TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5f593f07f7abfb170784abf261a441416f10baf0 / . / tests / compat.sh
blob: 02214efd252188069d24b651253629ba513f77be [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]66log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]87setup_ciphersuites()
88{
89 P_CIPHERS=""
90 O_CIPHERS=""
91
92 case $TYPE in
93
94 "ECDSA")
95 if [ "$MODE" != "ssl3" ];
96 then
97 P_CIPHERS="$P_CIPHERS \
98 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
99 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
100 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
101 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
102 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
103 TLS-ECDH-ECDSA-WITH-NULL-SHA \
104 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
105 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
106 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
107 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
108 "
109 O_CIPHERS="$O_CIPHERS \
110 ECDHE-ECDSA-NULL-SHA \
111 ECDHE-ECDSA-RC4-SHA \
112 ECDHE-ECDSA-DES-CBC3-SHA \
113 ECDHE-ECDSA-AES128-SHA \
114 ECDHE-ECDSA-AES256-SHA \
115 ECDH-ECDSA-NULL-SHA \
116 ECDH-ECDSA-RC4-SHA \
117 ECDH-ECDSA-DES-CBC3-SHA \
118 ECDH-ECDSA-AES128-SHA \
119 ECDH-ECDSA-AES256-SHA \
120 "
121 fi
122 if [ "$MODE" = "tls1_2" ];
123 then
124 P_CIPHERS="$P_CIPHERS \
125 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
126 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
127 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
128 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
129 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
130 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
131 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
132 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
133 "
134 O_CIPHERS="$O_CIPHERS \
135 ECDHE-ECDSA-AES128-SHA256 \
136 ECDHE-ECDSA-AES256-SHA384 \
137 ECDHE-ECDSA-AES128-GCM-SHA256 \
138 ECDHE-ECDSA-AES256-GCM-SHA384 \
139 ECDH-ECDSA-AES128-SHA256 \
140 ECDH-ECDSA-AES256-SHA384 \
141 ECDH-ECDSA-AES128-GCM-SHA256 \
142 ECDH-ECDSA-AES256-GCM-SHA384 \
143 "
144 fi
145 ;;
146
147 "RSA")
148 P_CIPHERS="$P_CIPHERS \
149 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
150 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
151 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
152 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
153 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
154 TLS-RSA-WITH-AES-256-CBC-SHA \
155 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
156 TLS-RSA-WITH-AES-128-CBC-SHA \
157 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
158 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
159 TLS-RSA-WITH-RC4-128-SHA \
160 TLS-RSA-WITH-RC4-128-MD5 \
161 TLS-RSA-WITH-NULL-MD5 \
162 TLS-RSA-WITH-NULL-SHA \
163 TLS-RSA-WITH-DES-CBC-SHA \
164 TLS-DHE-RSA-WITH-DES-CBC-SHA \
165 "
166 O_CIPHERS="$O_CIPHERS \
167 DHE-RSA-AES128-SHA \
168 DHE-RSA-AES256-SHA \
169 DHE-RSA-CAMELLIA128-SHA \
170 DHE-RSA-CAMELLIA256-SHA \
171 EDH-RSA-DES-CBC3-SHA \
172 AES256-SHA \
173 CAMELLIA256-SHA \
174 AES128-SHA \
175 CAMELLIA128-SHA \
176 DES-CBC3-SHA \
177 RC4-SHA \
178 RC4-MD5 \
179 NULL-MD5 \
180 NULL-SHA \
181 DES-CBC-SHA \
182 EDH-RSA-DES-CBC-SHA \
183 "
184 if [ "$MODE" != "ssl3" ];
185 then
186 P_CIPHERS="$P_CIPHERS \
187 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
188 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
189 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
190 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
191 TLS-ECDHE-RSA-WITH-NULL-SHA \
192 "
193 O_CIPHERS="$O_CIPHERS \
194 ECDHE-RSA-AES256-SHA \
195 ECDHE-RSA-AES128-SHA \
196 ECDHE-RSA-DES-CBC3-SHA \
197 ECDHE-RSA-RC4-SHA \
198 ECDHE-RSA-NULL-SHA \
199 "
200 fi
201 if [ "$MODE" = "tls1_2" ];
202 then
203 P_CIPHERS="$P_CIPHERS \
204 TLS-RSA-WITH-NULL-SHA256 \
205 TLS-RSA-WITH-AES-128-CBC-SHA256 \
206 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
207 TLS-RSA-WITH-AES-256-CBC-SHA256 \
208 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
209 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
210 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
211 TLS-RSA-WITH-AES-128-GCM-SHA256 \
212 TLS-RSA-WITH-AES-256-GCM-SHA384 \
213 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
214 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
215 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
216 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
217 "
218 O_CIPHERS="$O_CIPHERS \
219 NULL-SHA256 \
220 AES128-SHA256 \
221 DHE-RSA-AES128-SHA256 \
222 AES256-SHA256 \
223 DHE-RSA-AES256-SHA256 \
224 ECDHE-RSA-AES128-SHA256 \
225 ECDHE-RSA-AES256-SHA384 \
226 AES128-GCM-SHA256 \
227 DHE-RSA-AES128-GCM-SHA256 \
228 AES256-GCM-SHA384 \
229 DHE-RSA-AES256-GCM-SHA384 \
230 ECDHE-RSA-AES128-GCM-SHA256 \
231 ECDHE-RSA-AES256-GCM-SHA384 \
232 "
233 fi
234 ;;
235
236 "PSK")
237 P_CIPHERS="$P_CIPHERS \
238 TLS-PSK-WITH-RC4-128-SHA \
239 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
240 TLS-PSK-WITH-AES-128-CBC-SHA \
241 TLS-PSK-WITH-AES-256-CBC-SHA \
242 "
243 O_CIPHERS="$O_CIPHERS \
244 PSK-RC4-SHA \
245 PSK-3DES-EDE-CBC-SHA \
246 PSK-AES128-CBC-SHA \
247 PSK-AES256-CBC-SHA \
248 "
249 ;;
250 esac
251
252 # Filter ciphersuites
253 if [ "X" != "X$FILTER" ];
254 then
255 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
256 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
257 fi
258
259}
260
261add_polarssl_ciphersuites()
262{
263 ADD_CIPHERS=""
264
265 case $TYPE in
266
267 "ECDSA")
268 if [ "$MODE" != "ssl3" ];
269 then
270 ADD_CIPHERS="$ADD_CIPHERS \
271 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
272 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
273 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
274 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
275 "
276 fi
277 if [ "$MODE" = "tls1_2" ];
278 then
279 ADD_CIPHERS="$ADD_CIPHERS \
280 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
