#!/bin/sh # compat.sh # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Purpose # # Test interoperbility with OpenSSL, GnuTLS as well as itself. # # Check each common ciphersuite, with each version, both ways (client/server), # with and without client authentication. set -u # Limit the size of each log to 10 GiB, in case of failures with this script # where it may output seemingly unlimited length error logs. ulimit -f 20971520 ORIGINAL_PWD=$PWD if ! cd "$(dirname "$0")"; then exit 125 fi # initialise counters TESTS=0 FAILED=0 SKIPPED=0 SRVMEM=0 # default commands, can be overridden by the environment : ${M_SRV:=../programs/ssl/ssl_server2} : ${M_CLI:=../programs/ssl/ssl_client2} : ${OPENSSL:=openssl} : ${GNUTLS_CLI:=gnutls-cli} : ${GNUTLS_SERV:=gnutls-serv} # The OPENSSL variable used to be OPENSSL_CMD for historical reasons. # To help the migration, error out if the old variable is set, # but only if it has a different value than the new one. if [ "${OPENSSL_CMD+set}" = set ]; then # the variable is set, we can now check its value if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 exit 125 fi fi # do we have a recent enough GnuTLS? if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then G_VER="$( $GNUTLS_CLI --version | head -n1 )" if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version PEER_GNUTLS=" GnuTLS" else eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' ) if [ $MAJOR -lt 3 -o \ \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \ \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ] then PEER_GNUTLS="" else PEER_GNUTLS=" GnuTLS" if [ $MINOR -lt 4 ]; then GNUTLS_MINOR_LT_FOUR='x' fi fi fi else PEER_GNUTLS="" fi guess_config_name() { if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then echo "default" else echo "unknown" fi } : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} # default values for options # /!\ keep this synchronised with: # - basic-build-test.sh # - all.sh (multiple components) MODES="tls12 dtls12" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" # By default, exclude: # - NULL: excluded from our default config + requires OpenSSL legacy # - ARIA: requires OpenSSL >= 1.1.1 # - ChachaPoly: requires OpenSSL >= 1.1.0 EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" # hidden option: skip DTLS with OpenSSL # (travis CI has a version that doesn't work for us) : ${OSSL_NO_DTLS:=0} print_usage() { echo "Usage: $0" printf " -h|--help\tPrint this help.\n" printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" printf " --list-test-case\tList all potential test cases (No Execution)\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" } # print_test_case print_test_case() { for i in $3; do uniform_title $1 $2 $i echo $TITLE done } # list_test_case lists all potential test cases in compat.sh without execution list_test_case() { reset_ciphersuites for TYPE in $TYPES; do add_common_ciphersuites add_openssl_ciphersuites add_gnutls_ciphersuites add_mbedtls_ciphersuites done for VERIFY in $VERIFIES; do VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') for MODE in $MODES; do print_test_case m O "$O_CIPHERS" print_test_case O m "$O_CIPHERS" print_test_case m G "$G_CIPHERS" print_test_case G m "$G_CIPHERS" print_test_case m m "$M_CIPHERS" done done } get_options() { while [ $# -gt 0 ]; do case "$1" in -f|--filter) shift; FILTER=$1 ;; -e|--exclude) shift; EXCLUDE=$1 ;; -m|--modes) shift; MODES=$1 ;; -t|--types) shift; TYPES=$1 ;; -V|--verify) shift; VERIFIES=$1 ;; -p|--peers) shift; PEERS=$1 ;; -v|--verbose) VERBOSE=1 ;; -M|--memcheck) MEMCHECK=1 ;; # Please check scripts/check_test_cases.py correspondingly # if you have to modify option, --list-test-case --list-test-case) list_test_case exit $? ;; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE=$1 ;; -h|--help) print_usage exit 0 ;; *) echo "Unknown argument: '$1'" print_usage exit 1 ;; esac shift done # sanitize some options (modes checked later) VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )" TYPES="$( echo $TYPES | tr [a-z] [A-Z] )" } log() { if [ "X" != "X$VERBOSE" ]; then echo "" echo "$@" fi } # is_dtls is_dtls() { test "$1" = "dtls12" } # minor_ver minor_ver() { case "$1" in tls12|dtls12) echo 3 ;; *) echo "error: invalid mode: $MODE" >&2 # exiting is no good here, typically called in a subshell echo -1 esac } filter() { LIST="$1" NEW_LIST="" EXCLMODE="$EXCLUDE" for i in $LIST; do NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )" done # normalize whitespace echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//' } filter_ciphersuites() { if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; then # Ciphersuite for mbed TLS M_CIPHERS=$( filter "$M_CIPHERS" ) # Ciphersuite for OpenSSL O_CIPHERS=$( filter "$O_CIPHERS" ) # Ciphersuite for GnuTLS G_CIPHERS=$( filter "$G_CIPHERS" ) fi # For GnuTLS client -> mbed TLS server, # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then G_CIPHERS="" fi } reset_ciphersuites() { M_CIPHERS="" O_CIPHERS="" G_CIPHERS="" } # translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...} # Set $ciphers to the cipher suite name translations for the specified # program (gnutls, mbedtls or openssl). $ciphers is a space-separated # list of entries of the form "STANDARD_NAME=PROGRAM_NAME". translate_ciphers() { ciphers=$(scripts/translate_ciphers.py "$@") if [ $? -ne 0 ]; then echo "translate_ciphers.py failed with exit code $1" >&2 echo "$2" >&2 exit 1 fi } # Ciphersuites that can be used with all peers. # Since we currently have three possible peers, each ciphersuite should appear # three times: in each peer's list (with the name that this peer uses). add_common_ciphersuites() { CIPHERS="" case $TYPE in "ECDSA") CIPHERS="$CIPHERS \ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_NULL_SHA \ " ;; "RSA") CIPHERS="$CIPHERS \ TLS_DHE_RSA_WITH_AES_128_CBC_SHA \ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_AES_256_CBC_SHA \ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_NULL_SHA \ TLS_RSA_WITH_AES_128_CBC_SHA \ TLS_RSA_WITH_AES_128_CBC_SHA256 \ TLS_RSA_WITH_AES_128_GCM_SHA256 \ TLS_RSA_WITH_AES_256_CBC_SHA \ TLS_RSA_WITH_AES_256_CBC_SHA256 \ TLS_RSA_WITH_AES_256_GCM_SHA384 \ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \ TLS_RSA_WITH_NULL_MD5 \ TLS_RSA_WITH_NULL_SHA \ TLS_RSA_WITH_NULL_SHA256 \ " ;; "PSK") CIPHERS="$CIPHERS \ TLS_PSK_WITH_AES_128_CBC_SHA \ TLS_PSK_WITH_AES_256_CBC_SHA \ " ;; esac O_CIPHERS="$O_CIPHERS $CIPHERS" G_CIPHERS="$G_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS" } # Ciphersuites usable only with Mbed TLS and OpenSSL # A list of ciphersuites in the standard naming convention is appended # to the list of Mbed TLS ciphersuites $M_CIPHERS and # to the list of OpenSSL ciphersuites $O_CIPHERS respectively. # Based on client's naming convention, all ciphersuite names will be # translated into another naming format before sent to the client. # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, # so RSA-PSK ciphersuites need to go in other sections, see # https://github.com/Mbed-TLS/mbedtls/issues/1419 # # ChachaPoly suites are here rather than in "common", as they were added in # GnuTLS in 3.5.0 and the CI only has 3.4.x so far. add_openssl_ciphersuites() { CIPHERS="" case $TYPE in "ECDSA") CIPHERS="$CIPHERS \ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDH_ECDSA_WITH_NULL_SHA \ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ " ;; "RSA") CIPHERS="$CIPHERS \ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ TLS_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_RSA_WITH_ARIA_256_GCM_SHA384 \ " ;; "PSK") CIPHERS="$CIPHERS \ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ TLS_PSK_WITH_ARIA_128_GCM_SHA256 \ TLS_PSK_WITH_ARIA_256_GCM_SHA384 \ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 \ " ;; esac O_CIPHERS="$O_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS" } # Ciphersuites usable only with Mbed TLS and GnuTLS # A list