ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-12 18:04:39 +08:00
Code Issues Releases Wiki Activity

Improve consitancy and useability

Browse Source 
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
  avoid needing to rely on indexes

test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors

compat.sh
- Improved how translate_ciphers.py is called

translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
This commit is contained in:
Joe Subbiani 2021-07-30 16:57:04 +01:00
parent 439a696903
commit 918ee797ce
4 changed files with 525 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tests/compat.sh
View File

@ -329,11 +329,11 @@ add_common_ciphersuites()
M_CIPHERS="$M_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS"
T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` T=$(./scripts/translate_ciphers.py g $CIPHERS)
check_translation $? "$T" check_translation $? "$T"
G_CIPHERS="$G_CIPHERS $T" G_CIPHERS="$G_CIPHERS $T"
T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` T=$(./scripts/translate_ciphers.py o $CIPHERS)
check_translation $? "$T" check_translation $? "$T"
O_CIPHERS="$O_CIPHERS $T" O_CIPHERS="$O_CIPHERS $T"
} }
@ -417,7 +417,7 @@ add_openssl_ciphersuites()
M_CIPHERS="$M_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS"
T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` T=$(./scripts/translate_ciphers.py o $CIPHERS)
check_translation $? "$T" check_translation $? "$T"
O_CIPHERS="$O_CIPHERS $T" O_CIPHERS="$O_CIPHERS $T"
} }
@ -551,7 +551,7 @@ add_gnutls_ciphersuites()
M_CIPHERS="$M_CIPHERS $CIPHERS" M_CIPHERS="$M_CIPHERS $CIPHERS"
T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` T=$(./scripts/translate_ciphers.py g $CIPHERS)
check_translation $? "$T" check_translation $? "$T"
G_CIPHERS="$G_CIPHERS $T" G_CIPHERS="$G_CIPHERS $T"
} }

96
tests/scripts/test_translate_ciphers_format.sh
View File

@ -29,84 +29,71 @@
# This files main purpose is to ensure translate_ciphers.py can take strings # This files main purpose is to ensure translate_ciphers.py can take strings
# in the expected format and return them in the format compat.sh will expect. # in the expected format and return them in the format compat.sh will expect.
set -eu
if cd $( dirname $0 ); then :; else if cd $( dirname $0 ); then :; else
echo "cd $( dirname $0 ) failed" >&2 echo "cd $( dirname $0 ) failed" >&2
exit 1 exit 1
fi fi
# Ciphers that will use translate_ciphers.py fail=0
M_CIPHERS=""
# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
O_TRANSLATED_CIPHERS=""
G_TRANSLATED_CIPHERS=""
# Initalize ciphers that are known to be in the correct format
O_CIPHERS="" O_CIPHERS=""
G_CIPHERS="" G_CIPHERS=""
# Ciphers taken directly from compat.sh # Mbed TLS ciphersuite names to be translated
Mt_CIPHERS="" # into GnuTLS and OpenSSL
Ot_CIPHERS=""
Gt_CIPHERS=""
# Initial list to be split into 3
CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
" "
M_CIPHERS="$M_CIPHERS $CIPHERS" G=$(./translate_ciphers.py g $CIPHERS) || fail=1
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
G=`python3 translate_ciphers.py g "$CIPHERS"` O=$(./translate_ciphers.py o $CIPHERS) || fail=1
G_CIPHERS="$G_CIPHERS $G" O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
O=`python3 translate_ciphers.py o "$CIPHERS"` G_CIPHERS="$G_CIPHERS \
O_CIPHERS="$O_CIPHERS $O"
Mt_CIPHERS="$Mt_CIPHERS \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
Gt_CIPHERS="$Gt_CIPHERS \
+ECDHE-ECDSA:+NULL:+SHA1 \ +ECDHE-ECDSA:+NULL:+SHA1 \
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \ +ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
" "
Ot_CIPHERS="$Ot_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-NULL-SHA \ ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \ ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES256-SHA \
