yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-04 14:08:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move translate scripts to appropriate folder

Browse source 
"tests/scripts/*.py is executable programs used only for testing"

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
This commit is contained in:
Joe Subbiani 2021-07-28 15:51:02 +01:00
parent 4a703cef89
commit f3fcc29eb1
4 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

136
tests/scripts/test_translate_ciphers_format.sh Executable file
View file

@ -0,0 +1,136 @@
#!/bin/sh
# test_translate_ciphers_format.sh
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# Test translate_ciphers.py formatting by comparing the translated
# ciphersuite names to the true names. As in compat.sh, the spaces between
# the ciphersuite names are normalised.
#
# On fail, the translated cipher suite names do not match the correct ones.
# In this case the difference will be printed in stdout.
#
# This files main purpose is to ensure translate_ciphers.py can take strings
# in the expected format and return them in the format compat.sh will expect.
# Ciphers that will use translate_ciphers.py
M_CIPHERS=""
O_CIPHERS=""
G_CIPHERS=""
# Ciphers taken directly from compat.sh
Mt_CIPHERS=""
Ot_CIPHERS=""
Gt_CIPHERS=""
# Initial list to be split into 3
CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
M_CIPHERS="$M_CIPHERS $CIPHERS"
G=`python3 translate_ciphers.py g "$CIPHERS"`
G_CIPHERS="$G_CIPHERS $G"
O=`python3 translate_ciphers.py o "$CIPHERS"`
O_CIPHERS="$O_CIPHERS $O"
Mt_CIPHERS="$Mt_CIPHERS \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
Gt_CIPHERS="$Gt_CIPHERS \
+ECDHE-ECDSA:+NULL:+SHA1 \
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
"
Ot_CIPHERS="$Ot_CIPHERS \
ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
"
# Initial list to be split into 3
CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
"
M_CIPHERS="$M_CIPHERS $CIPHERS"
G=`python3 translate_ciphers.py g "$CIPHERS"`
G_CIPHERS="$G_CIPHERS $G"
O=`python3 translate_ciphers.py o "$CIPHERS"`
O_CIPHERS="$O_CIPHERS $O"
Mt_CIPHERS="$Mt_CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
"
Gt_CIPHERS="$Gt_CIPHERS \
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
"
Ot_CIPHERS="$Ot_CIPHERS \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
"
# Normalise spacing
M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
# Compare the compat.sh names with the translated names
# Upon fail, print them to view the differences
if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
then
echo "MBEDTLS Translated: $M_CIPHERS"
echo "MBEDTLS Original: $Mt_CIPHERS"
fi
if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
then
echo "GNUTLS Translated: $G_CIPHERS"
echo "GNUTLS Original: $Gt_CIPHERS"
fi
if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
then
echo "OpenSSL Translated: $O_CIPHERS"
echo "OpenSSL Original: $Ot_CIPHERS"
fi

