123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358 |
- #!/usr/bin/env bash
- if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
- if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
- export NETWORK_UNSHARE_HELPER_CALLED=yes
- exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
- fi
- elif [ "${AM_BWRAPPED-}" != "yes" ]; then
- bwrap_path="$(command -v bwrap)"
- if [ -n "$bwrap_path" ]; then
- export AM_BWRAPPED=yes
- exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
- fi
- unset AM_BWRAPPED
- fi
- early_data_try_max=10
- port=0
- no_pid=-1
- server_pid=$no_pid
- counter=0
- ready_file="$(pwd)/wolfssl_tls13_ready$$"
- client_file="$(pwd)/wolfssl_tls13_client$$"
- server_out_file="$(pwd)/wolfssl_tls13_server_out$$"
- client_out_file="$(pwd)/wolfssl_tls13_client_out$$"
- echo "ready file \"$ready_file\""
- create_port() {
- while [ ! -s "$ready_file" ]; do
- if [ "$counter" -gt 50 ]; then
- break
- fi
- echo -e "waiting for ready file..."
- sleep 0.1
- counter=$((counter+ 1))
- done
- if [ -e "$ready_file" ]; then
- echo -e "found ready file, starting client..."
-
- sleep 0.1
-
- port="$(cat "$ready_file")"
- else
- echo -e "NO ready file ending test..."
- do_cleanup
- fi
- }
- remove_ready_file() {
- if [ -e "$ready_file" ]; then
- echo -e "removing existing ready file"
- rm "$ready_file"
- fi
- }
- do_cleanup() {
- echo "in cleanup"
- if [ $server_pid != $no_pid ]
- then
- echo "killing server"
- kill -9 $server_pid 2>/dev/null
- server_pid=$no_pid
- fi
- remove_ready_file
- if [ -e "$client_file" ]; then
- echo -e "removing existing client file"
- rm "$client_file"
- fi
- if [ -e "$server_out_file" ]; then
- echo -e "removing existing server output file"
- rm "$server_out_file"
- fi
- if [ -e "$client_out_file" ]; then
- echo -e "removing existing client output file"
- rm "$client_out_file"
- fi
- }
- do_trap() {
- echo "got trap"
- do_cleanup
- exit 1
- }
- trap do_trap INT TERM
- [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
- ./examples/client/client '-?' 2>&1 | grep -- 'Client not compiled in!'
- if [ $? -eq 0 ]; then
- exit 0
- fi
- ./examples/server/server '-?' 2>&1 | grep -- 'Server not compiled in!'
- if [ $? -eq 0 ]; then
- exit 0
- fi
- echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
- port=0
- ./examples/server/server -v 4 -R "$ready_file" -p $port &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -p $port | tee "$client_file"
- RESULT=$?
- remove_ready_file
- if [ $RESULT -ne 0 ]; then
- echo -e "\n\nTLS v1.3 not enabled"
- do_cleanup
- exit 1
- fi
- echo ""
- echo -e "\n\nTLS v1.3 cipher suite mismatch"
- port=0
- ./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-AES128-GCM-SHA256 &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
- RESULT=$?
- remove_ready_file
- if [ $RESULT -eq 0 ]; then
- echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
- do_cleanup
- exit 1
- fi
- do_cleanup
- echo ""
- grep -F -e 'NO_CERTS' ./wolfssl/options.h
- NO_CERTS=$?
- grep -F -e 'WOLFSSL_NO_CLIENT_AUTH' ./wolfssl/options.h
- NO_CLIENT_AUTH=$?
- if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
-
- echo -e "\n\nTLS v1.3 mutual auth fail"
- port=0
- ./examples/server/server -v 4 -F -R "$ready_file" -p $port &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -x -p $port
- RESULT=$?
- remove_ready_file
- if [ $RESULT -eq 0 ]; then
- echo -e "\n\nIssue with requiring mutual authentication"
- do_cleanup
- exit 1
- fi
- do_cleanup
- echo ""
- fi
- ./examples/client/client -v 3 2>&1 | grep -F -e 'Bad SSL version'
- if [ $? -ne 0 ]; then
-
- echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
- port=0
- ./examples/server/server -v 4 -R "$ready_file" -p $port &
- server_pid=$!
