TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3e1b178ba23d1aff0e314512d5f36131fc7841cc / . / tests / compat.sh
blob: 16c93c7f1813948aa6e13a155769d324880853ee [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]6let "tests = 0"
7let "failed = 0"
8let "skipped = 0"
9
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]10# default values, can be overriden by the environment
11: ${P_SRV:=../programs/ssl/ssl_server2}
12: ${P_CLI:=../programs/ssl/ssl_client2}
13: ${OPENSSL:=openssl}
14
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]15MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]16VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]17TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]18FILTER=""
19VERBOSE=""
20
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]21print_usage() {
22 echo "Usage: $0"
23 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
24 echo -e " -h|--help\t\tPrint this help."
25 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
26 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
27 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
28 echo -e " -v|--verbose\t\tSet verbose output."
29}
30
31get_options() {
32 while [ $# -gt 0 ]; do
33 case "$1" in
34 -f|--filter)
35 shift; FILTER=$1
36 ;;
37 -m|--modes)
38 shift; MODES=$1
39 ;;
40 -t|--types)
41 shift; TYPES=$1
42 ;;
43 -V|--verify)
44 shift; VERIFIES=$1
45 ;;
46 -v|--verbose)
47 VERBOSE=1
48 ;;
49 -h|--help)
50 print_usage
51 exit 0
52 ;;
53 *)
54 echo "Unknown argument: '$1'"
55 print_usage
56 exit 1
57 ;;
58 esac
59 shift
60 done
61}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]62
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]63log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]64 if [ "X" != "X$VERBOSE" ]; then
65 echo "$@"
66 fi
67}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]68
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]69filter()
70{
71 LIST=$1
72 FILTER=$2
73
74 NEW_LIST=""
75
76 for i in $LIST;
77 do
78 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
79 done
80
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]81 # normalize whitespace
82 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]83}
84
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]85setup_ciphersuites()
86{
87 P_CIPHERS=""
88 O_CIPHERS=""
89
90 case $TYPE in
91
92 "ECDSA")
93 if [ "$MODE" != "ssl3" ];
94 then
95 P_CIPHERS="$P_CIPHERS \
96 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
97 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
98 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
99 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
100 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
101 TLS-ECDH-ECDSA-WITH-NULL-SHA \
102 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
103 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
104 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
105 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
106 "
107 O_CIPHERS="$O_CIPHERS \
108 ECDHE-ECDSA-NULL-SHA \
109 ECDHE-ECDSA-RC4-SHA \
110 ECDHE-ECDSA-DES-CBC3-SHA \
111 ECDHE-ECDSA-AES128-SHA \
112 ECDHE-ECDSA-AES256-SHA \
113 ECDH-ECDSA-NULL-SHA \
114 ECDH-ECDSA-RC4-SHA \
115 ECDH-ECDSA-DES-CBC3-SHA \
116 ECDH-ECDSA-AES128-SHA \
117 ECDH-ECDSA-AES256-SHA \
118 "
119 fi
120 if [ "$MODE" = "tls1_2" ];
121 then
122 P_CIPHERS="$P_CIPHERS \
123 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
124 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
125 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
126 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
127 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
128 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
129 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
130 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
131 "
132 O_CIPHERS="$O_CIPHERS \
133 ECDHE-ECDSA-AES128-SHA256 \
134 ECDHE-ECDSA-AES256-SHA384 \
135 ECDHE-ECDSA-AES128-GCM-SHA256 \
136 ECDHE-ECDSA-AES256-GCM-SHA384 \
137 ECDH-ECDSA-AES128-SHA256 \
138 ECDH-ECDSA-AES256-SHA384 \
139 ECDH-ECDSA-AES128-GCM-SHA256 \
140 ECDH-ECDSA-AES256-GCM-SHA384 \
141 "
142 fi
143 ;;
144
145 "RSA")
146 P_CIPHERS="$P_CIPHERS \
147 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
148 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
149 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
150 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
151 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
152 TLS-RSA-WITH-AES-256-CBC-SHA \
153 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
154 TLS-RSA-WITH-AES-128-CBC-SHA \
155 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
156 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
157 TLS-RSA-WITH-RC4-128-SHA \
158 TLS-RSA-WITH-RC4-128-MD5 \
159 TLS-RSA-WITH-NULL-MD5 \
160 TLS-RSA-WITH-NULL-SHA \
