TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / dfc8d5accc9372be3e04658404bd90095ad7adb4 / . / tests / compat.sh
blob: e5d82b093055fa642e72ac88e3ebc88cdfeee178 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]5MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]6VERIFIES="NO YES"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]7TYPES="RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]8OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]9FILTER=""
10VERBOSE=""
11
12# Parse arguments
13#
14until [ -z "$1" ]
15do
16 case "$1" in
17 -f|--filter)
18 # Filter ciphersuites
19 shift
20 FILTER=$1
21 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]22 -m|--modes)
23 # Perform modes
24 shift
25 MODES=$1
26 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]27 -t|--types)
28 # Key exchange types
29 shift
30 TYPES=$1
31 ;;
32 -V|--verify)
33 # Verifiction modes
34 shift
35 VERIFIES=$1
36 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]37 -v|--verbose)
38 # Set verbosity
39 shift
40 VERBOSE=1
41 ;;
42 -h|--help)
43 # print help
44 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]45 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]46 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]47 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]48 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"RSA PSK\")"
49 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -v|--verbose\t\tSet verbose output."
51 exit 1
52 ;;
53 *)
54 # print error
55 echo "Unknown argument: '$1'"
56 exit 1
57 ;;
58 esac
59 shift
60done
61
62log () {
63 if [ "X" != "X$VERBOSE" ]; then
64 echo "$@"
65 fi
66}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]67
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]68filter()
69{
70 LIST=$1
71 FILTER=$2
72
73 NEW_LIST=""
74
75 for i in $LIST;
76 do
77 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
78 done
79
80 echo "$NEW_LIST"
81}
82
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]83for VERIFY in $VERIFIES;
84do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]85
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]86if [ "X$VERIFY" = "XYES" ];
87then
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]88 P_SERVER_ARGS="ca_file=data_files/test-ca.crt auth_mode=required"
89 P_CLIENT_ARGS="ca_file=data_files/test-ca.crt"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]90 O_SERVER_ARGS="-CAfile data_files/test-ca.crt -Verify 10"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]91 O_CLIENT_ARGS="-CAfile data_files/test-ca.crt"
92else
93 P_SERVER_ARGS=""
94 P_CLIENT_ARGS=""
95 O_SERVER_ARGS=""
96 O_CLIENT_ARGS=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]97fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]98
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]99
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]100for MODE in $MODES;
101do
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]102echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]103echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104echo "-----------"
105
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]106for TYPE in $TYPES;
107do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]108
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]109case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]110
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]111 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]112
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]113 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
114 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
115 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key"
116 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]118 P_CIPHERS=" \
119 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
120 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
121 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
122 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
123 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
124 TLS-RSA-WITH-AES-256-CBC-SHA \
125 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
126 TLS-RSA-WITH-AES-128-CBC-SHA \
127 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
128 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
129 TLS-RSA-WITH-RC4-128-SHA \
130 TLS-RSA-WITH-RC4-128-MD5 \
131 TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
132 TLS-RSA-WITH-NULL-MD5 \
133 TLS-RSA-WITH-NULL-SHA \
134 TLS-RSA-WITH-DES-CBC-SHA \
135 TLS-DHE-RSA-WITH-DES-CBC-SHA \
136 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
137 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
138 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
139 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
140 TLS-ECDHE-RSA-WITH-NULL-SHA \
141 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]142
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]143 O_CIPHERS=" \
144 DHE-RSA-AES128-SHA \
145 DHE-RSA-AES256-SHA \
146 DHE-RSA-CAMELLIA128-SHA \
147 DHE-RSA-CAMELLIA256-SHA \
148 EDH-RSA-DES-CBC3-SHA \
149 AES256-SHA \
150 CAMELLIA256-SHA \
151 AES128-SHA \
152 CAMELLIA128-SHA \
153 DES-CBC3-SHA \
154 RC4-SHA \
155 RC4-MD5 \
156 EXP-RC4-MD5 \
157 NULL-MD5 \
158 NULL-SHA \
159 DES-CBC-SHA \
160 EDH-RSA-DES-CBC-SHA \
161 ECDHE-RSA-AES256-SHA \
162 ECDHE-RSA-AES128-SHA \
163 ECDHE-RSA-DES-CBC3-SHA \
164 ECDHE-RSA-RC4-SHA \
165 ECDHE-RSA-NULL-SHA \
166 "
167
168 if [ "$MODE" = "tls1_2" ];
169 then
170 P_CIPHERS="$P_CIPHERS \
171 TLS-RSA-WITH-NULL-SHA256 \
172 TLS-RSA-WITH-AES-128-CBC-SHA256 \
173 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
174 TLS-RSA-WITH-AES-256-CBC-SHA256 \
175 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
176 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
177 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
178 TLS-RSA-WITH-AES-128-GCM-SHA256 \
179 TLS-RSA-WITH-AES-256-GCM-SHA384 \
180 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
181 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
182 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
183 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
184 "
185
186 O_CIPHERS="$O_CIPHERS \
187 NULL-SHA256 \
188 AES128-SHA256 \
189 DHE-RSA-AES128-SHA256 \
