mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 01:26:49 +00:00
Improve consitancy and useability
test_translate_ciphers_names.py - Combined m, o and g ciphers all into one a single list of tuples to avoid needing to rely on indexes test_translate_ciphers_format.sh - Removed redundant test - Added return errors compat.sh - Improved how translate_ciphers.py is called translate_ciphers.py - Improve regex and translation to be more intutive and efficient - change how arguments are taken and handelled to be more reliable Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
This commit is contained in:
Joe Subbiani
parent
439a696903
commit
918ee797ce
@ -329,11 +329,11 @@ add_common_ciphersuites()
|
||||
|
||||
M_CIPHERS="$M_CIPHERS $CIPHERS"
|
||||
|
||||
T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
|
||||
T=$(./scripts/translate_ciphers.py g $CIPHERS)
|
||||
check_translation $? "$T"
|
||||
G_CIPHERS="$G_CIPHERS $T"
|
||||
|
||||
T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
|
||||
T=$(./scripts/translate_ciphers.py o $CIPHERS)
|
||||
check_translation $? "$T"
|
||||
O_CIPHERS="$O_CIPHERS $T"
|
||||
}
|
||||
@ -417,7 +417,7 @@ add_openssl_ciphersuites()
|
||||
|
||||
M_CIPHERS="$M_CIPHERS $CIPHERS"
|
||||
|
||||
T=`python3 scripts/translate_ciphers.py o "$CIPHERS"`
|
||||
T=$(./scripts/translate_ciphers.py o $CIPHERS)
|
||||
check_translation $? "$T"
|
||||
O_CIPHERS="$O_CIPHERS $T"
|
||||
}
|
||||
@ -551,7 +551,7 @@ add_gnutls_ciphersuites()
|
||||
|
||||
M_CIPHERS="$M_CIPHERS $CIPHERS"
|
||||
|
||||
T=`python3 scripts/translate_ciphers.py g "$CIPHERS"`
|
||||
T=$(./scripts/translate_ciphers.py g $CIPHERS)
|
||||
check_translation $? "$T"
|
||||
G_CIPHERS="$G_CIPHERS $T"
|
||||
}
|
||||
|
||||
@ -29,84 +29,71 @@
|
||||
# This files main purpose is to ensure translate_ciphers.py can take strings
|
||||
# in the expected format and return them in the format compat.sh will expect.
|
||||
|
||||
set -eu
|
||||
|
||||
if cd $( dirname $0 ); then :; else
|
||||
echo "cd $( dirname $0 ) failed" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ciphers that will use translate_ciphers.py
|
||||
M_CIPHERS=""
|
||||
fail=0
|
||||
|
||||
# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
|
||||
O_TRANSLATED_CIPHERS=""
|
||||
G_TRANSLATED_CIPHERS=""
|
||||
|
||||
# Initalize ciphers that are known to be in the correct format
|
||||
O_CIPHERS=""
|
||||
G_CIPHERS=""
|
||||
|
||||
# Ciphers taken directly from compat.sh
|
||||
Mt_CIPHERS=""
|
||||
Ot_CIPHERS=""
|
||||
Gt_CIPHERS=""
|
||||
|
||||
# Initial list to be split into 3
|
||||
# Mbed TLS ciphersuite names to be translated
|
||||
# into GnuTLS and OpenSSL
|
||||
CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
M_CIPHERS="$M_CIPHERS $CIPHERS"
|
||||
G=$(./translate_ciphers.py g $CIPHERS) || fail=1
|
||||
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
|
||||
|
||||
G=`python3 translate_ciphers.py g "$CIPHERS"`
|
||||
G_CIPHERS="$G_CIPHERS $G"
|
||||
O=$(./translate_ciphers.py o $CIPHERS) || fail=1
|
||||
O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
|
||||
|
||||
O=`python3 translate_ciphers.py o "$CIPHERS"`
|
||||
O_CIPHERS="$O_CIPHERS $O"
|
||||
|
||||
Mt_CIPHERS="$Mt_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
Gt_CIPHERS="$Gt_CIPHERS \
|
||||
G_CIPHERS="$G_CIPHERS \
|
||||
+ECDHE-ECDSA:+NULL:+SHA1 \
|
||||
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
|
||||
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
|
||||
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
|
||||
"
|
||||
Ot_CIPHERS="$Ot_CIPHERS \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
ECDHE-ECDSA-NULL-SHA \
|
||||
ECDHE-ECDSA-DES-CBC3-SHA \
|
||||
ECDHE-ECDSA-AES128-SHA \
|
||||
ECDHE-ECDSA-AES256-SHA \
|
||||
"
|
||||
|
||||
|
||||
# Initial list to be split into 3
|
||||
CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
# Mbed TLS ciphersuite names to be translated
|
||||
# into GnuTLS and OpenSSL
|
||||
CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
|
||||
M_CIPHERS="$M_CIPHERS $CIPHERS"
|
||||
G=$(./translate_ciphers.py g $CIPHERS) || fail=1
|
||||
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
|
||||
|
||||
G=`python3 translate_ciphers.py g "$CIPHERS"`
|
||||