161 TLS-RSA-WITH-DES-CBC-SHA \
162 TLS-DHE-RSA-WITH-DES-CBC-SHA \
163 "
164 O_CIPHERS="$O_CIPHERS \
165 DHE-RSA-AES128-SHA \
166 DHE-RSA-AES256-SHA \
167 DHE-RSA-CAMELLIA128-SHA \
168 DHE-RSA-CAMELLIA256-SHA \
169 EDH-RSA-DES-CBC3-SHA \
170 AES256-SHA \
171 CAMELLIA256-SHA \
172 AES128-SHA \
173 CAMELLIA128-SHA \
174 DES-CBC3-SHA \
175 RC4-SHA \
176 RC4-MD5 \
177 NULL-MD5 \
178 NULL-SHA \
179 DES-CBC-SHA \
180 EDH-RSA-DES-CBC-SHA \
181 "
182 if [ "$MODE" != "ssl3" ];
183 then
184 P_CIPHERS="$P_CIPHERS \
185 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
186 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
187 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
188 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
189 TLS-ECDHE-RSA-WITH-NULL-SHA \
190 "
191 O_CIPHERS="$O_CIPHERS \
192 ECDHE-RSA-AES256-SHA \
193 ECDHE-RSA-AES128-SHA \
194 ECDHE-RSA-DES-CBC3-SHA \
195 ECDHE-RSA-RC4-SHA \
196 ECDHE-RSA-NULL-SHA \
197 "
198 fi
199 if [ "$MODE" = "tls1_2" ];
200 then
201 P_CIPHERS="$P_CIPHERS \
202 TLS-RSA-WITH-NULL-SHA256 \
203 TLS-RSA-WITH-AES-128-CBC-SHA256 \
204 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
205 TLS-RSA-WITH-AES-256-CBC-SHA256 \
206 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
207 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
208 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
209 TLS-RSA-WITH-AES-128-GCM-SHA256 \
210 TLS-RSA-WITH-AES-256-GCM-SHA384 \
211 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
212 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
213 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
214 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
215 "
216 O_CIPHERS="$O_CIPHERS \
217 NULL-SHA256 \
218 AES128-SHA256 \
219 DHE-RSA-AES128-SHA256 \
220 AES256-SHA256 \
221 DHE-RSA-AES256-SHA256 \
222 ECDHE-RSA-AES128-SHA256 \
223 ECDHE-RSA-AES256-SHA384 \
224 AES128-GCM-SHA256 \
225 DHE-RSA-AES128-GCM-SHA256 \
226 AES256-GCM-SHA384 \
227 DHE-RSA-AES256-GCM-SHA384 \
228 ECDHE-RSA-AES128-GCM-SHA256 \
229 ECDHE-RSA-AES256-GCM-SHA384 \
230 "
231 fi
232 ;;
233
234 "PSK")
235 P_CIPHERS="$P_CIPHERS \
236 TLS-PSK-WITH-RC4-128-SHA \
237 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
238 TLS-PSK-WITH-AES-128-CBC-SHA \
239 TLS-PSK-WITH-AES-256-CBC-SHA \
240 "
241 O_CIPHERS="$O_CIPHERS \
242 PSK-RC4-SHA \
243 PSK-3DES-EDE-CBC-SHA \
244 PSK-AES128-CBC-SHA \
245 PSK-AES256-CBC-SHA \
246 "
247 ;;
248 esac
249
250 # Filter ciphersuites
251 if [ "X" != "X$FILTER" ];
252 then
253 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
254 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
255 fi
256
257}
258
259add_polarssl_ciphersuites()
260{
261 ADD_CIPHERS=""
262
263 case $TYPE in
264
265 "ECDSA")
266 if [ "$MODE" != "ssl3" ];
267 then
268 ADD_CIPHERS="$ADD_CIPHERS \
269 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
270 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
271 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
272 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
273 "
274 fi
275 if [ "$MODE" = "tls1_2" ];
276 then
277 ADD_CIPHERS="$ADD_CIPHERS \
278 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
279 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
280 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
281 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
282 "
283 fi
284 ;;
285
286 "RSA")
287 if [ "$MODE" != "ssl3" ];
288 then
289 ADD_CIPHERS="$ADD_CIPHERS \
290 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
291 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
292 "
293 fi
294 if [ "$MODE" = "tls1_2" ];
295 then
296 ADD_CIPHERS="$ADD_CIPHERS \
297 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
298 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
299 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
300 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
301 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
302 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
303 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
304 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
305 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
306 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
307 "
308 fi
309 ;;
310
311 "PSK")
312 ADD_CIPHERS="$ADD_CIPHERS \
313 TLS-DHE-PSK-WITH-RC4-128-SHA \
314 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
315 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
316 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
317 TLS-DHE-PSK-WITH-NULL-SHA \
318 TLS-PSK-WITH-NULL-SHA \
319 TLS-RSA-PSK-WITH-RC4-128-SHA \
320 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
321 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
322 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
323 TLS-RSA-WITH-NULL-SHA \
324 TLS-RSA-WITH-NULL-MD5 \
325 TLS-PSK-WITH-AES-128-CBC-SHA256 \