" "
# Mbed TLS ciphersuite names to be translated
# Initial list to be split into 3 # into GnuTLS and OpenSSL
CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
" "
M_CIPHERS="$M_CIPHERS $CIPHERS" G=$(./translate_ciphers.py g $CIPHERS) || fail=1
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
G=`python3 translate_ciphers.py g "$CIPHERS"` O=$(./translate_ciphers.py o $CIPHERS) || fail=1
G_CIPHERS="$G_CIPHERS $G" O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
O=`python3 translate_ciphers.py o "$CIPHERS"` G_CIPHERS="$G_CIPHERS \
O_CIPHERS="$O_CIPHERS $O"
Mt_CIPHERS="$Mt_CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
"
Gt_CIPHERS="$Gt_CIPHERS \
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \ +ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \ +ECDHE-ECDSA:+AES-256-GCM:+AEAD \
" "
Ot_CIPHERS="$Ot_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \ ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES128-GCM-SHA256 \
@ -114,28 +101,25 @@ Ot_CIPHERS="$Ot_CIPHERS \
" "
# Normalise spacing # Normalise spacing
M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') G_CIPHERS=$( echo $G_CIPHERS )
Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') O_CIPHERS=$( echo $O_CIPHERS )
Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
# Compare the compat.sh names with the translated names # Compare the compat.sh names with the translated names
# Upon fail, print them to view the differences # Upon fail, print them to view the differences
if [ "$Mt_CIPHERS" != "$M_CIPHERS" ] if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
then then
echo "MBEDTLS Translated: $M_CIPHERS" echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS"
echo "MBEDTLS Original: $Mt_CIPHERS" echo "GnuTLS Original: $G_CIPHERS"
fail=1
fi fi
if [ "$Gt_CIPHERS" != "$G_CIPHERS" ] if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
then then
echo "GNUTLS Translated: $G_CIPHERS" echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
echo "GNUTLS Original: $Gt_CIPHERS" echo "OpenSSL Original: $O_CIPHERS"
fi fail=1
if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
then
echo "OpenSSL Translated: $O_CIPHERS"
echo "OpenSSL Original: $Ot_CIPHERS"
fi fi
exit $fail

877
tests/scripts/test_translate_ciphers_names.py
View File

@ -19,11 +19,11 @@
# #
""" """
Test translate_ciphers.py by running every MBedTLS ciphersuite name Test translate_ciphers.py by running every Mbed TLS ciphersuite name
combination through the translate functions and comparing them to their combination through the translate functions and comparing them to their
correct GNUTLS or OpenSSL counterpart. correct GNUTLS or OpenSSL counterpart.
""" """
import sys
from translate_ciphers import translate_gnutls, translate_ossl from translate_ciphers import translate_gnutls, translate_ossl
def assert_equal(translate, original): def assert_equal(translate, original):
@ -36,431 +36,474 @@ def assert_equal(translate, original):
assert translate == original assert translate == original
except AssertionError: except AssertionError:
print("%s\n%s\n" %(translate, original)) print("%s\n%s\n" %(translate, original))
sys.exit(1)
def test_all_common(): def test_all_common():
""" """
Translate the MBedTLS ciphersuite names to the common OpenSSL and Translate the Mbed TLS ciphersuite names to the common OpenSSL and
GnuTLS ciphersite names, and compare them with the true, expected GnuTLS ciphersuite names, and compare them with the true, expected
corresponding OpenSSL and GnuTLS ciphersuite names corresponding OpenSSL and GnuTLS ciphersuite names
""" """
m_ciphers = [ ciphers = [
"TLS-ECDHE-ECDSA-WITH-NULL-SHA", ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
"TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", "+ECDHE-ECDSA:+NULL:+SHA1",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "ECDHE-ECDSA-NULL-SHA"),
