TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a1a9f9a639efc0058d39d7f619f3536d80a471e7 / . / tests / compat.sh
blob: 155896090d38e069ba94030de5ca694d31a1b969 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]6# test if those two are set in the environment before assigning defaults
7if [ -n "$GNUTLS_CLI" -a -n "$GNUTLS_SERV" ]; then
8 GNUTLS_AVAILABLE=1
9else
10 GNUTLS_AVAILABLE=0
11fi
12
13# catch undefined variables from now on
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]14set -u
15
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]16# initialise counters
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]17let "tests = 0"
18let "failed = 0"
19let "skipped = 0"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]20let "srvmem = 0"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]21
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]22# default commands, can be overriden by the environment
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]23: ${P_SRV:=../programs/ssl/ssl_server2}
24: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]25: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
26: ${GNUTLS_CLI:=gnutls-cli}
27: ${GNUTLS_SERV:=gnutls-serv}
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]28
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]29# default values for options
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]30MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]31VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]32TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]33FILTER=""
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]34EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (PolarSSL), DES-CBC3 (OpenSSL)
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]35VERBOSE=""
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]36MEMCHECK=0
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]37# GnuTLS not enabled by default, 3.2.4 might not be available everywhere
38if [ "$GNUTLS_AVAILABLE" -gt 0 ]; then
39 PEERS="OpenSSL PolarSSL GnuTLS"
40else
41 PEERS="OpenSSL PolarSSL"
42fi
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]43
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]44print_usage() {
45 echo "Usage: $0"
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]46 echo -e " -h|--help\tPrint this help."
47 echo -e " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')"
48 echo -e " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')"
49 echo -e " -m|--modes\tWhich modes to perform (Default: '$MODES')"
50 echo -e " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')"
51 echo -e " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')"
52 echo -e " -p|--peers\tWhich peers to use (Default: '$PEERS')"
53 echo -e " \tAlso available: GnuTLS (needs v3.2.4 or higher)"
54 echo -e " -M|--memcheck\tCheck memory leaks and errors."
55 echo -e " -v|--verbose\tSet verbose output."
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]56}
57
58get_options() {
59 while [ $# -gt 0 ]; do
60 case "$1" in
61 -f|--filter)
62 shift; FILTER=$1
63 ;;
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]64 -e|--exclude)
65 shift; EXCLUDE=$1
66 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]67 -m|--modes)
68 shift; MODES=$1
69 ;;
70 -t|--types)
71 shift; TYPES=$1
72 ;;
73 -V|--verify)
74 shift; VERIFIES=$1
75 ;;
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]76 -p|--peers)
77 shift; PEERS=$1
78 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]79 -v|--verbose)
80 VERBOSE=1
81 ;;
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]82 -M|--memcheck)
83 MEMCHECK=1
84 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]85 -h|--help)
86 print_usage
87 exit 0
88 ;;
89 *)
90 echo "Unknown argument: '$1'"
91 print_usage
92 exit 1
93 ;;
94 esac
95 shift
96 done
97}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]98
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]99log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]100 if [ "X" != "X$VERBOSE" ]; then
101 echo "$@"
102 fi
103}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]104
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]105filter()
106{
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]107 LIST="$1"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]108 NEW_LIST=""
109
110 for i in $LIST;
111 do
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]112 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLUDE" )"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]113 done
114
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]115 # normalize whitespace
116 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]117}
118
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]119filter_ciphersuites()
120{
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]121 if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]122 then
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]123 P_CIPHERS=$( filter "$P_CIPHERS" )