of ciphersuites in the standard naming convention is appended # to the list of Mbed TLS ciphersuites $M_CIPHERS and # to the list of GnuTLS ciphersuites $G_CIPHERS respectively. # Based on client's naming convention, all ciphersuite names will be # translated into another naming format before sent to the client. add_gnutls_ciphersuites() { CIPHERS="" case $TYPE in "ECDSA") CIPHERS="$CIPHERS \ TLS_ECDHE_ECDSA_WITH_AES_128_CCM \ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 \ TLS_ECDHE_ECDSA_WITH_AES_256_CCM \ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 \ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ " ;; "RSA") CIPHERS="$CIPHERS \ TLS_DHE_RSA_WITH_AES_128_CCM \ TLS_DHE_RSA_WITH_AES_128_CCM_8 \ TLS_DHE_RSA_WITH_AES_256_CCM \ TLS_DHE_RSA_WITH_AES_256_CCM_8 \ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_RSA_WITH_AES_128_CCM \ TLS_RSA_WITH_AES_128_CCM_8 \ TLS_RSA_WITH_AES_256_CCM \ TLS_RSA_WITH_AES_256_CCM_8 \ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ " ;; "PSK") CIPHERS="$CIPHERS \ TLS_DHE_PSK_WITH_AES_128_CBC_SHA \ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \ TLS_DHE_PSK_WITH_AES_128_CCM \ TLS_DHE_PSK_WITH_AES_128_CCM_8 \ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \ TLS_DHE_PSK_WITH_AES_256_CBC_SHA \ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \ TLS_DHE_PSK_WITH_AES_256_CCM \ TLS_DHE_PSK_WITH_AES_256_CCM_8 \ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \ TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_DHE_PSK_WITH_NULL_SHA256 \ TLS_DHE_PSK_WITH_NULL_SHA384 \ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_PSK_WITH_NULL_SHA256 \ TLS_ECDHE_PSK_WITH_NULL_SHA384 \ TLS_PSK_WITH_AES_128_CBC_SHA256 \ TLS_PSK_WITH_AES_128_CCM \ TLS_PSK_WITH_AES_128_CCM_8 \ TLS_PSK_WITH_AES_128_GCM_SHA256 \ TLS_PSK_WITH_AES_256_CBC_SHA384 \ TLS_PSK_WITH_AES_256_CCM \ TLS_PSK_WITH_AES_256_CCM_8 \ TLS_PSK_WITH_AES_256_GCM_SHA384 \ TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_PSK_WITH_NULL_SHA256 \ TLS_PSK_WITH_NULL_SHA384 \ TLS_RSA_PSK_WITH_AES_128_CBC_SHA \ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 \ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 \ TLS_RSA_PSK_WITH_AES_256_CBC_SHA \ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 \ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 \ TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_RSA_PSK_WITH_NULL_SHA256 \ TLS_RSA_PSK_WITH_NULL_SHA384 \ " ;; esac G_CIPHERS="$G_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS" } # Ciphersuites usable only with Mbed TLS (not currently supported by another # peer usable in this script). This provides only very rudimentaty testing, as # this is not interop testing, but it's better than nothing. add_mbedtls_ciphersuites() { case $TYPE in "ECDSA") M_CIPHERS="$M_CIPHERS \ TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \ TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ " ;; "RSA") M_CIPHERS="$M_CIPHERS \ TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_RSA_WITH_ARIA_256_CBC_SHA384 \ " ;; "PSK") # *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 M_CIPHERS="$M_CIPHERS \ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_DHE_PSK_WITH_NULL_SHA \ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_ECDHE_PSK_WITH_NULL_SHA \ TLS_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_PSK_WITH_NULL_SHA \ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 \ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 \ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 \ TLS_RSA_PSK_WITH_NULL_SHA \ " ;; esac } # o_check_ciphersuite STANDARD_CIPHER_SUITE o_check_ciphersuite() { if [ "${O_SUPPORT_ECDH}" = "NO" ]; then case "$1" in *ECDH_*) SKIP_NEXT="YES" esac fi } setup_arguments() { O_MODE="" G_MODE="" case "$MODE" in "tls12") O_MODE="tls1_2" G_PRIO_MODE="+VERS-TLS1.2" ;; "dtls12") O_MODE="dtls1_2" G_PRIO_MODE="+VERS-DTLS1.2" G_MODE="-u" ;; *) echo "error: invalid mode: $MODE" >&2 exit 1; esac # GnuTLS < 