TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / accd4eb665ff6c1ba0a46922aa620c0a3ee03cf2 / . / tests / compat.sh
blob: 86a396bc421a27e75e3e812374ee90b5db290857 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]5MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]6VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]7OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]8FILTER=""
9VERBOSE=""
10
11# Parse arguments
12#
13until [ -z "$1" ]
14do
15 case "$1" in
16 -f|--filter)
17 # Filter ciphersuites
18 shift
19 FILTER=$1
20 ;;
21 -v|--verbose)
22 # Set verbosity
23 shift
24 VERBOSE=1
25 ;;
26 -h|--help)
27 # print help
28 echo "Usage: $0"
29 echo -e " -f|--filter\tFilter ciphersuites to test."
30 echo -e " -h|--help\t\tPrint this help."
31 echo -e " -v|--verbose\t\tSet verbose output."
32 exit 1
33 ;;
34 *)
35 # print error
36 echo "Unknown argument: '$1'"
37 exit 1
38 ;;
39 esac
40 shift
41done
42
43log () {
44 if [ "X" != "X$VERBOSE" ]; then
45 echo "$@"
46 fi
47}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]48
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]49for VERIFY in $VERIFIES;
50do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]51P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
52P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
53O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
54O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
55
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]56if [ "X$VERIFY" = "XYES" ];
57then
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]58 P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
59 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
60 O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
61 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]62fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]63
64for MODE in $MODES;
65do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]66echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]67echo "-----------"
68
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]69P_CIPHERS=" \
70 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
71 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
72 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
73 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
74 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
75 TLS-RSA-WITH-AES-256-CBC-SHA \
76 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
77 TLS-RSA-WITH-AES-128-CBC-SHA \
78 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
79 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
80 TLS-RSA-WITH-RC4-128-SHA \
81 TLS-RSA-WITH-RC4-128-MD5 \
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]82 TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]83 TLS-RSA-WITH-NULL-MD5 \
84 TLS-RSA-WITH-NULL-SHA \
85 TLS-RSA-WITH-DES-CBC-SHA \
86 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]87 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
88 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
89 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
90 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]91 TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]92 TLS-PSK-WITH-RC4-128-SHA \
93 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
94 TLS-PSK-WITH-AES-128-CBC-SHA \
95 TLS-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]96 "
97
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]98O_CIPHERS=" \
99 DHE-RSA-AES128-SHA \
100 DHE-RSA-AES256-SHA \
101 DHE-RSA-CAMELLIA128-SHA \
102 DHE-RSA-CAMELLIA256-SHA \
103 EDH-RSA-DES-CBC3-SHA \
104 AES256-SHA \
105 CAMELLIA256-SHA \
106 AES128-SHA \
107 CAMELLIA128-SHA \
108 DES-CBC3-SHA \
109 RC4-SHA \
110 RC4-MD5 \
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]111 EXP-RC4-MD5 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]112 NULL-MD5 \
113 NULL-SHA \
114 DES-CBC-SHA \
115 EDH-RSA-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]116 ECDHE-RSA-AES256-SHA \
117 ECDHE-RSA-AES128-SHA \
118 ECDHE-RSA-DES-CBC3-SHA \
119 ECDHE-RSA-RC4-SHA \
120 ECDHE-RSA-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]121 PSK-RC4-SHA \
122 PSK-3DES-EDE-CBC-SHA \
123 PSK-AES128-CBC-SHA \
124 PSK-AES256-CBC-SHA
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]125 "
126
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]127# Also add SHA256 ciphersuites
128#
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]129if [ "$MODE" = "tls1_2" ];
130then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]131 P_CIPHERS="$P_CIPHERS \
132 TLS-RSA-WITH-NULL-SHA256 \
133 TLS-RSA-WITH-AES-128-CBC-SHA256 \
134 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
135 TLS-RSA-WITH-AES-256-CBC-SHA256 \
136 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]137 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
138 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]139 "
140
141 O_CIPHERS="$O_CIPHERS \
142 NULL-SHA256 \
143 AES128-SHA256 \
144 DHE-RSA-AES128-SHA256 \
145 AES256-SHA256 \
146 DHE-RSA-AES256-SHA256 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]147 ECDHE-RSA-AES128-SHA256 \
148 ECDHE-RSA-AES256-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]149 "
150
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]151 P_CIPHERS="$P_CIPHERS \
152 TLS-RSA-WITH-AES-128-GCM-SHA256 \
153 TLS-RSA-WITH-AES-256-GCM-SHA384 \
154 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
155 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]156 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
157 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]158 "
159
160 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]161 AES128-GCM-SHA256 \
