deb/wolfssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.10.2+dfsg

Browse Source
This commit is contained in:
Mario Fetka
2017-05-11 14:01:41 +02:00
commit 1893aafd38
715 changed files with 248801 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
scripts/benchmark.test Executable file
View File

@@ -0,0 +1,115 @@
#!/bin/sh
#benchmark.test
if [ "$#" -lt 2 ]; then
echo "Usage: $0 [mode] [num] [clientargs] [serverargs]" >&2
echo " [mode]: 1=Connection Rate (TPS), 2=Throughput Bytes" >&2
echo " [num]: Mode 1=Connection Count, Mode 2=Bytes to TX/RX" >&2
echo " [clientargs]: Passed to client (see \"./example/client/client -?\" for help)" >&2
echo " Example: Use different cipher suite: \"-l DHE-RSA-AES256-SHA\"" >&2
echo " [serverargs]: Passed to server (see \"./example/server/server -?\" for help)" >&2
echo " Example: Disable client certificate check: \"-d\"" >&2
echo "Note: If additional client or server args contains spaces wrap with double quotes" >&2
exit 1
fi
# Use unique benchmark port so it won't conflict with any other tests
bench_port=11113
no_pid=-1
server_pid=$no_pid
counter=0
client_result=-1
remove_ready_file() {
if test -e /tmp/wolfssl_server_ready; then
echo "removing exisitng server_ready file"
rm /tmp/wolfssl_server_ready
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
echo "got trap"
do_cleanup
exit -1
}
trap do_trap INT TERM
# Start server in loop continuous mode (-L) with echo data (-e) enabled and non-blocking (-N)
echo "\nStarting example server for benchmark test"
remove_ready_file
# benchmark connections
if [ $1 -eq 1 ]
then
# start server in loop mode with port
./examples/server/server -i -p $bench_port $4 &
server_pid=$!
fi
# benchmark throughput
if [ $1 -eq 2 ]
then
# start server in loop mode, non-blocking, benchmark throughput with port
./examples/server/server -i -N -B $2 -p $bench_port $4 &
server_pid=$!
fi
echo "Waiting for server_ready file..."
while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
sleep 0.1
counter=$((counter+ 1))
done
# benchmark connections
if [ $1 -eq 1 ]
then
echo "Starting example client to benchmark connection average time"
# start client to benchmark average time for each connection using port
./examples/client/client -b $2 -p $bench_port $3
client_result=$?
fi
# benchmark throughput
if [ $1 -eq 2 ]
then
echo "Starting example client to benchmark throughput"
# start client in non-blocking mode, benchmark throughput using port
./examples/client/client -N -B $2 -p $bench_port $3
client_result=$?
fi
if [ $client_result != 0 ]
then
echo "Client failed!"
do_cleanup
exit 1
fi
# End server
kill -6 $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo "Server failed!"
exit 1
fi
echo "\nSuccess!\n"
exit 0

118
scripts/crl-revoked.test Executable file
View File

@@ -0,0 +1,118 @@
#!/bin/sh
#crl.test
revocation_code="-361"
exit_code=1
counter=0
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
crl_port=0
#no_pid tells us process was never started if -1
no_pid=-1
#server_pid captured on startup, stores the id of the server process
server_pid=$no_pid
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_crl_ready$$
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
# trap this function so if user aborts with ^C or other kill signal we still
# get an exit that will in turn clean up the file system
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
exit_code=2 #different exit code in case of user interrupt
echo "got abort signal, exiting with $exit_code"
exit $exit_code
}
trap abort_trap INT TERM
# trap this function so that if we exit on an error the file system will still
# be restored and the other tests may still pass. Never call this function
# instead use "exit <some value>" and this function will run automatically
restore_file_system() {
remove_ready_file
}
trap restore_file_system EXIT
run_test() {
echo -e "\nStarting example server for crl test...\n"
remove_ready_file
# starts the server on crl_port, -R generates ready file to be used as a
# mutex lock, -c loads the revoked certificate. We capture the processid
# into the variable server_pid
./examples/server/server -R $ready_file -p $crl_port \
-c certs/server-revoked-cert.pem -k certs/server-revoked-key.pem &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
exit 1
fi
# get created port 0 ephemeral port
crl_port=`cat $ready_file`
# starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port 2>&1)
client_result=$?
wait $server_pid
server_result=$?
case "$capture_out" in
*$revocation_code*)
# only exit with zero on detection of the expected error code
echo ""
echo "Successful Revocation!!!!"
echo ""
exit_code=0
echo "exiting with $exit_code"
exit $exit_code
;;
*)
echo ""
echo "Certificate was not revoked saw this instead: $capture_out"
echo ""
echo "configure with --enable-crl and run this script again"
echo ""
esac
}
######### begin program #########
# run the test
run_test
# If we get to this exit, exit_code will be a 1 signaling failure
echo "exiting with $exit_code certificate was not revoked"
exit $exit_code
########## end program ##########

