From 3ad58329da67e6eed6148da2c6ceade44a84c5bb Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Wed, 21 Jul 2021 16:48:54 +0100 Subject: [PATCH] Reformat translation functions and test in seperate file Moved the test over to a seperate file, where I can start experimenting with how the script will be called. Commented and improved the translation functions. They should be more readable, however I added comments anyway to quickly identify every step involved with te translation from MBedTLS to GNU or OpenSSL Signed-off-by: Joe Subbiani --- test_translate.py | 427 +++++++++++++++++++++++++++++++++++++ translate_ciphers.py | 495 ++++--------------------------------------- 2 files changed, 465 insertions(+), 457 deletions(-) create mode 100644 test_translate.py diff --git a/test_translate.py b/test_translate.py new file mode 100644 index 0000000000..9de283059c --- /dev/null +++ b/test_translate.py @@ -0,0 +1,427 @@ +from translate_ciphers import * + +def assert_equal(translate, original): + try: + assert(translate == original) + except AssertionError: + print("%s\n%s\n" %(translate, original)) + +def test_all_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-NULL-MD5", + "TLS-RSA-WITH-NULL-SHA", + + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDHE-RSA-WITH-NULL-SHA", + + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + + "TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-PSK-WITH-AES-128-CBC-SHA", + "TLS-PSK-WITH-AES-256-CBC-SHA", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+NULL:+SHA1", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + + "+DHE-RSA:+AES-128-CBC:+SHA1", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "+DHE-RSA:+3DES-CBC:+SHA1", + "+RSA:+AES-256-CBC:+SHA1", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "+RSA:+AES-128-CBC:+SHA1", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "+RSA:+3DES-CBC:+SHA1", + "+RSA:+NULL:+MD5", + "+RSA:+NULL:+SHA1", + + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "+ECDHE-RSA:+NULL:+SHA1", + + "+RSA:+AES-128-CBC:+SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "+RSA:+AES-128-GCM:+AEAD", + "+RSA:+AES-256-GCM:+AEAD", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + + "+PSK:+3DES-CBC:+SHA1", + "+PSK:+AES-128-CBC:+SHA1", + "+PSK:+AES-256-CBC:+SHA1", + ] + o_ciphers = [ + "ECDHE-ECDSA-NULL-SHA", + "ECDHE-ECDSA-DES-CBC3-SHA", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + + "DHE-RSA-AES128-SHA", + "DHE-RSA-AES256-SHA", + "DHE-RSA-CAMELLIA128-SHA", + "DHE-RSA-CAMELLIA256-SHA", + "EDH-RSA-DES-CBC3-SHA", + "AES256-SHA", + "CAMELLIA256-SHA", + "AES128-SHA", + "CAMELLIA128-SHA", + "DES-CBC3-SHA", + "NULL-MD5", + "NULL-SHA", + + "ECDHE-RSA-AES128-SHA", + "ECDHE-RSA-AES256-SHA", + "ECDHE-RSA-DES-CBC3-SHA", + "ECDHE-RSA-NULL-SHA", + + #"NULL-SHA256", + "AES128-SHA256", + "DHE-RSA-AES128-SHA256", + "AES256-SHA256", + "DHE-RSA-AES256-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-RSA-AES256-SHA384", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + + "PSK-3DES-EDE-CBC-SHA", + "PSK-AES128-CBC-SHA", + "PSK-AES256-CBC-SHA", + + #"PSK-DES-CBC3-SHA", + #"PSK-AES128-SHA", + #"PSK-AES256-SHA", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + assert_equal(g, g_ciphers[i]) + + o = translate_ossl(m_ciphers[i]) + assert_equal(o, o_ciphers[i]) + +def test_mbed_ossl_common(): + m_ciphers = [ + "TLS-ECDH-ECDSA-WITH-NULL-SHA", + "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + + "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + ] + o_ciphers = [ + "ECDH-ECDSA-NULL-SHA", + "ECDH-ECDSA-DES-CBC3-SHA", + "ECDH-ECDSA-AES128-SHA", + "ECDH-ECDSA-AES256-SHA", + + "ECDH-ECDSA-AES128-SHA256", + "ECDH-ECDSA-AES256-SHA384", + "ECDH-ECDSA-AES128-GCM-SHA256", + "ECDH-ECDSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-ARIA256-GCM-SHA384", + "ECDHE-ECDSA-ARIA128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + + "DES-CBC-SHA", + "EDH-RSA-DES-CBC-SHA", + #"DHE-RSA-DES-CBC-SHA", + + "ECDHE-ARIA256-GCM-SHA384", + "DHE-RSA-ARIA256-GCM-SHA384", + "ARIA256-GCM-SHA384", + "ECDHE-ARIA128-GCM-SHA256", + "DHE-RSA-ARIA128-GCM-SHA256", + "ARIA128-GCM-SHA256", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + + "DHE-PSK-ARIA256-GCM-SHA384", + "DHE-PSK-ARIA128-GCM-SHA256", + "PSK-ARIA256-GCM-SHA384", + "PSK-ARIA128-GCM-SHA256", + "PSK-CHACHA20-POLY1305", + "ECDHE-PSK-CHACHA20-POLY1305", + "DHE-PSK-CHACHA20-POLY1305", + ] + + for i in range(len(m_ciphers)): + + o = translate_ossl(m_ciphers[i]) + assert_equal(o, o_ciphers[i]) + + +def test_mbed_gnu_common(): + m_ciphers = [ + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + + "TLS-RSA-WITH-NULL-SHA256", + + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CCM", + "TLS-RSA-WITH-AES-256-CCM", + "TLS-DHE-RSA-WITH-AES-128-CCM", + "TLS-DHE-RSA-WITH-AES-256-CCM", + "TLS-RSA-WITH-AES-128-CCM-8", + "TLS-RSA-WITH-AES-256-CCM-8", + "TLS-DHE-RSA-WITH-AES-128-CCM-8", + "TLS-DHE-RSA-WITH-AES-256-CCM-8", + + "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + + "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-NULL-SHA384", + "TLS-ECDHE-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-AES-128-CBC-SHA256", + "TLS-PSK-WITH-AES-256-CBC-SHA384", + "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "TLS-PSK-WITH-NULL-SHA256", + "TLS-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-NULL-SHA256", + "TLS-DHE-PSK-WITH-NULL-SHA384", + "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA256", + "TLS-RSA-PSK-WITH-NULL-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-PSK-WITH-AES-128-GCM-SHA256", + "TLS-PSK-WITH-AES-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "TLS-PSK-WITH-AES-128-CCM", + "TLS-PSK-WITH-AES-256-CCM", + "TLS-DHE-PSK-WITH-AES-128-CCM", + "TLS-DHE-PSK-WITH-AES-256-CCM", + "TLS-PSK-WITH-AES-128-CCM-8", + "TLS-PSK-WITH-AES-256-CCM-8", + "TLS-DHE-PSK-WITH-AES-128-CCM-8", + "TLS-DHE-PSK-WITH-AES-256-CCM-8", + "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + ] + g_ciphers = [ + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + + "+RSA:+NULL:+SHA256", + + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + "+RSA:+AES-128-CCM:+AEAD", + "+RSA:+AES-256-CCM:+AEAD", + "+DHE-RSA:+AES-128-CCM:+AEAD", + "+DHE-RSA:+AES-256-CCM:+AEAD", + "+RSA:+AES-128-CCM-8:+AEAD", + "+RSA:+AES-256-CCM-8:+AEAD", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + + "+DHE-PSK:+3DES-CBC:+SHA1", + "+DHE-PSK:+AES-128-CBC:+SHA1", + "+DHE-PSK:+AES-256-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+3DES-CBC:+SHA1", + "+RSA-PSK:+AES-256-CBC:+SHA1", + "+RSA-PSK:+AES-128-CBC:+SHA1", + + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+ECDHE-PSK:+NULL:+SHA384", + "+ECDHE-PSK:+NULL:+SHA256", + "+PSK:+AES-128-CBC:+SHA256", + "+PSK:+AES-256-CBC:+SHA384", + "+DHE-PSK:+AES-128-CBC:+SHA256", + "+DHE-PSK:+AES-256-CBC:+SHA384", + "+PSK:+NULL:+SHA256", + "+PSK:+NULL:+SHA384", + "+DHE-PSK:+NULL:+SHA256", + "+DHE-PSK:+NULL:+SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + "+RSA-PSK:+AES-128-CBC:+SHA256", + "+RSA-PSK:+NULL:+SHA256", + "+RSA-PSK:+NULL:+SHA384", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + "+PSK:+AES-128-GCM:+AEAD", + "+PSK:+AES-256-GCM:+AEAD", + "+DHE-PSK:+AES-128-GCM:+AEAD", + "+DHE-PSK:+AES-256-GCM:+AEAD", + "+PSK:+AES-128-CCM:+AEAD", + "+PSK:+AES-256-CCM:+AEAD", + "+DHE-PSK:+AES-128-CCM:+AEAD", + "+DHE-PSK:+AES-256-CCM:+AEAD", + "+PSK:+AES-128-CCM-8:+AEAD", + "+PSK:+AES-256-CCM-8:+AEAD", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + "+RSA-PSK:+AES-256-GCM:+AEAD", + "+RSA-PSK:+AES-128-GCM:+AEAD", + ] + + for i in range(len(m_ciphers)): + + g = translate_gnu(m_ciphers[i]) + assert_equal(g, g_ciphers[i]) + + +test_all_common() +test_mbed_ossl_common() +test_mbed_gnu_common() diff --git a/translate_ciphers.py b/translate_ciphers.py index cf0be7257d..e17d41c75b 100644 --- a/translate_ciphers.py +++ b/translate_ciphers.py @@ -1,485 +1,66 @@ +import re def translate_gnu(m_cipher): - + # Remove "TLS-" + # Replace "-WITH-" with ":+" + # Remove "EDE" m_cipher = "+" + m_cipher[4:] m_cipher = m_cipher.replace("-WITH-", ":+") m_cipher = m_cipher.replace("-EDE", "") - if m_cipher.split("-")[-1] == "SHA": + + # SHA == SHA1, if the last 3 chars are SHA append 1 + if m_cipher[-3:] == "SHA": m_cipher = m_cipher+"1" - - - if m_cipher.split("-")[-1] == "8" or m_cipher.split("-")[-1] == "CCM": + + # CCM or CCM-8 should be followed by ":+AEAD" + if "CCM" in m_cipher: m_cipher = m_cipher+":+AEAD" + + # Replace the last "-" with ":+" + # Replace "GCM:+SHAxyz" with "GCM:+AEAD" else: index=m_cipher.rindex("-") m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] - m_cipher = m_cipher.replace("GCM:+SHA256", "GCM:+AEAD") - m_cipher = m_cipher.replace("GCM:+SHA384", "GCM:+AEAD") + m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) return m_cipher - + def translate_ossl(m_cipher): + # Remove "TLS-" + # Remove "WITH" m_cipher = m_cipher[4:] m_cipher = m_cipher.replace("-WITH", "") + + # Remove the "-" from "ABC-xyz" m_cipher = m_cipher.replace("AES-", "AES") m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA") m_cipher = m_cipher.replace("ARIA-", "ARIA") - - m_cipher = m_cipher.replace("-EDE", "") - - m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") - try: - index = m_cipher.rindex("CBC") - if m_cipher[index-4:index-1] != "DES": - m_cipher = m_cipher.replace("CBC-", "") - except: - pass + # Remove "RSA" if it is at the beginning if m_cipher[:4] == "RSA-": m_cipher = m_cipher[4:] + # For all circumstances outside of PSK + if "PSK" not in m_cipher: + m_cipher = m_cipher.replace("-EDE", "") + m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") + + # Remove "CBC" if it is not prefixed by DES + if "CBC" in m_cipher: + index = m_cipher.rindex("CBC") + if m_cipher[index-4:index-1] != "DES": + m_cipher = m_cipher.replace("CBC-", "") + + # ECDHE-RSA-ARIA does not exist in OpenSSL m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA") - try: + # POLY1305 should not be followed by anything + if "POLY1305" in m_cipher: index = m_cipher.rindex("POLY1305") m_cipher=m_cipher[:index+8] - except Exception as e: - pass#print(e) + + # If DES is being used, Replace DHE with EDH + if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher: + m_cipher = m_cipher.replace("DHE", "EDH") return m_cipher - -def