445
tests/scripts/test_translate_ciphers_names.py Executable file
View file

@ -0,0 +1,445 @@
#!/usr/bin/env python3
# test_translate_ciphers_names.py
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# Test translate_ciphers.py by running every MBedTLS ciphersuite name
# combination through the translate functions and comparing them to their
# correct GNUTLS or OpenSSL counterpart.
from translate_ciphers import *
def assert_equal(translate, original):
try:
assert(translate == original)
except AssertionError:
print("%s\n%s\n" %(translate, original))
def test_all_common():
m_ciphers = [
"TLS-ECDHE-ECDSA-WITH-NULL-SHA",
"TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-NULL-MD5",
"TLS-RSA-WITH-NULL-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-NULL-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-PSK-WITH-AES-128-CBC-SHA",
"TLS-PSK-WITH-AES-256-CBC-SHA",
]
g_ciphers = [
"+ECDHE-ECDSA:+NULL:+SHA1",
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
"+DHE-RSA:+AES-128-CBC:+SHA1",
"+DHE-RSA:+AES-256-CBC:+SHA1",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
"+DHE-RSA:+3DES-CBC:+SHA1",
"+RSA:+AES-256-CBC:+SHA1",
"+RSA:+CAMELLIA-256-CBC:+SHA1",
"+RSA:+AES-128-CBC:+SHA1",
"+RSA:+CAMELLIA-128-CBC:+SHA1",
"+RSA:+3DES-CBC:+SHA1",
"+RSA:+NULL:+MD5",
"+RSA:+NULL:+SHA1",
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
"+ECDHE-RSA:+3DES-CBC:+SHA1",
"+ECDHE-RSA:+NULL:+SHA1",
"+RSA:+AES-128-CBC:+SHA256",
"+DHE-RSA:+AES-128-CBC:+SHA256",
"+RSA:+AES-256-CBC:+SHA256",
"+DHE-RSA:+AES-256-CBC:+SHA256",
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
"+RSA:+AES-128-GCM:+AEAD",
"+RSA:+AES-256-GCM:+AEAD",
"+DHE-RSA:+AES-128-GCM:+AEAD",
"+DHE-RSA:+AES-256-GCM:+AEAD",
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
"+PSK:+3DES-CBC:+SHA1",
"+PSK:+AES-128-CBC:+SHA1",
"+PSK:+AES-256-CBC:+SHA1",
]
o_ciphers = [
"ECDHE-ECDSA-NULL-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA",
"DHE-RSA-CAMELLIA128-SHA",
"DHE-RSA-CAMELLIA256-SHA",
"EDH-RSA-DES-CBC3-SHA",
"AES256-SHA",
"CAMELLIA256-SHA",
"AES128-SHA",
"CAMELLIA128-SHA",
"DES-CBC3-SHA",
"NULL-MD5",
"NULL-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"ECDHE-RSA-NULL-SHA",
#"NULL-SHA256",
"AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-SHA384",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"PSK-3DES-EDE-CBC-SHA",
"PSK-AES128-CBC-SHA",
"PSK-AES256-CBC-SHA",
]
for i in range(len(m_ciphers)):
g = translate_gnutls(m_ciphers[i])
assert_equal(g, g_ciphers[i])
o = translate_ossl(m_ciphers[i])
assert_equal(o, o_ciphers[i])
def test_mbedtls_ossl_common():
m_ciphers = [
"TLS-ECDH-ECDSA-WITH-NULL-SHA",
"TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
]
o_ciphers = [
"ECDH-ECDSA-NULL-SHA",
"ECDH-ECDSA-DES-CBC3-SHA",
"ECDH-ECDSA-AES128-SHA",
"ECDH-ECDSA-AES256-SHA",
"ECDH-ECDSA-AES128-SHA256",
"ECDH-ECDSA-AES256-SHA384",
"ECDH-ECDSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-ARIA256-GCM-SHA384",
"ECDHE-ECDSA-ARIA128-GCM-SHA256",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"DES-CBC-SHA",
"EDH-RSA-DES-CBC-SHA",
"ECDHE-ARIA256-GCM-SHA384",
"DHE-RSA-ARIA256-GCM-SHA384",
"ARIA256-GCM-SHA384",
"ECDHE-ARIA128-GCM-SHA256",
"DHE-RSA-ARIA128-GCM-SHA256",
"ARIA128-GCM-SHA256",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-PSK-ARIA256-GCM-SHA384",
"DHE-PSK-ARIA128-GCM-SHA256",
"PSK-ARIA256-GCM-SHA384",
"PSK-ARIA128-GCM-SHA256",
"PSK-CHACHA20-POLY1305",
"ECDHE-PSK-CHACHA20-POLY1305",
"DHE-PSK-CHACHA20-POLY1305",
]
for i in range(len(m_ciphers)):
o = translate_ossl(m_ciphers[i])
assert_equal(o, o_ciphers[i])
