TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a4371447e4c9290ed40ca3658e9ac58087880376 / . / tests / compat.sh
blob: cb482383fcc27fc96351f8f047b097788d2749eb [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]6set -u
7
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]8let "tests = 0"
9let "failed = 0"
10let "skipped = 0"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]11let "srvmem = 0"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]13# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
16: ${OPENSSL:=openssl}
17
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]18MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]19VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]20TYPES="ECDSA RSA PSK"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]21FILTER=""
22VERBOSE=""
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]23MEMCHECK=0
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]24
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]25print_usage() {
26 echo "Usage: $0"
27 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
28 echo -e " -h|--help\t\tPrint this help."
29 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
30 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
31 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]32 echo -e " -M, --memcheck\tCheck memory leaks and errors."
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]33 echo -e " -v|--verbose\t\tSet verbose output."
34}
35
36get_options() {
37 while [ $# -gt 0 ]; do
38 case "$1" in
39 -f|--filter)
40 shift; FILTER=$1
41 ;;
42 -m|--modes)
43 shift; MODES=$1
44 ;;
45 -t|--types)
46 shift; TYPES=$1
47 ;;
48 -V|--verify)
49 shift; VERIFIES=$1
50 ;;
51 -v|--verbose)
52 VERBOSE=1
53 ;;
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]54 -M|--memcheck)
55 MEMCHECK=1
56 ;;
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]57 -h|--help)
58 print_usage
59 exit 0
60 ;;
61 *)
62 echo "Unknown argument: '$1'"
63 print_usage
64 exit 1
65 ;;
66 esac
67 shift
68 done
69}
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]70
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]71log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]72 if [ "X" != "X$VERBOSE" ]; then
73 echo "$@"
74 fi
75}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]76
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]77filter()
78{
79 LIST=$1
80 FILTER=$2
81
82 NEW_LIST=""
83
84 for i in $LIST;
85 do
86 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
87 done
88
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]89 # normalize whitespace
90 echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]91}
92
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]93filter_ciphersuites()
94{
95 if [ "X" != "X$FILTER" ];
96 then
97 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
98 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
99 G_CIPHERS=$( filter "$G_CIPHERS" "$FILTER" )
100 fi
101}
102
103reset_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]104{
105 P_CIPHERS=""
106 O_CIPHERS=""
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]107 G_CIPHERS=""
108}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]109
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]110add_openssl_ciphersuites()
111{
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]112 case $TYPE in
113
114 "ECDSA")
115 if [ "$MODE" != "ssl3" ];
116 then
117 P_CIPHERS="$P_CIPHERS \
118 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
119 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
120 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
121 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
122 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
123 TLS-ECDH-ECDSA-WITH-NULL-SHA \
124 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
125 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
126 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
127 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
128 "
129 O_CIPHERS="$O_CIPHERS \
130 ECDHE-ECDSA-NULL-SHA \
131 ECDHE-ECDSA-RC4-SHA \
132 ECDHE-ECDSA-DES-CBC3-SHA \
133 ECDHE-ECDSA-AES128-SHA \
134 ECDHE-ECDSA-AES256-SHA \
135 ECDH-ECDSA-NULL-SHA \
136 ECDH-ECDSA-RC4-SHA \
137 ECDH-ECDSA-DES-CBC3-SHA \
138 ECDH-ECDSA-AES128-SHA \
139 ECDH-ECDSA-AES256-SHA \
140 "
141 fi
142 if [ "$MODE" = "tls1_2" ];
143 then
144 P_CIPHERS="$P_CIPHERS \
145 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
146 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
147 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
148 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
149 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
150 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
151 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
152 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
153 "
154 O_CIPHERS="$O_CIPHERS \
155 ECDHE-ECDSA-AES128-SHA256 \
156 ECDHE-ECDSA-AES256-SHA384 \
157 ECDHE-ECDSA-AES128-GCM-SHA256 \
158 ECDHE-ECDSA-AES256-GCM-SHA384 \
159 ECDH-ECDSA-AES128-SHA256 \
160 ECDH-ECDSA-AES256-SHA384 \
161 ECDH-ECDSA-AES128-GCM-SHA256 \
162 ECDH-ECDSA-AES256-GCM-SHA384 \
163 "
164 fi
165 ;;
166
167 "RSA")
168 P_CIPHERS="$P_CIPHERS \
169 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
170 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
171 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
172 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
173 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
174 TLS-RSA-WITH-AES-256-CBC-SHA \
175 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
