From 8394484f0ade7173c00bc08b3e2c42021893b140 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 20 Jul 2021 18:26:03 +0100 Subject: [PATCH 01/30] Add draft python tool to translate MBed ciphersuites Created 2 functions - translate_gnu() - translate_ossl() Each function takes a parameter `m_cipher` (expected in the MBedTLS naming standard), and through a series of edge cases/replaces, modifies the ciphersuite name to match the GNU and OpenSSL naming conventions respectively. This will serve as to maintain a single list that can be translated, rather than maintaining 3 lists for OpenSSL and GNU also. This commit serves as a checkpoint, and the program will be cleaned up in the future. The program currently runs a series of tests to check every given ciphersuite name combination in compat.sh to ensure they are translated correctly. Some OpenSSL names appear to have typos and as such have been corrected in this program until I have recieved more information. The errors were commented out to keep note of. Signed-off-by: Joe Subbiani --- translate_ciphers.py | 485 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 485 insertions(+) create mode 100644 translate_ciphers.py diff --git a/translate_ciphers.py b/translate_ciphers.py new file mode 100644 index 000000000..cf0be7257 --- /dev/null +++ b/translate_ciphers.py @@ -0,0 +1,485 @@ + +def translate_gnu(m_cipher): + + m_cipher = "+" + m_cipher[4:] + m_cipher = m_cipher.replace("-WITH-", ":+") + m_cipher = m_cipher.replace("-EDE", "") + if m_cipher.split("-")[-1] == "SHA": + m_cipher = m_cipher+"1" + + + if m_cipher.split("-")[-1] == "8" or m_cipher.split("-")[-1] == "CCM": + m_cipher = m_cipher+":+AEAD" + else: + index=m_cipher.rindex("-") + m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] + m_cipher = m_cipher.replace("GCM:+SHA256", "GCM:+AEAD") + m_cipher = m_cipher.replace("GCM:+SHA384", "GCM:+AEAD") + + return m_cipher + +def translate_ossl(m_cipher): + m_cipher = m_cipher[4:] + m_cipher = m_cipher.replace("-WITH", "") + m_cipher = m_cipher.replace("AES-", "AES") + m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA") + m_cipher = m_cipher.replace("ARIA-", "ARIA") + + m_cipher = m_cipher.replace("-EDE", "") + + m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") + try: + index = m_cipher.rindex("CBC") + if m_cipher[index-4:index-1] != "DES": + m_cipher = m_cipher.replace("CBC-", "") + except: + pass + + if m_cipher[:4] == "RSA-": + m_cipher = m_cipher[4:] + + m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA") + + try: + index = m_cipher.rindex("POLY1305") + m_cipher=m_cipher[:index+8] + except Exception as e: + pass#print(e) + + return m_cipher + +def test_all_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-NULL-MD5", + "TLS-RSA-WITH-NULL-SHA", + + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-RSA-WITH-NULL-SHA", + + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + + "TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-PSK-WITH-AES-128-CBC-SHA", + "TLS-PSK-WITH-AES-256-CBC-SHA", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+NULL:+SHA1", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + + "+DHE-RSA:+AES-128-CBC:+SHA1", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "+DHE-RSA:+3DES-CBC:+SHA1", + "+RSA:+AES-256-CBC:+SHA1", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "+RSA:+AES-128-CBC:+SHA1", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "+RSA:+3DES-CBC:+SHA1", + "+RSA:+NULL:+MD5", + "+RSA:+NULL:+SHA1", + + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "+ECDHE-RSA:+NULL:+SHA1", + + "+RSA:+AES-128-CBC:+SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "+RSA:+AES-128-GCM:+AEAD", + "+RSA:+AES-256-GCM:+AEAD", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + + "+PSK:+3DES-CBC:+SHA1", + "+PSK:+AES-128-CBC:+SHA1", + "+PSK:+AES-256-CBC:+SHA1", + ] + o_ciphers = [ + "ECDHE-ECDSA-NULL-SHA", + "ECDHE-ECDSA-DES-CBC3-SHA", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + + "DHE-RSA-AES128-SHA", + "DHE-RSA-AES256-SHA", + "DHE-RSA-CAMELLIA128-SHA", + "DHE-RSA-CAMELLIA256-SHA", + #"EDH-RSA-DES-CBC3-SHA", + "DHE-RSA-DES-CBC3-SHA", + "AES256-SHA", + "CAMELLIA256-SHA", + "AES128-SHA", + "CAMELLIA128-SHA", + "DES-CBC3-SHA", + "NULL-MD5", + "NULL-SHA", + + "ECDHE-RSA-AES128-SHA", + "ECDHE-RSA-AES256-SHA", + "ECDHE-RSA-DES-CBC3-SHA", + "ECDHE-RSA-NULL-SHA", + + #"NULL-SHA256", + "AES128-SHA256", + "DHE-RSA-AES128-SHA256", + "AES256-SHA256", + "DHE-RSA-AES256-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-RSA-AES256-SHA384", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + + #"PSK-3DES-EDE-CBC-SHA", + #"PSK-AES128-CBC-SHA", + #"PSK-AES256-CBC-SHA", + + "PSK-DES-CBC3-SHA", + "PSK-AES128-SHA", + "PSK-AES256-SHA", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + if g!=g_ciphers[i]: + print("GNU", i) + print("new".ljust(10), g) + print("original".ljust(10), g_ciphers[i]) + # break + + + o = translate_ossl(m_ciphers[i]) + if o!=o_ciphers[i]: + print("OpenSSL", i) + print("new".ljust(10), o) + print("original".ljust(10), o_ciphers[i]) + # break + +def test_mbed_ossl_common(): + m_ciphers = [ + "TLS-ECDH-ECDSA-WITH-NULL-SHA", + "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + ] + o_ciphers = [ + "ECDH-ECDSA-NULL-SHA", + "ECDH-ECDSA-DES-CBC3-SHA", + "ECDH-ECDSA-AES128-SHA", + "ECDH-ECDSA-AES256-SHA", + + "ECDH-ECDSA-AES128-SHA256", + "ECDH-ECDSA-AES256-SHA384", + "ECDH-ECDSA-AES128-GCM-SHA256", + "ECDH-ECDSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-ARIA256-GCM-SHA384", + "ECDHE-ECDSA-ARIA128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + + "DES-CBC-SHA", + #"EDH-RSA-DES-CBC-SHA", + "DHE-RSA-DES-CBC-SHA", + + "ECDHE-ARIA256-GCM-SHA384", + "DHE-RSA-ARIA256-GCM-SHA384", + "ARIA256-GCM-SHA384", + "ECDHE-ARIA128-GCM-SHA256", + "DHE-RSA-ARIA128-GCM-SHA256", + "ARIA128-GCM-SHA256", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + + "DHE-PSK-ARIA256-GCM-SHA384", + "DHE-PSK-ARIA128-GCM-SHA256", + "PSK-ARIA256-GCM-SHA384", + "PSK-ARIA128-GCM-SHA256", + "PSK-CHACHA20-POLY1305", + "ECDHE-PSK-CHACHA20-POLY1305", + "DHE-PSK-CHACHA20-POLY1305", + ] + + for i in range(len(m_ciphers)): + + o = translate_ossl(m_ciphers[i]) + if o!=o_ciphers[i]: + print("OpenSSL", i) + print("new".ljust(10), o) + print("original".ljust(10), o_ciphers[i]) + # break + +def test_mbed_gnu_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + + "TLS-RSA-WITH-NULL-SHA256", + + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CCM", + "TLS-RSA-WITH-AES-256-CCM", + "TLS-DHE-RSA-WITH-AES-128-CCM", + "TLS-DHE-RSA-WITH-AES-256-CCM", + "TLS-RSA-WITH-AES-128-CCM-8", + "TLS-RSA-WITH-AES-256-CCM-8", + "TLS-DHE-RSA-WITH-AES-128-CCM-8", + "TLS-DHE-RSA-WITH-AES-256-CCM-8", + + "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-NULL-SHA384", + "TLS-ECDHE-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-AES-128-CBC-SHA256", + "TLS-PSK-WITH-AES-256-CBC-SHA384", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-NULL-SHA256", + "TLS-DHE-PSK-WITH-NULL-SHA384", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-AES-128-GCM-SHA256", + "TLS-PSK-WITH-AES-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "TLS-PSK-WITH-AES-128-CCM", + "TLS-PSK-WITH-AES-256-CCM", + "TLS-DHE-PSK-WITH-AES-128-CCM", + "TLS-DHE-PSK-WITH-AES-256-CCM", + "TLS-PSK-WITH-AES-128-CCM-8", + "TLS-PSK-WITH-AES-256-CCM-8", + "TLS-DHE-PSK-WITH-AES-128-CCM-8", + "TLS-DHE-PSK-WITH-AES-256-CCM-8", + "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + + "+RSA:+NULL:+SHA256", + + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+AES-128-CCM:+AEAD", + "+RSA:+AES-256-CCM:+AEAD", + "+DHE-RSA:+AES-128-CCM:+AEAD", + "+DHE-RSA:+AES-256-CCM:+AEAD", + "+RSA:+AES-128-CCM-8:+AEAD", + "+RSA:+AES-256-CCM-8:+AEAD", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + + "+DHE-PSK:+3DES-CBC:+SHA1", + "+DHE-PSK:+AES-128-CBC:+SHA1", + "+DHE-PSK:+AES-256-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+AES-256-CBC:+SHA1", + "+RSA-PSK:+AES-128-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-PSK:+NULL:+SHA384", + "+ECDHE-PSK:+NULL:+SHA256", + "+PSK:+AES-128-CBC:+SHA256", + "+PSK:+AES-256-CBC:+SHA384", + "+DHE-PSK:+AES-128-CBC:+SHA256", + "+DHE-PSK:+AES-256-CBC:+SHA384", + "+PSK:+NULL:+SHA256", + "+PSK:+NULL:+SHA384", + "+DHE-PSK:+NULL:+SHA256", + "+DHE-PSK:+NULL:+SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + "+RSA-PSK:+AES-128-CBC:+SHA256", + "+RSA-PSK:+NULL:+SHA256", + "+RSA-PSK:+NULL:+SHA384", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+AES-128-GCM:+AEAD", + "+PSK:+AES-256-GCM:+AEAD", + "+DHE-PSK:+AES-128-GCM:+AEAD", + "+DHE-PSK:+AES-256-GCM:+AEAD", + "+PSK:+AES-128-CCM:+AEAD", + "+PSK:+AES-256-CCM:+AEAD", + "+DHE-PSK:+AES-128-CCM:+AEAD", + "+DHE-PSK:+AES-256-CCM:+AEAD", + "+PSK:+AES-128-CCM-8:+AEAD", + "+PSK:+AES-256-CCM-8:+AEAD", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + "+RSA-PSK:+AES-256-GCM:+AEAD", + "+RSA-PSK:+AES-128-GCM:+AEAD", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + if g!=g_ciphers[i]: + print("GNU", i) + print("new".ljust(10), g) + print("original".ljust(10), g_ciphers[i]) + # break + +test_all_common() +test_mbed_ossl_common() +test_mbed_gnu_common() \ No newline at end of file From 3ad58329da67e6eed6148da2c6ceade44a84c5bb Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 21 Jul 2021 16:48:54 +0100 Subject: [PATCH 02/30] Reformat translation functions and test in seperate file Moved the test over to a seperate file, where I can start experimenting with how the script will be called. Commented and improved the translation functions. They should be more readable, however I added comments anyway to quickly identify every step involved with te translation from MBedTLS to GNU or OpenSSL Signed-off-by: Joe Subbiani --- test_translate.py | 427 +++++++++++++++++++++++++++++++++++++ translate_ciphers.py | 495 ++++--------------------------------------- 2 files changed, 465 insertions(+), 457 deletions(-) create mode 100644 test_translate.py diff --git a/test_translate.py b/test_translate.py new file mode 100644 index 000000000..9de283059 --- /dev/null +++ b/test_translate.py @@ -0,0 +1,427 @@ +from translate_ciphers import * + +def assert_equal(translate, original): + try: + assert(translate == original) + except AssertionError: + print("%s\n%s\n" %(translate, original)) + +def test_all_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-NULL-MD5", + "TLS-RSA-WITH-NULL-SHA", + + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-RSA-WITH-NULL-SHA", + + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + + "TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-PSK-WITH-AES-128-CBC-SHA", + "TLS-PSK-WITH-AES-256-CBC-SHA", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+NULL:+SHA1", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + + "+DHE-RSA:+AES-128-CBC:+SHA1", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "+DHE-RSA:+3DES-CBC:+SHA1", + "+RSA:+AES-256-CBC:+SHA1", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "+RSA:+AES-128-CBC:+SHA1", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "+RSA:+3DES-CBC:+SHA1", + "+RSA:+NULL:+MD5", + "+RSA:+NULL:+SHA1", + + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "+ECDHE-RSA:+NULL:+SHA1", + + "+RSA:+AES-128-CBC:+SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "+RSA:+AES-128-GCM:+AEAD", + "+RSA:+AES-256-GCM:+AEAD", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + + "+PSK:+3DES-CBC:+SHA1", + "+PSK:+AES-128-CBC:+SHA1", + "+PSK:+AES-256-CBC:+SHA1", + ] + o_ciphers = [ + "ECDHE-ECDSA-NULL-SHA", + "ECDHE-ECDSA-DES-CBC3-SHA", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + + "DHE-RSA-AES128-SHA", + "DHE-RSA-AES256-SHA", + "DHE-RSA-CAMELLIA128-SHA", + "DHE-RSA-CAMELLIA256-SHA", + "EDH-RSA-DES-CBC3-SHA", + "AES256-SHA", + "CAMELLIA256-SHA", + "AES128-SHA", + "CAMELLIA128-SHA", + "DES-CBC3-SHA", + "NULL-MD5", + "NULL-SHA", + + "ECDHE-RSA-AES128-SHA", + "ECDHE-RSA-AES256-SHA", + "ECDHE-RSA-DES-CBC3-SHA", + "ECDHE-RSA-NULL-SHA", + + #"NULL-SHA256", + "AES128-SHA256", + "DHE-RSA-AES128-SHA256", + "AES256-SHA256", + "DHE-RSA-AES256-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-RSA-AES256-SHA384", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + + "PSK-3DES-EDE-CBC-SHA", + "PSK-AES128-CBC-SHA", + "PSK-AES256-CBC-SHA", + + #"PSK-DES-CBC3-SHA", + #"PSK-AES128-SHA", + #"PSK-AES256-SHA", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + assert_equal(g, g_ciphers[i]) + + o = translate_ossl(m_ciphers[i]) + assert_equal(o, o_ciphers[i]) + +def test_mbed_ossl_common(): + m_ciphers = [ + "TLS-ECDH-ECDSA-WITH-NULL-SHA", + "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + ] + o_ciphers = [ + "ECDH-ECDSA-NULL-SHA", + "ECDH-ECDSA-DES-CBC3-SHA", + "ECDH-ECDSA-AES128-SHA", + "ECDH-ECDSA-AES256-SHA", + + "ECDH-ECDSA-AES128-SHA256", + "ECDH-ECDSA-AES256-SHA384", + "ECDH-ECDSA-AES128-GCM-SHA256", + "ECDH-ECDSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-ARIA256-GCM-SHA384", + "ECDHE-ECDSA-ARIA128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + + "DES-CBC-SHA", + "EDH-RSA-DES-CBC-SHA", + #"DHE-RSA-DES-CBC-SHA", + + "ECDHE-ARIA256-GCM-SHA384", + "DHE-RSA-ARIA256-GCM-SHA384", + "ARIA256-GCM-SHA384", + "ECDHE-ARIA128-GCM-SHA256", + "DHE-RSA-ARIA128-GCM-SHA256", + "ARIA128-GCM-SHA256", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + + "DHE-PSK-ARIA256-GCM-SHA384", + "DHE-PSK-ARIA128-GCM-SHA256", + "PSK-ARIA256-GCM-SHA384", + "PSK-ARIA128-GCM-SHA256", + "PSK-CHACHA20-POLY1305", + "ECDHE-PSK-CHACHA20-POLY1305", + "DHE-PSK-CHACHA20-POLY1305", + ] + + for i in range(len(m_ciphers)): + + o = translate_ossl(m_ciphers[i]) + assert_equal(o, o_ciphers[i]) + + +def test_mbed_gnu_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + + "TLS-RSA-WITH-NULL-SHA256", + + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CCM", + "TLS-RSA-WITH-AES-256-CCM", + "TLS-DHE-RSA-WITH-AES-128-CCM", + "TLS-DHE-RSA-WITH-AES-256-CCM", + "TLS-RSA-WITH-AES-128-CCM-8", + "TLS-RSA-WITH-AES-256-CCM-8", + "TLS-DHE-RSA-WITH-AES-128-CCM-8", + "TLS-DHE-RSA-WITH-AES-256-CCM-8", + + "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-NULL-SHA384", + "TLS-ECDHE-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-AES-128-CBC-SHA256", + "TLS-PSK-WITH-AES-256-CBC-SHA384", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-NULL-SHA256", + "TLS-DHE-PSK-WITH-NULL-SHA384", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-AES-128-GCM-SHA256", + "TLS-PSK-WITH-AES-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "TLS-PSK-WITH-AES-128-CCM", + "TLS-PSK-WITH-AES-256-CCM", + "TLS-DHE-PSK-WITH-AES-128-CCM", + "TLS-DHE-PSK-WITH-AES-256-CCM", + "TLS-PSK-WITH-AES-128-CCM-8", + "TLS-PSK-WITH-AES-256-CCM-8", + "TLS-DHE-PSK-WITH-AES-128-CCM-8", + "TLS-DHE-PSK-WITH-AES-256-CCM-8", + "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + + "+RSA:+NULL:+SHA256", + + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+AES-128-CCM:+AEAD", + "+RSA:+AES-256-CCM:+AEAD", + "+DHE-RSA:+AES-128-CCM:+AEAD", + "+DHE-RSA:+AES-256-CCM:+AEAD", + "+RSA:+AES-128-CCM-8:+AEAD", + "+RSA:+AES-256-CCM-8:+AEAD", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + + "+DHE-PSK:+3DES-CBC:+SHA1", + "+DHE-PSK:+AES-128-CBC:+SHA1", + "+DHE-PSK:+AES-256-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+AES-256-CBC:+SHA1", + "+RSA-PSK:+AES-128-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-PSK:+NULL:+SHA384", + "+ECDHE-PSK:+NULL:+SHA256", + "+PSK:+AES-128-CBC:+SHA256", + "+PSK:+AES-256-CBC:+SHA384", + "+DHE-PSK:+AES-128-CBC:+SHA256", + "+DHE-PSK:+AES-256-CBC:+SHA384", + "+PSK:+NULL:+SHA256", + "+PSK:+NULL:+SHA384", + "+DHE-PSK:+NULL:+SHA256", + "+DHE-PSK:+NULL:+SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + "+RSA-PSK:+AES-128-CBC:+SHA256", + "+RSA-PSK:+NULL:+SHA256", + "+RSA-PSK:+NULL:+SHA384", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+AES-128-GCM:+AEAD", + "+PSK:+AES-256-GCM:+AEAD", + "+DHE-PSK:+AES-128-GCM:+AEAD", + "+DHE-PSK:+AES-256-GCM:+AEAD", + "+PSK:+AES-128-CCM:+AEAD", + "+PSK:+AES-256-CCM:+AEAD", + "+DHE-PSK:+AES-128-CCM:+AEAD", + "+DHE-PSK:+AES-256-CCM:+AEAD", + "+PSK:+AES-128-CCM-8:+AEAD", + "+PSK:+AES-256-CCM-8:+AEAD", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + "+RSA-PSK:+AES-256-GCM:+AEAD", + "+RSA-PSK:+AES-128-GCM:+AEAD", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + assert_equal(g, g_ciphers[i]) + + +test_all_common() +test_mbed_ossl_common() +test_mbed_gnu_common() diff --git a/translate_ciphers.py b/translate_ciphers.py index cf0be7257..e17d41c75 100644 --- a/translate_ciphers.py +++ b/translate_ciphers.py @@ -1,485 +1,66 @@ +import re def translate_gnu(m_cipher): - + # Remove "TLS-" + # Replace "-WITH-" with ":+" + # Remove "EDE" m_cipher = "+" + m_cipher[4:] m_cipher = m_cipher.replace("-WITH-", ":+") m_cipher = m_cipher.replace("-EDE", "") - if m_cipher.split("-")[-1] == "SHA": + + # SHA == SHA1, if the last 3 chars are SHA append 1 + if m_cipher[-3:] == "SHA": m_cipher = m_cipher+"1" - - - if m_cipher.split("-")[-1] == "8" or m_cipher.split("-")[-1] == "CCM": + + # CCM or CCM-8 should be followed by ":+AEAD" + if "CCM" in m_cipher: m_cipher = m_cipher+":+AEAD" + + # Replace the last "-" with ":+" + # Replace "GCM:+SHAxyz" with "GCM:+AEAD" else: index=m_cipher.rindex("-") m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] - m_cipher = m_cipher.replace("GCM:+SHA256", "GCM:+AEAD") - m_cipher = m_cipher.replace("GCM:+SHA384", "GCM:+AEAD") + m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) return m_cipher - + def translate_ossl(m_cipher): + # Remove "TLS-" + # Remove "WITH" m_cipher = m_cipher[4:] m_cipher = m_cipher.replace("-WITH", "") + + # Remove the "-" from "ABC-xyz" m_cipher = m_cipher.replace("AES-", "AES") m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA") m_cipher = m_cipher.replace("ARIA-", "ARIA") - - m_cipher = m_cipher.replace("-EDE", "") - - m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") - try: - index = m_cipher.rindex("CBC") - if m_cipher[index-4:index-1] != "DES": - m_cipher = m_cipher.replace("CBC-", "") - except: - pass + # Remove "RSA" if it is at the beginning if