openssl_srtp.test 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. #!/bin/bash
  2. # Test WolfSSL/OpenSSL srtp interoperability
  3. #
  4. # TODO: add OpenSSL client with WolfSSL server
  5. set -e
  6. if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
  7. echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
  8. exit 0
  9. fi
  10. OPENSSL=${OPENSSL:="openssl"}
  11. WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"}
  12. # need a unique port since may run the same time as testsuite
  13. generate_port() {
  14. #-------------------------------------------------------------------------#
  15. # Generate a random port number
  16. #-------------------------------------------------------------------------#
  17. if [[ "$OSTYPE" == "linux-gnu"* ]]; then
  18. port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
  19. elif [[ "$OSTYPE" == "darwin"* ]]; then
  20. port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
  21. else
  22. echo "Unknown OS TYPE"
  23. exit 1
  24. fi
  25. }
  26. # get size of key material based on the profile
  27. # $1 srtp profile
  28. get_key_material_size() {
  29. case "$1" in
  30. "SRTP_AES128_CM_SHA1_80")
  31. ekm_size=60 ;;
  32. "SRTP_AES128_CM_SHA1_32")
  33. ekm_size=60 ;;
  34. "SRTP_NULL_SHA1_80")
  35. ekm_size=28 ;;
  36. "SRTP_NULL_SHA1_32")
  37. ekm_size=27 ;;
  38. "SRTP_AEAD_AES_128_GCM")
  39. ekm_size=56;;
  40. "SRTP_AEAD_AES_256_GCM")
  41. ekm_size=88;;
  42. *)
  43. echo "SRTP profile $1 unsupported"
  44. exit 1
  45. esac
  46. }
  47. # Start an OpenSSL server dtls with srtp
  48. # $1: dtsl version [1.0, 1.2]
  49. # $2: srtp profile string
  50. start_openssl_server() {
  51. generate_port
  52. server_port=$port
  53. srtp_profile=$2
  54. if [ "$1" = "1.0" ]; then
  55. dtls_version=dtls1
  56. elif [ "$1" = "1.2" ]; then
  57. dtls_version=dtls1_2
  58. fi
  59. get_key_material_size "$srtp_profile"
  60. server_output_file=/tmp/openssl_srtp_out
  61. # hackish but OpenSSL doesn't work if input is fed before handshaking and
  62. # the wolfSSL client needs a reply to stop
  63. (sleep 1;echo -n "I hear you fa shizzle...") | \
  64. ${OPENSSL} s_server \
  65. -${dtls_version} \
  66. -port ${server_port} \
  67. -debug \
  68. -use_srtp ${srtp_profile} \
  69. -keymatexport EXTRACTOR-dtls_srtp \
  70. -keymatexportlen $ekm_size \
  71. -cert ./certs/server-cert.pem \
  72. -key ./certs/server-key.pem >$server_output_file &
  73. # make sure the server is up
  74. sleep 0.1
  75. }
  76. # Start an wolfssl client dtls with srtp
  77. # $1: dtsl version [1.0, 1.2]
  78. # $2: srtp profile string
  79. start_wolfssl_client() {
  80. srtp_profile=$2
  81. if [ "$1" = "1.0" ]; then
  82. dtls_version=2
  83. elif [ "$1" = "1.2" ]; then
  84. dtls_version=3
  85. fi
  86. client_output_file=/tmp/wolfssl_srtp_out
  87. ${WOLFSSL_CLIENT} -u\
  88. -x \
  89. -v${dtls_version} \
  90. --srtp ${srtp_profile} \
  91. -p${server_port} >$client_output_file
  92. }
  93. # $1 openssl file
  94. # $2 wolfssl file
  95. check_ekm() {
  96. openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2)
  97. echo "OPENSSL EKM: $openssl_ekm"
  98. wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3)
  99. echo "WOLFSSL EKM: $wolfssl_ekm"
  100. if [ "$openssl_ekm" = "$wolfssl_ekm" ];then
  101. check_ret=0
  102. else
  103. check_ret=1
  104. fi
  105. }
  106. # $1 dtsl version
  107. # $2 srtp profile
  108. check_dtls_srtp() {
  109. start_openssl_server $1 $2
  110. start_wolfssl_client $1 $2
  111. check_ekm $server_output_file $client_output_file
  112. echo -n "check dtls $1 $2... "
  113. if [ $check_ret -ne 0 ];then
  114. echo "failed"
  115. exit 1
  116. else
  117. echo "ok"
  118. fi
  119. }
  120. # SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL
  121. PROFILES="SRTP_AES128_CM_SHA1_80 \
  122. SRTP_AES128_CM_SHA1_32 \
  123. SRTP_AEAD_AES_128_GCM \
  124. SRTP_AEAD_AES_256_GCM"
  125. for DTLS in 1.0 1.2;do
  126. for SRTP_PROF in $PROFILES;do
  127. check_dtls_srtp $DTLS $SRTP_PROF
  128. done
  129. done