Blame - tests/scripts/translate_ciphers.py - mirror/mbed-tls

blob: 44ffb400bbab4a4e675fe25a52e9b45d88369f11 [file] [log] [blame]

Joe Subbiani	a16ccac	2021-07-22 18:52:17 +0100	[diff] [blame]	1	#!/usr/bin/env python3
				2
				3	# translate_ciphers.py
				4	#
				5	# Copyright The Mbed TLS Contributors
				6	# SPDX-License-Identifier: Apache-2.0
				7	#
				8	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	# not use this file except in compliance with the License.
				10	# You may obtain a copy of the License at
				11	#
				12	# http://www.apache.org/licenses/LICENSE-2.0
				13	#
				14	# Unless required by applicable law or agreed to in writing, software
				15	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	# See the License for the specific language governing permissions and
				18	# limitations under the License.
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	19
				20	"""
				21	Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
				22	standards.
				23
Joe Subbiani	a25ffab	2021-08-06 09:41:27 +0100	[diff] [blame^]	24	To test the translation functions run:
				25	python3 -m unittest translate_cipher.py
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	26	"""
Joe Subbiani	a16ccac	2021-07-22 18:52:17 +0100	[diff] [blame]	27
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	28	import re
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	29	import argparse
Joe Subbiani	a25ffab	2021-08-06 09:41:27 +0100	[diff] [blame^]	30	import unittest
				31
				32	class TestTranslateCiphers(unittest.TestCase):
				33	"""
				34	Ensure translate_ciphers.py translates and formats ciphersuite names
				35	correctly
				36	"""
				37	def test_translate_all_cipher_names(self):
				38	"""
				39	Translate the Mbed TLS ciphersuite names to the common OpenSSL and
				40	GnuTLS ciphersuite names, and compare them with the true, expected
				41	corresponding OpenSSL and GnuTLS ciphersuite names
				42	"""
				43	ciphers = [
				44	("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
				45	"+ECDHE-ECDSA:+NULL:+SHA1",
				46	"ECDHE-ECDSA-NULL-SHA"),
				47	("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
				48	"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
				49	"ECDHE-ECDSA-DES-CBC3-SHA"),
				50	("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
				51	"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
				52	"ECDHE-ECDSA-AES128-SHA"),
				53	("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
				54	"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
				55	"ECDHE-ECDSA-AES256-SHA"),
				56	("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
				57	"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
				58	"ECDHE-ECDSA-AES128-SHA256"),
				59	("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
				60	"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
				61	"ECDHE-ECDSA-AES256-SHA384"),
				62	("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
				63	"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
				64	"ECDHE-ECDSA-AES128-GCM-SHA256"),
				65	("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
				66	"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
				67	"ECDHE-ECDSA-AES256-GCM-SHA384"),
				68	("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
				69	"+DHE-RSA:+AES-128-CBC:+SHA1",
				70	"DHE-RSA-AES128-SHA"),
				71	("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
				72	"+DHE-RSA:+AES-256-CBC:+SHA1",
				73	"DHE-RSA-AES256-SHA"),
				74	("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
				75	"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
				76	"DHE-RSA-CAMELLIA128-SHA"),
				77	("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
				78	"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
				79	"DHE-RSA-CAMELLIA256-SHA"),
				80	("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
				81	"+DHE-RSA:+3DES-CBC:+SHA1",
				82	"EDH-RSA-DES-CBC3-SHA"),
				83	("TLS-RSA-WITH-AES-256-CBC-SHA",
				84	"+RSA:+AES-256-CBC:+SHA1",
				85	"AES256-SHA"),
				86	("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
				87	"+RSA:+CAMELLIA-256-CBC:+SHA1",
				88	"CAMELLIA256-SHA"),
				89	("TLS-RSA-WITH-AES-128-CBC-SHA",
				90	"+RSA:+AES-128-CBC:+SHA1",
				91	"AES128-SHA"),
				92	("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
				93	"+RSA:+CAMELLIA-128-CBC:+SHA1",
				94	"CAMELLIA128-SHA"),
				95	("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
				96	"+RSA:+3DES-CBC:+SHA1",
				97	"DES-CBC3-SHA"),
				98	("TLS-RSA-WITH-NULL-MD5",
				99	"+RSA:+NULL:+MD5",