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
"ECDHE-ECDSA-DES-CBC3-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
"ECDHE-ECDSA-AES128-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
"ECDHE-ECDSA-AES256-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
"ECDHE-ECDSA-AES128-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
"ECDHE-ECDSA-AES256-SHA384"),
("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
"ECDHE-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
"ECDHE-ECDSA-AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"+DHE-RSA:+AES-128-CBC:+SHA1",
"DHE-RSA-AES128-SHA"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"+DHE-RSA:+AES-256-CBC:+SHA1",
"DHE-RSA-AES256-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
"DHE-RSA-CAMELLIA128-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
"DHE-RSA-CAMELLIA256-SHA"),
("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+DHE-RSA:+3DES-CBC:+SHA1",
"EDH-RSA-DES-CBC3-SHA"),
("TLS-RSA-WITH-AES-256-CBC-SHA",
"+RSA:+AES-256-CBC:+SHA1",
"AES256-SHA"),
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+RSA:+CAMELLIA-256-CBC:+SHA1",
"CAMELLIA256-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA",
"+RSA:+AES-128-CBC:+SHA1",
"AES128-SHA"),
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+RSA:+CAMELLIA-128-CBC:+SHA1",
"CAMELLIA128-SHA"),
("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"+RSA:+3DES-CBC:+SHA1",
"DES-CBC3-SHA"),
("TLS-RSA-WITH-NULL-MD5",
"+RSA:+NULL:+MD5",
"NULL-MD5"),
("TLS-RSA-WITH-NULL-SHA",
"+RSA:+NULL:+SHA1",
"NULL-SHA"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
"ECDHE-RSA-AES128-SHA"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
"ECDHE-RSA-AES256-SHA"),
("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-RSA:+3DES-CBC:+SHA1",
"ECDHE-RSA-DES-CBC3-SHA"),
("TLS-ECDHE-RSA-WITH-NULL-SHA",
"+ECDHE-RSA:+NULL:+SHA1",
"ECDHE-RSA-NULL-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA256",
"+RSA:+AES-128-CBC:+SHA256",
"AES128-SHA256"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"+DHE-RSA:+AES-128-CBC:+SHA256",
"DHE-RSA-AES128-SHA256"),
("TLS-RSA-WITH-AES-256-CBC-SHA256",
"+RSA:+AES-256-CBC:+SHA256",
"AES256-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"+DHE-RSA:+AES-256-CBC:+SHA256",
"DHE-RSA-AES256-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
"ECDHE-RSA-AES128-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
"ECDHE-RSA-AES256-SHA384"),
("TLS-RSA-WITH-AES-128-GCM-SHA256",
"+RSA:+AES-128-GCM:+AEAD",
"AES128-GCM-SHA256"),
("TLS-RSA-WITH-AES-256-GCM-SHA384",
"+RSA:+AES-256-GCM:+AEAD",
"AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"+DHE-RSA:+AES-128-GCM:+AEAD",
"DHE-RSA-AES128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"+DHE-RSA:+AES-256-GCM:+AEAD",
"DHE-RSA-AES256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
"ECDHE-RSA-AES128-GCM-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
"ECDHE-RSA-AES256-GCM-SHA384"),
("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
"+PSK:+3DES-CBC:+SHA1",
"PSK-3DES-EDE-CBC-SHA"),
("TLS-PSK-WITH-AES-128-CBC-SHA",
"+PSK:+AES-128-CBC:+SHA1",
"PSK-AES128-CBC-SHA"),
("TLS-PSK-WITH-AES-256-CBC-SHA",
"+PSK:+AES-256-CBC:+SHA1",
"PSK-AES256-CBC-SHA"),
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", None,
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "ECDH-ECDSA-NULL-SHA"),
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
None,
"ECDH-ECDSA-DES-CBC3-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
None,
"ECDH-ECDSA-AES128-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
None,
"ECDH-ECDSA-AES256-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
None,
"ECDH-ECDSA-AES128-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
