1#!/bin/sh
2
3# compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# Test interoperbility with OpenSSL, GnuTLS as well as itself.
23#
24# Check each common ciphersuite, with each version, both ways (client/server),
25# with and without client authentication.
26
27set -u
28
29# Limit the size of each log to 10 GiB, in case of failures with this script
30# where it may output seemingly unlimited length error logs.
31ulimit -f 20971520
32
33# initialise counters
34TESTS=0
35FAILED=0
36SKIPPED=0
37SRVMEM=0
38
39# default commands, can be overridden by the environment
40: ${M_SRV:=../programs/ssl/ssl_server2}
41: ${M_CLI:=../programs/ssl/ssl_client2}
42: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
43: ${GNUTLS_CLI:=gnutls-cli}
44: ${GNUTLS_SERV:=gnutls-serv}
45
46# do we have a recent enough GnuTLS?
47if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
48    G_VER="$( $GNUTLS_CLI --version | head -n1 )"
49    if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version
50        PEER_GNUTLS=" GnuTLS"
51    else
52        eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
53        if [ $MAJOR -lt 3 -o \
54            \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
55            \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
56        then
57            PEER_GNUTLS=""
58        else
59            PEER_GNUTLS=" GnuTLS"
60            if [ $MINOR -lt 4 ]; then
61                GNUTLS_MINOR_LT_FOUR='x'
62            fi
63        fi
64    fi
65else
66    PEER_GNUTLS=""
67fi
68
69# default values for options
70MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
71VERIFIES="NO YES"
72TYPES="ECDSA RSA PSK"
73FILTER=""
74# exclude:
75# - NULL: excluded from our default config
76# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
77#   avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
78# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
79# - ChachaPoly: requires OpenSSL >= 1.1.0
80# - 3DES: not in default config
81EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
82VERBOSE=""
83MEMCHECK=0
84PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
85
86# hidden option: skip DTLS with OpenSSL
87# (travis CI has a version that doesn't work for us)
88: ${OSSL_NO_DTLS:=0}
89
90print_usage() {
91    echo "Usage: $0"
92    printf "  -h|--help\tPrint this help.\n"
93    printf "  -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER"
94    printf "  -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE"
95    printf "  -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES"
96    printf "  -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES"
97    printf "  -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES"
98    printf "  -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS"
99    printf "            \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
100    printf "  -M|--memcheck\tCheck memory leaks and errors.\n"
101    printf "  -v|--verbose\tSet verbose output.\n"
102}
103
104get_options() {
105    while [ $# -gt 0 ]; do
106        case "$1" in
107            -f|--filter)
108                shift; FILTER=$1
109                ;;
110            -e|--exclude)
111                shift; EXCLUDE=$1
112                ;;
113            -m|--modes)
114                shift; MODES=$1
115                ;;
116            -t|--types)
117                shift; TYPES=$1
118                ;;
119            -V|--verify)
120                shift; VERIFIES=$1
121                ;;
122            -p|--peers)
123                shift; PEERS=$1
124                ;;
125            -v|--verbose)
126                VERBOSE=1
127                ;;
128            -M|--memcheck)
129                MEMCHECK=1
130                ;;
131            -h|--help)
132                print_usage
133                exit 0
134                ;;
135            *)
136                echo "Unknown argument: '$1'"
137                print_usage
138                exit 1
139                ;;
140        esac
141        shift
142    done
143
144    # sanitize some options (modes checked later)
145    VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )"
146    TYPES="$( echo $TYPES | tr [a-z] [A-Z] )"
147}
148
149log() {
150  if [ "X" != "X$VERBOSE" ]; then
151    echo ""
152    echo "$@"
153  fi
154}
155
156# is_dtls <mode>
157is_dtls()
158{
159    test "$1" = "dtls1" -o "$1" = "dtls1_2"
160}
161
162# minor_ver <mode>
163minor_ver()
164{
165    case "$1" in
166        ssl3)
167            echo 0
168            ;;
169        tls1)
170            echo 1
171            ;;
172        tls1_1|dtls1)
173            echo 2
174            ;;
175        tls1_2|dtls1_2)
176            echo 3
177            ;;
178        *)
179            echo "error: invalid mode: $MODE" >&2
180            # exiting is no good here, typically called in a subshell
181            echo -1
182    esac
183}
184
185filter()
186{
187  LIST="$1"
188  NEW_LIST=""
189
190  if is_dtls "$MODE"; then
191      EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR'
192  else
193      EXCLMODE="$EXCLUDE"
194  fi
195
196  for i in $LIST;
197  do
198    NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )"
199  done
200
201  # normalize whitespace
202  echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//'
203}
204
205# OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for
206# PSK ciphersuites with DTLS, which is incorrect, so disable them for now
207check_openssl_server_bug()
208{
209    if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
210        echo "$1" | grep "^TLS-PSK" >/dev/null;
211    then
212        SKIP_NEXT="YES"
213    fi
214}
215
216filter_ciphersuites()
217{
218    if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
219    then
220        # Ciphersuite for mbed TLS
221        M_CIPHERS=$( filter "$M_CIPHERS" )
222
223        # Ciphersuite for OpenSSL
224        O_CIPHERS=$( filter "$O_CIPHERS" )
225
226        # Ciphersuite for GnuTLS
227        G_CIPHERS=$( filter "$G_CIPHERS" )
228    fi
229
230    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
231    # supports from the s_server help. (The s_client help isn't
232    # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
233    # But the s_server help seems to be accurate.)
234    if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
235        M_CIPHERS=""
236        O_CIPHERS=""
237    fi
238
239    # For GnuTLS client -> mbed TLS server,
240    # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
241    if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
242        G_CIPHERS=""
243    fi
244}
245
246reset_ciphersuites()
247{
248    M_CIPHERS=""
249    O_CIPHERS=""
250    G_CIPHERS=""
251}
252
253# Ciphersuites that can be used with all peers.
254# Since we currently have three possible peers, each ciphersuite should appear
255# three times: in each peer's list (with the name that this peer uses).
