Files
wolfssl/scripts/rsapss.test
T

142 lines
4.4 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
# rsapss.test
2026-02-09 18:18:21 +01:00
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
&& exit 1
if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then
echo 'skipping rsapss.test because client not compiled in.' 1>&2
exit 77
fi
if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then
echo 'skipping rsapss.test because server not compiled in.' 1>&2
exit 77
fi
if ! ./examples/client/client -V | grep -q 4; then
echo "skipping because TLS 1.3 not enabled in this build"
exit 0
fi
if ! grep -q -- -DWC_RSA_PSS config.log 2>/dev/null; then
echo "skipping because WC_RSA_PSS not enabled in this build"
exit 0
fi
if ! grep -q -- '-DHAVE_ECC\>' config.log 2>/dev/null; then
echo "skipping because HAVE_ECC not enabled in this build"
exit 0
fi
if grep -q -- '-DNO_CODING' config.log 2>/dev/null; then
echo "skipping because NO_CODING is defined in this build"
exit 0
fi
CERT_DIR="$PWD/$(dirname "$0")/../certs"
if [ "$OPENSSL" = "" ]; then
OPENSSL=openssl
fi
# if we can, isolate the network namespace to eliminate port collisions.
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
export NETWORK_UNSHARE_HELPER_CALLED=yes
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
fi
unset AM_BWRAPPED
fi
# need a unique port since may run the same time as testsuite
# Track ports already assigned in this script run to prevent intra-run collisions
used_ports=()
generate_port() {
#-------------------------------------------------------------------------#
# Generate a random port number, guaranteed unique within this script run.
# Checks both the intra-run used_ports list and system-level bound ports.
#-------------------------------------------------------------------------#
local attempts=0 collision p
while true; do
if [[ "$OSTYPE" == "linux"* ]]; then
p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
elif [[ "$OSTYPE" == "darwin"* ]]; then
p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
else
echo "skipping due to unsupported OS"
exit 0
fi
# Check against ports already assigned in this run
collision=0
for up in "${used_ports[@]}"; do
if [ "$up" = "$p" ]; then
collision=1
break
fi
done
# Also check if the port is already bound on this system
2026-03-04 15:06:55 -07:00
if [ "$collision" -eq 0 ]; then
if command -v ss &>/dev/null; then
ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1
elif command -v netstat &>/dev/null; then
netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1
fi
fi
2026-03-04 15:06:55 -07:00
[ "$collision" -eq 0 ] && break
((attempts++))
2026-03-04 15:06:55 -07:00
if [ "$attempts" -ge 100 ]; then
echo "ERROR: generate_port could not find a free port after 100 attempts"
exit 1
fi
done
port=$p
used_ports+=("$p")
}
WOLFSSL_SERVER=./examples/server/server
start_wolfssl_server() {
generate_port
server_port=$port
2026-03-04 15:06:55 -07:00
$WOLFSSL_SERVER -p "$server_port" -v 4 -c "$CERT_DIR"/rsapss/server-rsapss.pem -k "$CERT_DIR"/rsapss/server-rsapss-priv.pem -A "$CERT_DIR"/rsapss/root-rsapss.pem -d &
}
#
# Run OpenSSL client against wolfSSL server
#
do_openssl_client() {
2026-03-04 15:06:55 -07:00
echo "test connection" | $OPENSSL s_client -connect 127.0.0.1:"$server_port" -cert "$CERT_DIR"/rsapss/client-rsapss.pem -key "$CERT_DIR"/rsapss/client-rsapss-priv.pem -CAfile "$CERT_DIR"/rsapss/root-rsapss.pem > rsapss.test.log
result=$?
cat rsapss.test.log
2026-03-04 15:06:55 -07:00
if [ "$result" != 0 ]
then
echo "$OPENSSL s_client command failed"
exit 1
fi
grep -q "Peer signature type:.*rsa_pss_rsae_sha256" rsapss.test.log
result=$?
rm -f rsapss.test.log
2026-03-04 15:06:55 -07:00
if [ "$result" == 0 ]
then
echo "Test failed: Peer signature type identified as rsa_pss_rsae_sha256"
exit 1
fi
}
start_wolfssl_server
sleep 1
do_openssl_client
echo -e "\nSuccess!\n\n"
exit 0