151 lines
3.9 KiB
Bash
Executable file
151 lines
3.9 KiB
Bash
Executable file
#!/bin/bash
|
|
# Test WolfSSL/OpenSSL srtp interoperability
|
|
#
|
|
# TODO: add OpenSSL client with WolfSSL server
|
|
|
|
set -e
|
|
|
|
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
|
|
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
|
|
exit 0
|
|
fi
|
|
|
|
OPENSSL=${OPENSSL:="openssl"}
|
|
WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"}
|
|
|
|
# need a unique port since may run the same time as testsuite
|
|
generate_port() {
|
|
#-------------------------------------------------------------------------#
|
|
# Generate a random port number
|
|
#-------------------------------------------------------------------------#
|
|
|
|
if [[ "$OSTYPE" == "linux"* ]]; then
|
|
port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
|
|
elif [[ "$OSTYPE" == "darwin"* ]]; then
|
|
port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
|
|
else
|
|
echo "Unknown OS TYPE"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# get size of key material based on the profile
|
|
# $1 srtp profile
|
|
get_key_material_size() {
|
|
case "$1" in
|
|
"SRTP_AES128_CM_SHA1_80")
|
|
ekm_size=60 ;;
|
|
"SRTP_AES128_CM_SHA1_32")
|
|
ekm_size=60 ;;
|
|
"SRTP_NULL_SHA1_80")
|
|
ekm_size=28 ;;
|
|
"SRTP_NULL_SHA1_32")
|
|
ekm_size=27 ;;
|
|
"SRTP_AEAD_AES_128_GCM")
|
|
ekm_size=56;;
|
|
"SRTP_AEAD_AES_256_GCM")
|
|
ekm_size=88;;
|
|
*)
|
|
echo "SRTP profile $1 unsupported"
|
|
exit 1
|
|
esac
|
|
}
|
|
|
|
|
|
# Start an OpenSSL server dtls with srtp
|
|
# $1: dtsl version [1.0, 1.2]
|
|
# $2: srtp profile string
|
|
start_openssl_server() {
|
|
generate_port
|
|
server_port=$port
|
|
srtp_profile=$2
|
|
|
|
if [ "$1" = "1.0" ]; then
|
|
dtls_version=dtls1
|
|
elif [ "$1" = "1.2" ]; then
|
|
dtls_version=dtls1_2
|
|
fi
|
|
|
|
get_key_material_size "$srtp_profile"
|
|
|
|
server_output_file=/tmp/openssl_srtp_out
|
|
|
|
# hackish but OpenSSL doesn't work if input is fed before handshaking and
|
|
# the wolfSSL client needs a reply to stop
|
|
(sleep 1;echo -n "I hear you fa shizzle...") | \
|
|
${OPENSSL} s_server \
|
|
-${dtls_version} \
|
|
-port ${server_port} \
|
|
-debug \
|
|
-use_srtp ${srtp_profile} \
|
|
-keymatexport EXTRACTOR-dtls_srtp \
|
|
-keymatexportlen $ekm_size \
|
|
-cert ./certs/server-cert.pem \
|
|
-key ./certs/server-key.pem >$server_output_file &
|
|
|
|
# make sure the server is up
|
|
sleep 0.1
|
|
}
|
|
|
|
# Start an wolfssl client dtls with srtp
|
|
# $1: dtsl version [1.0, 1.2]
|
|
# $2: srtp profile string
|
|
start_wolfssl_client() {
|
|
srtp_profile=$2
|
|
|
|
if [ "$1" = "1.0" ]; then
|
|
dtls_version=2
|
|
elif [ "$1" = "1.2" ]; then
|
|
dtls_version=3
|
|
fi
|
|
|
|
client_output_file=/tmp/wolfssl_srtp_out
|
|
${WOLFSSL_CLIENT} -u\
|
|
-x \
|
|
-v${dtls_version} \
|
|
--srtp ${srtp_profile} \
|
|
-p${server_port} >$client_output_file
|
|
}
|
|
|
|
# $1 openssl file
|
|
# $2 wolfssl file
|
|
check_ekm() {
|
|
openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2)
|
|
echo "OPENSSL EKM: $openssl_ekm"
|
|
wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3)
|
|
echo "WOLFSSL EKM: $wolfssl_ekm"
|
|
|
|
if [ "$openssl_ekm" = "$wolfssl_ekm" ];then
|
|
check_ret=0
|
|
else
|
|
check_ret=1
|
|
fi
|
|
}
|
|
|
|
# $1 dtsl version
|
|
# $2 srtp profile
|
|
check_dtls_srtp() {
|
|
start_openssl_server $1 $2
|
|
start_wolfssl_client $1 $2
|
|
check_ekm $server_output_file $client_output_file
|
|
echo -n "check dtls $1 $2... "
|
|
if [ $check_ret -ne 0 ];then
|
|
echo "failed"
|
|
exit 1
|
|
else
|
|
echo "ok"
|
|
fi
|
|
}
|
|
|
|
# SRTP_NULL_SHA1_80" and SRTP_NULL_SHA1_32 aren't supported by OpenSSL
|
|
PROFILES="SRTP_AES128_CM_SHA1_80 \
|
|
SRTP_AES128_CM_SHA1_32 \
|
|
SRTP_AEAD_AES_128_GCM \
|
|
SRTP_AEAD_AES_256_GCM"
|
|
|
|
for DTLS in 1.0 1.2;do
|
|
for SRTP_PROF in $PROFILES;do
|
|
check_dtls_srtp $DTLS $SRTP_PROF
|
|
done
|
|
done
|