AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
31a2325810
mbedtls/tests/compat.sh

577 lines
19 KiB
Bash
Raw Normal View History

compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
#!/bin/bash
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
killall -q openssl ssl_server ssl_server2
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "tests = 0"
let "failed = 0"
let "skipped = 0"
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
MODES="ssl3 tls1 tls1_1 tls1_2"
More expansive testing
2012-11-23 13:25:34 +00:00
VERIFIES="NO YES"
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
TYPES="ECDSA RSA PSK"
- Ability to define openssl at top - Also add SHA256 ciphersuites in non-tls 1.2 modes
2012-09-13 14:26:09 +00:00
OPENSSL=openssl
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
FILTER=""
VERBOSE=""
# Parse arguments
#
until [ -z "$1" ]
do
case "$1" in
-f|--filter)
# Filter ciphersuites
shift
FILTER=$1
;;
Added --modes option to tests/compat.sh
2013-07-25 15:01:20 +00:00
-m|--modes)
# Perform modes
shift
MODES=$1
;;
Small adjustments in compat.sh
2013-08-27 18:48:40 +00:00
-t|--types)
# Key exchange types
shift
TYPES=$1
;;
-V|--verify)
# Verifiction modes
shift
VERIFIES=$1
;;
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
-v|--verbose)
# Set verbosity
shift
VERBOSE=1
;;
-h|--help)
# print help
echo "Usage: $0"
Added --modes option to tests/compat.sh
2013-07-25 15:01:20 +00:00
echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
echo -e " -h|--help\t\tPrint this help."
Added --modes option to tests/compat.sh
2013-07-25 15:01:20 +00:00
echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
Small adjustments in compat.sh
2013-08-27 18:48:40 +00:00
echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
echo -e " -v|--verbose\t\tSet verbose output."
exit 1
;;
*)
# print error
echo "Unknown argument: '$1'"
exit 1
;;
esac
shift
done
log () {
if [ "X" != "X$VERBOSE" ]; then
echo "$@"
fi
}
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Small adjustments in compat.sh
2013-08-27 18:48:40 +00:00
filter()
{
LIST=$1
FILTER=$2
NEW_LIST=""
for i in $LIST;
do
NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )"
done
echo "$NEW_LIST"
}
More expansive testing
2012-11-23 13:25:34 +00:00
for VERIFY in $VERIFIES;
do
Added PSK ciphersuite tests to compat.sh
2013-04-17 17:27:58 +00:00
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
if [ "X$VERIFY" = "XYES" ];
then
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
P_SERVER_BASE="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
P_CLIENT_BASE="ca_file=data_files/test-ca_cat12.crt"
O_SERVER_BASE="-CAfile data_files/test-ca_cat12.crt -Verify 10"
O_CLIENT_BASE="-CAfile data_files/test-ca_cat12.crt"
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
else
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
P_SERVER_BASE=""
P_CLIENT_BASE=""
O_SERVER_BASE=""
O_CLIENT_BASE=""
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
fi
- Allow to test for multiple modes
2012-04-10 08:22:31 +00:00
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
- Allow to test for multiple modes
2012-04-10 08:22:31 +00:00
for MODE in $MODES;
do
Check -m option in compat.sh
2013-09-13 17:20:37 +00:00
# avoid an avalanche of errors due to typos
case $MODE in
ssl3|tls1|tls1_1|tls1_2)
;;
*)
echo "error: invalid mode: $MODE" >&2
exit 1;
esac
Small adjustments in compat.sh
2013-08-27 18:48:40 +00:00
echo "-----------"
More expansive testing
2012-11-23 13:25:34 +00:00
echo "Running for $MODE (Verify: $VERIFY)"
- Allow to test for multiple modes
2012-04-10 08:22:31 +00:00
echo "-----------"
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
for TYPE in $TYPES;
do
case $TYPE in
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
"ECDSA")
