TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / c72ac7c3ef9b3012131e8a4a5d67aa8123364369 / . / tests / compat.sh
blob: 83f28fc6db4ea13ce316c3ea869a69099476d056 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]123case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]124
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]125 "ECDSA")
126
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]127 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
128 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
129 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
130 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]131
132 P_CIPHERS=" \
133 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
134 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
135 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
136 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
137 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
138 "
139
140 O_CIPHERS=" \
141 ECDHE-ECDSA-NULL-SHA \
142 ECDHE-ECDSA-RC4-SHA \
143 ECDHE-ECDSA-DES-CBC3-SHA \
144 ECDHE-ECDSA-AES128-SHA \
145 ECDHE-ECDSA-AES256-SHA \
146 "
147
148 if [ "$MODE" = "tls1_2" ];
149 then
150 P_CIPHERS="$P_CIPHERS \
151 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
152 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
153 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
154 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
155 "
156
157 O_CIPHERS=" \
158 ECDHE-ECDSA-AES128-SHA256 \
159 ECDHE-ECDSA-AES256-SHA384 \
160 ECDHE-ECDSA-AES128-GCM-SHA256 \
161 ECDHE-ECDSA-AES256-GCM-SHA384 \
162 "
163 fi
164
165 ;;
166
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]167 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]168
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]169 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
170 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
171 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
172 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]173
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]174 P_CIPHERS=" \
175 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
176 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
177 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
178 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
179 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
180 TLS-RSA-WITH-AES-256-CBC-SHA \
181 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
182 TLS-RSA-WITH-AES-128-CBC-SHA \
183 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
184 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
185 TLS-RSA-WITH-RC4-128-SHA \
186 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]187 TLS-RSA-WITH-NULL-MD5 \
188 TLS-RSA-WITH-NULL-SHA \
189 TLS-RSA-WITH-DES-CBC-SHA \
190 TLS-DHE-RSA-WITH-DES-CBC-SHA \
191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
193 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
194 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
195 TLS-ECDHE-RSA-WITH-NULL-SHA \
196 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]197
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]198 O_CIPHERS=" \
199 DHE-RSA-AES128-SHA \
200 DHE-RSA-AES256-SHA \
201 DHE-RSA-CAMELLIA128-SHA \
202 DHE-RSA-CAMELLIA256-SHA \
203 EDH-RSA-DES-CBC3-SHA \
204 AES256-SHA \
205 CAMELLIA256-SHA \
206 AES128-SHA \
207 CAMELLIA128-SHA \
208 DES-CBC3-SHA \
209 RC4-SHA \
210 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]211 NULL-MD5 \
212 NULL-SHA \
213 DES-CBC-SHA \
214 EDH-RSA-DES-CBC-SHA \
215 ECDHE-RSA-AES256-SHA \
216 ECDHE-RSA-AES128-SHA \
217 ECDHE-RSA-DES-CBC3-SHA \
218 ECDHE-RSA-RC4-SHA \
219 ECDHE-RSA-NULL-SHA \
220 "
221
222 if [ "$MODE" = "tls1_2" ];
223 then
224 P_CIPHERS="$P_CIPHERS \
225 TLS-RSA-WITH-NULL-SHA256 \
226 TLS-RSA-WITH-AES-128-CBC-SHA256 \
227 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
228 TLS-RSA-WITH-AES-256-CBC-SHA256 \
229 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
230 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
231 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
232 TLS-RSA-WITH-AES-128-GCM-SHA256 \
233 TLS-RSA-WITH-AES-256-GCM-SHA384 \
234 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
235 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
236 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
237 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
238 "
239
240 O_CIPHERS="$O_CIPHERS \
241 NULL-SHA256 \
242 AES128-SHA256 \
243 DHE-RSA-AES128-SHA256 \
244 AES256-SHA256 \
245 DHE-RSA-AES256-SHA256 \
246 ECDHE-RSA-AES128-SHA256 \
247 ECDHE-RSA-AES256-SHA384 \
248 AES128-GCM-SHA256 \
249 DHE-RSA-AES128-GCM-SHA256 \
250 AES256-GCM-SHA384 \
251 DHE-RSA-AES256-GCM-SHA384 \
252 ECDHE-RSA-AES128-GCM-SHA256 \
253 ECDHE-RSA-AES256-GCM-SHA384 \
254 "
255 fi
256
257 ;;
258
259 "PSK")
260
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]261 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
262 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
263 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70"
264 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]265
266 P_CIPHERS=" \
267 TLS-PSK-WITH-RC4-128-SHA \
268 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
269 TLS-PSK-WITH-AES-128-CBC-SHA \
270 TLS-PSK-WITH-AES-256-CBC-SHA \
271 "
272
273 O_CIPHERS=" \
274 PSK-RC4-SHA \
275 PSK-3DES-EDE-CBC-SHA \
276 PSK-AES128-CBC-SHA \
277 PSK-AES256-CBC-SHA \
278 "
279
280 ;;
281
282esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]283
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]284# Filter ciphersuites
285if [ "X" != "X$FILTER" ];
286then
287 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
288 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
289fi
290
291
292log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]293$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]294PROCESS_ID=$!
