TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a9062e96e7ea4d3e95edb960a8ee46959903d3d6 / . / tests / compat.sh
blob: ffb3b8252ee01f9a2159247613eb5a610654cf68 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]3# Test interop with OpenSSL for each common ciphersuite and version.
4# Also test selfop for ciphersuites not shared with OpenSSL.
5
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]6let "tests = 0"
7let "failed = 0"
8let "skipped = 0"
9
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]10MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]11VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]12TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]13OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]14FILTER=""
15VERBOSE=""
16
17# Parse arguments
18#
19until [ -z "$1" ]
20do
21 case "$1" in
22 -f|--filter)
23 # Filter ciphersuites
24 shift
25 FILTER=$1
26 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]27 -m|--modes)
28 # Perform modes
29 shift
30 MODES=$1
31 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]32 -t|--types)
33 # Key exchange types
34 shift
35 TYPES=$1
36 ;;
37 -V|--verify)
38 # Verifiction modes
39 shift
40 VERIFIES=$1
41 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]42 -v|--verbose)
43 # Set verbosity
44 shift
45 VERBOSE=1
46 ;;
47 -h|--help)
48 # print help
49 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]50 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]51 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]52 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]53 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]54 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]55 echo -e " -v|--verbose\t\tSet verbose output."
56 exit 1
57 ;;
58 *)
59 # print error
60 echo "Unknown argument: '$1'"
61 exit 1
62 ;;
63 esac
64 shift
65done
66
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]67log() {
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]68 if [ "X" != "X$VERBOSE" ]; then
69 echo "$@"
70 fi
71}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]72
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]73filter()
74{
75 LIST=$1
76 FILTER=$2
77
78 NEW_LIST=""
79
80 for i in $LIST;
81 do
82 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
83 done
84
85 echo "$NEW_LIST"
86}
87
Manuel Pégourié-Gonnard48f196c2014-02-19 13:51:58 +0100[diff] [blame]88setup_ciphersuites()
89{
90 P_CIPHERS=""
91 O_CIPHERS=""
92
93 case $TYPE in
94
95 "ECDSA")
96 if [ "$MODE" != "ssl3" ];
97 then
98 P_CIPHERS="$P_CIPHERS \
99 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
100 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
101 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
102 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
103 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
104 TLS-ECDH-ECDSA-WITH-NULL-SHA \
105 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
106 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
107 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
108 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
109 "
110 O_CIPHERS="$O_CIPHERS \
111 ECDHE-ECDSA-NULL-SHA \
112 ECDHE-ECDSA-RC4-SHA \
113 ECDHE-ECDSA-DES-CBC3-SHA \
114 ECDHE-ECDSA-AES128-SHA \
115 ECDHE-ECDSA-AES256-SHA \
116 ECDH-ECDSA-NULL-SHA \
117 ECDH-ECDSA-RC4-SHA \
118 ECDH-ECDSA-DES-CBC3-SHA \
119 ECDH-ECDSA-AES128-SHA \
120 ECDH-ECDSA-AES256-SHA \
121 "
122 fi
123 if [ "$MODE" = "tls1_2" ];
124 then
125 P_CIPHERS="$P_CIPHERS \
126 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
127 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
128 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
129 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
130 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
131 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
132 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
133 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
134 "
135 O_CIPHERS="$O_CIPHERS \
136 ECDHE-ECDSA-AES128-SHA256 \
137 ECDHE-ECDSA-AES256-SHA384 \
138 ECDHE-ECDSA-AES128-GCM-SHA256 \
139 ECDHE-ECDSA-AES256-GCM-SHA384 \
140 ECDH-ECDSA-AES128-SHA256 \
141 ECDH-ECDSA-AES256-SHA384 \
142 ECDH-ECDSA-AES128-GCM-SHA256 \
143 ECDH-ECDSA-AES256-GCM-SHA384 \
144 "
145 fi
146 ;;
147
148 "RSA")
149 P_CIPHERS="$P_CIPHERS \
150 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
151 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
152 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
153 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
154 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
155 TLS-RSA-WITH-AES-256-CBC-SHA \
156 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
157 TLS-RSA-WITH-AES-128-CBC-SHA \
158 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
159 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
160 TLS-RSA-WITH-RC4-128-SHA \
161 TLS-RSA-WITH-RC4-128-MD5 \
162 TLS-RSA-WITH-NULL-MD5 \
163 TLS-RSA-WITH-NULL-SHA \
164 TLS-RSA-WITH-DES-CBC-SHA \
165 TLS-DHE-RSA-WITH-DES-CBC-SHA \