m_cipher[:4] == "RSA-": m_cipher = m_cipher[4:] + # For all circumstances outside of PSK + if "PSK" not in m_cipher: + m_cipher = m_cipher.replace("-EDE", "") + m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") + + # Remove "CBC" if it is not prefixed by DES + if "CBC" in m_cipher: + index = m_cipher.rindex("CBC") + if m_cipher[index-4:index-1] != "DES": + m_cipher = m_cipher.replace("CBC-", "") + + # ECDHE-RSA-ARIA does not exist in OpenSSL m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA") - try: + # POLY1305 should not be followed by anything + if "POLY1305" in m_cipher: index = m_cipher.rindex("POLY1305") m_cipher=m_cipher[:index+8] - except Exception as e: - pass#print(e) + + # If DES is being used, Replace DHE with EDH + if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher: + m_cipher = m_cipher.replace("DHE", "EDH") return m_cipher - -def test_all_common(): - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-AES-256-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-RSA-WITH-AES-128-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-NULL-MD5", - "TLS-RSA-WITH-NULL-SHA", - - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-RSA-WITH-NULL-SHA", - - "TLS-RSA-WITH-AES-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-RSA-WITH-AES-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "TLS-RSA-WITH-AES-128-GCM-SHA256", - "TLS-RSA-WITH-AES-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - - "TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-PSK-WITH-AES-128-CBC-SHA", - "TLS-PSK-WITH-AES-256-CBC-SHA", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+NULL:+SHA1", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - - "+DHE-RSA:+AES-128-CBC:+SHA1", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "+DHE-RSA:+3DES-CBC:+SHA1", - "+RSA:+AES-256-CBC:+SHA1", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "+RSA:+AES-128-CBC:+SHA1", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "+RSA:+3DES-CBC:+SHA1", - "+RSA:+NULL:+MD5", - "+RSA:+NULL:+SHA1", - - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "+ECDHE-RSA:+NULL:+SHA1", - - "+RSA:+AES-128-CBC:+SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "+RSA:+AES-128-GCM:+AEAD", - "+RSA:+AES-256-GCM:+AEAD", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - - "+PSK:+3DES-CBC:+SHA1", - "+PSK:+AES-128-CBC:+SHA1", - "+PSK:+AES-256-CBC:+SHA1", - ] - o_ciphers = [ - "ECDHE-ECDSA-NULL-SHA", - "ECDHE-ECDSA-DES-CBC3-SHA", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA", - - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - - "DHE-RSA-AES128-SHA", - "DHE-RSA-AES256-SHA", - "DHE-RSA-CAMELLIA128-SHA", - "DHE-RSA-CAMELLIA256-SHA", - #"EDH-RSA-DES-CBC3-SHA", - "DHE-RSA-DES-CBC3-SHA", - "AES256-SHA", - "CAMELLIA256-SHA", - "AES128-SHA", - "CAMELLIA128-SHA", - "DES-CBC3-SHA", - "NULL-MD5", - "NULL-SHA", - - "ECDHE-RSA-AES128-SHA", - "ECDHE-RSA-AES256-SHA", - "ECDHE-RSA-DES-CBC3-SHA", - "ECDHE-RSA-NULL-SHA", - - #"NULL-SHA256", - "AES128-SHA256", - "DHE-RSA-AES128-SHA256", - "AES256-SHA256", - "DHE-RSA-AES256-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-RSA-AES256-SHA384", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES256-GCM-SHA384", - - #"PSK-3DES-EDE-CBC-SHA", - #"PSK-AES128-CBC-SHA", - #"PSK-AES256-CBC-SHA", - - "PSK-DES-CBC3-SHA", - "PSK-AES128-SHA", - "PSK-AES256-SHA", - ] - - for i in range(len(m_ciphers)): - - g = translate_gnu(m_ciphers[i]) - if g!=g_ciphers[i]: - print("GNU", i) - print("new".ljust(10), g) - print("original".ljust(10), g_ciphers[i]) - # break - - - o = translate_ossl(m_ciphers[i]) - if o!=o_ciphers[i]: - print("OpenSSL", i) - print("new".ljust(10), o) - print("original".ljust(10), o_ciphers[i]) - # break - -def test_mbed_ossl_common(): - m_ciphers = [ - "TLS-ECDH-ECDSA-WITH-NULL-SHA", - "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-RSA-WITH-DES-CBC-SHA", - - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - ] - o_ciphers = [ - "ECDH-ECDSA-NULL-SHA", - "ECDH-ECDSA-DES-CBC3-SHA", - "ECDH-ECDSA-AES128-SHA", - "ECDH-ECDSA-AES256-SHA", - - "ECDH-ECDSA-AES128-SHA256", - "ECDH-ECDSA-AES256-SHA384", - "ECDH-ECDSA-AES128-GCM-SHA256", - "ECDH-ECDSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-ARIA256-GCM-SHA384", - "ECDHE-ECDSA-ARIA128-GCM-SHA256", - "ECDHE-ECDSA-CHACHA20-POLY1305", - - "DES-CBC-SHA", - #"EDH-RSA-DES-CBC-SHA", - "DHE-RSA-DES-CBC-SHA", - - "ECDHE-ARIA256-GCM-SHA384", - "DHE-RSA-ARIA256-GCM-SHA384", - "ARIA256-GCM-SHA384", - "ECDHE-ARIA128-GCM-SHA256", - "DHE-RSA-ARIA128-GCM-SHA256", - "ARIA128-GCM-SHA256", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - - "DHE-PSK-ARIA256-GCM-SHA384", - "DHE-PSK-ARIA128-GCM-SHA256", - "PSK-ARIA256-GCM-SHA384", - "PSK-ARIA128-GCM-SHA256", - "PSK-CHACHA20-POLY1305", - "ECDHE-PSK-CHACHA20-POLY1305", - "DHE-PSK-CHACHA20-POLY1305", - ] - - for i in range(len(m_ciphers)): - - o = translate_ossl(m_ciphers[i]) - if o!=o_ciphers[i]: - print("OpenSSL", i) - print("new".ljust(10), o) - print("original".ljust(10), o_ciphers[i]) - # break - -def test_mbed_gnu_common(): - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - - "TLS-RSA-WITH-NULL-SHA256", - - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-AES-128-CCM", - "TLS-RSA-WITH-AES-256-CCM", - "TLS-DHE-RSA-WITH-AES-128-CCM", - "TLS-DHE-RSA-WITH-AES-256-CCM", - "TLS-RSA-WITH-AES-128-CCM-8", - "TLS-RSA-WITH-AES-256-CCM-8", - "TLS-DHE-RSA-WITH-AES-128-CCM-8", - "TLS-DHE-RSA-WITH-AES-256-CCM-8", - - "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-NULL-SHA384", - "TLS-ECDHE-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-AES-128-CBC-SHA256", - "TLS-PSK-WITH-AES-256-CBC-SHA384", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-NULL-SHA256", - "TLS-DHE-PSK-WITH-NULL-SHA384", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-AES-128-GCM-SHA256", - "TLS-PSK-WITH-AES-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "TLS-PSK-WITH-AES-128-CCM", - "TLS-PSK-WITH-AES-256-CCM", - "TLS-DHE-PSK-WITH-AES-128-CCM", - "TLS-DHE-PSK-WITH-AES-256-CCM", - "TLS-PSK-WITH-AES-128-CCM-8", - "TLS-PSK-WITH-AES-256-CCM-8", - "TLS-DHE-PSK-WITH-AES-128-CCM-8", - "TLS-DHE-PSK-WITH-AES-256-CCM-8", - "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - - "+RSA:+NULL:+SHA256", - - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+AES-128-CCM:+AEAD", - "+RSA:+AES-256-CCM:+AEAD", - "+DHE-RSA:+AES-128-CCM:+AEAD", - "+DHE-RSA:+AES-256-CCM:+AEAD", - "+RSA:+AES-128-CCM-8:+AEAD", - "+RSA:+AES-256-CCM-8:+AEAD", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - - "+DHE-PSK:+3DES-CBC:+SHA1", - "+DHE-PSK:+AES-128-CBC:+SHA1", - "+DHE-PSK:+AES-256-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+AES-256-CBC:+SHA1", - "+RSA-PSK:+AES-128-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-PSK:+NULL:+SHA384", - "+ECDHE-PSK:+NULL:+SHA256", - "+PSK:+AES-128-CBC:+SHA256", - "+PSK:+AES-256-CBC:+SHA384", - "+DHE-PSK:+AES-128-CBC:+SHA256", - "+DHE-PSK:+AES-256-CBC:+SHA384", - "+PSK:+NULL:+SHA256", - "+PSK:+NULL:+SHA384", - "+DHE-PSK:+NULL:+SHA256", - "+DHE-PSK:+NULL:+SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - "+RSA-PSK:+AES-128-CBC:+SHA256", - "+RSA-PSK:+NULL:+SHA256", - "+RSA-PSK:+NULL:+SHA384", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+AES-128-GCM:+AEAD", - "+PSK:+AES-256-GCM:+AEAD", - "+DHE-PSK:+AES-128-GCM:+AEAD", - "+DHE-PSK:+AES-256-GCM:+AEAD", - "+PSK:+AES-128-CCM:+AEAD", - "+PSK:+AES-256-CCM:+AEAD", - "+DHE-PSK:+AES-128-CCM:+AEAD", - "+DHE-PSK:+AES-256-CCM:+AEAD", - "+PSK:+AES-128-CCM-8:+AEAD", - "+PSK:+AES-256-CCM-8:+AEAD", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - "+RSA-PSK:+AES-256-GCM:+AEAD", - "+RSA-PSK:+AES-128-GCM:+AEAD", - ] - - for i in range(len(m_ciphers)): - - g = translate_gnu(m_ciphers[i]) - if g!=g_ciphers[i]: - print("GNU", i) - print("new".ljust(10), g) - print("original".ljust(10), g_ciphers[i]) - # break - -test_all_common() -test_mbed_ossl_common() -test_mbed_gnu_common() \ No newline at end of file From 97cd599545087b5fc7a4d551be6301ac6e1d881e Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 22 Jul 2021 16:08:29 +0100 Subject: [PATCH 03/30] Implement bash script for testing Added formatting functions to translate_ciphersuite.py to take a string of multiple ciphersuite names, in the current compat.sh and output the translated ciphersuite names in the same format Created test_translate.sh which uses samples from compat.sh to compare against the translated versions to ensure the translations are produced in the correct format Signed-off-by: Joe Subbiani --- test_translate.py | 0 test_translate.sh | 113 +++++++++++++++++++++++++++++++++++++++++++ translate_ciphers.py | 32 ++++++++++++ 3 files changed, 145 insertions(+) mode change 100644 => 100755 test_translate.py create mode 100755 test_translate.sh mode change 100644 => 100755 translate_ciphers.py diff --git a/test_translate.py b/test_translate.py old mode 100644 new mode 100755 diff --git a/test_translate.sh b/test_translate.sh new file mode 100755 index 000000000..43b7ff4e3 --- /dev/null +++ b/test_translate.sh @@ -0,0 +1,113 @@ +#!/bin/sh + +# Ciphers that will use translate_ciphers.py +M_CIPHERS="" +O_CIPHERS="" +G_CIPHERS="" + +# Ciphers taken directly from compat.sh +Mt_CIPHERS="" +Ot_CIPHERS="" +Gt_CIPHERS="" + +# Initial list to be split into 3 +CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + " + +M_CIPHERS="$M_CIPHERS \ + $CIPHERS" + +G=`python3 translate_ciphers.py g "$CIPHERS"` +G_CIPHERS="$G_CIPHERS \ + $G" + +O=`python3 translate_ciphers.py o "$CIPHERS"` +O_CIPHERS="$O_CIPHERS \ + $O" + +Mt_CIPHERS="$Mt_CIPHERS \ + TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + " +Gt_CIPHERS="$Gt_CIPHERS \ + +ECDHE-ECDSA:+NULL:+SHA1 \ + +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ + " +Ot_CIPHERS="$Ot_CIPHERS \ + ECDHE-ECDSA-NULL-SHA \ + ECDHE-ECDSA-DES-CBC3-SHA \ + ECDHE-ECDSA-AES128-SHA \ + ECDHE-ECDSA-AES256-SHA \ + " + + +# Initial list to be split into 3 +CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " + +M_CIPHERS="$M_CIPHERS \ + $CIPHERS" + +G=`python3 translate_ciphers.py g "$CIPHERS"` +G_CIPHERS="$G_CIPHERS \ + $G" + +O=`python3 translate_ciphers.py o "$CIPHERS"` +O_CIPHERS="$O_CIPHERS \ + $O" + +Mt_CIPHERS="$Mt_CIPHERS \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " +Gt_CIPHERS="$Gt_CIPHERS \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ + +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ + +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ + " +Ot_CIPHERS="$Ot_CIPHERS \ + ECDHE-ECDSA-AES128-SHA256 \ + ECDHE-ECDSA-AES256-SHA384 \ + ECDHE-ECDSA-AES128-GCM-SHA256 \ + ECDHE-ECDSA-AES256-GCM-SHA384 \ + " + +# Normalise spacing +M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') + +Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') + +# Compare the compat.sh names with the translated names +# Upon fail, print them to view the differences +if [ "$Mt_CIPHERS" != "$M_CIPHERS" ] +then + echo "MBED Translated: $M_CIPHERS" + echo "MBED Original: $Mt_CIPHERS" +fi +if [ "$Gt_CIPHERS" != "$G_CIPHERS" ] +then + echo "GNU Translated: $G_CIPHERS" + echo "GNU Original: $Gt_CIPHERS" +fi +if [ "$Ot_CIPHERS" != "$O_CIPHERS" ] +then + echo "OpenSSL Translated: $O_CIPHERS" + echo "OpenSSL Original: $Ot_CIPHERS" +fi \ No newline at end of file diff --git a/translate_ciphers.py b/translate_ciphers.py old mode 100644 new mode 100755 index e17d41c75..b9a2d5374 --- a/translate_ciphers.py +++ b/translate_ciphers.py @@ -1,4 +1,5 @@ import re +import sys def translate_gnu(m_cipher): # Remove "TLS-" @@ -64,3 +65,34 @@ def translate_ossl(m_cipher): m_cipher = m_cipher.replace("DHE", "EDH") return m_cipher + +def format_g(m_ciphers): + #ciphers = (re.findall(r"TLS-.+\s*\\", m_ciphers)) + m_ciphers = m_ciphers.split() + g_ciphers = [] + for i in m_ciphers: + g_ciphers.append(translate_gnu(i)) + return " ".join(g_ciphers) + +def format_o(m_ciphers): + m_ciphers = m_ciphers.split() + o_ciphers = [] + for i in m_ciphers: + o_ciphers.append(translate_ossl(i)) + return " ".join(o_ciphers) + +def main(): + # print command line arguments + if len(sys.argv) <= 2: + exit(1) + if sys.argv[1] == "g": + print(format_g(sys.argv[2])) + exit(0) + elif sys.argv[1] == "o": + print(format_o(sys.argv[2])) + exit(0) + else: + exit(1) + +if __name__ == "__main__": + main() \ No newline at end of file From 29239b00a672564e39221905d5063c5f5f9815b6 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 22 Jul 2021 17:33:59 +0100 Subject: [PATCH 04/30] Move translate scripts to test directory To be used by compat.sh, the files were moved to the same directory. The files were also renamed to be distinguishable aside from their file extensions Signed-off-by: Joe Subbiani --- test_translate.sh => tests/test_translate_format.sh | 0 test_translate.py => tests/test_translate_names.py | 0 translate_ciphers.py => tests/translate_ciphers.py | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename test_translate.sh => tests/test_translate_format.sh (100%) rename test_translate.py => tests/test_translate_names.py (100%) rename translate_ciphers.py => tests/translate_ciphers.py (100%) diff --git a/test_translate.sh b/tests/test_translate_format.sh similarity index 100% rename from test_translate.sh rename to tests/test_translate_format.sh diff --git a/test_translate.py b/tests/test_translate_names.py similarity index 100% rename from test_translate.py rename to tests/test_translate_names.py diff --git a/translate_ciphers.py b/tests/translate_ciphers.py similarity index 100% rename from translate_ciphers.py rename to tests/translate_ciphers.py From a16ccac1d9a8a8c16d2f74e0d16f83463e0faab5 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 22 Jul 2021 18:52:17 +0100 Subject: [PATCH 05/30] Format files and add license comment Changes to pass tests/scripts/check_files.py -Add missing new line at end of each file -Remove any trailing whitespaces -Added file shebang comments Added license info and purpose of file descriptions. The 2 test_translate... files may not be stay later down the line, but incase they do become permanent, it is good to add the appropriate comments now. Signed-off-by: Joe Subbiani --- tests/test_translate_format.sh | 33 ++++++++++++++++++++++++++++++-- tests/test_translate_names.py | 27 ++++++++++++++++++++++++-- tests/translate_ciphers.py | 35 ++++++++++++++++++++++++++++++++-- 3 files changed, 89 insertions(+), 6 deletions(-) diff --git a/tests/test_translate_format.sh b/tests/test_translate_format.sh index 43b7ff4e3..55d8a8a8e 100755 --- a/tests/test_translate_format.sh +++ b/tests/test_translate_format.sh @@ -1,5 +1,34 @@ #!/bin/sh +# test_translate_format.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Purpose +# +# Test translate_ciphers.py formatting by comparing the translated +# ciphersuite names to the true names. As in compat.sh, the spaces between +# the ciphersuite names are normalised. +# +# On fail, the translated cipher suite names do not match the correct ones. +# In this case the difference will be printed in stdout. +# +# This files main purpose is to ensure translate_ciphers.py can take strings +# in the expected format and return them in the format compat.sh will expect. + # Ciphers that will use translate_ciphers.py M_CIPHERS="" O_CIPHERS="" @@ -19,7 +48,7 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ M_CIPHERS="$M_CIPHERS \ $CIPHERS" - + G=`python3 translate_ciphers.py g "$CIPHERS"` G_CIPHERS="$G_CIPHERS \ $G" @@ -110,4 +139,4 @@ if [ "$Ot_CIPHERS" != "$O_CIPHERS" ] then echo "OpenSSL Translated: $O_CIPHERS" echo "OpenSSL Original: $Ot_CIPHERS" -fi \ No newline at end of file +fi diff --git a/tests/test_translate_names.py b/tests/test_translate_names.py index 9de283059..d018c1091 100755 --- a/tests/test_translate_names.py +++ b/tests/test_translate_names.py @@ -1,3 +1,28 @@ +#!/usr/bin/env python3 + +# test_translate_names.py +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Purpose +# +# Test translate_ciphers.py by running every MBedTLS ciphersuite name +# combination through the translate functions and comparing them to their +# correct GNU or OpenSSL counterpart. + from translate_ciphers import * def assert_equal(translate, original): @@ -235,7 +260,6 @@ def test_mbed_ossl_common(): o = translate_ossl(m_ciphers[i]) assert_equal(o, o_ciphers[i]) - def test_mbed_gnu_common(): m_ciphers = [ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -420,7 +444,6 @@ def test_mbed_gnu_common(): g = translate_gnu(m_ciphers[i]) assert_equal(g, g_ciphers[i]) - test_all_common() test_mbed_ossl_common() diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py index b9a2d5374..07affb290 100755 --- a/tests/translate_ciphers.py +++ b/tests/translate_ciphers.py @@ -1,3 +1,34 @@ +#!