test_all_common(): - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-AES-256-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-RSA-WITH-AES-128-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-NULL-MD5", - "TLS-RSA-WITH-NULL-SHA", - - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-RSA-WITH-NULL-SHA", - - "TLS-RSA-WITH-AES-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-RSA-WITH-AES-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "TLS-RSA-WITH-AES-128-GCM-SHA256", - "TLS-RSA-WITH-AES-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - - "TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-PSK-WITH-AES-128-CBC-SHA", - "TLS-PSK-WITH-AES-256-CBC-SHA", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+NULL:+SHA1", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - - "+DHE-RSA:+AES-128-CBC:+SHA1", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "+DHE-RSA:+3DES-CBC:+SHA1", - "+RSA:+AES-256-CBC:+SHA1", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "+RSA:+AES-128-CBC:+SHA1", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "+RSA:+3DES-CBC:+SHA1", - "+RSA:+NULL:+MD5", - "+RSA:+NULL:+SHA1", - - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "+ECDHE-RSA:+NULL:+SHA1", - - "+RSA:+AES-128-CBC:+SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "+RSA:+AES-128-GCM:+AEAD", - "+RSA:+AES-256-GCM:+AEAD", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - - "+PSK:+3DES-CBC:+SHA1", - "+PSK:+AES-128-CBC:+SHA1", - "+PSK:+AES-256-CBC:+SHA1", - ] - o_ciphers = [ - "ECDHE-ECDSA-NULL-SHA", - "ECDHE-ECDSA-DES-CBC3-SHA", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA", - - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - - "DHE-RSA-AES128-SHA", - "DHE-RSA-AES256-SHA", - "DHE-RSA-CAMELLIA128-SHA", - "DHE-RSA-CAMELLIA256-SHA", - #"EDH-RSA-DES-CBC3-SHA", - "DHE-RSA-DES-CBC3-SHA", - "AES256-SHA", - "CAMELLIA256-SHA", - "AES128-SHA", - "CAMELLIA128-SHA", - "DES-CBC3-SHA", - "NULL-MD5", - "NULL-SHA", - - "ECDHE-RSA-AES128-SHA", - "ECDHE-RSA-AES256-SHA", - "ECDHE-RSA-DES-CBC3-SHA", - "ECDHE-RSA-NULL-SHA", - - #"NULL-SHA256", - "AES128-SHA256", - "DHE-RSA-AES128-SHA256", - "AES256-SHA256", - "DHE-RSA-AES256-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-RSA-AES256-SHA384", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES256-GCM-SHA384", - - #"PSK-3DES-EDE-CBC-SHA", - #"PSK-AES128-CBC-SHA", - #"PSK-AES256-CBC-SHA", - - "PSK-DES-CBC3-SHA", - "PSK-AES128-SHA", - "PSK-AES256-SHA", - ] - - for i in range(len(m_ciphers)): - - g = translate_gnu(m_ciphers[i]) - if g!=g_ciphers[i]: - print("GNU", i) - print("new".ljust(10), g) - print("original".ljust(10), g_ciphers[i]) - # break - - - o = translate_ossl(m_ciphers[i]) - if o!=o_ciphers[i]: - print("OpenSSL", i) - print("new".ljust(10), o) - print("original".ljust(10), o_ciphers[i]) - # break - -def test_mbed_ossl_common(): - m_ciphers = [ - "TLS-ECDH-ECDSA-WITH-NULL-SHA", - "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-RSA-WITH-DES-CBC-SHA", - - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - ] - o_ciphers = [ - "ECDH-ECDSA-NULL-SHA", - "ECDH-ECDSA-DES-CBC3-SHA", - "ECDH-ECDSA-AES128-SHA", - "ECDH-ECDSA-AES256-SHA", - - "ECDH-ECDSA-AES128-SHA256", - "ECDH-ECDSA-AES256-SHA384", - "ECDH-ECDSA-AES128-GCM-SHA256", - "ECDH-ECDSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-ARIA256-GCM-SHA384", - "ECDHE-ECDSA-ARIA128-GCM-SHA256", - "ECDHE-ECDSA-CHACHA20-POLY1305", - - "DES-CBC-SHA", - #"EDH-RSA-DES-CBC-SHA", - "DHE-RSA-DES-CBC-SHA", - - "ECDHE-ARIA256-GCM-SHA384", - "DHE-RSA-ARIA256-GCM-SHA384", - "ARIA256-GCM-SHA384", - "ECDHE-ARIA128-GCM-SHA256", - "DHE-RSA-ARIA128-GCM-SHA256", - "ARIA128-GCM-SHA256", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - - "DHE-PSK-ARIA256-GCM-SHA384", - "DHE-PSK-ARIA128-GCM-SHA256", - "PSK-ARIA256-GCM-SHA384", - "PSK-ARIA128-GCM-SHA256", - "PSK-CHACHA20-POLY1305", - "ECDHE-PSK-CHACHA20-POLY1305", - "DHE-PSK-CHACHA20-POLY1305", - ] - - for i in range(len(m_ciphers)): - - o = translate_ossl(m_ciphers[i]) - if o!