wolfssl/scripts/openssl_srtp.test

#!/bin/bash
# Test WolfSSL/OpenSSL srtp interoperability
#
# TODO: add OpenSSL client with WolfSSL server

set -e

if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
    echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
    exit 0
fi

OPENSSL=${OPENSSL:="openssl"}
WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"}

# need a unique port since may run the same time as testsuite
generate_port() {
    port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
}

# get size of key material based on the profile
# $1 srtp profile
get_key_material_size() {
    case "$1" in
        "SRTP_AES128_CM_SHA1_80")
            ekm_size=60 ;;
        "SRTP_AES128_CM_SHA1_32")
            ekm_size=60 ;;
        "SRTP_NULL_SHA1_80")
            ekm_size=28 ;;
        "SRTP_NULL_SHA1_32")
            ekm_size=27 ;;
        "SRTP_AEAD_AES_128_GCM")
            ekm_size=56;;
        "SRTP_AEAD_AES_256_GCM")
            ekm_size=88;;
        *)
            echo "SRTP profile $1 unsupported"
            exit 1
    esac
}


# Start an OpenSSL server dtls with srtp
# $1: dtsl version [1.0, 1.2]
# $2: srtp profile string
start_openssl_server() {
    generate_port
    server_port=$port
    srtp_profile=$2

    if [ "$1" = "1.0" ]; then
        dtls_version=dtls1
    elif [ "$1" = "1.2" ]; then
        dtls_version=dtls1_2
    fi

    get_key_material_size "$srtp_profile"

    server_output_file=/tmp/openssl_srtp_out

    # hackish but OpenSSL doesn't work if input is fed before handshaking and
    # the wolfSSL client needs a reply to stop
    (sleep 1;echo -n "I hear you fa shizzle...") | \
        ${OPENSSL} s_server \
                   -${dtls_version} \
                   -port ${server_port} \
                   -debug \
                   -use_srtp ${srtp_profile} \
                   -keymatexport EXTRACTOR-dtls_srtp \
                   -keymatexportlen $ekm_size \
                   -cert ./certs/server-cert.pem \
                   -key ./certs/server-key.pem >$server_output_file &

    # make sure the server is up
    sleep 0.1
}

# Start an wolfssl client dtls with srtp
# $1: dtsl version [1.0, 1.2]
# $2: srtp profile string
start_wolfssl_client() {
    srtp_profile=$2

    if [ "$1" = "1.0" ]; then
        dtls_version=2
    elif [ "$1" = "1.2" ]; then
        dtls_version=3
    fi

    client_output_file=/tmp/wolfssl_srtp_out
    ${WOLFSSL_CLIENT} -u\
                      -x \
                      -v${dtls_version} \
                      --srtp ${srtp_profile} \
                      -p${server_port} >$client_output_file
}

# $1 openssl file
# $2 wolfssl file
check_ekm() {
    openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2)
    echo "OPENSSL EKM: $openssl_ekm"
    wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3)
    echo "WOLFSSL EKM: $wolfssl_ekm"

    if [ "$openssl_ekm" = "$wolfssl_ekm" ];then
        check_ret=0
    else
        check_ret=1
    fi
}

# $1 dtsl version
# $2 srtp profile
check_dtls_srtp() {
    start_openssl_server $1 $2
    start_wolfssl_client $1 $2
    check_ekm $server_output_file $client_output_file
    echo -n "check dtls $1 $2... "
    if [ $check_ret -ne 0 ];then
        echo "failed"
        exit 1
    else
        echo "ok"
    fi
}

# SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL
PROFILES="SRTP_AES128_CM_SHA1_80 \
        SRTP_AES128_CM_SHA1_32 \
        SRTP_AEAD_AES_128_GCM \
        SRTP_AEAD_AES_256_GCM"

for DTLS in 1.0 1.2;do
    for SRTP_PROF in $PROFILES;do
        check_dtls_srtp $DTLS $SRTP_PROF
    done
done
global fixes for shellcheck warnings SC2027, SC2069, SC2154, SC2141, SC3014, SC3037 (all true positives). note, does not fix SC2057 in ocsp-stapling.test, which is addressed by PR #5174 . 2022-05-24 12:10:10 -05:00			`#!/bin/bash`
dtls-srtp: add script to test interop with OpenSSL 2022-01-20 16:11:15 +01:00			`# Test WolfSSL/OpenSSL srtp interoperability`
			`#`
			`# TODO: add OpenSSL client with WolfSSL server`

			`set -e`

			`if ! test -n "$WOLFSSL_OPENSSL_TEST"; then`
			`echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"`
			`exit 0`
			`fi`

			`OPENSSL=${OPENSSL:="openssl"}`
			`WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"}`

			`# need a unique port since may run the same time as testsuite`
			`generate_port() {`
			`port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))`
			`}`

