TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/archive/polarssl-1.2 / . / tests / compat.sh
blob: b7170ffd178e5ec4d907b6bf8230018c845ac0af [file] [log] [blame]
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]1killall -q openssl ssl_server ssl_server2
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]2
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]3MODES="ssl3 tls1 tls1_1 tls1_2"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]4VERIFIES="NO YES"
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]5OPENSSL=openssl
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]6
Manuel Pégourié-Gonnardaec13852014-11-17 11:12:33 +0100[diff] [blame]7FAILED=0
8
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]9for VERIFY in $VERIFIES;
10do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]11if [ "X$VERIFY" = "XYES" ];
12then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]13 P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
14 P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
Manuel Pégourié-Gonnard5324d412015-06-26 18:20:34 +0200[diff] [blame]15 O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key -dhparam data_files/dhparams.pem"
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]16 O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]17fi
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]18
19for MODE in $MODES;
20do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]21echo "Running for $MODE (Verify: $VERIFY)"
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]22echo "-----------"
23
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]24P_CIPHERS=" \
25 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
26 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
27 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
28 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
29 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
30 TLS-RSA-WITH-AES-256-CBC-SHA \
31 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
32 TLS-RSA-WITH-AES-128-CBC-SHA \
33 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
34 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
35 TLS-RSA-WITH-RC4-128-SHA \
36 TLS-RSA-WITH-RC4-128-MD5 \
37 TLS-RSA-WITH-NULL-MD5 \
38 TLS-RSA-WITH-NULL-SHA \
39 TLS-RSA-WITH-DES-CBC-SHA \
40 TLS-DHE-RSA-WITH-DES-CBC-SHA \
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]41 "
42
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]43O_CIPHERS=" \
44 DHE-RSA-AES128-SHA \
45 DHE-RSA-AES256-SHA \
46 DHE-RSA-CAMELLIA128-SHA \
47 DHE-RSA-CAMELLIA256-SHA \
48 EDH-RSA-DES-CBC3-SHA \
49 AES256-SHA \
50 CAMELLIA256-SHA \
51 AES128-SHA \
52 CAMELLIA128-SHA \
53 DES-CBC3-SHA \
54 RC4-SHA \
55 RC4-MD5 \
56 NULL-MD5 \
57 NULL-SHA \
58 DES-CBC-SHA \
59 EDH-RSA-DES-CBC-SHA \
60 "
61
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]62# Also add SHA256 ciphersuites
63#
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]64if [ "$MODE" = "tls1_2" ];
65then
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]66 P_CIPHERS="$P_CIPHERS \
67 TLS-RSA-WITH-NULL-SHA256 \
68 TLS-RSA-WITH-AES-128-CBC-SHA256 \
69 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
70 TLS-RSA-WITH-AES-256-CBC-SHA256 \
71 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
72 "
73
74 O_CIPHERS="$O_CIPHERS \
75 NULL-SHA256 \
76 AES128-SHA256 \
77 DHE-RSA-AES128-SHA256 \
78 AES256-SHA256 \
79 DHE-RSA-AES256-SHA256 \
80 "
81
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]82 P_CIPHERS="$P_CIPHERS \
83 TLS-RSA-WITH-AES-128-GCM-SHA256 \
84 TLS-RSA-WITH-AES-256-GCM-SHA384 \
85 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
86 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]87 "
88
89 O_CIPHERS="$O_CIPHERS \
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]90 AES128-GCM-SHA256 \
91 DHE-RSA-AES128-GCM-SHA256 \
92 AES256-GCM-SHA384 \
93 DHE-RSA-AES256-GCM-SHA384 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]94 "
95fi
96
Paul Bakker0c93d122012-09-13 14:26:09 +0000[diff] [blame]97$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]98PROCESS_ID=$!
99
100sleep 1
101
102for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]103do
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]104 RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]105 EXIT=$?
106 echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
107 if [ "$EXIT" = "2" ];
108 then
109 echo Ciphersuite not supported in client
110 elif [ "$EXIT" != "0" ];
111 then
Manuel Pégourié-Gonnardaec13852014-11-17 11:12:33 +0100[diff] [blame]112 FAILED=1
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]113 echo Failed
114 echo $RESULT
115 else
116 echo Success
117 fi
118done
119kill $PROCESS_ID
120
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]121../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]122PROCESS_ID=$!
123
124sleep 1
125
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]126for i in $O_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]127do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]128 RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]129 EXIT=$?
130 echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
131
132 if [ "$EXIT" != "0" ];
133 then
134 SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
135 if [ "X$SUPPORTED" != "X" ]
136 then
137 echo "Ciphersuite not supported in server"
138 else
Manuel Pégourié-Gonnardaec13852014-11-17 11:12:33 +0100[diff] [blame]139 FAILED=1
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]140 echo Failed
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]141 echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
142 echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]143 echo $RESULT
144 fi
145 else
146 echo Success
147 fi
148done
149
150kill $PROCESS_ID
151
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]152../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]153PROCESS_ID=$!
154
155sleep 1
156
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]157# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
158# Add for PolarSSL only test, which does support them.
159#
160if [ "$MODE" = "tls1_2" ];
161then
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]162 P_CIPHERS="$P_CIPHERS \
163 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
164 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
165 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
166 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]167 "
168fi
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]169
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]170for i in $P_CIPHERS;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]171do
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]172 RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]173 EXIT=$?
174 echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
175 if [ "$EXIT" = "2" ];
176 then
177 echo Ciphersuite not supported in client
178 elif [ "$EXIT" != "0" ];
179 then
Manuel Pégourié-Gonnardaec13852014-11-17 11:12:33 +0100[diff] [blame]180 FAILED=1
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]181 echo Failed
182 echo $RESULT
183 else
184 echo Success
185 fi
186done
187kill $PROCESS_ID
188
Paul Bakker398cb512012-04-10 08:22:31 +0000[diff] [blame]189done
Paul Bakker1eeceae2012-11-23 14:25:34 +0100[diff] [blame]190done
Manuel Pégourié-Gonnardaec13852014-11-17 11:12:33 +0100[diff] [blame]191
192exit $FAILED