Improve consitancy and useability
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
avoid needing to rely on indexes
test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors
compat.sh
- Improved how translate_ciphers.py is called
translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh
index 6f1bdd0..1dc7bbc 100755
--- a/tests/scripts/test_translate_ciphers_format.sh
+++ b/tests/scripts/test_translate_ciphers_format.sh
@@ -29,84 +29,71 @@
# This files main purpose is to ensure translate_ciphers.py can take strings
# in the expected format and return them in the format compat.sh will expect.
+set -eu
+
if cd $( dirname $0 ); then :; else
echo "cd $( dirname $0 ) failed" >&2
exit 1
fi
-# Ciphers that will use translate_ciphers.py
-M_CIPHERS=""
+fail=0
+
+# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
+O_TRANSLATED_CIPHERS=""
+G_TRANSLATED_CIPHERS=""
+
+# Initalize ciphers that are known to be in the correct format
O_CIPHERS=""
G_CIPHERS=""
-# Ciphers taken directly from compat.sh
-Mt_CIPHERS=""
-Ot_CIPHERS=""
-Gt_CIPHERS=""
-
-# Initial list to be split into 3
+# Mbed TLS ciphersuite names to be translated
+# into GnuTLS and OpenSSL
CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
-M_CIPHERS="$M_CIPHERS $CIPHERS"
+G=$(./translate_ciphers.py g $CIPHERS) || fail=1
+G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
-G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS $G"
+O=$(./translate_ciphers.py o $CIPHERS) || fail=1
+O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
-O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS $O"
-
-Mt_CIPHERS="$Mt_CIPHERS \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- "
-Gt_CIPHERS="$Gt_CIPHERS \
+G_CIPHERS="$G_CIPHERS \
+ECDHE-ECDSA:+NULL:+SHA1 \
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
"
-Ot_CIPHERS="$Ot_CIPHERS \
+O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
"
-
-# Initial list to be split into 3
-CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+# Mbed TLS ciphersuite names to be translated
+# into GnuTLS and OpenSSL
+CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
"
-M_CIPHERS="$M_CIPHERS $CIPHERS"
+G=$(./translate_ciphers.py g $CIPHERS) || fail=1
+G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
-G=`python3 translate_ciphers.py g "$CIPHERS"`
-G_CIPHERS="$G_CIPHERS $G"
+O=$(./translate_ciphers.py o $CIPHERS) || fail=1
+O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
-O=`python3 translate_ciphers.py o "$CIPHERS"`
-O_CIPHERS="$O_CIPHERS $O"
-
-Mt_CIPHERS="$Mt_CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- "
-Gt_CIPHERS="$Gt_CIPHERS \
+G_CIPHERS="$G_CIPHERS \
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
"
-Ot_CIPHERS="$Ot_CIPHERS \
+O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
@@ -114,28 +101,25 @@
"
# Normalise spacing
-M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
+O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
-Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
-Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
+G_CIPHERS=$( echo $G_CIPHERS )
+O_CIPHERS=$( echo $O_CIPHERS )
# Compare the compat.sh names with the translated names
# Upon fail, print them to view the differences
-if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
+if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
then
- echo "MBEDTLS Translated: $M_CIPHERS"
- echo "MBEDTLS Original: $Mt_CIPHERS"
+ echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS"
+ echo "GnuTLS Original: $G_CIPHERS"
+ fail=1
fi
-if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
+if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
then
- echo "GNUTLS Translated: $G_CIPHERS"
- echo "GNUTLS Original: $Gt_CIPHERS"
+ echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
+ echo "OpenSSL Original: $O_CIPHERS"
+ fail=1
fi
-if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
-then
- echo "OpenSSL Translated: $O_CIPHERS"
- echo "OpenSSL Original: $Ot_CIPHERS"
-fi
+
+exit $fail
diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py
index 84bcc99..33ad4e3 100755
--- a/tests/scripts/test_translate_ciphers_names.py
+++ b/tests/scripts/test_translate_ciphers_names.py
@@ -19,11 +19,11 @@
#
"""
-Test translate_ciphers.py by running every MBedTLS ciphersuite name
+Test translate_ciphers.py by running every Mbed TLS ciphersuite name
combination through the translate functions and comparing them to their
correct GNUTLS or OpenSSL counterpart.
