TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4145b890912aff8b76e0b324a4528e1d21708b90 / . / tests / compat.sh
blob: b05388676fd6cabf4cb7e36aaae635c5f262f7c0 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]6killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]7
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]8let "tests = 0"
9let "failed = 0"
10let "skipped = 0"
11
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]12MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]13VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]14TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]15OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]16FILTER=""
17VERBOSE=""
18
19# Parse arguments
20#
21until [ -z "$1" ]
22do
23 case "$1" in
24 -f|--filter)
25 # Filter ciphersuites
26 shift
27 FILTER=$1
28 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]29 -m|--modes)
30 # Perform modes
31 shift
32 MODES=$1
33 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]34 -t|--types)
35 # Key exchange types
36 shift
37 TYPES=$1
38 ;;
39 -V|--verify)
40 # Verifiction modes
41 shift
42 VERIFIES=$1
43 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]44 -v|--verbose)
45 # Set verbosity
46 shift
47 VERBOSE=1
48 ;;
49 -h|--help)
50 # print help
51 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]52 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]53 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]54 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]55 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]56 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]57 echo -e " -v|--verbose\t\tSet verbose output."
58 exit 1
59 ;;
60 *)
61 # print error
62 echo "Unknown argument: '$1'"
63 exit 1
64 ;;
65 esac
66 shift
67done
68
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]69log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]70 if [ "X" != "X$VERBOSE" ]; then
71 echo "$@"
72 fi
73}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]74
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]75filter()
76{
77 LIST=$1
78 FILTER=$2
79
80 NEW_LIST=""
81
82 for i in $LIST;
83 do
84 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
85 done
86
87 echo "$NEW_LIST"
88}
89
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]90setup_ciphersuites()
91{
92 P_CIPHERS=""
93 O_CIPHERS=""
94
95 case $TYPE in
96
97 "ECDSA")
98 if [ "$MODE" != "ssl3" ];
99 then
100 P_CIPHERS="$P_CIPHERS \
101 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
102 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
103 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
104 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
105 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
106 TLS-ECDH-ECDSA-WITH-NULL-SHA \
107 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
108 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
109 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
110 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
111 "
112 O_CIPHERS="$O_CIPHERS \
113 ECDHE-ECDSA-NULL-SHA \
114 ECDHE-ECDSA-RC4-SHA \
115 ECDHE-ECDSA-DES-CBC3-SHA \
116 ECDHE-ECDSA-AES128-SHA \
117 ECDHE-ECDSA-AES256-SHA \
118 ECDH-ECDSA-NULL-SHA \
119 ECDH-ECDSA-RC4-SHA \
120 ECDH-ECDSA-DES-CBC3-SHA \
121 ECDH-ECDSA-AES128-SHA \
122 ECDH-ECDSA-AES256-SHA \
123 "
124 fi
125 if [ "$MODE" = "tls1_2" ];
126 then
127 P_CIPHERS="$P_CIPHERS \
128 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
129 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
130 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
131 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
132 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
133 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
134 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
135 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
136 "
137 O_CIPHERS="$O_CIPHERS \
138 ECDHE-ECDSA-AES128-SHA256 \
139 ECDHE-ECDSA-AES256-SHA384 \
140 ECDHE-ECDSA-AES128-GCM-SHA256 \
141 ECDHE-ECDSA-AES256-GCM-SHA384 \
142 ECDH-ECDSA-AES128-SHA256 \
143 ECDH-ECDSA-AES256-SHA384 \
144 ECDH-ECDSA-AES128-GCM-SHA256 \
145 ECDH-ECDSA-AES256-GCM-SHA384 \
146 "
147 fi
148 ;;
149
150 "RSA")
151 P_CIPHERS="$P_CIPHERS \
152 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
153 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
154 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
155 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
156 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
157 TLS-RSA-WITH-AES-256-CBC-SHA \
158 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
159 TLS-RSA-WITH-AES-128-CBC-SHA \
160 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
161 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
