Blame - tests/compat.sh - mirror/mbed-tls - TrustedFirmware Git Browser

2012-10-31 12:32:41 +0000

[diff] [blame]

1

killall -q openssl ssl_server ssl_server2

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

2

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

3

MODES="ssl3 tls1 tls1_1 tls1_2"

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

4

VERIFIES="NO YES"

Paul Bakker

0c93d12

2012-09-13 14:26:09 +0000

[diff] [blame]

5

OPENSSL=openssl

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

6

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

7

for VERIFY in $VERIFIES;

8

do

Paul Bakker

2013-04-17 19:27:58 +0200

[diff] [blame]

9

P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70"

10

P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70"

11

O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"

12

O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"

13

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

14

if [ "X$VERIFY" = "XYES" ];

15

then

Paul Bakker

2013-04-17 19:27:58 +0200

[diff] [blame]

16

P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"

17

P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"

18

O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"

19

O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

20

fi

Paul Bakker

398cb51

2012-04-10 08:22:31 +0000

[diff] [blame]

21

22

for MODE in $MODES;

23

do

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

24

echo "Running for $MODE (Verify: $VERIFY)"

Paul Bakker

398cb51

2012-04-10 08:22:31 +0000

[diff] [blame]

25

echo "-----------"

26

Paul Bakker

2012-10-31 12:32:41 +0000

[diff] [blame]

27

P_CIPHERS=" \

28

TLS-DHE-RSA-WITH-AES-128-CBC-SHA \

29

TLS-DHE-RSA-WITH-AES-256-CBC-SHA \

30

TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \

31

TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \

32

TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \

33

TLS-RSA-WITH-AES-256-CBC-SHA \

34

TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \

35

TLS-RSA-WITH-AES-128-CBC-SHA \

36

TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \

37

TLS-RSA-WITH-3DES-EDE-CBC-SHA \

38

TLS-RSA-WITH-RC4-128-SHA \

39

TLS-RSA-WITH-RC4-128-MD5 \

40

TLS-RSA-WITH-NULL-MD5 \

41

TLS-RSA-WITH-NULL-SHA \

42

TLS-RSA-WITH-DES-CBC-SHA \

43

TLS-DHE-RSA-WITH-DES-CBC-SHA \

Paul Bakker

41c83d3

2013-03-20 14:39:14 +0100

[diff] [blame]

44

TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \

45

TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \

46

TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \

47

TLS-ECDHE-RSA-WITH-RC4-128-SHA \

Paul Bakker

41c83d3

2013-03-20 14:39:14 +0100

[diff] [blame]

48

TLS-ECDHE-RSA-WITH-NULL-SHA \

Paul Bakker

2013-04-17 19:27:58 +0200

[diff] [blame]

49

TLS-PSK-WITH-RC4-128-SHA \

50

TLS-PSK-WITH-3DES-EDE-CBC-SHA \

51

TLS-PSK-WITH-AES-128-CBC-SHA \

52

TLS-PSK-WITH-AES-256-CBC-SHA \

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

53

"

54

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

O_CIPHERS=" \

DHE-RSA-AES128-SHA \

DHE-RSA-AES256-SHA \

DHE-RSA-CAMELLIA128-SHA \

59

DHE-RSA-CAMELLIA256-SHA \

60

EDH-RSA-DES-CBC3-SHA \

AES256-SHA \

CAMELLIA256-SHA \

AES128-SHA \

CAMELLIA128-SHA \

DES-CBC3-SHA \

RC4-SHA \

RC4-MD5 \

NULL-MD5 \

NULL-SHA \

DES-CBC-SHA \

EDH-RSA-DES-CBC-SHA \

Paul Bakker

41c83d3

2013-03-20 14:39:14 +0100

[diff] [blame]

72

ECDHE-RSA-AES256-SHA \

73

ECDHE-RSA-AES128-SHA \

74

ECDHE-RSA-DES-CBC3-SHA \

75

ECDHE-RSA-RC4-SHA \

76

ECDHE-RSA-NULL-SHA \

Paul Bakker

2013-04-17 19:27:58 +0200

[diff] [blame]

77

PSK-RC4-SHA \

78

PSK-3DES-EDE-CBC-SHA \

79

PSK-AES128-CBC-SHA \

80

PSK-AES256-CBC-SHA

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

81

"

82

Paul Bakker

0c93d12

2012-09-13 14:26:09 +0000

[diff] [blame]

83

# Also add SHA256 ciphersuites

84

#

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

85

if [ "$MODE" = "tls1_2" ];

86

then

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

87

P_CIPHERS="$P_CIPHERS \

88

TLS-RSA-WITH-NULL-SHA256 \

89

TLS-RSA-WITH-AES-128-CBC-SHA256 \

90

TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \

91

TLS-RSA-WITH-AES-256-CBC-SHA256 \

92

TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \

Paul Bakker

27714b1

2013-04-07 23:07:12 +0200

[diff] [blame]

93

TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \

94

TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

95

"

96

97

O_CIPHERS="$O_CIPHERS \

98

NULL-SHA256 \

99

AES128-SHA256 \

100

DHE-RSA-AES128-SHA256 \

101

AES256-SHA256 \

102

DHE-RSA-AES256-SHA256 \

Paul Bakker

a54e493

2013-03-20 15:31:54 +0100

[diff] [blame]

103

ECDHE-RSA-AES128-SHA256 \

104

ECDHE-RSA-AES256-SHA384 \

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

105

"

