mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test against GnuTLS for every common ciphersuite

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-25 19:07:28 +01:00 committed by Paul Bakker
parent a1a9f9a639
commit 12b8472f2f
1 changed files with 121 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
tests/compat.sh
View File

@ -1,7 +1,9 @@
#!/bin/bash #!/bin/bash
# Test interop with OpenSSL for each common ciphersuite and version. # Test interop with OpenSSL and GnuTLS (and self-op while at it).
# Also test selfop for ciphersuites not shared with OpenSSL. #
# Check each common ciphersuite, with each version, both ways (client/server),
# with and without client authentication.
# test if those two are set in the environment before assigning defaults # test if those two are set in the environment before assigning defaults
if [ -n "$GNUTLS_CLI" -a -n "$GNUTLS_SERV" ]; then if [ -n "$GNUTLS_CLI" -a -n "$GNUTLS_SERV" ]; then
@ -133,7 +135,7 @@ reset_ciphersuites()
G_CIPHERS="" G_CIPHERS=""
} }
add_openssl_ciphersuites() add_common_ciphersuites()
{ {
case $TYPE in case $TYPE in
@ -146,11 +148,13 @@ add_openssl_ciphersuites()
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
TLS-ECDH-ECDSA-WITH-NULL-SHA \ "
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \ G_CIPHERS="$G_CIPHERS \
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ +ECDHE-ECDSA:+NULL:+SHA1 \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ +ECDHE-ECDSA:+ARCFOUR-128:+SHA1 \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ +ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-NULL-SHA \ ECDHE-ECDSA-NULL-SHA \
@ -158,11 +162,6 @@ add_openssl_ciphersuites()
ECDHE-ECDSA-DES-CBC3-SHA \ ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES256-SHA \
ECDH-ECDSA-NULL-SHA \
ECDH-ECDSA-RC4-SHA \
ECDH-ECDSA-DES-CBC3-SHA \
ECDH-ECDSA-AES128-SHA \
ECDH-ECDSA-AES256-SHA \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ "$MODE" = "tls1_2" ];
@ -172,20 +171,18 @@ add_openssl_ciphersuites()
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ "
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ G_CIPHERS="$G_CIPHERS \
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \ ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES256-GCM-SHA384 \
ECDH-ECDSA-AES128-SHA256 \
ECDH-ECDSA-AES256-SHA384 \
ECDH-ECDSA-AES128-GCM-SHA256 \
ECDH-ECDSA-AES256-GCM-SHA384 \
" "
fi fi
;; ;;
@ -206,8 +203,22 @@ add_openssl_ciphersuites()
TLS-RSA-WITH-RC4-128-MD5 \ TLS-RSA-WITH-RC4-128-MD5 \
TLS-RSA-WITH-NULL-MD5 \ TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \ TLS-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-DES-CBC-SHA \ "
TLS-DHE-RSA-WITH-DES-CBC-SHA \ G_CIPHERS="$G_CIPHERS \
+DHE-RSA:+AES-128-CBC:+SHA1 \
+DHE-RSA:+AES-256-CBC:+SHA1 \
+DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \
+DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \
+DHE-RSA:+3DES-CBC:+SHA1 \
+RSA:+AES-256-CBC:+SHA1 \
+RSA:+CAMELLIA-256-CBC:+SHA1 \
+RSA:+AES-128-CBC:+SHA1 \
+RSA:+CAMELLIA-128-CBC:+SHA1 \
+RSA:+3DES-CBC:+SHA1 \
+RSA:+ARCFOUR-128:+SHA1 \
+RSA:+ARCFOUR-128:+MD5 \
+RSA:+NULL:+MD5 \
+RSA:+NULL:+SHA1 \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
DHE-RSA-AES128-SHA \ DHE-RSA-AES128-SHA \
@ -224,8 +235,6 @@ add_openssl_ciphersuites()
RC4-MD5 \ RC4-MD5 \
NULL-MD5 \ NULL-MD5 \
NULL-SHA \ NULL-SHA \
DES-CBC-SHA \
EDH-RSA-DES-CBC-SHA \
" "
if [ "$MODE" != "ssl3" ]; if [ "$MODE" != "ssl3" ];
then then
@ -236,6 +245,13 @@ add_openssl_ciphersuites()
TLS-ECDHE-RSA-WITH-RC4-128-SHA \ TLS-ECDHE-RSA-WITH-RC4-128-SHA \
