1
0

tls13.test 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
  1. #!/bin/sh
  2. # tls13.test
  3. # copyright wolfSSL 2016
  4. # getting unique port is modeled after resume.test script
  5. # need a unique port since may run the same time as testsuite
  6. # use server port zero hack to get one
  7. port=0
  8. no_pid=-1
  9. server_pid=$no_pid
  10. counter=0
  11. # let's use absolute path to a local dir (make distcheck may be in sub dir)
  12. # also let's add some randomness by adding pid in case multiple 'make check's
  13. # per source tree
  14. ready_file=`pwd`/wolfssl_tls13_ready$$
  15. client_file=`pwd`/wolfssl_tls13_client$$
  16. echo "ready file $ready_file"
  17. create_port() {
  18. while [ ! -s $ready_file ]; do
  19. if [ "$counter" -gt 50 ]; then
  20. break
  21. fi
  22. echo -e "waiting for ready file..."
  23. sleep 0.1
  24. counter=$((counter+ 1))
  25. done
  26. if [ -e $ready_file ]; then
  27. echo -e "found ready file, starting client..."
  28. # get created port 0 ephemeral port
  29. port=`cat $ready_file`
  30. else
  31. echo -e "NO ready file ending test..."
  32. do_cleanup
  33. fi
  34. }
  35. remove_ready_file() {
  36. if [ -e $ready_file ]; then
  37. echo -e "removing existing ready file"
  38. rm $ready_file
  39. fi
  40. }
  41. do_cleanup() {
  42. echo "in cleanup"
  43. if [ $server_pid != $no_pid ]
  44. then
  45. echo "killing server"
  46. kill -9 $server_pid
  47. fi
  48. remove_ready_file
  49. if [ -e $client_file ]; then
  50. echo -e "removing existing client file"
  51. rm $client_file
  52. fi
  53. }
  54. do_trap() {
  55. echo "got trap"
  56. do_cleanup
  57. exit -1
  58. }
  59. trap do_trap INT TERM
  60. [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
  61. ./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
  62. if [ $? -eq 0 ]; then
  63. exit 0
  64. fi
  65. ./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
  66. if [ $? -eq 0 ]; then
  67. exit 0
  68. fi
  69. # Usual TLS v1.3 server / TLS v1.3 client.
  70. echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
  71. port=0
  72. ./examples/server/server -v 4 -R $ready_file -p $port &
  73. server_pid=$!
  74. create_port
  75. ./examples/client/client -v 4 -p $port | tee $client_file
  76. RESULT=$?
  77. remove_ready_file
  78. if [ $RESULT -ne 0 ]; then
  79. echo -e "\n\nTLS v1.3 not enabled"
  80. do_cleanup
  81. exit 1
  82. fi
  83. echo ""
  84. # TLS 1.3 cipher suites server / client.
  85. echo -e "\n\nTLS v1.3 cipher suite mismatch"
  86. port=0
  87. ./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
  88. server_pid=$!
  89. create_port
  90. ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
  91. RESULT=$?
  92. remove_ready_file
  93. if [ $RESULT -eq 0 ]; then
  94. echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
  95. do_cleanup
  96. exit 1
  97. fi
  98. echo ""
  99. ./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
  100. if [ $? -ne 0 ]; then
  101. # TLS 1.3 server / TLS 1.2 client.
  102. echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
  103. port=0
  104. ./examples/server/server -v 4 -R $ready_file -p $port &
  105. server_pid=$!
  106. create_port
  107. ./examples/client/client -v 3 -p $port
  108. RESULT=$?
  109. remove_ready_file
  110. if [ $RESULT -eq 0 ]; then
  111. echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
  112. do_cleanup
  113. exit 1
  114. fi
  115. echo ""
  116. # TLS 1.2 server / TLS 1.3 client.
  117. echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
  118. port=0
  119. ./examples/server/server -v 3 -R $ready_file -p $port &
  120. server_pid=$!
  121. create_port
  122. ./examples/client/client -v 4 -p $port
  123. RESULT=$?
  124. remove_ready_file
  125. if [ $RESULT -eq 0 ]; then
  126. echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
  127. do_cleanup
  128. exit 1
  129. fi
  130. echo ""
  131. echo "Find usable TLS 1.2 cipher suite"
  132. for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
  133. do
  134. echo $CS
  135. ./examples/client/client -e | grep $CS >/dev/null
  136. if [ "$?" = "0" ]; then
  137. TLS12_CS=$CS
  138. break
  139. fi
  140. done
  141. if [ "$TLS12_CS" != "" ]; then
  142. # TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers
  143. echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers"
  144. port=0
  145. SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
  146. CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
  147. ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port &
  148. server_pid=$!
  149. create_port
  150. ./examples/client/client -v d -l $CLIENT_CS -p $port
  151. RESULT=$?
  152. remove_ready_file
  153. if [ $RESULT -eq 0 ]; then
  154. echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers"
  155. do_cleanup
  156. exit 1
  157. fi
  158. echo ""
  159. else
  160. echo "No usable TLS 1.2 cipher suite found"
  161. fi
  162. fi
  163. do_cleanup
  164. echo -e "\nALL Tests Passed"
  165. exit 0