TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 00c1f437438d78749e09e5188e5cfc4121b7ee5e / . / tests / compat.sh
blob: d35a8138d7726acd706927e2b95ab83fc62f0976 [file] [log] [blame]
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]1killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]2
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]3MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]4VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]5OPENSSL=openssl
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]6
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]7for VERIFY in $VERIFIES;
8do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9if [ "X$VERIFY" = "XYES" ];
10then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]11 P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
12 P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
13 O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
14 O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]15fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]16
17for MODE in $MODES;
18do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]19echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]20echo "-----------"
21
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]22P_CIPHERS=" \
23 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
24 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
25 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
26 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
27 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
28 TLS-RSA-WITH-AES-256-CBC-SHA \
29 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
30 TLS-RSA-WITH-AES-128-CBC-SHA \
31 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
32 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
33 TLS-RSA-WITH-RC4-128-SHA \
34 TLS-RSA-WITH-RC4-128-MD5 \
35 TLS-RSA-WITH-NULL-MD5 \
36 TLS-RSA-WITH-NULL-SHA \
37 TLS-RSA-WITH-DES-CBC-SHA \
38 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]39 "
40
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]41O_CIPHERS=" \
42 DHE-RSA-AES128-SHA \
43 DHE-RSA-AES256-SHA \
44 DHE-RSA-CAMELLIA128-SHA \
45 DHE-RSA-CAMELLIA256-SHA \
46 EDH-RSA-DES-CBC3-SHA \
47 AES256-SHA \
48 CAMELLIA256-SHA \
49 AES128-SHA \
50 CAMELLIA128-SHA \
51 DES-CBC3-SHA \
52 RC4-SHA \
53 RC4-MD5 \
54 NULL-MD5 \
55 NULL-SHA \
56 DES-CBC-SHA \
57 EDH-RSA-DES-CBC-SHA \
58 "
59
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]60# Also add SHA256 ciphersuites
61#
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]62if [ "$MODE" = "tls1_2" ];
63then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]64 P_CIPHERS="$P_CIPHERS \
65 TLS-RSA-WITH-NULL-SHA256 \
66 TLS-RSA-WITH-AES-128-CBC-SHA256 \
67 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
68 TLS-RSA-WITH-AES-256-CBC-SHA256 \
69 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
70 "
71
72 O_CIPHERS="$O_CIPHERS \
73 NULL-SHA256 \
74 AES128-SHA256 \
75 DHE-RSA-AES128-SHA256 \
76 AES256-SHA256 \
77 DHE-RSA-AES256-SHA256 \
78 "
79
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]80 P_CIPHERS="$P_CIPHERS \
81 TLS-RSA-WITH-AES-128-GCM-SHA256 \
82 TLS-RSA-WITH-AES-256-GCM-SHA384 \
83 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
84 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]85 "
86
87 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]88 AES128-GCM-SHA256 \
89 DHE-RSA-AES128-GCM-SHA256 \
90 AES256-GCM-SHA384 \
91 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]92 "
93fi
94
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]95$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]96PROCESS_ID=$!
97
98sleep 1
99
100for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]101do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]102 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]103 EXIT=$?
104 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
105 if [ "$EXIT" = "2" ];
106 then
107 echo Ciphersuite not supported in client
108 elif [ "$EXIT" != "0" ];
109 then
110 echo Failed
111 echo $RESULT
112 else
113 echo Success
114 fi
115done
116kill $PROCESS_ID
117
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]118../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]119PROCESS_ID=$!
120
121sleep 1
122
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]123for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]124do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]125 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]126 EXIT=$?
127 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
128
129 if [ "$EXIT" != "0" ];
130 then
131 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
132 if [ "X$SUPPORTED" != "X" ]
133 then
134 echo "Ciphersuite not supported in server"
135 else
136 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]137 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
138 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]139 echo $RESULT
140 fi
141 else
142 echo Success
143 fi
144done
145
146kill $PROCESS_ID
147
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]148../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]149PROCESS_ID=$!
150
151sleep 1
152
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]153# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
154# Add for PolarSSL only test, which does support them.
155#
156if [ "$MODE" = "tls1_2" ];
157then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]158 P_CIPHERS="$P_CIPHERS \
159 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
160 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
161 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
162 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]163 "
164fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]165
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]166for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]167do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]168 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]169 EXIT=$?
170 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
171 if [ "$EXIT" = "2" ];
172 then
173 echo Ciphersuite not supported in client
174 elif [ "$EXIT" != "0" ];
175 then
176 echo Failed
177 echo $RESULT
178 else
179 echo Success
180 fi
181done
182kill $PROCESS_ID
183
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]184done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]185done