wolfssl/scripts/tls13.test

#!/bin/sh

# tls13.test
# copyright wolfSSL 2016

# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_tls13_ready$$
client_file=/tmp/wolfssl_tls13_client$$

echo "ready file $ready_file"

create_port() {
    while [ ! -s $ready_file ]; do
        if [ "$counter" -gt 50 ]; then
            break
        fi
        echo -e "waiting for ready file..."
        sleep 0.1
        counter=$((counter+ 1))
    done

    if [ -e $ready_file ]; then
        echo -e "found ready file, starting client..."

        # get created port 0 ephemeral port
        port=`cat $ready_file`
    else
        echo -e "NO ready file ending test..."
        do_cleanup
    fi
}

remove_ready_file() {
    if [ -e $ready_file ]; then
        echo -e "removing existing ready file"
        rm $ready_file
    fi
}

do_cleanup() {
    echo "in cleanup"

    if  [ $server_pid != $no_pid ]
    then
        echo "killing server"
        kill -9 $server_pid
    fi
    remove_ready_file
    if [ -e $client_file ]; then
        echo -e "removing existing client file"
        rm $client_file
    fi
}

do_trap() {
    echo "got trap"
    do_cleanup
    exit -1
}

trap do_trap INT TERM

[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1

# Usual TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port | tee $client_file
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
    echo -e "\n\nTLS v1.3 not enabled"
    do_cleanup
    exit 1
fi
echo ""

# TLS 1.3 cipher suites server / client.
echo -e "\n\nTLS v1.3 cipher suite mismatch"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
    echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
    do_cleanup
    exit 1
fi
echo ""


./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
    # TLS 1.3 server / TLS 1.2 client.
    echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
    port=0
    ./examples/server/server -v 4 -R $ready_file -p $port &
    server_pid=$!
    create_port
    ./examples/client/client -v 3 -p $port
    RESULT=$?
    remove_ready_file
    if [ $RESULT -eq 0 ]; then
        echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
        do_cleanup
        exit 1
    fi
    echo ""

    # TLS 1.2 server / TLS 1.3 client.
    echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
    port=0
    ./examples/server/server -v 3 -R $ready_file -p $port &
    server_pid=$!
    create_port
    ./examples/client/client -v 4 -p $port
    RESULT=$?
    remove_ready_file
    if [ $RESULT -eq 0 ]; then
        echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
        do_cleanup
        exit 1
    fi
    echo ""
fi

echo -e "\nALL Tests Passed"

exit 0