176 TLS-RSA-WITH-AES-128-CBC-SHA \
177 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
178 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
179 TLS-RSA-WITH-RC4-128-SHA \
180 TLS-RSA-WITH-RC4-128-MD5 \
181 TLS-RSA-WITH-NULL-MD5 \
182 TLS-RSA-WITH-NULL-SHA \
183 TLS-RSA-WITH-DES-CBC-SHA \
184 TLS-DHE-RSA-WITH-DES-CBC-SHA \
185 "
186 O_CIPHERS="$O_CIPHERS \
187 DHE-RSA-AES128-SHA \
188 DHE-RSA-AES256-SHA \
189 DHE-RSA-CAMELLIA128-SHA \
190 DHE-RSA-CAMELLIA256-SHA \
191 EDH-RSA-DES-CBC3-SHA \
192 AES256-SHA \
193 CAMELLIA256-SHA \
194 AES128-SHA \
195 CAMELLIA128-SHA \
196 DES-CBC3-SHA \
197 RC4-SHA \
198 RC4-MD5 \
199 NULL-MD5 \
200 NULL-SHA \
201 DES-CBC-SHA \
202 EDH-RSA-DES-CBC-SHA \
203 "
204 if [ "$MODE" != "ssl3" ];
205 then
206 P_CIPHERS="$P_CIPHERS \
207 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
208 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
209 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
210 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
211 TLS-ECDHE-RSA-WITH-NULL-SHA \
212 "
213 O_CIPHERS="$O_CIPHERS \
214 ECDHE-RSA-AES256-SHA \
215 ECDHE-RSA-AES128-SHA \
216 ECDHE-RSA-DES-CBC3-SHA \
217 ECDHE-RSA-RC4-SHA \
218 ECDHE-RSA-NULL-SHA \
219 "
220 fi
221 if [ "$MODE" = "tls1_2" ];
222 then
223 P_CIPHERS="$P_CIPHERS \
224 TLS-RSA-WITH-NULL-SHA256 \
225 TLS-RSA-WITH-AES-128-CBC-SHA256 \
226 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
227 TLS-RSA-WITH-AES-256-CBC-SHA256 \
228 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
229 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
230 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
231 TLS-RSA-WITH-AES-128-GCM-SHA256 \
232 TLS-RSA-WITH-AES-256-GCM-SHA384 \
233 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
234 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
235 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
236 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
237 "
238 O_CIPHERS="$O_CIPHERS \
239 NULL-SHA256 \
240 AES128-SHA256 \
241 DHE-RSA-AES128-SHA256 \
242 AES256-SHA256 \
243 DHE-RSA-AES256-SHA256 \
244 ECDHE-RSA-AES128-SHA256 \
245 ECDHE-RSA-AES256-SHA384 \
246 AES128-GCM-SHA256 \
247 DHE-RSA-AES128-GCM-SHA256 \
248 AES256-GCM-SHA384 \
249 DHE-RSA-AES256-GCM-SHA384 \
250 ECDHE-RSA-AES128-GCM-SHA256 \
251 ECDHE-RSA-AES256-GCM-SHA384 \
252 "
253 fi
254 ;;
255
256 "PSK")
257 P_CIPHERS="$P_CIPHERS \
258 TLS-PSK-WITH-RC4-128-SHA \
259 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
260 TLS-PSK-WITH-AES-128-CBC-SHA \
261 TLS-PSK-WITH-AES-256-CBC-SHA \
262 "
263 O_CIPHERS="$O_CIPHERS \
264 PSK-RC4-SHA \
265 PSK-3DES-EDE-CBC-SHA \
266 PSK-AES128-CBC-SHA \
267 PSK-AES256-CBC-SHA \
268 "
269 ;;
270 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]271}
272
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]273add_gnutls_ciphersuites()
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]274{
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]275 # TODO: add to G_CIPHERS too
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]276 case $TYPE in
277
278 "ECDSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]279 if [ "$MODE" = "tls1_2" ];
280 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]281 P_CIPHERS="$P_CIPHERS \
282 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
283 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]284 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
285 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]286 "
287 G_CIPHERS="$G_CIPHERS \
288 +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
289 +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
290 +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
291 +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
292 "
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]293 fi
294 ;;
295
296 "RSA")
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]297 if [ "$MODE" = "tls1_2" ];
298 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]299 P_CIPHERS="$P_CIPHERS \
300 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
301 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]302 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
303 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
304 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
305 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
306 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
307 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
308 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
309 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
310 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
311 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]312 TLS-RSA-WITH-NULL-SHA256 \
313 TLS-RSA-WITH-NULL-SHA \
314 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]315 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]316 G_CIPHERS="$G_CIPHERS \
317 +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
318 +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \
319 +RSA:+CAMELLIA-128-CBC:+SHA256 \
320 +RSA:+CAMELLIA-256-CBC:+SHA256 \
321 +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
322 +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \
323 +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \
324 +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \
325 +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \
326 +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
327 +RSA:+CAMELLIA-128-GCM:+AEAD \
328 +RSA:+CAMELLIA-256-GCM:+AEAD \
329 "
330 # TODO: "skip" detection?