256add_common_ciphersuites()
257{
258    case $TYPE in
259
260        "ECDSA")
261            if [ `minor_ver "$MODE"` -gt 0 ]
262            then
263                M_CIPHERS="$M_CIPHERS                       \
264                    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
265                    TLS-ECDHE-ECDSA-WITH-RC4-128-SHA        \
266                    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
267                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
268                    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
269                    "
270                G_CIPHERS="$G_CIPHERS                       \
271                    +ECDHE-ECDSA:+NULL:+SHA1                \
272                    +ECDHE-ECDSA:+ARCFOUR-128:+SHA1         \
273                    +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
274                    +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
275                    +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
276                    "
277                O_CIPHERS="$O_CIPHERS               \
278                    ECDHE-ECDSA-NULL-SHA            \
279                    ECDHE-ECDSA-RC4-SHA             \
280                    ECDHE-ECDSA-DES-CBC3-SHA        \
281                    ECDHE-ECDSA-AES128-SHA          \
282                    ECDHE-ECDSA-AES256-SHA          \
283                    "
284            fi
285            if [ `minor_ver "$MODE"` -ge 3 ]
286            then
287                M_CIPHERS="$M_CIPHERS                               \
288                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
289                    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
290                    TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
291                    TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
292                    "
293                G_CIPHERS="$G_CIPHERS                               \
294                    +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
295                    +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
296                    +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
297                    +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
298                    "
299                O_CIPHERS="$O_CIPHERS               \
300                    ECDHE-ECDSA-AES128-SHA256       \
301                    ECDHE-ECDSA-AES256-SHA384       \
302                    ECDHE-ECDSA-AES128-GCM-SHA256   \
303                    ECDHE-ECDSA-AES256-GCM-SHA384   \
304                    "
305            fi
306            ;;
307
308        "RSA")
309            M_CIPHERS="$M_CIPHERS                       \
310                TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
311                TLS-DHE-RSA-WITH-AES-256-CBC-SHA        \
312                TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA   \
313                TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA   \
314                TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA       \
315                TLS-RSA-WITH-AES-256-CBC-SHA            \
316                TLS-RSA-WITH-CAMELLIA-256-CBC-SHA       \
317                TLS-RSA-WITH-AES-128-CBC-SHA            \
318                TLS-RSA-WITH-CAMELLIA-128-CBC-SHA       \
319                TLS-RSA-WITH-3DES-EDE-CBC-SHA           \
320                TLS-RSA-WITH-RC4-128-SHA                \
321                TLS-RSA-WITH-RC4-128-MD5                \
322                TLS-RSA-WITH-NULL-MD5                   \
323                TLS-RSA-WITH-NULL-SHA                   \
324                "
325            G_CIPHERS="$G_CIPHERS                       \
326                +DHE-RSA:+AES-128-CBC:+SHA1             \
327                +DHE-RSA:+AES-256-CBC:+SHA1             \
328                +DHE-RSA:+CAMELLIA-128-CBC:+SHA1        \
329                +DHE-RSA:+CAMELLIA-256-CBC:+SHA1        \
330                +DHE-RSA:+3DES-CBC:+SHA1                \
331                +RSA:+AES-256-CBC:+SHA1                 \
332                +RSA:+CAMELLIA-256-CBC:+SHA1            \
333                +RSA:+AES-128-CBC:+SHA1                 \
334                +RSA:+CAMELLIA-128-CBC:+SHA1            \
335                +RSA:+3DES-CBC:+SHA1                    \
336                +RSA:+ARCFOUR-128:+SHA1                 \
337                +RSA:+ARCFOUR-128:+MD5                  \
338                +RSA:+NULL:+MD5                         \
339                +RSA:+NULL:+SHA1                        \
340                "
341            O_CIPHERS="$O_CIPHERS               \
342                DHE-RSA-AES128-SHA              \
343                DHE-RSA-AES256-SHA              \
344                DHE-RSA-CAMELLIA128-SHA         \
345                DHE-RSA-CAMELLIA256-SHA         \
346                EDH-RSA-DES-CBC3-SHA            \
347                AES256-SHA                      \
348                CAMELLIA256-SHA                 \
349                AES128-SHA                      \
350                CAMELLIA128-SHA                 \
351                DES-CBC3-SHA                    \
352                RC4-SHA                         \
353                RC4-MD5                         \
354                NULL-MD5                        \
355                NULL-SHA                        \
356                "
357            if [ `minor_ver "$MODE"` -gt 0 ]
358            then
359                M_CIPHERS="$M_CIPHERS                       \
360                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      \
361                    TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA      \
362                    TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA     \
363                    TLS-ECDHE-RSA-WITH-RC4-128-SHA          \
364                    TLS-ECDHE-RSA-WITH-NULL-SHA             \
365                    "
366                G_CIPHERS="$G_CIPHERS                       \
367                    +ECDHE-RSA:+AES-128-CBC:+SHA1           \
368                    +ECDHE-RSA:+AES-256-CBC:+SHA1           \
369                    +ECDHE-RSA:+3DES-CBC:+SHA1              \
370                    +ECDHE-RSA:+ARCFOUR-128:+SHA1           \
371                    +ECDHE-RSA:+NULL:+SHA1                  \
372                    "
373                O_CIPHERS="$O_CIPHERS               \
374                    ECDHE-RSA-AES256-SHA            \
375                    ECDHE-RSA-AES128-SHA            \
376                    ECDHE-RSA-DES-CBC3-SHA          \
377                    ECDHE-RSA-RC4-SHA               \
378                    ECDHE-RSA-NULL-SHA              \
379                    "
380            fi
381            if [ `minor_ver "$MODE"` -ge 3 ]
382            then
383                M_CIPHERS="$M_CIPHERS                       \
384                    TLS-RSA-WITH-AES-128-CBC-SHA256         \
385                    TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
386                    TLS-RSA-WITH-AES-256-CBC-SHA256         \
387                    TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
388                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   \
389                    TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384   \
390                    TLS-RSA-WITH-AES-128-GCM-SHA256         \
391                    TLS-RSA-WITH-AES-256-GCM-SHA384         \
392                    TLS-DHE-RSA-WITH-AES-128-GCM-SHA256     \
393                    TLS-DHE-RSA-WITH-AES-256-GCM-SHA384     \
394                    TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256   \
395                    TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384   \
396                    "
397                G_CIPHERS="$G_CIPHERS                       \
398                    +RSA:+AES-128-CBC:+SHA256               \
399                    +DHE-RSA:+AES-128-CBC:+SHA256           \
400                    +RSA:+AES-256-CBC:+SHA256               \
401                    +DHE-RSA:+AES-256-CBC:+SHA256           \
402                    +ECDHE-RSA:+AES-128-CBC:+SHA256         \
403                    +ECDHE-RSA:+AES-256-CBC:+SHA384         \