162 TLS-RSA-WITH-RC4-128-SHA \
163 TLS-RSA-WITH-RC4-128-MD5 \
164 TLS-RSA-WITH-NULL-MD5 \
165 TLS-RSA-WITH-NULL-SHA \
166 TLS-RSA-WITH-DES-CBC-SHA \
167 TLS-DHE-RSA-WITH-DES-CBC-SHA \
168 "
169 O_CIPHERS="$O_CIPHERS \
170 DHE-RSA-AES128-SHA \
171 DHE-RSA-AES256-SHA \
172 DHE-RSA-CAMELLIA128-SHA \
173 DHE-RSA-CAMELLIA256-SHA \
174 EDH-RSA-DES-CBC3-SHA \
175 AES256-SHA \
176 CAMELLIA256-SHA \
177 AES128-SHA \
178 CAMELLIA128-SHA \
179 DES-CBC3-SHA \
180 RC4-SHA \
181 RC4-MD5 \
182 NULL-MD5 \
183 NULL-SHA \
184 DES-CBC-SHA \
185 EDH-RSA-DES-CBC-SHA \
186 "
187 if [ "$MODE" != "ssl3" ];
188 then
189 P_CIPHERS="$P_CIPHERS \
190 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
191 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
192 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
193 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
194 TLS-ECDHE-RSA-WITH-NULL-SHA \
195 "
196 O_CIPHERS="$O_CIPHERS \
197 ECDHE-RSA-AES256-SHA \
198 ECDHE-RSA-AES128-SHA \
199 ECDHE-RSA-DES-CBC3-SHA \
200 ECDHE-RSA-RC4-SHA \
201 ECDHE-RSA-NULL-SHA \
202 "
203 fi
204 if [ "$MODE" = "tls1_2" ];
205 then
206 P_CIPHERS="$P_CIPHERS \
207 TLS-RSA-WITH-NULL-SHA256 \
208 TLS-RSA-WITH-AES-128-CBC-SHA256 \
209 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
210 TLS-RSA-WITH-AES-256-CBC-SHA256 \
211 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
212 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
213 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
214 TLS-RSA-WITH-AES-128-GCM-SHA256 \
215 TLS-RSA-WITH-AES-256-GCM-SHA384 \
216 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
217 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
218 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
219 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
220 "
221 O_CIPHERS="$O_CIPHERS \
222 NULL-SHA256 \
223 AES128-SHA256 \
224 DHE-RSA-AES128-SHA256 \
225 AES256-SHA256 \
226 DHE-RSA-AES256-SHA256 \
227 ECDHE-RSA-AES128-SHA256 \
228 ECDHE-RSA-AES256-SHA384 \
229 AES128-GCM-SHA256 \
230 DHE-RSA-AES128-GCM-SHA256 \
231 AES256-GCM-SHA384 \
232 DHE-RSA-AES256-GCM-SHA384 \
233 ECDHE-RSA-AES128-GCM-SHA256 \
234 ECDHE-RSA-AES256-GCM-SHA384 \
235 "
236 fi
237 ;;
238
239 "PSK")
240 P_CIPHERS="$P_CIPHERS \
241 TLS-PSK-WITH-RC4-128-SHA \
242 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
243 TLS-PSK-WITH-AES-128-CBC-SHA \
244 TLS-PSK-WITH-AES-256-CBC-SHA \
245 "
246 O_CIPHERS="$O_CIPHERS \
247 PSK-RC4-SHA \
248 PSK-3DES-EDE-CBC-SHA \
249 PSK-AES128-CBC-SHA \
250 PSK-AES256-CBC-SHA \
251 "
252 ;;
253 esac
254
255 # Filter ciphersuites
256 if [ "X" != "X$FILTER" ];
257 then
258 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
259 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
260 fi
261
262}
263
264add_polarssl_ciphersuites()
265{
266 ADD_CIPHERS=""
267
268 case $TYPE in
269
270 "ECDSA")
271 if [ "$MODE" != "ssl3" ];
272 then
273 ADD_CIPHERS="$ADD_CIPHERS \
274 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
275 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
276 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
277 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
278 "
279 fi
280 if [ "$MODE" = "tls1_2" ];
281 then
282 ADD_CIPHERS="$ADD_CIPHERS \
283 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
284 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
285 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
286 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
287 "
288 fi
289 ;;
290
291 "RSA")
292 if [ "$MODE" != "ssl3" ];
293 then
294 ADD_CIPHERS="$ADD_CIPHERS \
295 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
296 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
297 "
298 fi
299 if [ "$MODE" = "tls1_2" ];
300 then
301 ADD_CIPHERS="$ADD_CIPHERS \
302 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
303 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
304 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
305 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
306 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
307 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
308 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
309 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
310 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
311 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
312 "
313 fi
314 ;;
315
316 "PSK")
317 ADD_CIPHERS="$ADD_CIPHERS \
318 TLS-DHE-PSK-WITH-RC4-128-SHA \
319 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
320 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
321 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
322 TLS-DHE-PSK-WITH-NULL-SHA \
323 TLS-PSK-WITH-NULL-SHA \
324 TLS-RSA-PSK-WITH-RC4-128-SHA \
325 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