G_CIPHERS="$G_CIPHERS $G"
|
||||
O=$(./translate_ciphers.py o $CIPHERS) || fail=1
|
||||
O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
|
||||
|
||||
O=`python3 translate_ciphers.py o "$CIPHERS"`
|
||||
O_CIPHERS="$O_CIPHERS $O"
|
||||
|
||||
Mt_CIPHERS="$Mt_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
Gt_CIPHERS="$Gt_CIPHERS \
|
||||
G_CIPHERS="$G_CIPHERS \
|
||||
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
|
||||
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
|
||||
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
|
||||
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
|
||||
"
|
||||
Ot_CIPHERS="$Ot_CIPHERS \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
ECDHE-ECDSA-AES128-SHA256 \
|
||||
ECDHE-ECDSA-AES256-SHA384 \
|
||||
ECDHE-ECDSA-AES128-GCM-SHA256 \
|
||||
@ -114,28 +101,25 @@ Ot_CIPHERS="$Ot_CIPHERS \
|
||||
"
|
||||
|
||||
# Normalise spacing
|
||||
M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
|
||||
O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
|
||||
|
||||
Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//')
|
||||
G_CIPHERS=$( echo $G_CIPHERS )
|
||||
O_CIPHERS=$( echo $O_CIPHERS )
|
||||
|
||||
# Compare the compat.sh names with the translated names
|
||||
# Upon fail, print them to view the differences
|
||||
if [ "$Mt_CIPHERS" != "$M_CIPHERS" ]
|
||||
if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
|
||||
then
|
||||
echo "MBEDTLS Translated: $M_CIPHERS"
|
||||
echo "MBEDTLS Original: $Mt_CIPHERS"
|
||||
echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS"
|
||||
echo "GnuTLS Original: $G_CIPHERS"
|
||||
fail=1
|
||||
fi
|
||||
if [ "$Gt_CIPHERS" != "$G_CIPHERS" ]
|
||||
if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
|
||||
then
|
||||
echo "GNUTLS Translated: $G_CIPHERS"
|
||||
echo "GNUTLS Original: $Gt_CIPHERS"
|
||||
fi
|
||||
if [ "$Ot_CIPHERS" != "$O_CIPHERS" ]
|
||||
then
|
||||
echo "OpenSSL Translated: $O_CIPHERS"
|
||||
echo "OpenSSL Original: $Ot_CIPHERS"
|
||||
echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
|
||||
echo "OpenSSL Original: $O_CIPHERS"
|
||||
fail=1
|
||||
fi
|
||||
|
||||
exit $fail
|
||||
|
||||
@ -19,11 +19,11 @@
|
||||
#
|
||||
|
||||
"""
|
||||
Test translate_ciphers.py by running every MBedTLS ciphersuite name
|
||||
Test translate_ciphers.py by running every Mbed TLS ciphersuite name
|
||||
combination through the translate functions and comparing them to their
|
||||
correct GNUTLS or OpenSSL counterpart.
|
||||
"""
|
||||
|
||||
import sys
|
||||
from translate_ciphers import translate_gnutls, translate_ossl
|
||||
|
||||
def assert_equal(translate, original):
|
||||
@ -36,431 +36,474 @@ def assert_equal(translate, original):
|
||||
assert translate == original
|
||||
except AssertionError:
|
||||
print("%s\n%s\n" %(translate, original))
|
||||
sys.exit(1)
|
||||
|
||||
def test_all_common():
|
||||
"""
|
||||
Translate the MBedTLS ciphersuite names to the common OpenSSL and
|
||||
GnuTLS ciphersite names, and compare them with the true, expected
|
||||
Translate the Mbed TLS ciphersuite names to the common OpenSSL and
|
||||
GnuTLS ciphersuite names, and compare them with the true, expected
|
||||
corresponding OpenSSL and GnuTLS ciphersuite names
|
||||
"""
|
||||
m_ciphers = [
|
||||
"TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
||||
"TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
ciphers = [
|
||||
("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
||||
"+ECDHE-ECDSA:+NULL:+SHA1",
|
||||
"ECDHE-ECDSA-NULL-SHA"),
|
||||
("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
|
||||
"ECDHE-ECDSA-DES-CBC3-SHA"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
|
||||
"ECDHE-ECDSA-AES128-SHA"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
|
||||
"ECDHE-ECDSA-AES256-SHA"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
|
||||
"ECDHE-ECDSA-AES128-SHA256"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
|
||||
"ECDHE-ECDSA-AES256-SHA384"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384"),
|
||||
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
"+DHE-RSA:+AES-128-CBC:+SHA1",
|
||||
"DHE-RSA-AES128-SHA"),
|
||||
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
"+DHE-RSA:+AES-256-CBC:+SHA1",