/usr/bin/env python3 + +# translate_ciphers.py +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Purpose +# +# Translate ciphersuite names in MBedTLS format to OpenSSL and GNU +# standards. +# +# Format and analyse strings past in via input arguments to match +# the expected strings utilised in compat.sh. +# +# sys.argv[1] should be "g" or "o" for GNU or OpenSSL. +# sys.argv[2] should be a string containing one or more +# ciphersuite names. + import re import sys @@ -91,8 +122,8 @@ def main(): elif sys.argv[1] == "o": print(format_o(sys.argv[2])) exit(0) - else: + else: exit(1) if __name__ == "__main__": - main() \ No newline at end of file + main() From 15d7124661e79a87f389be39fc21524fa0f30cc3 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Mon, 26 Jul 2021 12:20:00 +0100 Subject: [PATCH 06/30] Replace lists with calls to translate_ciphersuite.py Replace the OpenSSL $O_CIPHERS and GNU $G_CIPHERS declarations with calls to translate_ciphersuite.py Declared a new variable for each sublist $CIPHERS which is appended to MBedTLS $M_CIPHERS and translated+appended to the OpenSSL and GNU lists. Fixes #4674 Signed-off-by: Joe Subbiani --- tests/compat.sh | 391 ++++++++++----------------------- tests/test_translate_format.sh | 18 +- 2 files changed, 120 insertions(+), 289 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index c2bef2612..04b4dd521 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -246,51 +246,38 @@ add_common_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+NULL:+SHA1 \ - +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-NULL-SHA \ - ECDHE-ECDSA-DES-CBC3-SHA \ - ECDHE-ECDSA-AES128-SHA \ - ECDHE-ECDSA-AES256-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-AES128-SHA256 \ - ECDHE-ECDSA-AES256-SHA384 \ - ECDHE-ECDSA-AES128-GCM-SHA256 \ - ECDHE-ECDSA-AES256-GCM-SHA384 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi ;; "RSA") - M_CIPHERS="$M_CIPHERS \ - TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + CIPHERS="TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ @@ -303,59 +290,32 @@ add_common_ciphersuites() TLS-RSA-WITH-NULL-MD5 \ TLS-RSA-WITH-NULL-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +DHE-RSA:+AES-128-CBC:+SHA1 \ - +DHE-RSA:+AES-256-CBC:+SHA1 \ - +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \ - +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \ - +DHE-RSA:+3DES-CBC:+SHA1 \ - +RSA:+AES-256-CBC:+SHA1 \ - +RSA:+CAMELLIA-256-CBC:+SHA1 \ - +RSA:+AES-128-CBC:+SHA1 \ - +RSA:+CAMELLIA-128-CBC:+SHA1 \ - +RSA:+3DES-CBC:+SHA1 \ - +RSA:+NULL:+MD5 \ - +RSA:+NULL:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - DHE-RSA-AES128-SHA \ - DHE-RSA-AES256-SHA \ - DHE-RSA-CAMELLIA128-SHA \ - DHE-RSA-CAMELLIA256-SHA \ - EDH-RSA-DES-CBC3-SHA \ - AES256-SHA \ - CAMELLIA256-SHA \ - AES128-SHA \ - CAMELLIA128-SHA \ - DES-CBC3-SHA \ - NULL-MD5 \ - NULL-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" + if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ + CIPHERS="TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-RSA-WITH-NULL-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-RSA:+AES-128-CBC:+SHA1 \ - +ECDHE-RSA:+AES-256-CBC:+SHA1 \ - +ECDHE-RSA:+3DES-CBC:+SHA1 \ - +ECDHE-RSA:+NULL:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-RSA-AES256-SHA \ - ECDHE-RSA-AES128-SHA \ - ECDHE-RSA-DES-CBC3-SHA \ - ECDHE-RSA-NULL-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ @@ -368,54 +328,28 @@ add_common_ciphersuites() TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ " - G_CIPHERS="$G_CIPHERS \ - +RSA:+AES-128-CBC:+SHA256 \ - +DHE-RSA:+AES-128-CBC:+SHA256 \ - +RSA:+AES-256-CBC:+SHA256 \ - +DHE-RSA:+AES-256-CBC:+SHA256 \ - +ECDHE-RSA:+AES-128-CBC:+SHA256 \ - +ECDHE-RSA:+AES-256-CBC:+SHA384 \ - +RSA:+AES-128-GCM:+AEAD \ - +RSA:+AES-256-GCM:+AEAD \ - +DHE-RSA:+AES-128-GCM:+AEAD \ - +DHE-RSA:+AES-256-GCM:+AEAD \ - +ECDHE-RSA:+AES-128-GCM:+AEAD \ - +ECDHE-RSA:+AES-256-GCM:+AEAD \ - " - O_CIPHERS="$O_CIPHERS \ - NULL-SHA256 \ - AES128-SHA256 \ - DHE-RSA-AES128-SHA256 \ - AES256-SHA256 \ - DHE-RSA-AES256-SHA256 \ - ECDHE-RSA-AES128-SHA256 \ - ECDHE-RSA-AES256-SHA384 \ - AES128-GCM-SHA256 \ - DHE-RSA-AES128-GCM-SHA256 \ - AES256-GCM-SHA384 \ - DHE-RSA-AES256-GCM-SHA384 \ - ECDHE-RSA-AES128-GCM-SHA256 \ - ECDHE-RSA-AES256-GCM-SHA384 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS NULL-SHA256 $O" fi ;; "PSK") - M_CIPHERS="$M_CIPHERS \ - TLS-PSK-WITH-3DES-EDE-CBC-SHA \ + CIPHERS="TLS-PSK-WITH-3DES-EDE-CBC-SH \ TLS-PSK-WITH-AES-128-CBC-SHA \ TLS-PSK-WITH-AES-256-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +PSK:+3DES-CBC:+SHA1 \ - +PSK:+AES-128-CBC:+SHA1 \ - +PSK:+AES-256-CBC:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - PSK-3DES-EDE-CBC-SHA \ - PSK-AES128-CBC-SHA \ - PSK-AES256-CBC-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" ;; esac } @@ -437,23 +371,19 @@ add_openssl_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-NULL-SHA \ + CIPHERS="TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ " - O_CIPHERS="$O_CIPHERS \ - ECDH-ECDSA-NULL-SHA \ - ECDH-ECDSA-DES-CBC3-SHA \ - ECDH-ECDSA-AES128-SHA \ - ECDH-ECDSA-AES256-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ @@ -461,31 +391,25 @@ add_openssl_ciphersuites() TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - ECDH-ECDSA-AES128-SHA256 \ - ECDH-ECDSA-AES256-SHA384 \ - ECDH-ECDSA-AES128-GCM-SHA256 \ - ECDH-ECDSA-AES256-GCM-SHA384 \ - ECDHE-ECDSA-ARIA256-GCM-SHA384 \ - ECDHE-ECDSA-ARIA128-GCM-SHA256 \ - ECDHE-ECDSA-CHACHA20-POLY1305 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi ;; "RSA") - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-DES-CBC-SHA \ + CIPHERS="TLS-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \ " - O_CIPHERS="$O_CIPHERS \ - DES-CBC-SHA \ - EDH-RSA-DES-CBC-SHA \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" + if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ @@ -494,24 +418,17 @@ add_openssl_ciphersuites() TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ARIA256-GCM-SHA384 \ - DHE-RSA-ARIA256-GCM-SHA384 \ - ARIA256-GCM-SHA384 \ - ECDHE-ARIA128-GCM-SHA256 \ - DHE-RSA-ARIA128-GCM-SHA256 \ - ARIA128-GCM-SHA256 \ - DHE-RSA-CHACHA20-POLY1305 \ - ECDHE-RSA-CHACHA20-POLY1305 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi ;; "PSK") if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ @@ -519,15 +436,10 @@ add_openssl_ciphersuites() TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - DHE-PSK-ARIA256-GCM-SHA384 \ - DHE-PSK-ARIA128-GCM-SHA256 \ - PSK-ARIA256-GCM-SHA384 \ - PSK-ARIA128-GCM-SHA256 \ - DHE-PSK-CHACHA20-POLY1305 \ - ECDHE-PSK-CHACHA20-POLY1305 \ - PSK-CHACHA20-POLY1305 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" fi ;; esac @@ -543,43 +455,34 @@ add_gnutls_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ - " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \ - +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-128-CCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-CCM:+AEAD \ - +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD \ - +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD \ + CIPHERS="TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" fi ;; "RSA") if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - " - G_CIPHERS="$G_CIPHERS \ - +RSA:+NULL:+SHA256 \ - " + CIPHERS="TLS-RSA-WITH-NULL-SHA256" + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + CIPHERS="TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ @@ -600,65 +503,41 @@ add_gnutls_ciphersuites() TLS-DHE-RSA-WITH-AES-128-CCM-8 \ TLS-DHE-RSA-WITH-AES-256-CCM-8 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ - +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \ - +RSA:+CAMELLIA-128-CBC:+SHA256 \ - +RSA:+CAMELLIA-256-CBC:+SHA256 \ - +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ - +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \ - +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \ - +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \ - +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \ - +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \ - +RSA:+CAMELLIA-128-GCM:+AEAD \ - +RSA:+CAMELLIA-256-GCM:+AEAD \ - +RSA:+AES-128-CCM:+AEAD \ - +RSA:+AES-256-CCM:+AEAD \ - +RSA:+AES-128-CCM-8:+AEAD \ - +RSA:+AES-256-CCM-8:+AEAD \ - +DHE-RSA:+AES-128-CCM:+AEAD \ - +DHE-RSA:+AES-256-CCM:+AEAD \ - +DHE-RSA:+AES-128-CCM-8:+AEAD \ - +DHE-RSA:+AES-256-CCM-8:+AEAD \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" fi ;; "PSK") - M_CIPHERS="$M_CIPHERS \ - TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ + CIPHERS="TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +DHE-PSK:+3DES-CBC:+SHA1 \ - +DHE-PSK:+AES-128-CBC:+SHA1 \ - +DHE-PSK:+AES-256-CBC:+SHA1 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ + CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-PSK:+3DES-CBC:+SHA1 \ - +ECDHE-PSK:+AES-128-CBC:+SHA1 \ - +ECDHE-PSK:+AES-256-CBC:+SHA1 \ - +RSA-PSK:+3DES-CBC:+SHA1 \ - +RSA-PSK:+AES-256-CBC:+SHA1 \ - +RSA-PSK:+AES-128-CBC:+SHA1 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ @@ -703,52 +582,10 @@ add_gnutls_ciphersuites() TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-PSK:+AES-256-CBC:+SHA384 \ - +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +ECDHE-PSK:+AES-128-CBC:+SHA256 \ - +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+AES-128-CBC:+SHA256 \ - +PSK:+AES-256-CBC:+SHA384 \ - +DHE-PSK:+AES-128-CBC:+SHA256 \ - +DHE-PSK:+AES-256-CBC:+SHA384 \ - +RSA-PSK:+AES-256-CBC:+SHA384 \ - +RSA-PSK:+AES-128-CBC:+SHA256 \ - +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+CAMELLIA-256-CBC:+SHA384 \ - +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+AES-128-GCM:+AEAD \ - +PSK:+AES-256-GCM:+AEAD \ - +DHE-PSK:+AES-128-GCM:+AEAD \ - +DHE-PSK:+AES-256-GCM:+AEAD \ - +PSK:+AES-128-CCM:+AEAD \ - +PSK:+AES-256-CCM:+AEAD \ - +DHE-PSK:+AES-128-CCM:+AEAD \ - +DHE-PSK:+AES-256-CCM:+AEAD \ - +PSK:+AES-128-CCM-8:+AEAD \ - +PSK:+AES-256-CCM-8:+AEAD \ - +DHE-PSK:+AES-128-CCM-8:+AEAD \ - +DHE-PSK:+AES-256-CCM-8:+AEAD \ - +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \ - +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \ - +PSK:+CAMELLIA-128-GCM:+AEAD \ - +PSK:+CAMELLIA-256-GCM:+AEAD \ - +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \ - +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \ - +RSA-PSK:+AES-256-GCM:+AEAD \ - +RSA-PSK:+AES-128-GCM:+AEAD \ - +ECDHE-PSK:+NULL:+SHA384 \ - +ECDHE-PSK:+NULL:+SHA256 \ - +PSK:+NULL:+SHA256 \ - +PSK:+NULL:+SHA384 \ - +DHE-PSK:+NULL:+SHA256 \ - +DHE-PSK:+NULL:+SHA384 \ - +RSA-PSK:+NULL:+SHA256 \ - +RSA-PSK:+NULL:+SHA384 \ - " + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" fi ;; esac diff --git a/tests/test_translate_format.sh b/tests/test_translate_format.sh index 55d8a8a8e..241db4739 100755 --- a/tests/test_translate_format.sh +++ b/tests/test_translate_format.sh @@ -46,16 +46,13 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " -M_CIPHERS="$M_CIPHERS \ - $CIPHERS" +M_CIPHERS="$M_CIPHERS $CIPHERS" G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS \ - $G" +G_CIPHERS="$G_CIPHERS $G" O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS \ - $O" +O_CIPHERS="$O_CIPHERS $O" Mt_CIPHERS="$Mt_CIPHERS \ TLS-ECDHE-ECDSA-WITH-NULL-SHA \ @@ -84,16 +81,13 @@ CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " -M_CIPHERS="$M_CIPHERS \ - $CIPHERS" +M_CIPHERS="$M_CIPHERS $CIPHERS" G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS \ - $G" +G_CIPHERS="$G_CIPHERS $G" O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS \ - $O" +O_CIPHERS="$O_CIPHERS $O" Mt_CIPHERS="$Mt_CIPHERS \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ From d16d273a40a87838fa53d994905b5c86f67cd9e5 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Mon, 26 Jul 2021 13:33:35 +0100 Subject: [PATCH 07/30] Compact 2 format functions to 1 In translate_ciphers.py there were 2 format functions that were virtually identical and a check was made beforehand to decide which one to call. Now the check is made inside a single function to reduce duplicate code Signed-off-by: Joe Subbiani --- tests/translate_ciphers.py | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py index 07affb290..d6b604dd3 100755 --- a/tests/translate_ciphers.py +++ b/tests/translate_ciphers.py @@ -97,33 +97,23 @@ def translate_ossl(m_cipher): return m_cipher -def format_g(m_ciphers): - #ciphers = (re.findall(r"TLS-.+\s*\\", m_ciphers)) - m_ciphers = m_ciphers.split() - g_ciphers = [] - for i in m_ciphers: - g_ciphers.append(translate_gnu(i)) - return " ".join(g_ciphers) - -def format_o(m_ciphers): - m_ciphers = m_ciphers.split() - o_ciphers = [] - for i in m_ciphers: - o_ciphers.append(translate_ossl(i)) - return " ".join(o_ciphers) +def format(mode, ciphers): + ciphers = ciphers.split() + t_ciphers = [] + if mode == "g": + for i in ciphers: + t_ciphers.append(translate_gnu(i)) + if mode == "o": + for i in ciphers: + t_ciphers.append(translate_ossl(i)) + return " ".join(t_ciphers) def main(): # print command line arguments if len(sys.argv) <= 2: exit(1) - if sys.argv[1] == "g": - print(format_g(sys.argv[2])) - exit(0) - elif sys.argv[1] == "o": - print(format_o(sys.argv[2])) - exit(0) else: - exit(1) + print(format(sys.argv[1], sys.argv[2])) if __name__ == "__main__": main() From 34d62620fb1d915c99e16e3f780a3c1f69647a5f Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 27 Jul 2021 14:55:56 +0100 Subject: [PATCH 08/30] Reduce calls to translate_ciphers.py in compat.sh After every edge case to append which ciphers were being used a call to translate_ciphers.py was being made. Now a call to translate_ciphers are made at the end of every function where ciphersuite names are being added. This occurs 3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and OpenSSL and another 1 for MBedTLS and GNUTLS. Signed-off-by: Joe Subbiani --- tests/compat.sh | 166 +++++++++++++++++------------------------------- 1 file changed, 57 insertions(+), 109 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 04b4dd521..8e0988e99 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -241,43 +241,33 @@ reset_ciphersuites() # three times: in each peer's list (with the name that this peer uses). add_common_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi ;; "RSA") - CIPHERS="TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ @@ -290,32 +280,19 @@ add_common_ciphersuites() TLS-RSA-WITH-NULL-MD5 \ TLS-RSA-WITH-NULL-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" - if [ `minor_ver "$MODE"` -gt 0 ] then - CIPHERS="TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-RSA-WITH-NULL-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-RSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ @@ -328,30 +305,26 @@ add_common_ciphersuites() TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS NULL-SHA256 $O" + O_CIPHERS="$O_CIPHERS NULL-SHA256" fi ;; "PSK") - CIPHERS="TLS-PSK-WITH-3DES-EDE-CBC-SH \ + CIPHERS="$CIPHERS \ + TLS-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-PSK-WITH-AES-128-CBC-SHA \ TLS-PSK-WITH-AES-256-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" } # Ciphersuites usable only with Mbed TLS and OpenSSL @@ -366,24 +339,23 @@ add_common_ciphersuites() # GnuTLS in 3.5.0 and the CI only has 3.4.x so far. add_openssl_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - CIPHERS="TLS-ECDH-ECDSA-WITH-NULL-SHA \ + CIPHERS="$CIPHERS \ + TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ @@ -391,25 +363,18 @@ add_openssl_ciphersuites() TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi ;; "RSA") - CIPHERS="TLS-RSA-WITH-DES-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" - if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ @@ -418,17 +383,14 @@ add_openssl_ciphersuites() TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi ;; "PSK") if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ @@ -436,13 +398,14 @@ add_openssl_ciphersuites() TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - O=`python3 translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" fi ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + O=`python3 translate_ciphers.py o "$CIPHERS"` + O_CIPHERS="$O_CIPHERS $O" } # Ciphersuites usable only with Mbed TLS and GnuTLS @@ -450,12 +413,14 @@ add_openssl_ciphersuites() # with its Mbed TLS name. add_gnutls_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ @@ -464,25 +429,18 @@ add_gnutls_ciphersuites() TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" fi ;; "RSA") if [ `minor_ver "$MODE"` -gt 0 ] then - CIPHERS="TLS-RSA-WITH-NULL-SHA256" - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" + CIPHERS="$CIPHERS TLS-RSA-WITH-NULL-SHA256" fi if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ @@ -503,41 +461,30 @@ add_gnutls_ciphersuites() TLS-DHE-RSA-WITH-AES-128-CCM-8 \ TLS-DHE-RSA-WITH-AES-256-CCM-8 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" fi ;; "PSK") - CIPHERS="TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - if [ `minor_ver "$MODE"` -gt 0 ] then - CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" - fi if [ `minor_ver "$MODE"` -ge 3 ] then - CIPHERS="TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ @@ -582,13 +529,14 @@ add_gnutls_ciphersuites() TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ " - M_CIPHERS="$M_CIPHERS $CIPHERS" - - G=`python3 translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" fi ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + G=`python3 translate_ciphers.py g "$CIPHERS"` + G_CIPHERS="$G_CIPHERS $G" } # Ciphersuites usable only with Mbed TLS (not currently supported by another From 0fadf8ef7dd25f7aee9df0db09bf6d52a7b3b20b Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 27 Jul 2021 15:22:26 +0100 Subject: [PATCH 09/30] Improve coding style and consistancy - Replace uses of mbed and gnu with mbedtls and gnutls respectivley. - Uses sys.exit() rather than exit() - Rename format() as it is an inbuilt python function - Add error information if incorrect arguments are passsed to translate_ciphers.py Signed-off-by: Joe Subbiani --- ...at.sh => test_translate_ciphers_format.sh} | 8 ++-- ...mes.py => test_translate_ciphers_names.py} | 19 +++----- tests/translate_ciphers.py | 48 ++++++++++++------- 3 files changed, 41 insertions(+), 34 deletions(-) rename tests/{test_translate_format.sh => test_translate_ciphers_format.sh} (96%) rename tests/{test_translate_names.py => test_translate_ciphers_names.py} (97%) diff --git a/tests/test_translate_format.sh b/tests/test_translate_ciphers_format.sh similarity index 96% rename from tests/test_translate_format.sh rename to tests/test_translate_ciphers_format.sh index 241db4739..9b3b4bb82 100755 --- a/tests/test_translate_format.sh +++ b/tests/test_translate_ciphers_format.sh @@ -121,13 +121,13 @@ Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/ # Upon fail, print them to view the differences if [ "$Mt_CIPHERS" != "$M_CIPHERS" ] then - echo "MBED Translated: $M_CIPHERS" - echo "MBED Original: $Mt_CIPHERS" + echo "MBEDTLS Translated: $M_CIPHERS" + echo "MBEDTLS Original: $Mt_CIPHERS" fi if [ "$Gt_CIPHERS" != "$G_CIPHERS" ] then - echo "GNU Translated: $G_CIPHERS" - echo "GNU Original: $Gt_CIPHERS" + echo "GNUTLS Translated: $G_CIPHERS" + echo "GNUTLS Original: $Gt_CIPHERS" fi if [ "$Ot_CIPHERS" != "$O_CIPHERS" ] then diff --git a/tests/test_translate_names.py b/tests/test_translate_ciphers_names.py similarity index 97% rename from tests/test_translate_names.py