326 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
327 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
328 TLS-RSA-WITH-NULL-SHA \
329 TLS-RSA-WITH-NULL-MD5 \
330 TLS-PSK-WITH-AES-128-CBC-SHA256 \
331 TLS-PSK-WITH-AES-256-CBC-SHA384 \
332 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
333 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
334 TLS-PSK-WITH-NULL-SHA256 \
335 TLS-PSK-WITH-NULL-SHA384 \
336 TLS-DHE-PSK-WITH-NULL-SHA256 \
337 TLS-DHE-PSK-WITH-NULL-SHA384 \
338 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
339 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
340 TLS-RSA-PSK-WITH-NULL-SHA256 \
341 TLS-RSA-PSK-WITH-NULL-SHA384 \
342 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
343 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
344 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
345 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
346 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
347 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
348 "
349 if [ "$MODE" != "ssl3" ];
350 then
351 ADD_CIPHERS="$ADD_CIPHERS \
352 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
353 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
354 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
355 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
356 TLS-ECDHE-PSK-WITH-NULL-SHA \
357 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
358 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
359 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
360 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
361 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
362 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
363 "
364 fi
365 if [ "$MODE" = "tls1_2" ];
366 then
367 ADD_CIPHERS="$ADD_CIPHERS \
368 TLS-PSK-WITH-AES-128-GCM-SHA256 \
369 TLS-PSK-WITH-AES-256-GCM-SHA384 \
370 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
371 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
372 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
373 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
374 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
375 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
376 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
377 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
378 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
379 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
380 TLS-RSA-WITH-NULL-SHA256 \
381 "
382 fi
383 ;;
384 esac
385
386 # Filter new ciphersuites and add them
387 if [ "X" != "X$FILTER" ];
388 then
389 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
390 fi
391 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
392}
393
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]394setup_arguments()
395{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]396 # avoid an avalanche of errors due to typos
397 case $MODE in
398 ssl3|tls1|tls1_1|tls1_2)
399 ;;
400 *)
401 echo "error: invalid mode: $MODE" >&2
402 exit 1;
403 esac
404
405 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]406 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]407 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
408 O_CLIENT_ARGS="-$MODE"
409
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]410 if [ "X$VERIFY" = "XYES" ];
411 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]412 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]413 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]414 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]415 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
416 else
417 # ssl_server2 defaults to optional, but we want to test handshakes
418 # that don't exchange client certificate at all too
419 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=none"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]420 fi
421
422 case $TYPE in
423 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]424 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
425 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
426 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
427 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]428 ;;
429
430 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]431 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
432 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
433 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
434 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]435 ;;
436
437 "PSK")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]438 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
439 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]440 # openssl s_server won't start without certificates...