"""
-
+import sys
from translate_ciphers import translate_gnutls, translate_ossl
def assert_equal(translate, original):
@@ -36,431 +36,474 @@
assert translate == original
except AssertionError:
print("%s\n%s\n" %(translate, original))
+ sys.exit(1)
def test_all_common():
"""
- Translate the MBedTLS ciphersuite names to the common OpenSSL and
- GnuTLS ciphersite names, and compare them with the true, expected
+ Translate the Mbed TLS ciphersuite names to the common OpenSSL and
+ GnuTLS ciphersuite names, and compare them with the true, expected
corresponding OpenSSL and GnuTLS ciphersuite names
"""
- m_ciphers = [
- "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
- "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
- "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
- "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+ ciphers = [
+ ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+ "+ECDHE-ECDSA:+NULL:+SHA1",
+ "ECDHE-ECDSA-NULL-SHA"),
+ ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+ "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+ "ECDHE-ECDSA-DES-CBC3-SHA"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+ "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+ "ECDHE-ECDSA-AES128-SHA"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+ "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+ "ECDHE-ECDSA-AES256-SHA"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+ "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+ "ECDHE-ECDSA-AES128-SHA256"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+ "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+ "ECDHE-ECDSA-AES256-SHA384"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+ "ECDHE-ECDSA-AES128-GCM-SHA256"),
+ ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+ "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+ "ECDHE-ECDSA-AES256-GCM-SHA384"),
+ ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+ "+DHE-RSA:+AES-128-CBC:+SHA1",
+ "DHE-RSA-AES128-SHA"),
+ ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+ "+DHE-RSA:+AES-256-CBC:+SHA1",
+ "DHE-RSA-AES256-SHA"),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+ "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+ "DHE-RSA-CAMELLIA128-SHA"),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+ "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+ "DHE-RSA-CAMELLIA256-SHA"),
+ ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ "+DHE-RSA:+3DES-CBC:+SHA1",
+ "EDH-RSA-DES-CBC3-SHA"),
+ ("TLS-RSA-WITH-AES-256-CBC-SHA",
+ "+RSA:+AES-256-CBC:+SHA1",
+ "AES256-SHA"),
+ ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+ "+RSA:+CAMELLIA-256-CBC:+SHA1",
+ "CAMELLIA256-SHA"),
+ ("TLS-RSA-WITH-AES-128-CBC-SHA",
+ "+RSA:+AES-128-CBC:+SHA1",
+ "AES128-SHA"),
+ ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+ "+RSA:+CAMELLIA-128-CBC:+SHA1",
+ "CAMELLIA128-SHA"),
+ ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+ "+RSA:+3DES-CBC:+SHA1",
+ "DES-CBC3-SHA"),
+ ("TLS-RSA-WITH-NULL-MD5",
+ "+RSA:+NULL:+MD5",
+ "NULL-MD5"),
+ ("TLS-RSA-WITH-NULL-SHA",
+ "+RSA:+NULL:+SHA1",
+ "NULL-SHA"),
+ ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+ "+ECDHE-RSA:+AES-128-CBC:+SHA1",
+ "ECDHE-RSA-AES128-SHA"),
+ ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+ "+ECDHE-RSA:+AES-256-CBC:+SHA1",
+ "ECDHE-RSA-AES256-SHA"),
+ ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ "+ECDHE-RSA:+3DES-CBC:+SHA1",
+ "ECDHE-RSA-DES-CBC3-SHA"),
+ ("TLS-ECDHE-RSA-WITH-NULL-SHA",
+ "+ECDHE-RSA:+NULL:+SHA1",
+ "ECDHE-RSA-NULL-SHA"),
+ ("TLS-RSA-WITH-AES-128-CBC-SHA256",
+ "+RSA:+AES-128-CBC:+SHA256",
+ "AES128-SHA256"),
+ ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+ "+DHE-RSA:+AES-128-CBC:+SHA256",
+ "DHE-RSA-AES128-SHA256"),
+ ("TLS-RSA-WITH-AES-256-CBC-SHA256",
+ "+RSA:+AES-256-CBC:+SHA256",
+ "AES256-SHA256"),
+ ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+ "+DHE-RSA:+AES-256-CBC:+SHA256",
+ "DHE-RSA-AES256-SHA256"),
+ ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+ "+ECDHE-RSA:+AES-128-CBC:+SHA256",
+ "ECDHE-RSA-AES128-SHA256"),
+ ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+ "+ECDHE-RSA:+AES-256-CBC:+SHA384",
+ "ECDHE-RSA-AES256-SHA384"),
+ ("TLS-RSA-WITH-AES-128-GCM-SHA256",
+ "+RSA:+AES-128-GCM:+AEAD",
+ "AES128-GCM-SHA256"),
+ ("TLS-RSA-WITH-AES-256-GCM-SHA384",
+ "+RSA:+AES-256-GCM:+AEAD",
+ "AES256-GCM-SHA384"),
+ ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+ "+DHE-RSA:+AES-128-GCM:+AEAD",