None,
"ECDH-ECDSA-AES256-SHA384"),
("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
None,
"ECDH-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
None,
"ECDH-ECDSA-AES256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ECDSA-ARIA256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ECDSA-ARIA128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-ECDSA-CHACHA20-POLY1305"),
("TLS-RSA-WITH-DES-CBC-SHA",
None,
"DES-CBC-SHA"),
("TLS-DHE-RSA-WITH-DES-CBC-SHA",
None,
"EDH-RSA-DES-CBC-SHA"),
("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ARIA256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-RSA-ARIA256-GCM-SHA384"),
("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ARIA256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-RSA-ARIA128-GCM-SHA256"),
("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-RSA-CHACHA20-POLY1305"),
("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-RSA-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-PSK-ARIA256-GCM-SHA384"),
("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"PSK-ARIA256-GCM-SHA384"),
("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"PSK-CHACHA20-POLY1305"),
("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-PSK-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-PSK-CHACHA20-POLY1305"),
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", None),
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
"TLS-RSA-WITH-AES-256-CBC-SHA", None),
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-RSA-WITH-AES-128-CBC-SHA", "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", None),
"TLS-RSA-WITH-3DES-EDE-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-WITH-NULL-MD5", "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
"TLS-RSA-WITH-NULL-SHA", None),
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", None),
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
"TLS-ECDHE-RSA-WITH-NULL-SHA", "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
None),
"TLS-RSA-WITH-AES-128-CBC-SHA256", ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
"TLS-RSA-WITH-AES-256-CBC-SHA256", None),
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", None),
"TLS-RSA-WITH-AES-128-GCM-SHA256", ("TLS-RSA-WITH-NULL-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384", "+RSA:+NULL:+SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", None),
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-PSK-WITH-3DES-EDE-CBC-SHA", "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
"TLS-PSK-WITH-AES-128-CBC-SHA", None),
"TLS-PSK-WITH-AES-256-CBC-SHA", ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
] "+RSA:+CAMELLIA-128-CBC:+SHA256",
g_ciphers = [ None),
"+ECDHE-ECDSA:+NULL:+SHA1", ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+ECDHE-ECDSA:+3DES-CBC:+SHA1", "+RSA:+CAMELLIA-256-CBC:+SHA256",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1", None),
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1", ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256", None),
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384", ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD", "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD", None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-RSA:+AES-128-CBC:+SHA1", "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+DHE-RSA:+AES-256-CBC:+SHA1", None),
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+DHE-RSA:+3DES-CBC:+SHA1", None),
"+RSA:+AES-256-CBC:+SHA1", ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA:+CAMELLIA-256-CBC:+SHA1", "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+RSA:+AES-128-CBC:+SHA1", None),
