TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9edba77c0649d86d5647d5f2a748be986a4334d5 / . / tests / compat.sh
blob: d1ae99460fb80b6b6e801be4cf2a8bf21d3d8fbd [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]6set -u
7
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]8let "tests = 0"
9let "failed = 0"
10let "skipped = 0"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]11let "srvmem = 0"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]13# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
16: ${OPENSSL:=openssl}
17
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]18MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]19VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]20TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]21FILTER=""
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]22EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (PolarSSL), DES-CBC3 (OpenSSL)
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]23VERBOSE=""
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]24PEERS="OpenSSL PolarSSL" # GnuTLS not enabled by default, 3.2.4 might not be available on all buildbot machines
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]25MEMCHECK=0
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]26
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]27print_usage() {
28 echo "Usage: $0"
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]29 echo -e " -h|--help\tPrint this help."
30 echo -e " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')"
31 echo -e " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')"
32 echo -e " -m|--modes\tWhich modes to perform (Default: '$MODES')"
33 echo -e " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')"
34 echo -e " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')"
35 echo -e " -p|--peers\tWhich peers to use (Default: '$PEERS')"
36 echo -e " \tAlso available: GnuTLS (needs v3.2.4 or higher)"
37 echo -e " -M|--memcheck\tCheck memory leaks and errors."
38 echo -e " -v|--verbose\tSet verbose output."
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]39}
40
41get_options() {
42 while [ $# -gt 0 ]; do
43 case "$1" in
44 -f|--filter)
45 shift; FILTER=$1
46 ;;
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]47 -e|--exclude)
48 shift; EXCLUDE=$1
49 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]50 -m|--modes)
51 shift; MODES=$1
52 ;;
53 -t|--types)
54 shift; TYPES=$1
55 ;;
56 -V|--verify)
57 shift; VERIFIES=$1
58 ;;
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]59 -p|--peers)
60 shift; PEERS=$1
61 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]62 -v|--verbose)
63 VERBOSE=1
64 ;;
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]65 -M|--memcheck)
66 MEMCHECK=1
67 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]68 -h|--help)
69 print_usage
70 exit 0
71 ;;
72 *)
73 echo "Unknown argument: '$1'"
74 print_usage
75 exit 1
76 ;;
77 esac
78 shift
79 done
80}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]81
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]82log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]83 if [ "X" != "X$VERBOSE" ]; then
84 echo "$@"
85 fi
86}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]87
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]88filter()
89{
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]90 LIST="$1"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]91 NEW_LIST=""
92
93 for i in $LIST;
94 do
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]95 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLUDE" )"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]96 done
97
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]98 # normalize whitespace
99 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]100}
101
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]102filter_ciphersuites()
103{
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]104 if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]105 then
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]106 P_CIPHERS=$( filter "$P_CIPHERS" )
107 O_CIPHERS=$( filter "$O_CIPHERS" )
108 G_CIPHERS=$( filter "$G_CIPHERS" )
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]109 fi
110}
111
112reset_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]113{
114 P_CIPHERS=""
115 O_CIPHERS=""
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]116 G_CIPHERS=""
117}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]118
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]119add_openssl_ciphersuites()
120{
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]121 case $TYPE in
122
123 "ECDSA")
124 if [ "$MODE" != "ssl3" ];
125 then
126 P_CIPHERS="$P_CIPHERS \
127 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
128 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
129 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
130 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
131 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
132 TLS-ECDH-ECDSA-WITH-NULL-SHA \
133 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
134 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
135 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
136 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
137 "
138 O_CIPHERS="$O_CIPHERS \
139 ECDHE-ECDSA-NULL-SHA \
140 ECDHE-ECDSA-RC4-SHA \
141 ECDHE-ECDSA-DES-CBC3-SHA \
142 ECDHE-ECDSA-AES128-SHA \
143 ECDHE-ECDSA-AES256-SHA \
144 ECDH-ECDSA-NULL-SHA \
145 ECDH-ECDSA-RC4-SHA \
146 ECDH-ECDSA-DES-CBC3-SHA \
147 ECDH-ECDSA-AES128-SHA \
148 ECDH-ECDSA-AES256-SHA \
149 "
150 fi