28
scripts/external.test Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
# external.test
server=www.wolfssl.com
ca=./certs/wolfssl-website-ca.pem
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# cloudflare seems to change CAs quickly, disabled by default
if test -n "$WOLFSSL_EXTERNAL_TEST"; then
echo "WOLFSSL_EXTERNAL_TEST set, running test..."
else
echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
exit 0
fi
# is our desired server there?
./scripts/ping.test $server 2
RESULT=$?
[ $RESULT -ne 0 ] && exit 0
# client test against the server
./examples/client/client -X -C -h $server -p 443 -g -A $ca
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
exit 0

19
scripts/google.test Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
# google.test
server=www.google.com
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# is our desired server there?
./scripts/ping.test $server 2
RESULT=$?
[ $RESULT -ne 0 ] && exit 0
# client test against the server
./examples/client/client -X -C -h $server -p 443 -g -d
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
exit 0

69
scripts/include.am Normal file
View File

@@ -0,0 +1,69 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
if BUILD_SNIFFTEST
dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test
endif
if BUILD_EXAMPLE_SERVERS
dist_noinst_SCRIPTS+= scripts/resume.test
EXTRA_DIST+= scripts/benchmark.test
if BUILD_CRL
# make revoked test rely on completion of resume test
dist_noinst_SCRIPTS+= scripts/crl-revoked.test
scripts/crl-revoked.log: scripts/resume.log
endif
if BUILD_OCSP
dist_noinst_SCRIPTS+= scripts/ocsp.test
endif
if BUILD_OCSP_STAPLING
dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
scripts/ocsp-stapling.log: scripts/ocsp.log
endif
if BUILD_OCSP_STAPLING_V2
dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test
if BUILD_OCSP_STAPLING
scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log
else
scripts/ocsp-stapling2.log: scripts/ocsp.log
endif
endif
if BUILD_PSK
dist_noinst_SCRIPTS+= scripts/psk.test
endif
if BUILD_TRUST_PEER_CERT
dist_noinst_SCRIPTS+= scripts/trusted_peer.test
endif
if BUILD_PKCALLBACKS
dist_noinst_SCRIPTS+= scripts/pkcallbacks.test
scripts/pkcallbacks.log: scripts/resume.log
endif
endif # end of BUILD_EXAMPLE_SERVERS
if BUILD_EXAMPLE_CLIENTS
if !BUILD_IPV6
dist_noinst_SCRIPTS+= scripts/external.test
dist_noinst_SCRIPTS+= scripts/google.test
dist_noinst_SCRIPTS+= scripts/openssl.test
endif
endif
EXTRA_DIST += scripts/testsuite.pcap \
scripts/ping.test
# leave openssl.test as extra until non bash works
EXTRA_DIST += scripts/openssl.test

39
scripts/ocsp-stapling.test Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
# ocsp-stapling.test
trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT
server=login.live.com
ca=certs/external/ca-verisign-g5.pem
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# is our desired server there? - login.live.com doesn't answers PING
#./scripts/ping.test $server 2
# client test against the server
./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# setup ocsp responder
./certs/ocsp/ocspd1.sh &
sleep 1
[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED CERT
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
exit 0

55
scripts/ocsp-stapling2.test Executable file
View File

@@ -0,0 +1,55 @@
#!/bin/sh
# ocsp-stapling.test
trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# setup ocsp responders
./certs/ocsp/ocspd0.sh &
./certs/ocsp/ocspd2.sh &
./certs/ocsp/ocspd3.sh &
sleep 1
[ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERTS
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED SERVER CERT
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
# client test against our own server - REVOKED INTERMEDIATE CERT
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
exit 0