326 TLS-PSK-WITH-AES-256-CBC-SHA384 \
327 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
328 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
329 TLS-PSK-WITH-NULL-SHA256 \
330 TLS-PSK-WITH-NULL-SHA384 \
331 TLS-DHE-PSK-WITH-NULL-SHA256 \
332 TLS-DHE-PSK-WITH-NULL-SHA384 \
333 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
334 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
335 TLS-RSA-PSK-WITH-NULL-SHA256 \
336 TLS-RSA-PSK-WITH-NULL-SHA384 \
337 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
338 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
339 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
340 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
341 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
342 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
343 "
344 if [ "$MODE" != "ssl3" ];
345 then
346 ADD_CIPHERS="$ADD_CIPHERS \
347 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
348 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
349 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
350 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
351 TLS-ECDHE-PSK-WITH-NULL-SHA \
352 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
353 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
354 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
355 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
356 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
357 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
358 "
359 fi
360 if [ "$MODE" = "tls1_2" ];
361 then
362 ADD_CIPHERS="$ADD_CIPHERS \
363 TLS-PSK-WITH-AES-128-GCM-SHA256 \
364 TLS-PSK-WITH-AES-256-GCM-SHA384 \
365 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
366 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
367 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
368 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
369 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
370 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
371 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
372 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
373 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
374 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
375 TLS-RSA-WITH-NULL-SHA256 \
376 "
377 fi
378 ;;
379 esac
380
381 # Filter new ciphersuites and add them
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]382 if [ "X" != "X$FILTER" ]; then
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]383 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
384 fi
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]385 # avoid P_CIPHERS being only ' '
386 if [ "X" != "X$P_CIPHERS" ]; then
387 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
388 else
389 P_CIPHERS="$ADD_CIPHERS"
390 fi
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]391}
392
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]393setup_arguments()
394{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]395 # avoid an avalanche of errors due to typos
396 case $MODE in
397 ssl3|tls1|tls1_1|tls1_2)
398 ;;
399 *)
400 echo "error: invalid mode: $MODE" >&2
401 exit 1;
402 esac
403
404 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]405 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]406 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
407 O_CLIENT_ARGS="-$MODE"
408
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]409 if [ "X$VERIFY" = "XYES" ];
410 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]411 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]412 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]413 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]414 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
415 else
416 # ssl_server2 defaults to optional, but we want to test handshakes
417 # that don't exchange client certificate at all too
418 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=none"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]419 fi
420
421 case $TYPE in
422 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]423 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
424 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
425 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
426 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]427 ;;
428
429 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]430 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
431 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
432 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
433 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]434 ;;
435
436 "PSK")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]437 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
438 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]439 # openssl s_server won't start without certificates...
