forked from bozzzzo/sslkeylog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cyassl-test
executable file
·107 lines (88 loc) · 2.65 KB
/
cyassl-test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/bin/bash
# Run cyassl ciphers
# Example:
# dumpcap -f '(host ::1 or host 127.0.0.1) and tcp port 4430' -i lo -w cyassl-tcp.pcapng
# $0 premaster.txt
port=4430
SRCDIR=${SRCDIR:-.}
OBJDIR=${OBJDIR:-$SRCDIR}
# Program that should output supported ciphers, relative to $OBJDIR
CPROG=supported-ciphers
client=$OBJDIR/examples/client/client
server=$OBJDIR/examples/server/server
if [ -z "$1" ] || [[ $1 == -* ]]; then
cat <<USAGE
Usage: $0 premaster-output.txt [client and server options]
\$SRCDIR must contain cyassl sources (configured) if \$OBJDIR/$CPROG is
not available. \$OBJDIR should be the build directory of cyassl, containing
examples/{client/client,server/server} and $CPROG.
Current values:
OBJDIR=$OBJDIR
SRCDIR=$SRCDIR
USAGE
exit 1
fi
# Take absolute path because directory will be changed during test
keylogfile=$(readlink -f "$1"); shift
if [ ! -s "$OBJDIR/$CPROG" ]; then
if [ ! -e "$SRCDIR/src/internal.c" ]; then
echo "$SRCDIR/src/internal.c: not found"
exit 1
fi
# Program to display supported ciphers, tested with v2.8.4-25-g9fe165e
awk 'BEGIN{print "#include<cyassl/internal.h>";print "#include<stdio.h>"}
p{if(/}/)print 0;print;if(/}/)exit}/cipher_names/{print "char *p[]=";p=1}
END{print "int main(){char**c=p;while(*c)puts(*c++);return 0;}"}' \
"$SRCDIR/src/internal.c" > "$OBJDIR/$CPROG".c &&
make -C "$OBJDIR" CFLAGS="-I$SRCDIR \$(AM_CFLAGS)" "$CPROG" ||
exit 1
fi
run_tests() {
"$OBJDIR/$CPROG" | while read cipher; do
fail=false
opts=("$@")
case $cipher in
*-ECDSA-*)
cname=ecc
kname=ecc-key
;;
ECDH-RSA-*)
cname=ecc-rsa
kname=ecc-key
;;
PSK-*)
cname=
kname=
# test key is 1a2b3c4d
opts+=( -s )
;;
*)
cname=cert
kname=server-key
;;
esac
if [ -n "$cname" ]; then
opts+=( -c "certs/server-$cname.pem"
-k "certs/$kname.pem" )
fi
# Certs are relative to SRCDIR
cd "$SRCDIR"
# Start server with given cipher (key logging is done below)
SSLKEYLOGFILE= \
$server "${opts[@]}" -d -l $cipher & pid=$!
# give the server some time to start
sleep .1
echo .
# send a GET request
opts+=( -g )
SSLKEYLOGFILE=$keylogfile \
$client "${opts[@]}" -xd -l $cipher || fail=true
wait $pid || fail=true
if $fail; then
echo 'Server or client failed!'
exit
fi
done
}
run_tests -p $port "$@"
echo OK