151 if [ "$MODE" = "tls1_2" ];
152 then
153 P_CIPHERS="$P_CIPHERS \
154 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
155 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
156 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
157 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
158 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
159 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
160 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
161 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
162 "
163 O_CIPHERS="$O_CIPHERS \
164 ECDHE-ECDSA-AES128-SHA256 \
165 ECDHE-ECDSA-AES256-SHA384 \
166 ECDHE-ECDSA-AES128-GCM-SHA256 \
167 ECDHE-ECDSA-AES256-GCM-SHA384 \
168 ECDH-ECDSA-AES128-SHA256 \
169 ECDH-ECDSA-AES256-SHA384 \
170 ECDH-ECDSA-AES128-GCM-SHA256 \
171 ECDH-ECDSA-AES256-GCM-SHA384 \
172 "
173 fi
174 ;;
175
176 "RSA")
177 P_CIPHERS="$P_CIPHERS \
178 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
179 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
180 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
181 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
182 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
183 TLS-RSA-WITH-AES-256-CBC-SHA \
184 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
185 TLS-RSA-WITH-AES-128-CBC-SHA \
186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
187 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
188 TLS-RSA-WITH-RC4-128-SHA \
189 TLS-RSA-WITH-RC4-128-MD5 \
190 TLS-RSA-WITH-NULL-MD5 \
191 TLS-RSA-WITH-NULL-SHA \
192 TLS-RSA-WITH-DES-CBC-SHA \
193 TLS-DHE-RSA-WITH-DES-CBC-SHA \
194 "
195 O_CIPHERS="$O_CIPHERS \
196 DHE-RSA-AES128-SHA \
197 DHE-RSA-AES256-SHA \
198 DHE-RSA-CAMELLIA128-SHA \
199 DHE-RSA-CAMELLIA256-SHA \
200 EDH-RSA-DES-CBC3-SHA \
201 AES256-SHA \
202 CAMELLIA256-SHA \
203 AES128-SHA \
204 CAMELLIA128-SHA \
205 DES-CBC3-SHA \
206 RC4-SHA \
207 RC4-MD5 \
208 NULL-MD5 \
209 NULL-SHA \
210 DES-CBC-SHA \
211 EDH-RSA-DES-CBC-SHA \
212 "
213 if [ "$MODE" != "ssl3" ];
214 then
215 P_CIPHERS="$P_CIPHERS \
216 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
217 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
218 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
219 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
220 TLS-ECDHE-RSA-WITH-NULL-SHA \
221 "
222 O_CIPHERS="$O_CIPHERS \
223 ECDHE-RSA-AES256-SHA \
224 ECDHE-RSA-AES128-SHA \
225 ECDHE-RSA-DES-CBC3-SHA \
226 ECDHE-RSA-RC4-SHA \
227 ECDHE-RSA-NULL-SHA \
228 "
229 fi
230 if [ "$MODE" = "tls1_2" ];
231 then
232 P_CIPHERS="$P_CIPHERS \
233 TLS-RSA-WITH-NULL-SHA256 \
234 TLS-RSA-WITH-AES-128-CBC-SHA256 \
235 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
236 TLS-RSA-WITH-AES-256-CBC-SHA256 \
237 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
238 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
239 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
240 TLS-RSA-WITH-AES-128-GCM-SHA256 \
241 TLS-RSA-WITH-AES-256-GCM-SHA384 \
242 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
243 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
244 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
245 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
246 "
247 O_CIPHERS="$O_CIPHERS \
248 NULL-SHA256 \
249 AES128-SHA256 \
250 DHE-RSA-AES128-SHA256 \
251 AES256-SHA256 \
252 DHE-RSA-AES256-SHA256 \
253 ECDHE-RSA-AES128-SHA256 \
254 ECDHE-RSA-AES256-SHA384 \
255 AES128-GCM-SHA256 \
256 DHE-RSA-AES128-GCM-SHA256 \
257 AES256-GCM-SHA384 \
258 DHE-RSA-AES256-GCM-SHA384 \
259 ECDHE-RSA-AES128-GCM-SHA256 \
260 ECDHE-RSA-AES256-GCM-SHA384 \
261 "
262 fi
263 ;;
264
265 "PSK")
266 P_CIPHERS="$P_CIPHERS \
267 TLS-PSK-WITH-RC4-128-SHA \
268 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
269 TLS-PSK-WITH-AES-128-CBC-SHA \
270 TLS-PSK-WITH-AES-256-CBC-SHA \
271 "
272 O_CIPHERS="$O_CIPHERS \
273 PSK-RC4-SHA \
274 PSK-3DES-EDE-CBC-SHA \
275 PSK-AES128-CBC-SHA \
276 PSK-AES256-CBC-SHA \
277 "
278 ;;
279 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]280}
281
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]282add_gnutls_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]283{
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]284 case $TYPE in
285
286 "ECDSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]287 if [ "$MODE" = "tls1_2" ];
288 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]289 P_CIPHERS="$P_CIPHERS \
290 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
291 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]292 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
293 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]294 "
295 G_CIPHERS="$G_CIPHERS \
296 +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
297 +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
298 +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
299 +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
300 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]301 fi
302 ;;
303
304 "RSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]305 if [ "$MODE" = "tls1_2" ];
306 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]307 P_CIPHERS="$P_CIPHERS \
308 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
309 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]310 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
311 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
312 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
313 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
314 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
315 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