281 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
282 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
283 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
284 "
285 fi
286 ;;
287
288 "RSA")
289 if [ "$MODE" != "ssl3" ];
290 then
291 ADD_CIPHERS="$ADD_CIPHERS \
292 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
293 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
294 "
295 fi
296 if [ "$MODE" = "tls1_2" ];
297 then
298 ADD_CIPHERS="$ADD_CIPHERS \
299 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
300 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
301 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
302 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
303 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
304 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
305 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
306 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
307 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
308 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
309 "
310 fi
311 ;;
312
313 "PSK")
314 ADD_CIPHERS="$ADD_CIPHERS \
315 TLS-DHE-PSK-WITH-RC4-128-SHA \
316 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
317 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
318 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
319 TLS-DHE-PSK-WITH-NULL-SHA \
320 TLS-PSK-WITH-NULL-SHA \
321 TLS-RSA-PSK-WITH-RC4-128-SHA \
322 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
323 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
324 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
325 TLS-RSA-WITH-NULL-SHA \
326 TLS-RSA-WITH-NULL-MD5 \
327 TLS-PSK-WITH-AES-128-CBC-SHA256 \
328 TLS-PSK-WITH-AES-256-CBC-SHA384 \
329 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
330 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
331 TLS-PSK-WITH-NULL-SHA256 \
332 TLS-PSK-WITH-NULL-SHA384 \
333 TLS-DHE-PSK-WITH-NULL-SHA256 \
334 TLS-DHE-PSK-WITH-NULL-SHA384 \
335 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
336 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
337 TLS-RSA-PSK-WITH-NULL-SHA256 \
338 TLS-RSA-PSK-WITH-NULL-SHA384 \
339 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
340 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
341 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
342 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
343 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
344 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
345 "
346 if [ "$MODE" != "ssl3" ];
347 then
348 ADD_CIPHERS="$ADD_CIPHERS \
349 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
350 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
351 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
352 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
353 TLS-ECDHE-PSK-WITH-NULL-SHA \
354 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
355 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
356 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
357 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
358 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
359 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
360 "
361 fi
362 if [ "$MODE" = "tls1_2" ];
363 then
364 ADD_CIPHERS="$ADD_CIPHERS \
365 TLS-PSK-WITH-AES-128-GCM-SHA256 \
366 TLS-PSK-WITH-AES-256-GCM-SHA384 \
367 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
368 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
369 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
370 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
371 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
372 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
373 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
374 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
375 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
376 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
377 TLS-RSA-WITH-NULL-SHA256 \
378 "
379 fi
380 ;;
381 esac
382
383 # Filter new ciphersuites and add them
384 if [ "X" != "X$FILTER" ];
385 then
386 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
387 fi
388 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
389}
390
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]391setup_arguments()
392{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]393 # avoid an avalanche of errors due to typos
394 case $MODE in
395 ssl3|tls1|tls1_1|tls1_2)
396 ;;
397 *)
398 echo "error: invalid mode: $MODE" >&2
399 exit 1;
400 esac
401
402 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
403 P_CLIENT_ARGS="server_name=0.0.0.0 force_version=$MODE"
404 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
405 O_CLIENT_ARGS="-$MODE"
406
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]407 if [ "X$VERIFY" = "XYES" ];
408 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]409 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
410 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt"
411 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
412 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]413 fi
414
415 case $TYPE in
416 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]417 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
418 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
419 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
420 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]421 ;;
422
423 "RSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]424 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
425 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
426 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key"
427 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]428 ;;
429
430 "PSK")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]431 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
432 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]433 # openssl s_server won't start without certificates...