- create_port
- ./examples/client/client -v 3 -p $port
- RESULT=$?
- remove_ready_file
- if [ $RESULT -eq 0 ]; then
- echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
- do_cleanup
- exit 1
- fi
- do_cleanup
- echo ""
-
- echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
- port=0
- ./examples/server/server -v 3 -R "$ready_file" -p $port &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -p $port
- RESULT=$?
- remove_ready_file
- if [ $RESULT -eq 0 ]; then
- echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
- do_cleanup
- exit 1
- fi
- do_cleanup
- echo ""
- echo "Find usable TLS 1.2 cipher suite"
- for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
- do
- echo $CS
- ./examples/client/client -e | grep -F -e "$CS" >/dev/null
- if [ "$?" = "0" ]; then
- TLS12_CS=$CS
- break
- fi
- do_cleanup
- done
- if [ "$TLS12_CS" != "" ]; then
-
- echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers"
- port=0
- SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
- CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
- ./examples/server/server -v d -l $SERVER_CS -R "$ready_file" -p $port &
- server_pid=$!
- create_port
- ./examples/client/client -v d -l $CLIENT_CS -p $port
- RESULT=$?
- remove_ready_file
- if [ $RESULT -eq 0 ]; then
- echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers"
- do_cleanup
- exit 1
- fi
- do_cleanup
- echo ""
- else
- echo "No usable TLS 1.2 cipher suite found"
- fi
- fi
- ./examples/client/client -? 2>&1 | grep -F -e 'Early data'
- if [ $? -eq 0 ]; then
- early_data=yes
- fi
- ./examples/client/client -? 2>&1 | grep -F -e 'Shared keys'
- if [ $? -eq 0 ]; then
- psk=yes
- fi
- if [ "$early_data" = "yes" ]; then
- early_data_try_num=1
- while :; do
- echo -e "\n\nTLS v1.3 Early Data - session ticket"
- port=0
- (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
- tee "$server_out_file") &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -r -0 -p $port >"$client_out_file" 2>&1
- RESULT=$?
- cat "$client_out_file"
- remove_ready_file
- grep -F -e 'Session Ticket' "$client_out_file"
- session_ticket=$?
-
- wait $server_pid
- ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
- ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
- echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
- if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
- -a $ed_srv_status_cnt -ne 2 ]; then
- RESULT=1
- fi
- if [ $RESULT -ne 0 ]; then
- echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
- if [ $early_data_try_num -lt $early_data_try_max ]; then
- echo -e "retry #${early_data_try_num}...\n"
- : $((++early_data_try_num))
- continue
- fi
- do_cleanup
- exit 1
- fi
- do_cleanup
- break
- done
- echo ""
- fi
- if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
- echo -e "\n\nTLS v1.3 Early Data - PSK"
- port=0
- early_data_try_num=1
- while :; do
- (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
- tee "$server_out_file") &
- server_pid=$!
- create_port
- ./examples/client/client -v 4 -s -0 -p $port
- RESULT=$?
- remove_ready_file
-
- wait $server_pid
- ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
- ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
- echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
- if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
- echo
- echo "Server out file"
- cat "$server_out_file"
- echo
- echo "Found lines"
- grep -F -e 'Early Data' "$server_out_file"
- echo -e "\n\nUnexpected 'Early Data' lines."
- RESULT=1
- fi
- if [ $RESULT -ne 0 ]; then
- echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
- if [ $early_data_try_num -lt $early_data_try_max ]; then
- echo -e "retry #${early_data_try_num}...\n"
- : $((++early_data_try_num))
- continue
- fi
- do_cleanup
- exit 1
- fi
- break
- done
- else
- echo "Early Data not available"
- fi
- do_cleanup
- echo -e "\nALL Tests Passed"
- exit 0
|