124 O_CIPHERS=$( filter "$O_CIPHERS" )
125 G_CIPHERS=$( filter "$G_CIPHERS" )
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]126 fi
127}
128
129reset_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]130{
131 P_CIPHERS=""
132 O_CIPHERS=""
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]133 G_CIPHERS=""
134}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]135
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]136add_openssl_ciphersuites()
137{
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]138 case $TYPE in
139
140 "ECDSA")
141 if [ "$MODE" != "ssl3" ];
142 then
143 P_CIPHERS="$P_CIPHERS \
144 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
145 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
146 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
147 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
148 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
149 TLS-ECDH-ECDSA-WITH-NULL-SHA \
150 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
151 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
152 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
153 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
154 "
155 O_CIPHERS="$O_CIPHERS \
156 ECDHE-ECDSA-NULL-SHA \
157 ECDHE-ECDSA-RC4-SHA \
158 ECDHE-ECDSA-DES-CBC3-SHA \
159 ECDHE-ECDSA-AES128-SHA \
160 ECDHE-ECDSA-AES256-SHA \
161 ECDH-ECDSA-NULL-SHA \
162 ECDH-ECDSA-RC4-SHA \
163 ECDH-ECDSA-DES-CBC3-SHA \
164 ECDH-ECDSA-AES128-SHA \
165 ECDH-ECDSA-AES256-SHA \
166 "
167 fi
168 if [ "$MODE" = "tls1_2" ];
169 then
170 P_CIPHERS="$P_CIPHERS \
171 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
172 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
173 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
174 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
175 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
176 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
177 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
178 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
179 "
180 O_CIPHERS="$O_CIPHERS \
181 ECDHE-ECDSA-AES128-SHA256 \
182 ECDHE-ECDSA-AES256-SHA384 \
183 ECDHE-ECDSA-AES128-GCM-SHA256 \
184 ECDHE-ECDSA-AES256-GCM-SHA384 \
185 ECDH-ECDSA-AES128-SHA256 \
186 ECDH-ECDSA-AES256-SHA384 \
187 ECDH-ECDSA-AES128-GCM-SHA256 \
188 ECDH-ECDSA-AES256-GCM-SHA384 \
189 "
190 fi
191 ;;
192
193 "RSA")
194 P_CIPHERS="$P_CIPHERS \
195 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
196 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
197 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
198 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
199 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
200 TLS-RSA-WITH-AES-256-CBC-SHA \
201 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
202 TLS-RSA-WITH-AES-128-CBC-SHA \
203 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
204 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
205 TLS-RSA-WITH-RC4-128-SHA \
206 TLS-RSA-WITH-RC4-128-MD5 \
207 TLS-RSA-WITH-NULL-MD5 \
208 TLS-RSA-WITH-NULL-SHA \
209 TLS-RSA-WITH-DES-CBC-SHA \
210 TLS-DHE-RSA-WITH-DES-CBC-SHA \
211 "
212 O_CIPHERS="$O_CIPHERS \
213 DHE-RSA-AES128-SHA \
214 DHE-RSA-AES256-SHA \
215 DHE-RSA-CAMELLIA128-SHA \
216 DHE-RSA-CAMELLIA256-SHA \
217 EDH-RSA-DES-CBC3-SHA \
218 AES256-SHA \
219 CAMELLIA256-SHA \
220 AES128-SHA \
221 CAMELLIA128-SHA \
222 DES-CBC3-SHA \
223 RC4-SHA \
224 RC4-MD5 \
225 NULL-MD5 \
226 NULL-SHA \
227 DES-CBC-SHA \
228 EDH-RSA-DES-CBC-SHA \
229 "
230 if [ "$MODE" != "ssl3" ];
231 then
232 P_CIPHERS="$P_CIPHERS \
233 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
234 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
235 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
236 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
237 TLS-ECDHE-RSA-WITH-NULL-SHA \
238 "
239 O_CIPHERS="$O_CIPHERS \
240 ECDHE-RSA-AES256-SHA \
241 ECDHE-RSA-AES128-SHA \
242 ECDHE-RSA-DES-CBC3-SHA \
243 ECDHE-RSA-RC4-SHA \
244 ECDHE-RSA-NULL-SHA \
245 "
246 fi
247 if [ "$MODE" = "tls1_2" ];
248 then
249 P_CIPHERS="$P_CIPHERS \
250 TLS-RSA-WITH-NULL-SHA256 \
251 TLS-RSA-WITH-AES-128-CBC-SHA256 \
252 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
253 TLS-RSA-WITH-AES-256-CBC-SHA256 \
254 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
255 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
257 TLS-RSA-WITH-AES-128-GCM-SHA256 \
258 TLS-RSA-WITH-AES-256-GCM-SHA384 \
259 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
260 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
261 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
262 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
263 "
264 O_CIPHERS="$O_CIPHERS \
265 NULL-SHA256 \
266 AES128-SHA256 \
267 DHE-RSA-AES128-SHA256 \
268 AES256-SHA256 \
269 DHE-RSA-AES256-SHA256 \
270 ECDHE-RSA-AES128-SHA256 \
271 ECDHE-RSA-AES256-SHA384 \
272 AES128-GCM-SHA256 \
273 DHE-RSA-AES128-GCM-SHA256 \
274 AES256-GCM-SHA384 \
275 DHE-RSA-AES256-GCM-SHA384 \
276 ECDHE-RSA-AES128-GCM-SHA256 \
