TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8d01eea7af2a28259140a9a4476f1020015a1fab / . / tests / compat.sh
blob: 5d716c61f7b1731d3b6131309ac6833d35a78deb [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]123case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]124
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]125 "ECDSA")
126
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]127 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
128 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
129 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
130 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]131
132 P_CIPHERS=" \
133 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
134 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
135 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
136 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
137 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
138 "
139
140 O_CIPHERS=" \
141 ECDHE-ECDSA-NULL-SHA \
142 ECDHE-ECDSA-RC4-SHA \
143 ECDHE-ECDSA-DES-CBC3-SHA \
144 ECDHE-ECDSA-AES128-SHA \
145 ECDHE-ECDSA-AES256-SHA \
146 "
147
148 if [ "$MODE" = "tls1_2" ];
149 then
150 P_CIPHERS="$P_CIPHERS \
151 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
152 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
153 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
154 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
155 "
156
157 O_CIPHERS=" \
158 ECDHE-ECDSA-AES128-SHA256 \
159 ECDHE-ECDSA-AES256-SHA384 \
160 ECDHE-ECDSA-AES128-GCM-SHA256 \
161 ECDHE-ECDSA-AES256-GCM-SHA384 \
162 "
163 fi
164
165 ;;
166
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]167 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]168
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]169 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
170 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
171 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
172 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]173
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]174 P_CIPHERS=" \
175 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
176 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
177 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
178 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
179 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
180 TLS-RSA-WITH-AES-256-CBC-SHA \
181 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
182 TLS-RSA-WITH-AES-128-CBC-SHA \
183 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
184 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
185 TLS-RSA-WITH-RC4-128-SHA \
186 TLS-RSA-WITH-RC4-128-MD5 \
187 TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
188 TLS-RSA-WITH-NULL-MD5 \
189 TLS-RSA-WITH-NULL-SHA \
190 TLS-RSA-WITH-DES-CBC-SHA \
191 TLS-DHE-RSA-WITH-DES-CBC-SHA \
192 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
193 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
194 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
195 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
196 TLS-ECDHE-RSA-WITH-NULL-SHA \
197 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]198
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]199 O_CIPHERS=" \
200 DHE-RSA-AES128-SHA \
201 DHE-RSA-AES256-SHA \
202 DHE-RSA-CAMELLIA128-SHA \
203 DHE-RSA-CAMELLIA256-SHA \
204 EDH-RSA-DES-CBC3-SHA \
205 AES256-SHA \
206 CAMELLIA256-SHA \
207 AES128-SHA \
208 CAMELLIA128-SHA \
209 DES-CBC3-SHA \
210 RC4-SHA \
211 RC4-MD5 \
212 EXP-RC4-MD5 \
213 NULL-MD5 \
214 NULL-SHA \
215 DES-CBC-SHA \
216 EDH-RSA-DES-CBC-SHA \
217 ECDHE-RSA-AES256-SHA \
218 ECDHE-RSA-AES128-SHA \
219 ECDHE-RSA-DES-CBC3-SHA \
220 ECDHE-RSA-RC4-SHA \
221 ECDHE-RSA-NULL-SHA \
222 "
223
224 if [ "$MODE" = "tls1_2" ];
225 then
226 P_CIPHERS="$P_CIPHERS \
227 TLS-RSA-WITH-NULL-SHA256 \
228 TLS-RSA-WITH-AES-128-CBC-SHA256 \
229 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
230 TLS-RSA-WITH-AES-256-CBC-SHA256 \
231 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
232 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
233 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
234 TLS-RSA-WITH-AES-128-GCM-SHA256 \
235 TLS-RSA-WITH-AES-256-GCM-SHA384 \
236 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
237 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
238 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
239 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
240 "
241
242 O_CIPHERS="$O_CIPHERS \
243 NULL-SHA256 \
244 AES128-SHA256 \
245 DHE-RSA-AES128-SHA256 \
246 AES256-SHA256 \
247 DHE-RSA-AES256-SHA256 \
248 ECDHE-RSA-AES128-SHA256 \
249 ECDHE-RSA-AES256-SHA384 \
250 AES128-GCM-SHA256 \
251 DHE-RSA-AES128-GCM-SHA256 \
252 AES256-GCM-SHA384 \
253 DHE-RSA-AES256-GCM-SHA384 \
254 ECDHE-RSA-AES128-GCM-SHA256 \
255 ECDHE-RSA-AES256-GCM-SHA384 \
256 "
257 fi
258
259 ;;
260
261 "PSK")
262
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]263 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
264 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
265 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70"
266 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]267
268 P_CIPHERS=" \
269 TLS-PSK-WITH-RC4-128-SHA \
270 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
271 TLS-PSK-WITH-AES-128-CBC-SHA \
272 TLS-PSK-WITH-AES-256-CBC-SHA \
273 "
274
275 O_CIPHERS=" \
276 PSK-RC4-SHA \
277 PSK-3DES-EDE-CBC-SHA \
278 PSK-AES128-CBC-SHA \
279 PSK-AES256-CBC-SHA \
280 "
281
282 ;;
283
284esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]285
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]286# Filter ciphersuites
287if [ "X" != "X$FILTER" ];
288then
289 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
290 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
291fi
292
293
294log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]295$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]296PROCESS_ID=$!
