TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d941a796be0beb9d055a862657de42dff13d8f29 / . / tests / compat.sh
blob: ef1d53c9019638aa5cbd8a506cdd40d02fcb3fc6 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]5let "tests = 0"
6let "failed = 0"
7let "skipped = 0"
8
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]9MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]10VERIFIES="NO YES"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]11TYPES="ECDSA RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]12OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]13FILTER=""
14VERBOSE=""
15
16# Parse arguments
17#
18until [ -z "$1" ]
19do
20 case "$1" in
21 -f|--filter)
22 # Filter ciphersuites
23 shift
24 FILTER=$1
25 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]26 -m|--modes)
27 # Perform modes
28 shift
29 MODES=$1
30 ;;
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]31 -t|--types)
32 # Key exchange types
33 shift
34 TYPES=$1
35 ;;
36 -V|--verify)
37 # Verifiction modes
38 shift
39 VERIFIES=$1
40 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]41 -v|--verbose)
42 # Set verbosity
43 shift
44 VERBOSE=1
45 ;;
46 -h|--help)
47 # print help
48 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]49 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]50 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]51 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]52 echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]53 echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]54 echo -e " -v|--verbose\t\tSet verbose output."
55 exit 1
56 ;;
57 *)
58 # print error
59 echo "Unknown argument: '$1'"
60 exit 1
61 ;;
62 esac
63 shift
64done
65
66log () {
67 if [ "X" != "X$VERBOSE" ]; then
68 echo "$@"
69 fi
70}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]71
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]72filter()
73{
74 LIST=$1
75 FILTER=$2
76
77 NEW_LIST=""
78
79 for i in $LIST;
80 do
81 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
82 done
83
84 echo "$NEW_LIST"
85}
86
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame^]87setup_arguments()
88{
89 if [ "X$VERIFY" = "XYES" ];
90 then
91 P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
92 P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
93 O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
94 O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
95 else
96 P_SERVER_BASE=""
97 P_CLIENT_BASE=""
98 O_SERVER_BASE=""
99 O_CLIENT_BASE=""
100 fi
101
102 case $TYPE in
103 "ECDSA")
104 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
105 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
106 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
107 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
108 ;;
109
110 "RSA")
111 P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
112 P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
113 O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
114 O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
115 ;;
116
117 "PSK")
118 P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
119 P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
120 # openssl s_server won't start without certificates...
121 O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
122 O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
123 ;;
124 esac
125}
126
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]127for VERIFY in $VERIFIES;
128do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]129
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]130for MODE in $MODES;
131do
Manuel Pégourié-Gonnardd3313192013-09-13 19:20:37 +0200[diff] [blame]132
133# avoid an avalanche of errors due to typos
134case $MODE in
135 ssl3|tls1|tls1_1|tls1_2)
136 ;;
137 *)
138 echo "error: invalid mode: $MODE" >&2
139 exit 1;
140esac
141
Manuel Pégourié-Gonnarddfc8d5a2013-08-27 20:48:40 +0200[diff] [blame]142echo "-----------"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]143echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]144echo "-----------"
145
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]146for TYPE in $TYPES;
147do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]148
Manuel Pégourié-Gonnardd941a792014-02-19 13:35:52 +0100[diff] [blame^]149setup_arguments
150
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]151P_CIPHERS=""
152O_CIPHERS=""
153
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]154case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]155
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]156 "ECDSA")
157
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]158 if [ "$MODE" != "ssl3" ];
159 then
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]160 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]161 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
162 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
163 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
164 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
165 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]166 TLS-ECDH-ECDSA-WITH-NULL-SHA \
167 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
168 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
169 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
170 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]171 "
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]172
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]173 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]174 ECDHE-ECDSA-NULL-SHA \
175 ECDHE-ECDSA-RC4-SHA \
176 ECDHE-ECDSA-DES-CBC3-SHA \
177 ECDHE-ECDSA-AES128-SHA \
178 ECDHE-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]179 ECDH-ECDSA-NULL-SHA \
180 ECDH-ECDSA-RC4-SHA \
181 ECDH-ECDSA-DES-CBC3-SHA \
182 ECDH-ECDSA-AES128-SHA \
183 ECDH-ECDSA-AES256-SHA \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]184 "
185 fi
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]186
187 if [ "$MODE" = "tls1_2" ];
188 then
189 P_CIPHERS="$P_CIPHERS \
190 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
191 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
192 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
193 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]194 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
195 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
196 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
197 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]198 "
199
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]200 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]201 ECDHE-ECDSA-AES128-SHA256 \
202 ECDHE-ECDSA-AES256-SHA384 \
203 ECDHE-ECDSA-AES128-GCM-SHA256 \
204 ECDHE-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]205 ECDH-ECDSA-AES128-SHA256 \
206 ECDH-ECDSA-AES256-SHA384 \
207 ECDH-ECDSA-AES128-GCM-SHA256 \
208 ECDH-ECDSA-AES256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]209 "
210 fi
211
212 ;;
213
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]214 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]215
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]216 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]217 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
