Blame - tests/compat.sh - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 63ea65ddede0802921117e4fef1eac1809f019c2 [file] [log] [blame]

Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	1	killall -q openssl ssl_server ssl_server2
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	2
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	3	MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	4	VERIFIES="NO YES"
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	5	OPENSSL=openssl
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	6
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	7	for VERIFY in $VERIFIES;
				8	do
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	9	if [ "X$VERIFY" = "XYES" ];
				10	then
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	11	P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
				12	P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
				13	O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
				14	O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	15	fi
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	16
				17	for MODE in $MODES;
				18	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	19	echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	20	echo "-----------"
				21
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	22	P_CIPHERS=" \
				23	TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				24	TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
				25	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
				26	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
				27	TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
				28	TLS-RSA-WITH-AES-256-CBC-SHA \
				29	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
				30	TLS-RSA-WITH-AES-128-CBC-SHA \
				31	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
				32	TLS-RSA-WITH-3DES-EDE-CBC-SHA \
				33	TLS-RSA-WITH-RC4-128-SHA \
				34	TLS-RSA-WITH-RC4-128-MD5 \
				35	TLS-RSA-WITH-NULL-MD5 \
				36	TLS-RSA-WITH-NULL-SHA \
				37	TLS-RSA-WITH-DES-CBC-SHA \
				38	TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	39	TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
				40	TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
				41	TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
				42	TLS-ECDHE-RSA-WITH-RC4-128-SHA \
				43	TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
				44	TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	45	"
				46
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	47	O_CIPHERS=" \
				48	DHE-RSA-AES128-SHA \
				49	DHE-RSA-AES256-SHA \
				50	DHE-RSA-CAMELLIA128-SHA \
				51	DHE-RSA-CAMELLIA256-SHA \
				52	EDH-RSA-DES-CBC3-SHA \
				53	AES256-SHA \
				54	CAMELLIA256-SHA \
				55	AES128-SHA \
				56	CAMELLIA128-SHA \
				57	DES-CBC3-SHA \
				58	RC4-SHA \
				59	RC4-MD5 \
				60	NULL-MD5 \
				61	NULL-SHA \
				62	DES-CBC-SHA \
				63	EDH-RSA-DES-CBC-SHA \
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	64	ECDHE-RSA-AES256-SHA \
				65	ECDHE-RSA-AES128-SHA \
				66	ECDHE-RSA-DES-CBC3-SHA \
				67	ECDHE-RSA-RC4-SHA \
				68	ECDHE-RSA-NULL-SHA \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	69	"
				70
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	71	# Also add SHA256 ciphersuites
				72	#
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	73	if [ "$MODE" = "tls1_2" ];
				74	then
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	75	P_CIPHERS="$P_CIPHERS \
				76	TLS-RSA-WITH-NULL-SHA256 \
				77	TLS-RSA-WITH-AES-128-CBC-SHA256 \
				78	TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
				79	TLS-RSA-WITH-AES-256-CBC-SHA256 \
				80	TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	81	TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
				82	TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	83	"
				84
				85	O_CIPHERS="$O_CIPHERS \
				86	NULL-SHA256 \
				87	AES128-SHA256 \
				88	DHE-RSA-AES128-SHA256 \
				89	AES256-SHA256 \
				90	DHE-RSA-AES256-SHA256 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	91	ECDHE-RSA-AES128-SHA256 \
				92	ECDHE-RSA-AES256-SHA384 \
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	93	"
				94
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	95	P_CIPHERS="$P_CIPHERS \
				96	TLS-RSA-WITH-AES-128-GCM-SHA256 \
				97	TLS-RSA-WITH-AES-256-GCM-SHA384 \
				98	TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
				99	TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	100	TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
				101	TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	102	"
				103
				104	O_CIPHERS="$O_CIPHERS \
Paul Bakker	ca4ab49	2012-04-18 14:23:57 +0000	[diff] [blame]	105	AES128-GCM-SHA256 \
				106	DHE-RSA-AES128-GCM-SHA256 \
				107	AES256-GCM-SHA384 \
				108	DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	109	ECDHE-RSA-AES128-GCM-SHA256 \
				110	ECDHE-RSA-AES256-GCM-SHA384 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	111	"
				112	fi
				113
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	114	$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	115	PROCESS_ID=$!
				116
				117	sleep 1
				118
				119	for i in $P_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	120	do
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	121	RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	122	EXIT=$?
				123	echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
				124	if [ "$EXIT" = "2" ];
				125	then
				126	echo Ciphersuite not supported in client
				127	elif [ "$EXIT" != "0" ];
				128	then
				129	echo Failed
				130	echo $RESULT
				131	else
				132	echo Success
				133	fi
				134	done
				135	kill $PROCESS_ID
				136
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	137	../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	138	PROCESS_ID=$!
				139
				140	sleep 1
				141
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	142	for i in $O_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	143	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	144	RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) \| $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	145	EXIT=$?
				146	echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
				147
				148	if [ "$EXIT" != "0" ];
				149	then
				150	SUPPORTED="$( echo $RESULT \| grep 'Cipher is (NONE)' )"
				151	if [ "X$SUPPORTED" != "X" ]
				152	then
				153	echo "Ciphersuite not supported in server"
				154	else
				155	echo Failed
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	156	echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
				157	echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	158	echo $RESULT
				159	fi
				160	else
				161	echo Success
				162	fi
				163	done
				164
				165	kill $PROCESS_ID
				166
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	167	../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	168	PROCESS_ID=$!
				169
				170	sleep 1
				171
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	172	# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
				173	# Add for PolarSSL only test, which does support them.
				174	#
				175	if [ "$MODE" = "tls1_2" ];
				176	then
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	177	P_CIPHERS="$P_CIPHERS \
				178	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
				179	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
				180	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
				181	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	182	"
				183	fi
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	184
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	185	for i in $P_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	186	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	187	RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	188	EXIT=$?
				189	echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
				190	if [ "$EXIT" = "2" ];
				191	then
				192	echo Ciphersuite not supported in client
				193	elif [ "$EXIT" != "0" ];
				194	then
				195	echo Failed
				196	echo $RESULT
				197	else
				198	echo Success
				199	fi
				200	done
				201	kill $PROCESS_ID
				202
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	203	done
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	204	done