TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 911622d84a86c13b946a39687db9e031ffc004f7 / . / tests / compat.sh
blob: 860858cc0e47331e04e058ccd35d87f5817c86c1 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]6let "tests = 0"
7let "failed = 0"
8let "skipped = 0"
9
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]10MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]11VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]12TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]13OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]14FILTER=""
15VERBOSE=""
16
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]17print_usage() {
18 echo "Usage: $0"
19 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
20 echo -e " -h|--help\t\tPrint this help."
21 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
22 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
23 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
24 echo -e " -v|--verbose\t\tSet verbose output."
25}
26
27get_options() {
28 while [ $# -gt 0 ]; do
29 case "$1" in
30 -f|--filter)
31 shift; FILTER=$1
32 ;;
33 -m|--modes)
34 shift; MODES=$1
35 ;;
36 -t|--types)
37 shift; TYPES=$1
38 ;;
39 -V|--verify)
40 shift; VERIFIES=$1
41 ;;
42 -v|--verbose)
43 VERBOSE=1
44 ;;
45 -h|--help)
46 print_usage
47 exit 0
48 ;;
49 *)
50 echo "Unknown argument: '$1'"
51 print_usage
52 exit 1
53 ;;
54 esac
55 shift
56 done
57}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]58
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]59log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]60 if [ "X" != "X$VERBOSE" ]; then
61 echo "$@"
62 fi
63}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]64
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]65filter()
66{
67 LIST=$1
68 FILTER=$2
69
70 NEW_LIST=""
71
72 for i in $LIST;
73 do
74 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
75 done
76
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame^]77 # normalize whitespace
78 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]79}
80
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]81setup_ciphersuites()
82{
83 P_CIPHERS=""
84 O_CIPHERS=""
85
86 case $TYPE in
87
88 "ECDSA")
89 if [ "$MODE" != "ssl3" ];
90 then
91 P_CIPHERS="$P_CIPHERS \
92 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
93 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
94 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
95 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
96 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
97 TLS-ECDH-ECDSA-WITH-NULL-SHA \
98 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
99 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
100 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
101 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
102 "
103 O_CIPHERS="$O_CIPHERS \
104 ECDHE-ECDSA-NULL-SHA \
105 ECDHE-ECDSA-RC4-SHA \
106 ECDHE-ECDSA-DES-CBC3-SHA \
107 ECDHE-ECDSA-AES128-SHA \
108 ECDHE-ECDSA-AES256-SHA \
109 ECDH-ECDSA-NULL-SHA \
110 ECDH-ECDSA-RC4-SHA \
111 ECDH-ECDSA-DES-CBC3-SHA \
112 ECDH-ECDSA-AES128-SHA \
113 ECDH-ECDSA-AES256-SHA \
114 "
115 fi
116 if [ "$MODE" = "tls1_2" ];
117 then
118 P_CIPHERS="$P_CIPHERS \
119 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
120 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
121 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
122 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
123 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
124 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
125 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
126 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
127 "
128 O_CIPHERS="$O_CIPHERS \
129 ECDHE-ECDSA-AES128-SHA256 \
130 ECDHE-ECDSA-AES256-SHA384 \
131 ECDHE-ECDSA-AES128-GCM-SHA256 \
132 ECDHE-ECDSA-AES256-GCM-SHA384 \
133 ECDH-ECDSA-AES128-SHA256 \
134 ECDH-ECDSA-AES256-SHA384 \
135 ECDH-ECDSA-AES128-GCM-SHA256 \
136 ECDH-ECDSA-AES256-GCM-SHA384 \
137 "
138 fi
139 ;;
140
141 "RSA")
142 P_CIPHERS="$P_CIPHERS \
143 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
144 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
145 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
146 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
147 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
148 TLS-RSA-WITH-AES-256-CBC-SHA \
149 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
150 TLS-RSA-WITH-AES-128-CBC-SHA \
151 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
152 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
153 TLS-RSA-WITH-RC4-128-SHA \
154 TLS-RSA-WITH-RC4-128-MD5 \
155 TLS-RSA-WITH-NULL-MD5 \
156 TLS-RSA-WITH-NULL-SHA \
157 TLS-RSA-WITH-DES-CBC-SHA \
158 TLS-DHE-RSA-WITH-DES-CBC-SHA \
159 "
160 O_CIPHERS="$O_CIPHERS \
161 DHE-RSA-AES128-SHA \
