From 22acd0f9d1b8f7af840ba77a7ebdb927e56b7101 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Fri, 6 Dec 2013 12:41:31 +0100 Subject: cyassl-test: test ciphers supported by CyaSSL --- cyassl-test | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ notes.txt | 8 +++++ 2 files changed, 115 insertions(+) create mode 100755 cyassl-test diff --git a/cyassl-test b/cyassl-test new file mode 100755 index 0000000..4ab097a --- /dev/null +++ b/cyassl-test @@ -0,0 +1,107 @@ +#!/bin/bash +# Run cyassl ciphers +# Example: +# dumpcap -f '(host ::1 or host 127.0.0.1) and tcp port 4430' -i lo -w cyassl-tcp.pcapng +# $0 premaster.txt + +port=4430 +SRCDIR=${SRCDIR:-.} +OBJDIR=${OBJDIR:-$SRCDIR} +# Program that should output supported ciphers, relative to $OBJDIR +CPROG=supported-ciphers + +client=$OBJDIR/examples/client/client +server=$OBJDIR/examples/server/server + +if [ -z "$1" ] || [[ $1 == -* ]]; then + cat <";print "#include"} + p{if(/}/)print 0;print;if(/}/)exit}/cipher_names/{print "char *p[]=";p=1} + END{print "int main(){char**c=p;while(*c)puts(*c++);return 0;}"}' \ + "$SRCDIR/src/internal.c" > "$OBJDIR/$CPROG".c && + make -C "$OBJDIR" CFLAGS="-I$SRCDIR \$(AM_CFLAGS)" "$CPROG" || +exit 1 +fi + +run_tests() { + "$OBJDIR/$CPROG" | while read cipher; do + fail=false + opts=("$@") + + case $cipher in + *-ECDSA-*) + cname=ecc + kname=ecc-key + ;; + ECDH-RSA-*) + cname=ecc-rsa + kname=ecc-key + ;; + PSK-*) + cname= + kname= + # test key is 1a2b3c4d + opts+=( -s ) + ;; + *) + cname=cert + kname=server-key + ;; + esac + + if [ -n "$cname" ]; then + opts+=( -c "certs/server-$cname.pem" + -k "certs/$kname.pem" ) + fi + + # Certs are relative to SRCDIR + cd "$SRCDIR" + + # Start server with given cipher (key logging is done below) + SSLKEYLOGFILE= \ + $server "${opts[@]}" -d -l $cipher & pid=$! + + # give the server some time to start + sleep .1 + echo . + + # send a GET request + opts+=( -g ) + + SSLKEYLOGFILE=$keylogfile \ + $client "${opts[@]}" -xd -l $cipher || fail=true + wait $pid || fail=true + + if $fail; then + echo 'Server or client failed!' + exit + fi + done +} + +run_tests -p $port "$@" + +echo OK diff --git a/notes.txt b/notes.txt index 9e4d70f..330ed41 100644 --- a/notes.txt +++ b/notes.txt @@ -23,6 +23,14 @@ autoreconf -fiv make examples/server/server -p 4433 SSLKEYLOGFILE=premaster.txt examples/client/client -l AES256-SHA -p 4433 +see also cyassl-test (in this repo) for testing all supported ciphers +# Show a list of cipher suites from ClientHello and the HTTP version (or the +# number of the ClientHello if decryption failed). +/tmp/wsbuild/tshark -r cyassl-tcp.pcapng.gz -ohttp.ssl.port:4430 \ + -ossl.keylog_file:premaster.txt -ossl.psk:1a2b3c4d -Tfields -e frame.number \ + -e ssl.handshake.ciphersuite -e http.request.version \ + -Y not\ ssl.handshake.type==2 | + awk '$2~/0x/{if(n)print n;printf("%s ",$2);n=$1}$2=="HTTP/1.0"{print $2;n=""}' # find which suites are not supported yet (unsupported.txt) awk -vsrc=/tmp/wireshark/epan/dissectors/packet-ssl-utils.c -F'[ {,]+' 'BEGIN{while(getline