blob: a17a34cfeb6f6418c028cea38d2de171c3656753 [file] [log] [blame]
Paul Bakker645ce3a2012-10-31 12:32:41 +00001killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +00002
Paul Bakker10cd2252012-04-12 21:26:34 +00003MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +01004VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +00005OPENSSL=openssl
Paul Bakker10cd2252012-04-12 21:26:34 +00006
Paul Bakker1eeceae2012-11-23 14:25:34 +01007for VERIFY in $VERIFIES;
8do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +02009P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
10P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
11O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
12O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
13
Paul Bakker10cd2252012-04-12 21:26:34 +000014if [ "X$VERIFY" = "XYES" ];
15then
Paul Bakker7e5e7ca2013-04-17 19:27:58 +020016 P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
17 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
18 O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
19 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +000020fi
Paul Bakker398cb512012-04-10 08:22:31 +000021
22for MODE in $MODES;
23do
Paul Bakker1eeceae2012-11-23 14:25:34 +010024echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +000025echo "-----------"
26
Paul Bakker645ce3a2012-10-31 12:32:41 +000027P_CIPHERS=" \
28 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
29 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
30 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
31 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
32 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
33 TLS-RSA-WITH-AES-256-CBC-SHA \
34 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
35 TLS-RSA-WITH-AES-128-CBC-SHA \
36 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
37 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
38 TLS-RSA-WITH-RC4-128-SHA \
39 TLS-RSA-WITH-RC4-128-MD5 \
40 TLS-RSA-WITH-NULL-MD5 \
41 TLS-RSA-WITH-NULL-SHA \
42 TLS-RSA-WITH-DES-CBC-SHA \
43 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +010044 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
45 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
46 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
47 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +010048 TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +020049 TLS-PSK-WITH-RC4-128-SHA \
50 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
51 TLS-PSK-WITH-AES-128-CBC-SHA \
52 TLS-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +000053 "
54
Paul Bakker10cd2252012-04-12 21:26:34 +000055O_CIPHERS=" \
56 DHE-RSA-AES128-SHA \
57 DHE-RSA-AES256-SHA \
58 DHE-RSA-CAMELLIA128-SHA \
59 DHE-RSA-CAMELLIA256-SHA \
60 EDH-RSA-DES-CBC3-SHA \
61 AES256-SHA \
62 CAMELLIA256-SHA \
63 AES128-SHA \
64 CAMELLIA128-SHA \
65 DES-CBC3-SHA \
66 RC4-SHA \
67 RC4-MD5 \
68 NULL-MD5 \
69 NULL-SHA \
70 DES-CBC-SHA \
71 EDH-RSA-DES-CBC-SHA \
Paul Bakker41c83d32013-03-20 14:39:14 +010072 ECDHE-RSA-AES256-SHA \
73 ECDHE-RSA-AES128-SHA \
74 ECDHE-RSA-DES-CBC3-SHA \
75 ECDHE-RSA-RC4-SHA \
76 ECDHE-RSA-NULL-SHA \
Paul Bakker7e5e7ca2013-04-17 19:27:58 +020077 PSK-RC4-SHA \
78 PSK-3DES-EDE-CBC-SHA \
79 PSK-AES128-CBC-SHA \
80 PSK-AES256-CBC-SHA
Paul Bakker10cd2252012-04-12 21:26:34 +000081 "
82
Paul Bakker0c93d122012-09-13 14:26:09 +000083# Also add SHA256 ciphersuites
84#
Paul Bakker10cd2252012-04-12 21:26:34 +000085if [ "$MODE" = "tls1_2" ];
86then
Paul Bakker1eeceae2012-11-23 14:25:34 +010087 P_CIPHERS="$P_CIPHERS \
88 TLS-RSA-WITH-NULL-SHA256 \
89 TLS-RSA-WITH-AES-128-CBC-SHA256 \
90 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
91 TLS-RSA-WITH-AES-256-CBC-SHA256 \
92 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +020093 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
94 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +010095 "
96
97 O_CIPHERS="$O_CIPHERS \
98 NULL-SHA256 \
99 AES128-SHA256 \
100 DHE-RSA-AES128-SHA256 \
101 AES256-SHA256 \
102 DHE-RSA-AES256-SHA256 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100103 ECDHE-RSA-AES128-SHA256 \
104 ECDHE-RSA-AES256-SHA384 \
Paul Bakker1eeceae2012-11-23 14:25:34 +0100105 "
106
Paul Bakker645ce3a2012-10-31 12:32:41 +0000107 P_CIPHERS="$P_CIPHERS \
108 TLS-RSA-WITH-AES-128-GCM-SHA256 \
109 TLS-RSA-WITH-AES-256-GCM-SHA384 \
110 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
111 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100112 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
113 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000114 "
115
116 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000117 AES128-GCM-SHA256 \
118 DHE-RSA-AES128-GCM-SHA256 \
119 AES256-GCM-SHA384 \
120 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakkera54e4932013-03-20 15:31:54 +0100121 ECDHE-RSA-AES128-GCM-SHA256 \
122 ECDHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000123 "
124fi
125
Paul Bakker0c93d122012-09-13 14:26:09 +0000126$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000127PROCESS_ID=$!
