diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-04 09:13:13 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-04 09:14:32 +0100 |
commit | d0c2125b1fe0c14217c90b7bd1c1d4f381f20636 (patch) | |
tree | 2ae3b37ae2c5a1fa7b7633168f0bda8162c24417 /tests | |
parent | 2fff30a4ebfb1f66dcd349084918ed2aa9a60485 (diff) | |
download | gnutls-d0c2125b1fe0c14217c90b7bd1c1d4f381f20636.tar.gz |
testcompat: check the PSK ciphersuite interoperability against polarssl
Diffstat (limited to 'tests')
-rw-r--r-- | tests/suite/testcompat-common | 3 | ||||
-rwxr-xr-x | tests/suite/testcompat-polarssl | 89 |
2 files changed, 92 insertions, 0 deletions
diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common index eca7c7baf8..b98d2ded85 100644 --- a/tests/suite/testcompat-common +++ b/tests/suite/testcompat-common @@ -47,3 +47,6 @@ SERV_CERT=$srcdir/../../doc/credentials/x509/cert-rsa.pem SERV_KEY=$srcdir/../../doc/credentials/x509/key-rsa.pem SERV_DSA_CERT=$srcdir/../../doc/credentials/x509/cert-dsa.pem SERV_DSA_KEY=$srcdir/../../doc/credentials/x509/key-dsa.pem + +SERV_PSK=$srcdir/../../doc/credentials/psk-passwd.txt + diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl index 86e57d4b28..3b670997bf 100755 --- a/tests/suite/testcompat-polarssl +++ b/tests/suite/testcompat-polarssl @@ -128,6 +128,50 @@ $POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_po kill $PID wait +echo "Check TLS 1.0 with PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with DHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with RSA-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher RSA-PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + if test $ALL_CURVES = 1;then echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! @@ -251,6 +295,51 @@ $POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 serve kill $PID wait +echo "Check TLS 1.2 with PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with DHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with RSA-PSK ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher RSA-PSK-AES128-SHA +$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ + fail $PID "Failed" + +kill $PID +wait + + rm -f $LOGFILE exit 0 |