mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 19:50:50 +02:00
db864be6a4
Will process early data packets now. Added test to check output of server for early data being received.
285 lines
7.3 KiB
Bash
Executable File
285 lines
7.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# tls13.test
|
|
# copyright wolfSSL 2016
|
|
|
|
# getting unique port is modeled after resume.test script
|
|
# need a unique port since may run the same time as testsuite
|
|
# use server port zero hack to get one
|
|
port=0
|
|
no_pid=-1
|
|
server_pid=$no_pid
|
|
counter=0
|
|
# let's use absolute path to a local dir (make distcheck may be in sub dir)
|
|
# also let's add some randomness by adding pid in case multiple 'make check's
|
|
# per source tree
|
|
ready_file=`pwd`/wolfssl_tls13_ready$$
|
|
client_file=`pwd`/wolfssl_tls13_client$$
|
|
# Server output
|
|
server_out_file=`pwd`/wolfssl_tls13_server_out$$
|
|
# Client output
|
|
client_out_file=`pwd`/wolfssl_tls13_client_out$$
|
|
|
|
echo "ready file $ready_file"
|
|
|
|
create_port() {
|
|
while [ ! -s $ready_file ]; do
|
|
if [ "$counter" -gt 50 ]; then
|
|
break
|
|
fi
|
|
echo -e "waiting for ready file..."
|
|
sleep 0.1
|
|
counter=$((counter+ 1))
|
|
done
|
|
|
|
if [ -e $ready_file ]; then
|
|
echo -e "found ready file, starting client..."
|
|
|
|
# get created port 0 ephemeral port
|
|
port=`cat $ready_file`
|
|
else
|
|
echo -e "NO ready file ending test..."
|
|
do_cleanup
|
|
fi
|
|
}
|
|
|
|
remove_ready_file() {
|
|
if [ -e $ready_file ]; then
|
|
echo -e "removing existing ready file"
|
|
rm $ready_file
|
|
fi
|
|
}
|
|
|
|
do_cleanup() {
|
|
echo "in cleanup"
|
|
|
|
if [ $server_pid != $no_pid ]
|
|
then
|
|
echo "killing server"
|
|
kill -9 $server_pid
|
|
server_pid=$no_pid
|
|
fi
|
|
remove_ready_file
|
|
if [ -e $client_file ]; then
|
|
echo -e "removing existing client file"
|
|
rm $client_file
|
|
fi
|
|
if [ -e $server_out_file ]; then
|
|
echo -e "removing existing server output file"
|
|
rm $server_out_file
|
|
fi
|
|
if [ -e $client_out_file ]; then
|
|
echo -e "removing existing client output file"
|
|
rm $client_out_file
|
|
fi
|
|
}
|
|
|
|
do_trap() {
|
|
echo "got trap"
|
|
do_cleanup
|
|
exit -1
|
|
}
|
|
|
|
trap do_trap INT TERM
|
|
|
|
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
|
./examples/client/client '-?' 2>&1 | grep -- 'Client not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
./examples/server/server '-?' 2>&1 | grep -- 'Server not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Usual TLS v1.3 server / TLS v1.3 client.
|
|
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
|
|
port=0
|
|
./examples/server/server -v 4 -R $ready_file -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -p $port | tee $client_file
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nTLS v1.3 not enabled"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# TLS 1.3 cipher suites server / client.
|
|
echo -e "\n\nTLS v1.3 cipher suite mismatch"
|
|
port=0
|
|
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
|
|
cat ./wolfssl/options.h | grep -- 'NO_CERTS'
|
|
if [ $? -ne 0 ]; then
|
|
# TLS 1.3 mutual auth required but client doesn't send certificates.
|
|
echo -e "\n\nTLS v1.3 mutual auth fail"
|
|
port=0
|
|
./examples/server/server -v 4 -F -R $ready_file -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -x -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nIssue with requiring mutual authentication"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
fi
|
|
|
|
# Check for TLS 1.2 support
|
|
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
|
if [ $? -ne 0 ]; then
|
|
# TLS 1.3 server / TLS 1.2 client.
|
|
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
|
|
port=0
|
|
./examples/server/server -v 4 -R $ready_file -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 3 -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
|
|
# TLS 1.2 server / TLS 1.3 client.
|
|
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
|
|
port=0
|
|
./examples/server/server -v 3 -R $ready_file -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
|
|
echo "Find usable TLS 1.2 cipher suite"
|
|
for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
|
|
do
|
|
echo $CS
|
|
./examples/client/client -e | grep $CS >/dev/null
|
|
if [ "$?" = "0" ]; then
|
|
TLS12_CS=$CS
|
|
break
|
|
fi
|
|
do_cleanup
|
|
done
|
|
if [ "$TLS12_CS" != "" ]; then
|
|
# TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers
|
|
echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers"
|
|
port=0
|
|
SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
|
|
CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
|
|
./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v d -l $CLIENT_CS -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
else
|
|
echo "No usable TLS 1.2 cipher suite found"
|
|
fi
|
|
fi
|
|
|
|
# Check for EarlyData support
|
|
./examples/client/client -? 2>&1 | grep -- 'Early data'
|
|
if [ $? -eq 0 ]; then
|
|
early_data=yes
|
|
fi
|
|
./examples/client/client -? 2>&1 | grep -- 'Shared keys'
|
|
if [ $? -eq 0 ]; then
|
|
psk=yes
|
|
fi
|
|
|
|
if [ "$early_data" = "yes" ]; then
|
|
echo -e "\n\nTLS v1.3 Early Data - session ticket"
|
|
port=0
|
|
(./examples/server/server -v 4 -r -0 -R $ready_file -p $port 2>&1 | \
|
|
tee $server_out_file) &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -r -0 -p $port 2>&1 >$client_out_file
|
|
RESULT=$?
|
|
cat $client_out_file
|
|
remove_ready_file
|
|
grep 'Session Ticket' $client_out_file
|
|
session_ticket=$?
|
|
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
|
|
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 2 ]; then
|
|
RESULT=1
|
|
fi
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nIssue with TLS v1.3 Early DAta - session ticket"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
do_cleanup
|
|
echo ""
|
|
fi
|
|
|
|
if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
|
|
echo -e "\n\nTLS v1.3 Early Data - PSK"
|
|
port=0
|
|
(./examples/server/server -v 4 -s -0 -R $ready_file -p $port 2>&1 | \
|
|
tee $server_out_file) &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -v 4 -s -0 -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
|
|
if [ $early_data_cnt -ne 2 ]; then
|
|
RESULT=1
|
|
fi
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nIssue with TLS v1.3 Early DAta - session ticket"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "Early data not available"
|
|
fi
|
|
|
|
do_cleanup
|
|
|
|
echo -e "\nALL Tests Passed"
|
|
|
|
exit 0
|
|
|