TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0c93d126bcd6a61fdb1d7fda08e99d3379f93ce5 / . / tests / compat.sh
blob: c6bfa6e06f3ba88a696337d4cb1f592cb848a1ea [file] [log] [blame]
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]1killall -q openssl ssl_server
2
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]3MODES="ssl3 tls1 tls1_1 tls1_2"
4#VERIFY="YES"
5VERIFY=""
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame^]6OPENSSL=openssl
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]7
8if [ "X$VERIFY" = "XYES" ];
9then
10 P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key"
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]11 O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]12fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]13
14for MODE in $MODES;
15do
16echo "Running for $MODE"
17echo "-----------"
18
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]19P_CIPHERS=" \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]20 SSL-EDH-RSA-AES-128-SHA \
21 SSL-EDH-RSA-AES-256-SHA \
22 SSL-EDH-RSA-CAMELLIA-128-SHA \
23 SSL-EDH-RSA-CAMELLIA-256-SHA \
24 SSL-EDH-RSA-DES-168-SHA \
25 SSL-RSA-AES-256-SHA \
26 SSL-RSA-CAMELLIA-256-SHA \
27 SSL-RSA-AES-128-SHA \
28 SSL-RSA-CAMELLIA-128-SHA \
29 SSL-RSA-DES-168-SHA \
30 SSL-RSA-RC4-128-SHA \
31 SSL-RSA-RC4-128-MD5 \
32 SSL-RSA-NULL-MD5 \
33 SSL-RSA-NULL-SHA \
34 SSL-RSA-DES-SHA \
35 SSL-EDH-RSA-DES-SHA \
36 "
37
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]38O_CIPHERS=" \
39 DHE-RSA-AES128-SHA \
40 DHE-RSA-AES256-SHA \
41 DHE-RSA-CAMELLIA128-SHA \
42 DHE-RSA-CAMELLIA256-SHA \
43 EDH-RSA-DES-CBC3-SHA \
44 AES256-SHA \
45 CAMELLIA256-SHA \
46 AES128-SHA \
47 CAMELLIA128-SHA \
48 DES-CBC3-SHA \
49 RC4-SHA \
50 RC4-MD5 \
51 NULL-MD5 \
52 NULL-SHA \
53 DES-CBC-SHA \
54 EDH-RSA-DES-CBC-SHA \
55 "
56
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame^]57# Also add SHA256 ciphersuites
58#
59P_CIPHERS="$P_CIPHERS \
60 SSL-RSA-NULL-SHA256 \
61 SSL-RSA-AES-128-SHA256 \
62 SSL-EDH-RSA-AES-128-SHA256 \
63 SSL-RSA-AES-256-SHA256 \
64 SSL-EDH-RSA-AES-256-SHA256 \
65 "
66
67O_CIPHERS="$O_CIPHERS \
68 NULL-SHA256 \
69 AES128-SHA256 \
70 DHE-RSA-AES128-SHA256 \
71 AES256-SHA256 \
72 DHE-RSA-AES256-SHA256 \
73 "
74
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]75if [ "$MODE" = "tls1_2" ];
76then
77 P_CIPHERS="$P_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]78 SSL-RSA-AES-128-GCM-SHA256 \
79 SSL-EDH-RSA-AES-128-GCM-SHA256 \
80 SSL-RSA-AES-256-GCM-SHA384 \
81 SSL-EDH-RSA-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]82 "
83
84 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]85 AES128-GCM-SHA256 \
86 DHE-RSA-AES128-GCM-SHA256 \
87 AES256-GCM-SHA384 \
88 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]89 "
90fi
91
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame^]92$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]93PROCESS_ID=$!
94
95sleep 1
96
97for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]98do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]99 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]100 EXIT=$?
101 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
102 if [ "$EXIT" = "2" ];
103 then
104 echo Ciphersuite not supported in client
105 elif [ "$EXIT" != "0" ];
106 then
107 echo Failed
108 echo $RESULT
109 else
110 echo Success
111 fi
112done
113kill $PROCESS_ID
114
115../programs/ssl/ssl_server > /dev/null &
116PROCESS_ID=$!
117
118sleep 1
119
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]120for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]121do
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame^]122 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i 2>&1)"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]123 EXIT=$?
124 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
125
126 if [ "$EXIT" != "0" ];
127 then
128 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
129 if [ "X$SUPPORTED" != "X" ]
130 then
131 echo "Ciphersuite not supported in server"
132 else
133 echo Failed
134 echo $RESULT
135 fi
136 else
137 echo Success
138 fi
139done
140
141kill $PROCESS_ID
142
143../programs/ssl/ssl_server > /dev/null &
144PROCESS_ID=$!
145
146sleep 1
147
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]148# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
149# Add for PolarSSL only test, which does support them.
150#
151if [ "$MODE" = "tls1_2" ];
152then
153 P_CIPHERS="$P_CIPHERS \
154 SSL-RSA-CAMELLIA-128-SHA256 \
155 SSL-EDH-RSA-CAMELLIA-128-SHA256 \
156 SSL-RSA-CAMELLIA-256-SHA256 \
157 SSL-EDH-RSA-CAMELLIA-256-SHA256 \
158 "
159fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]160
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]161for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]162do
163 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
164 EXIT=$?
165 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
166 if [ "$EXIT" = "2" ];
167 then
168 echo Ciphersuite not supported in client
169 elif [ "$EXIT" != "0" ];
170 then
171 echo Failed
172 echo $RESULT
173 else
174 echo Success
175 fi
176done
177kill $PROCESS_ID
178
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]179done
180