#!/bin/bash # Test WolfSSL/OpenSSL srtp interoperability # # TODO: add OpenSSL client with WolfSSL server set -e if ! test -n "$WOLFSSL_OPENSSL_TEST"; then echo "WOLFSSL_OPENSSL_TEST NOT set, won't run" exit 0 fi OPENSSL=${OPENSSL:="openssl"} WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"} # need a unique port since may run the same time as testsuite generate_port() { #-------------------------------------------------------------------------# # Generate a random port number #-------------------------------------------------------------------------# if [[ "$OSTYPE" == "linux"* ]]; then port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) elif [[ "$OSTYPE" == "darwin"* ]]; then port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) else echo "Unknown OS TYPE" exit 1 fi } # get size of key material based on the profile # $1 srtp profile get_key_material_size() { case "$1" in "SRTP_AES128_CM_SHA1_80") ekm_size=60 ;; "SRTP_AES128_CM_SHA1_32") ekm_size=60 ;; "SRTP_NULL_SHA1_80") ekm_size=28 ;; "SRTP_NULL_SHA1_32") ekm_size=27 ;; "SRTP_AEAD_AES_128_GCM") ekm_size=56;; "SRTP_AEAD_AES_256_GCM") ekm_size=88;; *) echo "SRTP profile $1 unsupported" exit 1 esac } # Start an OpenSSL server dtls with srtp # $1: dtsl version [1.0, 1.2] # $2: srtp profile string start_openssl_server() { generate_port server_port=$port srtp_profile=$2 if [ "$1" = "1.0" ]; then dtls_version=dtls1 elif [ "$1" = "1.2" ]; then dtls_version=dtls1_2 fi get_key_material_size "$srtp_profile" server_output_file=/tmp/openssl_srtp_out # hackish but OpenSSL doesn't work if input is fed before handshaking and # the wolfSSL client needs a reply to stop (sleep 1;echo -n "I hear you fa shizzle...") | \ ${OPENSSL} s_server \ -${dtls_version} \ -port ${server_port} \ -debug \ -use_srtp ${srtp_profile} \ -keymatexport EXTRACTOR-dtls_srtp \ -keymatexportlen $ekm_size \ -cert ./certs/server-cert.pem \ -key ./certs/server-key.pem >$server_output_file & # make sure the server is up sleep 0.1 } # Start an wolfssl client dtls with srtp # $1: dtsl version [1.0, 1.2] # $2: srtp profile string start_wolfssl_client() { srtp_profile=$2 if [ "$1" = "1.0" ]; then dtls_version=2 elif [ "$1" = "1.2" ]; then dtls_version=3 fi client_output_file=/tmp/wolfssl_srtp_out ${WOLFSSL_CLIENT} -u\ -x \ -v${dtls_version} \ --srtp ${srtp_profile} \ -p${server_port} >$client_output_file } # $1 openssl file # $2 wolfssl file check_ekm() { openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2) echo "OPENSSL EKM: $openssl_ekm" wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3) echo "WOLFSSL EKM: $wolfssl_ekm" if [ "$openssl_ekm" = "$wolfssl_ekm" ];then check_ret=0 else check_ret=1 fi } # $1 dtsl version # $2 srtp profile check_dtls_srtp() { start_openssl_server $1 $2 start_wolfssl_client $1 $2 check_ekm $server_output_file $client_output_file echo -n "check dtls $1 $2... " if [ $check_ret -ne 0 ];then echo "failed" exit 1 else echo "ok" fi } # SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL PROFILES="SRTP_AES128_CM_SHA1_80 \ SRTP_AES128_CM_SHA1_32 \ SRTP_AEAD_AES_128_GCM \ SRTP_AEAD_AES_256_GCM" for DTLS in 1.0 1.2;do for SRTP_PROF in $PROFILES;do check_dtls_srtp $DTLS $SRTP_PROF done done