mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 01:20:50 +02:00
142 lines
4.4 KiB
Bash
Executable File
142 lines
4.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# rsapss.test
|
|
|
|
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
|
|
&& exit 1
|
|
|
|
if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then
|
|
echo 'skipping rsapss.test because client not compiled in.' 1>&2
|
|
exit 77
|
|
fi
|
|
|
|
if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then
|
|
echo 'skipping rsapss.test because server not compiled in.' 1>&2
|
|
exit 77
|
|
fi
|
|
|
|
if ! ./examples/client/client -V | grep -q 4; then
|
|
echo "skipping because TLS 1.3 not enabled in this build"
|
|
exit 0
|
|
fi
|
|
if ! grep -q -- -DWC_RSA_PSS config.log 2>/dev/null; then
|
|
echo "skipping because WC_RSA_PSS not enabled in this build"
|
|
exit 0
|
|
fi
|
|
if ! grep -q -- '-DHAVE_ECC\>' config.log 2>/dev/null; then
|
|
echo "skipping because HAVE_ECC not enabled in this build"
|
|
exit 0
|
|
fi
|
|
if grep -q -- '-DNO_CODING' config.log 2>/dev/null; then
|
|
echo "skipping because NO_CODING is defined in this build"
|
|
exit 0
|
|
fi
|
|
|
|
CERT_DIR="$PWD/$(dirname "$0")/../certs"
|
|
if [ "$OPENSSL" = "" ]; then
|
|
OPENSSL=openssl
|
|
fi
|
|
|
|
# if we can, isolate the network namespace to eliminate port collisions.
|
|
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
|
|
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
|
|
export NETWORK_UNSHARE_HELPER_CALLED=yes
|
|
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
|
|
fi
|
|
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
|
|
bwrap_path="$(command -v bwrap)"
|
|
if [ -n "$bwrap_path" ]; then
|
|
export AM_BWRAPPED=yes
|
|
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
|
|
fi
|
|
unset AM_BWRAPPED
|
|
fi
|
|
|
|
# need a unique port since may run the same time as testsuite
|
|
# Track ports already assigned in this script run to prevent intra-run collisions
|
|
used_ports=()
|
|
|
|
generate_port() {
|
|
#-------------------------------------------------------------------------#
|
|
# Generate a random port number, guaranteed unique within this script run.
|
|
# Checks both the intra-run used_ports list and system-level bound ports.
|
|
#-------------------------------------------------------------------------#
|
|
local attempts=0 collision p
|
|
|
|
while true; do
|
|
if [[ "$OSTYPE" == "linux"* ]]; then
|
|
p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
|
|
elif [[ "$OSTYPE" == "darwin"* ]]; then
|
|
p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
|
|
else
|
|
echo "skipping due to unsupported OS"
|
|
exit 0
|
|
fi
|
|
|
|
# Check against ports already assigned in this run
|
|
collision=0
|
|
for up in "${used_ports[@]}"; do
|
|
if [ "$up" = "$p" ]; then
|
|
collision=1
|
|
break
|
|
fi
|
|
done
|
|
|
|
# Also check if the port is already bound on this system
|
|
if [ "$collision" -eq 0 ]; then
|
|
if command -v ss &>/dev/null; then
|
|
ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1
|
|
elif command -v netstat &>/dev/null; then
|
|
netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1
|
|
fi
|
|
fi
|
|
|
|
[ "$collision" -eq 0 ] && break
|
|
|
|
((attempts++))
|
|
if [ "$attempts" -ge 100 ]; then
|
|
echo "ERROR: generate_port could not find a free port after 100 attempts"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
port=$p
|
|
used_ports+=("$p")
|
|
}
|
|
|
|
WOLFSSL_SERVER=./examples/server/server
|
|
|
|
start_wolfssl_server() {
|
|
generate_port
|
|
server_port=$port
|
|
$WOLFSSL_SERVER -p "$server_port" -v 4 -c "$CERT_DIR"/rsapss/server-rsapss.pem -k "$CERT_DIR"/rsapss/server-rsapss-priv.pem -A "$CERT_DIR"/rsapss/root-rsapss.pem -d &
|
|
}
|
|
|
|
#
|
|
# Run OpenSSL client against wolfSSL server
|
|
#
|
|
do_openssl_client() {
|
|
echo "test connection" | $OPENSSL s_client -connect 127.0.0.1:"$server_port" -cert "$CERT_DIR"/rsapss/client-rsapss.pem -key "$CERT_DIR"/rsapss/client-rsapss-priv.pem -CAfile "$CERT_DIR"/rsapss/root-rsapss.pem > rsapss.test.log
|
|
result=$?
|
|
cat rsapss.test.log
|
|
if [ "$result" != 0 ]
|
|
then
|
|
echo "$OPENSSL s_client command failed"
|
|
exit 1
|
|
fi
|
|
grep -q "Peer signature type:.*rsa_pss_rsae_sha256" rsapss.test.log
|
|
result=$?
|
|
rm -f rsapss.test.log
|
|
if [ "$result" == 0 ]
|
|
then
|
|
echo "Test failed: Peer signature type identified as rsa_pss_rsae_sha256"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
start_wolfssl_server
|
|
sleep 1
|
|
do_openssl_client
|
|
echo -e "\nSuccess!\n\n"
|
|
exit 0
|