diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-05 15:46:27 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-06 09:52:35 +0100 |
commit | bf70160547204d5db0890c7ccd8d3013e72b7a07 (patch) | |
tree | 70b855996c47e58deecea8e99879f0235e0f4223 /tests/suite/testcompat-main-polarssl | |
parent | 6c0190253c100195b0c0237e37e955e1e9cccd1b (diff) | |
download | gnutls-bf70160547204d5db0890c7ccd8d3013e72b7a07.tar.gz |
tests: separated the two testcompat tests (openssl/polarssl)
Diffstat (limited to 'tests/suite/testcompat-main-polarssl')
-rwxr-xr-x | tests/suite/testcompat-main-polarssl | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl new file mode 100755 index 0000000000..d97c5b6cb9 --- /dev/null +++ b/tests/suite/testcompat-main-polarssl @@ -0,0 +1,359 @@ +#!/bin/sh + +# Copyright (C) 2014 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +LOGFILE=polarssl.log +unset RETCODE +if ! test -z "${VALGRIND}";then +VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${WINDIR}" != "";then + exit 77 +fi + +. $srcdir/../scripts/common.sh + +PORT="${PORT:-$RPORT}" +POLARSSL_CLI="/usr/libexec/polarssl/ssl_client2" + +TXT=`$CLI --priority NORMAL --list|grep SECP224` +if test -z $TEXT;then + ALL_CURVES=0 +else + ALL_CURVES=1 +fi + +VERSION=`grep released /usr/share/doc/polarssl/ChangeLog|head -1|cut -d ' ' -f 3` + +echo "Compatibility checks using polarssl "$VERSION +echo $VERSION|grep -e 1\.3\. >/dev/null 2>&1 +SV=$? +if test $SV != 0;then + echo "PolarSSL 1.3.x is required for the tests to run" + exit 77 +fi + +if ! test -x $POLARSSL;then + echo "PolarSSL is required for this test to run" + exit 77 +fi + +. ./testcompat-common + +echo "" +echo "##################################################" +echo "# Server mode tests (gnutls server-polarssl cli) #" +echo "##################################################" +SERV="../../src/gnutls-serv$EXEEXT -q" + +rm -f $LOGFILE + +for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" +do + +if ! test -z "$ADD";then +echo "" +echo "** Modifier: $ADD" +fi + +echo "Check SSL 3.0 with RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$POLARSSL_CLI server_port=$PORT server_name=localhost max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check SSL 3.0 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +# No DSS for polarssl +#echo "Check SSL 3.0 with DHE-DSS ciphersuite" +#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +#wait_server $PID + +#$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ +# fail $PID "Failed" +# +#kill $PID +#wait + +#TLS 1.0 + +echo "Check TLS 1.0 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +#echo "Check TLS 1.0 with DHE-DSS ciphersuite" +#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +#wait_server $PID + +#$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ +# fail $PID "Failed" + +#kill $PID +#wait + +echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-RSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with DHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with RSA-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher RSA-PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +if test $ALL_CURVES = 1;then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! + wait_server $PID + + #-cipher ECDHE-ECDSA-AES128-SHA + $POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + + kill $PID + wait +fi + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +#echo "Check TLS 1.2 with DHE-DSS ciphersuite" +#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +#wait_server $PID +# +#$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ +# fail $PID "Failed" +# +#kill $PID +#wait + +echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-RSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +if test $ALL_CURVES = 1;then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! + wait_server $PID + + #-cipher ECDHE-ECDSA-AES128-SHA + $POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + + kill $PID + wait +fi + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with DHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with RSA-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher RSA-PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +done + +rm -f $LOGFILE + +exit 0 |