404                    +RSA:+AES-128-GCM:+AEAD                 \
405                    +RSA:+AES-256-GCM:+AEAD                 \
406                    +DHE-RSA:+AES-128-GCM:+AEAD             \
407                    +DHE-RSA:+AES-256-GCM:+AEAD             \
408                    +ECDHE-RSA:+AES-128-GCM:+AEAD           \
409                    +ECDHE-RSA:+AES-256-GCM:+AEAD           \
410                    "
411                O_CIPHERS="$O_CIPHERS           \
412                    NULL-SHA256                 \
413                    AES128-SHA256               \
414                    DHE-RSA-AES128-SHA256       \
415                    AES256-SHA256               \
416                    DHE-RSA-AES256-SHA256       \
417                    ECDHE-RSA-AES128-SHA256     \
418                    ECDHE-RSA-AES256-SHA384     \
419                    AES128-GCM-SHA256           \
420                    DHE-RSA-AES128-GCM-SHA256   \
421                    AES256-GCM-SHA384           \
422                    DHE-RSA-AES256-GCM-SHA384   \
423                    ECDHE-RSA-AES128-GCM-SHA256 \
424                    ECDHE-RSA-AES256-GCM-SHA384 \
425                    "
426            fi
427            ;;
428
429        "PSK")
430            M_CIPHERS="$M_CIPHERS                       \
431                TLS-PSK-WITH-RC4-128-SHA                \
432                TLS-PSK-WITH-3DES-EDE-CBC-SHA           \
433                TLS-PSK-WITH-AES-128-CBC-SHA            \
434                TLS-PSK-WITH-AES-256-CBC-SHA            \
435                "
436            G_CIPHERS="$G_CIPHERS                       \
437                +PSK:+ARCFOUR-128:+SHA1                 \
438                +PSK:+3DES-CBC:+SHA1                    \
439                +PSK:+AES-128-CBC:+SHA1                 \
440                +PSK:+AES-256-CBC:+SHA1                 \
441                "
442            O_CIPHERS="$O_CIPHERS               \
443                PSK-RC4-SHA                     \
444                PSK-3DES-EDE-CBC-SHA            \
445                PSK-AES128-CBC-SHA              \
446                PSK-AES256-CBC-SHA              \
447                "
448            ;;
449    esac
450}
451
452# Ciphersuites usable only with Mbed TLS and OpenSSL
453# Each ciphersuite should appear two times, once with its OpenSSL name, once
454# with its Mbed TLS name.
455#
456# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
457# so RSA-PSK ciphersuites need to go in other sections, see
458# https://github.com/ARMmbed/mbedtls/issues/1419
459#
460# ChachaPoly suites are here rather than in "common", as they were added in
461# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
462add_openssl_ciphersuites()
463{
464    case $TYPE in
465
466        "ECDSA")
467            if [ `minor_ver "$MODE"` -gt 0 ]
468            then
469                M_CIPHERS="$M_CIPHERS                       \
470                    TLS-ECDH-ECDSA-WITH-NULL-SHA            \
471                    TLS-ECDH-ECDSA-WITH-RC4-128-SHA         \
472                    TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA    \
473                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA     \
474                    TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA     \
475                    "
476                O_CIPHERS="$O_CIPHERS               \
477                    ECDH-ECDSA-NULL-SHA             \
478                    ECDH-ECDSA-RC4-SHA              \
479                    ECDH-ECDSA-DES-CBC3-SHA         \
480                    ECDH-ECDSA-AES128-SHA           \
481                    ECDH-ECDSA-AES256-SHA           \
482                    "
483            fi
484            if [ `minor_ver "$MODE"` -ge 3 ]
485            then
486                M_CIPHERS="$M_CIPHERS                               \
487                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256          \
488                    TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384          \
489                    TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256          \
490                    TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384          \
491                    TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384        \
492                    TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256        \
493                    TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256   \
494                    "
495                O_CIPHERS="$O_CIPHERS               \
496                    ECDH-ECDSA-AES128-SHA256        \
497                    ECDH-ECDSA-AES256-SHA384        \
498                    ECDH-ECDSA-AES128-GCM-SHA256    \
499                    ECDH-ECDSA-AES256-GCM-SHA384    \
500                    ECDHE-ECDSA-ARIA256-GCM-SHA384  \
501                    ECDHE-ECDSA-ARIA128-GCM-SHA256  \
502                    ECDHE-ECDSA-CHACHA20-POLY1305   \
503                    "
504            fi
505            ;;
506
507        "RSA")
508            M_CIPHERS="$M_CIPHERS                       \
509                TLS-RSA-WITH-DES-CBC-SHA                \
510                TLS-DHE-RSA-WITH-DES-CBC-SHA            \
511                "
512            O_CIPHERS="$O_CIPHERS               \
513                DES-CBC-SHA                     \
514                EDH-RSA-DES-CBC-SHA             \
515                "
516            if [ `minor_ver "$MODE"` -ge 3 ]
517            then
518                M_CIPHERS="$M_CIPHERS                               \
519                    TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384          \
520                    TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384            \
521                    TLS-RSA-WITH-ARIA-256-GCM-SHA384                \
522                    TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256          \
523                    TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256            \
524                    TLS-RSA-WITH-ARIA-128-GCM-SHA256                \
525                    TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256       \
526                    TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256     \
527                    "
528                O_CIPHERS="$O_CIPHERS               \
529                    ECDHE-ARIA256-GCM-SHA384        \
530                    DHE-RSA-ARIA256-GCM-SHA384      \
531                    ARIA256-GCM-SHA384              \
532                    ECDHE-ARIA128-GCM-SHA256        \
533                    DHE-RSA-ARIA128-GCM-SHA256      \
534                    ARIA128-GCM-SHA256              \
535                    DHE-RSA-CHACHA20-POLY1305       \
536                    ECDHE-RSA-CHACHA20-POLY1305     \
537                    "
538            fi
539            ;;
540
541        "PSK")
542            if [ `minor_ver "$MODE"` -ge 3 ]
543            then
544                M_CIPHERS="$M_CIPHERS                               \
545                    TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384            \
546                    TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256            \
547                    TLS-PSK-WITH-ARIA-256-GCM-SHA384                \
548                    TLS-PSK-WITH-ARIA-128-GCM-SHA256                \
549                    TLS-PSK-WITH-CHACHA20-POLY1305-SHA256           \
550                    TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256     \
551                    TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256       \
552                    "
553                O_CIPHERS="$O_CIPHERS               \
554                    DHE-PSK-ARIA256-GCM-SHA384      \
555                    DHE-PSK-ARIA128-GCM-SHA256      \
556                    PSK-ARIA256-GCM-SHA384          \
557                    PSK-ARIA128-GCM-SHA256          \
558                    DHE-PSK-CHACHA20-POLY1305       \
559                    ECDHE-PSK-CHACHA20-POLY1305     \
560                    PSK-CHACHA20-POLY1305           \
561                    "
562            fi
563            ;;
564    esac
565}
566
567# Ciphersuites usable only with Mbed TLS and GnuTLS
568# Each ciphersuite should appear two times, once with its GnuTLS name, once
569# with its Mbed TLS name.
