mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 12:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add DTLS self-op test in compat.sh

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-26 15:30:16 +01:00 committed by Paul Bakker
parent fe3f73bdeb
commit 3025b6cfd6
1 changed files with 75 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
tests/compat.sh
View File

@ -40,7 +40,7 @@ else
fi fi
# default values for options # default values for options
MODES="ssl3 tls1 tls1_1 tls1_2" MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2"
VERIFIES="NO YES" VERIFIES="NO YES"
TYPES="ECDSA RSA PSK" TYPES="ECDSA RSA PSK"
FILTER="" FILTER=""
@ -106,18 +106,54 @@ get_options() {
log() { log() {
if [ "X" != "X$VERBOSE" ]; then if [ "X" != "X$VERBOSE" ]; then
echo ""
echo "$@" echo "$@"
fi fi
} }
# is_dtls <mode>
is_dtls()
{
test "$1" = "dtls1" -o "$1" = "dtls1_2"
}
# minor_ver <mode>
minor_ver()
{
case "$1" in
ssl3)
echo 0
;;
tls1)
echo 1
;;
tls1_1|dtls1)
echo 2
;;
tls1_2|dtls1_2)
echo 3
;;
*)
echo "error: invalid mode: $MODE" >&2
# exiting is no good here, typically called in a subshell
echo -1
esac
}
filter() filter()
{ {
LIST="$1" LIST="$1"
NEW_LIST="" NEW_LIST=""
if is_dtls "$MODE"; then
EXCLMODE="$EXCLUDE"'\|RC4'
else
EXCLMODE="$EXCLUDE"
fi
for i in $LIST; for i in $LIST;
do do
NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLUDE" )" NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )"
done done
# normalize whitespace # normalize whitespace
@ -146,7 +182,7 @@ add_common_ciphersuites()
case $TYPE in case $TYPE in
"ECDSA") "ECDSA")
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-NULL-SHA \
@ -170,7 +206,7 @@ add_common_ciphersuites()
ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES256-SHA \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
@ -242,7 +278,7 @@ add_common_ciphersuites()
NULL-MD5 \ NULL-MD5 \
NULL-SHA \ NULL-SHA \
" "
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
@ -266,7 +302,7 @@ add_common_ciphersuites()
ECDHE-RSA-NULL-SHA \ ECDHE-RSA-NULL-SHA \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-128-CBC-SHA256 \
@ -342,7 +378,7 @@ add_openssl_ciphersuites()
case $TYPE in case $TYPE in
"ECDSA") "ECDSA")
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-NULL-SHA \
@ -359,7 +395,7 @@ add_openssl_ciphersuites()
ECDH-ECDSA-AES256-SHA \ ECDH-ECDSA-AES256-SHA \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
@ -397,7 +433,7 @@ add_gnutls_ciphersuites()
case $TYPE in case $TYPE in
"ECDSA") "ECDSA")
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
@ -415,7 +451,7 @@ add_gnutls_ciphersuites()
;; ;;
"RSA") "RSA")
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-NULL-SHA256 \ TLS-RSA-WITH-NULL-SHA256 \
@ -424,7 +460,7 @@ add_gnutls_ciphersuites()
+RSA:+NULL:+SHA256 \ +RSA:+NULL:+SHA256 \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
@ -470,7 +506,7 @@ add_gnutls_ciphersuites()
+DHE-PSK:+AES-256-CBC:+SHA1 \ +DHE-PSK:+AES-256-CBC:+SHA1 \
+DHE-PSK:+ARCFOUR-128:+SHA1 \ +DHE-PSK:+ARCFOUR-128:+SHA1 \
" "
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
@ -493,7 +529,7 @@ add_gnutls_ciphersuites()
+RSA-PSK:+ARCFOUR-128:+SHA1 \ +RSA-PSK:+ARCFOUR-128:+SHA1 \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
@ -581,14 +617,14 @@ add_polarssl_ciphersuites()
case $TYPE in case $TYPE in
"ECDSA") "ECDSA")
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
@ -623,7 +659,7 @@ add_polarssl_ciphersuites()
TLS-PSK-WITH-NULL-SHA \ TLS-PSK-WITH-NULL-SHA \
TLS-DHE-PSK-WITH-NULL-SHA \ TLS-DHE-PSK-WITH-NULL-SHA \
" "
if [ "$MODE" != "ssl3" ]; if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \
TLS-ECDHE-PSK-WITH-NULL-SHA \ TLS-ECDHE-PSK-WITH-NULL-SHA \
@ -649,7 +685,8 @@ add_polarssl_ciphersuites()
setup_arguments() setup_arguments()
{ {
case $MODE in G_MODE=""
case "$MODE" in
"ssl3") "ssl3")
G_PRIO_MODE="+VERS-SSL3.0" G_PRIO_MODE="+VERS-SSL3.0"
;; ;;
@ -662,6 +699,14 @@ setup_arguments()
"tls1_2") "tls1_2")
G_PRIO_MODE="+VERS-TLS1.2" G_PRIO_MODE="+VERS-TLS1.2"
;; ;;
"dtls1")
G_PRIO_MODE="+VERS-DTLS1.0"
G_MODE="-u"
;;
"dtls1_2")
G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u"
;;
*) *)
echo "error: invalid mode: $MODE" >&2 echo "error: invalid mode: $MODE" >&2
exit 1; exit 1;
@ -669,12 +714,12 @@ setup_arguments()
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE" O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http" G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
P_CLIENT_ARGS="server_port=$PORT force_version=$MODE" P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
G_CLIENT_ARGS="-p $PORT --debug 3" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
if [ "X$VERIFY" = "XYES" ]; if [ "X$VERIFY" = "XYES" ];
@ -1012,6 +1057,11 @@ for VERIFY in $VERIFIES; do
[Oo]pen*) [Oo]pen*)
# for now, skip interop test for DTLS
if is_dtls "$MODE"; then
continue
fi
reset_ciphersuites reset_ciphersuites
add_common_ciphersuites add_common_ciphersuites
add_openssl_ciphersuites add_openssl_ciphersuites
@ -1037,6 +1087,11 @@ for VERIFY in $VERIFIES; do
[Gg]nu*) [Gg]nu*)
# for now, skip interop test for DTLS
if is_dtls "$MODE"; then
continue
fi
reset_ciphersuites reset_ciphersuites
add_common_ciphersuites add_common_ciphersuites
add_gnutls_ciphersuites add_gnutls_ciphersuites