162 DHE-RSA-AES256-SHA \
163 DHE-RSA-CAMELLIA128-SHA \
164 DHE-RSA-CAMELLIA256-SHA \
165 EDH-RSA-DES-CBC3-SHA \
166 AES256-SHA \
167 CAMELLIA256-SHA \
168 AES128-SHA \
169 CAMELLIA128-SHA \
170 DES-CBC3-SHA \
171 RC4-SHA \
172 RC4-MD5 \
173 NULL-MD5 \
174 NULL-SHA \
175 DES-CBC-SHA \
176 EDH-RSA-DES-CBC-SHA \
177 "
178 if [ "$MODE" != "ssl3" ];
179 then
180 P_CIPHERS="$P_CIPHERS \
181 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
182 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
183 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
184 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
185 TLS-ECDHE-RSA-WITH-NULL-SHA \
186 "
187 O_CIPHERS="$O_CIPHERS \
188 ECDHE-RSA-AES256-SHA \
189 ECDHE-RSA-AES128-SHA \
190 ECDHE-RSA-DES-CBC3-SHA \
191 ECDHE-RSA-RC4-SHA \
192 ECDHE-RSA-NULL-SHA \
193 "
194 fi
195 if [ "$MODE" = "tls1_2" ];
196 then
197 P_CIPHERS="$P_CIPHERS \
198 TLS-RSA-WITH-NULL-SHA256 \
199 TLS-RSA-WITH-AES-128-CBC-SHA256 \
200 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
201 TLS-RSA-WITH-AES-256-CBC-SHA256 \
202 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
203 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
204 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
205 TLS-RSA-WITH-AES-128-GCM-SHA256 \
206 TLS-RSA-WITH-AES-256-GCM-SHA384 \
207 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
208 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
209 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
210 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
211 "
212 O_CIPHERS="$O_CIPHERS \
213 NULL-SHA256 \
214 AES128-SHA256 \
215 DHE-RSA-AES128-SHA256 \
216 AES256-SHA256 \
217 DHE-RSA-AES256-SHA256 \
218 ECDHE-RSA-AES128-SHA256 \
219 ECDHE-RSA-AES256-SHA384 \
220 AES128-GCM-SHA256 \
221 DHE-RSA-AES128-GCM-SHA256 \
222 AES256-GCM-SHA384 \
223 DHE-RSA-AES256-GCM-SHA384 \
224 ECDHE-RSA-AES128-GCM-SHA256 \
225 ECDHE-RSA-AES256-GCM-SHA384 \
226 "
227 fi
228 ;;
229
230 "PSK")
231 P_CIPHERS="$P_CIPHERS \
232 TLS-PSK-WITH-RC4-128-SHA \
233 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
234 TLS-PSK-WITH-AES-128-CBC-SHA \
235 TLS-PSK-WITH-AES-256-CBC-SHA \
236 "
237 O_CIPHERS="$O_CIPHERS \
238 PSK-RC4-SHA \
239 PSK-3DES-EDE-CBC-SHA \
240 PSK-AES128-CBC-SHA \
241 PSK-AES256-CBC-SHA \
242 "
243 ;;
244 esac
245
246 # Filter ciphersuites
247 if [ "X" != "X$FILTER" ];
248 then
249 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
250 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
251 fi
252
253}
254
255add_polarssl_ciphersuites()
256{
257 ADD_CIPHERS=""
258
259 case $TYPE in
260
261 "ECDSA")
262 if [ "$MODE" != "ssl3" ];
263 then
264 ADD_CIPHERS="$ADD_CIPHERS \
265 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
266 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
267 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
268 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
269 "
270 fi
271 if [ "$MODE" = "tls1_2" ];
272 then
273 ADD_CIPHERS="$ADD_CIPHERS \
274 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
275 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
276 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
277 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
278 "
279 fi
280 ;;
281
282 "RSA")
283 if [ "$MODE" != "ssl3" ];
284 then
285 ADD_CIPHERS="$ADD_CIPHERS \
286 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
287 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
288 "
289 fi
290 if [ "$MODE" = "tls1_2" ];
291 then
292 ADD_CIPHERS="$ADD_CIPHERS \
293 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
294 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
295 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
296 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
297 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
298 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
299 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
300 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
301 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
302 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
303 "
304 fi
305 ;;
306
307 "PSK")
308 ADD_CIPHERS="$ADD_CIPHERS \
309 TLS-DHE-PSK-WITH-RC4-128-SHA \
310 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
311 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
312 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
313 TLS-DHE-PSK-WITH-NULL-SHA \
314 TLS-PSK-WITH-NULL-SHA \
315 TLS-RSA-PSK-WITH-RC4-128-SHA \
316 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
317 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
318 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
319 TLS-RSA-WITH-NULL-SHA \
320 TLS-RSA-WITH-NULL-MD5 \
321 TLS-PSK-WITH-AES-128-CBC-SHA256 \
322 TLS-PSK-WITH-AES-256-CBC-SHA384 \