316 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
317 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
318 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
319 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]320 TLS-RSA-WITH-NULL-SHA256 \
321 TLS-RSA-WITH-NULL-SHA \
322 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]323 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]324 G_CIPHERS="$G_CIPHERS \
325 +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
326 +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \
327 +RSA:+CAMELLIA-128-CBC:+SHA256 \
328 +RSA:+CAMELLIA-256-CBC:+SHA256 \
329 +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
330 +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \
331 +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \
332 +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \
333 +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \
334 +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
335 +RSA:+CAMELLIA-128-GCM:+AEAD \
336 +RSA:+CAMELLIA-256-GCM:+AEAD \
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]337 +RSA:+NULL:+SHA256 \
338 +RSA:+NULL:+SHA1 \
339 +RSA:+NULL:+MD5 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]340 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]341 fi
342 ;;
343
344 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]345 # GnuTLS 3.2.11 (2014-02-13) requires TLS 1.x for most *PSK suites
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]346 if [ "$MODE" != "ssl3" ];
347 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]348 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]349 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
350 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
351 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]352 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
353 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
354 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
355 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
356 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
357 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]358 "
359 G_CIPHERS="$G_CIPHERS \
360 +ECDHE-PSK:+AES-256-CBC:+SHA1 \
361 +ECDHE-PSK:+AES-128-CBC:+SHA1 \
362 +ECDHE-PSK:+3DES-CBC:+SHA1 \
363 +DHE-PSK:+3DES-CBC:+SHA1 \
364 +DHE-PSK:+AES-128-CBC:+SHA1 \
365 +DHE-PSK:+AES-256-CBC:+SHA1 \
366 +RSA-PSK:+3DES-CBC:+SHA1 \
367 +RSA-PSK:+AES-256-CBC:+SHA1 \
368 +RSA-PSK:+AES-128-CBC:+SHA1 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]369 "
370 fi
371 if [ "$MODE" = "tls1_2" ];
372 then
373 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]374 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
375 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
376 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
377 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
378 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
379 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]380 TLS-PSK-WITH-AES-128-CBC-SHA256 \
381 TLS-PSK-WITH-AES-256-CBC-SHA384 \
382 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
383 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
384 TLS-PSK-WITH-NULL-SHA256 \
385 TLS-PSK-WITH-NULL-SHA384 \
386 TLS-DHE-PSK-WITH-NULL-SHA256 \
387 TLS-DHE-PSK-WITH-NULL-SHA384 \
388 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
389 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
390 TLS-RSA-PSK-WITH-NULL-SHA256 \
391 TLS-RSA-PSK-WITH-NULL-SHA384 \
392 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
393 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
394 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
395 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
396 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
397 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]398 TLS-PSK-WITH-AES-128-GCM-SHA256 \
399 TLS-PSK-WITH-AES-256-GCM-SHA384 \
400 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
401 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
402 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
403 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
404 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
405 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
406 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
407 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
408 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
409 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]410 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]411 G_CIPHERS="$G_CIPHERS \
412 +ECDHE-PSK:+AES-256-CBC:+SHA384 \
413 +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
414 +ECDHE-PSK:+AES-128-CBC:+SHA256 \
415 +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
416 +PSK:+AES-128-CBC:+SHA256 \
417 +PSK:+AES-256-CBC:+SHA384 \
418 +DHE-PSK:+AES-128-CBC:+SHA256 \
419 +DHE-PSK:+AES-256-CBC:+SHA384 \
420 +RSA-PSK:+AES-256-CBC:+SHA384 \
421 +RSA-PSK:+AES-128-CBC:+SHA256 \
422 +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
423 +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
424 +PSK:+CAMELLIA-128-CBC:+SHA256 \
425 +PSK:+CAMELLIA-256-CBC:+SHA384 \
426 +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \
427 +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \
428 +PSK:+AES-128-GCM:+AEAD \
429 +PSK:+AES-256-GCM:+AEAD \
430 +DHE-PSK:+AES-128-GCM:+AEAD \
431 +DHE-PSK:+AES-256-GCM:+AEAD \
432 +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
433 +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
434 +PSK:+CAMELLIA-128-GCM:+AEAD \
435 +PSK:+CAMELLIA-256-GCM:+AEAD \
