Translate cipher suite names based on standard naming convention
With this commit, translate_ciphers.py would be based on standard
cipher suite names instead of MbedTLS naming convention.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index d5f847f..c622a67 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -18,8 +18,7 @@
# limitations under the License.
"""
-Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS
-standards.
+Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
To test the translation functions run:
python3 -m unittest translate_cipher.py
@@ -36,116 +35,150 @@
"""
def test_translate_all_cipher_names(self):
"""
- Translate MbedTLS ciphersuite names to their OpenSSL and
- GnuTLS counterpart. Use only a small subset of ciphers
- that exercise each step of the translate functions
+ Translate standard ciphersuite names to GnuTLS, OpenSSL and
+ Mbed TLS counterpart. Use only a small subset of ciphers
+ that exercise each step of the translation functions
"""
ciphers = [
- ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+ ("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"+ECDHE-ECDSA:+NULL:+SHA1",
- "ECDHE-ECDSA-NULL-SHA"),
- ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ "ECDHE-ECDSA-NULL-SHA",
+ "TLS-ECDHE-ECDSA-WITH-NULL-SHA"),
+ ("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "ECDHE-ECDSA-AES128-GCM-SHA256"),
- ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"),
+ ("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"+DHE-RSA:+3DES-CBC:+SHA1",
- "EDH-RSA-DES-CBC3-SHA"),
- ("TLS-RSA-WITH-AES-256-CBC-SHA",
+ "EDH-RSA-DES-CBC3-SHA",
+ "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"),
+ ("TLS_RSA_WITH_AES_256_CBC_SHA",
"+RSA:+AES-256-CBC:+SHA1",
- "AES256-SHA"),
- ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+ "AES256-SHA",
+ "TLS-RSA-WITH-AES-256-CBC-SHA"),
+ ("TLS_PSK_WITH_3DES_EDE_CBC_SHA",
"+PSK:+3DES-CBC:+SHA1",
- "PSK-3DES-EDE-CBC-SHA"),
- ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+ "PSK-3DES-EDE-CBC-SHA",
+ "TLS-PSK-WITH-3DES-EDE-CBC-SHA"),
+ ("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
None,
- "ECDHE-ECDSA-CHACHA20-POLY1305"),
- ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
+ "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"),
+ ("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- None),
- ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
- "ECDHE-ARIA256-GCM-SHA384"),
+ "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"),
+ ("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
+ None,
+ "ECDHE-ARIA256-GCM-SHA384",
+ "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"),
]
- for m, g_exp, o_exp in ciphers:
+ for s, g_exp, o_exp, m_exp in ciphers:
if g_exp is not None:
- g = translate_gnutls(m)
+ g = translate_gnutls(s)
self.assertEqual(g, g_exp)
if o_exp is not None:
- o = translate_ossl(m)
+ o = translate_ossl(s)
self.assertEqual(o, o_exp)
-def translate_gnutls(m_cipher):
+ if m_exp is not None:
+ m = translate_mbedtls(s)
+ self.assertEqual(m, m_exp)
+
+def translate_gnutls(s_cipher):
"""
- Translate m_cipher from Mbed TLS ciphersuite naming convention
+ Translate s_cipher from standard ciphersuite naming convention
and return the GnuTLS naming convention
"""
- m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
- m_cipher = m_cipher.replace("-WITH-", ":+")
- m_cipher = m_cipher.replace("-EDE", "")
+ # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
+ # naming convention
+ s_cipher = s_cipher.replace("_", "-")
+
+ s_cipher = re.sub(r'\ATLS-', '+', s_cipher)
+ s_cipher = s_cipher.replace("-WITH-", ":+")
+ s_cipher = s_cipher.replace("-EDE", "")
# SHA in Mbed TLS == SHA1 GnuTLS,
# if the last 3 chars are SHA append 1
- if m_cipher[-3:] == "SHA":