166 "
167 O_CIPHERS="$O_CIPHERS \
168 DHE-RSA-AES128-SHA \
169 DHE-RSA-AES256-SHA \
170 DHE-RSA-CAMELLIA128-SHA \
171 DHE-RSA-CAMELLIA256-SHA \
172 EDH-RSA-DES-CBC3-SHA \
173 AES256-SHA \
174 CAMELLIA256-SHA \
175 AES128-SHA \
176 CAMELLIA128-SHA \
177 DES-CBC3-SHA \
178 RC4-SHA \
179 RC4-MD5 \
180 NULL-MD5 \
181 NULL-SHA \
182 DES-CBC-SHA \
183 EDH-RSA-DES-CBC-SHA \
184 "
185 if [ "$MODE" != "ssl3" ];
186 then
187 P_CIPHERS="$P_CIPHERS \
188 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
189 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
190 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
191 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
192 TLS-ECDHE-RSA-WITH-NULL-SHA \
193 "
194 O_CIPHERS="$O_CIPHERS \
195 ECDHE-RSA-AES256-SHA \
196 ECDHE-RSA-AES128-SHA \
197 ECDHE-RSA-DES-CBC3-SHA \
198 ECDHE-RSA-RC4-SHA \
199 ECDHE-RSA-NULL-SHA \
200 "
201 fi
202 if [ "$MODE" = "tls1_2" ];
203 then
204 P_CIPHERS="$P_CIPHERS \
205 TLS-RSA-WITH-NULL-SHA256 \
206 TLS-RSA-WITH-AES-128-CBC-SHA256 \
207 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
208 TLS-RSA-WITH-AES-256-CBC-SHA256 \
209 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
210 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
211 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
212 TLS-RSA-WITH-AES-128-GCM-SHA256 \
213 TLS-RSA-WITH-AES-256-GCM-SHA384 \
214 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
215 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
216 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
217 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
218 "
219 O_CIPHERS="$O_CIPHERS \
220 NULL-SHA256 \
221 AES128-SHA256 \
222 DHE-RSA-AES128-SHA256 \
223 AES256-SHA256 \
224 DHE-RSA-AES256-SHA256 \
225 ECDHE-RSA-AES128-SHA256 \
226 ECDHE-RSA-AES256-SHA384 \
227 AES128-GCM-SHA256 \
228 DHE-RSA-AES128-GCM-SHA256 \
229 AES256-GCM-SHA384 \
230 DHE-RSA-AES256-GCM-SHA384 \
231 ECDHE-RSA-AES128-GCM-SHA256 \
232 ECDHE-RSA-AES256-GCM-SHA384 \
233 "
234 fi
235 ;;
236
237 "PSK")
238 P_CIPHERS="$P_CIPHERS \
239 TLS-PSK-WITH-RC4-128-SHA \
240 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
241 TLS-PSK-WITH-AES-128-CBC-SHA \
242 TLS-PSK-WITH-AES-256-CBC-SHA \
243 "
244 O_CIPHERS="$O_CIPHERS \
245 PSK-RC4-SHA \
246 PSK-3DES-EDE-CBC-SHA \
247 PSK-AES128-CBC-SHA \
248 PSK-AES256-CBC-SHA \
249 "
250 ;;
251 esac
252
253 # Filter ciphersuites
254 if [ "X" != "X$FILTER" ];
255 then
256 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
257 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
258 fi
259
260}
261
262add_polarssl_ciphersuites()
263{
264 ADD_CIPHERS=""
265
266 case $TYPE in
267
268 "ECDSA")
269 if [ "$MODE" != "ssl3" ];
270 then
271 ADD_CIPHERS="$ADD_CIPHERS \
272 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
273 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
274 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
275 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
276 "
277 fi
278 if [ "$MODE" = "tls1_2" ];
279 then
280 ADD_CIPHERS="$ADD_CIPHERS \
281 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
282 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
283 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
284 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
285 "
286 fi
287 ;;
288
289 "RSA")
290 if [ "$MODE" != "ssl3" ];
291 then
292 ADD_CIPHERS="$ADD_CIPHERS \
293 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
294 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
295 "
296 fi
297 if [ "$MODE" = "tls1_2" ];
298 then
299 ADD_CIPHERS="$ADD_CIPHERS \
300 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
301 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
302 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
303 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
304 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
305 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
306 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
307 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
308 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
309 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
310 "
311 fi
312 ;;
313
314 "PSK")
315 ADD_CIPHERS="$ADD_CIPHERS \
316 TLS-DHE-PSK-WITH-RC4-128-SHA \
317 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
318 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
319 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
320 TLS-DHE-PSK-WITH-NULL-SHA \
321 TLS-PSK-WITH-NULL-SHA \
322 TLS-RSA-PSK-WITH-RC4-128-SHA \
323 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
324 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
325 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
326 TLS-RSA-WITH-NULL-SHA \
327 TLS-RSA-WITH-NULL-MD5 \
328 TLS-PSK-WITH-AES-128-CBC-SHA256 \
329 TLS-PSK-WITH-AES-256-CBC-SHA384 \
330 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
331 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
332 TLS-PSK-WITH-NULL-SHA256 \
333 TLS-PSK-WITH-NULL-SHA384 \