436 +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \
437 +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \
438 +RSA-PSK:+AES-256-GCM:+AEAD \
439 +RSA-PSK:+AES-128-GCM:+AEAD \
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]440 +ECDHE-PSK:+NULL:+SHA384 \
441 +ECDHE-PSK:+NULL:+SHA256 \
442 +PSK:+NULL:+SHA256 \
443 +PSK:+NULL:+SHA384 \
444 +DHE-PSK:+NULL:+SHA256 \
445 +DHE-PSK:+NULL:+SHA384 \
446 +RSA-PSK:+NULL:+SHA256 \
447 +RSA-PSK:+NULL:+SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]448 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]449 fi
450 ;;
451 esac
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]452}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]453
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]454add_polarssl_ciphersuites()
455{
456 case $TYPE in
457
458 "ECDSA")
459 if [ "$MODE" != "ssl3" ];
460 then
461 P_CIPHERS="$P_CIPHERS \
462 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
463 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
464 "
465 fi
466 if [ "$MODE" = "tls1_2" ];
467 then
468 P_CIPHERS="$P_CIPHERS \
469 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
470 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
471 "
472 fi
473 ;;
474
475 "RSA")
476 ;;
477
478 "PSK")
479 P_CIPHERS="$P_CIPHERS \
480 TLS-PSK-WITH-NULL-SHA \
481 TLS-DHE-PSK-WITH-RC4-128-SHA \
482 TLS-DHE-PSK-WITH-NULL-SHA \
483 TLS-RSA-PSK-WITH-RC4-128-SHA \
484 "
485 if [ "$MODE" != "ssl3" ];
486 then
487 P_CIPHERS="$P_CIPHERS \
488 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
489 TLS-ECDHE-PSK-WITH-NULL-SHA \
490 "
491 fi
492 ;;
493 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]494}
495
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]496setup_arguments()
497{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]498 case $MODE in
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]499 "ssl3")
500 G_PRIO_MODE="+VERS-SSL3.0"
501 ;;
502 "tls1")
503 G_PRIO_MODE="+VERS-TLS1.0"
504 ;;
505 "tls1_1")
506 G_PRIO_MODE="+VERS-TLS1.1"
507 ;;
508 "tls1_2")
509 G_PRIO_MODE="+VERS-TLS1.2"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]510 ;;
511 *)
512 echo "error: invalid mode: $MODE" >&2
513 exit 1;
514 esac
515
516 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]517 O_SERVER_ARGS="-www -cipher NULL,ALL -$MODE"
518 G_SERVER_ARGS="-p 4433 --http"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]519 G_SERVER_PRIO="EXPORT:+NULL:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]520
521 P_CLIENT_ARGS="force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]522 O_CLIENT_ARGS="-$MODE"
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]523 G_CLIENT_ARGS="-p 4433 --debug 3"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]524 G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]525
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]526 if [ "X$VERIFY" = "XYES" ];
527 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]528 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]529 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]530 G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
531
532 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]533 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]534 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]535 else
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]536 # don't request a client cert at all
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]537 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]538 G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
539
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]540 # give dummy CA to clients
Manuel Pégourié-Gonnard213c67a2014-03-12 08:30:59 +0100[diff] [blame]541 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/cli2.crt auth_mode=optional"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]542 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/cli2.crt"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]543 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/cli2.crt --insecure"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]544 fi
545
546 case $TYPE in
547 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]548 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]549 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]550 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
551
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]552 if [ "X$VERIFY" = "XYES" ]; then
553 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
554 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]555 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]556 else
557 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
558 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]559 ;;
560
561 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]562 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]563 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]564 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
565
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]566 if [ "X$VERIFY" = "XYES" ]; then
567 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
568 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]569 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]570 else
571 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
572 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]573 ;;
574
575 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]576 # give RSA-PSK-capable server a RSA cert
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]577 # (should be a separate type, but harder to close with openssl)