				100	"NULL-MD5"),
				101	("TLS-RSA-WITH-NULL-SHA",
				102	"+RSA:+NULL:+SHA1",
				103	"NULL-SHA"),
				104	("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
				105	"+ECDHE-RSA:+AES-128-CBC:+SHA1",
				106	"ECDHE-RSA-AES128-SHA"),
				107	("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
				108	"+ECDHE-RSA:+AES-256-CBC:+SHA1",
				109	"ECDHE-RSA-AES256-SHA"),
				110	("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
				111	"+ECDHE-RSA:+3DES-CBC:+SHA1",
				112	"ECDHE-RSA-DES-CBC3-SHA"),
				113	("TLS-ECDHE-RSA-WITH-NULL-SHA",
				114	"+ECDHE-RSA:+NULL:+SHA1",
				115	"ECDHE-RSA-NULL-SHA"),
				116	("TLS-RSA-WITH-AES-128-CBC-SHA256",
				117	"+RSA:+AES-128-CBC:+SHA256",
				118	"AES128-SHA256"),
				119	("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
				120	"+DHE-RSA:+AES-128-CBC:+SHA256",
				121	"DHE-RSA-AES128-SHA256"),
				122	("TLS-RSA-WITH-AES-256-CBC-SHA256",
				123	"+RSA:+AES-256-CBC:+SHA256",
				124	"AES256-SHA256"),
				125	("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
				126	"+DHE-RSA:+AES-256-CBC:+SHA256",
				127	"DHE-RSA-AES256-SHA256"),
				128	("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
				129	"+ECDHE-RSA:+AES-128-CBC:+SHA256",
				130	"ECDHE-RSA-AES128-SHA256"),
				131	("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
				132	"+ECDHE-RSA:+AES-256-CBC:+SHA384",
				133	"ECDHE-RSA-AES256-SHA384"),
				134	("TLS-RSA-WITH-AES-128-GCM-SHA256",
				135	"+RSA:+AES-128-GCM:+AEAD",
				136	"AES128-GCM-SHA256"),
				137	("TLS-RSA-WITH-AES-256-GCM-SHA384",
				138	"+RSA:+AES-256-GCM:+AEAD",
				139	"AES256-GCM-SHA384"),
				140	("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
				141	"+DHE-RSA:+AES-128-GCM:+AEAD",
				142	"DHE-RSA-AES128-GCM-SHA256"),
				143	("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
				144	"+DHE-RSA:+AES-256-GCM:+AEAD",
				145	"DHE-RSA-AES256-GCM-SHA384"),
				146	("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
				147	"+ECDHE-RSA:+AES-128-GCM:+AEAD",
				148	"ECDHE-RSA-AES128-GCM-SHA256"),
				149	("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
				150	"+ECDHE-RSA:+AES-256-GCM:+AEAD",
				151	"ECDHE-RSA-AES256-GCM-SHA384"),
				152	("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
				153	"+PSK:+3DES-CBC:+SHA1",
				154	"PSK-3DES-EDE-CBC-SHA"),
				155	("TLS-PSK-WITH-AES-128-CBC-SHA",
				156	"+PSK:+AES-128-CBC:+SHA1",
				157	"PSK-AES128-CBC-SHA"),
				158	("TLS-PSK-WITH-AES-256-CBC-SHA",
				159	"+PSK:+AES-256-CBC:+SHA1",
				160	"PSK-AES256-CBC-SHA"),
				161
				162	("TLS-ECDH-ECDSA-WITH-NULL-SHA",
				163	None,
				164	"ECDH-ECDSA-NULL-SHA"),
				165	("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
				166	None,
				167	"ECDH-ECDSA-DES-CBC3-SHA"),
				168	("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
				169	None,
				170	"ECDH-ECDSA-AES128-SHA"),
				171	("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
				172	None,
				173	"ECDH-ECDSA-AES256-SHA"),
				174	("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
				175	None,
				176	"ECDH-ECDSA-AES128-SHA256"),
				177	("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
				178	None,
				179	"ECDH-ECDSA-AES256-SHA384"),
				180	("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
				181	None,
				182	"ECDH-ECDSA-AES128-GCM-SHA256"),
				183	("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
				184	None,
				185	"ECDH-ECDSA-AES256-GCM-SHA384"),
				186	("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
				187	None,
				188	"ECDHE-ECDSA-ARIA256-GCM-SHA384"),
				189	("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
				190	None,
				191	"ECDHE-ECDSA-ARIA128-GCM-SHA256"),
				192	("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
				193	None,
				194	"ECDHE-ECDSA-CHACHA20-POLY1305"),
				195	("TLS-RSA-WITH-DES-CBC-SHA",
				196	None,
				197	"DES-CBC-SHA"),
				198	("TLS-DHE-RSA-WITH-DES-CBC-SHA",
				199	None,
				200	"EDH-RSA-DES-CBC-SHA"),
				201	("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
				202	None,
				203	"ECDHE-ARIA256-GCM-SHA384"),
				204	("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
				205	None,
				206	"DHE-RSA-ARIA256-GCM-SHA384"),
				207	("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
				208	None,
				209	"ARIA256-GCM-SHA384"),
				210	("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
				211	None,
				212	"ECDHE-ARIA128-GCM-SHA256"),
				213	("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
				214	None,
				215	"DHE-RSA-ARIA128-GCM-SHA256"),