277 ECDHE-RSA-AES256-GCM-SHA384 \
278 "
279 fi
280 ;;
281
282 "PSK")
283 P_CIPHERS="$P_CIPHERS \
284 TLS-PSK-WITH-RC4-128-SHA \
285 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
286 TLS-PSK-WITH-AES-128-CBC-SHA \
287 TLS-PSK-WITH-AES-256-CBC-SHA \
288 "
289 O_CIPHERS="$O_CIPHERS \
290 PSK-RC4-SHA \
291 PSK-3DES-EDE-CBC-SHA \
292 PSK-AES128-CBC-SHA \
293 PSK-AES256-CBC-SHA \
294 "
295 ;;
296 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]297}
298
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]299add_gnutls_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]300{
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]301 case $TYPE in
302
303 "ECDSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]304 if [ "$MODE" = "tls1_2" ];
305 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]306 P_CIPHERS="$P_CIPHERS \
307 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
308 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]309 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
310 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]311 "
312 G_CIPHERS="$G_CIPHERS \
313 +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
314 +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
315 +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
316 +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
317 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]318 fi
319 ;;
320
321 "RSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]322 if [ "$MODE" = "tls1_2" ];
323 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]324 P_CIPHERS="$P_CIPHERS \
325 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
326 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]327 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
328 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
329 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
330 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
331 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
332 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
333 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
334 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
335 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
336 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]337 TLS-RSA-WITH-NULL-SHA256 \
338 TLS-RSA-WITH-NULL-SHA \
339 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]340 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]341 G_CIPHERS="$G_CIPHERS \
342 +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
343 +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \
344 +RSA:+CAMELLIA-128-CBC:+SHA256 \
345 +RSA:+CAMELLIA-256-CBC:+SHA256 \
346 +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
347 +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \
348 +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \
349 +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \
350 +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \
351 +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
352 +RSA:+CAMELLIA-128-GCM:+AEAD \
353 +RSA:+CAMELLIA-256-GCM:+AEAD \
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]354 +RSA:+NULL:+SHA256 \
355 +RSA:+NULL:+SHA1 \
356 +RSA:+NULL:+MD5 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]357 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]358 fi
359 ;;
360
361 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]362 # GnuTLS 3.2.11 (2014-02-13) requires TLS 1.x for most *PSK suites
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]363 if [ "$MODE" != "ssl3" ];
364 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]365 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]366 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
367 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
368 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]369 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
370 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
371 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
372 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
373 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
374 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]375 "
376 G_CIPHERS="$G_CIPHERS \
377 +ECDHE-PSK:+AES-256-CBC:+SHA1 \
378 +ECDHE-PSK:+AES-128-CBC:+SHA1 \
379 +ECDHE-PSK:+3DES-CBC:+SHA1 \
380 +DHE-PSK:+3DES-CBC:+SHA1 \
381 +DHE-PSK:+AES-128-CBC:+SHA1 \
382 +DHE-PSK:+AES-256-CBC:+SHA1 \
383 +RSA-PSK:+3DES-CBC:+SHA1 \
384 +RSA-PSK:+AES-256-CBC:+SHA1 \
385 +RSA-PSK:+AES-128-CBC:+SHA1 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]386 "
387 fi
388 if [ "$MODE" = "tls1_2" ];
389 then
390 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]391 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
392 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
393 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
394 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
395 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
