Add server/client tools for testing ciphers

author: Peter Wu <lekensteyn@gmail.com> 2013-09-15 16:22:54 +0200
committer: Peter Wu <lekensteyn@gmail.com> 2013-09-15 16:22:54 +0200
commit: b299a016090248fd4220558d5fcd75516dcd5351 (patch)
tree: 029812501009c373561a9291ed5010a21333fc06 /openssl-listen
parent: ccf0451930c1335c894af246ba53c3e215549a96 (diff)
download: wireshark-notes-b299a016090248fd4220558d5fcd75516dcd5351.tar.gz
1 files changed, 104 insertions, 0 deletions
diff --git a/openssl-listen b/openssl-listen
new file mode 100755
index 0000000..f4cf984
--- /dev/null
+++ b/openssl-listen
@@ -0,0 +1,104 @@
+#!/bin/bash
+# Set-up OpenSSL servers with test keys for EC, DSA and RSA.
+# Author: Peter Wu <lekensteyn@gmail.com>
+
+rsa_prv=server.pem
+rsa_pub=server.crt
+dsa_prv=dsa.pem
+dsa_pub=dsa.crt
+ecc_prv=secp384r1.pem
+ecc_pub=secp384r1.crt
+
+pkdir=$1
+portbase=${2:-4430}
+
+if [ -z "$pkdir" ]; then
+    cat <<EOF
+Usage: $0 path-to-certsdir [port base]"
+openssl s_client will listen on three ports,
+starting at 'port base' (default 4430)
+EOF
+    exit 1
+fi
+[[ $pkdir == */ ]] || pkdir+=/
+
+if ! mkdir -p "$pkdir"; then
+    echo "Could not create directory $pkdir" >&2
+    exit 1
+fi
+
+pids=()
+
+gen_pk() {
+    local type keyfile crtfile
+    type=$1
+    keyfile=$2
+    crtfile=$3
+
+    case $type in
+    RSA)
+        openssl genrsa -out "$keyfile"
+        ;;
+    DSS)
+        openssl dsaparam 1024 | openssl gendsa /dev/stdin -out "$keyfile"
+        ;;
+    ECDH|ECDSA)
+        openssl ecparam -name prime192v1 -out "$keyfile" -genkey
+        ;;
+    *)
+        echo "Invalid cert type $type" >&2
+        return 1
+    esac
+    openssl req -new -key "$keyfile" -x509 -days 3650 -out "$crtfile" -subj "/CN=Test Certificate $type"
+}
+
+start_server() {
+    local keyfile crtfile port auth
+    auth=$1
+
+    case $auth in
+    RSA)
+        crtfile=$rsa_pub
+        keyfile=$rsa_prv
+        port=$portbase
+        ;;
+    ECDH|ECDSA)
+        crtfile=$ecc_pub
+        keyfile=$ecc_prv
+        port=$((portbase+1))
+        ;;
+    DSS)
+        crtfile=$dsa_pub
+        keyfile=$dsa_prv
+        port=$((portbase+2))
+        ;;
+    *)
+        echo "Invalid cert type $auth" >&2
+        return 1
+        ;;
+    esac
+
+    if [ ! -e "$pkdir$crtfile" ]; then
+        gen_pk "$auth" "$pkdir$keyfile" "$pkdir$crtfile" || return 1
+    fi
+
+    openssl s_server -accept $port \
+        -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www &
+    pids+=($!)
+}
+
+cleanup() {
+    if [ ${#pids[@]} -gt 0 ]; then
+        echo "Killing: ${pids[*]}"
+        kill "${pids[@]}"
+    fi
+}
+trap cleanup EXIT
+
+for auth in RSA ECDH DSS; do
+    start_server $auth
+done
+
+wait
+
+# vim: set et sw=4 ts=4:
author	Peter Wu <lekensteyn@gmail.com>	2013-09-15 16:22:54 +0200
committer	Peter Wu <lekensteyn@gmail.com>	2013-09-15 16:22:54 +0200
commit	b299a016090248fd4220558d5fcd75516dcd5351 (patch)
tree	029812501009c373561a9291ed5010a21333fc06 /openssl-listen
parent	ccf0451930c1335c894af246ba53c3e215549a96 (diff)
download	wireshark-notes-b299a016090248fd4220558d5fcd75516dcd5351.tar.gz