190 AES256-SHA256 \
191 DHE-RSA-AES256-SHA256 \
192 ECDHE-RSA-AES128-SHA256 \
193 ECDHE-RSA-AES256-SHA384 \
194 AES128-GCM-SHA256 \
195 DHE-RSA-AES128-GCM-SHA256 \
196 AES256-GCM-SHA384 \
197 DHE-RSA-AES256-GCM-SHA384 \
198 ECDHE-RSA-AES128-GCM-SHA256 \
199 ECDHE-RSA-AES256-GCM-SHA384 \
200 "
201 fi
202
203 ;;
204
205 "PSK")
206
207 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
208 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
209 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
210 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
211
212 P_CIPHERS=" \
213 TLS-PSK-WITH-RC4-128-SHA \
214 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
215 TLS-PSK-WITH-AES-128-CBC-SHA \
216 TLS-PSK-WITH-AES-256-CBC-SHA \
217 "
218
219 O_CIPHERS=" \
220 PSK-RC4-SHA \
221 PSK-3DES-EDE-CBC-SHA \
222 PSK-AES128-CBC-SHA \
223 PSK-AES256-CBC-SHA \
224 "
225
226 ;;
227
228esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]229
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]230# Filter ciphersuites
231if [ "X" != "X$FILTER" ];
232then
233 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
234 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
235fi
236
237
238log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame^]239$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]240PROCESS_ID=$!
241
242sleep 1
243
244for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]245do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]246 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]247 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]248 EXIT=$?
249 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
250 if [ "$EXIT" = "2" ];
251 then
252 echo Ciphersuite not supported in client
253 elif [ "$EXIT" != "0" ];
254 then
255 echo Failed
256 echo $RESULT
257 else
258 echo Success
259 fi
260done
261kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]262wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]263
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]264log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]265../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]266PROCESS_ID=$!
267
268sleep 1
269
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]270for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]271do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]272 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]273 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]274 EXIT=$?
275 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
276
277 if [ "$EXIT" != "0" ];
278 then
279 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
280 if [ "X$SUPPORTED" != "X" ]
281 then
282 echo "Ciphersuite not supported in server"
283 else
284 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]285 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
286 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]287 echo $RESULT
288 fi
289 else
290 echo Success
291 fi
292done
293
294kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]295wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]296
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]297log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]298../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]299PROCESS_ID=$!
300
301sleep 1
302
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]303# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]304
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]305case $TYPE in
306
307 "RSA")
308
309 if [ "$MODE" = "tls1_2" ];
310 then
311 P_CIPHERS="$P_CIPHERS \
312 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
313 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
314 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
315 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
316 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
317 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
318 "
319 fi
320
321 ;;
322
323 "PSK")
324
325 P_CIPHERS="$P_CIPHERS \
326 TLS-DHE-PSK-WITH-RC4-128-SHA \
327 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
328 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
329 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
330 TLS-PSK-WITH-NULL-SHA \
331 TLS-DHE-PSK-WITH-NULL-SHA \
332 "
333
334 if [ "$MODE" = "tls1_2" ];
335 then
336 P_CIPHERS="$P_CIPHERS \
337 TLS-PSK-WITH-AES-128-CBC-SHA256 \
338 TLS-PSK-WITH-AES-256-CBC-SHA384 \
339 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
340 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
341 TLS-PSK-WITH-AES-128-GCM-SHA256 \
342 TLS-PSK-WITH-AES-256-GCM-SHA384 \
343 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
344 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
345 TLS-PSK-WITH-NULL-SHA256 \
346 TLS-PSK-WITH-NULL-SHA384 \
347 TLS-DHE-PSK-WITH-NULL-SHA256 \
348 TLS-DHE-PSK-WITH-NULL-SHA384 \
349 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
350 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
351 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
352 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
353 "
354 fi
355
356esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]357
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]358# Filter ciphersuites
359if [ "X" != "X$FILTER" ];
360then
361 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
362 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
363fi
364
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]365for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]366do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]367 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]368 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]369 EXIT=$?
370 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
371 if [ "$EXIT" = "2" ];
372 then
373 echo Ciphersuite not supported in client
374 elif [ "$EXIT" != "0" ];
375 then
376 echo Failed
377 echo $RESULT
378 else
379 echo Success
380 fi
381done
382kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]383wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]384
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]385done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]386done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]387done