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server5.crt key_file=data_files/server5.key"
P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server6.crt key_file=data_files/server6.key"
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
Fix EC suites version requirements in compat.sh
2013-12-12 10:37:11 +00:00
if [ "$MODE" != "ssl3" ];
then
P_CIPHERS=" \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
Add ECDH_ECDSA suites to compat.sh
2013-12-12 10:54:11 +00:00
TLS-ECDH-ECDSA-WITH-NULL-SHA \
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
Fix EC suites version requirements in compat.sh
2013-12-12 10:37:11 +00:00
"
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
Fix EC suites version requirements in compat.sh
2013-12-12 10:37:11 +00:00
O_CIPHERS=" \
ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-RC4-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
Add ECDH_ECDSA suites to compat.sh
2013-12-12 10:54:11 +00:00
ECDH-ECDSA-NULL-SHA \
ECDH-ECDSA-RC4-SHA \
ECDH-ECDSA-DES-CBC3-SHA \
ECDH-ECDSA-AES128-SHA \
ECDH-ECDSA-AES256-SHA \
Fix EC suites version requirements in compat.sh
2013-12-12 10:37:11 +00:00
"
fi
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
Add ECDH_ECDSA suites to compat.sh
2013-12-12 10:54:11 +00:00
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
"
O_CIPHERS=" \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
Add ECDH_ECDSA suites to compat.sh
2013-12-12 10:54:11 +00:00
ECDH-ECDSA-AES128-SHA256 \
ECDH-ECDSA-AES256-SHA384 \
ECDH-ECDSA-AES128-GCM-SHA256 \
ECDH-ECDSA-AES256-GCM-SHA384 \
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
"
fi
;;
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
"RSA")
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
P_SERVER_ARGS="$P_SERVER_BASE crt_file=data_files/server1.crt key_file=data_files/server1.key"
P_CLIENT_ARGS="$P_CLIENT_BASE crt_file=data_files/server2.crt key_file=data_files/server2.key"
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
P_CIPHERS=" \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
TLS-RSA-WITH-AES-256-CBC-SHA \
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-RSA-WITH-3DES-EDE-CBC-SHA \
TLS-RSA-WITH-RC4-128-SHA \
TLS-RSA-WITH-RC4-128-MD5 \
TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-DES-CBC-SHA \
TLS-DHE-RSA-WITH-DES-CBC-SHA \
"
O_CIPHERS=" \
DHE-RSA-AES128-SHA \
DHE-RSA-AES256-SHA \
DHE-RSA-CAMELLIA128-SHA \
DHE-RSA-CAMELLIA256-SHA \
EDH-RSA-DES-CBC3-SHA \
AES256-SHA \
CAMELLIA256-SHA \
AES128-SHA \
CAMELLIA128-SHA \
DES-CBC3-SHA \
RC4-SHA \
RC4-MD5 \
NULL-MD5 \
NULL-SHA \
DES-CBC-SHA \
EDH-RSA-DES-CBC-SHA \
"
Fix EC suites version requirements in compat.sh
2013-12-12 10:37:11 +00:00
if [ "$MODE" != "ssl3" ];
then
P_CIPHERS=" \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
TLS-ECDHE-RSA-WITH-NULL-SHA \
"
O_CIPHERS=" \
ECDHE-RSA-AES256-SHA \
ECDHE-RSA-AES128-SHA \
ECDHE-RSA-DES-CBC3-SHA \
ECDHE-RSA-RC4-SHA \
ECDHE-RSA-NULL-SHA \
"
fi
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-NULL-SHA256 \
TLS-RSA-WITH-AES-128-CBC-SHA256 \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
TLS-RSA-WITH-AES-256-CBC-SHA256 \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
TLS-RSA-WITH-AES-128-GCM-SHA256 \
TLS-RSA-WITH-AES-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
"
O_CIPHERS="$O_CIPHERS \
NULL-SHA256 \
AES128-SHA256 \
DHE-RSA-AES128-SHA256 \
AES256-SHA256 \
DHE-RSA-AES256-SHA256 \
ECDHE-RSA-AES128-SHA256 \
ECDHE-RSA-AES256-SHA384 \
AES128-GCM-SHA256 \
DHE-RSA-AES128-GCM-SHA256 \
AES256-GCM-SHA384 \
DHE-RSA-AES256-GCM-SHA384 \
ECDHE-RSA-AES128-GCM-SHA256 \
ECDHE-RSA-AES256-GCM-SHA384 \
"
fi
;;
"PSK")
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
P_SERVER_ARGS="$P_SERVER_BASE psk=6162636465666768696a6b6c6d6e6f70"
P_CLIENT_ARGS="$P_CLIENT_BASE psk=6162636465666768696a6b6c6d6e6f70"