570add_gnutls_ciphersuites()
571{
572    case $TYPE in
573
574        "ECDSA")
575            if [ `minor_ver "$MODE"` -ge 3 ]
576            then
577                M_CIPHERS="$M_CIPHERS                               \
578                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256    \
579                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384    \
580                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256    \
581                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384    \
582                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                \
583                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                \
584                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8              \
585                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8              \
586                   "
587                G_CIPHERS="$G_CIPHERS                               \
588                    +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256          \
589                    +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384          \
590                    +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD            \
591                    +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD            \
592                    +ECDHE-ECDSA:+AES-128-CCM:+AEAD                 \
593                    +ECDHE-ECDSA:+AES-256-CCM:+AEAD                 \
594                    +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD               \
595                    +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD               \
596                   "
597            fi
598            ;;
599
600        "RSA")
601            if [ `minor_ver "$MODE"` -gt 0 ]
602            then
603                M_CIPHERS="$M_CIPHERS                           \
604                    TLS-RSA-WITH-NULL-SHA256                    \
605                    "
606                G_CIPHERS="$G_CIPHERS                           \
607                    +RSA:+NULL:+SHA256                          \
608                    "
609            fi
610            if [ `minor_ver "$MODE"` -ge 3 ]
611            then
612                M_CIPHERS="$M_CIPHERS                           \
613                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
614                    TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384  \
615                    TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256        \
616                    TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256        \
617                    TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256    \
618                    TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256    \
619                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256  \
620                    TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384  \
621                    TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256    \
622                    TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384    \
623                    TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256        \
624                    TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384        \
625                    TLS-RSA-WITH-AES-128-CCM                    \
626                    TLS-RSA-WITH-AES-256-CCM                    \
627                    TLS-DHE-RSA-WITH-AES-128-CCM                \
628                    TLS-DHE-RSA-WITH-AES-256-CCM                \
629                    TLS-RSA-WITH-AES-128-CCM-8                  \
630                    TLS-RSA-WITH-AES-256-CCM-8                  \
631                    TLS-DHE-RSA-WITH-AES-128-CCM-8              \
632                    TLS-DHE-RSA-WITH-AES-256-CCM-8              \
633                    "
634                G_CIPHERS="$G_CIPHERS                           \
635                    +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256        \
636                    +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384        \
637                    +RSA:+CAMELLIA-128-CBC:+SHA256              \
638                    +RSA:+CAMELLIA-256-CBC:+SHA256              \
639                    +DHE-RSA:+CAMELLIA-128-CBC:+SHA256          \
640                    +DHE-RSA:+CAMELLIA-256-CBC:+SHA256          \
641                    +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD          \
642                    +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD          \
643                    +DHE-RSA:+CAMELLIA-128-GCM:+AEAD            \
644                    +DHE-RSA:+CAMELLIA-256-GCM:+AEAD            \
645                    +RSA:+CAMELLIA-128-GCM:+AEAD                \
646                    +RSA:+CAMELLIA-256-GCM:+AEAD                \
647                    +RSA:+AES-128-CCM:+AEAD                     \
648                    +RSA:+AES-256-CCM:+AEAD                     \
649                    +RSA:+AES-128-CCM-8:+AEAD                   \
650                    +RSA:+AES-256-CCM-8:+AEAD                   \
651                    +DHE-RSA:+AES-128-CCM:+AEAD                 \
652                    +DHE-RSA:+AES-256-CCM:+AEAD                 \
653                    +DHE-RSA:+AES-128-CCM-8:+AEAD               \
654                    +DHE-RSA:+AES-256-CCM-8:+AEAD               \
655                    "
656            fi
657            ;;
658
659        "PSK")
660            M_CIPHERS="$M_CIPHERS                               \
661                TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA               \
662                TLS-DHE-PSK-WITH-AES-128-CBC-SHA                \
663                TLS-DHE-PSK-WITH-AES-256-CBC-SHA                \
664                TLS-DHE-PSK-WITH-RC4-128-SHA                    \
665                "
666            G_CIPHERS="$G_CIPHERS                               \
667                +DHE-PSK:+3DES-CBC:+SHA1                        \
668                +DHE-PSK:+AES-128-CBC:+SHA1                     \
669                +DHE-PSK:+AES-256-CBC:+SHA1                     \
670                +DHE-PSK:+ARCFOUR-128:+SHA1                     \
671                "
672            if [ `minor_ver "$MODE"` -gt 0 ]
673            then
674                M_CIPHERS="$M_CIPHERS                           \
675                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA          \
676                    TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA          \
677                    TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA         \
678                    TLS-ECDHE-PSK-WITH-RC4-128-SHA              \
679                    TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA           \
680                    TLS-RSA-PSK-WITH-AES-256-CBC-SHA            \
681                    TLS-RSA-PSK-WITH-AES-128-CBC-SHA            \
682                    TLS-RSA-PSK-WITH-RC4-128-SHA                \
683                    "
684                G_CIPHERS="$G_CIPHERS                           \
685                    +ECDHE-PSK:+3DES-CBC:+SHA1                  \
686                    +ECDHE-PSK:+AES-128-CBC:+SHA1               \
687                    +ECDHE-PSK:+AES-256-CBC:+SHA1               \