396 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]397 TLS-PSK-WITH-AES-128-CBC-SHA256 \
398 TLS-PSK-WITH-AES-256-CBC-SHA384 \
399 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
400 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
401 TLS-PSK-WITH-NULL-SHA256 \
402 TLS-PSK-WITH-NULL-SHA384 \
403 TLS-DHE-PSK-WITH-NULL-SHA256 \
404 TLS-DHE-PSK-WITH-NULL-SHA384 \
405 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
406 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
407 TLS-RSA-PSK-WITH-NULL-SHA256 \
408 TLS-RSA-PSK-WITH-NULL-SHA384 \
409 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
410 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
411 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
412 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
413 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
414 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]415 TLS-PSK-WITH-AES-128-GCM-SHA256 \
416 TLS-PSK-WITH-AES-256-GCM-SHA384 \
417 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
418 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
419 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
420 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
421 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
422 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
423 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
424 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
425 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
426 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]427 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]428 G_CIPHERS="$G_CIPHERS \
429 +ECDHE-PSK:+AES-256-CBC:+SHA384 \
430 +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
431 +ECDHE-PSK:+AES-128-CBC:+SHA256 \
432 +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
433 +PSK:+AES-128-CBC:+SHA256 \
434 +PSK:+AES-256-CBC:+SHA384 \
435 +DHE-PSK:+AES-128-CBC:+SHA256 \
436 +DHE-PSK:+AES-256-CBC:+SHA384 \
437 +RSA-PSK:+AES-256-CBC:+SHA384 \
438 +RSA-PSK:+AES-128-CBC:+SHA256 \
439 +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
440 +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
441 +PSK:+CAMELLIA-128-CBC:+SHA256 \
442 +PSK:+CAMELLIA-256-CBC:+SHA384 \
443 +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \
444 +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \
445 +PSK:+AES-128-GCM:+AEAD \
446 +PSK:+AES-256-GCM:+AEAD \
447 +DHE-PSK:+AES-128-GCM:+AEAD \
448 +DHE-PSK:+AES-256-GCM:+AEAD \
449 +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
450 +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
451 +PSK:+CAMELLIA-128-GCM:+AEAD \
452 +PSK:+CAMELLIA-256-GCM:+AEAD \
453 +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \
454 +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \
455 +RSA-PSK:+AES-256-GCM:+AEAD \
456 +RSA-PSK:+AES-128-GCM:+AEAD \
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]457 +ECDHE-PSK:+NULL:+SHA384 \
458 +ECDHE-PSK:+NULL:+SHA256 \
459 +PSK:+NULL:+SHA256 \
460 +PSK:+NULL:+SHA384 \
461 +DHE-PSK:+NULL:+SHA256 \
462 +DHE-PSK:+NULL:+SHA384 \
463 +RSA-PSK:+NULL:+SHA256 \
464 +RSA-PSK:+NULL:+SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]465 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]466 fi
467 ;;
468 esac
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]469}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]470
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]471add_polarssl_ciphersuites()
472{
473 case $TYPE in
474
475 "ECDSA")
476 if [ "$MODE" != "ssl3" ];
477 then
478 P_CIPHERS="$P_CIPHERS \
479 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
480 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
481 "
482 fi
483 if [ "$MODE" = "tls1_2" ];
484 then
485 P_CIPHERS="$P_CIPHERS \
486 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
487 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
488 "
489 fi
490 ;;
491
492 "RSA")
493 ;;
494
495 "PSK")
496 P_CIPHERS="$P_CIPHERS \
497 TLS-PSK-WITH-NULL-SHA \
498 TLS-DHE-PSK-WITH-RC4-128-SHA \
499 TLS-DHE-PSK-WITH-NULL-SHA \
500 TLS-RSA-PSK-WITH-RC4-128-SHA \
501 "
502 if [ "$MODE" != "ssl3" ];
503 then
504 P_CIPHERS="$P_CIPHERS \
505 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
506 TLS-ECDHE-PSK-WITH-NULL-SHA \
507 "
508 fi
509 ;;
510 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]511}
512
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]513setup_arguments()
514{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]515 case $MODE in
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]516 "ssl3")
517 G_PRIO_MODE="+VERS-SSL3.0"
518 ;;
519 "tls1")
520 G_PRIO_MODE="+VERS-TLS1.0"
521 ;;
522 "tls1_1")
523 G_PRIO_MODE="+VERS-TLS1.1"
524 ;;
525 "tls1_2")
526 G_PRIO_MODE="+VERS-TLS1.2"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]527 ;;
528 *)
529 echo "error: invalid mode: $MODE" >&2
530 exit 1;
531 esac
532
533 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]534 O_SERVER_ARGS="-www -cipher NULL,ALL -$MODE"
