summaryrefslogtreecommitdiff
path: root/bitmask_android/openssl/android.testssl/testssl
blob: 3f24b1d0a7295c7809d6a5c87b9b6ce21315dbef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/bin/sh

if [ "$1" = "" ]; then
  key=../apps/server.pem
else
  key="$1"
fi
if [ "$2" = "" ]; then
  cert=../apps/server.pem
else
  cert="$2"
fi
ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"

if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  dsa_cert=YES
else
  dsa_cert=NO
fi

if [ "$3" = "" ]; then
  CA="-CApath ../certs"
else
  CA="-CAfile $3"
fi

if [ "$4" = "" ]; then
  extra=""
else
  extra="$4"
fi

#############################################################################

echo test sslv2
$ssltest -ssl2 $extra || exit 1

echo test sslv2 with server authentication
$ssltest -ssl2 -server_auth $CA $extra || exit 1

if [ $dsa_cert = NO ]; then
  echo test sslv2 with client authentication
  $ssltest -ssl2 -client_auth $CA $extra || exit 1

  echo test sslv2 with both client and server authentication
  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
fi

echo test sslv3
$ssltest -ssl3 $extra || exit 1

echo test sslv3 with server authentication
$ssltest -ssl3 -server_auth $CA $extra || exit 1

echo test sslv3 with client authentication
$ssltest -ssl3 -client_auth $CA $extra || exit 1

echo test sslv3 with both client and server authentication
$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3
$ssltest $extra || exit 1

echo test sslv2/sslv3 with server authentication
$ssltest -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication
$ssltest -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication
$ssltest -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication and small client buffers
$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication and small server buffers
$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1

echo test sslv2 via BIO pair
$ssltest -bio_pair -ssl2 $extra || exit 1

echo test sslv2 with server authentication via BIO pair
$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1

if [ $dsa_cert = NO ]; then
  echo test sslv2 with client authentication via BIO pair
  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1

  echo test sslv2 with both client and server authentication via BIO pair
  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
fi

echo test sslv3 via BIO pair
$ssltest -bio_pair -ssl3 $extra || exit 1

echo test sslv3 with server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1

echo test sslv3 with client authentication via BIO pair
$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1

echo test sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1

if [ $dsa_cert = NO ]; then
  echo test sslv2/sslv3 w/o DHE via BIO pair
  $ssltest -bio_pair -no_dhe $extra || exit 1
fi

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

#############################################################################

if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
  echo skipping anonymous DH tests
else
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi

if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
  echo skipping RSA tests
else
  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -num 10 -f -time $extra || exit 1

  if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
    echo skipping RSA+DHE tests
  else
    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
    adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  fi
fi

echo test tls1 with PSK
$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1

echo test tls1 with PSK via BIO pair
$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1

exit 0