TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c9baa873ca699b23e3d4abbb343c03e26a54118c / . / tests / compat.sh
blob: 136efa03355cca0553560127f0fffc0ada36da17 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]87for VERIFY in $VERIFIES;
88do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]89
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]90if [ "X$VERIFY" = "XYES" ];
91then
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]92 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
93 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
94 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
95 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]96else
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]97 P_SERVER_BASE=""
98 P_CLIENT_BASE=""
99 O_SERVER_BASE=""
100 O_CLIENT_BASE=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]101fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]102
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]103
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]104for MODE in $MODES;
105do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]106
107# avoid an avalanche of errors due to typos
108case $MODE in
109 ssl3|tls1|tls1_1|tls1_2)
110 ;;
111 *)
112 echo "error: invalid mode: $MODE" >&2
113 exit 1;
114esac
115
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]116echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]117echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]118echo "-----------"
119
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]120for TYPE in $TYPES;
121do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]123case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]124
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]125 "ECDSA")
126
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]127 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
128 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
129 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
130 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]131
132 P_CIPHERS=" \
133 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
134 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
135 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
136 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
137 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
138 "
139
140 O_CIPHERS=" \
141 ECDHE-ECDSA-NULL-SHA \
142 ECDHE-ECDSA-RC4-SHA \
143 ECDHE-ECDSA-DES-CBC3-SHA \
144 ECDHE-ECDSA-AES128-SHA \
145 ECDHE-ECDSA-AES256-SHA \
146 "
147
148 if [ "$MODE" = "tls1_2" ];
149 then
150 P_CIPHERS="$P_CIPHERS \
151 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
152 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
153 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
154 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
155 "
156
157 O_CIPHERS=" \
158 ECDHE-ECDSA-AES128-SHA256 \
159 ECDHE-ECDSA-AES256-SHA384 \
160 ECDHE-ECDSA-AES128-GCM-SHA256 \
161 ECDHE-ECDSA-AES256-GCM-SHA384 \
162 "
163 fi
164
165 ;;
166
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]167 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]168
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]169 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
170 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
171 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
172 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]173
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]174 P_CIPHERS=" \
175 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
176 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
177 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
178 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
179 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
180 TLS-RSA-WITH-AES-256-CBC-SHA \
181 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
182 TLS-RSA-WITH-AES-128-CBC-SHA \
183 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
184 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
185 TLS-RSA-WITH-RC4-128-SHA \
186 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]187 TLS-RSA-WITH-NULL-MD5 \
188 TLS-RSA-WITH-NULL-SHA \
189 TLS-RSA-WITH-DES-CBC-SHA \
190 TLS-DHE-RSA-WITH-DES-CBC-SHA \
191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
193 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
194 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
195 TLS-ECDHE-RSA-WITH-NULL-SHA \
196 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]197
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]198 O_CIPHERS=" \
199 DHE-RSA-AES128-SHA \
200 DHE-RSA-AES256-SHA \
201 DHE-RSA-CAMELLIA128-SHA \
202 DHE-RSA-CAMELLIA256-SHA \
203 EDH-RSA-DES-CBC3-SHA \
204 AES256-SHA \
205 CAMELLIA256-SHA \
206 AES128-SHA \
207 CAMELLIA128-SHA \
208 DES-CBC3-SHA \
209 RC4-SHA \
210 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]211 NULL-MD5 \
212 NULL-SHA \
213 DES-CBC-SHA \
214 EDH-RSA-DES-CBC-SHA \
215 ECDHE-RSA-AES256-SHA \
216 ECDHE-RSA-AES128-SHA \
217 ECDHE-RSA-DES-CBC3-SHA \
218 ECDHE-RSA-RC4-SHA \
219 ECDHE-RSA-NULL-SHA \
220 "
221
222 if [ "$MODE" = "tls1_2" ];
223 then
224 P_CIPHERS="$P_CIPHERS \
225 TLS-RSA-WITH-NULL-SHA256 \
226 TLS-RSA-WITH-AES-128-CBC-SHA256 \
227 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
228 TLS-RSA-WITH-AES-256-CBC-SHA256 \
229 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
230 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
231 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
232 TLS-RSA-WITH-AES-128-GCM-SHA256 \
233 TLS-RSA-WITH-AES-256-GCM-SHA384 \
234 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
235 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
236 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
237 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
238 "
239
240 O_CIPHERS="$O_CIPHERS \
241 NULL-SHA256 \
242 AES128-SHA256 \
243 DHE-RSA-AES128-SHA256 \
244 AES256-SHA256 \
245 DHE-RSA-AES256-SHA256 \
246 ECDHE-RSA-AES128-SHA256 \
247 ECDHE-RSA-AES256-SHA384 \
248 AES128-GCM-SHA256 \
249 DHE-RSA-AES128-GCM-SHA256 \
250 AES256-GCM-SHA384 \
251 DHE-RSA-AES256-GCM-SHA384 \
252 ECDHE-RSA-AES128-GCM-SHA256 \
253 ECDHE-RSA-AES256-GCM-SHA384 \
254 "
255 fi
256
257 ;;
258
259 "PSK")
260
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]261 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
262 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]263 # openssl s_server won't start without certificates...