+ "DHE-RSA-AES128-GCM-SHA256"),
+ ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+ "+DHE-RSA:+AES-256-GCM:+AEAD",
+ "DHE-RSA-AES256-GCM-SHA384"),
+ ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+ "+ECDHE-RSA:+AES-128-GCM:+AEAD",
+ "ECDHE-RSA-AES128-GCM-SHA256"),
+ ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+ "+ECDHE-RSA:+AES-256-GCM:+AEAD",
+ "ECDHE-RSA-AES256-GCM-SHA384"),
+ ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+ "+PSK:+3DES-CBC:+SHA1",
+ "PSK-3DES-EDE-CBC-SHA"),
+ ("TLS-PSK-WITH-AES-128-CBC-SHA",
+ "+PSK:+AES-128-CBC:+SHA1",
+ "PSK-AES128-CBC-SHA"),
+ ("TLS-PSK-WITH-AES-256-CBC-SHA",
+ "+PSK:+AES-256-CBC:+SHA1",
+ "PSK-AES256-CBC-SHA"),
- "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
- "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
- "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+ ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
+ None,
+ "ECDH-ECDSA-NULL-SHA"),
+ ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+ None,
+ "ECDH-ECDSA-DES-CBC3-SHA"),
+ ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+ None,
+ "ECDH-ECDSA-AES128-SHA"),
+ ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+ None,
+ "ECDH-ECDSA-AES256-SHA"),
+ ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+ None,
+ "ECDH-ECDSA-AES128-SHA256"),
+ ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+ None,
+ "ECDH-ECDSA-AES256-SHA384"),
+ ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+ None,
+ "ECDH-ECDSA-AES128-GCM-SHA256"),
+ ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+ None,
+ "ECDH-ECDSA-AES256-GCM-SHA384"),
+ ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
+ ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
+ ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "ECDHE-ECDSA-CHACHA20-POLY1305"),
+ ("TLS-RSA-WITH-DES-CBC-SHA",
+ None,
+ "DES-CBC-SHA"),
+ ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
+ None,
+ "EDH-RSA-DES-CBC-SHA"),
+ ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "ECDHE-ARIA256-GCM-SHA384"),
+ ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "DHE-RSA-ARIA256-GCM-SHA384"),
+ ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "ARIA256-GCM-SHA384"),
+ ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "ECDHE-ARIA128-GCM-SHA256"),
+ ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "DHE-RSA-ARIA128-GCM-SHA256"),
+ ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "ARIA128-GCM-SHA256"),
+ ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "DHE-RSA-CHACHA20-POLY1305"),
+ ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "ECDHE-RSA-CHACHA20-POLY1305"),
+ ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "DHE-PSK-ARIA256-GCM-SHA384"),
+ ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "DHE-PSK-ARIA128-GCM-SHA256"),
+ ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+ None,
+ "PSK-ARIA256-GCM-SHA384"),
+ ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+ None,
+ "PSK-ARIA128-GCM-SHA256"),
+ ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "PSK-CHACHA20-POLY1305"),
+ ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "ECDHE-PSK-CHACHA20-POLY1305"),
+ ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ None,
+ "DHE-PSK-CHACHA20-POLY1305"),
- "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
- "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
- "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
- "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
- "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
- "TLS-RSA-WITH-AES-256-CBC-SHA",
- "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
- "TLS-RSA-WITH-AES-128-CBC-SHA",
- "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
- "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
- "TLS-RSA-WITH-NULL-MD5",
- "TLS-RSA-WITH-NULL-SHA",
-
- "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
- "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
- "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
- "TLS-ECDHE-RSA-WITH-NULL-SHA",
-
- "TLS-RSA-WITH-AES-128-CBC-SHA256",
- "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
- "TLS-RSA-WITH-AES-256-CBC-SHA256",
- "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
- "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
- "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
- "TLS-RSA-WITH-AES-128-GCM-SHA256",
- "TLS-RSA-WITH-AES-256-GCM-SHA384",
- "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
- "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