535 G_SERVER_ARGS="-p 4433 --http"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]536 G_SERVER_PRIO="EXPORT:+NULL:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]537
538 P_CLIENT_ARGS="force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]539 O_CLIENT_ARGS="-$MODE"
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]540 G_CLIENT_ARGS="-p 4433 --debug 3"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]541 G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]542
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]543 if [ "X$VERIFY" = "XYES" ];
544 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]545 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]546 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]547 G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
548
549 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]550 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]551 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]552 else
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]553 # don't request a client cert at all
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]554 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]555 G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
556
Manuel Pégourié-Gonnard5de31ec2014-03-19 17:34:52 +0100[diff] [blame]557 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=none auth_mode=none"
558 O_CLIENT_ARGS="$O_CLIENT_ARGS"
559 G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]560 fi
561
562 case $TYPE in
563 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]564 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]565 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]566 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
567
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]568 if [ "X$VERIFY" = "XYES" ]; then
569 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
570 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]571 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]572 else
573 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
574 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]575 ;;
576
577 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]578 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]579 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]580 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
581
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]582 if [ "X$VERIFY" = "XYES" ]; then
583 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
584 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]585 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]586 else
587 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
588 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]589 ;;
590
591 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]592 # give RSA-PSK-capable server a RSA cert
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]593 # (should be a separate type, but harder to close with openssl)
594 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]595 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]596 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
597
598 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]599 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]600 G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]601 ;;
602 esac
603}
604
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]605# is_polar <cmd_line>
606is_polar() {
607 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
608}
609
610# has_mem_err <log_file_name>
611has_mem_err() {
612 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
613 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
614 then
615 return 1 # false: does not have errors
616 else
617 return 0 # true: has errors
618 fi
619}
620
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]621# start_server <name>
622# also saves name and command
623start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]624 case $1 in
625 [Oo]pen*)
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]626 SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]627 ;;
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]628 [Gg]nu*)
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]629 SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]630 ;;
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]631 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]632 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]633 if [ "$MEMCHECK" -gt 0 ]; then
634 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
635 fi
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]636 ;;
637 *)
638 echo "error: invalid server name: $1" >&2
639 exit 1
640 ;;
641 esac
642 SERVER_NAME=$1
643
644 log "$SERVER_CMD"
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]645 echo "$SERVER_CMD" > srv_out
646 $SERVER_CMD >> srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]647 PROCESS_ID=$!
