TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9791a4043e55926a998f9956e58bc923634e50d8 / . / tests / compat.sh
blob: 9054a81773d60cdb4a99ce17e2b443d8a672f793 [file] [log] [blame]
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]1#!/bin/bash
2
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]3killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]4
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]5MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]6VERIFIES="NO YES"
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]7TYPES="RSA PSK"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]8OPENSSL=openssl
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]9FILTER=""
10VERBOSE=""
11
12# Parse arguments
13#
14until [ -z "$1" ]
15do
16 case "$1" in
17 -f|--filter)
18 # Filter ciphersuites
19 shift
20 FILTER=$1
21 ;;
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]22 -m|--modes)
23 # Perform modes
24 shift
25 MODES=$1
26 ;;
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]27 -v|--verbose)
28 # Set verbosity
29 shift
30 VERBOSE=1
31 ;;
32 -h|--help)
33 # print help
34 echo "Usage: $0"
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]35 echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]36 echo -e " -h|--help\t\tPrint this help."
Paul Bakker524691c2013-07-25 17:01:20 +0200[diff] [blame]37 echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]38 echo -e " -v|--verbose\t\tSet verbose output."
39 exit 1
40 ;;
41 *)
42 # print error
43 echo "Unknown argument: '$1'"
44 exit 1
45 ;;
46 esac
47 shift
48done
49
50log () {
51 if [ "X" != "X$VERBOSE" ]; then
52 echo "$@"
53 fi
54}
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]55
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]56for VERIFY in $VERIFIES;
57do
Paul Bakker7e5e7ca2013-04-17 19:27:58 +0200[diff] [blame]58
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]59if [ "X$VERIFY" = "XYES" ];
60then
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]61 P_SERVER_ARGS="ca_file=data_files/test-ca.crt auth_mode=required"
62 P_CLIENT_ARGS="ca_file=data_files/test-ca.crt"
63 O_SERVER_ARGS="-CAfile data_files/test-ca.crt -verify 10"
64 O_CLIENT_ARGS="-CAfile data_files/test-ca.crt"
65else
66 P_SERVER_ARGS=""
67 P_CLIENT_ARGS=""
68 O_SERVER_ARGS=""
69 O_CLIENT_ARGS=""
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]70fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]71
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]72
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]73for MODE in $MODES;
74do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]75echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]76echo "-----------"
77
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]78for TYPE in $TYPES;
79do
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]80
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]81case $TYPE in
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]82
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]83 "RSA")
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]84
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]85 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
86 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
87 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key"
88 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]89
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]90 P_CIPHERS=" \
91 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
92 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
93 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
94 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
95 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
96 TLS-RSA-WITH-AES-256-CBC-SHA \
97 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
98 TLS-RSA-WITH-AES-128-CBC-SHA \
99 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
100 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
101 TLS-RSA-WITH-RC4-128-SHA \
102 TLS-RSA-WITH-RC4-128-MD5 \
103 TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
104 TLS-RSA-WITH-NULL-MD5 \
105 TLS-RSA-WITH-NULL-SHA \
106 TLS-RSA-WITH-DES-CBC-SHA \
107 TLS-DHE-RSA-WITH-DES-CBC-SHA \
108 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
109 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
110 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
111 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
112 TLS-ECDHE-RSA-WITH-NULL-SHA \
113 "
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]114
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]115 O_CIPHERS=" \
116 DHE-RSA-AES128-SHA \
117 DHE-RSA-AES256-SHA \
118 DHE-RSA-CAMELLIA128-SHA \
119 DHE-RSA-CAMELLIA256-SHA \
120 EDH-RSA-DES-CBC3-SHA \
121 AES256-SHA \
122 CAMELLIA256-SHA \
123 AES128-SHA \
124 CAMELLIA128-SHA \
125 DES-CBC3-SHA \
126 RC4-SHA \
127 RC4-MD5 \
128 EXP-RC4-MD5 \
129 NULL-MD5 \
130 NULL-SHA \
131 DES-CBC-SHA \
132 EDH-RSA-DES-CBC-SHA \
133 ECDHE-RSA-AES256-SHA \
134 ECDHE-RSA-AES128-SHA \
135 ECDHE-RSA-DES-CBC3-SHA \
136 ECDHE-RSA-RC4-SHA \
137 ECDHE-RSA-NULL-SHA \
138 "
139
140 if [ "$MODE" = "tls1_2" ];
141 then
142 P_CIPHERS="$P_CIPHERS \
143 TLS-RSA-WITH-NULL-SHA256 \
144 TLS-RSA-WITH-AES-128-CBC-SHA256 \
145 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
146 TLS-RSA-WITH-AES-256-CBC-SHA256 \
147 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
148 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
149 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
150 TLS-RSA-WITH-AES-128-GCM-SHA256 \
151 TLS-RSA-WITH-AES-256-GCM-SHA384 \
152 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
153 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
154 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
155 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
156 "
157
158 O_CIPHERS="$O_CIPHERS \
159 NULL-SHA256 \
160 AES128-SHA256 \
161 DHE-RSA-AES128-SHA256 \
162 AES256-SHA256 \
163 DHE-RSA-AES256-SHA256 \
164 ECDHE-RSA-AES128-SHA256 \
165 ECDHE-RSA-AES256-SHA384 \
166 AES128-GCM-SHA256 \
167 DHE-RSA-AES128-GCM-SHA256 \
168 AES256-GCM-SHA384 \
169 DHE-RSA-AES256-GCM-SHA384 \
170 ECDHE-RSA-AES128-GCM-SHA256 \
171 ECDHE-RSA-AES256-GCM-SHA384 \
172 "
173 fi
174
175 ;;
176
177 "PSK")
178