				216	("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
				217	None,
				218	"ARIA128-GCM-SHA256"),
				219	("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
				220	None,
				221	"DHE-RSA-CHACHA20-POLY1305"),
				222	("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
				223	None,
				224	"ECDHE-RSA-CHACHA20-POLY1305"),
				225	("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
				226	None,
				227	"DHE-PSK-ARIA256-GCM-SHA384"),
				228	("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
				229	None,
				230	"DHE-PSK-ARIA128-GCM-SHA256"),
				231	("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
				232	None,
				233	"PSK-ARIA256-GCM-SHA384"),
				234	("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
				235	None,
				236	"PSK-ARIA128-GCM-SHA256"),
				237	("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
				238	None,
				239	"PSK-CHACHA20-POLY1305"),
				240	("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
				241	None,
				242	"ECDHE-PSK-CHACHA20-POLY1305"),
				243	("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
				244	None,
				245	"DHE-PSK-CHACHA20-POLY1305"),
				246
				247	("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
				248	"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
				249	None),
				250	("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
				251	"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
				252	None),
				253	("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
				254	"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
				255	None),
				256	("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
				257	"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
				258	None),
				259	("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
				260	"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
				261	None),
				262	("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
				263	"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
				264	None),
				265	("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
				266	"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
				267	None),
				268	("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
				269	"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
				270	None),
				271	("TLS-RSA-WITH-NULL-SHA256",
				272	"+RSA:+NULL:+SHA256",
				273	None),
				274	("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
				275	"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
				276	None),
				277	("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
				278	"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
				279	None),
				280	("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
				281	"+RSA:+CAMELLIA-128-CBC:+SHA256",
				282	None),
				283	("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
				284	"+RSA:+CAMELLIA-256-CBC:+SHA256",
				285	None),
				286	("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
				287	"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
				288	None),
				289	("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
				290	"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
				291	None),
				292	("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
				293	"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
				294	None),
				295	("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
				296	"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
				297	None),
				298	("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
				299	"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
				300	None),
				301	("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
				302	"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
				303	None),
				304	("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
				305	"+RSA:+CAMELLIA-128-GCM:+AEAD",
				306	None),
				307	("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
				308	"+RSA:+CAMELLIA-256-GCM:+AEAD",
				309	None),
				310	("TLS-RSA-WITH-AES-128-CCM",
				311	"+RSA:+AES-128-CCM:+AEAD",
				312	None),
				313	("TLS-RSA-WITH-AES-256-CCM",
				314	"+RSA:+AES-256-CCM:+AEAD",
				315	None),
				316	("TLS-DHE-RSA-WITH-AES-128-CCM",
				317	"+DHE-RSA:+AES-128-CCM:+AEAD",
				318	None),
				319	("TLS-DHE-RSA-WITH-AES-256-CCM",
				320	"+DHE-RSA:+AES-256-CCM:+AEAD",
				321	None),
				322	("TLS-RSA-WITH-AES-128-CCM-8",
				323	"+RSA:+AES-128-CCM-8:+AEAD",
				324	None),
				325	("TLS-RSA-WITH-AES-256-CCM-8",
				326	"+RSA:+AES-256-CCM-8:+AEAD",
				327	None),
				328	("TLS-DHE-RSA-WITH-AES-128-CCM-8",