"+RSA:+CAMELLIA-128-CBC:+SHA1", ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA:+3DES-CBC:+SHA1", "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+RSA:+NULL:+MD5", None),
"+RSA:+NULL:+SHA1", ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA:+CAMELLIA-128-GCM:+AEAD",
"+ECDHE-RSA:+AES-128-CBC:+SHA1", None),
"+ECDHE-RSA:+AES-256-CBC:+SHA1", ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+ECDHE-RSA:+3DES-CBC:+SHA1", "+RSA:+CAMELLIA-256-GCM:+AEAD",
"+ECDHE-RSA:+NULL:+SHA1", None),
("TLS-RSA-WITH-AES-128-CCM",
"+RSA:+AES-128-CBC:+SHA256", "+RSA:+AES-128-CCM:+AEAD",
"+DHE-RSA:+AES-128-CBC:+SHA256", None),
"+RSA:+AES-256-CBC:+SHA256", ("TLS-RSA-WITH-AES-256-CCM",
"+DHE-RSA:+AES-256-CBC:+SHA256", "+RSA:+AES-256-CCM:+AEAD",
"+ECDHE-RSA:+AES-128-CBC:+SHA256", None),
"+ECDHE-RSA:+AES-256-CBC:+SHA384", ("TLS-DHE-RSA-WITH-AES-128-CCM",
"+RSA:+AES-128-GCM:+AEAD", "+DHE-RSA:+AES-128-CCM:+AEAD",
"+RSA:+AES-256-GCM:+AEAD", None),
"+DHE-RSA:+AES-128-GCM:+AEAD", ("TLS-DHE-RSA-WITH-AES-256-CCM",
"+DHE-RSA:+AES-256-GCM:+AEAD", "+DHE-RSA:+AES-256-CCM:+AEAD",
"+ECDHE-RSA:+AES-128-GCM:+AEAD", None),
"+ECDHE-RSA:+AES-256-GCM:+AEAD", ("TLS-RSA-WITH-AES-128-CCM-8",
"+RSA:+AES-128-CCM-8:+AEAD",
"+PSK:+3DES-CBC:+SHA1", None),
"+PSK:+AES-128-CBC:+SHA1", ("TLS-RSA-WITH-AES-256-CCM-8",
"+PSK:+AES-256-CBC:+SHA1", "+RSA:+AES-256-CCM-8:+AEAD",
] None),
o_ciphers = [ ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
"ECDHE-ECDSA-NULL-SHA", "+DHE-RSA:+AES-128-CCM-8:+AEAD",
"ECDHE-ECDSA-DES-CBC3-SHA", None),
"ECDHE-ECDSA-AES128-SHA", ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
"ECDHE-ECDSA-AES256-SHA", "+DHE-RSA:+AES-256-CCM-8:+AEAD",
None),
"ECDHE-ECDSA-AES128-SHA256", ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
"ECDHE-ECDSA-AES256-SHA384", "+DHE-PSK:+3DES-CBC:+SHA1",
"ECDHE-ECDSA-AES128-GCM-SHA256", None),
"ECDHE-ECDSA-AES256-GCM-SHA384", ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
"+DHE-PSK:+AES-128-CBC:+SHA1",
"DHE-RSA-AES128-SHA", None),
"DHE-RSA-AES256-SHA", ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
"DHE-RSA-CAMELLIA128-SHA", "+DHE-PSK:+AES-256-CBC:+SHA1",
"DHE-RSA-CAMELLIA256-SHA", None),
"EDH-RSA-DES-CBC3-SHA", ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
"AES256-SHA", "+ECDHE-PSK:+AES-256-CBC:+SHA1",
"CAMELLIA256-SHA", None),
"AES128-SHA", ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
"CAMELLIA128-SHA", "+ECDHE-PSK:+AES-128-CBC:+SHA1",
"DES-CBC3-SHA", None),
"NULL-MD5", ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
"NULL-SHA", "+ECDHE-PSK:+3DES-CBC:+SHA1",
None),
"ECDHE-RSA-AES128-SHA", ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
"ECDHE-RSA-AES256-SHA", "+RSA-PSK:+3DES-CBC:+SHA1",
"ECDHE-RSA-DES-CBC3-SHA", None),
"ECDHE-RSA-NULL-SHA", ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
"+RSA-PSK:+AES-256-CBC:+SHA1",
#"NULL-SHA256", None),
"AES128-SHA256", ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
"DHE-RSA-AES128-SHA256", "+RSA-PSK:+AES-128-CBC:+SHA1",
"AES256-SHA256", None),
"DHE-RSA-AES256-SHA256", ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
"ECDHE-RSA-AES128-SHA256", "+ECDHE-PSK:+AES-256-CBC:+SHA384",
"ECDHE-RSA-AES256-SHA384", None),
"AES128-GCM-SHA256", ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"AES256-GCM-SHA384", "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
"DHE-RSA-AES128-GCM-SHA256", None),
"DHE-RSA-AES256-GCM-SHA384", ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256", "+ECDHE-PSK:+AES-128-CBC:+SHA256",
"ECDHE-RSA-AES256-GCM-SHA384", None),
("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"PSK-3DES-EDE-CBC-SHA", "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
"PSK-AES128-CBC-SHA", None),
"PSK-AES256-CBC-SHA", ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
"+ECDHE-PSK:+NULL:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-NULL-SHA256",