218 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
219 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
220 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
221 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
222 TLS-RSA-WITH-AES-256-CBC-SHA \
223 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
224 TLS-RSA-WITH-AES-128-CBC-SHA \
225 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
226 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
227 TLS-RSA-WITH-RC4-128-SHA \
228 TLS-RSA-WITH-RC4-128-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]229 TLS-RSA-WITH-NULL-MD5 \
230 TLS-RSA-WITH-NULL-SHA \
231 TLS-RSA-WITH-DES-CBC-SHA \
232 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]233 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]234
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]235 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]236 DHE-RSA-AES128-SHA \
237 DHE-RSA-AES256-SHA \
238 DHE-RSA-CAMELLIA128-SHA \
239 DHE-RSA-CAMELLIA256-SHA \
240 EDH-RSA-DES-CBC3-SHA \
241 AES256-SHA \
242 CAMELLIA256-SHA \
243 AES128-SHA \
244 CAMELLIA128-SHA \
245 DES-CBC3-SHA \
246 RC4-SHA \
247 RC4-MD5 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]248 NULL-MD5 \
249 NULL-SHA \
250 DES-CBC-SHA \
251 EDH-RSA-DES-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]252 "
253
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]254 if [ "$MODE" != "ssl3" ];
255 then
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]256 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]257 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
258 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
259 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
260 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
261 TLS-ECDHE-RSA-WITH-NULL-SHA \
262 "
263
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]264 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard07b54e02013-12-12 11:37:11 +0100[diff] [blame]265 ECDHE-RSA-AES256-SHA \
266 ECDHE-RSA-AES128-SHA \
267 ECDHE-RSA-DES-CBC3-SHA \
268 ECDHE-RSA-RC4-SHA \
269 ECDHE-RSA-NULL-SHA \
270 "
271 fi
272
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]273 if [ "$MODE" = "tls1_2" ];
274 then
275 P_CIPHERS="$P_CIPHERS \
276 TLS-RSA-WITH-NULL-SHA256 \
277 TLS-RSA-WITH-AES-128-CBC-SHA256 \
278 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
279 TLS-RSA-WITH-AES-256-CBC-SHA256 \
280 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
281 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
282 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
283 TLS-RSA-WITH-AES-128-GCM-SHA256 \
284 TLS-RSA-WITH-AES-256-GCM-SHA384 \
285 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
286 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
287 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
288 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
289 "
290
291 O_CIPHERS="$O_CIPHERS \
292 NULL-SHA256 \
293 AES128-SHA256 \
294 DHE-RSA-AES128-SHA256 \
295 AES256-SHA256 \
296 DHE-RSA-AES256-SHA256 \
297 ECDHE-RSA-AES128-SHA256 \
298 ECDHE-RSA-AES256-SHA384 \
299 AES128-GCM-SHA256 \
300 DHE-RSA-AES128-GCM-SHA256 \
301 AES256-GCM-SHA384 \
302 DHE-RSA-AES256-GCM-SHA384 \
303 ECDHE-RSA-AES128-GCM-SHA256 \
304 ECDHE-RSA-AES256-GCM-SHA384 \
305 "
306 fi
307
308 ;;
309
310 "PSK")
311
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]312 P_CIPHERS="$P_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]313 TLS-PSK-WITH-RC4-128-SHA \
314 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
315 TLS-PSK-WITH-AES-128-CBC-SHA \
316 TLS-PSK-WITH-AES-256-CBC-SHA \
317 "
318
Manuel Pégourié-Gonnard0759d362013-12-17 11:50:52 +0100[diff] [blame]319 O_CIPHERS="$O_CIPHERS \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]320 PSK-RC4-SHA \
321 PSK-3DES-EDE-CBC-SHA \
322 PSK-AES128-CBC-SHA \
323 PSK-AES256-CBC-SHA \
324 "
325
326 ;;
327
328esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]329
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]330# Filter ciphersuites
331if [ "X" != "X$FILTER" ];
332then
333 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
334 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
335fi
336
337
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]338log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
339$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]340PROCESS_ID=$!
341
342sleep 1
343
344for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]345do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]346 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]347 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]348 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]349 EXIT=$?
350 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
351 if [ "$EXIT" = "2" ];
352 then
353 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]354 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]355 elif [ "$EXIT" != "0" ];
356 then
357 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]358 echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
359 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]360 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]361 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]362 else
363 echo Success
364 fi
365done
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame]366kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]367wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]368
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame]369log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null"
370../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]371PROCESS_ID=$!
372
373sleep 1
374
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]375for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]376do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]377 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]378 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]379 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]380 EXIT=$?
381 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
382
383 if [ "$EXIT" != "0" ];
384 then
385 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
386 if [ "X$SUPPORTED" != "X" ]
387 then
388 echo "Ciphersuite not supported in server"
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]389 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]390 else
391 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]392 echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
393 echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]394 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]395 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]396 fi
397 else
398 echo Success
399 fi
400done
401
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame]402kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]403wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]404
Manuel Pégourié-Gonnardc9baa872013-12-17 14:10:58 +0100[diff] [blame]405log "../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE"
406../programs/ssl/ssl_server2 server_addr=0.0.0.0 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]407PROCESS_ID=$!
