-
Notifications
You must be signed in to change notification settings - Fork 1
/
test.sh
139 lines (111 loc) · 4.19 KB
/
test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/usr/bin/env bash
#set -exo pipefail
rpm -q crypto-policies-scripts liboqs openssl oqsprovider
update-crypto-policies --show | grep TEST-PQ
openssl list -providers | grep 'name: OpenSSL OQS Provider'
# Function to start openssl s_server and return its PID
function start_s_server {
local key=$1
local cert=$2
local port=$3
# Start openssl s_server in the background and capture its PID
openssl s_server -key "$key" -cert "$cert" -accept "$port" > /dev/null 2>&1 &
s_server_pid=$!
echo $s_server_pid
}
# Function to stop the openssl s_server process
function stop_s_server {
local pid=$1
# Kill the openssl s_server process
if [ -n "$pid" ]; then
kill "$pid" 2>/dev/null || true
# Wait for the process to terminate
wait "$pid" 2>/dev/null || true
else
echo "No PID provided or PID is empty."
fi
}
# Function to run openssl s_client and grep for a pattern, then terminate the process
function run_s_client_and_grep {
local group=$1
local host=$2
local port=$3
local pattern=$4
local found=0 # Flag to check if the pattern was found
# Run openssl s_client in the background, redirecting output to a temporary file
tmpfile=$(mktemp)
timeout 10s openssl s_client ${group} -connect ${host}:${port} -trace > "$tmpfile" 2>&1 &
s_client_pid=$!
echo "Running s_client on ${host}:${port}, searching for pattern: '${pattern}'"
# Monitor the output file for the pattern
while read -r line; do
echo "$line" | grep -q "$pattern"
if [ $? -eq 0 ]; then
echo "Pattern '${pattern}' found, terminating openssl s_client."
found=1
kill "$s_client_pid" 2>/dev/null || true
break
fi
done < <(timeout 15s tail -f "$tmpfile") # Process substitution to avoid subshell issues
# Wait for the s_client process to exit
wait "$s_client_pid" 2>/dev/null || true
# If the pattern was not found, print an error message
if [ $found -eq 0 ]; then
echo "Error: Pattern '${pattern}' not found within the timeout period."
return 1
fi
# Cleanup
rm -f "$tmpfile"
}
# OpenSSL client and server tests
# Start the server
echo "Starting openssl s_server..."
s_server_pid=$(start_s_server "root.key" "root.crt" 4433)
echo "Server started with PID $s_server_pid"
# Give the server some time to start (if needed)
sleep 5
# TEST 1: Default connection to X25519-KYBER768
run_s_client_and_grep "" "localhost" "4433" "NamedGroup: X25519Kyber768Draft00 (25497)"
# Stop the server
echo "Stopping openssl s_server with PID $s_server_pid..."
stop_s_server "$s_server_pid"
echo "Server stopped."
# Start the server
echo "Starting openssl s_server..."
s_server_pid=$(start_s_server "root.key" "root.crt" 4433)
echo "Server started with PID $s_server_pid"
# Give the server some time to start (if needed)
sleep 5
# TEST 2: Specify the group explicitly
run_s_client_and_grep "-groups p256_kyber768" "localhost" "4433" "NamedGroup: SecP256r1Kyber768Draft00 (25498)"
# Stop the server
echo "Stopping openssl s_server with PID $s_server_pid..."
stop_s_server "$s_server_pid"
echo "Server stopped."
# TEST 3: Tests with the external server
run_s_client_and_grep "" "test.openquantumsafe.org" "6042" "CONNECTED(00000003)"
run_s_client_and_grep "" "test.openquantumsafe.org" "6042" "NamedGroup: SecP256r1Kyber768Draft00 (25498)"
run_s_client_and_grep "" "test.openquantumsafe.org" "6044" "CONNECTED(00000003)"
run_s_client_and_grep "" "test.openquantumsafe.org" "6044" "NamedGroup: X25519Kyber768Draft00 (25497)"
# TEST 4: Tests with the nginx server
# Path to the nginx.conf file
nginx_conf="/etc/nginx/nginx.conf"
# Uncomment the section under "Settings for a TLS enabled server"
sed -i '/# Settings for a TLS enabled server/ {
n
:a
s/^#//
n
/^\s*}/!ba
}' "$nginx_conf"
nginx
run_s_client_and_grep "" "localhost" "443" "NamedGroup: X25519Kyber768Draft00 (25497)"
run_s_client_and_grep "" "localhost" "443" "CONNECTED(00000003)"
# TEST 5: Tests with curl
# Execute curl command and capture the exit status
curl --cacert root.crt https://localhost:443/ -o /dev/null
if [ $? -eq 0 ]; then
echo "Curl command succeeded."
else
echo "Curl command failed."
fi