264 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
Manuel Pégourié-Gonnardeb1714e2013-09-20 12:44:08 +0200[diff] [blame]265 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]266
267 P_CIPHERS=" \
268 TLS-PSK-WITH-RC4-128-SHA \
269 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
270 TLS-PSK-WITH-AES-128-CBC-SHA \
271 TLS-PSK-WITH-AES-256-CBC-SHA \
272 "
273
274 O_CIPHERS=" \
275 PSK-RC4-SHA \
276 PSK-3DES-EDE-CBC-SHA \
277 PSK-AES128-CBC-SHA \
278 PSK-AES256-CBC-SHA \
279 "
280
281 ;;
282
283esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]284
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]285# Filter ciphersuites
286if [ "X" != "X$FILTER" ];
287then
288 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
289 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
290fi
291
292
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]293log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
294$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]295PROCESS_ID=$!
296
297sleep 1
298
299for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]300do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]301 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]302 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]303 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]304 EXIT=$?
305 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
306 if [ "$EXIT" = "2" ];
307 then
308 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]309 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]310 elif [ "$EXIT" != "0" ];
311 then
312 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]313 echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
314 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]315 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]316 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]317 else
318 echo Success
319 fi
320done
321kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]322wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]323
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame^]324log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null"
325../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]326PROCESS_ID=$!
327
328sleep 1
329
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]330for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]331do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]332 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]333 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]334 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]335 EXIT=$?
336 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
337
338 if [ "$EXIT" != "0" ];
339 then
340 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
341 if [ "X$SUPPORTED" != "X" ]
342 then
343 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]344 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]345 else
346 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]347 echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
348 echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]349 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]350 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]351 fi
352 else
353 echo Success
354 fi
355done
356
357kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]358wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]359
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame^]360log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE"
361../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]362PROCESS_ID=$!
363
364sleep 1
365
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]366# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]367
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]368case $TYPE in
369
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]370 "ECDSA")
371
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]372 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]373 then
374 P_CIPHERS="$P_CIPHERS \
375 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
376 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
377 "
378 fi
379
380 ;;
381
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]382 "RSA")
383
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]384 if [ "$MODE" != "ssl3" ];
385 then
386 P_CIPHERS="$P_CIPHERS \
387 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
388 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
389 "
390 fi
391
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]392 if [ "$MODE" = "tls1_2" ];
393 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]394 P_CIPHERS="$P_CIPHERS \
395 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]396 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]397 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]398 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]399 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
400 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]401 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
402 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
403 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
404 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]405 "
406 fi
407
408 ;;
409
410 "PSK")
411
412 P_CIPHERS="$P_CIPHERS \
413 TLS-DHE-PSK-WITH-RC4-128-SHA \
414 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
415 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
416 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]417 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]418 TLS-PSK-WITH-NULL-SHA \
419 TLS-RSA-PSK-WITH-RC4-128-SHA \
420 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
421 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
422 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
423 TLS-RSA-WITH-NULL-SHA \
424 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]425 TLS-PSK-WITH-AES-128-CBC-SHA256 \
426 TLS-PSK-WITH-AES-256-CBC-SHA384 \
427 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
428 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
429 TLS-PSK-WITH-NULL-SHA256 \
430 TLS-PSK-WITH-NULL-SHA384 \
431 TLS-DHE-PSK-WITH-NULL-SHA256 \
432 TLS-DHE-PSK-WITH-NULL-SHA384 \
433 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
434 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
435 TLS-RSA-PSK-WITH-NULL-SHA256 \
436 TLS-RSA-PSK-WITH-NULL-SHA384 \
437 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
438 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
439 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
440 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
441 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
442 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]443 "
444
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]445
446 if [ "$MODE" != "ssl3" ];
447 then
448 P_CIPHERS="$P_CIPHERS \
449 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
450 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
451 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
452 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
453 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]454 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
455 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
456 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
457 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
458 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
459 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]460 "
461 fi
462
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]463 if [ "$MODE" = "tls1_2" ];
464 then
465 P_CIPHERS="$P_CIPHERS \
466 TLS-PSK-WITH-AES-128-GCM-SHA256 \
467 TLS-PSK-WITH-AES-256-GCM-SHA384 \
468 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
469 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
470 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
471 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
472 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
473 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
474 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
475 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
476 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
477 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
478 TLS-RSA-WITH-NULL-SHA256 \
479 "
480 fi
481
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]482esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]483
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]484# Filter ciphersuites
485if [ "X" != "X$FILTER" ];
486then
487 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
488 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
489fi
490
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]491for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]492do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]493 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]494 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]495 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]496 EXIT=$?
497 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
498 if [ "$EXIT" = "2" ];
499 then
500 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]501 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]502 elif [ "$EXIT" != "0" ];
503 then
504 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]505 echo "ssl_server2 $P_SERVER_ARGS"
506 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]507 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]508 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]509 else
510 echo Success
511 fi
512done
513kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]514wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]515
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]516done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]517done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]518done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]519
520echo ""
521echo "-------------------------------------------------------------------------"
522echo ""
523
524if (( failed != 0 ));
525then
526 echo -n "FAILED"
527else
528 echo -n "PASSED"
529fi
530
531let "passed = tests - failed"
532echo " ($passed / $tests tests ($skipped skipped))"
533
534exit $failed