TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3eec60402f83ff92cefd30b875eb85d77b579cb8 / . / tests / compat.sh
blob: 1107b717c6ae3856f9ac644a8e1acf8637d90f49 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]6set -u
7
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]8let "tests = 0"
9let "failed = 0"
10let "skipped = 0"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]11let "srvmem = 0"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]13# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
16: ${OPENSSL:=openssl}
17
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]18MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]19VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]20TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]21FILTER=""
22VERBOSE=""
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]23MEMCHECK=0
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]24
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]25print_usage() {
26 echo "Usage: $0"
27 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
28 echo -e " -h|--help\t\tPrint this help."
29 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
30 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
31 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]32 echo -e " -M, --memcheck\tCheck memory leaks and errors."
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]33 echo -e " -v|--verbose\t\tSet verbose output."
34}
35
36get_options() {
37 while [ $# -gt 0 ]; do
38 case "$1" in
39 -f|--filter)
40 shift; FILTER=$1
41 ;;
42 -m|--modes)
43 shift; MODES=$1
44 ;;
45 -t|--types)
46 shift; TYPES=$1
47 ;;
48 -V|--verify)
49 shift; VERIFIES=$1
50 ;;
51 -v|--verbose)
52 VERBOSE=1
53 ;;
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]54 -M|--memcheck)
55 MEMCHECK=1
56 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]57 -h|--help)
58 print_usage
59 exit 0
60 ;;
61 *)
62 echo "Unknown argument: '$1'"
63 print_usage
64 exit 1
65 ;;
66 esac
67 shift
68 done
69}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]70
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]71log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]72 if [ "X" != "X$VERBOSE" ]; then
73 echo "$@"
74 fi
75}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]76
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]77filter()
78{
79 LIST=$1
80 FILTER=$2
81
82 NEW_LIST=""
83
84 for i in $LIST;
85 do
86 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
87 done
88
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]89 # normalize whitespace
90 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]91}
92
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]93setup_ciphersuites()
94{
95 P_CIPHERS=""
96 O_CIPHERS=""
97
98 case $TYPE in
99
100 "ECDSA")
101 if [ "$MODE" != "ssl3" ];
102 then
103 P_CIPHERS="$P_CIPHERS \
104 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
105 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
106 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
107 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
108 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
109 TLS-ECDH-ECDSA-WITH-NULL-SHA \
110 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
111 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
112 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
113 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
114 "
115 O_CIPHERS="$O_CIPHERS \
116 ECDHE-ECDSA-NULL-SHA \
117 ECDHE-ECDSA-RC4-SHA \
118 ECDHE-ECDSA-DES-CBC3-SHA \
119 ECDHE-ECDSA-AES128-SHA \
120 ECDHE-ECDSA-AES256-SHA \
121 ECDH-ECDSA-NULL-SHA \
122 ECDH-ECDSA-RC4-SHA \
123 ECDH-ECDSA-DES-CBC3-SHA \
124 ECDH-ECDSA-AES128-SHA \
125 ECDH-ECDSA-AES256-SHA \
126 "
127 fi
128 if [ "$MODE" = "tls1_2" ];
129 then
130 P_CIPHERS="$P_CIPHERS \
131 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
132 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
133 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
134 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
135 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
136 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
137 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
138 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
139 "
140 O_CIPHERS="$O_CIPHERS \
141 ECDHE-ECDSA-AES128-SHA256 \
142 ECDHE-ECDSA-AES256-SHA384 \
143 ECDHE-ECDSA-AES128-GCM-SHA256 \
144 ECDHE-ECDSA-AES256-GCM-SHA384 \
145 ECDH-ECDSA-AES128-SHA256 \
146 ECDH-ECDSA-AES256-SHA384 \
147 ECDH-ECDSA-AES128-GCM-SHA256 \
148 ECDH-ECDSA-AES256-GCM-SHA384 \
149 "
150 fi
151 ;;
152
153 "RSA")
154 P_CIPHERS="$P_CIPHERS \
155 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
156 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
157 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
158 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
159 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
160 TLS-RSA-WITH-AES-256-CBC-SHA \
161 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
162 TLS-RSA-WITH-AES-128-CBC-SHA \
163 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
164 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
165 TLS-RSA-WITH-RC4-128-SHA \
166 TLS-RSA-WITH-RC4-128-MD5 \
167 TLS-RSA-WITH-NULL-MD5 \
168 TLS-RSA-WITH-NULL-SHA \
169 TLS-RSA-WITH-DES-CBC-SHA \
170 TLS-DHE-RSA-WITH-DES-CBC-SHA \
171 "
172 O_CIPHERS="$O_CIPHERS \
173 DHE-RSA-AES128-SHA \
174 DHE-RSA-AES256-SHA \
175 DHE-RSA-CAMELLIA128-SHA \
176 DHE-RSA-CAMELLIA256-SHA \
177 EDH-RSA-DES-CBC3-SHA \
178 AES256-SHA \
179 CAMELLIA256-SHA \
180 AES128-SHA \
181 CAMELLIA128-SHA \
182 DES-CBC3-SHA \
183 RC4-SHA \
184 RC4-MD5 \
185 NULL-MD5 \