20
scripts/ocsp.test Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
# ocsp-stapling.test
server=www.globalsign.com
ca=certs/external/ca-globalsign-root-r2.pem
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# is our desired server there?
./scripts/ping.test $server 2
RESULT=$?
[ $RESULT -ne 0 ] && exit 0
# client test against the server
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
exit 0

260
scripts/openssl.test Executable file
View File

@@ -0,0 +1,260 @@
#!/bin/sh
#openssl.test
# need a unique port since may run the same time as testsuite
generate_port() {
openssl_port=`LC_CTYPE=C tr -cd 0-9 </dev/urandom | head -c 7`
openssl_port=$((`LC_CTYPE=C tr -cd 1-9 </dev/urandom | head -c 1`$openssl_port))
openssl_port=$(($openssl_port % (65535-49512)))
openssl_port=$(($openssl_port + 49512))
}
generate_port
no_pid=-1
server_pid=$no_pid
wolf_suites_tested=0
wolf_suites_total=0
counter=0
testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n"
versionName="Invalid"
version_name() {
case $version in "0")
versionName="SSLv3"
;;
"1")
versionName="TLSv1"
;;
"2")
versionName="TLSv1.1"
;;
"3")
versionName="TLSv1.2"
;;
"4")
versionName="ALL"
;;
esac
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
}
do_trap() {
echo "got trap"
do_cleanup
exit 1
}
trap do_trap INT TERM
if test -n "$WOLFSSL_OPENSSL_TEST"; then
echo "WOLFSSL_OPENSSL_TEST set, running test..."
else
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
exit 0
fi
echo -e "\nTesting existence of openssl command...\n"
command -v openssl >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; }
echo -e "\nTesting for _build directory as part of distcheck, different paths"
currentDir=`pwd`
if [ $currentDir = *"_build" ]
then
echo -e "_build directory detected, moving a directory back"
cd ..
fi
found_free_port=0
while [ "$counter" -lt 20 ]; do
echo -e "\nTrying to start openssl server on port $openssl_port...\n"
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
server_pid=$!
# wait to see if s_server successfully starts before continuing
sleep 0.1
if ps -p $server_pid > /dev/null
then
echo "s_server started successfully on port $openssl_port"
found_free_port=1
break
else
#port already started, try a different port
counter=$((counter+ 1))
generate_port
fi
done
if [ $found_free_port = 0 ]
then
echo -e "Couldn't find free port for server"
do_cleanup
exit 1
fi
# get wolfssl ciphers
wolf_ciphers=`./examples/client/client -e`
# server should be ready, let's make sure
server_ready=0
while [ "$counter" -lt 20 ]; do
echo -e "waiting for openssl s_server ready..."
nc -z localhost $openssl_port
nc_result=$?
if [ $nc_result = 0 ]
then
echo -e "openssl s_server ready!"
server_ready=1
break
fi
sleep 0.1
counter=$((counter+ 1))
done
if [ $server_ready = 0 ]
then
echo -e "Couldn't verify openssl server is running, timeout error"
do_cleanup
exit 1
fi
OIFS=$IFS # store old seperator to reset
IFS=$'\:' # set delimiter
set -f # no globbing
wolf_versions=`./examples/client/client -V`
wolf_versions="$wolf_versions:4" #:4 will test without -v flag
wolf_temp_suites_total=0
wolf_temp_suites_tested=0
for version in $wolf_versions;
do
echo -e "version = $version"
# get openssl ciphers depending on version
case $version in "0")
openssl_ciphers=`openssl ciphers "SSLv3"`
sslv3_sup=$?
if [ $sslv3_sup != 0 ]
then
echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
testing_summary="$testing_summary SSLv3\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
continue
fi
;;
"1")
openssl_ciphers=`openssl ciphers "TLSv1"`
tlsv1_sup=$?
if [ $tlsv1_sup != 0 ]
then
echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
testing_summary="$testing_summary TLSv1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
continue
fi
;;
"2")
openssl_ciphers=`openssl ciphers "TLSv1.1"`
tlsv1_1_sup=$?
if [ $tlsv1_1_sup != 0 ]
then
echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
continue
fi
;;
"3")
openssl_ciphers=`openssl ciphers "TLSv1.2"`
tlsv1_2_sup=$?
if [ $tlsv1_2_sup != 0 ]
then
echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
testing_summary="$testing_summary TLSv1.2\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
continue
fi
;;
"4") #test all suites
openssl_ciphers=`openssl ciphers "ALL"`
all_sup=$?
if [ $all_sup != 0 ]
then
echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
testing_summary="$testing_summary ALL\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
continue
fi
;;
esac
for wolfSuite in $wolf_ciphers; do
echo -e "trying wolfSSL cipher suite $wolfSuite"
wolf_temp_suites_total=$((wolf_temp_suites_total + 1))
matchSuite=0;
case ":$openssl_ciphers:" in *":$wolfSuite:"*) # add extra : for edge cases
echo -e "Matched to OpenSSL suite support"
matchSuite=1;;
esac
if [ $matchSuite = 0 ]
then
echo -e "Couldn't match suite, continuing..."
continue
fi
# check for psk suite and turn on client psk if so
psk = ""
case $wolfSuite in
*PSK*)
psk="-s " ;;
esac
if [ $version -lt 4 ]
then
./examples/client/client -p $openssl_port -g -r -l $wolfSuite -v $version $psk
else
# do all versions
./examples/client/client -p $openssl_port -g -r -l $wolfSuite $psk
fi
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed! Suite = $wolfSuite version = $version"
do_cleanup
exit 1
fi
wolf_temp_suites_tested=$((wolf_temp_suites_tested+1))
done
wolf_suites_tested=$((wolf_temp_suites_tested+wolf_suites_tested))
wolf_suites_total=$((wolf_temp_suites_total+wolf_suites_total))
echo -e "wolfSSL suites tested with version:$version $wolf_temp_suites_tested"
version_name
testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_suites_total\t$wolf_temp_suites_tested\n"
wolf_temp_suites_total=0
wolf_temp_suites_tested=0
done
IFS=$OIFS #restore separator
kill -9 $server_pid
echo -e "wolfSSL total suites $wolf_suites_total"
echo -e "wolfSSL suites tested $wolf_suites_tested"
echo -e "\nSuccess!\n\n\n\n"
echo -e "$testing_summary"
exit 0

