TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5f70b25c9bbe01cd9d7c074eeafc0b7653dc5e77 / . / tests / compat.sh
blob: 473a21ad32e7275f5c083cd5233f4c727acca4cd [file] [log] [blame]
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]1killall -q openssl ssl_server
2
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]3MODES="ssl3 tls1 tls1_1 tls1_2"
4#VERIFY="YES"
5VERIFY=""
6
7if [ "X$VERIFY" = "XYES" ];
8then
9 P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key"
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]10 O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]11fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]12
13for MODE in $MODES;
14do
15echo "Running for $MODE"
16echo "-----------"
17
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]18P_CIPHERS=" \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]19 SSL-EDH-RSA-AES-128-SHA \
20 SSL-EDH-RSA-AES-256-SHA \
21 SSL-EDH-RSA-CAMELLIA-128-SHA \
22 SSL-EDH-RSA-CAMELLIA-256-SHA \
23 SSL-EDH-RSA-DES-168-SHA \
24 SSL-RSA-AES-256-SHA \
25 SSL-RSA-CAMELLIA-256-SHA \
26 SSL-RSA-AES-128-SHA \
27 SSL-RSA-CAMELLIA-128-SHA \
28 SSL-RSA-DES-168-SHA \
29 SSL-RSA-RC4-128-SHA \
30 SSL-RSA-RC4-128-MD5 \
31 SSL-RSA-NULL-MD5 \
32 SSL-RSA-NULL-SHA \
33 SSL-RSA-DES-SHA \
34 SSL-EDH-RSA-DES-SHA \
35 "
36
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]37O_CIPHERS=" \
38 DHE-RSA-AES128-SHA \
39 DHE-RSA-AES256-SHA \
40 DHE-RSA-CAMELLIA128-SHA \
41 DHE-RSA-CAMELLIA256-SHA \
42 EDH-RSA-DES-CBC3-SHA \
43 AES256-SHA \
44 CAMELLIA256-SHA \
45 AES128-SHA \
46 CAMELLIA128-SHA \
47 DES-CBC3-SHA \
48 RC4-SHA \
49 RC4-MD5 \
50 NULL-MD5 \
51 NULL-SHA \
52 DES-CBC-SHA \
53 EDH-RSA-DES-CBC-SHA \
54 "
55
56if [ "$MODE" = "tls1_2" ];
57then
58 P_CIPHERS="$P_CIPHERS \
59 SSL-RSA-NULL-SHA256 \
60 SSL-RSA-AES-128-SHA256 \
61 SSL-EDH-RSA-AES-128-SHA256 \
62 SSL-RSA-AES-256-SHA256 \
63 SSL-EDH-RSA-AES-256-SHA256 \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]64 SSL-RSA-AES-128-GCM-SHA256 \
65 SSL-EDH-RSA-AES-128-GCM-SHA256 \
66 SSL-RSA-AES-256-GCM-SHA384 \
67 SSL-EDH-RSA-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]68 "
69
70 O_CIPHERS="$O_CIPHERS \
71 NULL-SHA256 \
72 AES128-SHA256 \
73 DHE-RSA-AES128-SHA256 \
74 AES256-SHA256 \
75 DHE-RSA-AES256-SHA256 \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]76 AES128-GCM-SHA256 \
77 DHE-RSA-AES128-GCM-SHA256 \
78 AES256-GCM-SHA384 \
79 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]80 "
81fi
82
83openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
84PROCESS_ID=$!
85
86sleep 1
87
88for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]89do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]91 EXIT=$?
92 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
93 if [ "$EXIT" = "2" ];
94 then
95 echo Ciphersuite not supported in client
96 elif [ "$EXIT" != "0" ];
97 then
98 echo Failed
99 echo $RESULT
100 else
101 echo Success
102 fi
103done
104kill $PROCESS_ID
105
106../programs/ssl/ssl_server > /dev/null &
107PROCESS_ID=$!
108
109sleep 1
110
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]111for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]112do
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]113 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -$MODE -cipher $i 2>&1)"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]114 EXIT=$?
115 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
116
117 if [ "$EXIT" != "0" ];
118 then
119 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
120 if [ "X$SUPPORTED" != "X" ]
121 then
122 echo "Ciphersuite not supported in server"
123 else
124 echo Failed
125 echo $RESULT
126 fi
127 else
128 echo Success
129 fi
130done
131
132kill $PROCESS_ID
133
134../programs/ssl/ssl_server > /dev/null &
135PROCESS_ID=$!
136
137sleep 1
138
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]139# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
140# Add for PolarSSL only test, which does support them.
141#
142if [ "$MODE" = "tls1_2" ];
143then
144 P_CIPHERS="$P_CIPHERS \
145 SSL-RSA-CAMELLIA-128-SHA256 \
146 SSL-EDH-RSA-CAMELLIA-128-SHA256 \
147 SSL-RSA-CAMELLIA-256-SHA256 \
148 SSL-EDH-RSA-CAMELLIA-256-SHA256 \
149 "
150fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]151
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]152for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]153do
154 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
155 EXIT=$?
156 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
157 if [ "$EXIT" = "2" ];
158 then
159 echo Ciphersuite not supported in client
160 elif [ "$EXIT" != "0" ];
161 then
162 echo Failed
163 echo $RESULT
164 else
165 echo Success
166 fi
167done
168kill $PROCESS_ID
169
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]170done
171