186 NULL-SHA \
187 DES-CBC-SHA \
188 EDH-RSA-DES-CBC-SHA \
189 "
190 if [ "$MODE" != "ssl3" ];
191 then
192 P_CIPHERS="$P_CIPHERS \
193 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
194 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
195 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
196 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
197 TLS-ECDHE-RSA-WITH-NULL-SHA \
198 "
199 O_CIPHERS="$O_CIPHERS \
200 ECDHE-RSA-AES256-SHA \
201 ECDHE-RSA-AES128-SHA \
202 ECDHE-RSA-DES-CBC3-SHA \
203 ECDHE-RSA-RC4-SHA \
204 ECDHE-RSA-NULL-SHA \
205 "
206 fi
207 if [ "$MODE" = "tls1_2" ];
208 then
209 P_CIPHERS="$P_CIPHERS \
210 TLS-RSA-WITH-NULL-SHA256 \
211 TLS-RSA-WITH-AES-128-CBC-SHA256 \
212 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
213 TLS-RSA-WITH-AES-256-CBC-SHA256 \
214 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
215 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
216 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
217 TLS-RSA-WITH-AES-128-GCM-SHA256 \
218 TLS-RSA-WITH-AES-256-GCM-SHA384 \
219 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
220 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
221 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
222 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
223 "
224 O_CIPHERS="$O_CIPHERS \
225 NULL-SHA256 \
226 AES128-SHA256 \
227 DHE-RSA-AES128-SHA256 \
228 AES256-SHA256 \
229 DHE-RSA-AES256-SHA256 \
230 ECDHE-RSA-AES128-SHA256 \
231 ECDHE-RSA-AES256-SHA384 \
232 AES128-GCM-SHA256 \
233 DHE-RSA-AES128-GCM-SHA256 \
234 AES256-GCM-SHA384 \
235 DHE-RSA-AES256-GCM-SHA384 \
236 ECDHE-RSA-AES128-GCM-SHA256 \
237 ECDHE-RSA-AES256-GCM-SHA384 \
238 "
239 fi
240 ;;
241
242 "PSK")
243 P_CIPHERS="$P_CIPHERS \
244 TLS-PSK-WITH-RC4-128-SHA \
245 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
246 TLS-PSK-WITH-AES-128-CBC-SHA \
247 TLS-PSK-WITH-AES-256-CBC-SHA \
248 "
249 O_CIPHERS="$O_CIPHERS \
250 PSK-RC4-SHA \
251 PSK-3DES-EDE-CBC-SHA \
252 PSK-AES128-CBC-SHA \
253 PSK-AES256-CBC-SHA \
254 "
255 ;;
256 esac
257
258 # Filter ciphersuites
259 if [ "X" != "X$FILTER" ];
260 then
261 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
262 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
263 fi
264
265}
266
267add_polarssl_ciphersuites()
268{
269 ADD_CIPHERS=""
270
271 case $TYPE in
272
273 "ECDSA")
274 if [ "$MODE" != "ssl3" ];
275 then
276 ADD_CIPHERS="$ADD_CIPHERS \
277 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
278 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
279 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
280 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
281 "
282 fi
283 if [ "$MODE" = "tls1_2" ];
284 then
285 ADD_CIPHERS="$ADD_CIPHERS \
286 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
287 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
288 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
289 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
290 "
291 fi
292 ;;
293
294 "RSA")
295 if [ "$MODE" != "ssl3" ];
296 then
297 ADD_CIPHERS="$ADD_CIPHERS \
298 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
299 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
300 "
301 fi
302 if [ "$MODE" = "tls1_2" ];
303 then
304 ADD_CIPHERS="$ADD_CIPHERS \
305 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
306 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
307 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
308 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
309 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
310 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
311 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
312 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
313 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
314 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
315 "
316 fi
317 ;;
318
319 "PSK")
320 ADD_CIPHERS="$ADD_CIPHERS \
321 TLS-DHE-PSK-WITH-RC4-128-SHA \
322 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
323 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
324 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
325 TLS-DHE-PSK-WITH-NULL-SHA \
326 TLS-PSK-WITH-NULL-SHA \
327 TLS-RSA-PSK-WITH-RC4-128-SHA \
328 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
329 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
330 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
331 TLS-RSA-WITH-NULL-SHA \
332 TLS-RSA-WITH-NULL-MD5 \
333 TLS-PSK-WITH-AES-128-CBC-SHA256 \
334 TLS-PSK-WITH-AES-256-CBC-SHA384 \
335 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
336 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
337 TLS-PSK-WITH-NULL-SHA256 \
338 TLS-PSK-WITH-NULL-SHA384 \
339 TLS-DHE-PSK-WITH-NULL-SHA256 \
340 TLS-DHE-PSK-WITH-NULL-SHA384 \
341 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
342 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
343 TLS-RSA-PSK-WITH-NULL-SHA256 \
344 TLS-RSA-PSK-WITH-NULL-SHA384 \
345 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
346 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
347 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
348 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
349 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
350 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
351 "
352 if [ "$MODE" != "ssl3" ];
353 then
354 ADD_CIPHERS="$ADD_CIPHERS \
355 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
356 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
357 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
358 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
359 TLS-ECDHE-PSK-WITH-NULL-SHA \
