|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# rsapss.test |
| 4 | + |
| 5 | +if ! ./examples/client/client -V | grep -q 4; then |
| 6 | + echo "skipping because TLS 1.3 not enabled in this build" |
| 7 | + exit 0 |
| 8 | +fi |
| 9 | +if ! grep -q -- -DWC_RSA_PSS config.log 2>/dev/null; then |
| 10 | + echo "skipping because WC_RSA_PSS not enabled in this build" |
| 11 | + exit 0 |
| 12 | +fi |
| 13 | +if ! grep -q -- '-DHAVE_ECC\>' config.log 2>/dev/null; then |
| 14 | + echo "skipping because HAVE_ECC not enabled in this build" |
| 15 | + exit 0 |
| 16 | +fi |
| 17 | +if grep -q -- '-DNO_CODING' config.log 2>/dev/null; then |
| 18 | + echo "skipping because NO_CODING is defined in this build" |
| 19 | + exit 0 |
| 20 | +fi |
| 21 | + |
| 22 | +CERT_DIR="$PWD/$(dirname "$0")/../certs" |
| 23 | +if [ "$OPENSSL" = "" ]; then |
| 24 | + OPENSSL=openssl |
| 25 | +fi |
| 26 | + |
| 27 | +# if we can, isolate the network namespace to eliminate port collisions. |
| 28 | +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then |
| 29 | + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then |
| 30 | + export NETWORK_UNSHARE_HELPER_CALLED=yes |
| 31 | + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? |
| 32 | + fi |
| 33 | +elif [ "${AM_BWRAPPED-}" != "yes" ]; then |
| 34 | + bwrap_path="$(command -v bwrap)" |
| 35 | + if [ -n "$bwrap_path" ]; then |
| 36 | + export AM_BWRAPPED=yes |
| 37 | + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" |
| 38 | + fi |
| 39 | + unset AM_BWRAPPED |
| 40 | +fi |
| 41 | + |
| 42 | +# need a unique port since may run the same time as testsuite |
| 43 | +generate_port() { |
| 44 | + #-------------------------------------------------------------------------# |
| 45 | + # Generate a random port number |
| 46 | + #-------------------------------------------------------------------------# |
| 47 | + |
| 48 | + if [[ "$OSTYPE" == "linux"* ]]; then |
| 49 | + port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) |
| 50 | + elif [[ "$OSTYPE" == "darwin"* ]]; then |
| 51 | + port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) |
| 52 | + else |
| 53 | + echo "skipping due to unsupported OS" |
| 54 | + exit 0 |
| 55 | + fi |
| 56 | +} |
| 57 | + |
| 58 | +WOLFSSL_SERVER=./examples/server/server |
| 59 | + |
| 60 | +start_wolfssl_server() { |
| 61 | + generate_port |
| 62 | + server_port=$port |
| 63 | + $WOLFSSL_SERVER -p $server_port -v 4 -c $CERT_DIR/rsapss/server-rsapss.pem -k $CERT_DIR/rsapss/server-rsapss-priv.pem -A $CERT_DIR/rsapss/root-rsapss.pem -d & |
| 64 | +} |
| 65 | + |
| 66 | +# |
| 67 | +# Run OpenSSL client against wolfSSL server |
| 68 | +# |
| 69 | +do_openssl_client() { |
| 70 | + echo "test connection" | $OPENSSL s_client -connect 127.0.0.1:$server_port -cert $CERT_DIR/rsapss/client-rsapss.pem -key $CERT_DIR/rsapss/client-rsapss-priv.pem -CAfile $CERT_DIR/rsapss/root-rsapss.pem > rsapss.test.log |
| 71 | + result=$? |
| 72 | + cat rsapss.test.log |
| 73 | + if [ $result != 0 ] |
| 74 | + then |
| 75 | + echo "$OPENSSL s_client command failed" |
| 76 | + exit 1 |
| 77 | + fi |
| 78 | + grep -q "Peer signature type:.*rsa_pss_rsae_sha256" rsapss.test.log |
| 79 | + result=$? |
| 80 | + rm -f rsapss.test.log |
| 81 | + if [ $result == 0 ] |
| 82 | + then |
| 83 | + echo "Test failed: Peer signature type identified as rsa_pss_rsae_sha256" |
| 84 | + exit 1 |
| 85 | + fi |
| 86 | +} |
| 87 | + |
| 88 | +start_wolfssl_server |
| 89 | +sleep 1 |
| 90 | +do_openssl_client |
| 91 | +echo -e "\nSuccess!\n\n" |
| 92 | +exit 0 |
0 commit comments