331 # +RSA:+NULL:+SHA256 \
332 # +RSA:+NULL:+SHA1 \
333 # +RSA:+NULL:+MD5 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]334 fi
335 ;;
336
337 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]338 # GnuTLS 3.2.11 (2014-02-13) requires TLS 1.x for most *PSK suites
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]339 if [ "$MODE" != "ssl3" ];
340 then
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]341 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]342 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
343 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
344 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]345 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
346 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
347 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
348 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
349 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
350 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]351 "
352 G_CIPHERS="$G_CIPHERS \
353 +ECDHE-PSK:+AES-256-CBC:+SHA1 \
354 +ECDHE-PSK:+AES-128-CBC:+SHA1 \
355 +ECDHE-PSK:+3DES-CBC:+SHA1 \
356 +DHE-PSK:+3DES-CBC:+SHA1 \
357 +DHE-PSK:+AES-128-CBC:+SHA1 \
358 +DHE-PSK:+AES-256-CBC:+SHA1 \
359 +RSA-PSK:+3DES-CBC:+SHA1 \
360 +RSA-PSK:+AES-256-CBC:+SHA1 \
361 +RSA-PSK:+AES-128-CBC:+SHA1 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]362 "
363 fi
364 if [ "$MODE" = "tls1_2" ];
365 then
366 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]367 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
368 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
369 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
370 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
371 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
372 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]373 TLS-PSK-WITH-AES-128-CBC-SHA256 \
374 TLS-PSK-WITH-AES-256-CBC-SHA384 \
375 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
376 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
377 TLS-PSK-WITH-NULL-SHA256 \
378 TLS-PSK-WITH-NULL-SHA384 \
379 TLS-DHE-PSK-WITH-NULL-SHA256 \
380 TLS-DHE-PSK-WITH-NULL-SHA384 \
381 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
382 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
383 TLS-RSA-PSK-WITH-NULL-SHA256 \
384 TLS-RSA-PSK-WITH-NULL-SHA384 \
385 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
386 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
387 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
388 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
389 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
390 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]391 TLS-PSK-WITH-AES-128-GCM-SHA256 \
392 TLS-PSK-WITH-AES-256-GCM-SHA384 \
393 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
394 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
395 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
396 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
397 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
398 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
399 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
400 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
401 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
402 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]403 "
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]404 G_CIPHERS="$G_CIPHERS \
405 +ECDHE-PSK:+AES-256-CBC:+SHA384 \
406 +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
407 +ECDHE-PSK:+AES-128-CBC:+SHA256 \
408 +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
409 +PSK:+AES-128-CBC:+SHA256 \
410 +PSK:+AES-256-CBC:+SHA384 \
411 +DHE-PSK:+AES-128-CBC:+SHA256 \
412 +DHE-PSK:+AES-256-CBC:+SHA384 \
413 +RSA-PSK:+AES-256-CBC:+SHA384 \
414 +RSA-PSK:+AES-128-CBC:+SHA256 \
415 +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
416 +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
417 +PSK:+CAMELLIA-128-CBC:+SHA256 \
418 +PSK:+CAMELLIA-256-CBC:+SHA384 \
419 +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \
420 +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \
421 +PSK:+AES-128-GCM:+AEAD \
422 +PSK:+AES-256-GCM:+AEAD \
423 +DHE-PSK:+AES-128-GCM:+AEAD \
424 +DHE-PSK:+AES-256-GCM:+AEAD \
425 +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
426 +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
427 +PSK:+CAMELLIA-128-GCM:+AEAD \
428 +PSK:+CAMELLIA-256-GCM:+AEAD \
429 +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \
430 +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \
431 +RSA-PSK:+AES-256-GCM:+AEAD \
432 +RSA-PSK:+AES-128-GCM:+AEAD \
433 "
434 # TODO: "skip" detection
435 # +ECDHE-PSK:+NULL:+SHA384 \
436 # +ECDHE-PSK:+NULL:+SHA256 \
437 # +PSK:+NULL:+SHA256 \
438 # +PSK:+NULL:+SHA384 \
439 # +DHE-PSK:+NULL:+SHA256 \
440 # +DHE-PSK:+NULL:+SHA384 \
441 # +RSA-PSK:+NULL:+SHA256 \
442 # +RSA-PSK:+NULL:+SHA384 \
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]443 fi
444 ;;
445 esac
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]446}
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]447
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]448add_polarssl_ciphersuites()