compat.sh cleanups
2013-12-17 10:06:50 +00:00
# openssl s_server won't start without certificates...
O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
Fix certs/psk arguments in compat.sh
2013-09-20 10:44:08 +00:00
O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
P_CIPHERS=" \
TLS-PSK-WITH-RC4-128-SHA \
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \
"
O_CIPHERS=" \
PSK-RC4-SHA \
PSK-3DES-EDE-CBC-SHA \
PSK-AES128-CBC-SHA \
PSK-AES256-CBC-SHA \
"
;;
esac
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
# Filter ciphersuites
if [ "X" != "X$FILTER" ];
then
O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
fi
compat.sh cleanups
2013-12-17 10:06:50 +00:00
log "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
PROCESS_ID=$!
sleep 1
for i in $P_CIPHERS;
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
do
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "tests++"
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
compat.sh modified to support new ssl_server2 and ssl_client2 capabilities
2013-06-29 14:18:10 +00:00
RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
EXIT=$?
echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
if [ "$EXIT" = "2" ];
then
echo Ciphersuite not supported in client
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "skipped++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
elif [ "$EXIT" != "0" ];
then
echo Failed
compat.sh cleanups
2013-12-17 10:06:50 +00:00
echo "$OPENSSL s_server -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
echo $RESULT
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "failed++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
else
echo Success
fi
done
kill $PROCESS_ID
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
wait $PROCESS_ID 2>/dev/null
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null"
compat.sh modified to support new ssl_server2 and ssl_client2 capabilities
2013-06-29 14:18:10 +00:00
../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
PROCESS_ID=$!
sleep 1
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
for i in $O_CIPHERS;
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
do
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "tests++"
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
More expansive testing
2012-11-23 13:25:34 +00:00
RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
EXIT=$?
echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
if [ "$EXIT" != "0" ];
then
SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
if [ "X$SUPPORTED" != "X" ]
then
echo "Ciphersuite not supported in server"
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "skipped++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
else
echo Failed
compat.sh cleanups
2013-12-17 10:06:50 +00:00
echo "ssl_server2 $P_SERVER_ARGS force_version=$MODE"
echo "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
echo $RESULT
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "failed++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
fi
else
echo Success
fi
done
kill $PROCESS_ID
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
wait $PROCESS_ID 2>/dev/null
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE"
compat.sh modified to support new ssl_server2 and ssl_client2 capabilities
2013-06-29 14:18:10 +00:00
../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null &
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
PROCESS_ID=$!