- "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
- "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-
- "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
- "TLS-PSK-WITH-AES-128-CBC-SHA",
- "TLS-PSK-WITH-AES-256-CBC-SHA",
- ]
- g_ciphers = [
- "+ECDHE-ECDSA:+NULL:+SHA1",
- "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
- "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
- "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
-
- "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
- "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
- "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
-
- "+DHE-RSA:+AES-128-CBC:+SHA1",
- "+DHE-RSA:+AES-256-CBC:+SHA1",
- "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
- "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
- "+DHE-RSA:+3DES-CBC:+SHA1",
- "+RSA:+AES-256-CBC:+SHA1",
- "+RSA:+CAMELLIA-256-CBC:+SHA1",
- "+RSA:+AES-128-CBC:+SHA1",
- "+RSA:+CAMELLIA-128-CBC:+SHA1",
- "+RSA:+3DES-CBC:+SHA1",
- "+RSA:+NULL:+MD5",
- "+RSA:+NULL:+SHA1",
-
- "+ECDHE-RSA:+AES-128-CBC:+SHA1",
- "+ECDHE-RSA:+AES-256-CBC:+SHA1",
- "+ECDHE-RSA:+3DES-CBC:+SHA1",
- "+ECDHE-RSA:+NULL:+SHA1",
-
- "+RSA:+AES-128-CBC:+SHA256",
- "+DHE-RSA:+AES-128-CBC:+SHA256",
- "+RSA:+AES-256-CBC:+SHA256",
- "+DHE-RSA:+AES-256-CBC:+SHA256",
- "+ECDHE-RSA:+AES-128-CBC:+SHA256",
- "+ECDHE-RSA:+AES-256-CBC:+SHA384",
- "+RSA:+AES-128-GCM:+AEAD",
- "+RSA:+AES-256-GCM:+AEAD",
- "+DHE-RSA:+AES-128-GCM:+AEAD",
- "+DHE-RSA:+AES-256-GCM:+AEAD",
- "+ECDHE-RSA:+AES-128-GCM:+AEAD",
- "+ECDHE-RSA:+AES-256-GCM:+AEAD",
-
- "+PSK:+3DES-CBC:+SHA1",
- "+PSK:+AES-128-CBC:+SHA1",
- "+PSK:+AES-256-CBC:+SHA1",
- ]
- o_ciphers = [
- "ECDHE-ECDSA-NULL-SHA",
- "ECDHE-ECDSA-DES-CBC3-SHA",
- "ECDHE-ECDSA-AES128-SHA",
- "ECDHE-ECDSA-AES256-SHA",
-
- "ECDHE-ECDSA-AES128-SHA256",
- "ECDHE-ECDSA-AES256-SHA384",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDHE-ECDSA-AES256-GCM-SHA384",
-
- "DHE-RSA-AES128-SHA",
- "DHE-RSA-AES256-SHA",
- "DHE-RSA-CAMELLIA128-SHA",
- "DHE-RSA-CAMELLIA256-SHA",
- "EDH-RSA-DES-CBC3-SHA",
- "AES256-SHA",
- "CAMELLIA256-SHA",
- "AES128-SHA",
- "CAMELLIA128-SHA",
- "DES-CBC3-SHA",
- "NULL-MD5",
- "NULL-SHA",
-
- "ECDHE-RSA-AES128-SHA",
- "ECDHE-RSA-AES256-SHA",
- "ECDHE-RSA-DES-CBC3-SHA",
- "ECDHE-RSA-NULL-SHA",
-
- #"NULL-SHA256",
- "AES128-SHA256",
- "DHE-RSA-AES128-SHA256",
- "AES256-SHA256",
- "DHE-RSA-AES256-SHA256",
- "ECDHE-RSA-AES128-SHA256",
- "ECDHE-RSA-AES256-SHA384",
- "AES128-GCM-SHA256",
- "AES256-GCM-SHA384",
- "DHE-RSA-AES128-GCM-SHA256",
- "DHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256",
- "ECDHE-RSA-AES256-GCM-SHA384",
-
- "PSK-3DES-EDE-CBC-SHA",
- "PSK-AES128-CBC-SHA",
- "PSK-AES256-CBC-SHA",
+ ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+ "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+ "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+ "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+ "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+ "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+ "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+ "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
+ None),
+ ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+ "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
+ None),
+ ("TLS-RSA-WITH-NULL-SHA256",
+ "+RSA:+NULL:+SHA256",
+ None),
+ ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+ "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ "+RSA:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+ "+RSA:+CAMELLIA-256-CBC:+SHA256",
+ None),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+ "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+ None),
+ ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ "+RSA:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ "+RSA:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-RSA-WITH-AES-128-CCM",
+ "+RSA:+AES-128-CCM:+AEAD",
+ None),
+ ("TLS-RSA-WITH-AES-256-CCM",
+ "+RSA:+AES-256-CCM:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-AES-128-CCM",
+ "+DHE-RSA:+AES-128-CCM:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-AES-256-CCM",
+ "+DHE-RSA:+AES-256-CCM:+AEAD",
+ None),
+ ("TLS-RSA-WITH-AES-128-CCM-8",
+ "+RSA:+AES-128-CCM-8:+AEAD",
+ None),
+ ("TLS-RSA-WITH-AES-256-CCM-8",
+ "+RSA:+AES-256-CCM-8:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
+ "+DHE-RSA:+AES-128-CCM-8:+AEAD",
+ None),
+ ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
