]366 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]367 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]368 EXIT=$?
369 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
370
371 if [ "$EXIT" != "0" ];
372 then
373 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
374 if [ "X$SUPPORTED" != "X" ]
375 then
376 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]377 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]378 else
379 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]380 echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
381 echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]382 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]383 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]384 fi
385 else
386 echo Success
387 fi
388done
389
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame^]390kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]391wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]392
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame]393log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE"
394../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]395PROCESS_ID=$!
396
397sleep 1
398
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]399# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]400
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]401case $TYPE in
402
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]403 "ECDSA")
404
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]405 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]406 then
407 P_CIPHERS="$P_CIPHERS \
408 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
409 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]410 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
411 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
412 "
413 fi
414
415 if [ "$MODE" = "tls1_2" ];
416 then
417 P_CIPHERS="$P_CIPHERS \
418 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
419 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
420 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
421 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]422 "
423 fi
424
425 ;;
426
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]427 "RSA")
428
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]429 if [ "$MODE" != "ssl3" ];
430 then
431 P_CIPHERS="$P_CIPHERS \
432 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
433 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
434 "
435 fi
436
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]437 if [ "$MODE" = "tls1_2" ];
438 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]439 P_CIPHERS="$P_CIPHERS \
440 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]441 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]442 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]443 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]444 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
445 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]446 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
447 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
448 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
449 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]450 "
451 fi
452
453 ;;
454
455 "PSK")
456
457 P_CIPHERS="$P_CIPHERS \
458 TLS-DHE-PSK-WITH-RC4-128-SHA \
459 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
460 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
461 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]462 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]463 TLS-PSK-WITH-NULL-SHA \
464 TLS-RSA-PSK-WITH-RC4-128-SHA \
465 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
466 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
467 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
468 TLS-RSA-WITH-NULL-SHA \
469 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]470 TLS-PSK-WITH-AES-128-CBC-SHA256 \
471 TLS-PSK-WITH-AES-256-CBC-SHA384 \
472 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
473 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
474 TLS-PSK-WITH-NULL-SHA256 \
475 TLS-PSK-WITH-NULL-SHA384 \
476 TLS-DHE-PSK-WITH-NULL-SHA256 \
477 TLS-DHE-PSK-WITH-NULL-SHA384 \
478 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
479 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
480 TLS-RSA-PSK-WITH-NULL-SHA256 \
481 TLS-RSA-PSK-WITH-NULL-SHA384 \
482 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
483 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
484 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
485 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
486 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
487 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]488 "
489
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]490
491 if [ "$MODE" != "ssl3" ];
492 then
493 P_CIPHERS="$P_CIPHERS \
494 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
495 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
496 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
497 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
498 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]499 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
500 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
501 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
502 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
503 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
504 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]505 "
506 fi
507
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]508 if [ "$MODE" = "tls1_2" ];
509 then
510 P_CIPHERS="$P_CIPHERS \
511 TLS-PSK-WITH-AES-128-GCM-SHA256 \
512 TLS-PSK-WITH-AES-256-GCM-SHA384 \
513 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
514 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
515 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
516 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
517 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
518 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
519 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
520 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
521 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
522 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
523 TLS-RSA-WITH-NULL-SHA256 \
524 "
525 fi
526
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]527esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]528
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]529# Filter ciphersuites
530if [ "X" != "X$FILTER" ];
531then
532 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
533 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
534fi
535
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]536for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]537do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]538 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]539 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]540 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]541 EXIT=$?
542 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
543 if [ "$EXIT" = "2" ];
544 then
545 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]546 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]547 elif [ "$EXIT" != "0" ];
548 then
549 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]550 echo "ssl_server2 $P_SERVER_ARGS"
551 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]552 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]553 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]554 else
555 echo Success
556 fi
557done
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame^]558kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]559wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]560
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]561done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]562done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]563done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]564
565echo ""
566echo "-------------------------------------------------------------------------"
567echo ""
568
569if (( failed != 0 ));
570then
571 echo -n "FAILED"
572else
573 echo -n "PASSED"
574fi
575
576let "passed = tests - failed"
577echo " ($passed / $tests tests ($skipped skipped))"
578
579exit $failed