360 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
361 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
362 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
363 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
364 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
365 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
366 "
367 fi
368 if [ "$MODE" = "tls1_2" ];
369 then
370 ADD_CIPHERS="$ADD_CIPHERS \
371 TLS-PSK-WITH-AES-128-GCM-SHA256 \
372 TLS-PSK-WITH-AES-256-GCM-SHA384 \
373 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
374 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
375 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
376 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
377 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
378 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
379 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
380 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
381 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
382 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
383 TLS-RSA-WITH-NULL-SHA256 \
384 "
385 fi
386 ;;
387 esac
388
389 # Filter new ciphersuites and add them
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]390 if [ "X" != "X$FILTER" ]; then
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]391 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
392 fi
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]393 # avoid P_CIPHERS being only ' '
394 if [ "X" != "X$P_CIPHERS" ]; then
395 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
396 else
397 P_CIPHERS="$ADD_CIPHERS"
398 fi
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]399}
400
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]401setup_arguments()
402{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]403 # avoid an avalanche of errors due to typos
404 case $MODE in
405 ssl3|tls1|tls1_1|tls1_2)
406 ;;
407 *)
408 echo "error: invalid mode: $MODE" >&2
409 exit 1;
410 esac
411
412 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]413 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]414 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
415 O_CLIENT_ARGS="-$MODE"
416
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]417 if [ "X$VERIFY" = "XYES" ];
418 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]419 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]420 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]421 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]422 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
423 else
424 # ssl_server2 defaults to optional, but we want to test handshakes
425 # that don't exchange client certificate at all too
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]426 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
427 # give dummy CA to clients
428 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/cli2.crt"
429 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/cli2.crt"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]430 fi
431
432 case $TYPE in
433 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]434 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]435 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]436 if [ "X$VERIFY" = "XYES" ]; then
437 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
438 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
439 else
440 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
441 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]442 ;;
443
444 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]445 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]446 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]447 if [ "X$VERIFY" = "XYES" ]; then
448 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
449 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
450 else
451 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
452 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]453 ;;
454
455 "PSK")
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]456 # give our server a certificate for RSA-PSK
457 # (should be a separate type, but harder to close with openssl)
458 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
459 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
460 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]461 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]462 ;;
463 esac
464}
465
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]466# is_polar <cmd_line>
467is_polar() {
468 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
469}
470
471# has_mem_err <log_file_name>
472has_mem_err() {
473 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
474 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
475 then
476 return 1 # false: does not have errors
477 else
478 return 0 # true: has errors
479 fi
480}
481
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]482# start_server <name>
483# also saves name and command
484start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]485 case $1 in
486 [Oo]pen*)
487 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
488 ;;
489 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]490 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]491 if [ "$MEMCHECK" -gt 0 ]; then
492 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
493 fi
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]494 ;;
495 *)
496 echo "error: invalid server name: $1" >&2
497 exit 1
498 ;;
499 esac
500 SERVER_NAME=$1
501
502 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]503 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]504 PROCESS_ID=$!