+ "+DHE-RSA:+AES-256-CCM-8:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+ "+DHE-PSK:+3DES-CBC:+SHA1",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+ "+DHE-PSK:+AES-128-CBC:+SHA1",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+ "+DHE-PSK:+AES-256-CBC:+SHA1",
+ None),
+ ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+ "+ECDHE-PSK:+AES-256-CBC:+SHA1",
+ None),
+ ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+ "+ECDHE-PSK:+AES-128-CBC:+SHA1",
+ None),
+ ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+ "+ECDHE-PSK:+3DES-CBC:+SHA1",
+ None),
+ ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+ "+RSA-PSK:+3DES-CBC:+SHA1",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+ "+RSA-PSK:+AES-256-CBC:+SHA1",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+ "+RSA-PSK:+AES-128-CBC:+SHA1",
+ None),
+ ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+ "+ECDHE-PSK:+AES-256-CBC:+SHA384",
+ None),
+ ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+ "+ECDHE-PSK:+AES-128-CBC:+SHA256",
+ None),
+ ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
+ "+ECDHE-PSK:+NULL:+SHA384",
+ None),
+ ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
+ "+ECDHE-PSK:+NULL:+SHA256",
+ None),
+ ("TLS-PSK-WITH-AES-128-CBC-SHA256",
+ "+PSK:+AES-128-CBC:+SHA256",
+ None),
+ ("TLS-PSK-WITH-AES-256-CBC-SHA384",
+ "+PSK:+AES-256-CBC:+SHA384",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+ "+DHE-PSK:+AES-128-CBC:+SHA256",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+ "+DHE-PSK:+AES-256-CBC:+SHA384",
+ None),
+ ("TLS-PSK-WITH-NULL-SHA256",
+ "+PSK:+NULL:+SHA256",
+ None),
+ ("TLS-PSK-WITH-NULL-SHA384",
+ "+PSK:+NULL:+SHA384",
+ None),
+ ("TLS-DHE-PSK-WITH-NULL-SHA256",
+ "+DHE-PSK:+NULL:+SHA256",
+ None),
+ ("TLS-DHE-PSK-WITH-NULL-SHA384",
+ "+DHE-PSK:+NULL:+SHA384",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+ "+RSA-PSK:+AES-256-CBC:+SHA384",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+ "+RSA-PSK:+AES-128-CBC:+SHA256",
+ None),
+ ("TLS-RSA-PSK-WITH-NULL-SHA256",
+ "+RSA-PSK:+NULL:+SHA256",
+ None),
+ ("TLS-RSA-PSK-WITH-NULL-SHA384",
+ "+RSA-PSK:+NULL:+SHA384",
+ None),
+ ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ "+PSK:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ "+PSK:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
+ None),
+ ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
+ None),
+ ("TLS-PSK-WITH-AES-128-GCM-SHA256",
+ "+PSK:+AES-128-GCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-AES-256-GCM-SHA384",
+ "+PSK:+AES-256-GCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+ "+DHE-PSK:+AES-128-GCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+ "+DHE-PSK:+AES-256-GCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-AES-128-CCM",
+ "+PSK:+AES-128-CCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-AES-256-CCM",
+ "+PSK:+AES-256-CCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-128-CCM",
+ "+DHE-PSK:+AES-128-CCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-256-CCM",
+ "+DHE-PSK:+AES-256-CCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-AES-128-CCM-8",
+ "+PSK:+AES-128-CCM-8:+AEAD",
+ None),
+ ("TLS-PSK-WITH-AES-256-CCM-8",
+ "+PSK:+AES-256-CCM-8:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
+ "+DHE-PSK:+AES-128-CCM-8:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
+ "+DHE-PSK:+AES-256-CCM-8:+AEAD",
+ None),
+ ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ "+PSK:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ "+PSK:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+ "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+ None),
+ ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+ "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+ "+RSA-PSK:+AES-256-GCM:+AEAD",
+ None),
+ ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+ "+RSA-PSK:+AES-128-GCM:+AEAD",
+ None),
]
- for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers):
+ for m, g_exp, o_exp in ciphers:
- g = translate_gnutls(m)
- assert_equal(g, g_exp)
+ if g_exp != None:
+ g = translate_gnutls(m)
+ assert_equal(g, g_exp)
- o = translate_ossl(m)
- assert_equal(o, o_exp)
-
-def test_mbedtls_ossl_common():
- """
- Translate the MBedTLS ciphersuite names to the common OpenSSL
- ciphersite names, and compare them with the true, expected
- corresponding OpenSSL ciphersuite name
- """
- m_ciphers = [
- "TLS-ECDH-ECDSA-WITH-NULL-SHA",
- "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
