android.testssl/testssl - platform/external/openssl - Git at Google

 #!/bin/sh

 if [ "$1" = "" ]; then
   key=../apps/server.pem
 else
   key="$1"
 fi
 if [ "$2" = "" ]; then
   cert=../apps/server.pem
 else
   cert="$2"
 fi
 ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"

 if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
   dsa_cert=YES
 else
   dsa_cert=NO
 fi

 if [ "$3" = "" ]; then
   CA="-CApath ../certs"
 else
   CA="-CAfile $3"
 fi

 if [ "$4" = "" ]; then
   extra=""
 else
   extra="$4"
 fi

 #############################################################################

 echo test sslv2
 $ssltest -ssl2 $extra || exit 1

 echo test sslv2 with server authentication
 $ssltest -ssl2 -server_auth $CA $extra || exit 1

 if [ $dsa_cert = NO ]; then
   echo test sslv2 with client authentication
   $ssltest -ssl2 -client_auth $CA $extra || exit 1

   echo test sslv2 with both client and server authentication
   $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
 fi

 echo test sslv3
 $ssltest -ssl3 $extra || exit 1

 echo test sslv3 with server authentication
 $ssltest -ssl3 -server_auth $CA $extra || exit 1

 echo test sslv3 with client authentication
 $ssltest -ssl3 -client_auth $CA $extra || exit 1

 echo test sslv3 with both client and server authentication
 $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3
 $ssltest $extra || exit 1

 echo test sslv2/sslv3 with server authentication
 $ssltest -server_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with client authentication
 $ssltest -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with both client and server authentication
 $ssltest -server_auth -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
 $ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1

 echo test sslv2 via BIO pair
 $ssltest -bio_pair -ssl2 $extra || exit 1

 echo test sslv2 with server authentication via BIO pair
 $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1

 if [ $dsa_cert = NO ]; then
   echo test sslv2 with client authentication via BIO pair
   $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1

   echo test sslv2 with both client and server authentication via BIO pair
   $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
 fi

 echo test sslv3 via BIO pair
 $ssltest -bio_pair -ssl3 $extra || exit 1

 echo test sslv3 with server authentication via BIO pair
 $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1

 echo test sslv3 with client authentication via BIO pair
 $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1

 echo test sslv3 with both client and server authentication via BIO pair
 $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3 via BIO pair
 $ssltest $extra || exit 1

 if [ $dsa_cert = NO ]; then
   echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
   $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
 fi

 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
 $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

 echo test sslv2/sslv3 with server authentication
 $ssltest -bio_pair -server_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with client authentication via BIO pair
 $ssltest -bio_pair -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with both client and server authentication via BIO pair
 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

 echo "Testing ciphersuites"
 for protocol in TLSv1.2 SSLv3; do
   echo "Testing ciphersuites for $protocol"
   for cipher in `adb shell /system/bin/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
     echo "Testing $cipher"
     prot=""
     if [ $protocol = "SSLv3" ] ; then
       prot="-ssl3"
     fi
     $ssltest -cipher $cipher $prot
     if [ $? -ne 0 ] ; then
 	  echo "Failed $cipher"
 	  exit 1
     fi
   done
 done

 #############################################################################

 if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
   echo skipping anonymous DH tests
 else
   echo test tls1 with 1024bit anonymous DH, multiple handshakes
   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
 fi

 if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
   echo skipping RSA tests
 else
   echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
   adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1

   if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
     echo skipping RSA+DHE tests
   else
     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
     adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
   fi
 fi

 echo test tls1 with PSK
 $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1

 echo test tls1 with PSK via BIO pair
 $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1

 if adb shell /system/bin/openssl no-srp; then
   echo skipping SRP tests
 else
   echo test tls1 with SRP
   $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123

   echo test tls1 with SRP via BIO pair
   $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
 fi

 exit 0
	#!/bin/sh

	if [ "$1" = "" ]; then
	key=../apps/server.pem
	else
	key="$1"
	fi
	if [ "$2" = "" ]; then
	cert=../apps/server.pem
	else
	cert="$2"
	fi
	ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"

	if adb shell /system/bin/openssl x509 -in $cert -text -noout \| fgrep 'DSA Public Key' >/dev/null; then
	dsa_cert=YES
	else
	dsa_cert=NO
	fi

	if [ "$3" = "" ]; then
	CA="-CApath ../certs"
	else
	CA="-CAfile $3"
	fi

	if [ "$4" = "" ]; then
	extra=""
	else
	extra="$4"
	fi

	#############################################################################

	echo test sslv2
	$ssltest -ssl2 $extra \|\| exit 1

	echo test sslv2 with server authentication
	$ssltest -ssl2 -server_auth $CA $extra \|\| exit 1