128
129sleep 1
130
131for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000132do
Paul Bakker10cd2252012-04-12 21:26:34 +0000133 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000134 EXIT=$?
135 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
136 if [ "$EXIT" = "2" ];
137 then
138 echo Ciphersuite not supported in client
139 elif [ "$EXIT" != "0" ];
140 then
141 echo Failed
142 echo $RESULT
143 else
144 echo Success
145 fi
146done
147kill $PROCESS_ID
148
Paul Bakker1eeceae2012-11-23 14:25:34 +0100149../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000150PROCESS_ID=$!
151
152sleep 1
153
Paul Bakker10cd2252012-04-12 21:26:34 +0000154for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000155do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100156 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000157 EXIT=$?
158 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
159
160 if [ "$EXIT" != "0" ];
161 then
162 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
163 if [ "X$SUPPORTED" != "X" ]
164 then
165 echo "Ciphersuite not supported in server"
166 else
167 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100168 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
169 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000170 echo $RESULT
171 fi
172 else
173 echo Success
174 fi
175done
176
177kill $PROCESS_ID
178
Paul Bakker1eeceae2012-11-23 14:25:34 +0100179../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000180PROCESS_ID=$!
181
182sleep 1
183
Paul Bakker27714b12013-04-07 23:07:12 +0200184# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
185# or SHA384
Paul Bakker10cd2252012-04-12 21:26:34 +0000186# Add for PolarSSL only test, which does support them.
187#
188if [ "$MODE" = "tls1_2" ];
189then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000190 P_CIPHERS="$P_CIPHERS \
191 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
192 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
193 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
194 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker27714b12013-04-07 23:07:12 +0200195 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
196 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Paul Bakker40afb4b2013-04-19 22:03:30 +0200197 TLS-PSK-WITH-AES-128-CBC-SHA256 \
198 TLS-PSK-WITH-AES-256-CBC-SHA384 \
199 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
200 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
201 TLS-PSK-WITH-AES-128-GCM-SHA256 \
202 TLS-PSK-WITH-AES-256-GCM-SHA384 \
203 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
204 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
205 TLS-PSK-WITH-NULL-SHA256 \
206 TLS-PSK-WITH-NULL-SHA384 \
207 TLS-DHE-PSK-WITH-NULL-SHA256 \
208 TLS-DHE-PSK-WITH-NULL-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000209 "
210fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000211
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200212# OpenSSL does not support DHE-PSK ciphers
213# Add for PolarSSL only test, which does support them.
214#
215P_CIPHERS="$P_CIPHERS \
216 TLS-DHE-PSK-WITH-RC4-128-SHA \
217 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
218 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
219 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200220 TLS-PSK-WITH-NULL-SHA \
221 TLS-DHE-PSK-WITH-NULL-SHA \
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200222 "
223
Paul Bakker10cd2252012-04-12 21:26:34 +0000224for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000225do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100226 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000227 EXIT=$?
228 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
229 if [ "$EXIT" = "2" ];
230 then
231 echo Ciphersuite not supported in client
232 elif [ "$EXIT" != "0" ];
233 then
234 echo Failed
235 echo $RESULT
236 else
237 echo Success
238 fi
239done
240kill $PROCESS_ID
241
Paul Bakker398cb512012-04-10 08:22:31 +0000242done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100243done