- "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
- "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-
- "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
- "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
- "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
- "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
- "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
- "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-
- "TLS-RSA-WITH-DES-CBC-SHA",
- "TLS-DHE-RSA-WITH-DES-CBC-SHA",
-
- "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
- "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
- "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
- "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
- "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
- "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
- "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
- "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-
- "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
- "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
- "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
- "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
- "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
- "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
- "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
- ]
- o_ciphers = [
- "ECDH-ECDSA-NULL-SHA",
- "ECDH-ECDSA-DES-CBC3-SHA",
- "ECDH-ECDSA-AES128-SHA",
- "ECDH-ECDSA-AES256-SHA",
-
- "ECDH-ECDSA-AES128-SHA256",
- "ECDH-ECDSA-AES256-SHA384",
- "ECDH-ECDSA-AES128-GCM-SHA256",
- "ECDH-ECDSA-AES256-GCM-SHA384",
- "ECDHE-ECDSA-ARIA256-GCM-SHA384",
- "ECDHE-ECDSA-ARIA128-GCM-SHA256",
- "ECDHE-ECDSA-CHACHA20-POLY1305",
-
- "DES-CBC-SHA",
- "EDH-RSA-DES-CBC-SHA",
-
- "ECDHE-ARIA256-GCM-SHA384",
- "DHE-RSA-ARIA256-GCM-SHA384",
- "ARIA256-GCM-SHA384",
- "ECDHE-ARIA128-GCM-SHA256",
- "DHE-RSA-ARIA128-GCM-SHA256",
- "ARIA128-GCM-SHA256",
- "DHE-RSA-CHACHA20-POLY1305",
- "ECDHE-RSA-CHACHA20-POLY1305",
-
- "DHE-PSK-ARIA256-GCM-SHA384",
- "DHE-PSK-ARIA128-GCM-SHA256",
- "PSK-ARIA256-GCM-SHA384",
- "PSK-ARIA128-GCM-SHA256",
- "PSK-CHACHA20-POLY1305",
- "ECDHE-PSK-CHACHA20-POLY1305",
- "DHE-PSK-CHACHA20-POLY1305",
- ]
-
- for m, o_exp in zip(m_ciphers, o_ciphers):
-
- o = translate_ossl(m)
- assert_equal(o, o_exp)
-
-def test_mbedtls_gnutls_common():
- """
- Translate the MBedTLS ciphersuite names to the common GnuTLS
- ciphersite names, and compare them with the true, expected
- corresponding GnuTLS ciphersuite names
- """
- m_ciphers = [
- "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
- "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
- "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
- "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-
- "TLS-RSA-WITH-NULL-SHA256",
-
- "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
- "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
- "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-RSA-WITH-AES-128-CCM",
- "TLS-RSA-WITH-AES-256-CCM",
- "TLS-DHE-RSA-WITH-AES-128-CCM",
- "TLS-DHE-RSA-WITH-AES-256-CCM",
- "TLS-RSA-WITH-AES-128-CCM-8",
- "TLS-RSA-WITH-AES-256-CCM-8",
- "TLS-DHE-RSA-WITH-AES-128-CCM-8",
- "TLS-DHE-RSA-WITH-AES-256-CCM-8",
-
- "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
- "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
- "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-
- "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
- "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
- "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
- "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
- "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
- "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-
- "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
- "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
- "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-ECDHE-PSK-WITH-NULL-SHA384",
- "TLS-ECDHE-PSK-WITH-NULL-SHA256",
- "TLS-PSK-WITH-AES-128-CBC-SHA256",
- "TLS-PSK-WITH-AES-256-CBC-SHA384",
- "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
- "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
- "TLS-PSK-WITH-NULL-SHA256",
- "TLS-PSK-WITH-NULL-SHA384",
- "TLS-DHE-PSK-WITH-NULL-SHA256",
- "TLS-DHE-PSK-WITH-NULL-SHA384",
- "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
- "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
- "TLS-RSA-PSK-WITH-NULL-SHA256",
- "TLS-RSA-PSK-WITH-NULL-SHA384",