449{
450 case $TYPE in
451
452 "ECDSA")
453 if [ "$MODE" != "ssl3" ];
454 then
455 P_CIPHERS="$P_CIPHERS \
456 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
457 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
458 "
459 fi
460 if [ "$MODE" = "tls1_2" ];
461 then
462 P_CIPHERS="$P_CIPHERS \
463 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
464 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
465 "
466 fi
467 ;;
468
469 "RSA")
470 ;;
471
472 "PSK")
473 P_CIPHERS="$P_CIPHERS \
474 TLS-PSK-WITH-NULL-SHA \
475 TLS-DHE-PSK-WITH-RC4-128-SHA \
476 TLS-DHE-PSK-WITH-NULL-SHA \
477 TLS-RSA-PSK-WITH-RC4-128-SHA \
478 "
479 if [ "$MODE" != "ssl3" ];
480 then
481 P_CIPHERS="$P_CIPHERS \
482 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
483 TLS-ECDHE-PSK-WITH-NULL-SHA \
484 "
485 fi
486 ;;
487 esac
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]488}
489
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]490setup_arguments()
491{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]492 case $MODE in
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]493 "ssl3")
494 G_PRIO_MODE="+VERS-SSL3.0"
495 ;;
496 "tls1")
497 G_PRIO_MODE="+VERS-TLS1.0"
498 ;;
499 "tls1_1")
500 G_PRIO_MODE="+VERS-TLS1.1"
501 ;;
502 "tls1_2")
503 G_PRIO_MODE="+VERS-TLS1.2"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]504 ;;
505 *)
506 echo "error: invalid mode: $MODE" >&2
507 exit 1;
508 esac
509
510 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]511 O_SERVER_ARGS="-www -cipher NULL,ALL -$MODE"
512 G_SERVER_ARGS="-p 4433 --http"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]513 G_SERVER_PRIO="EXPORT:+NULL:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]514
515 P_CLIENT_ARGS="force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]516 O_CLIENT_ARGS="-$MODE"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]517 G_CLIENT_ARGS="-p 4433"
518 G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]519
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]520 if [ "X$VERIFY" = "XYES" ];
521 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]522 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]523 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]524 G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
525
526 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]527 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]528 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]529 else
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]530 # don't request a client cert at all
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]531 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]532 G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
533
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]534 # give dummy CA to clients
Manuel Pégourié-Gonnard213c67a2014-03-12 08:30:59 +0100[diff] [blame]535 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/cli2.crt auth_mode=optional"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]536 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/cli2.crt"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]537 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/cli2.crt --insecure"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]538 fi
539
540 case $TYPE in
541 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]542 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]543 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]544 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
545
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]546 if [ "X$VERIFY" = "XYES" ]; then
547 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
548 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]549 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]550 else
551 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
552 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]553 ;;
554
555 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]556 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]557 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]558 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
559
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]560 if [ "X$VERIFY" = "XYES" ]; then
561 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
562 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]563 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]564 else
565 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
566 fi
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]567 ;;
568
569 "PSK")
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]570 # give RSA-PSK-capable server a RSA cert
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]571 # (should be a separate type, but harder to close with openssl)
572 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
Manuel Pégourié-Gonnard1b149ef2014-02-27 14:38:29 +0100[diff] [blame]573 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]574 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
575
576 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]577 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]578 G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]579 ;;