|
||||
"DHE-RSA-AES256-SHA"),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
|
||||
"DHE-RSA-CAMELLIA128-SHA"),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
|
||||
"DHE-RSA-CAMELLIA256-SHA"),
|
||||
("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"+DHE-RSA:+3DES-CBC:+SHA1",
|
||||
"EDH-RSA-DES-CBC3-SHA"),
|
||||
("TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||
"+RSA:+AES-256-CBC:+SHA1",
|
||||
"AES256-SHA"),
|
||||
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
"+RSA:+CAMELLIA-256-CBC:+SHA1",
|
||||
"CAMELLIA256-SHA"),
|
||||
("TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||
"+RSA:+AES-128-CBC:+SHA1",
|
||||
"AES128-SHA"),
|
||||
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
"+RSA:+CAMELLIA-128-CBC:+SHA1",
|
||||
"CAMELLIA128-SHA"),
|
||||
("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"+RSA:+3DES-CBC:+SHA1",
|
||||
"DES-CBC3-SHA"),
|
||||
("TLS-RSA-WITH-NULL-MD5",
|
||||
"+RSA:+NULL:+MD5",
|
||||
"NULL-MD5"),
|
||||
("TLS-RSA-WITH-NULL-SHA",
|
||||
"+RSA:+NULL:+SHA1",
|
||||
"NULL-SHA"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
|
||||
"ECDHE-RSA-AES128-SHA"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
|
||||
"ECDHE-RSA-AES256-SHA"),
|
||||
("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"+ECDHE-RSA:+3DES-CBC:+SHA1",
|
||||
"ECDHE-RSA-DES-CBC3-SHA"),
|
||||
("TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||
"+ECDHE-RSA:+NULL:+SHA1",
|
||||
"ECDHE-RSA-NULL-SHA"),
|
||||
("TLS-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"+RSA:+AES-128-CBC:+SHA256",
|
||||
"AES128-SHA256"),
|
||||
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"+DHE-RSA:+AES-128-CBC:+SHA256",
|
||||
"DHE-RSA-AES128-SHA256"),
|
||||
("TLS-RSA-WITH-AES-256-CBC-SHA256",
|
||||
"+RSA:+AES-256-CBC:+SHA256",
|
||||
"AES256-SHA256"),
|
||||
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
|
||||
"+DHE-RSA:+AES-256-CBC:+SHA256",
|
||||
"DHE-RSA-AES256-SHA256"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
|
||||
"ECDHE-RSA-AES128-SHA256"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
|
||||
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
|
||||
"ECDHE-RSA-AES256-SHA384"),
|
||||
("TLS-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"+RSA:+AES-128-GCM:+AEAD",
|
||||
"AES128-GCM-SHA256"),
|
||||
("TLS-RSA-WITH-AES-256-GCM-SHA384",
|
||||
"+RSA:+AES-256-GCM:+AEAD",
|
||||
"AES256-GCM-SHA384"),
|
||||
("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"+DHE-RSA:+AES-128-GCM:+AEAD",
|
||||
"DHE-RSA-AES128-GCM-SHA256"),
|
||||
("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
"+DHE-RSA:+AES-256-GCM:+AEAD",
|
||||
"DHE-RSA-AES256-GCM-SHA384"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
|
||||
"ECDHE-RSA-AES128-GCM-SHA256"),
|
||||
("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
|
||||
"ECDHE-RSA-AES256-GCM-SHA384"),
|
||||
("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"+PSK:+3DES-CBC:+SHA1",
|
||||
"PSK-3DES-EDE-CBC-SHA"),
|
||||
("TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||
"+PSK:+AES-128-CBC:+SHA1",
|
||||
"PSK-AES128-CBC-SHA"),
|
||||
("TLS-PSK-WITH-AES-256-CBC-SHA",
|
||||
"+PSK:+AES-256-CBC:+SHA1",
|
||||
"PSK-AES256-CBC-SHA"),
|
||||
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
("TLS-ECDH-ECDSA-WITH-NULL-SHA",
|
||||
None,
|
||||
"ECDH-ECDSA-NULL-SHA"),
|
||||
("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||
None,
|
||||
"ECDH-ECDSA-DES-CBC3-SHA"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
None,
|
||||
"ECDH-ECDSA-AES128-SHA"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
None,
|
||||
"ECDH-ECDSA-AES256-SHA"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||
None,
|
||||
"ECDH-ECDSA-AES128-SHA256"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||
None,
|
||||
"ECDH-ECDSA-AES256-SHA384"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
None,
|
||||
"ECDH-ECDSA-AES128-GCM-SHA256"),
|
||||
("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
None,
|
||||
"ECDH-ECDSA-AES256-GCM-SHA384"),
|
||||
("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"ECDHE-ECDSA-ARIA256-GCM-SHA384"),
|
||||
("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"ECDHE-ECDSA-ARIA128-GCM-SHA256"),
|
||||