- "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
- "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
- "TLS-PSK-WITH-AES-128-GCM-SHA256",
- "TLS-PSK-WITH-AES-256-GCM-SHA384",
- "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
- "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
- "TLS-PSK-WITH-AES-128-CCM",
- "TLS-PSK-WITH-AES-256-CCM",
- "TLS-DHE-PSK-WITH-AES-128-CCM",
- "TLS-DHE-PSK-WITH-AES-256-CCM",
- "TLS-PSK-WITH-AES-128-CCM-8",
- "TLS-PSK-WITH-AES-256-CCM-8",
- "TLS-DHE-PSK-WITH-AES-128-CCM-8",
- "TLS-DHE-PSK-WITH-AES-256-CCM-8",
- "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
- "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
- "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
- "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
- ]
- g_ciphers = [
- "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
- "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
- "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
- "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
- "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
- "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
- "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
-
- "+RSA:+NULL:+SHA256",
-
- "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
- "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
- "+RSA:+CAMELLIA-128-CBC:+SHA256",
- "+RSA:+CAMELLIA-256-CBC:+SHA256",
- "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
- "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
- "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
- "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
- "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
- "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
- "+RSA:+CAMELLIA-128-GCM:+AEAD",
- "+RSA:+CAMELLIA-256-GCM:+AEAD",
- "+RSA:+AES-128-CCM:+AEAD",
- "+RSA:+AES-256-CCM:+AEAD",
- "+DHE-RSA:+AES-128-CCM:+AEAD",
- "+DHE-RSA:+AES-256-CCM:+AEAD",
- "+RSA:+AES-128-CCM-8:+AEAD",
- "+RSA:+AES-256-CCM-8:+AEAD",
- "+DHE-RSA:+AES-128-CCM-8:+AEAD",
- "+DHE-RSA:+AES-256-CCM-8:+AEAD",
-
- "+DHE-PSK:+3DES-CBC:+SHA1",
- "+DHE-PSK:+AES-128-CBC:+SHA1",
- "+DHE-PSK:+AES-256-CBC:+SHA1",
-
- "+ECDHE-PSK:+AES-256-CBC:+SHA1",
- "+ECDHE-PSK:+AES-128-CBC:+SHA1",
- "+ECDHE-PSK:+3DES-CBC:+SHA1",
- "+RSA-PSK:+3DES-CBC:+SHA1",
- "+RSA-PSK:+AES-256-CBC:+SHA1",
- "+RSA-PSK:+AES-128-CBC:+SHA1",
-
- "+ECDHE-PSK:+AES-256-CBC:+SHA384",
- "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
- "+ECDHE-PSK:+AES-128-CBC:+SHA256",
- "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
- "+ECDHE-PSK:+NULL:+SHA384",
- "+ECDHE-PSK:+NULL:+SHA256",
- "+PSK:+AES-128-CBC:+SHA256",
- "+PSK:+AES-256-CBC:+SHA384",
- "+DHE-PSK:+AES-128-CBC:+SHA256",
- "+DHE-PSK:+AES-256-CBC:+SHA384",
- "+PSK:+NULL:+SHA256",
- "+PSK:+NULL:+SHA384",
- "+DHE-PSK:+NULL:+SHA256",
- "+DHE-PSK:+NULL:+SHA384",
- "+RSA-PSK:+AES-256-CBC:+SHA384",
- "+RSA-PSK:+AES-128-CBC:+SHA256",
- "+RSA-PSK:+NULL:+SHA256",
- "+RSA-PSK:+NULL:+SHA384",
- "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
- "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
- "+PSK:+CAMELLIA-128-CBC:+SHA256",
- "+PSK:+CAMELLIA-256-CBC:+SHA384",
- "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
- "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
- "+PSK:+AES-128-GCM:+AEAD",
- "+PSK:+AES-256-GCM:+AEAD",
- "+DHE-PSK:+AES-128-GCM:+AEAD",
- "+DHE-PSK:+AES-256-GCM:+AEAD",
- "+PSK:+AES-128-CCM:+AEAD",
- "+PSK:+AES-256-CCM:+AEAD",
- "+DHE-PSK:+AES-128-CCM:+AEAD",
- "+DHE-PSK:+AES-256-CCM:+AEAD",
- "+PSK:+AES-128-CCM-8:+AEAD",
- "+PSK:+AES-256-CCM-8:+AEAD",
- "+DHE-PSK:+AES-128-CCM-8:+AEAD",
- "+DHE-PSK:+AES-256-CCM-8:+AEAD",
- "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
- "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
- "+PSK:+CAMELLIA-128-GCM:+AEAD",
- "+PSK:+CAMELLIA-256-GCM:+AEAD",
- "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
- "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
- "+RSA-PSK:+AES-256-GCM:+AEAD",
- "+RSA-PSK:+AES-128-GCM:+AEAD",
- ]
-
- for m, g_exp in zip(m_ciphers, g_ciphers):
-
- g = translate_gnutls(m)
- assert_equal(g, g_exp)
+ if o_exp != None:
+ o = translate_ossl(m)
+ assert_equal(o, o_exp)
test_all_common()
-test_mbedtls_ossl_common()
-test_mbedtls_gnutls_common()
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index 66c878a..39339c3 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -21,15 +21,13 @@
Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
standards.