578 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]579 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]580 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
581
582 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]583 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]584 G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]585 ;;
586 esac
587}
588
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]589# is_polar <cmd_line>
590is_polar() {
591 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
592}
593
594# has_mem_err <log_file_name>
595has_mem_err() {
596 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
597 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
598 then
599 return 1 # false: does not have errors
600 else
601 return 0 # true: has errors
602 fi
603}
604
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]605# start_server <name>
606# also saves name and command
607start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]608 case $1 in
609 [Oo]pen*)
610 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
611 ;;
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]612 [Gg]nu*)
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]613 SERVER_CMD="gnutls-serv $G_SERVER_ARGS --priority $G_SERVER_PRIO"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]614 ;;
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]615 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]616 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]617 if [ "$MEMCHECK" -gt 0 ]; then
618 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
619 fi
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]620 ;;
621 *)
622 echo "error: invalid server name: $1" >&2
623 exit 1
624 ;;
625 esac
626 SERVER_NAME=$1
627
628 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]629 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]630 PROCESS_ID=$!
631
632 sleep 1
633}
634
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]635# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]636stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]637 case $SERVER_NAME in
638 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]639 # we must force a PSK suite when in PSK mode (otherwise client
640 # auth will fail), so use $O_CIPHERS
641 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
642 echo SERVERQUIT | \
643 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]644 sleep 1; kill $PROCESS_ID 2>/dev/null # XXX temporary
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]645 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]646 *)
647 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]648 esac
649
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]650 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]651
652 if [ "$MEMCHECK" -gt 0 ]; then
653 if is_polar "$SERVER_CMD" && has_mem_err srv_out; then
654 echo " ! Server had memory errors"
655 let "srvmem++"
656 return
657 fi
658 fi
659
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]660 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]661}
662
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]663# kill the running server (used when killed by signal)
664cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]665 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]666 kill $PROCESS_ID
667 exit 1
668}
669
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]670# run_client <name> <cipher>
671run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]672 # announce what we're going to do
673 let "tests++"
674 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
675 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
676 echo -n "$TITLE"
677 LEN=`echo "$TITLE" | wc -c`
678 LEN=`echo 72 - $LEN | bc`
679 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
680
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]681 # run the command and interpret result
682 case $1 in
683 [Oo]pen*)
684 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
685 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]686 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]687 EXIT=$?
688
689 if [ "$EXIT" == "0" ]; then
690 RESULT=0
691 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]692 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]693 RESULT=1
694 else
695 RESULT=2
696 fi
697 fi
698 ;;
699
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]700 [Gg]nu*)
701 CLIENT_CMD="gnutls-cli $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 localhost"
702 log "$CLIENT_CMD"
703 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
704 EXIT=$?
705
706 if [ "$EXIT" == "0" ]; then
707 RESULT=0
708 else
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]709 RESULT=2
710 # interpret early failure, with a handshake_failure alert
711 # before the server hello, as "no ciphersuite in common"
712 if grep -F 'Received alert [40]: Handshake failed' cli_out; then
713 if grep -i 'SERVER HELLO .* was received' cli_out; then :
714 else
715 RESULT=1
716 fi
717 fi >/dev/null
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]718 fi
719 ;;
720
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]721 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]722 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]723 if [ "$MEMCHECK" -gt 0 ]; then
724 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
725 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]726 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]727 $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]728 EXIT=$?