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]440 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
441 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]442 ;;
443 esac
444}
445
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]446# start_server <name>
447# also saves name and command
448start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]449 case $1 in
450 [Oo]pen*)
451 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
452 ;;
453 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]454 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]455 ;;
456 *)
457 echo "error: invalid server name: $1" >&2
458 exit 1
459 ;;
460 esac
461 SERVER_NAME=$1
462
463 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]464 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]465 PROCESS_ID=$!
466
467 sleep 1
468}
469
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]470# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]471stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]472 case $SERVER_NAME in
473 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]474 # we must force a PSK suite when in PSK mode (otherwise client
475 # auth will fail), so use $O_CIPHERS
476 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
477 echo SERVERQUIT | \
478 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]479 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]480 *)
481 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]482 esac
483
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]484 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]485 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]486}
487
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]488# kill the running server (used when killed by signal)
489cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]490 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]491 kill $PROCESS_ID
492 exit 1
493}
494
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]495# run_client <name> <cipher>
496run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]497 # announce what we're going to do
498 let "tests++"
499 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
500 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
501 echo -n "$TITLE"
502 LEN=`echo "$TITLE" | wc -c`
503 LEN=`echo 72 - $LEN | bc`
504 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
505
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]506 # run the command and interpret result
507 case $1 in
508 [Oo]pen*)
509 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
510 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]511 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]512 EXIT=$?
513
514 if [ "$EXIT" == "0" ]; then
515 RESULT=0
516 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]517 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]518 RESULT=1
519 else
520 RESULT=2
521 fi
522 fi
523 ;;
524
525 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]526 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]527 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]528 $CLIENT_CMD > cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]529 EXIT=$?
530
531 case $EXIT in
532 "0") RESULT=0 ;;
533 "2") RESULT=1 ;;
534 *) RESULT=2 ;;
535 esac
536 ;;
537
538 *)
539 echo "error: invalid client name: $1" >&2
540 exit 1
541 ;;
542 esac
543
544 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]545 case $RESULT in
546 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]547 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]548 ;;
549 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]550 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]551 let "skipped++"
552 ;;
553 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]554 echo FAIL
555 echo " ! $SERVER_CMD"
556 echo " ! $CLIENT_CMD"
557 echo -n " ! ... "
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]558 tail -n1 cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]559 let "failed++"
560 ;;
561 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]562
563 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]564}
565
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]566#
567# MAIN
568#
569
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]570# sanity checks, avoid an avalanche of errors
571if [ ! -x "$P_SRV" ]; then
572 echo "Command '$P_SRV' is not an executable file"
573 exit 1
574fi
575if [ ! -x "$P_CLI" ]; then
576 echo "Command '$P_CLI' is not an executable file"
577 exit 1
578fi
579if which $OPENSSL >/dev/null 2>&1; then :; else
580 echo "Command '$OPENSSL' not found"
581 exit 1
582fi
583
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]584get_options "$@"
585
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]586killall -q openssl ssl_server ssl_server2
587trap cleanup INT TERM HUP
588
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]589for VERIFY in $VERIFIES; do
590 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]591 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]592
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]593 setup_arguments
594 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]595
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]596 if [ "X" != "X$P_CIPHERS" ]; then
597 start_server "OpenSSL"
598 for i in $P_CIPHERS; do
599 run_client PolarSSL $i
600 done
601 stop_server
602 fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]603
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]604 if [ "X" != "X$O_CIPHERS" ]; then
605 start_server "PolarSSL"
606 for i in $O_CIPHERS; do
607 run_client OpenSSL $i
608 done
609 stop_server
610 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]611
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]612 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]613
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]614 if [ "X" != "X$P_CIPHERS" ]; then
615 start_server "PolarSSL"
616 for i in $P_CIPHERS; do
617 run_client PolarSSL $i
618 done
619 stop_server
620 fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]621
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]622 done
623 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]624done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]625
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]626echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]627
628if (( failed != 0 ));
629then
630 echo -n "FAILED"
631else
632 echo -n "PASSED"
633fi
634
635let "passed = tests - failed"
636echo " ($passed / $tests tests ($skipped skipped))"
637
638exit $failed