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]441 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
442 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]443 ;;
444 esac
445}
446
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]447# start_server <name>
448# also saves name and command
449start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]450 case $1 in
451 [Oo]pen*)
452 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
453 ;;
454 [Pp]olar*)
455 SERVER_CMD="../programs/ssl/ssl_server2 $P_SERVER_ARGS"
456 ;;
457 *)
458 echo "error: invalid server name: $1" >&2
459 exit 1
460 ;;
461 esac
462 SERVER_NAME=$1
463
464 log "$SERVER_CMD"
465 $SERVER_CMD >/dev/null 2>&1 &
466 PROCESS_ID=$!
467
468 sleep 1
469}
470
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]471# terminate the running server (try closing it cleanly if possible)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]472stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]473 case $SERVER_NAME in
474 [Pp]olar*)
475 echo SERVERQUIT | $OPENSSL s_client $O_CLIENT_ARGS >/dev/null 2>&1
476 sleep 1
477 ;;
478 esac
479
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]480 kill $PROCESS_ID 2>/dev/null
481 wait $PROCESS_ID 2>/dev/null
482}
483
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]484# run_client <name> <cipher>
485run_client() {
486 # run the command and interpret result
487 case $1 in
488 [Oo]pen*)
489 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
490 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard5f593f02014-02-19 15:42:24 +0100[diff] [blame]491 OUTPUT="$( ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD 2>&1 )"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]492 EXIT=$?
493
494 if [ "$EXIT" == "0" ]; then
495 RESULT=0
496 else
497 SUPPORTED="$( echo $OUTPUT | grep 'Cipher is (NONE)' )"
498 if [ "X$SUPPORTED" != "X" ]; then
499 RESULT=1
500 else
501 RESULT=2
502 fi
503 fi
504 ;;
505
506 [Pp]olar*)
507 CLIENT_CMD="../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$2"
508 log "$CLIENT_CMD"
509 OUTPUT="$( $CLIENT_CMD )"
510 EXIT=$?
511
512 case $EXIT in
513 "0") RESULT=0 ;;
514 "2") RESULT=1 ;;
515 *) RESULT=2 ;;
516 esac
517 ;;
518
519 *)
520 echo "error: invalid client name: $1" >&2
521 exit 1
522 ;;
523 esac
524
525 # report and count result
526 let "tests++"
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame^]527 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
528 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
529 echo -n "$TITLE"
530 LEN=`echo "$TITLE" | wc -c`
531 LEN=`echo 72 - $LEN | bc`
532 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]533 case $RESULT in
534 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame^]535 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]536 ;;
537 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame^]538 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]539 let "skipped++"
540 ;;
541 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame^]542 echo FAIL
543 echo " ! $SERVER_CMD"
544 echo " ! $CLIENT_CMD"
545 echo -n " ! ... "
546 echo "$OUTPUT" | tail -c72
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]547 let "failed++"
548 ;;
549 esac
550}
551
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]552for VERIFY in $VERIFIES; do
553 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]554 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]555
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]556 setup_arguments
557 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]558
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]559 start_server "OpenSSL"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]560
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]561 for i in $P_CIPHERS; do
562 run_client PolarSSL $i
563 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]564
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]565 stop_server
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]566
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]567 start_server "PolarSSL"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]568
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]569 for i in $O_CIPHERS; do
570 run_client OpenSSL $i
571 done
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]572
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]573 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]574
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]575 for i in $P_CIPHERS; do
576 run_client PolarSSL $i
577 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]578
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]579 stop_server
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]580
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]581 done
582 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]583done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]584
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame^]585echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]586
587if (( failed != 0 ));
588then
589 echo -n "FAILED"
590else
591 echo -n "PASSED"
592fi
593
594let "passed = tests - failed"
595echo " ($passed / $tests tests ($skipped skipped))"
596
597exit $failed