("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305"),
|
||||
("TLS-RSA-WITH-DES-CBC-SHA",
|
||||
None,
|
||||
"DES-CBC-SHA"),
|
||||
("TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||
None,
|
||||
"EDH-RSA-DES-CBC-SHA"),
|
||||
("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"ECDHE-ARIA256-GCM-SHA384"),
|
||||
("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"DHE-RSA-ARIA256-GCM-SHA384"),
|
||||
("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"ARIA256-GCM-SHA384"),
|
||||
("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"ECDHE-ARIA128-GCM-SHA256"),
|
||||
("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"DHE-RSA-ARIA128-GCM-SHA256"),
|
||||
("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"ARIA128-GCM-SHA256"),
|
||||
("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"DHE-RSA-CHACHA20-POLY1305"),
|
||||
("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"),
|
||||
("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"DHE-PSK-ARIA256-GCM-SHA384"),
|
||||
("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"DHE-PSK-ARIA128-GCM-SHA256"),
|
||||
("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
None,
|
||||
"PSK-ARIA256-GCM-SHA384"),
|
||||
("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
None,
|
||||
"PSK-ARIA128-GCM-SHA256"),
|
||||
("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"PSK-CHACHA20-POLY1305"),
|
||||
("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"ECDHE-PSK-CHACHA20-POLY1305"),
|
||||
("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
None,
|
||||
"DHE-PSK-CHACHA20-POLY1305"),
|
||||
|
||||
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
"TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-RSA-WITH-NULL-MD5",
|
||||
"TLS-RSA-WITH-NULL-SHA",
|
||||
|
||||
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||
|
||||
"TLS-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-RSA-WITH-AES-256-CBC-SHA256",
|
||||
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-RSA-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
|
||||
"TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||
"TLS-PSK-WITH-AES-256-CBC-SHA",
|
||||
]
|
||||
g_ciphers = [
|
||||
"+ECDHE-ECDSA:+NULL:+SHA1",
|
||||
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
|
||||
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
|
||||
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
|
||||
|
||||
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
|
||||
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
|
||||
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
|
||||
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
|
||||
|
||||
"+DHE-RSA:+AES-128-CBC:+SHA1",
|
||||
"+DHE-RSA:+AES-256-CBC:+SHA1",
|
||||
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
|
||||
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
|
||||
"+DHE-RSA:+3DES-CBC:+SHA1",
|
||||
"+RSA:+AES-256-CBC:+SHA1",
|
||||
"+RSA:+CAMELLIA-256-CBC:+SHA1",
|
||||
"+RSA:+AES-128-CBC:+SHA1",
|
||||
"+RSA:+CAMELLIA-128-CBC:+SHA1",
|
||||
"+RSA:+3DES-CBC:+SHA1",
|
||||
"+RSA:+NULL:+MD5",
|
||||
"+RSA:+NULL:+SHA1",
|
||||
|
||||
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
|
||||
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
|
||||
"+ECDHE-RSA:+3DES-CBC:+SHA1",
|
||||
"+ECDHE-RSA:+NULL:+SHA1",
|
||||
|
||||
"+RSA:+AES-128-CBC:+SHA256",
|
||||
"+DHE-RSA:+AES-128-CBC:+SHA256",
|
||||
"+RSA:+AES-256-CBC:+SHA256",
|
||||
"+DHE-RSA:+AES-256-CBC:+SHA256",
|
||||
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
|
||||
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
|
||||
"+RSA:+AES-128-GCM:+AEAD",
|
||||
"+RSA:+AES-256-GCM:+AEAD",
|
||||
"+DHE-RSA:+AES-128-GCM:+AEAD",
|
||||
"+DHE-RSA:+AES-256-GCM:+AEAD",
|
||||
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
|
||||
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
|
||||
|
||||
"+PSK:+3DES-CBC:+SHA1",
|
||||
"+PSK:+AES-128-CBC:+SHA1",
|
||||
"+PSK:+AES-256-CBC:+SHA1",
|
||||
]
|
||||
o_ciphers = [
|
||||
"ECDHE-ECDSA-NULL-SHA",
|
||||
"ECDHE-ECDSA-DES-CBC3-SHA",
|
||||
"ECDHE-ECDSA-AES128-SHA",
|
||||
"ECDHE-ECDSA-AES256-SHA",
|
||||
|
||||
"ECDHE-ECDSA-AES128-SHA256",
|
||||
"ECDHE-ECDSA-AES256-SHA384",
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256",