323 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
324 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
325 TLS-PSK-WITH-NULL-SHA256 \
326 TLS-PSK-WITH-NULL-SHA384 \
327 TLS-DHE-PSK-WITH-NULL-SHA256 \
328 TLS-DHE-PSK-WITH-NULL-SHA384 \
329 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
330 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
331 TLS-RSA-PSK-WITH-NULL-SHA256 \
332 TLS-RSA-PSK-WITH-NULL-SHA384 \
333 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
334 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
335 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
336 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
337 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
338 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
339 "
340 if [ "$MODE" != "ssl3" ];
341 then
342 ADD_CIPHERS="$ADD_CIPHERS \
343 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
344 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
345 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
346 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
347 TLS-ECDHE-PSK-WITH-NULL-SHA \
348 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
349 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
350 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
351 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
352 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
353 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
354 "
355 fi
356 if [ "$MODE" = "tls1_2" ];
357 then
358 ADD_CIPHERS="$ADD_CIPHERS \
359 TLS-PSK-WITH-AES-128-GCM-SHA256 \
360 TLS-PSK-WITH-AES-256-GCM-SHA384 \
361 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
362 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
363 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
364 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
365 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
366 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
367 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
368 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
369 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
370 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
371 TLS-RSA-WITH-NULL-SHA256 \
372 "
373 fi
374 ;;
375 esac
376
377 # Filter new ciphersuites and add them
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]378 if [ "X" != "X$FILTER" ]; then
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]379 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
380 fi
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]381 # avoid P_CIPHERS being only ' '
382 if [ "X" != "X$P_CIPHERS" ]; then
383 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
384 else
385 P_CIPHERS="$ADD_CIPHERS"
386 fi
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]387}
388
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]389setup_arguments()
390{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]391 # avoid an avalanche of errors due to typos
392 case $MODE in
393 ssl3|tls1|tls1_1|tls1_2)
394 ;;
395 *)
396 echo "error: invalid mode: $MODE" >&2
397 exit 1;
398 esac
399
400 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]401 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]402 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
403 O_CLIENT_ARGS="-$MODE"
404
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]405 if [ "X$VERIFY" = "XYES" ];
406 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]407 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]408 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]409 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]410 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
411 else
412 # ssl_server2 defaults to optional, but we want to test handshakes
413 # that don't exchange client certificate at all too
414 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=none"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]415 fi
416
417 case $TYPE in
418 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]419 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
420 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
421 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
422 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]423 ;;
424
425 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]426 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
427 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
428 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
429 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]430 ;;
431
432 "PSK")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]433 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
434 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]435 # openssl s_server won't start without certificates...