179 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
180 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
181 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
182 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
183
184 P_CIPHERS=" \
185 TLS-PSK-WITH-RC4-128-SHA \
186 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
187 TLS-PSK-WITH-AES-128-CBC-SHA \
188 TLS-PSK-WITH-AES-256-CBC-SHA \
189 "
190
191 O_CIPHERS=" \
192 PSK-RC4-SHA \
193 PSK-3DES-EDE-CBC-SHA \
194 PSK-AES128-CBC-SHA \
195 PSK-AES256-CBC-SHA \
196 "
197
198 ;;
199
200esac
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]201
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]202filter()
203{
204 LIST=$1
205 FILTER=$2
206
207 NEW_LIST=""
208
209 for i in $LIST;
210 do
211 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
212 done
213
214 echo "$NEW_LIST"
215}
216
217# Filter ciphersuites
218if [ "X" != "X$FILTER" ];
219then
220 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
221 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
222fi
223
224
225log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]226$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]227PROCESS_ID=$!
228
229sleep 1
230
231for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]232do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]233 log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]234 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]235 EXIT=$?
236 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
237 if [ "$EXIT" = "2" ];
238 then
239 echo Ciphersuite not supported in client
240 elif [ "$EXIT" != "0" ];
241 then
242 echo Failed
243 echo $RESULT
244 else
245 echo Success
246 fi
247done
248kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]249wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]250
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]251log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]252../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]253PROCESS_ID=$!
254
255sleep 1
256
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]257for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]258do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]259 log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]260 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]261 EXIT=$?
262 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
263
264 if [ "$EXIT" != "0" ];
265 then
266 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
267 if [ "X$SUPPORTED" != "X" ]
268 then
269 echo "Ciphersuite not supported in server"
270 else
271 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]272 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
273 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]274 echo $RESULT
275 fi
276 else
277 echo Success
278 fi
279done
280
281kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]282wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]283
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]284log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]285../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]286PROCESS_ID=$!
287
288sleep 1
289
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]290# Add ciphersuites supported by PolarSSL only
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]291
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]292case $TYPE in
293
294 "RSA")
295
296 if [ "$MODE" = "tls1_2" ];
297 then
298 P_CIPHERS="$P_CIPHERS \
299 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
300 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
301 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
302 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
303 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
304 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
305 "
306 fi
307
308 ;;
309
310 "PSK")
311
312 P_CIPHERS="$P_CIPHERS \
313 TLS-DHE-PSK-WITH-RC4-128-SHA \
314 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
315 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
316 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
317 TLS-PSK-WITH-NULL-SHA \
318 TLS-DHE-PSK-WITH-NULL-SHA \
319 "
320
321 if [ "$MODE" = "tls1_2" ];
322 then
323 P_CIPHERS="$P_CIPHERS \
324 TLS-PSK-WITH-AES-128-CBC-SHA256 \
325 TLS-PSK-WITH-AES-256-CBC-SHA384 \
326 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
327 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
328 TLS-PSK-WITH-AES-128-GCM-SHA256 \
329 TLS-PSK-WITH-AES-256-GCM-SHA384 \
330 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
331 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
332 TLS-PSK-WITH-NULL-SHA256 \
333 TLS-PSK-WITH-NULL-SHA384 \
334 TLS-DHE-PSK-WITH-NULL-SHA256 \
335 TLS-DHE-PSK-WITH-NULL-SHA384 \
336 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
337 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
338 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
339 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
340 "
341 fi
342
343esac
Paul Bakker48f7a5d2013-04-19 14:30:58 +0200[diff] [blame]344
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]345# Filter ciphersuites
346if [ "X" != "X$FILTER" ];
347then
348 O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
349 P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
350fi
351
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]352for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]353do
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]354 log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
Paul Bakker89fe7f42013-06-29 16:18:10 +0200[diff] [blame]355 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]356 EXIT=$?
357 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
358 if [ "$EXIT" = "2" ];
359 then
360 echo Ciphersuite not supported in client
361 elif [ "$EXIT" != "0" ];
362 then
363 echo Failed
364 echo $RESULT
365 else
366 echo Success
367 fi
368done
369kill $PROCESS_ID
Paul Bakkeraccd4eb2013-07-19 13:41:51 +0200[diff] [blame]370wait $PROCESS_ID 2>/dev/null
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]371
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]372done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]373done
Manuel Pégourié-Gonnard9791a402013-08-27 19:57:15 +0200[diff] [blame^]374done