Blame - tests/compat.sh - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 988661a7ef91d7443f66d02329c8ca7521ba8907 [file] [log] [blame]

Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	1	killall -q openssl ssl_server ssl_server2
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	2
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	3	MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	4	VERIFIES="NO YES"
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	5	OPENSSL=openssl
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	6
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	7	for VERIFY in $VERIFIES;
				8	do
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	9	if [ "X$VERIFY" = "XYES" ];
				10	then
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	11	P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
				12	P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
				13	O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
				14	O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	15	fi
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	16
				17	for MODE in $MODES;
				18	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	19	echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	20	echo "-----------"
				21
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	22	P_CIPHERS=" \
				23	TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				24	TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
				25	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
				26	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
				27	TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
				28	TLS-RSA-WITH-AES-256-CBC-SHA \
				29	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
				30	TLS-RSA-WITH-AES-128-CBC-SHA \
				31	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
				32	TLS-RSA-WITH-3DES-EDE-CBC-SHA \
				33	TLS-RSA-WITH-RC4-128-SHA \
				34	TLS-RSA-WITH-RC4-128-MD5 \
				35	TLS-RSA-WITH-NULL-MD5 \
				36	TLS-RSA-WITH-NULL-SHA \
				37	TLS-RSA-WITH-DES-CBC-SHA \
				38	TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	39	TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
				40	TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
				41	TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
				42	TLS-ECDHE-RSA-WITH-RC4-128-SHA \
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	43	TLS-ECDHE-RSA-WITH-NULL-SHA \
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	44	"
				45
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	46	O_CIPHERS=" \
				47	DHE-RSA-AES128-SHA \
				48	DHE-RSA-AES256-SHA \
				49	DHE-RSA-CAMELLIA128-SHA \
				50	DHE-RSA-CAMELLIA256-SHA \
				51	EDH-RSA-DES-CBC3-SHA \
				52	AES256-SHA \
				53	CAMELLIA256-SHA \
				54	AES128-SHA \
				55	CAMELLIA128-SHA \
				56	DES-CBC3-SHA \
				57	RC4-SHA \
				58	RC4-MD5 \
				59	NULL-MD5 \
				60	NULL-SHA \
				61	DES-CBC-SHA \
				62	EDH-RSA-DES-CBC-SHA \
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	63	ECDHE-RSA-AES256-SHA \
				64	ECDHE-RSA-AES128-SHA \
				65	ECDHE-RSA-DES-CBC3-SHA \
				66	ECDHE-RSA-RC4-SHA \
				67	ECDHE-RSA-NULL-SHA \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	68	"
				69
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	70	# Also add SHA256 ciphersuites
				71	#
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	72	if [ "$MODE" = "tls1_2" ];
				73	then
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	74	P_CIPHERS="$P_CIPHERS \
				75	TLS-RSA-WITH-NULL-SHA256 \
				76	TLS-RSA-WITH-AES-128-CBC-SHA256 \
				77	TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
				78	TLS-RSA-WITH-AES-256-CBC-SHA256 \
				79	TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
Paul Bakker	27714b1	2013-04-07 23:07:12 +0200	[diff] [blame]	80	TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
				81	TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	82	"
				83
				84	O_CIPHERS="$O_CIPHERS \
				85	NULL-SHA256 \
				86	AES128-SHA256 \
				87	DHE-RSA-AES128-SHA256 \
				88	AES256-SHA256 \
				89	DHE-RSA-AES256-SHA256 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	90	ECDHE-RSA-AES128-SHA256 \
				91	ECDHE-RSA-AES256-SHA384 \
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	92	"
				93
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	94	P_CIPHERS="$P_CIPHERS \
				95	TLS-RSA-WITH-AES-128-GCM-SHA256 \
				96	TLS-RSA-WITH-AES-256-GCM-SHA384 \
				97	TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
				98	TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	99	TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
				100	TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	101	"
				102
				103	O_CIPHERS="$O_CIPHERS \
Paul Bakker	ca4ab49	2012-04-18 14:23:57 +0000	[diff] [blame]	104	AES128-GCM-SHA256 \
				105	DHE-RSA-AES128-GCM-SHA256 \
				106	AES256-GCM-SHA384 \
				107	DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	108	ECDHE-RSA-AES128-GCM-SHA256 \
				109	ECDHE-RSA-AES256-GCM-SHA384 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	110	"
				111	fi
				112
Paul Bakker	0c93d12	2012-09-13 14:26:09 +0000	[diff] [blame]	113	$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	114	PROCESS_ID=$!
				115
				116	sleep 1
				117
				118	for i in $P_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	119	do
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	120	RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	121	EXIT=$?
				122	echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
				123	if [ "$EXIT" = "2" ];
				124	then
				125	echo Ciphersuite not supported in client
				126	elif [ "$EXIT" != "0" ];
				127	then
				128	echo Failed
				129	echo $RESULT
				130	else
				131	echo Success
				132	fi
				133	done
				134	kill $PROCESS_ID
				135
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	136	../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	137	PROCESS_ID=$!
				138
				139	sleep 1
				140
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	141	for i in $O_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	142	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	143	RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) \| $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	144	EXIT=$?
				145	echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
				146
				147	if [ "$EXIT" != "0" ];
				148	then
				149	SUPPORTED="$( echo $RESULT \| grep 'Cipher is (NONE)' )"
				150	if [ "X$SUPPORTED" != "X" ]
				151	then
				152	echo "Ciphersuite not supported in server"
				153	else
				154	echo Failed
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	155	echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
				156	echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	157	echo $RESULT
				158	fi
				159	else
				160	echo Success
				161	fi
				162	done
				163
				164	kill $PROCESS_ID
				165
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	166	../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	167	PROCESS_ID=$!
				168
				169	sleep 1
				170
Paul Bakker	27714b1	2013-04-07 23:07:12 +0200	[diff] [blame]	171	# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
				172	# or SHA384
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	173	# Add for PolarSSL only test, which does support them.
				174	#
				175	if [ "$MODE" = "tls1_2" ];
				176	then
Paul Bakker	645ce3a	2012-10-31 12:32:41 +0000	[diff] [blame]	177	P_CIPHERS="$P_CIPHERS \
				178	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
				179	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
				180	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
				181	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker	27714b1	2013-04-07 23:07:12 +0200	[diff] [blame]	182	TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
				183	TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	184	"
				185	fi
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	186
Paul Bakker	10cd225	2012-04-12 21:26:34 +0000	[diff] [blame]	187	for i in $P_CIPHERS;
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	188	do
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	189	RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakker	fab5c82	2012-02-06 16:45:10 +0000	[diff] [blame]	190	EXIT=$?
				191	echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
				192	if [ "$EXIT" = "2" ];
				193	then
				194	echo Ciphersuite not supported in client
				195	elif [ "$EXIT" != "0" ];
				196	then
				197	echo Failed
				198	echo $RESULT
				199	else
				200	echo Success
				201	fi
				202	done
				203	kill $PROCESS_ID
				204
Paul Bakker	398cb51	2012-04-10 08:22:31 +0000	[diff] [blame]	205	done
Paul Bakker	1eeceae	2012-11-23 14:25:34 +0100	[diff] [blame]	206	done