rename to tests/test_translate_ciphers_names.py index d018c1091..70b2a8fc7 100755 --- a/tests/test_translate_names.py +++ b/tests/test_translate_ciphers_names.py @@ -21,7 +21,7 @@ # # Test translate_ciphers.py by running every MBedTLS ciphersuite name # combination through the translate functions and comparing them to their -# correct GNU or OpenSSL counterpart. +# correct GNUTLS or OpenSSL counterpart. from translate_ciphers import * @@ -170,21 +170,17 @@ def test_all_common(): "PSK-3DES-EDE-CBC-SHA", "PSK-AES128-CBC-SHA", "PSK-AES256-CBC-SHA", - - #"PSK-DES-CBC3-SHA", - #"PSK-AES128-SHA", - #"PSK-AES256-SHA", ] for i in range(len(m_ciphers)): - g = translate_gnu(m_ciphers[i]) + g = translate_gnutls(m_ciphers[i]) assert_equal(g, g_ciphers[i]) o = translate_ossl(m_ciphers[i]) assert_equal(o, o_ciphers[i]) -def test_mbed_ossl_common(): +def test_mbedtls_ossl_common(): m_ciphers = [ "TLS-ECDH-ECDSA-WITH-NULL-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", @@ -235,7 +231,6 @@ def test_mbed_ossl_common(): "DES-CBC-SHA", "EDH-RSA-DES-CBC-SHA", - #"DHE-RSA-DES-CBC-SHA", "ECDHE-ARIA256-GCM-SHA384", "DHE-RSA-ARIA256-GCM-SHA384", @@ -260,7 +255,7 @@ def test_mbed_ossl_common(): o = translate_ossl(m_ciphers[i]) assert_equal(o, o_ciphers[i]) -def test_mbed_gnu_common(): +def test_mbedtls_gnutls_common(): m_ciphers = [ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", @@ -442,9 +437,9 @@ def test_mbed_gnu_common(): for i in range(len(m_ciphers)): - g = translate_gnu(m_ciphers[i]) + g = translate_gnutls(m_ciphers[i]) assert_equal(g, g_ciphers[i]) test_all_common() -test_mbed_ossl_common() -test_mbed_gnu_common() +test_mbedtls_ossl_common() +test_mbedtls_gnutls_common() diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py index d6b604dd3..0f76cf508 100755 --- a/tests/translate_ciphers.py +++ b/tests/translate_ciphers.py @@ -19,20 +19,20 @@ # # Purpose # -# Translate ciphersuite names in MBedTLS format to OpenSSL and GNU +# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS # standards. # # Format and analyse strings past in via input arguments to match # the expected strings utilised in compat.sh. # -# sys.argv[1] should be "g" or "o" for GNU or OpenSSL. +# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. # sys.argv[2] should be a string containing one or more # ciphersuite names. import re import sys -def translate_gnu(m_cipher): +def translate_gnutls(m_cipher): # Remove "TLS-" # Replace "-WITH-" with ":+" # Remove "EDE" @@ -97,23 +97,35 @@ def translate_ossl(m_cipher): return m_cipher -def format(mode, ciphers): - ciphers = ciphers.split() - t_ciphers = [] - if mode == "g": - for i in ciphers: - t_ciphers.append(translate_gnu(i)) - if mode == "o": - for i in ciphers: - t_ciphers.append(translate_ossl(i)) - return " ".join(t_ciphers) +def format_ciphersuite_names(mode, ciphers): + #ciphers = ciphers.split() + #t_ciphers = [] + #if mode == "g": + # for i in ciphers: + # t_ciphers.append(translate_gnutls(i)) + #elif mode == "o": + # for i in ciphers: + # t_ciphers.append(translate_ossl(i)) + #else: + # print("Incorrect use of argument 1, should be either \"g\" or \"o\"") + # exit(1) + #return " ".join(t_ciphers) + try: + t = {"g": translate_gnutls, "o": translate_ossl}[mode] + return " ".join(t(c) for c in ciphers.split()) + except Exception as E: + if E != mode: print(E) + else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"") + sys.exit(1) def main(): - # print command line arguments - if len(sys.argv) <= 2: - exit(1) - else: - print(format(sys.argv[1], sys.argv[2])) + if len(sys.argv) != 3: + print("""Incorrect number of arguments. +The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS. +The second argument should a single space seperated string of MBedTLS ciphersuite names""") + sys.exit(1) + print(format_ciphersuite_names(sys.argv[1], sys.argv[2])) + sys.exit(0) if __name__ == "__main__": main() From 6452f1ee35cc19d964390021c8ca71df14143360 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 27 Jul 2021 15:28:07 +0100 Subject: [PATCH 10/30] Modify file name comments to match the file rename Signed-off-by: Joe Subbiani --- tests/test_translate_ciphers_format.sh | 2 +- tests/test_translate_ciphers_names.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_translate_ciphers_format.sh b/tests/test_translate_ciphers_format.sh index 9b3b4bb82..97a6c23c7 100755 --- a/tests/test_translate_ciphers_format.sh +++ b/tests/test_translate_ciphers_format.sh @@ -1,6 +1,6 @@ #!/bin/sh -# test_translate_format.sh +# test_translate_ciphers_format.sh # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 diff --git a/tests/test_translate_ciphers_names.py b/tests/test_translate_ciphers_names.py index 70b2a8fc7..f6cfa6db5 100755 --- a/tests/test_translate_ciphers_names.py +++ b/tests/test_translate_ciphers_names.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -# test_translate_names.py +# test_translate_ciphers_names.py # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 From a032963d65f025205cc72406e8b813021e8e18d6 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 27 Jul 2021 15:40:12 +0100 Subject: [PATCH 11/30] Modify comment descriptions of add_xxx_ciphersuites() Modify the comments to include the use of the translate function and retire the explanation of maintaining 2 seperate lists Signed-off-by: Joe Subbiani --- tests/compat.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 8e0988e99..ffad4ec4f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -328,8 +328,10 @@ add_common_ciphersuites() } # Ciphersuites usable only with Mbed TLS and OpenSSL -# Each ciphersuite should appear two times, once with its OpenSSL name, once -# with its Mbed TLS name. +# Each ciphersuite is compiled case by case in the MBedTLS standard, and +# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list +# is translated to the OpenSSL naming standard and appended to the list of +# OpenSSL ciphersuites $O_CIPHERS # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, # so RSA-PSK ciphersuites need to go in other sections, see @@ -409,8 +411,10 @@ add_openssl_ciphersuites() } # Ciphersuites usable only with Mbed TLS and GnuTLS -# Each ciphersuite should appear two times, once with its GnuTLS name, once -# with its Mbed TLS name. +# Each ciphersuite is compiled case by case in the MBedTLS standard, and +# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list +# is translated to the GnuTLS naming standard and appended to the list of +# GnuTLS ciphersuites $G_CIPHERS add_gnutls_ciphersuites() { CIPHERS="" From 43592bd1f9c708a38b95a3bbf62ffb825304d7e9 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Tue, 27 Jul 2021 16:32:21 +0100 Subject: [PATCH 12/30] Remove trailing whitespaces Signed-off-by: Joe Subbiani --- tests/compat.sh | 6 +++--- tests/translate_ciphers.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index ffad4ec4f..391a1e045 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -330,7 +330,7 @@ add_common_ciphersuites() # Ciphersuites usable only with Mbed TLS and OpenSSL # Each ciphersuite is compiled case by case in the MBedTLS standard, and # is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list -# is translated to the OpenSSL naming standard and appended to the list of +# is translated to the OpenSSL naming standard and appended to the list of # OpenSSL ciphersuites $O_CIPHERS # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, @@ -413,7 +413,7 @@ add_openssl_ciphersuites() # Ciphersuites usable only with Mbed TLS and GnuTLS # Each ciphersuite is compiled case by case in the MBedTLS standard, and # is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list -# is translated to the GnuTLS naming standard and appended to the list of +# is translated to the GnuTLS naming standard and appended to the list of # GnuTLS ciphersuites $G_CIPHERS add_gnutls_ciphersuites() { @@ -536,7 +536,7 @@ add_gnutls_ciphersuites() fi ;; esac - + M_CIPHERS="$M_CIPHERS $CIPHERS" G=`python3 translate_ciphers.py g "$CIPHERS"` diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py index 0f76cf508..5f9a5e384 100755 --- a/tests/translate_ciphers.py +++ b/tests/translate_ciphers.py @@ -120,7 +120,7 @@ def format_ciphersuite_names(mode, ciphers): def main(): if len(sys.argv) != 3: - print("""Incorrect number of arguments. + print("""Incorrect number of arguments. The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS. The second argument should a single space seperated string of MBedTLS ciphersuite names""") sys.exit(1) From 4a703cef899ab5a644a6b19993fdedc02f315dc8 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 28 Jul 2021 09:59:25 +0100 Subject: [PATCH 13/30] Remove commented out old code When making a modified function I commented out the previous code in case I needed to use some of it, and forgot to remove it. This has now been resolved Signed-off-by: Joe Subbiani --- tests/translate_ciphers.py | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tests/translate_ciphers.py b/tests/translate_ciphers.py index 5f9a5e384..2f1543c04 100755 --- a/tests/translate_ciphers.py +++ b/tests/translate_ciphers.py @@ -98,18 +98,6 @@ def translate_ossl(m_cipher): return m_cipher def format_ciphersuite_names(mode, ciphers): - #ciphers = ciphers.split() - #t_ciphers = [] - #if mode == "g": - # for i in ciphers: - # t_ciphers.append(translate_gnutls(i)) - #elif mode == "o": - # for i in ciphers: - # t_ciphers.append(translate_ossl(i)) - #else: - # print("Incorrect use of argument 1, should be either \"g\" or \"o\"") - # exit(1) - #return " ".join(t_ciphers) try: t = {"g": translate_gnutls, "o": translate_ossl}[mode] return " ".join(t(c) for c in ciphers.split()) From f3fcc29eb159152dc05fbe40bd5d47f0ccbac042 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 28 Jul 2021 15:51:02 +0100 Subject: [PATCH 14/30] Move translate scripts to appropriate folder "tests/scripts/*.py is executable programs used only for testing" Signed-off-by: Joe Subbiani --- tests/compat.sh | 8 ++++---- tests/{ => scripts}/test_translate_ciphers_format.sh | 0 tests/{ => scripts}/test_translate_ciphers_names.py | 0 tests/{ => scripts}/translate_ciphers.py | 0 4 files changed, 4 insertions(+), 4 deletions(-) rename tests/{ => scripts}/test_translate_ciphers_format.sh (100%) rename tests/{ => scripts}/test_translate_ciphers_names.py (100%) rename tests/{ => scripts}/translate_ciphers.py (100%) diff --git a/tests/compat.sh b/tests/compat.sh index 391a1e045..e814e9db1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -320,10 +320,10 @@ add_common_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - G=`python3 translate_ciphers.py g "$CIPHERS"` + G=`python3 scripts/translate_ciphers.py g "$CIPHERS"` G_CIPHERS="$G_CIPHERS $G" - O=`python3 translate_ciphers.py o "$CIPHERS"` + O=`python3 scripts/translate_ciphers.py o "$CIPHERS"` O_CIPHERS="$O_CIPHERS $O" } @@ -406,7 +406,7 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - O=`python3 translate_ciphers.py o "$CIPHERS"` + O=`python3 scripts/translate_ciphers.py o "$CIPHERS"` O_CIPHERS="$O_CIPHERS $O" } @@ -539,7 +539,7 @@ add_gnutls_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - G=`python3 translate_ciphers.py g "$CIPHERS"` + G=`python3 scripts/translate_ciphers.py g "$CIPHERS"` G_CIPHERS="$G_CIPHERS $G" } diff --git a/tests/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh similarity index 100% rename from tests/test_translate_ciphers_format.sh rename to tests/scripts/test_translate_ciphers_format.sh diff --git a/tests/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py similarity index 100% rename from tests/test_translate_ciphers_names.py rename to tests/scripts/test_translate_ciphers_names.py diff --git a/tests/translate_ciphers.py b/tests/scripts/translate_ciphers.py similarity index 100% rename from tests/translate_ciphers.py rename to tests/scripts/translate_ciphers.py From f849a93d94e1f9d0122352598c0f6f47be532a85 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 28 Jul 2021 16:50:30 +0100 Subject: [PATCH 15/30] Improve python coding style As per check-python-files.sh, added string documentation for files and functions. Modified for loops to use enumerate rather than range(len( although as the same iteration index is used for multiple lists it does not seem quite appropriate Signed-off-by: Joe Subbiani --- tests/scripts/test_translate_ciphers_names.py | 49 +++++++++++++------ tests/scripts/translate_ciphers.py | 43 +++++++++------- 2 files changed, 61 insertions(+), 31 deletions(-) diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py index f6cfa6db5..c40d37697 100755 --- a/tests/scripts/test_translate_ciphers_names.py +++ b/tests/scripts/test_translate_ciphers_names.py @@ -17,21 +17,32 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# Purpose -# -# Test translate_ciphers.py by running every MBedTLS ciphersuite name -# combination through the translate functions and comparing them to their -# correct GNUTLS or OpenSSL counterpart. -from translate_ciphers import * +""" +Test translate_ciphers.py by running every MBedTLS ciphersuite name +combination through the translate functions and comparing them to their +correct GNUTLS or OpenSSL counterpart. +""" + +from translate_ciphers import translate_gnutls, translate_ossl def assert_equal(translate, original): + """ + Compare the translated ciphersuite name against the original + On fail, print the mismatch on the screen to directly compare the + differences + """ try: - assert(translate == original) + assert translate == original except AssertionError: print("%s\n%s\n" %(translate, original)) def test_all_common(): + """ + Translate the MBedTLS ciphersuite names to the common OpenSSL and + GnuTLS ciphersite names, and compare them with the true, expected + corresponding OpenSSL and GnuTLS ciphersuite names + """ m_ciphers = [ "TLS-ECDHE-ECDSA-WITH-NULL-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", @@ -172,15 +183,20 @@ def test_all_common(): "PSK-AES256-CBC-SHA", ] - for i in range(len(m_ciphers)): + for i, m_cipher in enumerate(m_ciphers): - g = translate_gnutls(m_ciphers[i]) + g = translate_gnutls(m_cipher) assert_equal(g, g_ciphers[i]) - o = translate_ossl(m_ciphers[i]) + o = translate_ossl(m_cipher) assert_equal(o, o_ciphers[i]) def test_mbedtls_ossl_common(): + """ + Translate the MBedTLS ciphersuite names to the common OpenSSL + ciphersite names, and compare them with the true, expected + corresponding OpenSSL ciphersuite name + """ m_ciphers = [ "TLS-ECDH-ECDSA-WITH-NULL-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", @@ -250,12 +266,17 @@ def test_mbedtls_ossl_common(): "DHE-PSK-CHACHA20-POLY1305", ] - for i in range(len(m_ciphers)): + for i, m_cipher in enumerate(m_ciphers): - o = translate_ossl(m_ciphers[i]) + o = translate_ossl(m_cipher) assert_equal(o, o_ciphers[i]) def test_mbedtls_gnutls_common(): + """ + Translate the MBedTLS ciphersuite names to the common GnuTLS + ciphersite names, and compare them with the true, expected + corresponding GnuTLS ciphersuite names + """ m_ciphers = [ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", @@ -435,9 +456,9 @@ def test_mbedtls_gnutls_common(): "+RSA-PSK:+AES-128-GCM:+AEAD", ] - for i in range(len(m_ciphers)): + for i, m_ciphers in enumerate(m_ciphers): - g = translate_gnutls(m_ciphers[i]) + g = translate_gnutls(m_ciphers) assert_equal(g, g_ciphers[i]) test_all_common() diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 2f1543c04..66c878ac3 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -16,23 +16,27 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# Purpose -# -# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS -# standards. -# -# Format and analyse strings past in via input arguments to match -# the expected strings utilised in compat.sh. -# -# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. -# sys.argv[2] should be a string containing one or more -# ciphersuite names. + +""" +Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS +standards. + +Format and analyse strings past in via input arguments to match +the expected strings utilised in compat.sh. + +sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. +sys.argv[2] should be a string containing one or more ciphersuite names. +""" import re import sys def translate_gnutls(m_cipher): + """ + Translate m_cipher from MBedTLS ciphersuite naming convention + and return the GnuTLS naming convention + """ + # Remove "TLS-" # Replace "-WITH-" with ":+" # Remove "EDE" @@ -51,13 +55,18 @@ def translate_gnutls(m_cipher): # Replace the last "-" with ":+" # Replace "GCM:+SHAxyz" with "GCM:+AEAD" else: - index=m_cipher.rindex("-") + index = m_cipher.rindex("-") m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) return m_cipher def translate_ossl(m_cipher): + """ + Translate m_cipher from MBedTLS ciphersuite naming convention + and return the OpenSSL naming convention + """ + # Remove "TLS-" # Remove "WITH" m_cipher = m_cipher[4:] @@ -89,7 +98,7 @@ def translate_ossl(m_cipher): # POLY1305 should not be followed by anything if "POLY1305" in m_cipher: index = m_cipher.rindex("POLY1305") - m_cipher=m_cipher[:index+8] + m_cipher = m_cipher[:index+8] # If DES is being used, Replace DHE with EDH if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher: @@ -101,9 +110,9 @@ def format_ciphersuite_names(mode, ciphers): try: t = {"g": translate_gnutls, "o": translate_ossl}[mode] return " ".join(t(c) for c in ciphers.split()) - except Exception as E: - if E != mode: print(E) - else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"") + except (KeyError) as e: + print(e) + print("Incorrect use of argument 1, should be either \"g\" or \"o\"") sys.exit(1) def main(): From a56e10db4ccc2ce71a2b27b3ebd019a6f6503665 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 29 Jul 2021 10:01:26 +0100 Subject: [PATCH 16/30] Run test_translate_ciphers_format.sh from root Signed-off-by: Joe Subbiani --- tests/scripts/test_translate_ciphers_format.