505
506 sleep 1
507}
508
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]509# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]510stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]511 case $SERVER_NAME in
512 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]513 # we must force a PSK suite when in PSK mode (otherwise client
514 # auth will fail), so use $O_CIPHERS
515 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
516 echo SERVERQUIT | \
517 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]518 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]519 *)
520 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]521 esac
522
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]523 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]524
525 if [ "$MEMCHECK" -gt 0 ]; then
526 if is_polar "$SERVER_CMD" && has_mem_err srv_out; then
527 echo " ! Server had memory errors"
528 let "srvmem++"
529 return
530 fi
531 fi
532
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]533 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]534}
535
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]536# kill the running server (used when killed by signal)
537cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]538 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]539 kill $PROCESS_ID
540 exit 1
541}
542
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]543# run_client <name> <cipher>
544run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]545 # announce what we're going to do
546 let "tests++"
547 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
548 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
549 echo -n "$TITLE"
550 LEN=`echo "$TITLE" | wc -c`
551 LEN=`echo 72 - $LEN | bc`
552 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
553
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]554 # run the command and interpret result
555 case $1 in
556 [Oo]pen*)
557 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
558 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]559 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]560 EXIT=$?
561
562 if [ "$EXIT" == "0" ]; then
563 RESULT=0
564 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]565 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]566 RESULT=1
567 else
568 RESULT=2
569 fi
570 fi
571 ;;
572
573 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]574 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]575 if [ "$MEMCHECK" -gt 0 ]; then
576 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
577 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]578 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]579 $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]580 EXIT=$?
581
582 case $EXIT in
583 "0") RESULT=0 ;;
584 "2") RESULT=1 ;;
585 *) RESULT=2 ;;
586 esac
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]587
588 if [ "$MEMCHECK" -gt 0 ]; then
589 if is_polar "$CLIENT_CMD" && has_mem_err cli_out; then
590 RESULT=2
591 fi
592 fi
593
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]594 ;;
595
596 *)
597 echo "error: invalid client name: $1" >&2
598 exit 1
599 ;;
600 esac
601
602 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]603 case $RESULT in
604 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]605 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]606 ;;
607 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]608 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]609 let "skipped++"
610 ;;
611 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]612 echo FAIL
613 echo " ! $SERVER_CMD"
614 echo " ! $CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]615 cp srv_out c-srv-${tests}.log
616 cp cli_out c-cli-${tests}.log
617 echo " ! outputs saved to c-srv-${tests}.log, c-cli-${tests}.log"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]618 let "failed++"
619 ;;
620 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]621
622 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]623}
624
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]625#
626# MAIN
627#
628
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]629# sanity checks, avoid an avalanche of errors
630if [ ! -x "$P_SRV" ]; then
631 echo "Command '$P_SRV' is not an executable file"
632 exit 1
633fi
634if [ ! -x "$P_CLI" ]; then
635 echo "Command '$P_CLI' is not an executable file"
636 exit 1
637fi
638if which $OPENSSL >/dev/null 2>&1; then :; else
639 echo "Command '$OPENSSL' not found"
640 exit 1
641fi
642
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]643get_options "$@"
644
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]645killall -q openssl ssl_server ssl_server2
646trap cleanup INT TERM HUP
647
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]648for VERIFY in $VERIFIES; do
649 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]650 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]651
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]652 setup_arguments
653 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]654
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]655 if [ "X" != "X$P_CIPHERS" ]; then
656 start_server "OpenSSL"
657 for i in $P_CIPHERS; do
658 run_client PolarSSL $i
659 done
660 stop_server
661 fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]662
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]663 if [ "X" != "X$O_CIPHERS" ]; then
664 start_server "PolarSSL"
665 for i in $O_CIPHERS; do
666 run_client OpenSSL $i
667 done
668 stop_server
669 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]670
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]671 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]672
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]673 if [ "X" != "X$P_CIPHERS" ]; then
674 start_server "PolarSSL"
675 for i in $P_CIPHERS; do
676 run_client PolarSSL $i
677 done
678 stop_server
679 fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]680
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]681 done
682 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]683done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]684
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]685echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]686
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]687if (( failed != 0 && srvmem != 0 ));
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]688then
689 echo -n "FAILED"
690else
691 echo -n "PASSED"
692fi
693
694let "passed = tests - failed"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]695echo " ($passed / $tests tests ($skipped skipped, $srvmem server memory errors)"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]696
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame^]697let "failed += srvmem"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]698exit $failed