TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 07b54e06dacb5916f17b103fac5e1b14d879df23 / . / tests / compat.sh
blob: 1f65426a89a75eeefc3b47e92875216266af69a9 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]123case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]124
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]125 "ECDSA")
126
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]127 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
128 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
129 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
130 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]131
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame^]132 if [ "$MODE" != "ssl3" ];
133 then
134 P_CIPHERS=" \
135 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
136 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
137 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
138 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
139 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
140 "
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]141
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame^]142 O_CIPHERS=" \
143 ECDHE-ECDSA-NULL-SHA \
144 ECDHE-ECDSA-RC4-SHA \
145 ECDHE-ECDSA-DES-CBC3-SHA \
146 ECDHE-ECDSA-AES128-SHA \
147 ECDHE-ECDSA-AES256-SHA \
148 "
149 fi
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]150
151 if [ "$MODE" = "tls1_2" ];
152 then
153 P_CIPHERS="$P_CIPHERS \
154 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
155 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
156 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
157 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
158 "
159
160 O_CIPHERS=" \
161 ECDHE-ECDSA-AES128-SHA256 \
162 ECDHE-ECDSA-AES256-SHA384 \
163 ECDHE-ECDSA-AES128-GCM-SHA256 \
164 ECDHE-ECDSA-AES256-GCM-SHA384 \
165 "
166 fi
167
168 ;;
169
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]170 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]171
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]172 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
173 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
174 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
175 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]176
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]177 P_CIPHERS=" \
178 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
179 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
180 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
181 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
182 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
183 TLS-RSA-WITH-AES-256-CBC-SHA \
184 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
185 TLS-RSA-WITH-AES-128-CBC-SHA \
186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
187 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
188 TLS-RSA-WITH-RC4-128-SHA \
189 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]190 TLS-RSA-WITH-NULL-MD5 \
191 TLS-RSA-WITH-NULL-SHA \
192 TLS-RSA-WITH-DES-CBC-SHA \
193 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]194 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]195
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]196 O_CIPHERS=" \
197 DHE-RSA-AES128-SHA \
198 DHE-RSA-AES256-SHA \
199 DHE-RSA-CAMELLIA128-SHA \
200 DHE-RSA-CAMELLIA256-SHA \
201 EDH-RSA-DES-CBC3-SHA \
202 AES256-SHA \
203 CAMELLIA256-SHA \
204 AES128-SHA \
205 CAMELLIA128-SHA \
206 DES-CBC3-SHA \
207 RC4-SHA \
208 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]209 NULL-MD5 \
210 NULL-SHA \
211 DES-CBC-SHA \
212 EDH-RSA-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]213 "
214
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame^]215 if [ "$MODE" != "ssl3" ];
216 then
217 P_CIPHERS=" \
218 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
219 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
220 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
221 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
222 TLS-ECDHE-RSA-WITH-NULL-SHA \
223 "
224
225 O_CIPHERS=" \
226 ECDHE-RSA-AES256-SHA \
227 ECDHE-RSA-AES128-SHA \
228 ECDHE-RSA-DES-CBC3-SHA \
229 ECDHE-RSA-RC4-SHA \
230 ECDHE-RSA-NULL-SHA \
231 "
232 fi
233
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]234 if [ "$MODE" = "tls1_2" ];
235 then
236 P_CIPHERS="$P_CIPHERS \
237 TLS-RSA-WITH-NULL-SHA256 \
238 TLS-RSA-WITH-AES-128-CBC-SHA256 \
239 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
240 TLS-RSA-WITH-AES-256-CBC-SHA256 \
241 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
242 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
243 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
244 TLS-RSA-WITH-AES-128-GCM-SHA256 \
245 TLS-RSA-WITH-AES-256-GCM-SHA384 \
246 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
247 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
248 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
249 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
250 "
251
252 O_CIPHERS="$O_CIPHERS \
253 NULL-SHA256 \
254 AES128-SHA256 \
255 DHE-RSA-AES128-SHA256 \
256 AES256-SHA256 \
257 DHE-RSA-AES256-SHA256 \
258 ECDHE-RSA-AES128-SHA256 \
259 ECDHE-RSA-AES256-SHA384 \
260 AES128-GCM-SHA256 \
261 DHE-RSA-AES128-GCM-SHA256 \
262 AES256-GCM-SHA384 \
263 DHE-RSA-AES256-GCM-SHA384 \
264 ECDHE-RSA-AES128-GCM-SHA256 \
265 ECDHE-RSA-AES256-GCM-SHA384 \
266 "
267 fi
268
269 ;;
270
271 "PSK")
272
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]273 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
274 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]275 # openssl s_server won't start without certificates...