				329	"+DHE-RSA:+AES-128-CCM-8:+AEAD",
				330	None),
				331	("TLS-DHE-RSA-WITH-AES-256-CCM-8",
				332	"+DHE-RSA:+AES-256-CCM-8:+AEAD",
				333	None),
				334	("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
				335	"+DHE-PSK:+3DES-CBC:+SHA1",
				336	None),
				337	("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
				338	"+DHE-PSK:+AES-128-CBC:+SHA1",
				339	None),
				340	("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
				341	"+DHE-PSK:+AES-256-CBC:+SHA1",
				342	None),
				343	("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
				344	"+ECDHE-PSK:+AES-256-CBC:+SHA1",
				345	None),
				346	("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
				347	"+ECDHE-PSK:+AES-128-CBC:+SHA1",
				348	None),
				349	("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
				350	"+ECDHE-PSK:+3DES-CBC:+SHA1",
				351	None),
				352	("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
				353	"+RSA-PSK:+3DES-CBC:+SHA1",
				354	None),
				355	("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
				356	"+RSA-PSK:+AES-256-CBC:+SHA1",
				357	None),
				358	("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
				359	"+RSA-PSK:+AES-128-CBC:+SHA1",
				360	None),
				361	("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
				362	"+ECDHE-PSK:+AES-256-CBC:+SHA384",
				363	None),
				364	("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
				365	"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
				366	None),
				367	("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
				368	"+ECDHE-PSK:+AES-128-CBC:+SHA256",
				369	None),
				370	("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
				371	"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
				372	None),
				373	("TLS-ECDHE-PSK-WITH-NULL-SHA384",
				374	"+ECDHE-PSK:+NULL:+SHA384",
				375	None),
				376	("TLS-ECDHE-PSK-WITH-NULL-SHA256",
				377	"+ECDHE-PSK:+NULL:+SHA256",
				378	None),
				379	("TLS-PSK-WITH-AES-128-CBC-SHA256",
				380	"+PSK:+AES-128-CBC:+SHA256",
				381	None),
				382	("TLS-PSK-WITH-AES-256-CBC-SHA384",
				383	"+PSK:+AES-256-CBC:+SHA384",
				384	None),
				385	("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
				386	"+DHE-PSK:+AES-128-CBC:+SHA256",
				387	None),
				388	("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
				389	"+DHE-PSK:+AES-256-CBC:+SHA384",
				390	None),
				391	("TLS-PSK-WITH-NULL-SHA256",
				392	"+PSK:+NULL:+SHA256",
				393	None),
				394	("TLS-PSK-WITH-NULL-SHA384",
				395	"+PSK:+NULL:+SHA384",
				396	None),
				397	("TLS-DHE-PSK-WITH-NULL-SHA256",
				398	"+DHE-PSK:+NULL:+SHA256",
				399	None),
				400	("TLS-DHE-PSK-WITH-NULL-SHA384",
				401	"+DHE-PSK:+NULL:+SHA384",
				402	None),
				403	("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
				404	"+RSA-PSK:+AES-256-CBC:+SHA384",
				405	None),
				406	("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
				407	"+RSA-PSK:+AES-128-CBC:+SHA256",
				408	None),
				409	("TLS-RSA-PSK-WITH-NULL-SHA256",
				410	"+RSA-PSK:+NULL:+SHA256",
				411	None),
				412	("TLS-RSA-PSK-WITH-NULL-SHA384",
				413	"+RSA-PSK:+NULL:+SHA384",
				414	None),
				415	("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
				416	"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
				417	None),
				418	("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
				419	"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
				420	None),
				421	("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
				422	"+PSK:+CAMELLIA-128-CBC:+SHA256",
				423	None),
				424	("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
				425	"+PSK:+CAMELLIA-256-CBC:+SHA384",
				426	None),
				427	("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
				428	"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
				429	None),
				430	("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
				431	"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
				432	None),
				433	("TLS-PSK-WITH-AES-128-GCM-SHA256",
				434	"+PSK:+AES-128-GCM:+AEAD",
				435	None),
				436	("TLS-PSK-WITH-AES-256-GCM-SHA384",
				437	"+PSK:+AES-256-GCM:+AEAD",
				438	None),
				439	("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
				440	"+DHE-PSK:+AES-128-GCM:+AEAD",
				441	None),
				442	("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
				443	"+DHE-PSK:+AES-256-GCM:+AEAD",
				444	None),
				445	("TLS-PSK-WITH-AES-128-CCM",
				446	"+PSK:+AES-128-CCM:+AEAD",
				447	None),
				448	("TLS-PSK-WITH-AES-256-CCM",
				449	"+PSK:+AES-256-CCM:+AEAD",
				450	None),
				451	("TLS-DHE-PSK-WITH-AES-128-CCM",