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]434 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
435 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]436 ;;
437 esac
438}
439
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]440# start_server <name>
441# also saves name and command
442start_server() {
443 echo "-----------"
444
445 case $1 in
446 [Oo]pen*)
447 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
448 ;;
449 [Pp]olar*)
450 SERVER_CMD="../programs/ssl/ssl_server2 $P_SERVER_ARGS"
451 ;;
452 *)
453 echo "error: invalid server name: $1" >&2
454 exit 1
455 ;;
456 esac
457 SERVER_NAME=$1
458
459 log "$SERVER_CMD"
460 $SERVER_CMD >/dev/null 2>&1 &
461 PROCESS_ID=$!
462
463 sleep 1
464}
465
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]466# terminate the running server
467stop_server() {
468 kill $PROCESS_ID 2>/dev/null
469 wait $PROCESS_ID 2>/dev/null
470}
471
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]472# run_client <name> <cipher>
473run_client() {
474 # run the command and interpret result
475 case $1 in
476 [Oo]pen*)
477 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
478 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard5f593f02014-02-19 15:42:24 +0100[diff] [blame^]479 OUTPUT="$( ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD 2>&1 )"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]480 EXIT=$?
481
482 if [ "$EXIT" == "0" ]; then
483 RESULT=0
484 else
485 SUPPORTED="$( echo $OUTPUT | grep 'Cipher is (NONE)' )"
486 if [ "X$SUPPORTED" != "X" ]; then
487 RESULT=1
488 else
489 RESULT=2
490 fi
491 fi
492 ;;
493
494 [Pp]olar*)
495 CLIENT_CMD="../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$2"
496 log "$CLIENT_CMD"
497 OUTPUT="$( $CLIENT_CMD )"
498 EXIT=$?
499
500 case $EXIT in
501 "0") RESULT=0 ;;
502 "2") RESULT=1 ;;
503 *) RESULT=2 ;;
504 esac
505 ;;
506
507 *)
508 echo "error: invalid client name: $1" >&2
509 exit 1
510 ;;
511 esac
512
513 # report and count result
514 let "tests++"
515 echo -n "$SERVER_NAME Server - $1 Client - $2 : $EXIT - "
516 case $RESULT in
517 "0")
518 echo Success
519 ;;
520 "1")
521 echo "Ciphersuite not supported"
522 let "skipped++"
523 ;;
524 "2")
525 echo Failed
526 echo "$SERVER_CMD"
527 echo "$CLIENT_CMD"
528 echo "$OUTPUT"
529 let "failed++"
530 ;;
531 esac
532}
533
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]534for VERIFY in $VERIFIES; do
535 for MODE in $MODES; do
536 echo "-----------"
537 echo "Running for $MODE (Verify: $VERIFY)"
538 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]539
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]540 setup_arguments
541 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]542
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]543 start_server "OpenSSL"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]544
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]545 for i in $P_CIPHERS; do
546 run_client PolarSSL $i
547 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]548
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]549 stop_server
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]550
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]551 start_server "PolarSSL"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]552
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]553 for i in $O_CIPHERS; do
554 run_client OpenSSL $i
555 done
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]556
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]557 echo "-----------"
558 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]559
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]560 for i in $P_CIPHERS; do
561 run_client PolarSSL $i
562 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]563
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]564 stop_server
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]565
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]566 done
567 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]568done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]569
570echo ""
571echo "-------------------------------------------------------------------------"
572echo ""
573
574if (( failed != 0 ));
575then
576 echo -n "FAILED"
577else
578 echo -n "PASSED"
579fi
580
581let "passed = tests - failed"
582echo " ($passed / $tests tests ($skipped skipped))"
583
584exit $failed