276 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]277 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]278
279 P_CIPHERS=" \
280 TLS-PSK-WITH-RC4-128-SHA \
281 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
282 TLS-PSK-WITH-AES-128-CBC-SHA \
283 TLS-PSK-WITH-AES-256-CBC-SHA \
284 "
285
286 O_CIPHERS=" \
287 PSK-RC4-SHA \
288 PSK-3DES-EDE-CBC-SHA \
289 PSK-AES128-CBC-SHA \
290 PSK-AES256-CBC-SHA \
291 "
292
293 ;;
294
295esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]296
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]297# Filter ciphersuites
298if [ "X" != "X$FILTER" ];
299then
300 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
301 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
302fi
303
304
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]305log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
306$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]307PROCESS_ID=$!
308
309sleep 1
310
311for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]312do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]313 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]314 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]315 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]316 EXIT=$?
317 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
318 if [ "$EXIT" = "2" ];
319 then
320 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]321 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]322 elif [ "$EXIT" != "0" ];
323 then
324 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]325 echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
326 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]327 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]328 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]329 else
330 echo Success
331 fi
332done
333kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]334wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]335
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]336log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]337../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]338PROCESS_ID=$!
339
340sleep 1
341
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]342for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]343do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]344 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]345 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]346 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]347 EXIT=$?
348 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
349
350 if [ "$EXIT" != "0" ];
351 then
352 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
353 if [ "X$SUPPORTED" != "X" ]
354 then
355 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]356 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]357 else
358 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]359 echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
360 echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]361 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]362 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]363 fi
364 else
365 echo Success
366 fi
367done
368
369kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]370wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]371
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]372log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]373../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]374PROCESS_ID=$!
375
376sleep 1
377
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]378# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]379
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]380case $TYPE in
381
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]382 "ECDSA")
383
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]384 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]385 then
386 P_CIPHERS="$P_CIPHERS \
387 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
388 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
389 "
390 fi
391
392 ;;
393
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]394 "RSA")
395
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]396 if [ "$MODE" != "ssl3" ];
397 then
398 P_CIPHERS="$P_CIPHERS \
399 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
400 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
401 "
402 fi
403
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]404 if [ "$MODE" = "tls1_2" ];
405 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]406 P_CIPHERS="$P_CIPHERS \
407 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]408 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]409 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]410 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]411 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
412 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]413 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
414 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
415 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
416 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]417 "
418 fi
419
420 ;;
421
422 "PSK")
423
424 P_CIPHERS="$P_CIPHERS \
425 TLS-DHE-PSK-WITH-RC4-128-SHA \
426 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
427 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
428 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]429 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]430 TLS-PSK-WITH-NULL-SHA \
431 TLS-RSA-PSK-WITH-RC4-128-SHA \
432 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
433 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
434 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
435 TLS-RSA-WITH-NULL-SHA \
436 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]437 TLS-PSK-WITH-AES-128-CBC-SHA256 \
438 TLS-PSK-WITH-AES-256-CBC-SHA384 \
439 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
440 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
441 TLS-PSK-WITH-NULL-SHA256 \
442 TLS-PSK-WITH-NULL-SHA384 \
443 TLS-DHE-PSK-WITH-NULL-SHA256 \
444 TLS-DHE-PSK-WITH-NULL-SHA384 \
445 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
446 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
447 TLS-RSA-PSK-WITH-NULL-SHA256 \
448 TLS-RSA-PSK-WITH-NULL-SHA384 \
449 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
450 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
451 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
452 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
453 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
454 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]455 "
456
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]457
458 if [ "$MODE" != "ssl3" ];
459 then
460 P_CIPHERS="$P_CIPHERS \
461 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
462 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
463 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
464 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
465 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]466 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
467 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
468 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
469 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
470 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
471 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]472 "
473 fi
474
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]475 if [ "$MODE" = "tls1_2" ];
476 then
477 P_CIPHERS="$P_CIPHERS \
478 TLS-PSK-WITH-AES-128-GCM-SHA256 \
479 TLS-PSK-WITH-AES-256-GCM-SHA384 \
480 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
481 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
482 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
483 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
484 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
485 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
486 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
487 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
488 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
489 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
490 TLS-RSA-WITH-NULL-SHA256 \
491 "
492 fi
493
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]494esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]495
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]496# Filter ciphersuites
497if [ "X" != "X$FILTER" ];
498then
499 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
500 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
501fi
502
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]503for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]504do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]505 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]506 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]507 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]508 EXIT=$?
509 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
510 if [ "$EXIT" = "2" ];
511 then
512 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]513 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]514 elif [ "$EXIT" != "0" ];
515 then
516 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]517 echo "ssl_server2 $P_SERVER_ARGS"
518 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]519 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]520 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]521 else
522 echo Success
523 fi
524done
525kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]526wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]527
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]528done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]529done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]530done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]531
532echo ""
533echo "-------------------------------------------------------------------------"
534echo ""
535
536if (( failed != 0 ));
537then
538 echo -n "FAILED"
539else
540 echo -n "PASSED"
541fi
542
543let "passed = tests - failed"
544echo " ($passed / $tests tests ($skipped skipped))"
545
546exit $failed