def test_mbedtls_gnutls_common():
m_ciphers = [
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
"TLS-RSA-WITH-NULL-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-CCM",
"TLS-RSA-WITH-AES-256-CCM",
"TLS-DHE-RSA-WITH-AES-128-CCM",
"TLS-DHE-RSA-WITH-AES-256-CCM",
"TLS-RSA-WITH-AES-128-CCM-8",
"TLS-RSA-WITH-AES-256-CCM-8",
"TLS-DHE-RSA-WITH-AES-128-CCM-8",
"TLS-DHE-RSA-WITH-AES-256-CCM-8",
"TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-ECDHE-PSK-WITH-NULL-SHA384",
"TLS-ECDHE-PSK-WITH-NULL-SHA256",
"TLS-PSK-WITH-AES-128-CBC-SHA256",
"TLS-PSK-WITH-AES-256-CBC-SHA384",
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
"TLS-PSK-WITH-NULL-SHA256",
"TLS-PSK-WITH-NULL-SHA384",
"TLS-DHE-PSK-WITH-NULL-SHA256",
"TLS-DHE-PSK-WITH-NULL-SHA384",
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
"TLS-RSA-PSK-WITH-NULL-SHA256",
"TLS-RSA-PSK-WITH-NULL-SHA384",
"TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-PSK-WITH-AES-128-GCM-SHA256",
"TLS-PSK-WITH-AES-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
"TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
"TLS-PSK-WITH-AES-128-CCM",
"TLS-PSK-WITH-AES-256-CCM",
"TLS-DHE-PSK-WITH-AES-128-CCM",
"TLS-DHE-PSK-WITH-AES-256-CCM",
"TLS-PSK-WITH-AES-128-CCM-8",
"TLS-PSK-WITH-AES-256-CCM-8",
"TLS-DHE-PSK-WITH-AES-128-CCM-8",
"TLS-DHE-PSK-WITH-AES-256-CCM-8",
"TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
"TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
]
g_ciphers = [
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
"+RSA:+NULL:+SHA256",
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
"+RSA:+CAMELLIA-128-CBC:+SHA256",
"+RSA:+CAMELLIA-256-CBC:+SHA256",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
"+RSA:+CAMELLIA-128-GCM:+AEAD",
"+RSA:+CAMELLIA-256-GCM:+AEAD",
"+RSA:+AES-128-CCM:+AEAD",
"+RSA:+AES-256-CCM:+AEAD",
"+DHE-RSA:+AES-128-CCM:+AEAD",
"+DHE-RSA:+AES-256-CCM:+AEAD",
"+RSA:+AES-128-CCM-8:+AEAD",
"+RSA:+AES-256-CCM-8:+AEAD",
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
"+DHE-PSK:+3DES-CBC:+SHA1",
"+DHE-PSK:+AES-128-CBC:+SHA1",
"+DHE-PSK:+AES-256-CBC:+SHA1",
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
"+ECDHE-PSK:+3DES-CBC:+SHA1",
"+RSA-PSK:+3DES-CBC:+SHA1",
"+RSA-PSK:+AES-256-CBC:+SHA1",
"+RSA-PSK:+AES-128-CBC:+SHA1",
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
"+ECDHE-PSK:+NULL:+SHA384",
"+ECDHE-PSK:+NULL:+SHA256",
"+PSK:+AES-128-CBC:+SHA256",
"+PSK:+AES-256-CBC:+SHA384",
"+DHE-PSK:+AES-128-CBC:+SHA256",
"+DHE-PSK:+AES-256-CBC:+SHA384",
"+PSK:+NULL:+SHA256",
"+PSK:+NULL:+SHA384",
"+DHE-PSK:+NULL:+SHA256",
"+DHE-PSK:+NULL:+SHA384",
"+RSA-PSK:+AES-256-CBC:+SHA384",
"+RSA-PSK:+AES-128-CBC:+SHA256",
"+RSA-PSK:+NULL:+SHA256",
"+RSA-PSK:+NULL:+SHA384",
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
"+PSK:+CAMELLIA-128-CBC:+SHA256",
"+PSK:+CAMELLIA-256-CBC:+SHA384",
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
"+PSK:+AES-128-GCM:+AEAD",
"+PSK:+AES-256-GCM:+AEAD",
"+DHE-PSK:+AES-128-GCM:+AEAD",
"+DHE-PSK:+AES-256-GCM:+AEAD",
"+PSK:+AES-128-CCM:+AEAD",
"+PSK:+AES-256-CCM:+AEAD",
"+DHE-PSK:+AES-128-CCM:+AEAD",
"+DHE-PSK:+AES-256-CCM:+AEAD",
"+PSK:+AES-128-CCM-8:+AEAD",
"+PSK:+AES-256-CCM-8:+AEAD",
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
"+PSK:+CAMELLIA-128-GCM:+AEAD",
"+PSK:+CAMELLIA-256-GCM:+AEAD",
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
"+RSA-PSK:+AES-256-GCM:+AEAD",
"+RSA-PSK:+AES-128-GCM:+AEAD",
]
for i in range(len(m_ciphers)):
g = translate_gnutls(m_ciphers[i])
assert_equal(g, g_ciphers[i])
test_all_common()
test_mbedtls_ossl_common()
test_mbedtls_gnutls_common()