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||
|
||||
"DHE-RSA-AES128-SHA",
|
||||
"DHE-RSA-AES256-SHA",
|
||||
"DHE-RSA-CAMELLIA128-SHA",
|
||||
"DHE-RSA-CAMELLIA256-SHA",
|
||||
"EDH-RSA-DES-CBC3-SHA",
|
||||
"AES256-SHA",
|
||||
"CAMELLIA256-SHA",
|
||||
"AES128-SHA",
|
||||
"CAMELLIA128-SHA",
|
||||
"DES-CBC3-SHA",
|
||||
"NULL-MD5",
|
||||
"NULL-SHA",
|
||||
|
||||
"ECDHE-RSA-AES128-SHA",
|
||||
"ECDHE-RSA-AES256-SHA",
|
||||
"ECDHE-RSA-DES-CBC3-SHA",
|
||||
"ECDHE-RSA-NULL-SHA",
|
||||
|
||||
#"NULL-SHA256",
|
||||
"AES128-SHA256",
|
||||
"DHE-RSA-AES128-SHA256",
|
||||
"AES256-SHA256",
|
||||
"DHE-RSA-AES256-SHA256",
|
||||
"ECDHE-RSA-AES128-SHA256",
|
||||
"ECDHE-RSA-AES256-SHA384",
|
||||
"AES128-GCM-SHA256",
|
||||
"AES256-GCM-SHA384",
|
||||
"DHE-RSA-AES128-GCM-SHA256",
|
||||
"DHE-RSA-AES256-GCM-SHA384",
|
||||
"ECDHE-RSA-AES128-GCM-SHA256",
|
||||
"ECDHE-RSA-AES256-GCM-SHA384",
|
||||
|
||||
"PSK-3DES-EDE-CBC-SHA",
|
||||
"PSK-AES128-CBC-SHA",
|
||||
"PSK-AES256-CBC-SHA",
|
||||
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
|
||||
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
|
||||
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
|
||||
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
|
||||
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-NULL-SHA256",
|
||||
"+RSA:+NULL:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
"+RSA:+CAMELLIA-256-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-AES-128-CCM",
|
||||
"+RSA:+AES-128-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-AES-256-CCM",
|
||||
"+RSA:+AES-256-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-AES-128-CCM",
|
||||
"+DHE-RSA:+AES-128-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-AES-256-CCM",
|
||||
"+DHE-RSA:+AES-256-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-AES-128-CCM-8",
|
||||
"+RSA:+AES-128-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-WITH-AES-256-CCM-8",
|
||||
"+RSA:+AES-256-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-AES-128-CCM-8",
|
||||
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-RSA-WITH-AES-256-CCM-8",
|
||||
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"+DHE-PSK:+3DES-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
"+DHE-PSK:+AES-128-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
"+DHE-PSK:+AES-256-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"+ECDHE-PSK:+3DES-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"+RSA-PSK:+3DES-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
||||
"+RSA-PSK:+AES-256-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||
"+RSA-PSK:+AES-128-CBC:+SHA1",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-NULL-SHA384",
|
||||
"+ECDHE-PSK:+NULL:+SHA384",
|
||||
None),
|
||||
("TLS-ECDHE-PSK-WITH-NULL-SHA256",
|
||||
"+ECDHE-PSK:+NULL:+SHA256",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"+PSK:+AES-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"+PSK:+AES-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"+DHE-PSK:+AES-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"+DHE-PSK:+AES-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-PSK-WITH-NULL-SHA256",
|
||||
"+PSK:+NULL:+SHA256",
|
||||
None),
|
||||
("TLS-PSK-WITH-NULL-SHA384",
|
||||
"+PSK:+NULL:+SHA384",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-NULL-SHA256",
|
||||
"+DHE-PSK:+NULL:+SHA256",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-NULL-SHA384",
|
||||
"+DHE-PSK:+NULL:+SHA384",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"+RSA-PSK:+AES-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"+RSA-PSK:+AES-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-NULL-SHA256",
|
||||
"+RSA-PSK:+NULL:+SHA256",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-NULL-SHA384",
|
||||
"+RSA-PSK:+NULL:+SHA384",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-128-GCM-SHA256",
|
||||
"+PSK:+AES-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"+PSK:+AES-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
|
||||
"+DHE-PSK:+AES-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"+DHE-PSK:+AES-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-128-CCM",
|
||||
"+PSK:+AES-128-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-256-CCM",