				452	"+DHE-PSK:+AES-128-CCM:+AEAD",
				453	None),
				454	("TLS-DHE-PSK-WITH-AES-256-CCM",
				455	"+DHE-PSK:+AES-256-CCM:+AEAD",
				456	None),
				457	("TLS-PSK-WITH-AES-128-CCM-8",
				458	"+PSK:+AES-128-CCM-8:+AEAD",
				459	None),
				460	("TLS-PSK-WITH-AES-256-CCM-8",
				461	"+PSK:+AES-256-CCM-8:+AEAD",
				462	None),
				463	("TLS-DHE-PSK-WITH-AES-128-CCM-8",
				464	"+DHE-PSK:+AES-128-CCM-8:+AEAD",
				465	None),
				466	("TLS-DHE-PSK-WITH-AES-256-CCM-8",
				467	"+DHE-PSK:+AES-256-CCM-8:+AEAD",
				468	None),
				469	("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
				470	"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
				471	None),
				472	("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
				473	"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
				474	None),
				475	("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
				476	"+PSK:+CAMELLIA-128-GCM:+AEAD",
				477	None),
				478	("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
				479	"+PSK:+CAMELLIA-256-GCM:+AEAD",
				480	None),
				481	("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
				482	"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
				483	None),
				484	("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
				485	"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
				486	None),
				487	("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
				488	"+RSA-PSK:+AES-256-GCM:+AEAD",
				489	None),
				490	("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
				491	"+RSA-PSK:+AES-128-GCM:+AEAD",
				492	None),
				493	]
				494
				495	for m, g_exp, o_exp in ciphers:
				496
				497	if g_exp is not None:
				498	g = translate_gnutls(m)
				499	self.assertEqual(g, g_exp)
				500
				501	if o_exp is not None:
				502	o = translate_ossl(m)
				503	self.assertEqual(o, o_exp)
				504
				505	def test_cipher_format(self):
				506	"""
				507	Ensure translate_ciphers.py can take names in the expected
				508	format and return them in the format compat.sh will expect.
				509	"""
				510	# Ciphers in Mbed TLS format
				511	ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA \
				512	TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
				513	TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
				514	TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
				515	"
				516	ciphers = "%s \
				517	TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
				518	TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
				519	TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				520	TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
				521	" % ciphers
				522
				523	# Corresponding ciphers in GnuTLS format
				524	g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1 \
				525	+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
				526	+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
				527	+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
				528	"
				529	g_ciphers = "%s \
				530	+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
				531	+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
				532	+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
				533	+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
				534	" % g_ciphers
				535
				536	# Corresponding ciphers in OpenSSL format
				537	o_ciphers = "ECDHE-ECDSA-NULL-SHA \
				538	ECDHE-ECDSA-DES-CBC3-SHA \
				539	ECDHE-ECDSA-AES128-SHA \
				540	ECDHE-ECDSA-AES256-SHA \
				541	"
				542	o_ciphers = "%s \
				543	ECDHE-ECDSA-AES128-SHA256 \
				544	ECDHE-ECDSA-AES256-SHA384 \
				545	ECDHE-ECDSA-AES128-GCM-SHA256 \
				546	ECDHE-ECDSA-AES256-GCM-SHA384 \
				547	" % o_ciphers
				548
				549	# Translate ciphers in mbedtls format
				550	g_translated = format_ciphersuite_names("g", ciphers.split())
				551	o_translated = format_ciphersuite_names("o", ciphers.split())
				552
				553	# Normalise whitespace
				554	g_ciphers = (" ").join(g_ciphers.split())
				555	o_ciphers = (" ").join(o_ciphers.split())
				556
				557	self.assertEqual(g_translated, g_ciphers)
				558	self.assertEqual(o_translated, o_ciphers)
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	559
Joe Subbiani	0fadf8e	2021-07-27 15:22:26 +0100	[diff] [blame]	560	def translate_gnutls(m_cipher):
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	561	"""
				562	Translate m_cipher from MBedTLS ciphersuite naming convention
				563	and return the GnuTLS naming convention
				564	"""
				565