408
409sleep 1
410
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]411# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]412
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]413case $TYPE in
414
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]415 "ECDSA")
416
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]417 if [ "$MODE" != "ssl3" ];
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]418 then
419 P_CIPHERS="$P_CIPHERS \
420 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
421 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Manuel Pégourié-Gonnard31a23252013-12-12 11:54:11 +0100[diff] [blame]422 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
423 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
424 "
425 fi
426
427 if [ "$MODE" = "tls1_2" ];
428 then
429 P_CIPHERS="$P_CIPHERS \
430 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
431 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
432 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
433 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]434 "
435 fi
436
437 ;;
438
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]439 "RSA")
440
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]441 if [ "$MODE" != "ssl3" ];
442 then
443 P_CIPHERS="$P_CIPHERS \
444 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
445 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
446 "
447 fi
448
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]449 if [ "$MODE" = "tls1_2" ];
450 then
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]451 P_CIPHERS="$P_CIPHERS \
452 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]453 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]454 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard7ebaf372013-08-27 21:03:33 +0200[diff] [blame]455 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]456 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
457 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]458 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
459 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
460 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
461 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]462 "
463 fi
464
465 ;;
466
467 "PSK")
468
469 P_CIPHERS="$P_CIPHERS \
470 TLS-DHE-PSK-WITH-RC4-128-SHA \
471 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
472 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
473 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]474 TLS-DHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]475 TLS-PSK-WITH-NULL-SHA \
476 TLS-RSA-PSK-WITH-RC4-128-SHA \
477 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
478 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
479 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
480 TLS-RSA-WITH-NULL-SHA \
481 TLS-RSA-WITH-NULL-MD5 \
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]482 TLS-PSK-WITH-AES-128-CBC-SHA256 \
483 TLS-PSK-WITH-AES-256-CBC-SHA384 \
484 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
485 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
486 TLS-PSK-WITH-NULL-SHA256 \
487 TLS-PSK-WITH-NULL-SHA384 \
488 TLS-DHE-PSK-WITH-NULL-SHA256 \
489 TLS-DHE-PSK-WITH-NULL-SHA384 \
490 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
491 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
492 TLS-RSA-PSK-WITH-NULL-SHA256 \
493 TLS-RSA-PSK-WITH-NULL-SHA384 \
494 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
495 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
496 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
497 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
498 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
499 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]500 "
501
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]502
503 if [ "$MODE" != "ssl3" ];
504 then
505 P_CIPHERS="$P_CIPHERS \
506 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
507 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
508 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
509 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
510 TLS-ECDHE-PSK-WITH-NULL-SHA \
Manuel Pégourié-Gonnardeebb5ad2013-10-15 12:26:10 +0200[diff] [blame]511 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
512 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
513 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
514 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
515 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
516 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]517 "
518 fi
519
Manuel Pégourié-Gonnardc6f03fa2013-11-26 14:29:13 +0100[diff] [blame]520 if [ "$MODE" = "tls1_2" ];
521 then
522 P_CIPHERS="$P_CIPHERS \
523 TLS-PSK-WITH-AES-128-GCM-SHA256 \
524 TLS-PSK-WITH-AES-256-GCM-SHA384 \
525 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
526 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
527 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
528 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
529 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
530 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
531 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
532 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
533 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
534 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
535 TLS-RSA-WITH-NULL-SHA256 \
536 "
537 fi
538
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]539esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]540
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]541# Filter ciphersuites
542if [ "X" != "X$FILTER" ];
543then
544 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
545 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
546fi
547
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]548for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]549do
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]550 let "tests++"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]551 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]552 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]553 EXIT=$?
554 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
555 if [ "$EXIT" = "2" ];
556 then
557 echo Ciphersuite not supported in client
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]558 let "skipped++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]559 elif [ "$EXIT" != "0" ];
560 then
561 echo Failed
Manuel Pégourié-Gonnard452f6ba2013-12-17 11:06:50 +0100[diff] [blame]562 echo "ssl_server2 $P_SERVER_ARGS"
563 echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]564 echo $RESULT
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]565 let "failed++"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]566 else
567 echo Success
568 fi
569done
Paul Bakkerfe40f482013-12-19 17:47:24 +0100[diff] [blame]570kill $PROCESS_ID 2>/dev/null
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]571wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]572
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]573done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]574done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame]575done
Manuel Pégourié-Gonnard70064fd2013-08-27 22:00:47 +0200[diff] [blame]576
577echo ""
578echo "-------------------------------------------------------------------------"
579echo ""
580
581if (( failed != 0 ));
582then
583 echo -n "FAILED"
584else
585 echo -n "PASSED"
586fi
587
588let "passed = tests - failed"
589echo " ($passed / $tests tests ($skipped skipped))"
590
591exit $failed