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh index 97a6c23c7..6f1bdd08b 100755 --- a/tests/scripts/test_translate_ciphers_format.sh +++ b/tests/scripts/test_translate_ciphers_format.sh @@ -29,6 +29,11 @@ # This files main purpose is to ensure translate_ciphers.py can take strings # in the expected format and return them in the format compat.sh will expect. +if cd $( dirname $0 ); then :; else + echo "cd $( dirname $0 ) failed" >&2 + exit 1 +fi + # Ciphers that will use translate_ciphers.py M_CIPHERS="" O_CIPHERS="" From 3eac5b9c6ded3797c595d447ebd14ee74452c776 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 29 Jul 2021 10:07:05 +0100 Subject: [PATCH 17/30] Use zip rather than enumerate After improving coding style, pylint suggeted using enumerate but zip is more appropriate to avoid indexing Signed-off-by: Joe Subbiani --- tests/scripts/test_translate_ciphers_names.py | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py index c40d37697..84bcc9931 100755 --- a/tests/scripts/test_translate_ciphers_names.py +++ b/tests/scripts/test_translate_ciphers_names.py @@ -183,13 +183,13 @@ def test_all_common(): "PSK-AES256-CBC-SHA", ] - for i, m_cipher in enumerate(m_ciphers): + for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers): - g = translate_gnutls(m_cipher) - assert_equal(g, g_ciphers[i]) + g = translate_gnutls(m) + assert_equal(g, g_exp) - o = translate_ossl(m_cipher) - assert_equal(o, o_ciphers[i]) + o = translate_ossl(m) + assert_equal(o, o_exp) def test_mbedtls_ossl_common(): """ @@ -266,10 +266,10 @@ def test_mbedtls_ossl_common(): "DHE-PSK-CHACHA20-POLY1305", ] - for i, m_cipher in enumerate(m_ciphers): + for m, o_exp in zip(m_ciphers, o_ciphers): - o = translate_ossl(m_cipher) - assert_equal(o, o_ciphers[i]) + o = translate_ossl(m) + assert_equal(o, o_exp) def test_mbedtls_gnutls_common(): """ @@ -456,10 +456,10 @@ def test_mbedtls_gnutls_common(): "+RSA-PSK:+AES-128-GCM:+AEAD", ] - for i, m_ciphers in enumerate(m_ciphers): + for m, g_exp in zip(m_ciphers, g_ciphers): - g = translate_gnutls(m_ciphers) - assert_equal(g, g_ciphers[i]) + g = translate_gnutls(m) + assert_equal(g, g_exp) test_all_common() test_mbedtls_ossl_common() From d614c0b197a25870fb8ddfa56fdabec01590580c Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 29 Jul 2021 11:18:29 +0100 Subject: [PATCH 18/30] Include translate ciphers tests in all.sh To run test_translate_ciphers_names.py and _format.sh in the CI, include it in all.sh component_check_generate_test_code. Rename check_generate_test_code to check_test_helpers Signed-off-by: Joe Subbiani --- tests/scripts/all.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9944a853f..c3517b140 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2743,12 +2743,16 @@ component_check_python_files () { tests/scripts/check-python-files.sh } -component_check_generate_test_code () { - msg "uint test: generate_test_code.py" +component_check_test_helpers () { + msg "unit test: generate_test_code.py" # unittest writes out mundane stuff like number or tests run on stderr. # Our convention is to reserve stderr for actual errors, and write # harmless info on stdout so it can be suppress with --quiet. ./tests/scripts/test_generate_test_code.py 2>&1 + + msg "test: translate_ciphers.py" + ./tests/scripts/test_translate_ciphers_format.sh + ./tests/scripts/test_translate_ciphers_names.py } ################################################################ From c3610baddf63f85e97fcff8ab766ad9b7f43cb3a Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 29 Jul 2021 11:35:59 +0100 Subject: [PATCH 19/30] Check exit status of translate_ciphers.py If a call to translate_ciphers.py from compat.sh returns an exit 1 status, the error message will be echod and the program will exit Signed-off-by: Joe Subbiani --- tests/compat.sh | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index e814e9db1..e532604bf 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -236,6 +236,14 @@ reset_ciphersuites() G_CIPHERS="" } +check_translation() +{ + if [ $? -eq 1 ]; then + echo $T + exit 1 + fi +} + # Ciphersuites that can be used with all peers. # Since we currently have three possible peers, each ciphersuite should appear # three times: in each peer's list (with the name that this peer uses). @@ -320,11 +328,13 @@ add_common_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - G=`python3 scripts/translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" + T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + check_translation $? $T + G_CIPHERS="$G_CIPHERS $T" - O=`python3 scripts/translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" + T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + check_translation $? $T + O_CIPHERS="$O_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS and OpenSSL @@ -406,8 +416,9 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - O=`python3 scripts/translate_ciphers.py o "$CIPHERS"` - O_CIPHERS="$O_CIPHERS $O" + T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + check_translation $? $T + O_CIPHERS="$O_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS and GnuTLS @@ -539,8 +550,9 @@ add_gnutls_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - G=`python3 scripts/translate_ciphers.py g "$CIPHERS"` - G_CIPHERS="$G_CIPHERS $G" + T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + check_translation $? $T + G_CIPHERS="$G_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS (not currently supported by another From 439a696903a9aaa45ed5d3909466c23c2b324b46 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 29 Jul 2021 12:51:09 +0100 Subject: [PATCH 20/30] Improve translation error checking If translate_ciphers.py is used incorrectly in compat.sh, an error check function - check_translation - is called to evaluate and inform the user of the error that has occured. Added an output that informs the users an error has taken place in translate_ciphers.py incase the error response is an empty string. Signed-off-by: Joe Subbiani --- tests/compat.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index e532604bf..36018f2d1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -238,8 +238,9 @@ reset_ciphersuites() check_translation() { - if [ $? -eq 1 ]; then - echo $T + if [ $1 -ne 0 ]; then + echo "translate_ciphers.py failed with exit code $1" >&2 + echo "$2" >&2 exit 1 fi } @@ -329,11 +330,11 @@ add_common_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` - check_translation $? $T + check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` - check_translation $? $T + check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -417,7 +418,7 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` - check_translation $? $T + check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -551,7 +552,7 @@ add_gnutls_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` - check_translation $? $T + check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" } From 918ee797cecfeaa8a18da4b159d41eced0e5e266 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 30 Jul 2021 16:57:04 +0100 Subject: [PATCH 21/30] Improve consitancy and useability test_translate_ciphers_names.py - Combined m, o and g ciphers all into one a single list of tuples to avoid needing to rely on indexes test_translate_ciphers_format.sh - Removed redundant test - Added return errors compat.sh - Improved how translate_ciphers.py is called translate_ciphers.py - Improve regex and translation to be more intutive and efficient - change how arguments are taken and handelled to be more reliable Signed-off-by: Joe Subbiani --- tests/compat.sh | 8 +- .../scripts/test_translate_ciphers_format.sh | 96 +- tests/scripts/test_translate_ciphers_names.py | 877 +++++++++--------- tests/scripts/translate_ciphers.py | 59 +- 4 files changed, 525 insertions(+), 515 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 36018f2d1..4e18fce2d 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -329,11 +329,11 @@ add_common_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + T=$(./scripts/translate_ciphers.py g $CIPHERS) check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" - T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + T=$(./scripts/translate_ciphers.py o $CIPHERS) check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -417,7 +417,7 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + T=$(./scripts/translate_ciphers.py o $CIPHERS) check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -551,7 +551,7 @@ add_gnutls_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + T=$(./scripts/translate_ciphers.py g $CIPHERS) check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" } diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh index 6f1bdd08b..1dc7bbc0e 100755 --- a/tests/scripts/test_translate_ciphers_format.sh +++ b/tests/scripts/test_translate_ciphers_format.sh @@ -29,84 +29,71 @@ # This files main purpose is to ensure translate_ciphers.py can take strings # in the expected format and return them in the format compat.sh will expect. +set -eu + if cd $( dirname $0 ); then :; else echo "cd $( dirname $0 ) failed" >&2 exit 1 fi -# Ciphers that will use translate_ciphers.py -M_CIPHERS="" +fail=0 + +# Initalize ciphers translated from Mbed TLS using translate_ciphers.py +O_TRANSLATED_CIPHERS="" +G_TRANSLATED_CIPHERS="" + +# Initalize ciphers that are known to be in the correct format O_CIPHERS="" G_CIPHERS="" -# Ciphers taken directly from compat.sh -Mt_CIPHERS="" -Ot_CIPHERS="" -Gt_CIPHERS="" - -# Initial list to be split into 3 +# Mbed TLS ciphersuite names to be translated +# into GnuTLS and OpenSSL CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " -M_CIPHERS="$M_CIPHERS $CIPHERS" +G=$(./translate_ciphers.py g $CIPHERS) || fail=1 +G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" -G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS $G" +O=$(./translate_ciphers.py o $CIPHERS) || fail=1 +O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" -O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS $O" - -Mt_CIPHERS="$Mt_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " -Gt_CIPHERS="$Gt_CIPHERS \ +G_CIPHERS="$G_CIPHERS \ +ECDHE-ECDSA:+NULL:+SHA1 \ +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ " -Ot_CIPHERS="$Ot_CIPHERS \ +O_CIPHERS="$O_CIPHERS \ ECDHE-ECDSA-NULL-SHA \ ECDHE-ECDSA-DES-CBC3-SHA \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ " - -# Initial list to be split into 3 -CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ +# Mbed TLS ciphersuite names to be translated +# into GnuTLS and OpenSSL +CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " -M_CIPHERS="$M_CIPHERS $CIPHERS" +G=$(./translate_ciphers.py g $CIPHERS) || fail=1 +G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" -G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS $G" +O=$(./translate_ciphers.py o $CIPHERS) || fail=1 +O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" -O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS $O" - -Mt_CIPHERS="$Mt_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " -Gt_CIPHERS="$Gt_CIPHERS \ +G_CIPHERS="$G_CIPHERS \ +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ " -Ot_CIPHERS="$Ot_CIPHERS \ +O_CIPHERS="$O_CIPHERS \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-ECDSA-AES128-GCM-SHA256 \ @@ -114,28 +101,25 @@ Ot_CIPHERS="$Ot_CIPHERS \ " # Normalise spacing -M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS ) +O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS ) -Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +G_CIPHERS=$( echo $G_CIPHERS ) +O_CIPHERS=$( echo $O_CIPHERS ) # Compare the compat.sh names with the translated names # Upon fail, print them to view the differences -if [ "$Mt_CIPHERS" != "$M_CIPHERS" ] +if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ] then - echo "MBEDTLS Translated: $M_CIPHERS" - echo "MBEDTLS Original: $Mt_CIPHERS" + echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS" + echo "GnuTLS Original: $G_CIPHERS" + fail=1 fi -if [ "$Gt_CIPHERS" != "$G_CIPHERS" ] +if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ] then - echo "GNUTLS Translated: $G_CIPHERS" - echo "GNUTLS Original: $Gt_CIPHERS" -fi -if [ "$Ot_CIPHERS" != "$O_CIPHERS" ] -then - echo "OpenSSL Translated: $O_CIPHERS" - echo "OpenSSL Original: $Ot_CIPHERS" + echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS" + echo "OpenSSL Original: $O_CIPHERS" + fail=1 fi + +exit $fail diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py index 84bcc9931..33ad4e3db 100755 --- a/tests/scripts/test_translate_ciphers_names.py +++ b/tests/scripts/test_translate_ciphers_names.py @@ -19,11 +19,11 @@ # """ -Test translate_ciphers.py by running every MBedTLS ciphersuite name +Test translate_ciphers.py by running every Mbed TLS ciphersuite name combination through the translate functions and comparing them to their correct GNUTLS or OpenSSL counterpart. """ - +import sys from translate_ciphers import translate_gnutls, translate_ossl def assert_equal(translate, original): @@ -36,431 +36,474 @@ def assert_equal(translate, original): assert translate == original except AssertionError: print("%s\n%s\n" %(translate, original)) + sys.exit(1) def test_all_common(): """ - Translate the MBedTLS ciphersuite names to the common OpenSSL and - GnuTLS ciphersite names, and compare them with the true, expected + Translate the Mbed TLS ciphersuite names to the common OpenSSL and + GnuTLS ciphersuite names, and compare them with the true, expected corresponding OpenSSL and GnuTLS ciphersuite names """ - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + ciphers = [ + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "ECDHE-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "ECDHE-ECDSA-AES128-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + "ECDHE-ECDSA-AES256-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "ECDHE-ECDSA-AES128-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "ECDHE-ECDSA-AES256-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + "ECDHE-ECDSA-AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "+DHE-RSA:+AES-128-CBC:+SHA1", + "DHE-RSA-AES128-SHA"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "DHE-RSA-AES256-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "DHE-RSA-CAMELLIA128-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "DHE-RSA-CAMELLIA256-SHA"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "CAMELLIA256-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA", + "+RSA:+AES-128-CBC:+SHA1", + "AES128-SHA"), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "CAMELLIA128-SHA"), + ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "+RSA:+3DES-CBC:+SHA1", + "DES-CBC3-SHA"), + ("TLS-RSA-WITH-NULL-MD5", + "+RSA:+NULL:+MD5", + "NULL-MD5"), + ("TLS-RSA-WITH-NULL-SHA", + "+RSA:+NULL:+SHA1", + "NULL-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "ECDHE-RSA-AES128-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "ECDHE-RSA-AES256-SHA"), + ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "ECDHE-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-RSA-WITH-NULL-SHA", + "+ECDHE-RSA:+NULL:+SHA1", + "ECDHE-RSA-NULL-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA256", + "+RSA:+AES-128-CBC:+SHA256", + "AES128-SHA256"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "DHE-RSA-AES128-SHA256"), + ("TLS-RSA-WITH-AES-256-CBC-SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "AES256-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "DHE-RSA-AES256-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "ECDHE-RSA-AES128-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "ECDHE-RSA-AES256-SHA384"), + ("TLS-RSA-WITH-AES-128-GCM-SHA256", + "+RSA:+AES-128-GCM:+AEAD", + "AES128-GCM-SHA256"), + ("TLS-RSA-WITH-AES-256-GCM-SHA384", + "+RSA:+AES-256-GCM:+AEAD", + "AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "DHE-RSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "DHE-RSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "ECDHE-RSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + "ECDHE-RSA-AES256-GCM-SHA384"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), + ("TLS-PSK-WITH-AES-128-CBC-SHA", + "+PSK:+AES-128-CBC:+SHA1", + "PSK-AES128-CBC-SHA"), + ("TLS-PSK-WITH-AES-256-CBC-SHA", + "+PSK:+AES-256-CBC:+SHA1", + "PSK-AES256-CBC-SHA"), - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + ("TLS-ECDH-ECDSA-WITH-NULL-SHA", + None, + "ECDH-ECDSA-NULL-SHA"), + ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + None, + "ECDH-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + None, + "ECDH-ECDSA-AES128-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + None, + "ECDH-ECDSA-AES256-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + None, + "ECDH-ECDSA-AES128-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + None, + "ECDH-ECDSA-AES256-SHA384"), + ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + None, + "ECDH-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + None, + "ECDH-ECDSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ECDSA-ARIA256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ECDSA-ARIA128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-RSA-WITH-DES-CBC-SHA", + None, + "DES-CBC-SHA"), + ("TLS-DHE-RSA-WITH-DES-CBC-SHA", + None, + "EDH-RSA-DES-CBC-SHA"), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-RSA-ARIA256-GCM-SHA384"), + ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ARIA256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-RSA-ARIA128-GCM-SHA256"), + ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-RSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-RSA-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-PSK-ARIA256-GCM-SHA384"), + ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "PSK-ARIA256-GCM-SHA384"), + ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "PSK-CHACHA20-POLY1305"), + ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-PSK-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-PSK-CHACHA20-POLY1305"), - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-AES-256-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-RSA-WITH-AES-128-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-NULL-MD5", - "TLS-RSA-WITH-NULL-SHA", - - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-RSA-WITH-NULL-SHA", - - "TLS-RSA-WITH-AES-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-RSA-WITH-AES-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "TLS-RSA-WITH-AES-128-GCM-SHA256", - "TLS-RSA-WITH-AES-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - - "TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-PSK-WITH-AES-128-CBC-SHA", - "TLS-PSK-WITH-AES-256-CBC-SHA", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+NULL:+SHA1", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - - "+DHE-RSA:+AES-128-CBC:+SHA1", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "+DHE-RSA:+3DES-CBC:+SHA1", - "+RSA:+AES-256-CBC:+SHA1", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "+RSA:+AES-128-CBC:+SHA1", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "+RSA:+3DES-CBC:+SHA1", - "+RSA:+NULL:+MD5", - "+RSA:+NULL:+SHA1", - - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "+ECDHE-RSA:+NULL:+SHA1", - - "+RSA:+AES-128-CBC:+SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "+RSA:+AES-128-GCM:+AEAD", - "+RSA:+AES-256-GCM:+AEAD", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - - "+PSK:+3DES-CBC:+SHA1", - "+PSK:+AES-128-CBC:+SHA1", - "+PSK:+AES-256-CBC:+SHA1", - ] - o_ciphers = [ - "ECDHE-ECDSA-NULL-SHA", - "ECDHE-ECDSA-DES-CBC3-SHA", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA", - - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - - "DHE-RSA-AES128-SHA", - "DHE-RSA-AES256-SHA", - "DHE-RSA-CAMELLIA128-SHA", - "DHE-RSA-CAMELLIA256-SHA", - "EDH-RSA-DES-CBC3-SHA", - "AES256-SHA", - "CAMELLIA256-SHA", - "AES128-SHA", - "CAMELLIA128-SHA", - "DES-CBC3-SHA", - "NULL-MD5", - "NULL-SHA", - - "ECDHE-RSA-AES128-SHA", - "ECDHE-RSA-AES256-SHA", - "ECDHE-RSA-DES-CBC3-SHA", - "ECDHE-RSA-NULL-SHA", - - #"NULL-SHA256", - "AES128-SHA256", - "DHE-RSA-AES128-SHA256", - "AES256-SHA256", - "DHE-RSA-AES256-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-RSA-AES256-SHA384", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES256-GCM-SHA384", - - "PSK-3DES-EDE-CBC-SHA", - "PSK-AES128-CBC-SHA", - "PSK-AES256-CBC-SHA", + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-NULL-SHA256", + "+RSA:+NULL:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM", + "+RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM", + "+RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM", + "+DHE-RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM", + "+DHE-RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM-8", + "+RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM-8", + "+RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM-8", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM-8", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+DHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "+DHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + "+DHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "+RSA-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "+RSA-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + "+RSA-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA384", + "+ECDHE-PSK:+NULL:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA256", + "+ECDHE-PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-CBC-SHA256", + "+PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-256-CBC-SHA384", + "+PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "+DHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "+DHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-NULL-SHA256", + "+PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-NULL-SHA384", + "+PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA256", + "+DHE-PSK:+NULL:+SHA256", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA384", + "+DHE-PSK:+NULL:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "+RSA-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA256", + "+RSA-PSK:+NULL:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA384", + "+RSA-PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-GCM-SHA256", + "+PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-GCM-SHA384", + "+PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "+DHE-PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "+DHE-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM", + "+PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM", + "+PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM", + "+DHE-PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM", + "+DHE-PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM-8", + "+PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM-8", + "+PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM-8", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM-8", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "+RSA-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + "+RSA-PSK:+AES-128-GCM:+AEAD", + None), ] - for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers): + for m, g_exp, o_exp in ciphers: - g = translate_gnutls(m) - assert_equal(g, g_exp) + if g_exp != None: + g = translate_gnutls(m) + assert_equal(g, g_exp) - o = translate_ossl(m) - assert_equal(o, o_exp) - -def test_mbedtls_ossl_common(): - """ - Translate the MBedTLS ciphersuite names to the common OpenSSL - ciphersite names, and compare them with the true, expected - corresponding OpenSSL ciphersuite name - """ - m_ciphers = [ - "TLS-ECDH-ECDSA-WITH-NULL-SHA", - "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-RSA-WITH-DES-CBC-SHA", - - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - ] - o_ciphers = [ - "ECDH-ECDSA-NULL-SHA", - "ECDH-ECDSA-DES-CBC3-SHA", - "ECDH-ECDSA-AES128-SHA", - "ECDH-ECDSA-AES256-SHA", - - "ECDH-ECDSA-AES128-SHA256", - "ECDH-ECDSA-AES256-SHA384", - "ECDH-ECDSA-AES128-GCM-SHA256", - "ECDH-ECDSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-ARIA256-GCM-SHA384", - "ECDHE-ECDSA-ARIA128-GCM-SHA256", - "ECDHE-ECDSA-CHACHA20-POLY1305", - - "DES-CBC-SHA", - "EDH-RSA-DES-CBC-SHA", - - "ECDHE-ARIA256-GCM-SHA384", - "DHE-RSA-ARIA256-GCM-SHA384", - "ARIA256-GCM-SHA384", - "ECDHE-ARIA128-GCM-SHA256", - "DHE-RSA-ARIA128-GCM-SHA256", - "ARIA128-GCM-SHA256", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - - "DHE-PSK-ARIA256-GCM-SHA384", - "DHE-PSK-ARIA128-GCM-SHA256", - "PSK-ARIA256-GCM-SHA384", - "PSK-ARIA128-GCM-SHA256", - "PSK-CHACHA20-POLY1305", - "ECDHE-PSK-CHACHA20-POLY1305", - "DHE-PSK-CHACHA20-POLY1305", - ] - - for m, o_exp in zip(m_ciphers, o_ciphers): - - o = translate_ossl(m) - assert_equal(o, o_exp) - -def test_mbedtls_gnutls_common(): - """ - Translate the MBedTLS ciphersuite names to the common GnuTLS - ciphersite names, and compare them with the true, expected - corresponding GnuTLS ciphersuite names - """ - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - - "TLS-RSA-WITH-NULL-SHA256", - - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-AES-128-CCM", - "TLS-RSA-WITH-AES-256-CCM", - "TLS-DHE-RSA-WITH-AES-128-CCM", - "TLS-DHE-RSA-WITH-AES-256-CCM", - "TLS-RSA-WITH-AES-128-CCM-8", - "TLS-RSA-WITH-AES-256-CCM-8", - "TLS-DHE-RSA-WITH-AES-128-CCM-8", - "TLS-DHE-RSA-WITH-AES-256-CCM-8", - - "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-NULL-SHA384", - "TLS-ECDHE-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-AES-128-CBC-SHA256", - "TLS-PSK-WITH-AES-256-CBC-SHA384", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-NULL-SHA256", - "TLS-DHE-PSK-WITH-NULL-SHA384", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-AES-128-GCM-SHA256", - "TLS-PSK-WITH-AES-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "TLS-PSK-WITH-AES-128-CCM", - "TLS-PSK-WITH-AES-256-CCM", - "TLS-DHE-PSK-WITH-AES-128-CCM", - "TLS-DHE-PSK-WITH-AES-256-CCM", - "TLS-PSK-WITH-AES-128-CCM-8", - "TLS-PSK-WITH-AES-256-CCM-8", - "TLS-DHE-PSK-WITH-AES-128-CCM-8", - "TLS-DHE-PSK-WITH-AES-256-CCM-8", - "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - - "+RSA:+NULL:+SHA256", - - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+AES-128-CCM:+AEAD", - "+RSA:+AES-256-CCM:+AEAD", - "+DHE-RSA:+AES-128-CCM:+AEAD", - "+DHE-RSA:+AES-256-CCM:+AEAD", - "+RSA:+AES-128-CCM-8:+AEAD", - "+RSA:+AES-256-CCM-8:+AEAD", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - - "+DHE-PSK:+3DES-CBC:+SHA1", - "+DHE-PSK:+AES-128-CBC:+SHA1", - "+DHE-PSK:+AES-256-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+AES-256-CBC:+SHA1", - "+RSA-PSK:+AES-128-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-PSK:+NULL:+SHA384", - "+ECDHE-PSK:+NULL:+SHA256", - "+PSK:+AES-128-CBC:+SHA256", - "+PSK:+AES-256-CBC:+SHA384", - "+DHE-PSK:+AES-128-CBC:+SHA256", - "+DHE-PSK:+AES-256-CBC:+SHA384", - "+PSK:+NULL:+SHA256", - "+PSK:+NULL:+SHA384", - "+DHE-PSK:+NULL:+SHA256", - "+DHE-PSK:+NULL:+SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - "+RSA-PSK:+AES-128-CBC:+SHA256", - "+RSA-PSK:+NULL:+SHA256", - "+RSA-PSK:+NULL:+SHA384", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+AES-128-GCM:+AEAD", - "+PSK:+AES-256-GCM:+AEAD", - "+DHE-PSK:+AES-128-GCM:+AEAD", - "+DHE-PSK:+AES-256-GCM:+AEAD", - "+PSK:+AES-128-CCM:+AEAD", - "+PSK:+AES-256-CCM:+AEAD", - "+DHE-PSK:+AES-128-CCM:+AEAD", - "+DHE-PSK:+AES-256-CCM:+AEAD", - "+PSK:+AES-128-CCM-8:+AEAD", - "+PSK:+AES-256-CCM-8:+AEAD", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - "+RSA-PSK:+AES-256-GCM:+AEAD", - "+RSA-PSK:+AES-128-GCM:+AEAD", - ] - - for m, g_exp in zip(m_ciphers, g_ciphers): - - g = translate_gnutls(m) - assert_equal(g, g_exp) + if o_exp != None: + o = translate_ossl(m) + assert_equal(o, o_exp) test_all_common() -test_mbedtls_ossl_common() -test_mbedtls_gnutls_common() diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 66c878ac3..39339c3d2 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -21,15 +21,13 @@ Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS standards. -Format and analyse strings past in via input arguments to match -the expected strings utilised in compat.sh. - sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. sys.argv[2] should be a string containing one or more ciphersuite names. """ import re import sys +import argparse def translate_gnutls(m_cipher): """ @@ -37,27 +35,25 @@ def translate_gnutls(m_cipher): and return the GnuTLS naming convention """ - # Remove "TLS-" - # Replace "-WITH-" with ":+" - # Remove "EDE" - m_cipher = "+" + m_cipher[4:] + m_cipher = re.sub(r'\ATLS-', '+', m_cipher) m_cipher = m_cipher.replace("-WITH-", ":+") m_cipher = m_cipher.replace("-EDE", "") - # SHA == SHA1, if the last 3 chars are SHA append 1 + # SHA in Mbed TLS == SHA1 GnuTLS, + # if the last 3 chars are SHA append 1 if m_cipher[-3:] == "SHA": m_cipher = m_cipher+"1" # CCM or CCM-8 should be followed by ":+AEAD" - if "CCM" in m_cipher: + # Replace "GCM:+SHAxyz" with "GCM:+AEAD" + if "CCM" in m_cipher or "GCM" in m_cipher: + m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher) m_cipher = m_cipher+":+AEAD" # Replace the last "-" with ":+" - # Replace "GCM:+SHAxyz" with "GCM:+AEAD" else: index = m_cipher.rindex("-") - m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] - m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) + m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:] return m_cipher @@ -67,9 +63,7 @@ def translate_ossl(m_cipher): and return the OpenSSL naming convention """ - # Remove "TLS-" - # Remove "WITH" - m_cipher = m_cipher[4:] + m_cipher = re.sub(r'^TLS-', '', m_cipher) m_cipher = m_cipher.replace("-WITH", "") # Remove the "-" from "ABC-xyz" @@ -78,8 +72,7 @@ def translate_ossl(m_cipher): m_cipher = m_cipher.replace("ARIA-", "ARIA") # Remove "RSA" if it is at the beginning - if m_cipher[:4] == "RSA-": - m_cipher = m_cipher[4:] + m_cipher = re.sub(r'^RSA-', r'', m_cipher) # For all circumstances outside of PSK if "PSK" not in m_cipher: @@ -87,10 +80,7 @@ def translate_ossl(m_cipher): m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") # Remove "CBC" if it is not prefixed by DES - if "CBC" in m_cipher: - index = m_cipher.rindex("CBC") - if m_cipher[index-4:index-1] != "DES": - m_cipher = m_cipher.replace("CBC-", "") + m_cipher = re.sub(r'(? Date: Fri, 30 Jul 2021 17:47:52 +0100 Subject: [PATCH 22/30] Improve python coding style Signed-off-by: Joe Subbiani --- tests/scripts/test_translate_ciphers_names.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py index 33ad4e3db..59ebef1d4 100755 --- a/tests/scripts/test_translate_ciphers_names.py +++ b/tests/scripts/test_translate_ciphers_names.py @@ -23,7 +23,6 @@ Test translate_ciphers.py by running every Mbed TLS ciphersuite name combination through the translate functions and comparing them to their correct GNUTLS or OpenSSL counterpart. """ -import sys from translate_ciphers import translate_gnutls, translate_ossl def assert_equal(translate, original): @@ -36,7 +35,7 @@ def assert_equal(translate, original): assert translate == original except AssertionError: print("%s\n%s\n" %(translate, original)) - sys.exit(1) + raise AssertionError def test_all_common(): """ @@ -498,11 +497,11 @@ def test_all_common(): for m, g_exp, o_exp in ciphers: - if g_exp != None: + if g_exp is not None: g = translate_gnutls(m) assert_equal(g, g_exp) - if o_exp != None: + if o_exp is not None: o = translate_ossl(m) assert_equal(o, o_exp) From f2de374fc1f16ffa0c9c0ee6612d2ada23e699fb Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Sat, 31 Jul 2021 11:37:25 +0100 Subject: [PATCH 23/30] Remove unused import Signed-off-by: Joe Subbiani --- tests/scripts/translate_ciphers.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 39339c3d2..eec340735 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -26,7 +26,6 @@ sys.argv[2] should be a string containing one or more ciphersuite names. """ import re -import sys import argparse def translate_gnutls(m_cipher): From a25ffab4227326e314771235953e347b5257ff85 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 6 Aug 2021 09:41:27 +0100 Subject: [PATCH 24/30] Integrate tests as unit tests into one file Rather than having the tests seperated into different files, they were integrated into translate_ciphers.py and can be run from root using: `python -m unittest tests/scripts/translate_ciphers.py` test_translate_ciphers_format.sh was originally made as a testing ground before having the translation tool being implmented into compat.sh. Translating it to python code makes it redundant and therefore it will be removed. Signed-off-by: Joe Subbiani --- tests/scripts/all.sh | 5 +- .../scripts/test_translate_ciphers_format.sh | 125 ---- tests/scripts/test_translate_ciphers_names.py | 508 ----------------- tests/scripts/translate_ciphers.py | 533 +++++++++++++++++- 4 files changed, 533 insertions(+), 638 deletions(-) delete mode 100755 tests/scripts/test_translate_ciphers_format.sh delete mode 100755 tests/scripts/test_translate_ciphers_names.py diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c3517b140..fbb55db8e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2750,9 +2750,8 @@ component_check_test_helpers () { # harmless info on stdout so it can be suppress with --quiet. ./tests/scripts/test_generate_test_code.py 2>&1 - msg "test: translate_ciphers.py" - ./tests/scripts/test_translate_ciphers_format.sh - ./tests/scripts/test_translate_ciphers_names.py + msg "unit test: translate_ciphers.py" + python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 } ################################################################ diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh deleted file mode 100755 index 1dc7bbc0e..000000000 --- a/tests/scripts/test_translate_ciphers_format.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/sh - -# test_translate_ciphers_format.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# Test translate_ciphers.py formatting by comparing the translated -# ciphersuite names to the true names. As in compat.sh, the spaces between -# the ciphersuite names are normalised. -# -# On fail, the translated cipher suite names do not match the correct ones. -# In this case the difference will be printed in stdout. -# -# This files main purpose is to ensure translate_ciphers.py can take strings -# in the expected format and return them in the format compat.sh will expect. - -set -eu - -if cd $( dirname $0 ); then :; else - echo "cd $( dirname $0 ) failed" >&2 - exit 1 -fi - -fail=0 - -# Initalize ciphers translated from Mbed TLS using translate_ciphers.py -O_TRANSLATED_CIPHERS="" -G_TRANSLATED_CIPHERS="" - -# Initalize ciphers that are known to be in the correct format -O_CIPHERS="" -G_CIPHERS="" - -# Mbed TLS ciphersuite names to be translated -# into GnuTLS and OpenSSL -CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " - -G=$(./translate_ciphers.py g $CIPHERS) || fail=1 -G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" - -O=$(./translate_ciphers.py o $CIPHERS) || fail=1 -O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" - -G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+NULL:+SHA1 \ - +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ - " -O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-NULL-SHA \ - ECDHE-ECDSA-DES-CBC3-SHA \ - ECDHE-ECDSA-AES128-SHA \ - ECDHE-ECDSA-AES256-SHA \ - " - -# Mbed TLS ciphersuite names to be translated -# into GnuTLS and OpenSSL -CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " - -G=$(./translate_ciphers.py g $CIPHERS) || fail=1 -G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" - -O=$(./translate_ciphers.py o $CIPHERS) || fail=1 -O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" - -G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ - " -O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-AES128-SHA256 \ - ECDHE-ECDSA-AES256-SHA384 \ - ECDHE-ECDSA-AES128-GCM-SHA256 \ - ECDHE-ECDSA-AES256-GCM-SHA384 \ - " - -# Normalise spacing -G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS ) -O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS ) - -G_CIPHERS=$( echo $G_CIPHERS ) -O_CIPHERS=$( echo $O_CIPHERS ) - -# Compare the compat.sh names with the translated names -# Upon fail, print them to view the differences -if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ] -then - echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS" - echo "GnuTLS Original: $G_CIPHERS" - fail=1 -fi -if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ] -then - echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS" - echo "OpenSSL Original: $O_CIPHERS" - fail=1 -fi - -exit $fail diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py deleted file mode 100755 index 59ebef1d4..000000000 --- a/tests/scripts/test_translate_ciphers_names.py +++ /dev/null @@ -1,508 +0,0 @@ -#!