|
||||
"+PSK:+AES-256-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-128-CCM",
|
||||
"+DHE-PSK:+AES-128-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||
"+DHE-PSK:+AES-256-CCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-128-CCM-8",
|
||||
"+PSK:+AES-128-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-AES-256-CCM-8",
|
||||
"+PSK:+AES-256-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
||||
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
||||
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"+RSA-PSK:+AES-256-GCM:+AEAD",
|
||||
None),
|
||||
("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
|
||||
"+RSA-PSK:+AES-128-GCM:+AEAD",
|
||||
None),
|
||||
]
|
||||
|
||||
for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers):
|
||||
for m, g_exp, o_exp in ciphers:
|
||||
|
||||
g = translate_gnutls(m)
|
||||
assert_equal(g, g_exp)
|
||||
if g_exp != None:
|
||||
g = translate_gnutls(m)
|
||||
assert_equal(g, g_exp)
|
||||
|
||||
o = translate_ossl(m)
|
||||
assert_equal(o, o_exp)
|
||||
|
||||
def test_mbedtls_ossl_common():
|
||||
"""
|
||||
Translate the MBedTLS ciphersuite names to the common OpenSSL
|
||||
ciphersite names, and compare them with the true, expected
|
||||
corresponding OpenSSL ciphersuite name
|
||||
"""
|
||||
m_ciphers = [
|
||||
"TLS-ECDH-ECDSA-WITH-NULL-SHA",
|
||||
"TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
|
||||
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
|
||||
"TLS-RSA-WITH-DES-CBC-SHA",
|
||||
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
|
||||
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
]
|
||||
o_ciphers = [
|
||||
"ECDH-ECDSA-NULL-SHA",
|
||||
"ECDH-ECDSA-DES-CBC3-SHA",
|
||||
"ECDH-ECDSA-AES128-SHA",
|
||||
"ECDH-ECDSA-AES256-SHA",
|
||||
|
||||
"ECDH-ECDSA-AES128-SHA256",
|
||||
"ECDH-ECDSA-AES256-SHA384",
|
||||
"ECDH-ECDSA-AES128-GCM-SHA256",
|
||||
"ECDH-ECDSA-AES256-GCM-SHA384",
|
||||
"ECDHE-ECDSA-ARIA256-GCM-SHA384",
|
||||
"ECDHE-ECDSA-ARIA128-GCM-SHA256",
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305",
|
||||
|
||||
"DES-CBC-SHA",
|
||||
"EDH-RSA-DES-CBC-SHA",
|
||||
|
||||
"ECDHE-ARIA256-GCM-SHA384",
|
||||
"DHE-RSA-ARIA256-GCM-SHA384",
|
||||
"ARIA256-GCM-SHA384",
|
||||
"ECDHE-ARIA128-GCM-SHA256",
|
||||
"DHE-RSA-ARIA128-GCM-SHA256",
|
||||
"ARIA128-GCM-SHA256",
|
||||
"DHE-RSA-CHACHA20-POLY1305",
|
||||
"ECDHE-RSA-CHACHA20-POLY1305",
|
||||
|
||||
"DHE-PSK-ARIA256-GCM-SHA384",
|
||||
"DHE-PSK-ARIA128-GCM-SHA256",
|
||||
"PSK-ARIA256-GCM-SHA384",
|
||||
"PSK-ARIA128-GCM-SHA256",
|
||||
"PSK-CHACHA20-POLY1305",
|
||||
"ECDHE-PSK-CHACHA20-POLY1305",
|
||||
"DHE-PSK-CHACHA20-POLY1305",
|
||||
]
|
||||
|
||||
for m, o_exp in zip(m_ciphers, o_ciphers):
|
||||
|
||||
o = translate_ossl(m)
|
||||
assert_equal(o, o_exp)
|
||||
|
||||
def test_mbedtls_gnutls_common():
|
||||
"""
|
||||
Translate the MBedTLS ciphersuite names to the common GnuTLS
|
||||
ciphersite names, and compare them with the true, expected
|
||||
corresponding GnuTLS ciphersuite names
|
||||
"""
|
||||
m_ciphers = [
|
||||
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
|
||||
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
|
||||
|
||||
"TLS-RSA-WITH-NULL-SHA256",
|
||||
|
||||
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-RSA-WITH-AES-128-CCM",
|
||||
"TLS-RSA-WITH-AES-256-CCM",
|
||||
"TLS-DHE-RSA-WITH-AES-128-CCM",
|
||||
"TLS-DHE-RSA-WITH-AES-256-CCM",
|
||||
"TLS-RSA-WITH-AES-128-CCM-8",
|
||||
"TLS-RSA-WITH-AES-256-CCM-8",
|
||||
"TLS-DHE-RSA-WITH-AES-128-CCM-8",
|
||||
"TLS-DHE-RSA-WITH-AES-256-CCM-8",
|
||||
|
||||
"TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
|
||||
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
"TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
||||
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||
|
||||
"TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-ECDHE-PSK-WITH-NULL-SHA384",
|
||||
"TLS-ECDHE-PSK-WITH-NULL-SHA256",
|
||||
"TLS-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-PSK-WITH-NULL-SHA256",
|
||||
"TLS-PSK-WITH-NULL-SHA384",
|
||||
"TLS-DHE-PSK-WITH-NULL-SHA256",
|
||||
"TLS-DHE-PSK-WITH-NULL-SHA384",
|
||||
"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