162 DHE-RSA-AES128-GCM-SHA256 \
163 AES256-GCM-SHA384 \
164 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]165 ECDHE-RSA-AES128-GCM-SHA256 \
166 ECDHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]167 "
168fi
169
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]170filter()
171{
172 LIST=$1
173 FILTER=$2
174
175 NEW_LIST=""
176
177 for i in $LIST;
178 do
179 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
180 done
181
182 echo "$NEW_LIST"
183}
184
185# Filter ciphersuites
186if [ "X" != "X$FILTER" ];
187then
188 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
189 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
190fi
191
192
193log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]194$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]195PROCESS_ID=$!
196
197sleep 1
198
199for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]200do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]201 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]202 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]203 EXIT=$?
204 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
205 if [ "$EXIT" = "2" ];
206 then
207 echo Ciphersuite not supported in client
208 elif [ "$EXIT" != "0" ];
209 then
210 echo Failed
211 echo $RESULT
212 else
213 echo Success
214 fi
215done
216kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]217wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]218
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]219log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]220../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]221PROCESS_ID=$!
222
223sleep 1
224
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]225for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]226do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]227 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]228 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]229 EXIT=$?
230 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
231
232 if [ "$EXIT" != "0" ];
233 then
234 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
235 if [ "X$SUPPORTED" != "X" ]
236 then
237 echo "Ciphersuite not supported in server"
238 else
239 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]240 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
241 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]242 echo $RESULT
243 fi
244 else
245 echo Success
246 fi
247done
248
249kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]250wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]251
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]252log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]253../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]254PROCESS_ID=$!
255
256sleep 1
257
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]258# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
259# or SHA384
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]260# Add for PolarSSL only test, which does support them.
261#
262if [ "$MODE" = "tls1_2" ];
263then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]264 P_CIPHERS="$P_CIPHERS \
265 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
266 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
267 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
268 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]269 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
270 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]271 TLS-PSK-WITH-AES-128-CBC-SHA256 \
272 TLS-PSK-WITH-AES-256-CBC-SHA384 \
273 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
274 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
275 TLS-PSK-WITH-AES-128-GCM-SHA256 \
276 TLS-PSK-WITH-AES-256-GCM-SHA384 \
277 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
278 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
279 TLS-PSK-WITH-NULL-SHA256 \
280 TLS-PSK-WITH-NULL-SHA384 \
281 TLS-DHE-PSK-WITH-NULL-SHA256 \
282 TLS-DHE-PSK-WITH-NULL-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]283 "
284fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]285
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]286# OpenSSL does not support DHE-PSK ciphers
287# Add for PolarSSL only test, which does support them.
288#
289P_CIPHERS="$P_CIPHERS \
290 TLS-DHE-PSK-WITH-RC4-128-SHA \
291 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
292 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
293 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]294 TLS-PSK-WITH-NULL-SHA \
295 TLS-DHE-PSK-WITH-NULL-SHA \
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]296 "
297
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]298# Filter ciphersuites
299if [ "X" != "X$FILTER" ];
300then
301 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
302 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
303fi
304
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]305for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]306do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]307 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]308 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]309 EXIT=$?
310 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
311 if [ "$EXIT" = "2" ];
312 then
313 echo Ciphersuite not supported in client
314 elif [ "$EXIT" != "0" ];
315 then
316 echo Failed
317 echo $RESULT
318 else
319 echo Success
320 fi
321done
322kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame^]323wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]324
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]325done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]326done