			`# get size of key material based on the profile`
			`# $1 srtp profile`
			`get_key_material_size() {`
			`case "$1" in`
			`"SRTP_AES128_CM_SHA1_80")`
			`ekm_size=60 ;;`
			`"SRTP_AES128_CM_SHA1_32")`
			`ekm_size=60 ;;`
			`"SRTP_NULL_SHA1_80")`
			`ekm_size=28 ;;`
			`"SRTP_NULL_SHA1_32")`
			`ekm_size=27 ;;`
			`"SRTP_AEAD_AES_128_GCM")`
			`ekm_size=56;;`
			`"SRTP_AEAD_AES_256_GCM")`
			`ekm_size=88;;`
			`*)`
			`echo "SRTP profile $1 unsupported"`
			`exit 1`
			`esac`
			`}`


			`# Start an OpenSSL server dtls with srtp`
			`# $1: dtsl version [1.0, 1.2]`
			`# $2: srtp profile string`
			`start_openssl_server() {`
			`generate_port`
			`server_port=$port`
			`srtp_profile=$2`

			`if [ "$1" = "1.0" ]; then`
			`dtls_version=dtls1`
			`elif [ "$1" = "1.2" ]; then`
			`dtls_version=dtls1_2`
			`fi`

			`get_key_material_size "$srtp_profile"`

			`server_output_file=/tmp/openssl_srtp_out`

global fixes for shellcheck warnings SC2027, SC2069, SC2154, SC2141, SC3014, SC3037 (all true positives). note, does not fix SC2057 in ocsp-stapling.test, which is addressed by PR #5174 . 2022-05-24 12:10:10 -05:00			`# hackish but OpenSSL doesn't work if input is fed before handshaking and`
dtls-srtp: add script to test interop with OpenSSL 2022-01-20 16:11:15 +01:00			`# the wolfSSL client needs a reply to stop`
			`(sleep 1;echo -n "I hear you fa shizzle...") \| \`
			`${OPENSSL} s_server \`
			`-${dtls_version} \`
			`-port ${server_port} \`
			`-debug \`
			`-use_srtp ${srtp_profile} \`
			`-keymatexport EXTRACTOR-dtls_srtp \`
			`-keymatexportlen $ekm_size \`
			`-cert ./certs/server-cert.pem \`
			`-key ./certs/server-key.pem >$server_output_file &`

			`# make sure the server is up`
			`sleep 0.1`
			`}`

			`# Start an wolfssl client dtls with srtp`
			`# $1: dtsl version [1.0, 1.2]`
			`# $2: srtp profile string`
			`start_wolfssl_client() {`
			`srtp_profile=$2`

			`if [ "$1" = "1.0" ]; then`
			`dtls_version=2`
			`elif [ "$1" = "1.2" ]; then`
			`dtls_version=3`
			`fi`

			`client_output_file=/tmp/wolfssl_srtp_out`
			`${WOLFSSL_CLIENT} -u\`
			`-x \`
			`-v${dtls_version} \`
			`--srtp ${srtp_profile} \`
			`-p${server_port} >$client_output_file`
			`}`

			`# $1 openssl file`
			`# $2 wolfssl file`
			`check_ekm() {`
			`openssl_ekm=$(cat "$1" \| grep "Keying material: " \| cut -d ':' -f 2)`
			`echo "OPENSSL EKM: $openssl_ekm"`
			`wolfssl_ekm=$(cat "$2" \| grep "DTLS SRTP: Exported key material: " \| cut -d ':' -f 3)`
			`echo "WOLFSSL EKM: $wolfssl_ekm"`

			`if [ "$openssl_ekm" = "$wolfssl_ekm" ];then`
			`check_ret=0`
			`else`
			`check_ret=1`
			`fi`
			`}`

			`# $1 dtsl version`
			`# $2 srtp profile`
			`check_dtls_srtp() {`
			`start_openssl_server $1 $2`
			`start_wolfssl_client $1 $2`
			`check_ekm $server_output_file $client_output_file`
			`echo -n "check dtls $1 $2... "`
			`if [ $check_ret -ne 0 ];then`
			`echo "failed"`
fixes for shell script errors detected by shellcheck --severity=error. 2022-03-08 12:51:48 -06:00			`exit 1`
dtls-srtp: add script to test interop with OpenSSL 2022-01-20 16:11:15 +01:00			`else`
			`echo "ok"`
			`fi`
			`}`

			`# SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL`
			`PROFILES="SRTP_AES128_CM_SHA1_80 \`
			`SRTP_AES128_CM_SHA1_32 \`
			`SRTP_AEAD_AES_128_GCM \`
			`SRTP_AEAD_AES_256_GCM"`

			`for DTLS in 1.0 1.2;do`
			`for SRTP_PROF in $PROFILES;do`
			`check_dtls_srtp $DTLS $SRTP_PROF`
			`done`
			`done`