334 TLS-DHE-PSK-WITH-NULL-SHA256 \
335 TLS-DHE-PSK-WITH-NULL-SHA384 \
336 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
337 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
338 TLS-RSA-PSK-WITH-NULL-SHA256 \
339 TLS-RSA-PSK-WITH-NULL-SHA384 \
340 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
341 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
342 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
343 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
344 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
345 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
346 "
347 if [ "$MODE" != "ssl3" ];
348 then
349 ADD_CIPHERS="$ADD_CIPHERS \
350 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
351 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
352 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
353 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
354 TLS-ECDHE-PSK-WITH-NULL-SHA \
355 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
356 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
357 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
358 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
359 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
360 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
361 "
362 fi
363 if [ "$MODE" = "tls1_2" ];
364 then
365 ADD_CIPHERS="$ADD_CIPHERS \
366 TLS-PSK-WITH-AES-128-GCM-SHA256 \
367 TLS-PSK-WITH-AES-256-GCM-SHA384 \
368 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
369 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
370 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
371 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
372 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
373 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
374 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
375 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
376 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
377 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
378 TLS-RSA-WITH-NULL-SHA256 \
379 "
380 fi
381 ;;
382 esac
383
384 # Filter new ciphersuites and add them
385 if [ "X" != "X$FILTER" ];
386 then
387 ADD_CIPHERS=$( filter "$ADD_CIPHERS" "$FILTER" )
388 fi
389 P_CIPHERS="$P_CIPHERS $ADD_CIPHERS"
390}
391
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]392setup_arguments()
393{
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]394 # avoid an avalanche of errors due to typos
395 case $MODE in
396 ssl3|tls1|tls1_1|tls1_2)
397 ;;
398 *)
399 echo "error: invalid mode: $MODE" >&2
400 exit 1;
401 esac
402
403 P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]404 P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]405 O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
406 O_CLIENT_ARGS="-$MODE"
407
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]408 if [ "X$VERIFY" = "XYES" ];
409 then
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]410 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]411 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]412 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]413 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
414 else
415 # ssl_server2 defaults to optional, but we want to test handshakes
416 # that don't exchange client certificate at all too
417 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=none"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]418 fi
419
420 case $TYPE in
421 "ECDSA")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]422 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
423 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
424 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
425 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]426 ;;
427
428 "RSA")
Manuel Pégourié-Gonnardda782c92014-02-21 10:10:20 +0100[diff] [blame]429 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
430 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
431 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
432 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]433 ;;
434
435 "PSK")
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]436 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
437 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]438 # openssl s_server won't start without certificates...
Manuel Pégourié-Gonnard9ada01a2014-02-19 14:24:24 +0100[diff] [blame]439 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
440 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame]441 ;;
442 esac
443}
444
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]445# start_server <name>
446# also saves name and command
447start_server() {
Manuel Pégourié-Gonnard304beef2014-02-19 14:45:00 +0100[diff] [blame]448 case $1 in
449 [Oo]pen*)
450 SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
451 ;;
452 [Pp]olar*)
453 SERVER_CMD="../programs/ssl/ssl_server2 $P_SERVER_ARGS"
454 ;;
455 *)
456 echo "error: invalid server name: $1" >&2
457 exit 1
458 ;;
459 esac
460 SERVER_NAME=$1
461
462 log "$SERVER_CMD"