648
649 sleep 1
650}
651
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]652# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]653stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]654 case $SERVER_NAME in
655 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]656 # we must force a PSK suite when in PSK mode (otherwise client
Manuel Pégourié-Gonnard84fd6872014-03-13 18:35:10 +0100[diff] [blame]657 # auth will fail), so try every entry in $P_CIPHERS in turn (in
658 # case the first one is not implemented in this configuration)
659 for i in $P_CIPHERS; do
Manuel Pégourié-Gonnard5de31ec2014-03-19 17:34:52 +0100[diff] [blame]660 log "$P_CLI $P_CLIENT_ARGS request_page=SERVERQUIT auth_mode=none force_ciphersuite=$i"
Manuel Pégourié-Gonnard84fd6872014-03-13 18:35:10 +0100[diff] [blame]661 "$P_CLI" $P_CLIENT_ARGS request_page=SERVERQUIT auth_mode=none \
Manuel Pégourié-Gonnard84fd6872014-03-13 18:35:10 +0100[diff] [blame]662 force_ciphersuite=$i >/dev/null
663 if [ "$?" == 0 ]; then
664 break
665 fi
666 done
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]667 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]668 *)
669 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]670 esac
671
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]672 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]673
674 if [ "$MEMCHECK" -gt 0 ]; then
675 if is_polar "$SERVER_CMD" && has_mem_err srv_out; then
676 echo " ! Server had memory errors"
677 let "srvmem++"
678 return
679 fi
680 fi
681
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]682 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]683}
684
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]685# kill the running server (used when killed by signal)
686cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]687 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]688 kill $PROCESS_ID
689 exit 1
690}
691
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]692# run_client <name> <cipher>
693run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]694 # announce what we're going to do
695 let "tests++"
696 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100[diff] [blame]697 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2"
698 echo -n "$TITLE "
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]699 LEN=`echo "$TITLE" | wc -c`
700 LEN=`echo 72 - $LEN | bc`
701 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
702
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]703 # run the command and interpret result
704 case $1 in
705 [Oo]pen*)
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]706 CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]707 log "$CLIENT_CMD"
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]708 echo "$CLIENT_CMD" > cli_out
709 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD >> cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]710 EXIT=$?
711
712 if [ "$EXIT" == "0" ]; then
713 RESULT=0
714 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]715 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]716 RESULT=1
717 else
718 RESULT=2
719 fi
720 fi
721 ;;
722
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]723 [Gg]nu*)
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]724 CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 localhost"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]725 log "$CLIENT_CMD"
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]726 echo "$CLIENT_CMD" > cli_out
727 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD >> cli_out 2>&1
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]728 EXIT=$?
729
730 if [ "$EXIT" == "0" ]; then
731 RESULT=0
732 else
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]733 RESULT=2
734 # interpret early failure, with a handshake_failure alert
735 # before the server hello, as "no ciphersuite in common"
736 if grep -F 'Received alert [40]: Handshake failed' cli_out; then
737 if grep -i 'SERVER HELLO .* was received' cli_out; then :
738 else
739 RESULT=1
740 fi
741 fi >/dev/null
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame]742 fi
743 ;;
744
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]745 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]746 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]747 if [ "$MEMCHECK" -gt 0 ]; then
748 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
749 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]750 log "$CLIENT_CMD"
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]751 echo "$CLIENT_CMD" > cli_out
752 $CLIENT_CMD >> cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]753 EXIT=$?
754
755 case $EXIT in
756 "0") RESULT=0 ;;
757 "2") RESULT=1 ;;
758 *) RESULT=2 ;;
759 esac
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]760
761 if [ "$MEMCHECK" -gt 0 ]; then
762 if is_polar "$CLIENT_CMD" && has_mem_err cli_out; then
763 RESULT=2
764 fi
765 fi
766
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]767 ;;
768
769 *)
770 echo "error: invalid client name: $1" >&2
771 exit 1
772 ;;
773 esac
774
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100[diff] [blame]775 echo "EXIT: $EXIT" >> cli_out
776
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]777 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]778 case $RESULT in
779 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]780 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]781 ;;
782 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]783 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]784 let "skipped++"
785 ;;
786 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]787 echo FAIL
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]788 cp srv_out c-srv-${tests}.log
789 cp cli_out c-cli-${tests}.log
790 echo " ! outputs saved to c-srv-${tests}.log, c-cli-${tests}.log"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]791 let "failed++"
