1# Copyright (c) 2024 Nordic Semiconductor ASA
2#
3# SPDX-License-Identifier: Apache-2.0
4
5import logging
6import os
7import subprocess
8from twister_harness import DeviceAdapter
9
10import pytest
11
12logger = logging.getLogger(__name__)
13
14def get_arguments_from_server_type(server_type, port):
15    this_path = os.path.dirname(os.path.abspath(__file__))
16    certs_path = os.path.join(this_path, "..", "credentials")
17
18    args = ["openssl", "s_server"]
19    if server_type == "1.2-rsa":
20        args.extend(["-cert", "{}/rsa.crt".format(certs_path),
21                     "-key", "{}/rsa-priv.key".format(certs_path),
22                     "-certform", "PEM",
23                     "-tls1_2",
24                     "-cipher", "AES128-SHA256,AES256-SHA256"])
25    elif server_type == "1.2-ec":
26        args.extend(["-cert", "{}/ec.crt".format(certs_path),
27                     "-key", "{}/ec-priv.key".format(certs_path),
28                     "-certform", "PEM",
29                     "-tls1_2",
30                     "-cipher", "ECDHE-ECDSA-AES128-SHA256"])
31    elif server_type == "1.3-ephemeral":
32        args.extend(["-cert", "{}/ec.crt".format(certs_path),
33                     "-key", "{}/ec-priv.key".format(certs_path),
34                     "-certform", "PEM",
35                     "-tls1_3",
36                     "-ciphersuites", "TLS_AES_128_GCM_SHA256",
37                     "-num_tickets", "0"])
38    elif server_type == "1.3-ephemeral-tickets":
39        args.extend(["-cert", "{}/ec.crt".format(certs_path),
40                     "-key", "{}/ec-priv.key".format(certs_path),
41                     "-certform", "PEM",
42                     "-tls1_3",
43                     "-ciphersuites", "TLS_AES_128_GCM_SHA256"])
44    elif server_type == "1.3-psk-tickets":
45        args.extend(["-tls1_3",
46                     "-ciphersuites", "TLS_AES_128_GCM_SHA256",
47                     "-psk_identity", "PSK_identity", "-psk", "0102030405",
48                     "-allow_no_dhe_kex", "-nocert"])
49    else:
50        raise Exception("Wrong server type")
51
52    args.extend(["-serverpref", "-state", "-debug", "-status_verbose", "-rev",
53                 "-accept", "{}".format(port)])
54    return args
55
56@pytest.fixture()
57def openssl_server(server_type, port):
58    logger.info("Server type: " + server_type)
59    args = get_arguments_from_server_type(server_type, port)
60    logger.info("Launch command:")
61    print(" ".join(args))
62    openssl = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
63
64    try:
65        openssl.wait(1)
66        logger.error("Server startup failed. Here's the logs from OpenSSL:")
67        for line in openssl.stdout.readlines():
68            logger.error(line)
69        raise Exception("Server startup failed")
70    except subprocess.TimeoutExpired:
71        logger.info("Server is up")
72
73    yield
74
75    logger.info("Kill server")
76    openssl.kill()
77
78def test_app_vs_openssl(dut: DeviceAdapter, openssl_server):
79    logger.info("Launch Zephyr application")
80    dut.launch()
81    dut.readlines_until("Test PASSED", timeout=3.0)
82