297
298sleep 1
299
300for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]301do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]302 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]303 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]304 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]305 EXIT=$?
306 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
307 if [ "$EXIT" = "2" ];
308 then
309 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]310 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]311 elif [ "$EXIT" != "0" ];
312 then
313 echo Failed
314 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]315 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]316 else
317 echo Success
318 fi
319done
320kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]321wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]322
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]323log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]324../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]325PROCESS_ID=$!
326
327sleep 1
328
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]329for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]330do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]331 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]332 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]333 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]334 EXIT=$?
335 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
336
337 if [ "$EXIT" != "0" ];
338 then
339 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
340 if [ "X$SUPPORTED" != "X" ]
341 then
342 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]343 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]344 else
345 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]346 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
347 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]348 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]349 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]350 fi
351 else
352 echo Success
353 fi
354done
355
356kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]357wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]358
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]359log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]360../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]361PROCESS_ID=$!
362
363sleep 1
364
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]365# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]366
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]367case $TYPE in
368
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]369 "ECDSA")
370
371 if [ "$MODE" = "tls1_2" ];
372 then
373 P_CIPHERS="$P_CIPHERS \
374 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
375 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
376 "
377 fi
378
379 ;;
380
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]381 "RSA")
382
383 if [ "$MODE" = "tls1_2" ];
384 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]385 P_CIPHERS="$P_CIPHERS \
386 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]387 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame^]388 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]389 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
390 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
391 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame^]392 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
393 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
394 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
395 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
396 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
397 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]398 "
399 fi
400
401 ;;
402
403 "PSK")
404
405 P_CIPHERS="$P_CIPHERS \
406 TLS-DHE-PSK-WITH-RC4-128-SHA \
407 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
408 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
409 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]410 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]411 TLS-PSK-WITH-NULL-SHA \
412 TLS-RSA-PSK-WITH-RC4-128-SHA \
413 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
414 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
415 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
416 TLS-RSA-WITH-NULL-SHA \
417 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]418 "
419
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]420
421 if [ "$MODE" != "ssl3" ];
422 then
423 P_CIPHERS="$P_CIPHERS \
424 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
425 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
426 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
427 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
428 TLS-ECDHE-PSK-WITH-NULL-SHA \
429 "
430 fi
431
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]432 if [ "$MODE" = "tls1_2" ];
433 then
434 P_CIPHERS="$P_CIPHERS \
435 TLS-PSK-WITH-AES-128-CBC-SHA256 \
436 TLS-PSK-WITH-AES-256-CBC-SHA384 \
437 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
438 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
439 TLS-PSK-WITH-AES-128-GCM-SHA256 \
440 TLS-PSK-WITH-AES-256-GCM-SHA384 \
441 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
442 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
443 TLS-PSK-WITH-NULL-SHA256 \
444 TLS-PSK-WITH-NULL-SHA384 \
445 TLS-DHE-PSK-WITH-NULL-SHA256 \
446 TLS-DHE-PSK-WITH-NULL-SHA384 \
447 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
448 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame^]449 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
450 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
451 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
452 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
453 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
454 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]455 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
456 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]457 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
458 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
459 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
460 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
461 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
462 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
463 TLS-RSA-WITH-NULL-SHA256 \
464 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
465 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
466 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
467 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
468 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
469 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]470 "
471 fi
472
473esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]474
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]475# Filter ciphersuites
476if [ "X" != "X$FILTER" ];
477then
478 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
479 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
480fi
481
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]482for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]483do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]484 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]485 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]486 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]487 EXIT=$?
488 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
489 if [ "$EXIT" = "2" ];
490 then
491 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]492 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]493 elif [ "$EXIT" != "0" ];
494 then
495 echo Failed
496 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]497 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]498 else
499 echo Success
500 fi
501done
502kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]503wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]504
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]505done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]506done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]507done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]508
509echo ""
510echo "-------------------------------------------------------------------------"
511echo ""
512
513if (( failed != 0 ));
514then
515 echo -n "FAILED"
516else
517 echo -n "PASSED"
518fi
519
520let "passed = tests - failed"
521echo " ($passed / $tests tests ($skipped skipped))"
522
523exit $failed