3.4 will choke if we try to allow CCM-8 if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:" else G_PRIO_CCM="" fi M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # The default prime for `openssl s_server` depends on the version: # * OpenSSL <= 1.0.2a: 512-bit # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit # * OpenSSL >= 1.1.1c: 2048-bit # Mbed TLS wants >=1024, so force that for older versions. Don't force # it for newer versions, which reject a 1024-bit prime. Indifferently # force it or not for intermediate versions. case $($OPENSSL version) in "OpenSSL 1.0"*) O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem" ;; esac # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then O_SERVER_ARGS="$O_SERVER_ARGS" else O_SERVER_ARGS="$O_SERVER_ARGS -www" fi M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" # Newer versions of OpenSSL have a syntax to enable all "ciphers", even # low-security ones. This covers not just cipher suites but also protocol # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find # a way to discover it from -help, so check the openssl version. case $($OPENSSL version) in "OpenSSL 0"*|"OpenSSL 1.0"*) :;; *) O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0" O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0" ;; esac case $($OPENSSL ciphers ALL) in *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";; *) O_SUPPORT_ECDH="NO";; esac if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" else # don't request a client cert at all M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" O_CLIENT_ARGS="$O_CLIENT_ARGS" G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" fi case $TYPE in "ECDSA") M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" if [ "X$VERIFY" = "XYES" ]; then M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi ;; "RSA") M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key" if [ "X$VERIFY" = "XYES" ]; then M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi ;; "PSK") # give RSA-PSK-capable server a RSA cert # (should be a separate type, but harder to close with openssl) M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" ;; esac } # is_mbedtls is_mbedtls() { case $1 in *ssl_client2*) true;; *ssl_server2*) true;; *) false;; esac } # has_mem_err has_mem_err() { if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null then return 1 # false: does not have errors else return 0 # true: has errors fi } # Wait for process $2 to be listening on port $1 if type lsof >/dev/null 2>/dev/null; then wait_server_start() { START_TIME=$(date +%s) if is_dtls "$MODE"; then proto=UDP else proto=TCP fi while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then echo "SERVERSTART TIMEOUT" echo "SERVERSTART TIMEOUT" >> $SRV_OUT break fi # Linux and *BSD support decimal arguments to sleep. On other # OSes this may be a tight loop. sleep 0.1 2>/dev/null || true done } else echo "Warning: lsof not available, wait_server_start = sleep" wait_server_start() { sleep 2 } fi # start_server # also saves name and command start_server() { case $1 in [Oo]pen*) SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS" ;; [Gg]nu*) SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" ;; mbed*) SERVER_CMD="$M_SRV $M_SERVER_ARGS" if [ "$MEMCHECK" -gt 0 ]; then SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" fi ;; *) echo "error: invalid server name: $1" >&2 exit 1 ;; esac SERVER_NAME=$1 log "$SERVER_CMD" echo "$SERVER_CMD" > $SRV_OUT # for servers without -www or equivalent while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! wait_server_start "$PORT" "$SRV_PID" } # terminate the running server stop_server() { # For Ubuntu 22.04, `Terminated` message is outputed by wait command. # To remove it from stdout, redirect stdout/stderr to SRV_OUT kill $SRV_PID >/dev/null 2>&1 wait $SRV_PID >> $SRV_OUT 2>&1 if [ "$MEMCHECK" -gt 0 ]; then if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then echo " ! Server had memory errors" SRVMEM=$(( $SRVMEM + 1 )) return fi fi rm -f $SRV_OUT } # kill the running server (used when killed by signal) cleanup() { rm -f $SRV_OUT $CLI_OUT kill $SRV_PID >/dev/null 2>&1 kill $WATCHDOG_PID >/dev/null 2>&1 exit 1 } # wait for client to terminate and set EXIT # must be called right after starting the client wait_client_done() { CLI_PID=$! ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) & WATCHDOG_PID=$! # For Ubuntu 22.04, `Terminated` message is outputed by wait command. # To remove it from stdout, redirect stdout/stderr to CLI_OUT wait $CLI_PID >> $CLI_OUT 2>&1 EXIT=$? kill $WATCHDOG_PID >/dev/null 2>&1 wait $WATCHDOG_PID >> $CLI_OUT 2>&1 echo "EXIT: $EXIT" >> $CLI_OUT } # uniform_title # $TITLE is considered as test case description for both --list-test-case and # MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of # each test case description. uniform_title() { TITLE="$1->$2 $MODE,$VERIF $3" } # record_outcome [] record_outcome() { echo "$1" if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then # The test outcome file has the format (in single line): # platform;configuration; # test suite name;test case description; # PASS/FAIL/SKIP;[failure cause] printf '%s;%s;%s;%s;%s;%s\n' \ "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ "compat" "$TITLE" \ "$1" "${2-}" \ >> "$MBEDTLS_TEST_OUTCOME_FILE" fi } # display additional information if test case fails report_fail() { FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" record_outcome "FAIL" "$FAIL_PROMPT" cp $SRV_OUT c-srv-${TESTS}.log cp $CLI_OUT c-cli-${TESTS}.log echo " ! $FAIL_PROMPT" if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat c-srv-${TESTS}.log echo " ! ===================================================" echo " ! client output:" cat c-cli-${TESTS}.log fi } # run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE run_client() { # announce what we're going to do TESTS=$(( $TESTS + 1 )) uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 DOTS72="........................................................................" printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" record_outcome "SKIP" SKIPPED=$(( $SKIPPED + 1 )) return fi # run the command and interpret result case $1 in [Oo]pen*) CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3" log "$CLIENT_CMD" echo "$CLIENT_CMD" > $CLI_OUT printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & wait_client_done if [ $EXIT -eq 0 ]; then RESULT=0 else # If it is NULL cipher ... if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then RESULT=1 else RESULT=2 fi fi ;; [Gg]nu*) # need to force IPv4 with UDP, but keep localhost for auth if is_dtls "$MODE"; then G_HOST="127.0.0.1" else G_HOST="localhost" fi CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 $G_HOST" log "$CLIENT_CMD" echo "$CLIENT_CMD" > $CLI_OUT printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & wait_client_done if [ $EXIT -eq 0 ]; then RESULT=0 else RESULT=2 # interpret early failure, with a handshake_failure alert # before the server hello, as "no ciphersuite in common" if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then : else RESULT=1 fi fi >/dev/null fi ;; mbed*) CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3" if [ "$MEMCHECK" -gt 0 ]; then CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" fi log "$CLIENT_CMD" echo "$CLIENT_CMD" > $CLI_OUT $CLIENT_CMD >> $CLI_OUT 2>&1 & wait_client_done case $EXIT in # Success "0") RESULT=0 ;; # Ciphersuite not supported "2") RESULT=1 ;; # Error *) RESULT=2 ;; esac if [ "$MEMCHECK" -gt 0 ]; then if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then RESULT=2 fi fi ;; *) echo "error: invalid client name: $1" >&2 exit 1 ;; esac echo "EXIT: $EXIT" >> $CLI_OUT # report and count result case $RESULT in "0") record_outcome "PASS" ;; "1") record_outcome "SKIP" SKIPPED=$(( $SKIPPED + 1 )) ;; "2") report_fail FAILED=$(( $FAILED + 1 )) ;; esac rm -f $CLI_OUT } # # MAIN # get_options "$@" # Make the outcome file path relative to the original directory, not # to .../tests case "$MBEDTLS_TEST_OUTCOME_FILE" in [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" ;; esac # sanity checks, avoid an avalanche of errors if [ ! -x "$M_SRV" ]; then echo "Command '$M_SRV' is not an executable file" >&2 exit 1 fi if [ ! -x "$M_CLI" ]; then echo "Command '$M_CLI' is not an executable file" >&2 exit 1 fi if echo "$PEERS" | grep -i openssl > /dev/null; then if which "$OPENSSL" >/dev/null 2>&1; then :; else echo "Command '$OPENSSL' not found" >&2 exit 1 fi fi if echo "$PEERS" | grep -i gnutls > /dev/null; then for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do if which "$CMD" >/dev/null 2>&1; then :; else echo "Command '$CMD' not found" >&2 exit 1 fi done fi for PEER in $PEERS; do case "$PEER" in mbed*|[Oo]pen*|[Gg]nu*) ;; *) echo "Unknown peers: $PEER" >&2 exit 1 esac done # Pick a "unique" port in the range 10000-19999. PORT="0000$$" PORT="1$(echo $PORT | tail -c 5)" # Also pick a unique name for intermediate files SRV_OUT="srv_out.$$" CLI_OUT="cli_out.$$" # client timeout delay: be more patient with valgrind if [ "$MEMCHECK" -gt 0 ]; then DOG_DELAY=30 else DOG_DELAY=10 fi SKIP_NEXT="NO" trap cleanup INT TERM HUP for MODE in $MODES; do for TYPE in $TYPES; do # PSK cipher suites do not allow client certificate verification. # This means PSK test cases with VERIFY=YES should be replaced by # VERIFY=NO or be ignored. SUB_VERIFIES variable is used to constrain # verification option for PSK test cases. SUB_VERIFIES=$VERIFIES if [ "$TYPE" = "PSK" ]; then SUB_VERIFIES="NO" fi for VERIFY in $SUB_VERIFIES; do VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') for PEER in $PEERS; do setup_arguments case "$PEER" in [Oo]pen*) if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then continue; fi # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL # supports $O_MODE from the s_server help. (The s_client # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 # but doesn't list it. But the s_server help seems to be # accurate.) if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then continue; fi reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites filter_ciphersuites if [ "X" != "X$M_CIPHERS" ]; then start_server "OpenSSL" translate_ciphers m $M_CIPHERS for i in $ciphers; do o_check_ciphersuite "${i%%=*}" run_client mbedTLS ${i%%=*} ${i#*=} done stop_server fi if [ "X" != "X$O_CIPHERS" ]; then start_server "mbedTLS" translate_ciphers o $O_CIPHERS for i in $ciphers; do o_check_ciphersuite "${i%%=*}" run_client OpenSSL ${i%%=*} ${i#*=} done stop_server fi ;; [Gg]nu*) reset_ciphersuites add_common_ciphersuites add_gnutls_ciphersuites filter_ciphersuites if [ "X" != "X$M_CIPHERS" ]; then start_server "GnuTLS" translate_ciphers m $M_CIPHERS for i in $ciphers; do run_client mbedTLS ${i%%=*} ${i#*=} done stop_server fi if [ "X" != "X$G_CIPHERS" ]; then start_server "mbedTLS" translate_ciphers g $G_CIPHERS for i in $ciphers; do run_client GnuTLS ${i%%=*} ${i#*=} done stop_server fi ;; mbed*) reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites add_gnutls_ciphersuites add_mbedtls_ciphersuites filter_ciphersuites if [ "X" != "X$M_CIPHERS" ]; then start_server "mbedTLS" translate_ciphers m $M_CIPHERS for i in $ciphers; do run_client mbedTLS ${i%%=*} ${i#*=} done stop_server fi ;; *) echo "Unknown peer: $PEER" >&2 exit 1 ;; esac done done done done echo "------------------------------------------------------------------------" if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; then printf "FAILED" else printf "PASSED" fi if [ "$MEMCHECK" -gt 0 ]; then MEMREPORT=", $SRVMEM server memory errors" else MEMREPORT="" fi PASSED=$(( $TESTS - $FAILED )) echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" FAILED=$(( $FAILED + $SRVMEM )) if [ $FAILED -gt 255 ]; then # Clamp at 255 as caller gets exit code & 0xFF # (so 256 would be 0, or success, etc) FAILED=255 fi exit $FAILED