792 ;;
793 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]794
795 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]796}
797
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]798#
799# MAIN
800#
801
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]802get_options "$@"
803
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]804# sanity checks, avoid an avalanche of errors
805if [ ! -x "$P_SRV" ]; then
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]806 echo "Command '$P_SRV' is not an executable file" >&2
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]807 exit 1
808fi
809if [ ! -x "$P_CLI" ]; then
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]810 echo "Command '$P_CLI' is not an executable file" >&2
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]811 exit 1
812fi
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]813
814if echo "$PEERS" | grep -i openssl > /dev/null; then
815 if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
816 echo "Command '$OPENSSL_CMD' not found" >&2
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]817 exit 1
818 fi
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]819fi
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]820
Manuel Pégourié-Gonnard3947d042014-03-14 18:13:53 +0100[diff] [blame]821if echo "$PEERS" | grep -i gnutls > /dev/null; then
822 for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do
823 if which "$CMD" >/dev/null 2>&1; then :; else
824 echo "Command '$CMD' not found" >&2
825 exit 1
826 fi
827 done
828fi
829
830for PEER in $PEERS; do
831 case "$PEER" in
832 [Pp]olar*|[Oo]pen*|[Gg]nu*)
833 ;;
834 *)
835 echo "Unknown peers: $PEER" >&2
836 exit 1
837 esac
838done
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]839
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]840killall -q gnutls-serv openssl ssl_server ssl_server2
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]841trap cleanup INT TERM HUP
842
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]843for VERIFY in $VERIFIES; do
844 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]845 for TYPE in $TYPES; do
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]846 for PEER in $PEERS; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]847
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]848 setup_arguments
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]849
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]850 case "$PEER" in
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]851
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]852 [Oo]pen*)
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]853
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]854 reset_ciphersuites
855 add_openssl_ciphersuites
856 filter_ciphersuites
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]857
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]858 if [ "X" != "X$P_CIPHERS" ]; then
859 start_server "OpenSSL"
860 for i in $P_CIPHERS; do
861 run_client PolarSSL $i
862 done
863 stop_server
864 fi
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]865
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]866 if [ "X" != "X$O_CIPHERS" ]; then
867 start_server "PolarSSL"
868 for i in $O_CIPHERS; do
869 run_client OpenSSL $i
870 done
871 stop_server
872 fi
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]873
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]874 ;;
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]875
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]876 [Gg]nu*)
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]877
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]878 reset_ciphersuites
879 add_gnutls_ciphersuites
880 filter_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]881
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]882 if [ "X" != "X$P_CIPHERS" ]; then
883 start_server "GnuTLS"
884 for i in $P_CIPHERS; do
885 run_client PolarSSL $i
886 done
887 stop_server
888 fi
889
890 if [ "X" != "X$G_CIPHERS" ]; then
891 start_server "PolarSSL"
892 for i in $G_CIPHERS; do
893 run_client GnuTLS $i
894 done
895 stop_server
896 fi
897
898 ;;
899
900 [Pp]olar*)
901
902 reset_ciphersuites
903 add_openssl_ciphersuites
904 add_gnutls_ciphersuites
905 add_polarssl_ciphersuites
906 filter_ciphersuites
907
908 if [ "X" != "X$P_CIPHERS" ]; then
909 start_server "PolarSSL"
910 for i in $P_CIPHERS; do
911 run_client PolarSSL $i
912 done
913 stop_server
914 fi
915
916 ;;
917
Manuel Pégourié-Gonnarda1a9f9a2014-03-25 18:04:59 +0100[diff] [blame^]918 *)
919 echo "Unkown peer: $PEER" >&2
920 exit 1
921 ;;
922
Manuel Pégourié-Gonnard9edba772014-03-13 17:45:35 +0100[diff] [blame]923 esac
924
925 done
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]926 done
927 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]928done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]929
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]930echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]931
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]932if (( failed != 0 && srvmem != 0 ));
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]933then
934 echo -n "FAILED"
935else
936 echo -n "PASSED"
937fi
938
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]939if [ "$MEMCHECK" -gt 0 ]; then
940 MEMREPORT=", $srvmem server memory errors"
941else
942 MEMREPORT=""
943fi
944
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]945let "passed = tests - failed"
Manuel Pégourié-Gonnardba0b8442014-03-13 17:57:45 +0100[diff] [blame]946echo " ($passed / $tests tests ($skipped skipped$MEMREPORT))"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]947
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]948let "failed += srvmem"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]949exit $failed