580 esac
581}
582
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]583# is_polar <cmd_line>
584is_polar() {
585 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
586}
587
588# has_mem_err <log_file_name>
589has_mem_err() {
590 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
591 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
592 then
593 return 1 # false: does not have errors
594 else
595 return 0 # true: has errors
596 fi
597}
598
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]599# start_server <name>
600# also saves name and command
601start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]602 case $1 in
603 [Oo]pen*)
604 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
605 ;;
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]606 [Gg]nu*)
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]607 SERVER_CMD="gnutls-serv $G_SERVER_ARGS --priority $G_SERVER_PRIO"
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]608 ;;
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]609 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]610 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]611 if [ "$MEMCHECK" -gt 0 ]; then
612 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
613 fi
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]614 ;;
615 *)
616 echo "error: invalid server name: $1" >&2
617 exit 1
618 ;;
619 esac
620 SERVER_NAME=$1
621
622 log "$SERVER_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]623 $SERVER_CMD >srv_out 2>&1 &
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]624 PROCESS_ID=$!
625
626 sleep 1
627}
628
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]629# terminate the running server (closing it cleanly if it is ours)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]630stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]631 case $SERVER_NAME in
632 [Pp]olar*)
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]633 # we must force a PSK suite when in PSK mode (otherwise client
634 # auth will fail), so use $O_CIPHERS
635 CS=$( echo "$O_CIPHERS" | tr ' ' ':' )
636 echo SERVERQUIT | \
637 $OPENSSL s_client $O_CLIENT_ARGS -cipher "$CS" >/dev/null 2>&1
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]638 sleep 1; kill $PROCESS_ID 2>/dev/null # XXX temporary
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]639 ;;
Manuel Pégourié-Gonnard911622d2014-02-27 11:50:40 +0100[diff] [blame]640 *)
641 kill $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]642 esac
643
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]644 wait $PROCESS_ID 2>/dev/null
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]645
646 if [ "$MEMCHECK" -gt 0 ]; then
647 if is_polar "$SERVER_CMD" && has_mem_err srv_out; then
648 echo " ! Server had memory errors"
649 let "srvmem++"
650 return
651 fi
652 fi
653
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]654 rm -f srv_out
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]655}
656
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]657# kill the running server (used when killed by signal)
658cleanup() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]659 rm -f srv_out cli_out
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]660 kill $PROCESS_ID
661 exit 1
662}
663
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]664# run_client <name> <cipher>
665run_client() {
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]666 # announce what we're going to do
667 let "tests++"
668 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
669 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
670 echo -n "$TITLE"
671 LEN=`echo "$TITLE" | wc -c`
672 LEN=`echo 72 - $LEN | bc`
673 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
674
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]675 # run the command and interpret result
676 case $1 in
677 [Oo]pen*)
678 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
679 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]680 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]681 EXIT=$?
682
683 if [ "$EXIT" == "0" ]; then
684 RESULT=0
685 else
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]686 if grep 'Cipher is (NONE)' cli_out >/dev/null; then
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]687 RESULT=1
688 else
689 RESULT=2
690 fi
691 fi
692 ;;
693
Manuel Pégourié-Gonnarda4371442014-03-13 16:21:59 +0100[diff] [blame^]694 [Gg]nu*)
695 CLIENT_CMD="gnutls-cli $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 localhost"
696 log "$CLIENT_CMD"
697 ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD > cli_out 2>&1
698 EXIT=$?
699
700 if [ "$EXIT" == "0" ]; then
701 RESULT=0
702 else
703 RESULT=2 # TODO
704 fi
705 ;;
706
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]707 [Pp]olar*)
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]708 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]709 if [ "$MEMCHECK" -gt 0 ]; then
710 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
711 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]712 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]713 $CLIENT_CMD > cli_out 2>&1
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]714 EXIT=$?