"+ECDHE-PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-AES-128-CBC-SHA256",
"+PSK:+AES-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-256-CBC-SHA384",
"+PSK:+AES-256-CBC:+SHA384",
None),
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
"+DHE-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
"+DHE-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-NULL-SHA256",
"+PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-NULL-SHA384",
"+PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-NULL-SHA256",
"+DHE-PSK:+NULL:+SHA256",
None),
("TLS-DHE-PSK-WITH-NULL-SHA384",
"+DHE-PSK:+NULL:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
"+RSA-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
"+RSA-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA256",
"+RSA-PSK:+NULL:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA384",
"+RSA-PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-128-GCM-SHA256",
"+PSK:+AES-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-GCM-SHA384",
"+PSK:+AES-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
"+DHE-PSK:+AES-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
"+DHE-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM",
"+PSK:+AES-128-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM",
"+PSK:+AES-256-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM",
"+DHE-PSK:+AES-128-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM",
"+DHE-PSK:+AES-256-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM-8",
"+PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM-8",
"+PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM-8",
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM-8",
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
"+RSA-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
"+RSA-PSK:+AES-128-GCM:+AEAD",
None),
] ]
for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers): for m, g_exp, o_exp in ciphers:
g = translate_gnutls(m) if g_exp != None:
assert_equal(g, g_exp) g = translate_gnutls(m)
assert_equal(g, g_exp)
o = translate_ossl(m) if o_exp != None:
assert_equal(o, o_exp) o = translate_ossl(m)
assert_equal(o, o_exp)
def test_mbedtls_ossl_common():
"""
Translate the MBedTLS ciphersuite names to the common OpenSSL
ciphersite names, and compare them with the true, expected
corresponding OpenSSL ciphersuite name
"""
m_ciphers = [
"TLS-ECDH-ECDSA-WITH-NULL-SHA",
"TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
]
o_ciphers = [
"ECDH-ECDSA-NULL-SHA",
"ECDH-ECDSA-DES-CBC3-SHA",
"ECDH-ECDSA-AES128-SHA",
"ECDH-ECDSA-AES256-SHA",
"ECDH-ECDSA-AES128-SHA256",
"ECDH-ECDSA-AES256-SHA384",
"ECDH-ECDSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-ARIA256-GCM-SHA384",
"ECDHE-ECDSA-ARIA128-GCM-SHA256",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"DES-CBC-SHA",
"EDH-RSA-DES-CBC-SHA",
"ECDHE-ARIA256-GCM-SHA384",
"DHE-RSA-ARIA256-GCM-SHA384",
"ARIA256-GCM-SHA384",
"ECDHE-ARIA128-GCM-SHA256",
"DHE-RSA-ARIA128-GCM-SHA256",
"ARIA128-GCM-SHA256",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-PSK-ARIA256-GCM-SHA384",
"DHE-PSK-ARIA128-GCM-SHA256",
"PSK-ARIA256-GCM-SHA384",
"PSK-ARIA128-GCM-SHA256",
"PSK-CHACHA20-POLY1305",
"ECDHE-PSK-CHACHA20-POLY1305",
"DHE-PSK-CHACHA20-POLY1305",
]
for m, o_exp in zip(m_ciphers, o_ciphers):
o = translate_ossl(m)
assert_equal(o, o_exp)
def test_mbedtls_gnutls_common():
"""
Translate the MBedTLS ciphersuite names to the common GnuTLS
ciphersite names, and compare them with the true, expected
corresponding GnuTLS ciphersuite names
"""
m_ciphers = [
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
"TLS-RSA-WITH-NULL-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-CCM",
"TLS-RSA-WITH-AES-256-CCM",
"TLS-DHE-RSA-WITH-AES-128-CCM",
"TLS-DHE-RSA-WITH-AES-256-CCM",