688                    +ECDHE-PSK:+ARCFOUR-128:+SHA1               \
689                    +RSA-PSK:+3DES-CBC:+SHA1                    \
690                    +RSA-PSK:+AES-256-CBC:+SHA1                 \
691                    +RSA-PSK:+AES-128-CBC:+SHA1                 \
692                    +RSA-PSK:+ARCFOUR-128:+SHA1                 \
693                    "
694            fi
695            if [ `minor_ver "$MODE"` -ge 3 ]
696            then
697                M_CIPHERS="$M_CIPHERS                           \
698                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384       \
699                    TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384  \
700                    TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256       \
701                    TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256  \
702                    TLS-ECDHE-PSK-WITH-NULL-SHA384              \
703                    TLS-ECDHE-PSK-WITH-NULL-SHA256              \
704                    TLS-PSK-WITH-AES-128-CBC-SHA256             \
705                    TLS-PSK-WITH-AES-256-CBC-SHA384             \
706                    TLS-DHE-PSK-WITH-AES-128-CBC-SHA256         \
707                    TLS-DHE-PSK-WITH-AES-256-CBC-SHA384         \
708                    TLS-PSK-WITH-NULL-SHA256                    \
709                    TLS-PSK-WITH-NULL-SHA384                    \
710                    TLS-DHE-PSK-WITH-NULL-SHA256                \
711                    TLS-DHE-PSK-WITH-NULL-SHA384                \
712                    TLS-RSA-PSK-WITH-AES-256-CBC-SHA384         \
713                    TLS-RSA-PSK-WITH-AES-128-CBC-SHA256         \
714                    TLS-RSA-PSK-WITH-NULL-SHA256                \
715                    TLS-RSA-PSK-WITH-NULL-SHA384                \
716                    TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256    \
717                    TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384    \
718                    TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256        \
719                    TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384        \
720                    TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384    \
721                    TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256    \
722                    TLS-PSK-WITH-AES-128-GCM-SHA256             \
723                    TLS-PSK-WITH-AES-256-GCM-SHA384             \
724                    TLS-DHE-PSK-WITH-AES-128-GCM-SHA256         \
725                    TLS-DHE-PSK-WITH-AES-256-GCM-SHA384         \
726                    TLS-PSK-WITH-AES-128-CCM                    \
727                    TLS-PSK-WITH-AES-256-CCM                    \
728                    TLS-DHE-PSK-WITH-AES-128-CCM                \
729                    TLS-DHE-PSK-WITH-AES-256-CCM                \
730                    TLS-PSK-WITH-AES-128-CCM-8                  \
731                    TLS-PSK-WITH-AES-256-CCM-8                  \
732                    TLS-DHE-PSK-WITH-AES-128-CCM-8              \
733                    TLS-DHE-PSK-WITH-AES-256-CCM-8              \
734                    TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256    \
735                    TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384    \
736                    TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256        \
737                    TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384        \
738                    TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256    \
739                    TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384    \
740                    TLS-RSA-PSK-WITH-AES-256-GCM-SHA384         \
741                    TLS-RSA-PSK-WITH-AES-128-GCM-SHA256         \
742                    "
743                G_CIPHERS="$G_CIPHERS                           \
744                    +ECDHE-PSK:+AES-256-CBC:+SHA384             \
745                    +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384        \
746                    +ECDHE-PSK:+AES-128-CBC:+SHA256             \
747                    +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256        \
748                    +PSK:+AES-128-CBC:+SHA256                   \
749                    +PSK:+AES-256-CBC:+SHA384                   \
750                    +DHE-PSK:+AES-128-CBC:+SHA256               \
751                    +DHE-PSK:+AES-256-CBC:+SHA384               \
752                    +RSA-PSK:+AES-256-CBC:+SHA384               \
753                    +RSA-PSK:+AES-128-CBC:+SHA256               \
754                    +DHE-PSK:+CAMELLIA-128-CBC:+SHA256          \
755                    +DHE-PSK:+CAMELLIA-256-CBC:+SHA384          \
756                    +PSK:+CAMELLIA-128-CBC:+SHA256              \
757                    +PSK:+CAMELLIA-256-CBC:+SHA384              \
758                    +RSA-PSK:+CAMELLIA-256-CBC:+SHA384          \
759                    +RSA-PSK:+CAMELLIA-128-CBC:+SHA256          \
760                    +PSK:+AES-128-GCM:+AEAD                     \
761                    +PSK:+AES-256-GCM:+AEAD                     \
762                    +DHE-PSK:+AES-128-GCM:+AEAD                 \
763                    +DHE-PSK:+AES-256-GCM:+AEAD                 \
764                    +PSK:+AES-128-CCM:+AEAD                     \
765                    +PSK:+AES-256-CCM:+AEAD                     \
766                    +DHE-PSK:+AES-128-CCM:+AEAD                 \
767                    +DHE-PSK:+AES-256-CCM:+AEAD                 \
768                    +PSK:+AES-128-CCM-8:+AEAD                   \
769                    +PSK:+AES-256-CCM-8:+AEAD                   \
770                    +DHE-PSK:+AES-128-CCM-8:+AEAD               \
771                    +DHE-PSK:+AES-256-CCM-8:+AEAD               \
772                    +RSA-PSK:+CAMELLIA-128-GCM:+AEAD            \
773                    +RSA-PSK:+CAMELLIA-256-GCM:+AEAD            \
774                    +PSK:+CAMELLIA-128-GCM:+AEAD                \
775                    +PSK:+CAMELLIA-256-GCM:+AEAD                \
776                    +DHE-PSK:+CAMELLIA-128-GCM:+AEAD            \
777                    +DHE-PSK:+CAMELLIA-256-GCM:+AEAD            \
778                    +RSA-PSK:+AES-256-GCM:+AEAD                 \
779                    +RSA-PSK:+AES-128-GCM:+AEAD                 \
780                    +ECDHE-PSK:+NULL:+SHA384                    \
781                    +ECDHE-PSK:+NULL:+SHA256                    \
782                    +PSK:+NULL:+SHA256                          \
783                    +PSK:+NULL:+SHA384                          \
784                    +DHE-PSK:+NULL:+SHA256                      \
785                    +DHE-PSK:+NULL:+SHA384                      \
786                    +RSA-PSK:+NULL:+SHA256                      \
787                    +RSA-PSK:+NULL:+SHA384                      \
788                    "
789            fi
790            ;;
791    esac
792}
793
794# Ciphersuites usable only with Mbed TLS (not currently supported by another
795# peer usable in this script). This provide only very rudimentaty testing, as
796# this is not interop testing, but it's better than nothing.