|
||||
"TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
|
||||
"TLS-RSA-PSK-WITH-NULL-SHA256",
|
||||
"TLS-RSA-PSK-WITH-NULL-SHA384",
|
||||
"TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
"TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
"TLS-PSK-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
|
||||
"TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-PSK-WITH-AES-128-CCM",
|
||||
"TLS-PSK-WITH-AES-256-CCM",
|
||||
"TLS-DHE-PSK-WITH-AES-128-CCM",
|
||||
"TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||
"TLS-PSK-WITH-AES-128-CCM-8",
|
||||
"TLS-PSK-WITH-AES-256-CCM-8",
|
||||
"TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
||||
"TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
||||
"TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
"TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
"TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
|
||||
"TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
|
||||
]
|
||||
g_ciphers = [
|
||||
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
|
||||
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
|
||||
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
|
||||
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
|
||||
|
||||
"+RSA:+NULL:+SHA256",
|
||||
|
||||
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+RSA:+CAMELLIA-256-CBC:+SHA256",
|
||||
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
|
||||
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+RSA:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+RSA:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+RSA:+AES-128-CCM:+AEAD",
|
||||
"+RSA:+AES-256-CCM:+AEAD",
|
||||
"+DHE-RSA:+AES-128-CCM:+AEAD",
|
||||
"+DHE-RSA:+AES-256-CCM:+AEAD",
|
||||
"+RSA:+AES-128-CCM-8:+AEAD",
|
||||
"+RSA:+AES-256-CCM-8:+AEAD",
|
||||
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
|
||||
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
|
||||
|
||||
"+DHE-PSK:+3DES-CBC:+SHA1",
|
||||
"+DHE-PSK:+AES-128-CBC:+SHA1",
|
||||
"+DHE-PSK:+AES-256-CBC:+SHA1",
|
||||
|
||||
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
|
||||
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
|
||||
"+ECDHE-PSK:+3DES-CBC:+SHA1",
|
||||
"+RSA-PSK:+3DES-CBC:+SHA1",
|
||||
"+RSA-PSK:+AES-256-CBC:+SHA1",
|
||||
"+RSA-PSK:+AES-128-CBC:+SHA1",
|
||||
|
||||
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
|
||||
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
|
||||
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+ECDHE-PSK:+NULL:+SHA384",
|
||||
"+ECDHE-PSK:+NULL:+SHA256",
|
||||
"+PSK:+AES-128-CBC:+SHA256",
|
||||
"+PSK:+AES-256-CBC:+SHA384",
|
||||
"+DHE-PSK:+AES-128-CBC:+SHA256",
|
||||
"+DHE-PSK:+AES-256-CBC:+SHA384",
|
||||
"+PSK:+NULL:+SHA256",
|
||||
"+PSK:+NULL:+SHA384",
|
||||
"+DHE-PSK:+NULL:+SHA256",
|
||||
"+DHE-PSK:+NULL:+SHA384",
|
||||
"+RSA-PSK:+AES-256-CBC:+SHA384",
|
||||
"+RSA-PSK:+AES-128-CBC:+SHA256",
|
||||
"+RSA-PSK:+NULL:+SHA256",
|
||||
"+RSA-PSK:+NULL:+SHA384",
|
||||
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
|
||||
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
|
||||
"+PSK:+AES-128-GCM:+AEAD",
|
||||
"+PSK:+AES-256-GCM:+AEAD",
|
||||
"+DHE-PSK:+AES-128-GCM:+AEAD",
|
||||
"+DHE-PSK:+AES-256-GCM:+AEAD",
|
||||
"+PSK:+AES-128-CCM:+AEAD",
|
||||
"+PSK:+AES-256-CCM:+AEAD",
|
||||
"+DHE-PSK:+AES-128-CCM:+AEAD",
|
||||
"+DHE-PSK:+AES-256-CCM:+AEAD",
|
||||
"+PSK:+AES-128-CCM-8:+AEAD",
|
||||
"+PSK:+AES-256-CCM-8:+AEAD",
|
||||
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
|
||||
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
|
||||
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
|
||||
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
|
||||
"+RSA-PSK:+AES-256-GCM:+AEAD",
|
||||
"+RSA-PSK:+AES-128-GCM:+AEAD",
|
||||
]
|
||||
|
||||
for m, g_exp in zip(m_ciphers, g_ciphers):
|
||||
|
||||
g = translate_gnutls(m)
|
||||
assert_equal(g, g_exp)
|
||||
if o_exp != None:
|
||||
o = translate_ossl(m)
|
||||
assert_equal(o, o_exp)
|
||||
|
||||
test_all_common()
|
||||
test_mbedtls_ossl_common()
|
||||
test_mbedtls_gnutls_common()
|
||||
|
||||
@ -21,15 +21,13 @@
|
||||
Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
|
||||
standards.
