1#!/bin/sh
2
3if [ "$1" = "" ]; then
4  key=../apps/server.pem
5else
6  key="$1"
7fi
8if [ "$2" = "" ]; then
9  cert=../apps/server.pem
10else
11  cert="$2"
12fi
13ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16  dsa_cert=YES
17else
18  dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22  CA="-CApath ../certs"
23else
24  CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28  extra=""
29else
30  extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42  echo test sslv2 with client authentication
43  $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45  echo test sslv2 with both client and server authentication
46  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2/sslv3 with both client and server authentication and small client buffers
74$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1
75
76echo test sslv2/sslv3 with both client and server authentication and small server buffers
77$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1
78
79echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
80$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
81
82echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
83$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
84
85echo test sslv2 via BIO pair
86$ssltest -bio_pair -ssl2 $extra || exit 1
87
88echo test sslv2 with server authentication via BIO pair
89$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
90
91if [ $dsa_cert = NO ]; then
92  echo test sslv2 with client authentication via BIO pair
93  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
94
95  echo test sslv2 with both client and server authentication via BIO pair
96  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
97fi
98
99echo test sslv3 via BIO pair
100$ssltest -bio_pair -ssl3 $extra || exit 1
101
102echo test sslv3 with server authentication via BIO pair
103$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
104
105echo test sslv3 with client authentication via BIO pair
106$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
107
108echo test sslv3 with both client and server authentication via BIO pair
109$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
110
111echo test sslv2/sslv3 via BIO pair
112$ssltest $extra || exit 1
113
114if [ $dsa_cert = NO ]; then
115  echo test sslv2/sslv3 w/o DHE via BIO pair
116  $ssltest -bio_pair -no_dhe $extra || exit 1
117fi
118
119echo test sslv2/sslv3 with 1024bit DHE via BIO pair
120$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
121
122echo test sslv2/sslv3 with server authentication
123$ssltest -bio_pair -server_auth $CA $extra || exit 1
124
125echo test sslv2/sslv3 with client authentication via BIO pair
126$ssltest -bio_pair -client_auth $CA $extra || exit 1
127
128echo test sslv2/sslv3 with both client and server authentication via BIO pair
129$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
130
131echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
132$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
133
134#############################################################################
135
136if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
137  echo skipping anonymous DH tests
138else
139  echo test tls1 with 1024bit anonymous DH, multiple handshakes
140  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
141fi
142
143if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
144  echo skipping RSA tests
145else
146  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
147  adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
148
149  if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
150    echo skipping RSA+DHE tests
151  else
152    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
153    adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
154  fi
155fi
156
157echo test tls1 with PSK
158$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
159
160echo test tls1 with PSK via BIO pair
161$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
162
163exit 0
164