demos/linux/tls_client/scripts/tlsServer.sh - a71ch-crypto-support - Git at Google

 #!/bin/bash
 #
 # Copyright 2019 NXP
 # SPDX-License-Identifier: Apache-2.0
 #

 # History
 #
 # 2019-09-05: Removed ECDH cipher request as this is no longer supported by OpenSSL 1.1.1
 # 2019-09-04: Added RSA capability
 #

 # Cd to directory where script is stored
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 echo ${SCRIPT_DIR}
 cd ${SCRIPT_DIR}

 EC_KEY_TYPE=prime256v1

 if [ $# -ne 1 ]; then
     # Provide one and only one argument
     echo 'Usage: tlsServer.sh [ECDHE|ECDHE_SHA256|max|RSA]'
     exit 5
 elif [ "${1}" == "ECDHE" ]; then
     sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA"
     KEY_TYPE=${EC_KEY_TYPE}
 elif [ "${1}" == "ECDHE_SHA256" ]; then
     sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA256"
     KEY_TYPE=${EC_KEY_TYPE}
 elif [ "${1}" == "max" ]; then
     sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256"
     KEY_TYPE=${EC_KEY_TYPE}
 elif [ "${1}" == "RSA" ]; then
     sel_cipher=""
     KEY_TYPE=RSA
 else
     echo 'Usage: tlsServer.sh [ECDHE|ECDHE_SHA256|max|RSA]'
     exit 5
 fi

 if [ "${KEY_TYPE}" == "${EC_KEY_TYPE}" ]; then
     echo "Server key pair = EC ${KEY_TYPE}"
     echo "Only support ${sel_cipher}"
     named_curve="-named_curve ${EC_KEY_TYPE}"
 elif [ "${KEY_TYPE}" == "RSA" ]; then
     echo "Server key pair = ${KEY_TYPE}"
     echo "Do not restrict ciphers"
     named_curve=""
 else
     echo "Inspect value of KEY_TYPE: ${KEY_TYPE}"
     exit 6
 fi

 KEY_DIR=../credentials/${KEY_TYPE}

 rootca_key="${KEY_DIR}/tls_rootca_key.pem"
 rootca_cer="${KEY_DIR}/tls_rootca.cer"

 client_key="${KEY_DIR}/tls_client_key.pem"
 client_key_pub="${KEY_DIR}/tls_client_key_pub.pem" # Contains public key only
 client_csr="${KEY_DIR}/tls_client.csr"
 client_cer="${KEY_DIR}/tls_client.cer"

 server_key="${KEY_DIR}/tls_server_key.pem"
 server_csr="${KEY_DIR}/tls_server.csr"
 server_cer="${KEY_DIR}/tls_server.cer"


 echo "Ensure OPENSSL_CONF is not set to use OpenSSL engine"
 echo "    OPENSSL_CONF=${OPENSSL_CONF}"
 echo "****************************************************"

 #
 # Invoke openssl s_server with additional parameters for more info
 # -msg   : show all protocol messages with hex dump
 # -debug : print extensive debugging information including a hex dump of all traffic
 #

 cmd="openssl s_server -accept 8080 -no_ssl3 ${named_curve} \
  -CAfile ${rootca_cer} \
  -cert ${server_cer} -key ${server_key} \
  ${sel_cipher} -Verify 2 -state -msg"
 echo "${cmd}"
 ${cmd}

 exit 0
	#!/bin/bash
	#
	# Copyright 2019 NXP
	# SPDX-License-Identifier: Apache-2.0
	#

	# History
	#
	# 2019-09-05: Removed ECDH cipher request as this is no longer supported by OpenSSL 1.1.1
	# 2019-09-04: Added RSA capability
	#

	# Cd to directory where script is stored
	SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
	echo ${SCRIPT_DIR}
	cd ${SCRIPT_DIR}

	EC_KEY_TYPE=prime256v1

	if [ $# -ne 1 ]; then
	# Provide one and only one argument
	echo 'Usage: tlsServer.sh [ECDHE\|ECDHE_SHA256\|max\|RSA]'
	exit 5
	elif [ "${1}" == "ECDHE" ]; then
	sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA"
	KEY_TYPE=${EC_KEY_TYPE}
	elif [ "${1}" == "ECDHE_SHA256" ]; then
	sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA256"
	KEY_TYPE=${EC_KEY_TYPE}
	elif [ "${1}" == "max" ]; then
	sel_cipher="-cipher ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256"
	KEY_TYPE=${EC_KEY_TYPE}
	elif [ "${1}" == "RSA" ]; then
	sel_cipher=""
	KEY_TYPE=RSA
	else
	echo 'Usage: tlsServer.sh [ECDHE\|ECDHE_SHA256\|max\|RSA]'
	exit 5
	fi

	if [ "${KEY_TYPE}" == "${EC_KEY_TYPE}" ]; then
	echo "Server key pair = EC ${KEY_TYPE}"
	echo "Only support ${sel_cipher}"
	named_curve="-named_curve ${EC_KEY_TYPE}"
	elif [ "${KEY_TYPE}" == "RSA" ]; then
	echo "Server key pair = ${KEY_TYPE}"
	echo "Do not restrict ciphers"
	named_curve=""
	else
	echo "Inspect value of KEY_TYPE: ${KEY_TYPE}"
	exit 6
	fi

	KEY_DIR=../credentials/${KEY_TYPE}

	rootca_key="${KEY_DIR}/tls_rootca_key.pem"
	rootca_cer="${KEY_DIR}/tls_rootca.cer"

	client_key="${KEY_DIR}/tls_client_key.pem"
	client_key_pub="${KEY_DIR}/tls_client_key_pub.pem" # Contains public key only
	client_csr="${KEY_DIR}/tls_client.csr"
	client_cer="${KEY_DIR}/tls_client.cer"

	server_key="${KEY_DIR}/tls_server_key.pem"
	server_csr="${KEY_DIR}/tls_server.csr"
	server_cer="${KEY_DIR}/tls_server.cer"


	echo "Ensure OPENSSL_CONF is not set to use OpenSSL engine"
	echo " OPENSSL_CONF=${OPENSSL_CONF}"
	echo "****************************************************"

	#
	# Invoke openssl s_server with additional parameters for more info
	# -msg : show all protocol messages with hex dump
	# -debug : print extensive debugging information including a hex dump of all traffic
	#

	cmd="openssl s_server -accept 8080 -no_ssl3 ${named_curve} \
	-CAfile ${rootca_cer} \
	-cert ${server_cer} -key ${server_key} \
	${sel_cipher} -Verify 2 -state -msg"
	echo "${cmd}"
	${cmd}

	exit 0