sleep 1
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
# Add ciphersuites supported by PolarSSL only
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
case $TYPE in
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
"ECDSA")
Update compat.sh ciphersuite versions
2013-11-26 13:29:13 +00:00
if [ "$MODE" != "ssl3" ];
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
Add ECDH_ECDSA suites to compat.sh
2013-12-12 10:54:11 +00:00
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
"
fi
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
"
fi
;;
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
"RSA")
Update compat.sh ciphersuite versions
2013-11-26 13:29:13 +00:00
if [ "$MODE" != "ssl3" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
"
fi
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
if [ "$MODE" = "tls1_2" ];
then
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Add Camellia-GCM ciphersuites
2013-10-24 17:49:07 +00:00
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
Add ECDSA suites to compat.sh
2013-08-27 19:03:33 +00:00
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
Update compat.sh ciphersuite versions
2013-11-26 13:29:13 +00:00
TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Add Camellia-GCM ciphersuites
2013-10-24 17:49:07 +00:00
TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
"
fi
;;
"PSK")
P_CIPHERS="$P_CIPHERS \
TLS-DHE-PSK-WITH-RC4-128-SHA \
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
TLS-DHE-PSK-WITH-NULL-SHA \
Add RSA-PSK and ECDHE-PSK suites to compat.sh
2013-10-15 10:26:10 +00:00
TLS-PSK-WITH-NULL-SHA \
TLS-RSA-PSK-WITH-RC4-128-SHA \
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
TLS-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-NULL-MD5 \
Update compat.sh ciphersuite versions
2013-11-26 13:29:13 +00:00
TLS-PSK-WITH-AES-128-CBC-SHA256 \
TLS-PSK-WITH-AES-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
TLS-PSK-WITH-NULL-SHA256 \
TLS-PSK-WITH-NULL-SHA384 \
TLS-DHE-PSK-WITH-NULL-SHA256 \
TLS-DHE-PSK-WITH-NULL-SHA384 \
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
TLS-RSA-PSK-WITH-NULL-SHA256 \
TLS-RSA-PSK-WITH-NULL-SHA384 \
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
"
Add RSA-PSK and ECDHE-PSK suites to compat.sh
2013-10-15 10:26:10 +00:00
if [ "$MODE" != "ssl3" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-PSK-WITH-RC4-128-SHA \
TLS-ECDHE-PSK-WITH-NULL-SHA \
Update compat.sh ciphersuite versions
2013-11-26 13:29:13 +00:00
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-PSK-WITH-NULL-SHA384 \
TLS-ECDHE-PSK-WITH-NULL-SHA256 \
Add RSA-PSK and ECDHE-PSK suites to compat.sh
2013-10-15 10:26:10 +00:00
"
fi
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-PSK-WITH-AES-128-GCM-SHA256 \
TLS-PSK-WITH-AES-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
Add Camellia-GCM ciphersuites
2013-10-24 17:49:07 +00:00
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
Add RSA-PSK and ECDHE-PSK suites to compat.sh
2013-10-15 10:26:10 +00:00
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
TLS-RSA-WITH-NULL-SHA256 \
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
"
fi
esac
DHE-PSK based ciphersuite support added and cleaner key exchange based code selection The base RFC 4279 DHE-PSK ciphersuites are now supported and added. The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 12:30:58 +00:00
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
# Filter ciphersuites
if [ "X" != "X$FILTER" ];
then
O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" )
P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" )
fi
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
for i in $P_CIPHERS;
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
do
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "tests++"
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
compat.sh modified to support new ssl_server2 and ssl_client2 capabilities
2013-06-29 14:18:10 +00:00
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
EXIT=$?
echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
if [ "$EXIT" = "2" ];
then
echo Ciphersuite not supported in client
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "skipped++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
elif [ "$EXIT" != "0" ];
then
echo Failed
compat.sh cleanups
2013-12-17 10:06:50 +00:00
echo "ssl_server2 $P_SERVER_ARGS"
echo "ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
echo $RESULT
compat.sh: report results
2013-08-27 20:00:47 +00:00
let "failed++"
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
else
echo Success
fi
done
kill $PROCESS_ID
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 11:41:51 +00:00
wait $PROCESS_ID 2>/dev/null
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
- Allow to test for multiple modes
2012-04-10 08:22:31 +00:00
done
More expansive testing
2012-11-23 13:25:34 +00:00
done
Refactor compat.sh to prepare for ECDSA
2013-08-27 17:57:15 +00:00
done
compat.sh: report results
2013-08-27 20:00:47 +00:00
echo ""
echo "-------------------------------------------------------------------------"
echo ""
if (( failed != 0 ));
then
echo -n "FAILED"
else
echo -n "PASSED"
fi
let "passed = tests - failed"
echo " ($passed / $tests tests ($skipped skipped))"
exit $failed
Reference in New Issue Copy Permalink