123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 |
- #!/bin/bash
- # Test WolfSSL/OpenSSL srtp interoperability
- #
- # TODO: add OpenSSL client with WolfSSL server
- set -e
- if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
- echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
- exit 0
- fi
- OPENSSL=${OPENSSL:="openssl"}
- WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"}
- # need a unique port since may run the same time as testsuite
- generate_port() {
- #-------------------------------------------------------------------------#
- # Generate a random port number
- #-------------------------------------------------------------------------#
- if [[ "$OSTYPE" == "linux-gnu"* ]]; then
- port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
- elif [[ "$OSTYPE" == "darwin"* ]]; then
- port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
- else
- echo "Unknown OS TYPE"
- exit 1
- fi
- }
- # get size of key material based on the profile
- # $1 srtp profile
- get_key_material_size() {
- case "$1" in
- "SRTP_AES128_CM_SHA1_80")
- ekm_size=60 ;;
- "SRTP_AES128_CM_SHA1_32")
- ekm_size=60 ;;
- "SRTP_NULL_SHA1_80")
- ekm_size=28 ;;
- "SRTP_NULL_SHA1_32")
- ekm_size=27 ;;
- "SRTP_AEAD_AES_128_GCM")
- ekm_size=56;;
- "SRTP_AEAD_AES_256_GCM")
- ekm_size=88;;
- *)
- echo "SRTP profile $1 unsupported"
- exit 1
- esac
- }
- # Start an OpenSSL server dtls with srtp
- # $1: dtsl version [1.0, 1.2]
- # $2: srtp profile string
- start_openssl_server() {
- generate_port
- server_port=$port
- srtp_profile=$2
- if [ "$1" = "1.0" ]; then
- dtls_version=dtls1
- elif [ "$1" = "1.2" ]; then
- dtls_version=dtls1_2
- fi
- get_key_material_size "$srtp_profile"
- server_output_file=/tmp/openssl_srtp_out
- # hackish but OpenSSL doesn't work if input is fed before handshaking and
- # the wolfSSL client needs a reply to stop
- (sleep 1;echo -n "I hear you fa shizzle...") | \
- ${OPENSSL} s_server \
- -${dtls_version} \
- -port ${server_port} \
- -debug \
- -use_srtp ${srtp_profile} \
- -keymatexport EXTRACTOR-dtls_srtp \
- -keymatexportlen $ekm_size \
- -cert ./certs/server-cert.pem \
- -key ./certs/server-key.pem >$server_output_file &
- # make sure the server is up
- sleep 0.1
- }
- # Start an wolfssl client dtls with srtp
- # $1: dtsl version [1.0, 1.2]
- # $2: srtp profile string
- start_wolfssl_client() {
- srtp_profile=$2
- if [ "$1" = "1.0" ]; then
- dtls_version=2
- elif [ "$1" = "1.2" ]; then
- dtls_version=3
- fi
- client_output_file=/tmp/wolfssl_srtp_out
- ${WOLFSSL_CLIENT} -u\
- -x \
- -v${dtls_version} \
- --srtp ${srtp_profile} \
- -p${server_port} >$client_output_file
- }
- # $1 openssl file
- # $2 wolfssl file
- check_ekm() {
- openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2)
- echo "OPENSSL EKM: $openssl_ekm"
- wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3)
- echo "WOLFSSL EKM: $wolfssl_ekm"
- if [ "$openssl_ekm" = "$wolfssl_ekm" ];then
- check_ret=0
- else
- check_ret=1
- fi
- }
- # $1 dtsl version
- # $2 srtp profile
- check_dtls_srtp() {
- start_openssl_server $1 $2
- start_wolfssl_client $1 $2
- check_ekm $server_output_file $client_output_file
- echo -n "check dtls $1 $2... "
- if [ $check_ret -ne 0 ];then
- echo "failed"
- exit 1
- else
- echo "ok"
- fi
- }
- # SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL
- PROFILES="SRTP_AES128_CM_SHA1_80 \
- SRTP_AES128_CM_SHA1_32 \
- SRTP_AEAD_AES_128_GCM \
- SRTP_AEAD_AES_256_GCM"
- for DTLS in 1.0 1.2;do
- for SRTP_PROF in $PROFILES;do
- check_dtls_srtp $DTLS $SRTP_PROF
- done
- done
|