- m_cipher = m_cipher+"1"
+ if s_cipher[-3:] == "SHA":
+ s_cipher = s_cipher+"1"
# CCM or CCM-8 should be followed by ":+AEAD"
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
- if "CCM" in m_cipher or "GCM" in m_cipher:
- m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
- m_cipher = m_cipher+":+AEAD"
+ if "CCM" in s_cipher or "GCM" in s_cipher:
+ s_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", s_cipher)
+ s_cipher = s_cipher+":+AEAD"
# Replace the last "-" with ":+"
else:
- index = m_cipher.rindex("-")
- m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
+ index = s_cipher.rindex("-")
+ s_cipher = s_cipher[:index] + ":+" + s_cipher[index+1:]
- return m_cipher
+ return s_cipher
-def translate_ossl(m_cipher):
+def translate_ossl(s_cipher):
"""
- Translate m_cipher from Mbed TLS ciphersuite naming convention
+ Translate s_cipher from standard ciphersuite naming convention
and return the OpenSSL naming convention
"""
- m_cipher = re.sub(r'^TLS-', '', m_cipher)
- m_cipher = m_cipher.replace("-WITH", "")
+ # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
+ # naming convention
+ s_cipher = s_cipher.replace("_", "-")
+
+ s_cipher = re.sub(r'^TLS-', '', s_cipher)
+ s_cipher = s_cipher.replace("-WITH", "")
# Remove the "-" from "ABC-xyz"
- m_cipher = m_cipher.replace("AES-", "AES")
- m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
- m_cipher = m_cipher.replace("ARIA-", "ARIA")
+ s_cipher = s_cipher.replace("AES-", "AES")
+ s_cipher = s_cipher.replace("CAMELLIA-", "CAMELLIA")
+ s_cipher = s_cipher.replace("ARIA-", "ARIA")
# Remove "RSA" if it is at the beginning
- m_cipher = re.sub(r'^RSA-', r'', m_cipher)
+ s_cipher = re.sub(r'^RSA-', r'', s_cipher)
# For all circumstances outside of PSK
- if "PSK" not in m_cipher:
- m_cipher = m_cipher.replace("-EDE", "")
- m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
+ if "PSK" not in s_cipher:
+ s_cipher = s_cipher.replace("-EDE", "")
+ s_cipher = s_cipher.replace("3DES-CBC", "DES-CBC3")
# Remove "CBC" if it is not prefixed by DES
- m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
+ s_cipher = re.sub(r'(?<!DES-)CBC-', r'', s_cipher)
# ECDHE-RSA-ARIA does not exist in OpenSSL
- m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
+ s_cipher = s_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
# POLY1305 should not be followed by anything
- if "POLY1305" in m_cipher:
- index = m_cipher.rindex("POLY1305")
- m_cipher = m_cipher[:index+8]
+ if "POLY1305" in s_cipher:
+ index = s_cipher.rindex("POLY1305")
+ s_cipher = s_cipher[:index+8]
# If DES is being used, Replace DHE with EDH
- if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
- m_cipher = m_cipher.replace("DHE", "EDH")
+ if "DES" in s_cipher and "DHE" in s_cipher and "ECDHE" not in s_cipher:
+ s_cipher = s_cipher.replace("DHE", "EDH")
- return m_cipher
+ return s_cipher
+
+def translate_mbedtls(s_cipher):
+ """
+ Translate s_cipher from standard ciphersuite naming convention
+ and return Mbed TLS ciphersuite naming convention
+ """
+
+ # Replace "_" with "-"
+ s_cipher = s_cipher.replace("_", "-")
+
+ return s_cipher
def format_ciphersuite_names(mode, names):
- t = {"g": translate_gnutls, "o": translate_ossl}[mode]
+ t = {"g": translate_gnutls,
+ "o": translate_ossl,
+ "m": translate_mbedtls
+ }[mode]
return " ".join(t(c) for c in names)
def main(target, names):
@@ -153,7 +186,7 @@
if __name__ == "__main__":
PARSER = argparse.ArgumentParser()
- PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
+ PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g', 'm'])
PARSER.add_argument('names', metavar='NAMES', nargs='+')
ARGS = PARSER.parse_args()
main(ARGS.target, ARGS.names)