797add_mbedtls_ciphersuites()
798{
799    case $TYPE in
800
801        "ECDSA")
802            if [ `minor_ver "$MODE"` -gt 0 ]
803            then
804                M_CIPHERS="$M_CIPHERS                               \
805                    TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256     \
806                    TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384     \
807                    "
808            fi
809            if [ `minor_ver "$MODE"` -ge 3 ]
810            then
811                M_CIPHERS="$M_CIPHERS                               \
812                    TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256     \
813                    TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384     \
814                    TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384        \
815                    TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256        \
816                    TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384         \
817                    TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256         \
818                    TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384         \
819                    TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256         \
820                    "
821            fi
822            ;;
823
824        "RSA")
825            if [ `minor_ver "$MODE"` -ge 3 ]
826            then
827                M_CIPHERS="$M_CIPHERS                               \
828                    TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384          \
829                    TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384            \
830                    TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256          \
831                    TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256            \
832                    TLS-RSA-WITH-ARIA-256-CBC-SHA384                \
833                    TLS-RSA-WITH-ARIA-128-CBC-SHA256                \
834                    "
835            fi
836            ;;
837
838        "PSK")
839            # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
840            M_CIPHERS="$M_CIPHERS                        \
841                TLS-PSK-WITH-NULL-SHA                    \
842                TLS-DHE-PSK-WITH-NULL-SHA                \
843                "
844            if [ `minor_ver "$MODE"` -gt 0 ]
845            then
846                M_CIPHERS="$M_CIPHERS                    \
847                    TLS-ECDHE-PSK-WITH-NULL-SHA          \
848                    TLS-RSA-PSK-WITH-NULL-SHA            \
849                    "
850            fi
851            if [ `minor_ver "$MODE"` -ge 3 ]
852            then
853                M_CIPHERS="$M_CIPHERS                               \
854                    TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384            \
855                    TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256            \
856                    TLS-PSK-WITH-ARIA-256-CBC-SHA384                \
857                    TLS-PSK-WITH-ARIA-128-CBC-SHA256                \
858                    TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384            \
859                    TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256            \
860                    TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384          \
861                    TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256          \
862                    TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384            \
863                    TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256            \
864                    TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256       \
865                    "
866            fi
867            ;;
868    esac
869}
870
871setup_arguments()
872{
873    G_MODE=""
874    case "$MODE" in
875        "ssl3")
876            G_PRIO_MODE="+VERS-SSL3.0"
877            ;;
878        "tls1")
879            G_PRIO_MODE="+VERS-TLS1.0"
880            ;;
881        "tls1_1")
882            G_PRIO_MODE="+VERS-TLS1.1"
883            ;;
884        "tls1_2")
885            G_PRIO_MODE="+VERS-TLS1.2"
886            ;;
887        "dtls1")
888            G_PRIO_MODE="+VERS-DTLS1.0"
889            G_MODE="-u"
890            ;;
891        "dtls1_2")
892            G_PRIO_MODE="+VERS-DTLS1.2"
893            G_MODE="-u"
894            ;;
895        *)
896            echo "error: invalid mode: $MODE" >&2
897            exit 1;
898    esac
899
900    # GnuTLS < 3.4 will choke if we try to allow CCM-8
901    if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then
902        G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:"
903    else
904        G_PRIO_CCM=""
905    fi
906
907    M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
908    O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
909    G_SERVER_ARGS="-p $PORT --http $G_MODE"
910    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
911
912    # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
913    if is_dtls "$MODE"; then
914        O_SERVER_ARGS="$O_SERVER_ARGS"
915    else
916        O_SERVER_ARGS="$O_SERVER_ARGS -www"
917    fi
918
919    M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
920    O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
921    G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
922    G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
923
924    if [ "X$VERIFY" = "XYES" ];
925    then
926        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
927        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
928        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
929
930        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
931        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
932        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
933    else
934        # don't request a client cert at all
935        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
936        G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
937
938        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none"
939        O_CLIENT_ARGS="$O_CLIENT_ARGS"
940        G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
941    fi
942
943    case $TYPE in
944        "ECDSA")
945            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
946            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
947            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
948
949            if [ "X$VERIFY" = "XYES" ]; then
950                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
951                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
952                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
953            else
954                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
955            fi
956            ;;
957
958        "RSA")
959            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
960            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key"
961            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key"
962
963            if [ "X$VERIFY" = "XYES" ]; then
964                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key"
965                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key"
966                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key"
967            else
968                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
969            fi
970            ;;
971
972        "PSK")
973            # give RSA-PSK-capable server a RSA cert
974            # (should be a separate type, but harder to close with openssl)
975            M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
976            O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
977            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
978
979            M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
980            O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
981            G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
982            ;;
983    esac
984}
985
986# is_mbedtls <cmd_line>
987is_mbedtls() {
988    echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
989}
990
991# has_mem_err <log_file_name>
992has_mem_err() {
993    if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
994         grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
995    then
996        return 1 # false: does not have errors
997    else
998        return 0 # true: has errors
999    fi
1000}
1001
1002# Wait for process $2 to be listening on port $1
1003if type lsof >/dev/null 2>/dev/null; then
1004    wait_server_start() {
1005        START_TIME=$(date +%s)
1006        if is_dtls "$MODE"; then
1007            proto=UDP
1008        else
1009            proto=TCP
1010        fi
1011        while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
1012              if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
1013                  echo "SERVERSTART TIMEOUT"
1014                  echo "SERVERSTART TIMEOUT" >> $SRV_OUT
1015                  break
1016              fi
1017              # Linux and *BSD support decimal arguments to sleep. On other
1018              # OSes this may be a tight loop.