"TLS-RSA-WITH-AES-128-CCM-8",
"TLS-RSA-WITH-AES-256-CCM-8",
"TLS-DHE-RSA-WITH-AES-128-CCM-8",
"TLS-DHE-RSA-WITH-AES-256-CCM-8",
"TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-PSK-WITH-NULL-SHA384",
"TLS-ECDHE-PSK-WITH-NULL-SHA256",
"TLS-PSK-WITH-AES-128-CBC-SHA256",
"TLS-PSK-WITH-AES-256-CBC-SHA384",
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
"TLS-PSK-WITH-NULL-SHA256",
"TLS-PSK-WITH-NULL-SHA384",
"TLS-DHE-PSK-WITH-NULL-SHA256",
"TLS-DHE-PSK-WITH-NULL-SHA384",
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
"TLS-RSA-PSK-WITH-NULL-SHA256",
"TLS-RSA-PSK-WITH-NULL-SHA384",
"TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-PSK-WITH-AES-128-GCM-SHA256",
"TLS-PSK-WITH-AES-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
"TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
"TLS-PSK-WITH-AES-128-CCM",
"TLS-PSK-WITH-AES-256-CCM",
"TLS-DHE-PSK-WITH-AES-128-CCM",
"TLS-DHE-PSK-WITH-AES-256-CCM",
"TLS-PSK-WITH-AES-128-CCM-8",
"TLS-PSK-WITH-AES-256-CCM-8",
"TLS-DHE-PSK-WITH-AES-128-CCM-8",
"TLS-DHE-PSK-WITH-AES-256-CCM-8",
"TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
"TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
]
g_ciphers = [
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
"+RSA:+NULL:+SHA256",
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
"+RSA:+CAMELLIA-128-CBC:+SHA256",
"+RSA:+CAMELLIA-256-CBC:+SHA256",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+RSA:+CAMELLIA-128-GCM:+AEAD",
"+RSA:+CAMELLIA-256-GCM:+AEAD",
"+RSA:+AES-128-CCM:+AEAD",
"+RSA:+AES-256-CCM:+AEAD",
"+DHE-RSA:+AES-128-CCM:+AEAD",
"+DHE-RSA:+AES-256-CCM:+AEAD",
"+RSA:+AES-128-CCM-8:+AEAD",
"+RSA:+AES-256-CCM-8:+AEAD",
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
"+DHE-PSK:+3DES-CBC:+SHA1",
"+DHE-PSK:+AES-128-CBC:+SHA1",
"+DHE-PSK:+AES-256-CBC:+SHA1",
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
"+ECDHE-PSK:+3DES-CBC:+SHA1",
"+RSA-PSK:+3DES-CBC:+SHA1",
"+RSA-PSK:+AES-256-CBC:+SHA1",
"+RSA-PSK:+AES-128-CBC:+SHA1",
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-PSK:+NULL:+SHA384",
"+ECDHE-PSK:+NULL:+SHA256",
"+PSK:+AES-128-CBC:+SHA256",
"+PSK:+AES-256-CBC:+SHA384",
"+DHE-PSK:+AES-128-CBC:+SHA256",
"+DHE-PSK:+AES-256-CBC:+SHA384",
"+PSK:+NULL:+SHA256",
"+PSK:+NULL:+SHA384",
"+DHE-PSK:+NULL:+SHA256",
"+DHE-PSK:+NULL:+SHA384",
"+RSA-PSK:+AES-256-CBC:+SHA384",
"+RSA-PSK:+AES-128-CBC:+SHA256",
"+RSA-PSK:+NULL:+SHA256",
"+RSA-PSK:+NULL:+SHA384",
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
"+PSK:+CAMELLIA-128-CBC:+SHA256",
"+PSK:+CAMELLIA-256-CBC:+SHA384",
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
"+PSK:+AES-128-GCM:+AEAD",
"+PSK:+AES-256-GCM:+AEAD",
"+DHE-PSK:+AES-128-GCM:+AEAD",
"+DHE-PSK:+AES-256-GCM:+AEAD",
"+PSK:+AES-128-CCM:+AEAD",
"+PSK:+AES-256-CCM:+AEAD",
"+DHE-PSK:+AES-128-CCM:+AEAD",
"+DHE-PSK:+AES-256-CCM:+AEAD",
"+PSK:+AES-128-CCM-8:+AEAD",
"+PSK:+AES-256-CCM-8:+AEAD",
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
"+PSK:+CAMELLIA-128-GCM:+AEAD",
"+PSK:+CAMELLIA-256-GCM:+AEAD",
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
"+RSA-PSK:+AES-256-GCM:+AEAD",
"+RSA-PSK:+AES-128-GCM:+AEAD",
]
for m, g_exp in zip(m_ciphers, g_ciphers):
g = translate_gnutls(m)
assert_equal(g, g_exp)
test_all_common() test_all_common()
test_mbedtls_ossl_common()
test_mbedtls_gnutls_common()

59
tests/scripts/translate_ciphers.py
View File

@ -21,15 +21,13 @@
Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
standards. standards.
Format and analyse strings past in via input arguments to match
the expected strings utilised in compat.sh.
sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
sys.argv[2] should be a string containing one or more ciphersuite names. sys.argv[2] should be a string containing one or more ciphersuite names.