29
scripts/ping.test Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/sh
# ping.test
# defaults
server=www.wolfssl.com
tries=2
# populate args
if [ "$#" -gt 1 ]; then
tries=$2
fi
if [ "$#" -gt 0 ]; then
server=$1
fi
# determine os
OS="`uname`"
case $OS in
MINGW* | MSYS*) PINGSW=-n ;;
*) PINGSW=-c ;;
esac
# is our desired server there?
ping $PINGSW $tries $server
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 1
exit 0

123
scripts/pkcallbacks.test Executable file
View File

@@ -0,0 +1,123 @@
#!/bin/sh
#pkcallbacks.test
exit_code=1
counter=0
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
pk_port=0
#no_pid tells us process was never started if -1
no_pid=-1
#server_pid captured on startup, stores the id of the server process
server_pid=$no_pid
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_pk_ready$$
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
# trap this function so if user aborts with ^C or other kill signal we still
# get an exit that will in turn clean up the file system
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
exit_code=2 #different exit code in case of user interrupt
echo "got abort signal, exiting with $exit_code"
exit $exit_code
}
trap abort_trap INT TERM
# trap this function so that if we exit on an error the file system will still
# be restored and the other tests may still pass. Never call this function
# instead use "exit <some value>" and this function will run automatically
restore_file_system() {
remove_ready_file
}
trap restore_file_system EXIT
run_test() {
echo -e "\nStarting example server for pkcallbacks test...\n"
remove_ready_file
# starts the server on pk_port, -R generates ready file to be used as a
# mutex lock, -P does pkcallbacks. We capture the processid
# into the variable server_pid
./examples/server/server -P -R $ready_file -p $pk_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
exit 1
fi
# get created port 0 ephemeral port
pk_port=`cat $ready_file`
# starts client on pk_port with pkcallbacks, captures the output from client
capture_out=$(./examples/client/client -P -p $pk_port 2>&1)
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
if [ $server_result != 0 ]
then
echo -e "server failed!"
exit 1
fi
}
######### begin program #########
# run the test
run_test
# If we get to this, success
echo "Success!"
exit 0
########## end program ##########