=o_ciphers[i]: - print("OpenSSL", i) - print("new".ljust(10), o) - print("original".ljust(10), o_ciphers[i]) - # break - -def test_mbed_gnu_common(): - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - - "TLS-RSA-WITH-NULL-SHA256", - - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-AES-128-CCM", - "TLS-RSA-WITH-AES-256-CCM", - "TLS-DHE-RSA-WITH-AES-128-CCM", - "TLS-DHE-RSA-WITH-AES-256-CCM", - "TLS-RSA-WITH-AES-128-CCM-8", - "TLS-RSA-WITH-AES-256-CCM-8", - "TLS-DHE-RSA-WITH-AES-128-CCM-8", - "TLS-DHE-RSA-WITH-AES-256-CCM-8", - - "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-NULL-SHA384", - "TLS-ECDHE-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-AES-128-CBC-SHA256", - "TLS-PSK-WITH-AES-256-CBC-SHA384", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-NULL-SHA256", - "TLS-DHE-PSK-WITH-NULL-SHA384", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-AES-128-GCM-SHA256", - "TLS-PSK-WITH-AES-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "TLS-PSK-WITH-AES-128-CCM", - "TLS-PSK-WITH-AES-256-CCM", - "TLS-DHE-PSK-WITH-AES-128-CCM", - "TLS-DHE-PSK-WITH-AES-256-CCM", - "TLS-PSK-WITH-AES-128-CCM-8", - "TLS-PSK-WITH-AES-256-CCM-8", - "TLS-DHE-PSK-WITH-AES-128-CCM-8", - "TLS-DHE-PSK-WITH-AES-256-CCM-8", - "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - - "+RSA:+NULL:+SHA256", - - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+AES-128-CCM:+AEAD", - "+RSA:+AES-256-CCM:+AEAD", - "+DHE-RSA:+AES-128-CCM:+AEAD", - "+DHE-RSA:+AES-256-CCM:+AEAD", - "+RSA:+AES-128-CCM-8:+AEAD", - "+RSA:+AES-256-CCM-8:+AEAD", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - - "+DHE-PSK:+3DES-CBC:+SHA1", - "+DHE-PSK:+AES-128-CBC:+SHA1", - "+DHE-PSK:+AES-256-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+AES-256-CBC:+SHA1", - "+RSA-PSK:+AES-128-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-PSK:+NULL:+SHA384", - "+ECDHE-PSK:+NULL:+SHA256", - "+PSK:+AES-128-CBC:+SHA256", - "+PSK:+AES-256-CBC:+SHA384", - "+DHE-PSK:+AES-128-CBC:+SHA256", - "+DHE-PSK:+AES-256-CBC:+SHA384", - "+PSK:+NULL:+SHA256", - "+PSK:+NULL:+SHA384", - "+DHE-PSK:+NULL:+SHA256", - "+DHE-PSK:+NULL:+SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - "+RSA-PSK:+AES-128-CBC:+SHA256", - "+RSA-PSK:+NULL:+SHA256", - "+RSA-PSK:+NULL:+SHA384", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+AES-128-GCM:+AEAD", - "+PSK:+AES-256-GCM:+AEAD", - "+DHE-PSK:+AES-128-GCM:+AEAD", - "+DHE-PSK:+AES-256-GCM:+AEAD", - "+PSK:+AES-128-CCM:+AEAD", - "+PSK:+AES-256-CCM:+AEAD", - "+DHE-PSK:+AES-128-CCM:+AEAD", - "+DHE-PSK:+AES-256-CCM:+AEAD", - "+PSK:+AES-128-CCM-8:+AEAD", - "+PSK:+AES-256-CCM-8:+AEAD", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - "+RSA-PSK:+AES-256-GCM:+AEAD", - "+RSA-PSK:+AES-128-GCM:+AEAD", - ] - - for i in range(len(m_ciphers)): - - g = translate_gnu(m_ciphers[i]) - if g!=g_ciphers[i]: - print("GNU", i) - print("new".ljust(10), g) - print("original".ljust(10), g_ciphers[i]) - # break - -test_all_common() -test_mbed_ossl_common() -test_mbed_gnu_common() \ No newline at end of file