TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 41c83d3f6733b6044a232c8afa30cc1221ec95f6 / . / tests / compat.sh
blob: 6a3c70a55bbdea6b4e7eb9fcca6ca891a5bc2c7e [file] [log] [blame]
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]1killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]2
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]3MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]4VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]5OPENSSL=openssl
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]6
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]7for VERIFY in $VERIFIES;
8do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9if [ "X$VERIFY" = "XYES" ];
10then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]11 P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
12 P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
13 O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
14 O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]15fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]16
17for MODE in $MODES;
18do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]19echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]20echo "-----------"
21
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]22P_CIPHERS=" \
23 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
24 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
25 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
26 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
27 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
28 TLS-RSA-WITH-AES-256-CBC-SHA \
29 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
30 TLS-RSA-WITH-AES-128-CBC-SHA \
31 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
32 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
33 TLS-RSA-WITH-RC4-128-SHA \
34 TLS-RSA-WITH-RC4-128-MD5 \
35 TLS-RSA-WITH-NULL-MD5 \
36 TLS-RSA-WITH-NULL-SHA \
37 TLS-RSA-WITH-DES-CBC-SHA \
38 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]39 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
40 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
41 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
42 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
43 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
44 TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]45 "
46
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]47O_CIPHERS=" \
48 DHE-RSA-AES128-SHA \
49 DHE-RSA-AES256-SHA \
50 DHE-RSA-CAMELLIA128-SHA \
51 DHE-RSA-CAMELLIA256-SHA \
52 EDH-RSA-DES-CBC3-SHA \
53 AES256-SHA \
54 CAMELLIA256-SHA \
55 AES128-SHA \
56 CAMELLIA128-SHA \
57 DES-CBC3-SHA \
58 RC4-SHA \
59 RC4-MD5 \
60 NULL-MD5 \
61 NULL-SHA \
62 DES-CBC-SHA \
63 EDH-RSA-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]64 ECDHE-RSA-AES256-SHA \
65 ECDHE-RSA-AES128-SHA \
66 ECDHE-RSA-DES-CBC3-SHA \
67 ECDHE-RSA-RC4-SHA \
68 ECDHE-RSA-NULL-SHA \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]69 "
70
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]71# Also add SHA256 ciphersuites
72#
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]73if [ "$MODE" = "tls1_2" ];
74then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]75 P_CIPHERS="$P_CIPHERS \
76 TLS-RSA-WITH-NULL-SHA256 \
77 TLS-RSA-WITH-AES-128-CBC-SHA256 \
78 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
79 TLS-RSA-WITH-AES-256-CBC-SHA256 \
80 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
81 "
82
83 O_CIPHERS="$O_CIPHERS \
84 NULL-SHA256 \
85 AES128-SHA256 \
86 DHE-RSA-AES128-SHA256 \
87 AES256-SHA256 \
88 DHE-RSA-AES256-SHA256 \
89 "
90
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]91 P_CIPHERS="$P_CIPHERS \
92 TLS-RSA-WITH-AES-128-GCM-SHA256 \
93 TLS-RSA-WITH-AES-256-GCM-SHA384 \
94 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
95 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]96 "
97
98 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]99 AES128-GCM-SHA256 \
100 DHE-RSA-AES128-GCM-SHA256 \
101 AES256-GCM-SHA384 \
102 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]103 "
104fi
105
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]106$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]107PROCESS_ID=$!
108
109sleep 1
110
111for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]112do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]113 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]114 EXIT=$?
115 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
116 if [ "$EXIT" = "2" ];
117 then
118 echo Ciphersuite not supported in client
119 elif [ "$EXIT" != "0" ];
120 then
121 echo Failed
122 echo $RESULT
123 else
124 echo Success
125 fi
126done
127kill $PROCESS_ID
128
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]129../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]130PROCESS_ID=$!
131
132sleep 1
133
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]134for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]135do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]136 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]137 EXIT=$?
138 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
139
140 if [ "$EXIT" != "0" ];
141 then
142 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
143 if [ "X$SUPPORTED" != "X" ]
144 then
145 echo "Ciphersuite not supported in server"
146 else
147 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]148 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
149 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]150 echo $RESULT
151 fi
152 else
153 echo Success
154 fi
155done
156
157kill $PROCESS_ID
158
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]159../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]160PROCESS_ID=$!
161
162sleep 1
163
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]164# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
165# Add for PolarSSL only test, which does support them.
166#
167if [ "$MODE" = "tls1_2" ];
168then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]169 P_CIPHERS="$P_CIPHERS \
170 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
171 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
172 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
173 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]174 "
175fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]176
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]177for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]178do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]179 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]180 EXIT=$?
181 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
182 if [ "$EXIT" = "2" ];
183 then
184 echo Ciphersuite not supported in client
185 elif [ "$EXIT" != "0" ];
186 then
187 echo Failed
188 echo $RESULT
189 else
190 echo Success
191 fi
192done
193kill $PROCESS_ID
194
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]195done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]196done