119
tests/scripts/translate_ciphers.py Executable file
View file

@ -0,0 +1,119 @@
#!/usr/bin/env python3
# translate_ciphers.py
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
# standards.
#
# Format and analyse strings past in via input arguments to match
# the expected strings utilised in compat.sh.
#
# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
# sys.argv[2] should be a string containing one or more
# ciphersuite names.
import re
import sys
def translate_gnutls(m_cipher):
# Remove "TLS-"
# Replace "-WITH-" with ":+"
# Remove "EDE"
m_cipher = "+" + m_cipher[4:]
m_cipher = m_cipher.replace("-WITH-", ":+")
m_cipher = m_cipher.replace("-EDE", "")
# SHA == SHA1, if the last 3 chars are SHA append 1
if m_cipher[-3:] == "SHA":
m_cipher = m_cipher+"1"
# CCM or CCM-8 should be followed by ":+AEAD"
if "CCM" in m_cipher:
m_cipher = m_cipher+":+AEAD"
# Replace the last "-" with ":+"
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
else:
index=m_cipher.rindex("-")
m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
return m_cipher
def translate_ossl(m_cipher):
# Remove "TLS-"
# Remove "WITH"
m_cipher = m_cipher[4:]
m_cipher = m_cipher.replace("-WITH", "")
# Remove the "-" from "ABC-xyz"
m_cipher = m_cipher.replace("AES-", "AES")
m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
m_cipher = m_cipher.replace("ARIA-", "ARIA")
# Remove "RSA" if it is at the beginning
if m_cipher[:4] == "RSA-":
m_cipher = m_cipher[4:]
# For all circumstances outside of PSK
if "PSK" not in m_cipher:
m_cipher = m_cipher.replace("-EDE", "")
m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
# Remove "CBC" if it is not prefixed by DES
if "CBC" in m_cipher:
index = m_cipher.rindex("CBC")
if m_cipher[index-4:index-1] != "DES":
m_cipher = m_cipher.replace("CBC-", "")
# ECDHE-RSA-ARIA does not exist in OpenSSL
m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
# POLY1305 should not be followed by anything
if "POLY1305" in m_cipher:
index = m_cipher.rindex("POLY1305")
m_cipher=m_cipher[:index+8]
# If DES is being used, Replace DHE with EDH
if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
m_cipher = m_cipher.replace("DHE", "EDH")
return m_cipher
def format_ciphersuite_names(mode, ciphers):
try:
t = {"g": translate_gnutls, "o": translate_ossl}[mode]
return " ".join(t(c) for c in ciphers.split())
except Exception as E:
if E != mode: print(E)
else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
sys.exit(1)
def main():
if len(sys.argv) != 3:
print("""Incorrect number of arguments.
The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
The second argument should a single space seperated string of MBedTLS ciphersuite names""")
sys.exit(1)
print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
sys.exit(0)
if __name__ == "__main__":
main()