1019              sleep 0.1 2>/dev/null || true
1020        done
1021    }
1022else
1023    echo "Warning: lsof not available, wait_server_start = sleep"
1024    wait_server_start() {
1025        sleep 2
1026    }
1027fi
1028
1029
1030# start_server <name>
1031# also saves name and command
1032start_server() {
1033    case $1 in
1034        [Oo]pen*)
1035            SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
1036            ;;
1037        [Gg]nu*)
1038            SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
1039            ;;
1040        mbed*)
1041            SERVER_CMD="$M_SRV $M_SERVER_ARGS"
1042            if [ "$MEMCHECK" -gt 0 ]; then
1043                SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
1044            fi
1045            ;;
1046        *)
1047            echo "error: invalid server name: $1" >&2
1048            exit 1
1049            ;;
1050    esac
1051    SERVER_NAME=$1
1052
1053    log "$SERVER_CMD"
1054    echo "$SERVER_CMD" > $SRV_OUT
1055    # for servers without -www or equivalent
1056    while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
1057    PROCESS_ID=$!
1058
1059    wait_server_start "$PORT" "$PROCESS_ID"
1060}
1061
1062# terminate the running server
1063stop_server() {
1064    kill $PROCESS_ID 2>/dev/null
1065    wait $PROCESS_ID 2>/dev/null
1066
1067    if [ "$MEMCHECK" -gt 0 ]; then
1068        if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
1069            echo "  ! Server had memory errors"
1070            SRVMEM=$(( $SRVMEM + 1 ))
1071            return
1072        fi
1073    fi
1074
1075    rm -f $SRV_OUT
1076}
1077
1078# kill the running server (used when killed by signal)
1079cleanup() {
1080    rm -f $SRV_OUT $CLI_OUT
1081    kill $PROCESS_ID >/dev/null 2>&1
1082    kill $WATCHDOG_PID >/dev/null 2>&1
1083    exit 1
1084}
1085
1086# wait for client to terminate and set EXIT
1087# must be called right after starting the client
1088wait_client_done() {
1089    CLI_PID=$!
1090
1091    ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
1092    WATCHDOG_PID=$!
1093
1094    wait $CLI_PID
1095    EXIT=$?
1096
1097    kill $WATCHDOG_PID
1098    wait $WATCHDOG_PID
1099
1100    echo "EXIT: $EXIT" >> $CLI_OUT
1101}
1102
1103# run_client <name> <cipher>
1104run_client() {
1105    # announce what we're going to do
1106    TESTS=$(( $TESTS + 1 ))
1107    VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
1108    TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
1109    TITLE="$TITLE $MODE,$VERIF $2"
1110    printf "%s " "$TITLE"
1111    LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
1112    for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
1113
1114    # should we skip?
1115    if [ "X$SKIP_NEXT" = "XYES" ]; then
1116        SKIP_NEXT="NO"
1117        echo "SKIP"
1118        SKIPPED=$(( $SKIPPED + 1 ))
1119        return
1120    fi
1121
1122    # run the command and interpret result
1123    case $1 in
1124        [Oo]pen*)
1125            CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
1126            log "$CLIENT_CMD"
1127            echo "$CLIENT_CMD" > $CLI_OUT
1128            printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
1129            wait_client_done
1130
1131            if [ $EXIT -eq 0 ]; then
1132                RESULT=0
1133            else
1134                # If the cipher isn't supported...
1135                if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
1136                    RESULT=1
1137                else
1138                    RESULT=2
1139                fi
1140            fi
1141            ;;
1142
1143        [Gg]nu*)
1144            # need to force IPv4 with UDP, but keep localhost for auth
1145            if is_dtls "$MODE"; then
1146                G_HOST="127.0.0.1"
1147            else
1148                G_HOST="localhost"
1149            fi
1150            CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
1151            log "$CLIENT_CMD"
1152            echo "$CLIENT_CMD" > $CLI_OUT
1153            printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
1154            wait_client_done
1155
1156            if [ $EXIT -eq 0 ]; then
1157                RESULT=0
1158            else
1159                RESULT=2
1160                # interpret early failure, with a handshake_failure alert
1161                # before the server hello, as "no ciphersuite in common"
1162                if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then
1163                    if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then :
1164                    else
1165                        RESULT=1
1166                    fi
1167                fi >/dev/null
1168            fi
1169            ;;
1170
1171        mbed*)
1172            CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
1173            if [ "$MEMCHECK" -gt 0 ]; then
1174                CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
1175            fi
1176            log "$CLIENT_CMD"
1177            echo "$CLIENT_CMD" > $CLI_OUT
1178            $CLIENT_CMD >> $CLI_OUT 2>&1 &
1179            wait_client_done
1180
1181            case $EXIT in
1182                # Success
1183                "0")    RESULT=0    ;;
1184
1185                # Ciphersuite not supported
1186                "2")    RESULT=1    ;;
1187
1188                # Error
1189                *)      RESULT=2    ;;
1190            esac
1191
1192            if [ "$MEMCHECK" -gt 0 ]; then
1193                if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
1194                    RESULT=2
1195                fi
1196            fi
1197
1198            ;;
1199
1200        *)
1201            echo "error: invalid client name: $1" >&2
1202            exit 1
1203            ;;
1204    esac
1205
1206    echo "EXIT: $EXIT" >> $CLI_OUT
1207
1208    # report and count result
1209    case $RESULT in
1210        "0")
1211            echo PASS
1212            ;;
1213        "1")
1214            echo SKIP