463 $SERVER_CMD >/dev/null 2>&1 &
464 PROCESS_ID=$!
465
466 sleep 1
467}
468
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]469# terminate the running server (try closing it cleanly if possible)
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]470stop_server() {
Manuel Pégourié-Gonnardc57e98b2014-02-19 17:37:55 +0100[diff] [blame]471 case $SERVER_NAME in
472 [Pp]olar*)
473 echo SERVERQUIT | $OPENSSL s_client $O_CLIENT_ARGS >/dev/null 2>&1
474 sleep 1
475 ;;
476 esac
477
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]478 kill $PROCESS_ID 2>/dev/null
479 wait $PROCESS_ID 2>/dev/null
480}
481
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]482# kill the running server (used when killed by signal)
483cleanup() {
484 kill $PROCESS_ID
485 exit 1
486}
487
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]488# run_client <name> <cipher>
489run_client() {
490 # run the command and interpret result
491 case $1 in
492 [Oo]pen*)
493 CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
494 log "$CLIENT_CMD"
Manuel Pégourié-Gonnard5f593f02014-02-19 15:42:24 +0100[diff] [blame]495 OUTPUT="$( ( echo -e 'GET HTTP/1.0'; echo; ) | $CLIENT_CMD 2>&1 )"
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]496 EXIT=$?
497
498 if [ "$EXIT" == "0" ]; then
499 RESULT=0
500 else
501 SUPPORTED="$( echo $OUTPUT | grep 'Cipher is (NONE)' )"
502 if [ "X$SUPPORTED" != "X" ]; then
503 RESULT=1
504 else
505 RESULT=2
506 fi
507 fi
508 ;;
509
510 [Pp]olar*)
511 CLIENT_CMD="../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$2"
512 log "$CLIENT_CMD"
513 OUTPUT="$( $CLIENT_CMD )"
514 EXIT=$?
515
516 case $EXIT in
517 "0") RESULT=0 ;;
518 "2") RESULT=1 ;;
519 *) RESULT=2 ;;
520 esac
521 ;;
522
523 *)
524 echo "error: invalid client name: $1" >&2
525 exit 1
526 ;;
527 esac
528
529 # report and count result
530 let "tests++"
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]531 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
532 TITLE="${1:0:1}->${SERVER_NAME:0:1} $MODE,$VERIF $2 "
533 echo -n "$TITLE"
534 LEN=`echo "$TITLE" | wc -c`
535 LEN=`echo 72 - $LEN | bc`
536 for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]537 case $RESULT in
538 "0")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]539 echo PASS
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]540 ;;
541 "1")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]542 echo SKIP
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]543 let "skipped++"
544 ;;
545 "2")
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]546 echo FAIL
547 echo " ! $SERVER_CMD"
548 echo " ! $CLIENT_CMD"
549 echo -n " ! ... "
550 echo "$OUTPUT" | tail -c72
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]551 let "failed++"
552 ;;
553 esac
554}
555
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]556killall -q openssl ssl_server ssl_server2
557trap cleanup INT TERM HUP
558
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]559for VERIFY in $VERIFIES; do
560 for MODE in $MODES; do
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]561 for TYPE in $TYPES; do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]562
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]563 setup_arguments
564 setup_ciphersuites
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]565
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]566 start_server "OpenSSL"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]567
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]568 for i in $P_CIPHERS; do
569 run_client PolarSSL $i
570 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]571
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]572 stop_server
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]573
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]574 start_server "PolarSSL"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]575
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]576 for i in $O_CIPHERS; do
577 run_client OpenSSL $i
578 done
Manuel Pégourié-Gonnard330e4112014-02-19 15:23:21 +0100[diff] [blame]579
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]580 add_polarssl_ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]581
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]582 for i in $P_CIPHERS; do
583 run_client PolarSSL $i
584 done
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]585
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]586 stop_server
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]587
Manuel Pégourié-Gonnard95957712014-02-19 15:29:38 +0100[diff] [blame]588 done
589 done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]590done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]591
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]592echo "------------------------------------------------------------------------"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]593
594if (( failed != 0 ));
595then
596 echo -n "FAILED"
597else
598 echo -n "PASSED"
599fi
600
601let "passed = tests - failed"
602echo " ($passed / $tests tests ($skipped skipped))"
603
604exit $failed