TLS-ECDHE-RSA-WITH-NULL-SHA \ TLS-ECDHE-RSA-WITH-NULL-SHA \
" "
G_CIPHERS="$G_CIPHERS \
+ECDHE-RSA:+AES-128-CBC:+SHA1 \
+ECDHE-RSA:+AES-256-CBC:+SHA1 \
+ECDHE-RSA:+3DES-CBC:+SHA1 \
+ECDHE-RSA:+ARCFOUR-128:+SHA1 \
+ECDHE-RSA:+NULL:+SHA1 \
"
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES256-SHA \
ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES128-SHA \
@ -261,6 +277,21 @@ add_openssl_ciphersuites()
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
" "
G_CIPHERS="$G_CIPHERS \
+RSA:+NULL:+SHA256 \
+RSA:+AES-128-CBC:+SHA256 \
+DHE-RSA:+AES-128-CBC:+SHA256 \
+RSA:+AES-256-CBC:+SHA256 \
+DHE-RSA:+AES-256-CBC:+SHA256 \
+ECDHE-RSA:+AES-128-CBC:+SHA256 \
+ECDHE-RSA:+AES-256-CBC:+SHA384 \
+RSA:+AES-128-GCM:+AEAD \
+RSA:+AES-256-GCM:+AEAD \
+DHE-RSA:+AES-128-GCM:+AEAD \
+DHE-RSA:+AES-256-GCM:+AEAD \
+ECDHE-RSA:+AES-128-GCM:+AEAD \
+ECDHE-RSA:+AES-256-GCM:+AEAD \
"
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
NULL-SHA256 \ NULL-SHA256 \
AES128-SHA256 \ AES128-SHA256 \
@ -286,6 +317,12 @@ add_openssl_ciphersuites()
TLS-PSK-WITH-AES-128-CBC-SHA \ TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \ TLS-PSK-WITH-AES-256-CBC-SHA \
" "
G_CIPHERS="$G_CIPHERS \
+PSK:+ARCFOUR-128:+SHA1 \
+PSK:+3DES-CBC:+SHA1 \
+PSK:+AES-128-CBC:+SHA1 \
+PSK:+AES-256-CBC:+SHA1 \
"
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
PSK-RC4-SHA \ PSK-RC4-SHA \
PSK-3DES-EDE-CBC-SHA \ PSK-3DES-EDE-CBC-SHA \
@ -296,6 +333,61 @@ add_openssl_ciphersuites()
esac esac
} }
add_openssl_ciphersuites()
{
case $TYPE in
"ECDSA")
if [ "$MODE" != "ssl3" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-NULL-SHA \
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
"
O_CIPHERS="$O_CIPHERS \
ECDH-ECDSA-NULL-SHA \
ECDH-ECDSA-RC4-SHA \
ECDH-ECDSA-DES-CBC3-SHA \
ECDH-ECDSA-AES128-SHA \
ECDH-ECDSA-AES256-SHA \
"
fi
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
"
O_CIPHERS="$O_CIPHERS \
ECDH-ECDSA-AES128-SHA256 \
ECDH-ECDSA-AES256-SHA384 \
ECDH-ECDSA-AES128-GCM-SHA256 \
ECDH-ECDSA-AES256-GCM-SHA384 \
"
fi
;;
"RSA")
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-DES-CBC-SHA \
TLS-DHE-RSA-WITH-DES-CBC-SHA \
"
O_CIPHERS="$O_CIPHERS \
DES-CBC-SHA \
EDH-RSA-DES-CBC-SHA \
"
;;
"PSK")
;;
esac
}
add_gnutls_ciphersuites() add_gnutls_ciphersuites()
{ {
case $TYPE in case $TYPE in
@ -533,7 +625,7 @@ setup_arguments()
P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE" P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
O_SERVER_ARGS="-www -cipher NULL,ALL -$MODE" O_SERVER_ARGS="-www -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p 4433 --http" G_SERVER_ARGS="-p 4433 --http"
G_SERVER_PRIO="EXPORT:+NULL:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
P_CLIENT_ARGS="force_version=$MODE" P_CLIENT_ARGS="force_version=$MODE"
O_CLIENT_ARGS="-$MODE" O_CLIENT_ARGS="-$MODE"
@ -852,6 +944,7 @@ for VERIFY in $VERIFIES; do
[Oo]pen*) [Oo]pen*)
reset_ciphersuites reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites add_openssl_ciphersuites
filter_ciphersuites filter_ciphersuites
@ -876,6 +969,7 @@ for VERIFY in $VERIFIES; do
[Gg]nu*) [Gg]nu*)
reset_ciphersuites reset_ciphersuites
add_common_ciphersuites
add_gnutls_ciphersuites add_gnutls_ciphersuites
filter_ciphersuites filter_ciphersuites
@ -900,6 +994,7 @@ for VERIFY in $VERIFIES; do
[Pp]olar*) [Pp]olar*)
reset_ciphersuites reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites add_openssl_ciphersuites
add_gnutls_ciphersuites add_gnutls_ciphersuites
add_polarssl_ciphersuites add_polarssl_ciphersuites