152
scripts/psk.test Executable file
View File

@@ -0,0 +1,152 @@
#!/bin/sh
# psk.test
# copyright wolfSSL 2016
# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_psk_ready$$
echo "ready file $ready_file"
create_port() {
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
# get created port 0 ephemeral port
port=`cat $ready_file`
else
echo -e "NO ready file ending test..."
do_cleanup
fi
}
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
echo "got trap"
do_cleanup
exit -1
}
trap do_trap INT TERM
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# Usual psk server / psk client. This use case is tested in
# tests/unit.test and is used here for just checking if PSK is enabled
port=0
./examples/server/server -s -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -s -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
echo -e "\n\nPSK not enabled"
do_cleanup
exit 0
fi
echo ""
# client test against the server
###############################
# usual psk server / psk client
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -s -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nClient connection failed"
do_cleanup
exit 1
fi
echo ""
# Usual server / client. This use case is tested in
# tests/unit.test and is used here for just checking if cipher suite
# is available (one case for example is with disable-asn)
port=0
./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with choosen non PSK suites"
do_cleanup
exit 0
fi
echo ""
# psk server with non psk client
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nClient connection failed"
do_cleanup
exit 1
fi
echo ""
# check fail if no auth, psk server with non psk client
echo "Checking fail when not sending peer cert"
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -x -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nClient connected when supposed to fail"
do_cleanup
exit 1
fi
echo -e "\nALL Tests Passed"
exit 0

116
scripts/resume.test Executable file
View File

@@ -0,0 +1,116 @@
#!/bin/sh
#reusme.test
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
resume_string="reused"
ems_string="Extended\ Master\ Secret"
resume_port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_resume_ready$$
echo "ready file $ready_file"
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
echo "got trap"
do_cleanup
exit -1
}
do_test() {
echo -e "\nStarting example server for resume test...\n"
remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
do_cleanup
exit 1
fi
# get created port 0 ephemeral port
resume_port=`cat $ready_file`
capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo -e "client failed!"
exit 1
fi
case "$capture_out" in
*$resume_string*)
echo "resumed session" ;;
*)
echo "did NOT resume session as expected"
exit 1
;;
esac
}
trap do_trap INT TERM
do_test
# Check the client for the extended master secret disable option. If
# present we need to run the test twice.
options_check=`./examples/client/client -?`
case "$options_check" in
*$ems_string*)
echo -e "\nRepeating resume test without extended master secret..."
do_test -n ;;
*)
;;
esac
echo -e "\nSuccess!\n"
exit 0

13
scripts/sniffer-testsuite.test Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
#sniffer-testsuite.test
echo -e "\nStaring snifftest on testsuite.pcap...\n"
./sslSniffer/sslSnifferTest/snifftest ./scripts/testsuite.pcap ./certs/server-key.pem 127.0.0.1 11111
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1
echo -e "\nSuccess!\n"
exit 0

BIN
scripts/testsuite.pcap Normal file
View File

Binary file not shown.