-Format and analyse strings past in via input arguments to match
-the expected strings utilised in compat.sh.
-
sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
sys.argv[2] should be a string containing one or more ciphersuite names.
"""
import re
import sys
+import argparse
def translate_gnutls(m_cipher):
"""
@@ -37,27 +35,25 @@
and return the GnuTLS naming convention
"""
- # Remove "TLS-"
- # Replace "-WITH-" with ":+"
- # Remove "EDE"
- m_cipher = "+" + m_cipher[4:]
+ m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
m_cipher = m_cipher.replace("-WITH-", ":+")
m_cipher = m_cipher.replace("-EDE", "")
- # SHA == SHA1, if the last 3 chars are SHA append 1
+ # SHA in Mbed TLS == SHA1 GnuTLS,
+ # if the last 3 chars are SHA append 1
if m_cipher[-3:] == "SHA":
m_cipher = m_cipher+"1"
# CCM or CCM-8 should be followed by ":+AEAD"
- if "CCM" in m_cipher:
+ # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
+ if "CCM" in m_cipher or "GCM" in m_cipher:
+ m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
m_cipher = m_cipher+":+AEAD"
# Replace the last "-" with ":+"
- # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
else:
index = m_cipher.rindex("-")
- m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
- m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
+ m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
return m_cipher
@@ -67,9 +63,7 @@
and return the OpenSSL naming convention
"""
- # Remove "TLS-"
- # Remove "WITH"
- m_cipher = m_cipher[4:]
+ m_cipher = re.sub(r'^TLS-', '', m_cipher)
m_cipher = m_cipher.replace("-WITH", "")
# Remove the "-" from "ABC-xyz"
@@ -78,8 +72,7 @@
m_cipher = m_cipher.replace("ARIA-", "ARIA")
# Remove "RSA" if it is at the beginning
- if m_cipher[:4] == "RSA-":
- m_cipher = m_cipher[4:]
+ m_cipher = re.sub(r'^RSA-', r'', m_cipher)
# For all circumstances outside of PSK
if "PSK" not in m_cipher:
@@ -87,10 +80,7 @@
m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
# Remove "CBC" if it is not prefixed by DES
- if "CBC" in m_cipher:
- index = m_cipher.rindex("CBC")
- if m_cipher[index-4:index-1] != "DES":
- m_cipher = m_cipher.replace("CBC-", "")
+ m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
# ECDHE-RSA-ARIA does not exist in OpenSSL
m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
@@ -106,23 +96,16 @@
return m_cipher
-def format_ciphersuite_names(mode, ciphers):
- try:
- t = {"g": translate_gnutls, "o": translate_ossl}[mode]
- return " ".join(t(c) for c in ciphers.split())
- except (KeyError) as e:
- print(e)
- print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
- sys.exit(1)
+def format_ciphersuite_names(mode, names):
+ t = {"g": translate_gnutls, "o": translate_ossl}[mode]
+ return " ".join(t(c) for c in names)
-def main():
- if len(sys.argv) != 3:
- print("""Incorrect number of arguments.
-The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
-The second argument should a single space seperated string of MBedTLS ciphersuite names""")
- sys.exit(1)
- print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
- sys.exit(0)
+def main(target, names):
+ print(format_ciphersuite_names(target, names))
if __name__ == "__main__":
- main()
+ PARSER = argparse.ArgumentParser()
+ PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
+ PARSER.add_argument('names', metavar='NAMES', nargs='+')
+ ARGS = PARSER.parse_args()
+ main(ARGS.target, ARGS.names)