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]436 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
437 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]438 ;;
439 esac
440}
441
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]442# start_server <name>
443# also saves name and command
444start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]445 case $1 in
446 [Oo]pen*)
447 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
448 ;;
449 [Pp]olar*)
450 SERVER_CMD="../programs/ssl/ssl_server2 $P_SERVER_ARGS"
451 ;;
452 *)
453 echo "error: invalid server name: $1" >&2
454 exit 1
455 ;;
456 esac
457 SERVER_NAME=$1
458
459 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]460 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]461 PROCESS_ID=$!
462
463 sleep 1
464}
465
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame^]466# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]467stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]468 case $SERVER_NAME in
469 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame^]470 # we must force a PSK suite when in PSK mode (otherwise client
471 # auth will fail), so use $O_CIPHERS
472 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
473 echo SERVERQUIT | \
474 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]475 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame^]476 *)
477 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]478 esac
479
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]480 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]481 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]482}
483
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]484# kill the running server (used when killed by signal)
485cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]486 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]487 kill $PROCESS_ID
488 exit 1
489}
490
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]491# run_client <name> <cipher>
492run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]493 # announce what we're going to do
494 let "tests++"
495 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
496 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
497 echo -n "$TITLE"
498 LEN=`echo "$TITLE" | wc -c`
499 LEN=`echo 72 - $LEN | bc`
500 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
501
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]502 # run the command and interpret result
503 case $1 in
504 [Oo]pen*)
505 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
506 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]507 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]508 EXIT=$?
509
510 if [ "$EXIT" == "0" ]; then
511 RESULT=0
512 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]513 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]514 RESULT=1
515 else
516 RESULT=2
517 fi
518 fi
519 ;;
520
521 [Pp]olar*)
522 CLIENT_CMD="../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$2"
523 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]524 $CLIENT_CMD > cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]525 EXIT=$?
526
527 case $EXIT in
528 "0") RESULT=0 ;;
529 "2") RESULT=1 ;;
530 *) RESULT=2 ;;
531 esac
532 ;;
533
534 *)
535 echo "error: invalid client name: $1" >&2
536 exit 1
537 ;;
538 esac
539
540 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]541 case $RESULT in
542 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]543 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]544 ;;
545 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]546 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]547 let "skipped++"
548 ;;
549 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]550 echo FAIL
551 echo " ! $SERVER_CMD"
552 echo " ! $CLIENT_CMD"
553 echo -n " ! ... "
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]554 tail -n1 cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]555 let "failed++"
556 ;;
557 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]558
559 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]560}
561
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]562#
563# MAIN
564#
565
566get_options "$@"
567
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]568killall -q openssl ssl_server ssl_server2
569trap cleanup INT TERM HUP
570
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]571for VERIFY in $VERIFIES; do
572 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]573 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]574
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]575 setup_arguments
576 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]577
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]578 if [ "X" != "X$P_CIPHERS" ]; then
579 start_server "OpenSSL"
580 for i in $P_CIPHERS; do
581 run_client PolarSSL $i
582 done
583 stop_server
584 fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]585
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]586 if [ "X" != "X$O_CIPHERS" ]; then
587 start_server "PolarSSL"
588 for i in $O_CIPHERS; do
589 run_client OpenSSL $i
590 done
591 stop_server
592 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]593
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]594 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]595
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]596 if [ "X" != "X$P_CIPHERS" ]; then
597 start_server "PolarSSL"
598 for i in $P_CIPHERS; do
599 run_client PolarSSL $i
600 done
601 stop_server
602 fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]603
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]604 done
605 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]606done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]607
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]608echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]609
610if (( failed != 0 ));
611then
612 echo -n "FAILED"
613else
614 echo -n "PASSED"
615fi
616
617let "passed = tests - failed"
618echo " ($passed / $tests tests ($skipped skipped))"
619
620exit $failed