295
296sleep 1
297
298for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]299do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]300 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]301 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]302 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]303 EXIT=$?
304 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
305 if [ "$EXIT" = "2" ];
306 then
307 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]308 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]309 elif [ "$EXIT" != "0" ];
310 then
311 echo Failed
312 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]313 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]314 else
315 echo Success
316 fi
317done
318kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]319wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]320
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]321log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]322../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]323PROCESS_ID=$!
324
325sleep 1
326
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]327for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]328do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]329 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]330 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]331 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]332 EXIT=$?
333 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
334
335 if [ "$EXIT" != "0" ];
336 then
337 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
338 if [ "X$SUPPORTED" != "X" ]
339 then
340 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]341 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]342 else
343 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]344 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
345 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]346 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]347 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]348 fi
349 else
350 echo Success
351 fi
352done
353
354kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]355wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]356
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]357log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]358../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]359PROCESS_ID=$!
360
361sleep 1
362
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]363# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]364
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]365case $TYPE in
366
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]367 "ECDSA")
368
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]369 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]370 then
371 P_CIPHERS="$P_CIPHERS \
372 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
373 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
374 "
375 fi
376
377 ;;
378
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]379 "RSA")
380
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]381 if [ "$MODE" != "ssl3" ];
382 then
383 P_CIPHERS="$P_CIPHERS \
384 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
385 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
386 "
387 fi
388
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]389 if [ "$MODE" = "tls1_2" ];
390 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]391 P_CIPHERS="$P_CIPHERS \
392 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]393 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]394 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]395 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]396 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
397 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]398 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
399 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
400 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
401 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]402 "
403 fi
404
405 ;;
406
407 "PSK")
408
409 P_CIPHERS="$P_CIPHERS \
410 TLS-DHE-PSK-WITH-RC4-128-SHA \
411 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
412 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
413 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]414 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]415 TLS-PSK-WITH-NULL-SHA \
416 TLS-RSA-PSK-WITH-RC4-128-SHA \
417 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
418 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
419 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
420 TLS-RSA-WITH-NULL-SHA \
421 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]422 TLS-PSK-WITH-AES-128-CBC-SHA256 \
423 TLS-PSK-WITH-AES-256-CBC-SHA384 \
424 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
425 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
426 TLS-PSK-WITH-NULL-SHA256 \
427 TLS-PSK-WITH-NULL-SHA384 \
428 TLS-DHE-PSK-WITH-NULL-SHA256 \
429 TLS-DHE-PSK-WITH-NULL-SHA384 \
430 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
431 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
432 TLS-RSA-PSK-WITH-NULL-SHA256 \
433 TLS-RSA-PSK-WITH-NULL-SHA384 \
434 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
435 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
436 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
437 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
438 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
439 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]440 "
441
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]442
443 if [ "$MODE" != "ssl3" ];
444 then
445 P_CIPHERS="$P_CIPHERS \
446 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
447 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
448 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
449 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
450 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]451 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
452 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
453 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
454 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
455 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
456 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]457 "
458 fi
459
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]460 if [ "$MODE" = "tls1_2" ];
461 then
462 P_CIPHERS="$P_CIPHERS \
463 TLS-PSK-WITH-AES-128-GCM-SHA256 \
464 TLS-PSK-WITH-AES-256-GCM-SHA384 \
465 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
466 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
467 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
468 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
469 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
470 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
471 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
472 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
473 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
474 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
475 TLS-RSA-WITH-NULL-SHA256 \
476 "
477 fi
478
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]479esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]480
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]481# Filter ciphersuites
482if [ "X" != "X$FILTER" ];
483then
484 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
485 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
486fi
487
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]488for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]489do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]490 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]491 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]492 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]493 EXIT=$?
494 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
495 if [ "$EXIT" = "2" ];
496 then
497 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]498 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]499 elif [ "$EXIT" != "0" ];
500 then
501 echo Failed
502 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]503 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]504 else
505 echo Success
506 fi
507done
508kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]509wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]510
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]511done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]512done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]513done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]514
515echo ""
516echo "-------------------------------------------------------------------------"
517echo ""
518
519if (( failed != 0 ));
520then
521 echo -n "FAILED"
522else
523 echo -n "PASSED"
524fi
525
526let "passed = tests - failed"
527echo " ($passed / $tests tests ($skipped skipped))"
528
529exit $failed