715
716 case $EXIT in
717 "0") RESULT=0 ;;
718 "2") RESULT=1 ;;
719 *) RESULT=2 ;;
720 esac
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]721
722 if [ "$MEMCHECK" -gt 0 ]; then
723 if is_polar "$CLIENT_CMD" && has_mem_err cli_out; then
724 RESULT=2
725 fi
726 fi
727
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]728 ;;
729
730 *)
731 echo "error: invalid client name: $1" >&2
732 exit 1
733 ;;
734 esac
735
736 # report and count result
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]737 case $RESULT in
738 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]739 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]740 ;;
741 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]742 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]743 let "skipped++"
744 ;;
745 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]746 echo FAIL
747 echo " ! $SERVER_CMD"
748 echo " ! $CLIENT_CMD"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]749 cp srv_out c-srv-${tests}.log
750 cp cli_out c-cli-${tests}.log
751 echo " ! outputs saved to c-srv-${tests}.log, c-cli-${tests}.log"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]752 let "failed++"
753 ;;
754 esac
Manuel Pégourié-Gonnard87ae3032014-02-27 11:12:30 +0100[diff] [blame]755
756 rm -f cli_out
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]757}
758
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]759#
760# MAIN
761#
762
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]763# sanity checks, avoid an avalanche of errors
764if [ ! -x "$P_SRV" ]; then
765 echo "Command '$P_SRV' is not an executable file"
766 exit 1
767fi
768if [ ! -x "$P_CLI" ]; then
769 echo "Command '$P_CLI' is not an executable file"
770 exit 1
771fi
772if which $OPENSSL >/dev/null 2>&1; then :; else
773 echo "Command '$OPENSSL' not found"
774 exit 1
775fi
776
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]777get_options "$@"
778
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]779killall -q gnutls-serv openssl ssl_server ssl_server2
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]780trap cleanup INT TERM HUP
781
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]782for VERIFY in $VERIFIES; do
783 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]784 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]785
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]786 setup_arguments
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]787
788 reset_ciphersuites
789 add_openssl_ciphersuites
790 filter_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]791
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]792 if [ "X" != "X$P_CIPHERS" ]; then
793 start_server "OpenSSL"
794 for i in $P_CIPHERS; do
795 run_client PolarSSL $i
796 done
797 stop_server
798 fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]799
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]800 if [ "X" != "X$O_CIPHERS" ]; then
801 start_server "PolarSSL"
802 for i in $O_CIPHERS; do
803 run_client OpenSSL $i
804 done
805 stop_server
806 fi
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]807
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]808 reset_ciphersuites
809 add_gnutls_ciphersuites
810 filter_ciphersuites
811
812 if [ "X" != "X$P_CIPHERS" ]; then
813 start_server "GnuTLS"
814 for i in $P_CIPHERS; do
815 run_client PolarSSL $i
816 done
817 stop_server
818 fi
819
820 if [ "X" != "X$G_CIPHERS" ]; then
821 start_server "PolarSSL"
822 for i in $G_CIPHERS; do
823 run_client GnuTLS $i
824 done
825 stop_server
826 fi
827
828 reset_ciphersuites
829 add_openssl_ciphersuites
830 add_gnutls_ciphersuites
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]831 add_polarssl_ciphersuites
Manuel Pégourié-Gonnard5b2d7762014-02-28 12:42:57 +0100[diff] [blame]832 filter_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]833
Manuel Pégourié-Gonnard42d195a2014-02-27 11:11:33 +0100[diff] [blame]834 if [ "X" != "X$P_CIPHERS" ]; then
835 start_server "PolarSSL"
836 for i in $P_CIPHERS; do
837 run_client PolarSSL $i
838 done
839 stop_server
840 fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]841
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]842 done
843 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]844done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]845
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]846echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]847
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]848if (( failed != 0 && srvmem != 0 ));
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]849then
850 echo -n "FAILED"
851else
852 echo -n "PASSED"
853fi
854
855let "passed = tests - failed"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]856echo " ($passed / $tests tests ($skipped skipped, $srvmem server memory errors)"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]857
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]858let "failed += srvmem"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]859exit $failed