286
scripts/trusted_peer.test Executable file
View File

@@ -0,0 +1,286 @@
#!/bin/sh
# trusted_peer.test
# copyright wolfSSL 2016
# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_tp_ready$$
# variables for certs so can use RSA or ECC
client_cert=`pwd`/certs/client-cert.pem
client_ca=`pwd`/certs/ca-cert.pem
client_key=`pwd`/certs/client-key.pem
ca_key=`pwd`/certs/ca-key.pem
server_cert=`pwd`/certs/server-cert.pem
server_key=`pwd`/certs/server-key.pem
combined_cert=`pwd`/certs/client_combined.pem
wrong_ca=`pwd`/certs/wolfssl-website-ca.pem
wrong_cert=`pwd`/certs/server-revoked-cert.pem
echo "ready file $ready_file"
create_port() {
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
# get created port 0 ephemeral port
port=`cat $ready_file`
else
echo -e "NO ready file ending test..."
do_cleanup
fi
}
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
echo "got trap"
do_cleanup
exit -1
}
trap do_trap INT TERM
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# Look for if RSA and/or ECC is enabled and adjust certs/keys
ciphers=`./examples/client/client -e`
if [[ $ciphers != *"RSA"* ]]; then
if [[ $ciphers == *"ECDSA"* ]]; then
client_cert=`pwd`/certs/client-ecc-cert.pem
client_ca=`pwd`/certs/server-ecc.pem
client_key=`pwd`/certs/ecc-client-key.pem
ca_key=`pwd`/certs/ecc-key.pem
server_cert=`pwd`/certs/server-ecc.pem
server_key=`pwd`/certs/ecc-key.pem
wrong_ca=`pwd`/certs/server-ecc-comp.pem
wrong_cert=`pwd`/certs/server-ecc-comp.pem
else
echo "configure options not set up for test. No RSA or ECC"
exit 0
fi
fi
# CRL list not set up for tests
crl_test=`./examples/client/client -h`
if [[ $crl_test == *"-C "* ]]; then
echo "test not set up to run with CRL"
exit 0
fi
# Test for trusted peer certs build
echo ""
echo "Checking built with trusted peer certs "
echo "-----------------------------------------------------"
port=0
remove_ready_file
./examples/server/server -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTrusted peer certs not enabled \"WOLFSSL_TRUST_PEER_CERT\""
do_cleanup
exit 0
fi
echo ""
# Test that using no CA's and only trusted peer certs works
echo "Server and Client relying on trusted peer cert loaded"
echo "-----------------------------------------------------"
port=0
./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $wrong_ca -E $server_cert -c $client_cert -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\nServer and Client trusted peer cert failed!"
do_cleanup
exit 1
fi
echo ""
# Test that using server trusted peer certs works
echo "Server relying on trusted peer cert loaded"
echo "-----------------------------------------------------"
port=0
./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -c $client_cert -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\nServer trusted peer cert test failed!"
do_cleanup
exit 1
fi
echo ""
# Test that using client trusted peer certs works
echo "Client relying on trusted peer cert loaded"
echo "-----------------------------------------------------"
port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $wrong_ca -E $server_cert -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\nClient trusted peer cert test failed!"
do_cleanup
exit 1
fi
echo ""
# Test that client fall through to CA works
echo "Client fall through to loaded CAs"
echo "-----------------------------------------------------"
port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -E $wrong_cert -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\nClient trusted peer cert fall through to CA test failed!"
do_cleanup
exit 1
fi
echo ""
# Test that client can fail
# check if using ECC client example is hard coded to load correct ECC ca so skip
if [[ $wrong_ca != *"ecc"* ]]; then
echo "Client wrong CA and wrong trusted peer cert loaded"
echo "-----------------------------------------------------"
port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $wrong_ca -E $wrong_cert -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\nClient trusted peer cert test failed!"
do_cleanup
exit 1
fi
echo ""
fi
# Test that server can fail
echo "Server wrong CA and wrong trusted peer cert loaded"
echo "-----------------------------------------------------"
port=0
./examples/server/server -A $wrong_ca -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\nServer trusted peer cert test failed!"
do_cleanup
exit 1
fi
echo ""
# Test that server fall through to CA works
echo "Server fall through to loaded CAs"
echo "-----------------------------------------------------"
port=0
./examples/server/server -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\nServer trusted peer cert fall through to CA test failed!"
do_cleanup
exit 1
fi
echo ""
# test loading multiple certs
echo "Server loading multiple trusted peer certs"
echo "Test two success cases and one fail case"
echo "-----------------------------------------------------"
port=0
cat $client_cert $client_ca > $combined_cert
./examples/server/server -i -A $wrong_ca -E $combined_cert -c $server_cert -k $server_key -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -A $client_ca -c $client_cert -k $client_key -p $port
RESULT=$?
if [ $RESULT -ne 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!"
do_cleanup
exit 1
fi
./examples/client/client -A $client_ca -c $client_ca -k $ca_key -p $port
RESULT=$?
if [ $RESULT -ne 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!"
do_cleanup
exit 1
fi
./examples/client/client -A $client_ca -c $wrong_cert -k $client_key -p $port
RESULT=$?
if [ $RESULT -eq 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!"
do_cleanup
exit 1
fi
do_cleanup # kill PID of server running in infinit loop
rm $combined_cert
remove_ready_file
echo ""
echo "-----------------------------------------------------"
echo "ALL TESTS PASSED"
echo "-----------------------------------------------------"
exit 0