/usr/bin/env python3 - -# test_translate_ciphers_names.py -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -""" -Test translate_ciphers.py by running every Mbed TLS ciphersuite name -combination through the translate functions and comparing them to their -correct GNUTLS or OpenSSL counterpart. -""" -from translate_ciphers import translate_gnutls, translate_ossl - -def assert_equal(translate, original): - """ - Compare the translated ciphersuite name against the original - On fail, print the mismatch on the screen to directly compare the - differences - """ - try: - assert translate == original - except AssertionError: - print("%s\n%s\n" %(translate, original)) - raise AssertionError - -def test_all_common(): - """ - Translate the Mbed TLS ciphersuite names to the common OpenSSL and - GnuTLS ciphersuite names, and compare them with the true, expected - corresponding OpenSSL and GnuTLS ciphersuite names - """ - ciphers = [ - ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "+ECDHE-ECDSA:+NULL:+SHA1", - "ECDHE-ECDSA-NULL-SHA"), - ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "ECDHE-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "ECDHE-ECDSA-AES128-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - "ECDHE-ECDSA-AES256-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "ECDHE-ECDSA-AES128-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "ECDHE-ECDSA-AES256-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "ECDHE-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - "ECDHE-ECDSA-AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "+DHE-RSA:+AES-128-CBC:+SHA1", - "DHE-RSA-AES128-SHA"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "DHE-RSA-AES256-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "DHE-RSA-CAMELLIA128-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "DHE-RSA-CAMELLIA256-SHA"), - ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+DHE-RSA:+3DES-CBC:+SHA1", - "EDH-RSA-DES-CBC3-SHA"), - ("TLS-RSA-WITH-AES-256-CBC-SHA", - "+RSA:+AES-256-CBC:+SHA1", - "AES256-SHA"), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "CAMELLIA256-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA", - "+RSA:+AES-128-CBC:+SHA1", - "AES128-SHA"), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "CAMELLIA128-SHA"), - ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "+RSA:+3DES-CBC:+SHA1", - "DES-CBC3-SHA"), - ("TLS-RSA-WITH-NULL-MD5", - "+RSA:+NULL:+MD5", - "NULL-MD5"), - ("TLS-RSA-WITH-NULL-SHA", - "+RSA:+NULL:+SHA1", - "NULL-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "ECDHE-RSA-AES128-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "ECDHE-RSA-AES256-SHA"), - ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "ECDHE-RSA-DES-CBC3-SHA"), - ("TLS-ECDHE-RSA-WITH-NULL-SHA", - "+ECDHE-RSA:+NULL:+SHA1", - "ECDHE-RSA-NULL-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA256", - "+RSA:+AES-128-CBC:+SHA256", - "AES128-SHA256"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "DHE-RSA-AES128-SHA256"), - ("TLS-RSA-WITH-AES-256-CBC-SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "AES256-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "DHE-RSA-AES256-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "ECDHE-RSA-AES128-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "ECDHE-RSA-AES256-SHA384"), - ("TLS-RSA-WITH-AES-128-GCM-SHA256", - "+RSA:+AES-128-GCM:+AEAD", - "AES128-GCM-SHA256"), - ("TLS-RSA-WITH-AES-256-GCM-SHA384", - "+RSA:+AES-256-GCM:+AEAD", - "AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "DHE-RSA-AES128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "DHE-RSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "ECDHE-RSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - "ECDHE-RSA-AES256-GCM-SHA384"), - ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "+PSK:+3DES-CBC:+SHA1", - "PSK-3DES-EDE-CBC-SHA"), - ("TLS-PSK-WITH-AES-128-CBC-SHA", - "+PSK:+AES-128-CBC:+SHA1", - "PSK-AES128-CBC-SHA"), - ("TLS-PSK-WITH-AES-256-CBC-SHA", - "+PSK:+AES-256-CBC:+SHA1", - "PSK-AES256-CBC-SHA"), - - ("TLS-ECDH-ECDSA-WITH-NULL-SHA", - None, - "ECDH-ECDSA-NULL-SHA"), - ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - None, - "ECDH-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - None, - "ECDH-ECDSA-AES128-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - None, - "ECDH-ECDSA-AES256-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - None, - "ECDH-ECDSA-AES128-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - None, - "ECDH-ECDSA-AES256-SHA384"), - ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - None, - "ECDH-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - None, - "ECDH-ECDSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ECDSA-ARIA256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ECDSA-ARIA128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-ECDSA-CHACHA20-POLY1305"), - ("TLS-RSA-WITH-DES-CBC-SHA", - None, - "DES-CBC-SHA"), - ("TLS-DHE-RSA-WITH-DES-CBC-SHA", - None, - "EDH-RSA-DES-CBC-SHA"), - ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ARIA256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-RSA-ARIA256-GCM-SHA384"), - ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ARIA256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-RSA-ARIA128-GCM-SHA256"), - ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-RSA-CHACHA20-POLY1305"), - ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-RSA-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-PSK-ARIA256-GCM-SHA384"), - ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "PSK-ARIA256-GCM-SHA384"), - ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "PSK-CHACHA20-POLY1305"), - ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-PSK-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-PSK-CHACHA20-POLY1305"), - - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-NULL-SHA256", - "+RSA:+NULL:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM", - "+RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM", - "+RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM", - "+DHE-RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM", - "+DHE-RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM-8", - "+RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM-8", - "+RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM-8", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM-8", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+DHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "+DHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - "+DHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "+RSA-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "+RSA-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - "+RSA-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA384", - "+ECDHE-PSK:+NULL:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA256", - "+ECDHE-PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-CBC-SHA256", - "+PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-256-CBC-SHA384", - "+PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "+DHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "+DHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-NULL-SHA256", - "+PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-NULL-SHA384", - "+PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA256", - "+DHE-PSK:+NULL:+SHA256", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA384", - "+DHE-PSK:+NULL:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "+RSA-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA256", - "+RSA-PSK:+NULL:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA384", - "+RSA-PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-GCM-SHA256", - "+PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-GCM-SHA384", - "+PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "+DHE-PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "+DHE-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM", - "+PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM", - "+PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM", - "+DHE-PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM", - "+DHE-PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM-8", - "+PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM-8", - "+PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM-8", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM-8", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "+RSA-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - "+RSA-PSK:+AES-128-GCM:+AEAD", - None), - ] - - for m, g_exp, o_exp in ciphers: - - if g_exp is not None: - g = translate_gnutls(m) - assert_equal(g, g_exp) - - if o_exp is not None: - o = translate_ossl(m) - assert_equal(o, o_exp) - -test_all_common() diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index eec340735..44ffb400b 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -21,12 +21,541 @@ Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS standards. -sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. -sys.argv[2] should be a string containing one or more ciphersuite names. +To test the translation functions run: +python3 -m unittest translate_cipher.py """ import re import argparse +import unittest + +class TestTranslateCiphers(unittest.TestCase): + """ + Ensure translate_ciphers.py translates and formats ciphersuite names + correctly + """ + def test_translate_all_cipher_names(self): + """ + Translate the Mbed TLS ciphersuite names to the common OpenSSL and + GnuTLS ciphersuite names, and compare them with the true, expected + corresponding OpenSSL and GnuTLS ciphersuite names + """ + ciphers = [ + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "ECDHE-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "ECDHE-ECDSA-AES128-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + "ECDHE-ECDSA-AES256-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "ECDHE-ECDSA-AES128-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "ECDHE-ECDSA-AES256-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + "ECDHE-ECDSA-AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "+DHE-RSA:+AES-128-CBC:+SHA1", + "DHE-RSA-AES128-SHA"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "DHE-RSA-AES256-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "DHE-RSA-CAMELLIA128-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "DHE-RSA-CAMELLIA256-SHA"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "CAMELLIA256-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA", + "+RSA:+AES-128-CBC:+SHA1", + "AES128-SHA"), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "CAMELLIA128-SHA"), + ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "+RSA:+3DES-CBC:+SHA1", + "DES-CBC3-SHA"), + ("TLS-RSA-WITH-NULL-MD5", + "+RSA:+NULL:+MD5", + "NULL-MD5"), + ("TLS-RSA-WITH-NULL-SHA", + "+RSA:+NULL:+SHA1", + "NULL-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "ECDHE-RSA-AES128-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "ECDHE-RSA-AES256-SHA"), + ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "ECDHE-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-RSA-WITH-NULL-SHA", + "+ECDHE-RSA:+NULL:+SHA1", + "ECDHE-RSA-NULL-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA256", + "+RSA:+AES-128-CBC:+SHA256", + "AES128-SHA256"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "DHE-RSA-AES128-SHA256"), + ("TLS-RSA-WITH-AES-256-CBC-SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "AES256-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "DHE-RSA-AES256-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "ECDHE-RSA-AES128-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "ECDHE-RSA-AES256-SHA384"), + ("TLS-RSA-WITH-AES-128-GCM-SHA256", + "+RSA:+AES-128-GCM:+AEAD", + "AES128-GCM-SHA256"), + ("TLS-RSA-WITH-AES-256-GCM-SHA384", + "+RSA:+AES-256-GCM:+AEAD", + "AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "DHE-RSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "DHE-RSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "ECDHE-RSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + "ECDHE-RSA-AES256-GCM-SHA384"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), + ("TLS-PSK-WITH-AES-128-CBC-SHA", + "+PSK:+AES-128-CBC:+SHA1", + "PSK-AES128-CBC-SHA"), + ("TLS-PSK-WITH-AES-256-CBC-SHA", + "+PSK:+AES-256-CBC:+SHA1", + "PSK-AES256-CBC-SHA"), + + ("TLS-ECDH-ECDSA-WITH-NULL-SHA", + None, + "ECDH-ECDSA-NULL-SHA"), + ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + None, + "ECDH-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + None, + "ECDH-ECDSA-AES128-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + None, + "ECDH-ECDSA-AES256-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + None, + "ECDH-ECDSA-AES128-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + None, + "ECDH-ECDSA-AES256-SHA384"), + ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + None, + "ECDH-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + None, + "ECDH-ECDSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ECDSA-ARIA256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ECDSA-ARIA128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-RSA-WITH-DES-CBC-SHA", + None, + "DES-CBC-SHA"), + ("TLS-DHE-RSA-WITH-DES-CBC-SHA", + None, + "EDH-RSA-DES-CBC-SHA"), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-RSA-ARIA256-GCM-SHA384"), + ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ARIA256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-RSA-ARIA128-GCM-SHA256"), + ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-RSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-RSA-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-PSK-ARIA256-GCM-SHA384"), + ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "PSK-ARIA256-GCM-SHA384"), + ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "PSK-CHACHA20-POLY1305"), + ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-PSK-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-PSK-CHACHA20-POLY1305"), + + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-NULL-SHA256", + "+RSA:+NULL:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM", + "+RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM", + "+RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM", + "+DHE-RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM", + "+DHE-RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM-8", + "+RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM-8", + "+RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM-8", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM-8", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+DHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "+DHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + "+DHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "+RSA-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "+RSA-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + "+RSA-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA384", + "+ECDHE-PSK:+NULL:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA256", + "+ECDHE-PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-CBC-SHA256", + "+PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-256-CBC-SHA384", + "+PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "+DHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "+DHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-NULL-SHA256", + "+PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-NULL-SHA384", + "+PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA256", + "+DHE-PSK:+NULL:+SHA256", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA384", + "+DHE-PSK:+NULL:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "+RSA-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA256", + "+RSA-PSK:+NULL:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA384", + "+RSA-PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-GCM-SHA256", + "+PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-GCM-SHA384", + "+PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "+DHE-PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "+DHE-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM", + "+PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM", + "+PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM", + "+DHE-PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM", + "+DHE-PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM-8", + "+PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM-8", + "+PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM-8", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM-8", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "+RSA-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + "+RSA-PSK:+AES-128-GCM:+AEAD", + None), + ] + + for m, g_exp, o_exp in ciphers: + + if g_exp is not None: + g = translate_gnutls(m) + self.assertEqual(g, g_exp) + + if o_exp is not None: + o = translate_ossl(m) + self.assertEqual(o, o_exp) + + def test_cipher_format(self): + """ + Ensure translate_ciphers.py can take names in the expected + format and return them in the format compat.sh will expect. + """ + # Ciphers in Mbed TLS format + ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + " + ciphers = "%s \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " % ciphers + + # Corresponding ciphers in GnuTLS format + g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1 \ + +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ + " + g_ciphers = "%s \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ + +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ + +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ + " % g_ciphers + + # Corresponding ciphers in OpenSSL format + o_ciphers = "ECDHE-ECDSA-NULL-SHA \ + ECDHE-ECDSA-DES-CBC3-SHA \ + ECDHE-ECDSA-AES128-SHA \ + ECDHE-ECDSA-AES256-SHA \ + " + o_ciphers = "%s \ + ECDHE-ECDSA-AES128-SHA256 \ + ECDHE-ECDSA-AES256-SHA384 \ + ECDHE-ECDSA-AES128-GCM-SHA256 \ + ECDHE-ECDSA-AES256-GCM-SHA384 \ + " % o_ciphers + + # Translate ciphers in mbedtls format + g_translated = format_ciphersuite_names("g", ciphers.split()) + o_translated = format_ciphersuite_names("o", ciphers.split()) + + # Normalise whitespace + g_ciphers = (" ").join(g_ciphers.split()) + o_ciphers = (" ").join(o_ciphers.split()) + + self.assertEqual(g_translated, g_ciphers) + self.assertEqual(o_translated, o_ciphers) def translate_gnutls(m_cipher): """ From 79f579037044f66c2aa2adec586776af9aad59ef Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 6 Aug 2021 09:46:42 +0100 Subject: [PATCH 25/30] Remove test_translate_format() As test_translate_ciphers_format.sh was made as a testing ground before utilising translate_ciphers.py in compat.sh, once it was translated to python code - as a unit test, it became redundant. Signed-off-by: Joe Subbiani --- tests/scripts/translate_ciphers.py | 55 ------------------------------ 1 file changed, 55 deletions(-) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 44ffb400b..7bbc1d74d 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -502,61 +502,6 @@ class TestTranslateCiphers(unittest.TestCase): o = translate_ossl(m) self.assertEqual(o, o_exp) - def test_cipher_format(self): - """ - Ensure translate_ciphers.py can take names in the expected - format and return them in the format compat.sh will expect. - """ - # Ciphers in Mbed TLS format - ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " - ciphers = "%s \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " % ciphers - - # Corresponding ciphers in GnuTLS format - g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1 \ - +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ - " - g_ciphers = "%s \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ - " % g_ciphers - - # Corresponding ciphers in OpenSSL format - o_ciphers = "ECDHE-ECDSA-NULL-SHA \ - ECDHE-ECDSA-DES-CBC3-SHA \ - ECDHE-ECDSA-AES128-SHA \ - ECDHE-ECDSA-AES256-SHA \ - " - o_ciphers = "%s \ - ECDHE-ECDSA-AES128-SHA256 \ - ECDHE-ECDSA-AES256-SHA384 \ - ECDHE-ECDSA-AES128-GCM-SHA256 \ - ECDHE-ECDSA-AES256-GCM-SHA384 \ - " % o_ciphers - - # Translate ciphers in mbedtls format - g_translated = format_ciphersuite_names("g", ciphers.split()) - o_translated = format_ciphersuite_names("o", ciphers.split()) - - # Normalise whitespace - g_ciphers = (" ").join(g_ciphers.split()) - o_ciphers = (" ").join(o_ciphers.split()) - - self.assertEqual(g_translated, g_ciphers) - self.assertEqual(o_translated, o_ciphers) - def translate_gnutls(m_cipher): """ Translate m_cipher from MBedTLS ciphersuite naming convention From 1d592cba5c0c6b8ca2db64718a05a0e01dd899d9 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 13 Aug 2021 12:30:28 +0100 Subject: [PATCH 26/30] Remove NULL-SHA256 specific to OpenSSL Instead add TLS-RSA-WITH-NULL-SHA256 to list of common ciphersuites. It therefore has to be removed from GnuTLS as it could then duplicate. Signed-off-by: Joe Subbiani --- tests/compat.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 4e18fce2d..dbd5e3900 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -313,8 +313,8 @@ add_common_ciphersuites() TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-RSA-WITH-NULL-SHA256 \ " - O_CIPHERS="$O_CIPHERS NULL-SHA256" fi ;; @@ -449,10 +449,6 @@ add_gnutls_ciphersuites() ;; "RSA") - if [ `minor_ver "$MODE"` -gt 0 ] - then - CIPHERS="$CIPHERS TLS-RSA-WITH-NULL-SHA256" - fi if [ `minor_ver "$MODE"` -ge 3 ] then CIPHERS="$CIPHERS \ From b0aba9a46e4c327b0da97139e23fa477ed06fc75 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 25 Aug 2021 09:56:57 +0100 Subject: [PATCH 27/30] Improve comments to be more accurate Signed-off-by: Joe Subbiani --- tests/compat.sh | 16 ++++++++-------- tests/scripts/translate_ciphers.py | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index dbd5e3900..f4c611ae7 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -339,10 +339,10 @@ add_common_ciphersuites() } # Ciphersuites usable only with Mbed TLS and OpenSSL -# Each ciphersuite is compiled case by case in the MBedTLS standard, and -# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list -# is translated to the OpenSSL naming standard and appended to the list of -# OpenSSL ciphersuites $O_CIPHERS +# A list of ciphersuites in the Mbed TLS convention is compiled and +# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list +# is translated to the OpenSSL naming convention and appended to the list of +# OpenSSL ciphersuites $O_CIPHERS. # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, # so RSA-PSK ciphersuites need to go in other sections, see @@ -423,10 +423,10 @@ add_openssl_ciphersuites() } # Ciphersuites usable only with Mbed TLS and GnuTLS -# Each ciphersuite is compiled case by case in the MBedTLS standard, and -# is appended to the list of MBedTLS ciphersuites $M_CIPHERS. The same list -# is translated to the GnuTLS naming standard and appended to the list of -# GnuTLS ciphersuites $G_CIPHERS +# A list of ciphersuites in the Mbed TLS convention is compiled and +# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list +# is translated to the GnuTLS naming convention and appended to the list of +# GnuTLS ciphersuites $G_CIPHERS. add_gnutls_ciphersuites() { CIPHERS="" diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 7bbc1d74d..6f6c5d824 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -18,7 +18,7 @@ # limitations under the License. """ -Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS +Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS standards. To test the translation functions run: @@ -504,7 +504,7 @@ class TestTranslateCiphers(unittest.TestCase): def translate_gnutls(m_cipher): """ - Translate m_cipher from MBedTLS ciphersuite naming convention + Translate m_cipher from Mbed TLS ciphersuite naming convention and return the GnuTLS naming convention """ @@ -532,7 +532,7 @@ def translate_gnutls(m_cipher): def translate_ossl(m_cipher): """ - Translate m_cipher from MBedTLS ciphersuite naming convention + Translate m_cipher from Mbed TLS ciphersuite naming convention and return the OpenSSL naming convention """ From 54110b3b6f571b9e1195a3f1e4094bb24d1eafac Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 2 Sep 2021 13:02:29 +0100 Subject: [PATCH 28/30] Reduce translate_ciphers.py test list Having a list of every ciphersuite suggests that it should be maintained with any new ciphersuites that are added in the future. This in turn almost defeats the purpose of having translation functions to begin with Instead, the unit test now only test a much smaller subset of ciphersuite names that exercise each stage in the OpenSSL and GnuTLS translate functions. In the future, if a new cipersuite is added that requires an extra stage in translation, then that cipher can be added to the test suite, otherwise it should not be necessary. Signed-off-by: Joe Subbiani --- tests/scripts/translate_ciphers.py | 470 ++--------------------------- 1 file changed, 18 insertions(+), 452 deletions(-) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 6f6c5d824..d04b8f32f 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -36,460 +36,26 @@ class TestTranslateCiphers(unittest.TestCase): """ def test_translate_all_cipher_names(self): """ - Translate the Mbed TLS ciphersuite names to the common OpenSSL and - GnuTLS ciphersuite names, and compare them with the true, expected - corresponding OpenSSL and GnuTLS ciphersuite names + Translate MbedTLS ciphersuite names to their OpenSSL and + GnuTLS counterpart. Use only a small subset of ciphers + that exercise each step of the translate functions """ ciphers = [ - ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "+ECDHE-ECDSA:+NULL:+SHA1", - "ECDHE-ECDSA-NULL-SHA"), - ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "ECDHE-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "ECDHE-ECDSA-AES128-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - "ECDHE-ECDSA-AES256-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "ECDHE-ECDSA-AES128-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "ECDHE-ECDSA-AES256-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "ECDHE-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - "ECDHE-ECDSA-AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "+DHE-RSA:+AES-128-CBC:+SHA1", - "DHE-RSA-AES128-SHA"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "DHE-RSA-AES256-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "DHE-RSA-CAMELLIA128-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "DHE-RSA-CAMELLIA256-SHA"), - ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+DHE-RSA:+3DES-CBC:+SHA1", - "EDH-RSA-DES-CBC3-SHA"), - ("TLS-RSA-WITH-AES-256-CBC-SHA", - "+RSA:+AES-256-CBC:+SHA1", - "AES256-SHA"), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "CAMELLIA256-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA", - "+RSA:+AES-128-CBC:+SHA1", - "AES128-SHA"), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "CAMELLIA128-SHA"), - ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "+RSA:+3DES-CBC:+SHA1", - "DES-CBC3-SHA"), - ("TLS-RSA-WITH-NULL-MD5", - "+RSA:+NULL:+MD5", - "NULL-MD5"), - ("TLS-RSA-WITH-NULL-SHA", - "+RSA:+NULL:+SHA1", - "NULL-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "ECDHE-RSA-AES128-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "ECDHE-RSA-AES256-SHA"), - ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "ECDHE-RSA-DES-CBC3-SHA"), - ("TLS-ECDHE-RSA-WITH-NULL-SHA", - "+ECDHE-RSA:+NULL:+SHA1", - "ECDHE-RSA-NULL-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA256", - "+RSA:+AES-128-CBC:+SHA256", - "AES128-SHA256"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "DHE-RSA-AES128-SHA256"), - ("TLS-RSA-WITH-AES-256-CBC-SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "AES256-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "DHE-RSA-AES256-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "ECDHE-RSA-AES128-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "ECDHE-RSA-AES256-SHA384"), - ("TLS-RSA-WITH-AES-128-GCM-SHA256", - "+RSA:+AES-128-GCM:+AEAD", - "AES128-GCM-SHA256"), - ("TLS-RSA-WITH-AES-256-GCM-SHA384", - "+RSA:+AES-256-GCM:+AEAD", - "AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "DHE-RSA-AES128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "DHE-RSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "ECDHE-RSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - "ECDHE-RSA-AES256-GCM-SHA384"), - ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "+PSK:+3DES-CBC:+SHA1", - "PSK-3DES-EDE-CBC-SHA"), - ("TLS-PSK-WITH-AES-128-CBC-SHA", - "+PSK:+AES-128-CBC:+SHA1", - "PSK-AES128-CBC-SHA"), - ("TLS-PSK-WITH-AES-256-CBC-SHA", - "+PSK:+AES-256-CBC:+SHA1", - "PSK-AES256-CBC-SHA"), - - ("TLS-ECDH-ECDSA-WITH-NULL-SHA", - None, - "ECDH-ECDSA-NULL-SHA"), - ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - None, - "ECDH-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - None, - "ECDH-ECDSA-AES128-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - None, - "ECDH-ECDSA-AES256-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - None, - "ECDH-ECDSA-AES128-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - None, - "ECDH-ECDSA-AES256-SHA384"), - ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - None, - "ECDH-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - None, - "ECDH-ECDSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ECDSA-ARIA256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ECDSA-ARIA128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-ECDSA-CHACHA20-POLY1305"), - ("TLS-RSA-WITH-DES-CBC-SHA", - None, - "DES-CBC-SHA"), - ("TLS-DHE-RSA-WITH-DES-CBC-SHA", - None, - "EDH-RSA-DES-CBC-SHA"), - ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ARIA256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-RSA-ARIA256-GCM-SHA384"), - ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ARIA256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-RSA-ARIA128-GCM-SHA256"), - ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-RSA-CHACHA20-POLY1305"), - ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-RSA-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-PSK-ARIA256-GCM-SHA384"), - ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "PSK-ARIA256-GCM-SHA384"), - ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "PSK-CHACHA20-POLY1305"), - ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-PSK-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-PSK-CHACHA20-POLY1305"), - - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-NULL-SHA256", - "+RSA:+NULL:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM", - "+RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM", - "+RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM", - "+DHE-RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM", - "+DHE-RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM-8", - "+RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM-8", - "+RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM-8", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM-8", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+DHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "+DHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - "+DHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "+RSA-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "+RSA-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - "+RSA-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA384", - "+ECDHE-PSK:+NULL:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA256", - "+ECDHE-PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-CBC-SHA256", - "+PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-256-CBC-SHA384", - "+PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "+DHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "+DHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-NULL-SHA256", - "+PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-NULL-SHA384", - "+PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA256", - "+DHE-PSK:+NULL:+SHA256", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA384", - "+DHE-PSK:+NULL:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "+RSA-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA256", - "+RSA-PSK:+NULL:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA384", - "+RSA-PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-GCM-SHA256", - "+PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-GCM-SHA384", - "+PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "+DHE-PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "+DHE-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM", - "+PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM", - "+PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM", - "+DHE-PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM", - "+DHE-PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM-8", - "+PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM-8", - "+PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM-8", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM-8", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "+RSA-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - "+RSA-PSK:+AES-128-GCM:+AEAD", - None), + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), ] for m, g_exp, o_exp in ciphers: From 49d57bcf19cdbd54c81bbeaad8a1ac002ae0248a Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Thu, 2 Sep 2021 18:50:30 +0100 Subject: [PATCH 29/30] Improve indentation according to pylint Signed-off-by: Joe Subbiani --- tests/scripts/translate_ciphers.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index d04b8f32f..207c884cf 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -41,21 +41,21 @@ class TestTranslateCiphers(unittest.TestCase): that exercise each step of the translate functions """ ciphers = [ - ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "+ECDHE-ECDSA:+NULL:+SHA1", - "ECDHE-ECDSA-NULL-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "ECDHE-ECDSA-AES128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+DHE-RSA:+3DES-CBC:+SHA1", - "EDH-RSA-DES-CBC3-SHA"), - ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-ECDSA-CHACHA20-POLY1305"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - None), + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), ] for m, g_exp, o_exp in ciphers: From e5d6106071654c505b07c76e5be6469e4092ef00 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 3 Sep 2021 13:30:44 +0100 Subject: [PATCH 30/30] Extend test in translate_ciphers.py The list was trimmed previously according to code coverage, however this did not really evalute all test cases, e.g in the case of re.sub or m_cipher.replace. These lines are executed no matter what, so code coverage is not suitable. I have gone through each step in the translate functions and made sure there is at least one ciphersuite per step Signed-off-by: Joe Subbiani --- tests/scripts/translate_ciphers.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 207c884cf..d5f847fd5 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -50,12 +50,21 @@ class TestTranslateCiphers(unittest.TestCase): ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "+DHE-RSA:+3DES-CBC:+SHA1", "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", None, "ECDHE-ECDSA-CHACHA20-POLY1305"), ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", None), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), ] for m, g_exp, o_exp in ciphers: