wolfssl/scripts/psk.test

#!/bin/bash

# psk.test
# copyright wolfSSL 2016

# if we can, isolate the network namespace to eliminate port collisions.
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
     if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
         export NETWORK_UNSHARE_HELPER_CALLED=yes
         exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
     fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
    bwrap_path="$(command -v bwrap)"
    if [ -n "$bwrap_path" ]; then
        export AM_BWRAPPED=yes
        exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
    fi
    unset AM_BWRAPPED
fi

# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_psk_ready$$

echo "ready file \"$ready_file\""

create_port() {
    while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
        echo -e "waiting for ready file..."
        sleep 0.1
        counter=$((counter+ 1))
    done

    if test -e "$ready_file"; then
        echo -e "found ready file, starting client..."

        # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
        sleep 0.1

        # get created port 0 ephemeral port
        port=`cat "$ready_file"`
    else
        echo -e "NO ready file ending test..."
        do_cleanup
    fi
}

remove_ready_file() {
    if test -e "$ready_file"; then
        echo -e "removing existing ready file"
    rm "$ready_file"
    fi
}

do_cleanup() {
    echo "in cleanup"

    if  [ $server_pid != $no_pid ]
    then
        echo "killing server"
        kill -9 $server_pid
    fi
    remove_ready_file
}

do_trap() {
    echo "got trap"
    do_cleanup
    exit 1
}

trap do_trap INT TERM

[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
./examples/client/client '-?' 2>&1 | grep -- 'Client not compiled in!'
if [ $? -eq 0 ]; then
    exit 0
fi
./examples/server/server '-?' 2>&1 | grep -- 'Server not compiled in!'
if [ $? -eq 0 ]; then
    exit 0
fi

# Usual psk server / psk client. This use case is tested in
# tests/unit.test and is used here for just checking if PSK is enabled
port=0
./examples/server/server -s -R "$ready_file" -p $port &
server_pid=$!
create_port
./examples/client/client -s -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
    echo -e "\n\nPSK not enabled"
    do_cleanup
    exit 0
fi
echo ""

# client test against the server
###############################

./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
    # Usual server / client. This use case is tested in
    # tests/unit.test and is used here for just checking if cipher suite
    # is available (one case for example is with disable-asn)
    port=0
    ./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
    server_pid=$!
    create_port
    ./examples/client/client -p $port
    RESULT=$?
    remove_ready_file
    # if fail here then is a settings issue so return 0
    if [ $RESULT -ne 0 ]; then
        echo -e "\n\nIssue with chosen non PSK suites"
        do_cleanup
        exit 0
    fi
    echo ""

    # psk server with non psk client
    port=0
    ./examples/server/server -j -R "$ready_file" -p $port &
    server_pid=$!
    create_port
    ./examples/client/client -p $port
    RESULT=$?
    remove_ready_file
    if [ $RESULT -ne 0 ]; then
        echo -e "\n\nClient connection failed"
        do_cleanup
        exit 1
    fi
    echo ""

    # check fail if no auth, psk server with non psk client
    echo "Checking fail when not sending peer cert"
    port=0
    ./examples/server/server -j -R "$ready_file" -p $port &
    server_pid=$!
    create_port
    ./examples/client/client -x -p $port
    RESULT=$?
    remove_ready_file
    if [ $RESULT -eq 0 ]; then
        echo -e "\n\nClient connected when supposed to fail"
        do_cleanup
        exit 1
    fi
fi

echo -e "\nALL Tests Passed"

exit 0
script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00			`#!/bin/bash`
add psk.test script for testing 2016-02-11 00:12:48 -07:00
			`# psk.test`
			`# copyright wolfSSL 2016`

add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00			`# if we can, isolate the network namespace to eliminate port collisions.`
add support for $NETWORK_UNSHARE_HELPER to the relevant scripts/. 2022-05-05 15:59:11 -05:00			`if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then`
			`if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then`
			`export NETWORK_UNSHARE_HELPER_CALLED=yes`
			`exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" \|\| exit $?`
			`fi`
			`elif [ "${AM_BWRAPPED-}" != "yes" ]; then`
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00			`bwrap_path="$(command -v bwrap)"`
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh. 2020-09-14 16:06:45 -05:00			`if [ -n "$bwrap_path" ]; then`
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00			`export AM_BWRAPPED=yes`
			`exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"`
			`fi`
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh. 2020-09-14 16:06:45 -05:00			`unset AM_BWRAPPED`
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00			`fi`

add psk.test script for testing 2016-02-11 00:12:48 -07:00			`# getting unique port is modeled after resume.test script`
			`# need a unique port since may run the same time as testsuite`
			`# use server port zero hack to get one`
			`port=0`
			`no_pid=-1`
			`server_pid=$no_pid`
			`counter=0`
			`# let's use absolute path to a local dir (make distcheck may be in sub dir)`
			`# also let's add some randomness by adding pid in case multiple 'make check's`
			`# per source tree`
			ready_file=`pwd`/wolfssl_psk_ready$$

tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`echo "ready file \"$ready_file\""`
add psk.test script for testing 2016-02-11 00:12:48 -07:00
			`create_port() {`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`echo -e "waiting for ready file..."`
			`sleep 0.1`
			`counter=$((counter+ 1))`
			`done`

tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`if test -e "$ready_file"; then`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`echo -e "found ready file, starting client..."`

scripts/: more race elimination/mitigation. 2020-09-16 18:05:35 -05:00			`# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:`
			`sleep 0.1`

add psk.test script for testing 2016-02-11 00:12:48 -07:00			`# get created port 0 ephemeral port`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			port=`cat "$ready_file"`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`else`
			`echo -e "NO ready file ending test..."`
			`do_cleanup`
			`fi`
			`}`