106

Paul Bakker

2012-10-31 12:32:41 +0000

[diff] [blame]

107

P_CIPHERS="$P_CIPHERS \

108

TLS-RSA-WITH-AES-128-GCM-SHA256 \

109

TLS-RSA-WITH-AES-256-GCM-SHA384 \

110

TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \

111

TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \

Paul Bakker

a54e493

2013-03-20 15:31:54 +0100

[diff] [blame]

112

TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \

113

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

114

"

115

116

O_CIPHERS="$O_CIPHERS \

Paul Bakker

ca4ab49

2012-04-18 14:23:57 +0000

[diff] [blame]

117

AES128-GCM-SHA256 \

118

DHE-RSA-AES128-GCM-SHA256 \

119

AES256-GCM-SHA384 \

120

DHE-RSA-AES256-GCM-SHA384 \

Paul Bakker

a54e493

2013-03-20 15:31:54 +0100

[diff] [blame]

121

ECDHE-RSA-AES128-GCM-SHA256 \

122

ECDHE-RSA-AES256-GCM-SHA384 \

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

"

fi

Paul Bakker

2012-09-13 14:26:09 +0000

[diff] [blame]

126

$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

PROCESS_ID=$!

sleep 1

for i in $P_CIPHERS;

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

132

do

Paul Bakker

89fe7f4

2013-06-29 16:18:10 +0200

[diff] [blame^]

133

RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

134

EXIT=$?

135

echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "

136

if [ "$EXIT" = "2" ];

137

then

138

echo Ciphersuite not supported in client

139

elif [ "$EXIT" != "0" ];

then

echo Failed

echo $RESULT

else

echo Success

fi

done

kill $PROCESS_ID

Paul Bakker

2013-06-29 16:18:10 +0200

[diff] [blame^]

149

../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

PROCESS_ID=$!

sleep 1

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

154

for i in $O_CIPHERS;

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

155

do

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

156

RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

157

EXIT=$?

158

echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "

159

160

if [ "$EXIT" != "0" ];

161

then

162

SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"

163

if [ "X$SUPPORTED" != "X" ]

164

then

165

echo "Ciphersuite not supported in server"

166

else

167

echo Failed

Paul Bakker

2012-11-23 14:25:34 +0100

[diff] [blame]

168

echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS

169

echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

echo $RESULT

fi

else

echo Success

fi

done

kill $PROCESS_ID

Paul Bakker

2013-06-29 16:18:10 +0200

[diff] [blame^]

179

../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

PROCESS_ID=$!

sleep 1

Paul Bakker

2013-04-07 23:07:12 +0200

[diff] [blame]

184

# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256

185

# or SHA384

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

186

# Add for PolarSSL only test, which does support them.

187

#

188

if [ "$MODE" = "tls1_2" ];

189

then

Paul Bakker

2012-10-31 12:32:41 +0000

[diff] [blame]

190

P_CIPHERS="$P_CIPHERS \

191

TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \

192

TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \

193

TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \

194

TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \

Paul Bakker

27714b1

2013-04-07 23:07:12 +0200

[diff] [blame]

195

TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \

196

TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \

Paul Bakker

40afb4b

2013-04-19 22:03:30 +0200

[diff] [blame]

197

TLS-PSK-WITH-AES-128-CBC-SHA256 \

198

TLS-PSK-WITH-AES-256-CBC-SHA384 \

199

TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \

200

TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \

201

TLS-PSK-WITH-AES-128-GCM-SHA256 \

202

TLS-PSK-WITH-AES-256-GCM-SHA384 \

203

TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \

204

TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \

205

TLS-PSK-WITH-NULL-SHA256 \

206

TLS-PSK-WITH-NULL-SHA384 \

207

TLS-DHE-PSK-WITH-NULL-SHA256 \

208

TLS-DHE-PSK-WITH-NULL-SHA384 \

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

209

"

210

fi

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

211

Paul Bakker

48f7a5d

2013-04-19 14:30:58 +0200

[diff] [blame]

212

# OpenSSL does not support DHE-PSK ciphers

213

# Add for PolarSSL only test, which does support them.

214

#

215

P_CIPHERS="$P_CIPHERS \

216

TLS-DHE-PSK-WITH-RC4-128-SHA \

217

TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \

218

TLS-DHE-PSK-WITH-AES-128-CBC-SHA \

219

TLS-DHE-PSK-WITH-AES-256-CBC-SHA \

Paul Bakker

a1bf92d

2013-04-19 19:48:45 +0200

[diff] [blame]

220

TLS-PSK-WITH-NULL-SHA \

221

TLS-DHE-PSK-WITH-NULL-SHA \

Paul Bakker

48f7a5d

2013-04-19 14:30:58 +0200

[diff] [blame]

222

"

223

Paul Bakker

2012-04-12 21:26:34 +0000

[diff] [blame]

224

for i in $P_CIPHERS;

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

225

do

Paul Bakker

89fe7f4

2013-06-29 16:18:10 +0200

[diff] [blame^]

226

RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"

Paul Bakker

2012-02-06 16:45:10 +0000

[diff] [blame]

227

EXIT=$?

228

echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "

229

if [ "$EXIT" = "2" ];

230

then

231

echo Ciphersuite not supported in client

232

elif [ "$EXIT" != "0" ];

then

echo Failed

echo $RESULT

else

echo Success

fi

done

kill $PROCESS_ID

Paul Bakker

2012-04-10 08:22:31 +0000

[diff] [blame]

242

done

Paul Bakker