	if [ $dsa_cert = NO ]; then
	echo test sslv2 with client authentication
	$ssltest -ssl2 -client_auth $CA $extra \|\| exit 1

	echo test sslv2 with both client and server authentication
	$ssltest -ssl2 -server_auth -client_auth $CA $extra \|\| exit 1
	fi

	echo test sslv3
	$ssltest -ssl3 $extra \|\| exit 1

	echo test sslv3 with server authentication
	$ssltest -ssl3 -server_auth $CA $extra \|\| exit 1

	echo test sslv3 with client authentication
	$ssltest -ssl3 -client_auth $CA $extra \|\| exit 1

	echo test sslv3 with both client and server authentication
	$ssltest -ssl3 -server_auth -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3
	$ssltest $extra \|\| exit 1

	echo test sslv2/sslv3 with server authentication
	$ssltest -server_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with client authentication
	$ssltest -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with both client and server authentication
	$ssltest -server_auth -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
	$ssltest -server_auth -client_auth -cutthrough $CA $extra \|\| exit 1

	echo test sslv2 via BIO pair
	$ssltest -bio_pair -ssl2 $extra \|\| exit 1

	echo test sslv2 with server authentication via BIO pair
	$ssltest -bio_pair -ssl2 -server_auth $CA $extra \|\| exit 1

	if [ $dsa_cert = NO ]; then
	echo test sslv2 with client authentication via BIO pair
	$ssltest -bio_pair -ssl2 -client_auth $CA $extra \|\| exit 1

	echo test sslv2 with both client and server authentication via BIO pair
	$ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra \|\| exit 1
	fi

	echo test sslv3 via BIO pair
	$ssltest -bio_pair -ssl3 $extra \|\| exit 1

	echo test sslv3 with server authentication via BIO pair
	$ssltest -bio_pair -ssl3 -server_auth $CA $extra \|\| exit 1

	echo test sslv3 with client authentication via BIO pair
	$ssltest -bio_pair -ssl3 -client_auth $CA $extra \|\| exit 1

	echo test sslv3 with both client and server authentication via BIO pair
	$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 via BIO pair
	$ssltest $extra \|\| exit 1

	if [ $dsa_cert = NO ]; then
	echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
	$ssltest -bio_pair -no_dhe -no_ecdhe $extra \|\| exit 1
	fi

	echo test sslv2/sslv3 with 1024bit DHE via BIO pair
	$ssltest -bio_pair -dhe1024dsa -v $extra \|\| exit 1

	echo test sslv2/sslv3 with server authentication
	$ssltest -bio_pair -server_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with client authentication via BIO pair
	$ssltest -bio_pair -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with both client and server authentication via BIO pair
	$ssltest -bio_pair -server_auth -client_auth $CA $extra \|\| exit 1

	echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
	$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra \|\| exit 1

	echo "Testing ciphersuites"
	for protocol in TLSv1.2 SSLv3; do
	echo "Testing ciphersuites for $protocol"
	for cipher in `adb shell /system/bin/openssl ciphers "RSA+$protocol" \| tr ':' ' '`; do
	echo "Testing $cipher"
	prot=""
	if [ $protocol = "SSLv3" ] ; then
	prot="-ssl3"
	fi
	$ssltest -cipher $cipher $prot
	if [ $? -ne 0 ] ; then
	echo "Failed $cipher"
	exit 1
	fi
	done
	done

	#############################################################################

	if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
	echo skipping anonymous DH tests
	else
	echo test tls1 with 1024bit anonymous DH, multiple handshakes
	$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra \|\| exit 1
	fi

	if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
	echo skipping RSA tests
	else
	echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
	adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra \|\| exit 1

	if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
	echo skipping RSA+DHE tests
	else
	echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
	adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra \|\| exit 1
	fi
	fi

	echo test tls1 with PSK
	$ssltest -tls1 -cipher PSK -psk abc123 $extra \|\| exit 1

	echo test tls1 with PSK via BIO pair
	$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra \|\| exit 1

	if adb shell /system/bin/openssl no-srp; then
	echo skipping SRP tests
	else
	echo test tls1 with SRP
	$ssltest -tls1 -cipher SRP -srpuser test -srppass abc123

	echo test tls1 with SRP via BIO pair
	$ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
	fi

	exit 0