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	566	m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	567	m_cipher = m_cipher.replace("-WITH-", ":+")
				568	m_cipher = m_cipher.replace("-EDE", "")
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	569
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	570	# SHA in Mbed TLS == SHA1 GnuTLS,
				571	# if the last 3 chars are SHA append 1
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	572	if m_cipher[-3:] == "SHA":
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	573	m_cipher = m_cipher+"1"
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	574
				575	# CCM or CCM-8 should be followed by ":+AEAD"
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	576	# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
				577	if "CCM" in m_cipher or "GCM" in m_cipher:
				578	m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	579	m_cipher = m_cipher+":+AEAD"
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	580
				581	# Replace the last "-" with ":+"
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	582	else:
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	583	index = m_cipher.rindex("-")
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	584	m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	585
				586	return m_cipher
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	587
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	588	def translate_ossl(m_cipher):
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	589	"""
				590	Translate m_cipher from MBedTLS ciphersuite naming convention
				591	and return the OpenSSL naming convention
				592	"""
				593
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	594	m_cipher = re.sub(r'^TLS-', '', m_cipher)
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	595	m_cipher = m_cipher.replace("-WITH", "")
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	596
				597	# Remove the "-" from "ABC-xyz"
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	598	m_cipher = m_cipher.replace("AES-", "AES")
				599	m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
				600	m_cipher = m_cipher.replace("ARIA-", "ARIA")
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	601
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	602	# Remove "RSA" if it is at the beginning
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	603	m_cipher = re.sub(r'^RSA-', r'', m_cipher)
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	604
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	605	# For all circumstances outside of PSK
				606	if "PSK" not in m_cipher:
				607	m_cipher = m_cipher.replace("-EDE", "")
				608	m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
				609
				610	# Remove "CBC" if it is not prefixed by DES
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	611	m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	612
				613	# ECDHE-RSA-ARIA does not exist in OpenSSL
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	614	m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
				615
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	616	# POLY1305 should not be followed by anything
				617	if "POLY1305" in m_cipher:
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	618	index = m_cipher.rindex("POLY1305")
Joe Subbiani	f849a93	2021-07-28 16:50:30 +0100	[diff] [blame]	619	m_cipher = m_cipher[:index+8]
Joe Subbiani	3ad5832	2021-07-21 16:48:54 +0100	[diff] [blame]	620
				621	# If DES is being used, Replace DHE with EDH
				622	if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
				623	m_cipher = m_cipher.replace("DHE", "EDH")
Joe Subbiani	8394484	2021-07-20 18:26:03 +0100	[diff] [blame]	624
				625	return m_cipher
Joe Subbiani	97cd599	2021-07-22 16:08:29 +0100	[diff] [blame]	626
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	627	def format_ciphersuite_names(mode, names):
				628	t = {"g": translate_gnutls, "o": translate_ossl}[mode]
				629	return " ".join(t(c) for c in names)
Joe Subbiani	97cd599	2021-07-22 16:08:29 +0100	[diff] [blame]	630
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	631	def main(target, names):
				632	print(format_ciphersuite_names(target, names))
Joe Subbiani	97cd599	2021-07-22 16:08:29 +0100	[diff] [blame]	633
				634	if __name__ == "__main__":
Joe Subbiani	918ee79	2021-07-30 16:57:04 +0100	[diff] [blame]	635	PARSER = argparse.ArgumentParser()
				636	PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
				637	PARSER.add_argument('names', metavar='NAMES', nargs='+')
				638	ARGS = PARSER.parse_args()
				639	main(ARGS.target, ARGS.names)