729
730 case $EXIT in
731 "0") RESULT=0 ;;
732 "2") RESULT=1 ;;
733 *) RESULT=2 ;;
734 esac
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]735
736 if [ "$MEMCHECK" -gt 0 ]; then
737 if is_polar "$CLIENT_CMD" && has_mem_err cli_out; then
738 RESULT=2
739 fi
740 fi
741
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]742 ;;
743
744 *)
745 echo "error: invalid client name: $1" >&2
746 exit 1
747 ;;
748 esac
749
750 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]751 case $RESULT in
752 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]753 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]754 ;;
755 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]756 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]757 let "skipped++"
758 ;;
759 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]760 echo FAIL
761 echo " ! $SERVER_CMD"
762 echo " ! $CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]763 cp srv_out c-srv-${tests}.log
764 cp cli_out c-cli-${tests}.log
765 echo " ! outputs saved to c-srv-${tests}.log, c-cli-${tests}.log"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]766 let "failed++"
767 ;;
768 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]769
770 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]771}
772
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]773#
774# MAIN
775#
776
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]777# sanity checks, avoid an avalanche of errors
778if [ ! -x "$P_SRV" ]; then
779 echo "Command '$P_SRV' is not an executable file"
780 exit 1
781fi
782if [ ! -x "$P_CLI" ]; then
783 echo "Command '$P_CLI' is not an executable file"
784 exit 1
785fi
786if which $OPENSSL >/dev/null 2>&1; then :; else
787 echo "Command '$OPENSSL' not found"
788 exit 1
789fi
790
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]791get_options "$@"
792
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]793killall -q gnutls-serv openssl ssl_server ssl_server2
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]794trap cleanup INT TERM HUP
795
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]796for VERIFY in $VERIFIES; do
797 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]798 for TYPE in $TYPES; do
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]799 for PEER in $PEERS; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]800
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]801 setup_arguments
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]802
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]803 case "$PEER" in
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]804
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]805 [Oo]pen*)
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]806
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]807 reset_ciphersuites
808 add_openssl_ciphersuites
809 filter_ciphersuites
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]810
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]811 if [ "X" != "X$P_CIPHERS" ]; then
812 start_server "OpenSSL"
813 for i in $P_CIPHERS; do
814 run_client PolarSSL $i
815 done
816 stop_server
817 fi
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]818
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]819 if [ "X" != "X$O_CIPHERS" ]; then
820 start_server "PolarSSL"
821 for i in $O_CIPHERS; do
822 run_client OpenSSL $i
823 done
824 stop_server
825 fi
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]826
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]827 ;;
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]828
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]829 [Gg]nu*)
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]830
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]831 reset_ciphersuites
832 add_gnutls_ciphersuites
833 filter_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]834
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame^]835 if [ "X" != "X$P_CIPHERS" ]; then
836 start_server "GnuTLS"
837 for i in $P_CIPHERS; do
838 run_client PolarSSL $i
839 done
840 stop_server
841 fi
842
843 if [ "X" != "X$G_CIPHERS" ]; then
844 start_server "PolarSSL"
845 for i in $G_CIPHERS; do
846 run_client GnuTLS $i
847 done
848 stop_server
849 fi
850
851 ;;
852
853 [Pp]olar*)
854
855 reset_ciphersuites
856 add_openssl_ciphersuites
857 add_gnutls_ciphersuites
858 add_polarssl_ciphersuites
859 filter_ciphersuites
860
861 if [ "X" != "X$P_CIPHERS" ]; then
862 start_server "PolarSSL"
863 for i in $P_CIPHERS; do
864 run_client PolarSSL $i
865 done
866 stop_server
867 fi
868
869 ;;
870
871 esac
872
873 done
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]874 done
875 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]876done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]877
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]878echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]879
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]880if (( failed != 0 && srvmem != 0 ));
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]881then
882 echo -n "FAILED"
883else
884 echo -n "PASSED"
885fi
886
887let "passed = tests - failed"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]888echo " ($passed / $tests tests ($skipped skipped, $srvmem server memory errors)"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]889
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]890let "failed += srvmem"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]891exit $failed