			`remove_ready_file() {`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`if test -e "$ready_file"; then`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`echo -e "removing existing ready file"`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`rm "$ready_file"`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`fi`
			`}`

			`do_cleanup() {`
			`echo "in cleanup"`

			`if [ $server_pid != $no_pid ]`
			`then`
			`echo "killing server"`
			`kill -9 $server_pid`
			`fi`
			`remove_ready_file`
			`}`

			`do_trap() {`
			`echo "got trap"`
			`do_cleanup`
fixes for shell script errors detected by shellcheck --severity=error. 2022-03-08 12:51:48 -06:00			`exit 1`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`}`

			`trap do_trap INT TERM`

			`[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1`
add single quotes around -? in test scripts 2020-03-24 22:40:48 -06:00			`./examples/client/client '-?' 2>&1 \| grep -- 'Client not compiled in!'`
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00			`if [ $? -eq 0 ]; then`
			`exit 0`
			`fi`
add single quotes around -? in test scripts 2020-03-24 22:40:48 -06:00			`./examples/server/server '-?' 2>&1 \| grep -- 'Server not compiled in!'`
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00			`if [ $? -eq 0 ]; then`
			`exit 0`
			`fi`
add psk.test script for testing 2016-02-11 00:12:48 -07:00
			`# Usual psk server / psk client. This use case is tested in`
			`# tests/unit.test and is used here for just checking if PSK is enabled`
			`port=0`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`./examples/server/server -s -R "$ready_file" -p $port &`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`server_pid=$!`
			`create_port`
			`./examples/client/client -s -p $port`
			`RESULT=$?`
			`remove_ready_file`
			`# if fail here then is a settings issue so return 0`
			`if [ $RESULT -ne 0 ]; then`
			`echo -e "\n\nPSK not enabled"`
			`do_cleanup`
			`exit 0`
			`fi`
			`echo ""`

			`# client test against the server`
			`###############################`

Allow TLS 1.2 to be compiled out. 2018-05-17 09:08:03 +10:00			`./examples/client/client -v 3 2>&1 \| grep -- 'Bad SSL version'`
			`if [ $? -ne 0 ]; then`
			`# Usual server / client. This use case is tested in`
			`# tests/unit.test and is used here for just checking if cipher suite`
			`# is available (one case for example is with disable-asn)`
			`port=0`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &`
Allow TLS 1.2 to be compiled out. 2018-05-17 09:08:03 +10:00			`server_pid=$!`
			`create_port`
			`./examples/client/client -p $port`
			`RESULT=$?`
			`remove_ready_file`
			`# if fail here then is a settings issue so return 0`
			`if [ $RESULT -ne 0 ]; then`
Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00			`echo -e "\n\nIssue with chosen non PSK suites"`
Allow TLS 1.2 to be compiled out. 2018-05-17 09:08:03 +10:00			`do_cleanup`
			`exit 0`
			`fi`
			`echo ""`

Fix test to work with configurations not including AES-GCM 2018-06-01 09:24:28 +10:00			`# psk server with non psk client`
			`port=0`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`./examples/server/server -j -R "$ready_file" -p $port &`
Fix test to work with configurations not including AES-GCM 2018-06-01 09:24:28 +10:00			`server_pid=$!`
			`create_port`
			`./examples/client/client -p $port`
			`RESULT=$?`
			`remove_ready_file`
			`if [ $RESULT -ne 0 ]; then`
			`echo -e "\n\nClient connection failed"`
			`do_cleanup`
			`exit 1`
			`fi`
			`echo ""`

Allow TLS 1.2 to be compiled out. 2018-05-17 09:08:03 +10:00			`# check fail if no auth, psk server with non psk client`
			`echo "Checking fail when not sending peer cert"`
			`port=0`
tests: fix test scripts for paths with spaces 2021-06-08 18:42:30 -07:00			`./examples/server/server -j -R "$ready_file" -p $port &`
Allow TLS 1.2 to be compiled out. 2018-05-17 09:08:03 +10:00			`server_pid=$!`
			`create_port`
			`./examples/client/client -x -p $port`
			`RESULT=$?`
			`remove_ready_file`
			`if [ $RESULT -eq 0 ]; then`
			`echo -e "\n\nClient connected when supposed to fail"`
			`do_cleanup`
			`exit 1`
			`fi`
add psk.test script for testing 2016-02-11 00:12:48 -07:00			`fi`

			`echo -e "\nALL Tests Passed"`

			`exit 0`