|
||||
|
||||
Format and analyse strings past in via input arguments to match
|
||||
the expected strings utilised in compat.sh.
|
||||
|
||||
sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
|
||||
sys.argv[2] should be a string containing one or more ciphersuite names.
|
||||
"""
|
||||
|
||||
import re
|
||||
import sys
|
||||
import argparse
|
||||
|
||||
def translate_gnutls(m_cipher):
|
||||
"""
|
||||
@ -37,27 +35,25 @@ def translate_gnutls(m_cipher):
|
||||
and return the GnuTLS naming convention
|
||||
"""
|
||||
|
||||
# Remove "TLS-"
|
||||
# Replace "-WITH-" with ":+"
|
||||
# Remove "EDE"
|
||||
m_cipher = "+" + m_cipher[4:]
|
||||
m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
|
||||
m_cipher = m_cipher.replace("-WITH-", ":+")
|
||||
m_cipher = m_cipher.replace("-EDE", "")
|
||||
|
||||
# SHA == SHA1, if the last 3 chars are SHA append 1
|
||||
# SHA in Mbed TLS == SHA1 GnuTLS,
|
||||
# if the last 3 chars are SHA append 1
|
||||
if m_cipher[-3:] == "SHA":
|
||||
m_cipher = m_cipher+"1"
|
||||
|
||||
# CCM or CCM-8 should be followed by ":+AEAD"
|
||||
if "CCM" in m_cipher:
|
||||
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
|
||||
if "CCM" in m_cipher or "GCM" in m_cipher:
|
||||
m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
|
||||
m_cipher = m_cipher+":+AEAD"
|
||||
|
||||
# Replace the last "-" with ":+"
|
||||
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
|
||||
else:
|
||||
index = m_cipher.rindex("-")
|
||||
m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
|
||||
m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
|
||||
m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
|
||||
|
||||
return m_cipher
|
||||
|
||||
@ -67,9 +63,7 @@ def translate_ossl(m_cipher):
|
||||
and return the OpenSSL naming convention
|
||||
"""
|
||||
|
||||
# Remove "TLS-"
|
||||
# Remove "WITH"
|
||||
m_cipher = m_cipher[4:]
|
||||
m_cipher = re.sub(r'^TLS-', '', m_cipher)
|
||||
m_cipher = m_cipher.replace("-WITH", "")
|
||||
|
||||
# Remove the "-" from "ABC-xyz"
|
||||
@ -78,8 +72,7 @@ def translate_ossl(m_cipher):
|
||||
m_cipher = m_cipher.replace("ARIA-", "ARIA")
|
||||
|
||||
# Remove "RSA" if it is at the beginning
|
||||
if m_cipher[:4] == "RSA-":
|
||||
m_cipher = m_cipher[4:]
|
||||
m_cipher = re.sub(r'^RSA-', r'', m_cipher)
|
||||
|
||||
# For all circumstances outside of PSK
|
||||
if "PSK" not in m_cipher:
|
||||
@ -87,10 +80,7 @@ def translate_ossl(m_cipher):
|
||||
m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
|
||||
|
||||
# Remove "CBC" if it is not prefixed by DES
|
||||
if "CBC" in m_cipher:
|
||||
index = m_cipher.rindex("CBC")
|
||||
if m_cipher[index-4:index-1] != "DES":
|
||||
m_cipher = m_cipher.replace("CBC-", "")
|
||||
m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
|
||||
|
||||
# ECDHE-RSA-ARIA does not exist in OpenSSL
|
||||
m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
|
||||
@ -106,23 +96,16 @@ def translate_ossl(m_cipher):
|
||||
|
||||
return m_cipher
|
||||
|
||||
def format_ciphersuite_names(mode, ciphers):
|
||||
try:
|
||||
t = {"g": translate_gnutls, "o": translate_ossl}[mode]
|
||||
return " ".join(t(c) for c in ciphers.split())
|
||||
except (KeyError) as e:
|
||||
print(e)
|
||||
print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
|
||||
sys.exit(1)
|
||||
def format_ciphersuite_names(mode, names):
|
||||
t = {"g": translate_gnutls, "o": translate_ossl}[mode]
|
||||
return " ".join(t(c) for c in names)
|
||||
|
||||
def main():
|
||||
if len(sys.argv) != 3:
|
||||
print("""Incorrect number of arguments.
|
||||
The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
|
||||
The second argument should a single space seperated string of MBedTLS ciphersuite names""")
|
||||
sys.exit(1)
|
||||
print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
|
||||
sys.exit(0)
|
||||
def main(target, names):
|
||||
print(format_ciphersuite_names(target, names))
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
PARSER = argparse.ArgumentParser()
|
||||
PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
|
||||
PARSER.add_argument('names', metavar='NAMES', nargs='+')
|
||||
ARGS = PARSER.parse_args()
|
||||
main(ARGS.target, ARGS.names)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user