1215            SKIPPED=$(( $SKIPPED + 1 ))
1216            ;;
1217        "2")
1218            echo FAIL
1219            cp $SRV_OUT c-srv-${TESTS}.log
1220            cp $CLI_OUT c-cli-${TESTS}.log
1221            echo "  ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
1222
1223            if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
1224                echo "  ! server output:"
1225                cat c-srv-${TESTS}.log
1226                echo "  ! ==================================================="
1227                echo "  ! client output:"
1228                cat c-cli-${TESTS}.log
1229            fi
1230
1231            FAILED=$(( $FAILED + 1 ))
1232            ;;
1233    esac
1234
1235    rm -f $CLI_OUT
1236}
1237
1238#
1239# MAIN
1240#
1241
1242if cd $( dirname $0 ); then :; else
1243    echo "cd $( dirname $0 ) failed" >&2
1244    exit 1
1245fi
1246
1247get_options "$@"
1248
1249# sanity checks, avoid an avalanche of errors
1250if [ ! -x "$M_SRV" ]; then
1251    echo "Command '$M_SRV' is not an executable file" >&2
1252    exit 1
1253fi
1254if [ ! -x "$M_CLI" ]; then
1255    echo "Command '$M_CLI' is not an executable file" >&2
1256    exit 1
1257fi
1258
1259if echo "$PEERS" | grep -i openssl > /dev/null; then
1260    if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
1261        echo "Command '$OPENSSL_CMD' not found" >&2
1262        exit 1
1263    fi
1264fi
1265
1266if echo "$PEERS" | grep -i gnutls > /dev/null; then
1267    for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do
1268        if which "$CMD" >/dev/null 2>&1; then :; else
1269            echo "Command '$CMD' not found" >&2
1270            exit 1
1271        fi
1272    done
1273fi
1274
1275for PEER in $PEERS; do
1276    case "$PEER" in
1277        mbed*|[Oo]pen*|[Gg]nu*)
1278            ;;
1279        *)
1280            echo "Unknown peers: $PEER" >&2
1281            exit 1
1282    esac
1283done
1284
1285# Pick a "unique" port in the range 10000-19999.
1286PORT="0000$$"
1287PORT="1$(echo $PORT | tail -c 5)"
1288
1289# Also pick a unique name for intermediate files
1290SRV_OUT="srv_out.$$"
1291CLI_OUT="cli_out.$$"
1292
1293# client timeout delay: be more patient with valgrind
1294if [ "$MEMCHECK" -gt 0 ]; then
1295    DOG_DELAY=30
1296else
1297    DOG_DELAY=10
1298fi
1299
1300SKIP_NEXT="NO"
1301
1302trap cleanup INT TERM HUP
1303
1304for VERIFY in $VERIFIES; do
1305    for MODE in $MODES; do
1306        for TYPE in $TYPES; do
1307            for PEER in $PEERS; do
1308
1309            setup_arguments
1310
1311            case "$PEER" in
1312
1313                [Oo]pen*)
1314
1315                    if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
1316                        continue;
1317                    fi
1318
1319                    reset_ciphersuites
1320                    add_common_ciphersuites
1321                    add_openssl_ciphersuites
1322                    filter_ciphersuites
1323
1324                    if [ "X" != "X$M_CIPHERS" ]; then
1325                        start_server "OpenSSL"
1326                        for i in $M_CIPHERS; do
1327                            check_openssl_server_bug $i
1328                            run_client mbedTLS $i
1329                        done
1330                        stop_server
1331                    fi
1332
1333                    if [ "X" != "X$O_CIPHERS" ]; then
1334                        start_server "mbedTLS"
1335                        for i in $O_CIPHERS; do
1336                            run_client OpenSSL $i
1337                        done
1338                        stop_server
1339                    fi
1340
1341                    ;;
1342
1343                [Gg]nu*)
1344
1345                    reset_ciphersuites
1346                    add_common_ciphersuites
1347                    add_gnutls_ciphersuites
1348                    filter_ciphersuites
1349
1350                    if [ "X" != "X$M_CIPHERS" ]; then
1351                        start_server "GnuTLS"
1352                        for i in $M_CIPHERS; do
1353                            run_client mbedTLS $i
1354                        done
1355                        stop_server
1356                    fi
1357
1358                    if [ "X" != "X$G_CIPHERS" ]; then
1359                        start_server "mbedTLS"
1360                        for i in $G_CIPHERS; do
1361                            run_client GnuTLS $i
1362                        done
1363                        stop_server
1364                    fi
1365
1366                    ;;
1367
1368                mbed*)
1369
1370                    reset_ciphersuites
1371                    add_common_ciphersuites
1372                    add_openssl_ciphersuites
1373                    add_gnutls_ciphersuites
1374                    add_mbedtls_ciphersuites
1375                    filter_ciphersuites
1376
1377                    if [ "X" != "X$M_CIPHERS" ]; then
1378                        start_server "mbedTLS"
1379                        for i in $M_CIPHERS; do
1380                            run_client mbedTLS $i
1381                        done
1382                        stop_server
1383                    fi
1384
1385                    ;;
1386
1387                *)
1388                    echo "Unknown peer: $PEER" >&2
1389                    exit 1
1390                    ;;
1391
1392                esac
1393
1394            done
1395        done
1396    done
1397done
1398
1399echo "------------------------------------------------------------------------"
1400
1401if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
1402then
1403    printf "FAILED"
1404else
1405    printf "PASSED"
1406fi
1407
1408if [ "$MEMCHECK" -gt 0 ]; then
1409    MEMREPORT=", $SRVMEM server memory errors"
1410else
1411    MEMREPORT=""
1412fi
1413
1414PASSED=$(( $TESTS - $FAILED ))
1415echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
1416
1417FAILED=$(( $FAILED + $SRVMEM ))
1418exit $FAILED
1419