""" """
import re import re
import sys import sys
import argparse
def translate_gnutls(m_cipher): def translate_gnutls(m_cipher):
""" """
@ -37,27 +35,25 @@ def translate_gnutls(m_cipher):
and return the GnuTLS naming convention and return the GnuTLS naming convention
""" """
# Remove "TLS-" m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
# Replace "-WITH-" with ":+"
# Remove "EDE"
m_cipher = "+" + m_cipher[4:]
m_cipher = m_cipher.replace("-WITH-", ":+") m_cipher = m_cipher.replace("-WITH-", ":+")
m_cipher = m_cipher.replace("-EDE", "") m_cipher = m_cipher.replace("-EDE", "")
# SHA == SHA1, if the last 3 chars are SHA append 1 # SHA in Mbed TLS == SHA1 GnuTLS,
# if the last 3 chars are SHA append 1
if m_cipher[-3:] == "SHA": if m_cipher[-3:] == "SHA":
m_cipher = m_cipher+"1" m_cipher = m_cipher+"1"
# CCM or CCM-8 should be followed by ":+AEAD" # CCM or CCM-8 should be followed by ":+AEAD"
if "CCM" in m_cipher: # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
if "CCM" in m_cipher or "GCM" in m_cipher:
m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
m_cipher = m_cipher+":+AEAD" m_cipher = m_cipher+":+AEAD"
# Replace the last "-" with ":+" # Replace the last "-" with ":+"
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
else: else:
index = m_cipher.rindex("-") index = m_cipher.rindex("-")
m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
return m_cipher return m_cipher
@ -67,9 +63,7 @@ def translate_ossl(m_cipher):
and return the OpenSSL naming convention and return the OpenSSL naming convention
""" """
# Remove "TLS-" m_cipher = re.sub(r'^TLS-', '', m_cipher)
# Remove "WITH"
m_cipher = m_cipher[4:]
m_cipher = m_cipher.replace("-WITH", "") m_cipher = m_cipher.replace("-WITH", "")
# Remove the "-" from "ABC-xyz" # Remove the "-" from "ABC-xyz"
@ -78,8 +72,7 @@ def translate_ossl(m_cipher):
m_cipher = m_cipher.replace("ARIA-", "ARIA") m_cipher = m_cipher.replace("ARIA-", "ARIA")
# Remove "RSA" if it is at the beginning # Remove "RSA" if it is at the beginning
if m_cipher[:4] == "RSA-": m_cipher = re.sub(r'^RSA-', r'', m_cipher)
m_cipher = m_cipher[4:]
# For all circumstances outside of PSK # For all circumstances outside of PSK
if "PSK" not in m_cipher: if "PSK" not in m_cipher:
@ -87,10 +80,7 @@ def translate_ossl(m_cipher):
m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
# Remove "CBC" if it is not prefixed by DES # Remove "CBC" if it is not prefixed by DES
if "CBC" in m_cipher: m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
index = m_cipher.rindex("CBC")
if m_cipher[index-4:index-1] != "DES":
m_cipher = m_cipher.replace("CBC-", "")
# ECDHE-RSA-ARIA does not exist in OpenSSL # ECDHE-RSA-ARIA does not exist in OpenSSL
m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA") m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
@ -106,23 +96,16 @@ def translate_ossl(m_cipher):
return m_cipher return m_cipher
def format_ciphersuite_names(mode, ciphers): def format_ciphersuite_names(mode, names):
try: t = {"g": translate_gnutls, "o": translate_ossl}[mode]
t = {"g": translate_gnutls, "o": translate_ossl}[mode] return " ".join(t(c) for c in names)
return " ".join(t(c) for c in ciphers.split())
except (KeyError) as e:
print(e)
print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
sys.exit(1)
def main(): def main(target, names):
if len(sys.argv) != 3: print(format_ciphersuite_names(target, names))
print("""Incorrect number of arguments.
The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
The second argument should a single space seperated string of MBedTLS ciphersuite names""")
sys.exit(1)
print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
sys.exit(0)
if __name__ == "__main__": if __name__ == "__main__":
main() PARSER = argparse.ArgumentParser()
PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
PARSER.add_argument('names', metavar='NAMES', nargs='+')
ARGS = PARSER.parse_args()
main(ARGS.target, ARGS.names)