diff --git a/tests/compat.sh b/tests/compat.sh index 36018f2d18..4e18fce2d2 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -329,11 +329,11 @@ add_common_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + T=$(./scripts/translate_ciphers.py g $CIPHERS) check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" - T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + T=$(./scripts/translate_ciphers.py o $CIPHERS) check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -417,7 +417,7 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py o "$CIPHERS"` + T=$(./scripts/translate_ciphers.py o $CIPHERS) check_translation $? "$T" O_CIPHERS="$O_CIPHERS $T" } @@ -551,7 +551,7 @@ add_gnutls_ciphersuites() M_CIPHERS="$M_CIPHERS $CIPHERS" - T=`python3 scripts/translate_ciphers.py g "$CIPHERS"` + T=$(./scripts/translate_ciphers.py g $CIPHERS) check_translation $? "$T" G_CIPHERS="$G_CIPHERS $T" } diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh index 6f1bdd08be..1dc7bbc0e8 100755 --- a/tests/scripts/test_translate_ciphers_format.sh +++ b/tests/scripts/test_translate_ciphers_format.sh @@ -29,84 +29,71 @@ # This files main purpose is to ensure translate_ciphers.py can take strings # in the expected format and return them in the format compat.sh will expect. +set -eu + if cd $( dirname $0 ); then :; else echo "cd $( dirname $0 ) failed" >&2 exit 1 fi -# Ciphers that will use translate_ciphers.py -M_CIPHERS="" +fail=0 + +# Initalize ciphers translated from Mbed TLS using translate_ciphers.py +O_TRANSLATED_CIPHERS="" +G_TRANSLATED_CIPHERS="" + +# Initalize ciphers that are known to be in the correct format O_CIPHERS="" G_CIPHERS="" -# Ciphers taken directly from compat.sh -Mt_CIPHERS="" -Ot_CIPHERS="" -Gt_CIPHERS="" - -# Initial list to be split into 3 +# Mbed TLS ciphersuite names to be translated +# into GnuTLS and OpenSSL CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " -M_CIPHERS="$M_CIPHERS $CIPHERS" +G=$(./translate_ciphers.py g $CIPHERS) || fail=1 +G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" -G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS $G" +O=$(./translate_ciphers.py o $CIPHERS) || fail=1 +O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" -O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS $O" - -Mt_CIPHERS="$Mt_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " -Gt_CIPHERS="$Gt_CIPHERS \ +G_CIPHERS="$G_CIPHERS \ +ECDHE-ECDSA:+NULL:+SHA1 \ +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ " -Ot_CIPHERS="$Ot_CIPHERS \ +O_CIPHERS="$O_CIPHERS \ ECDHE-ECDSA-NULL-SHA \ ECDHE-ECDSA-DES-CBC3-SHA \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ " - -# Initial list to be split into 3 -CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ +# Mbed TLS ciphersuite names to be translated +# into GnuTLS and OpenSSL +CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " -M_CIPHERS="$M_CIPHERS $CIPHERS" +G=$(./translate_ciphers.py g $CIPHERS) || fail=1 +G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" -G=`python3 translate_ciphers.py g "$CIPHERS"` -G_CIPHERS="$G_CIPHERS $G" +O=$(./translate_ciphers.py o $CIPHERS) || fail=1 +O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" -O=`python3 translate_ciphers.py o "$CIPHERS"` -O_CIPHERS="$O_CIPHERS $O" - -Mt_CIPHERS="$Mt_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " -Gt_CIPHERS="$Gt_CIPHERS \ +G_CIPHERS="$G_CIPHERS \ +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ " -Ot_CIPHERS="$Ot_CIPHERS \ +O_CIPHERS="$O_CIPHERS \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-ECDSA-AES128-GCM-SHA256 \ @@ -114,28 +101,25 @@ Ot_CIPHERS="$Ot_CIPHERS \ " # Normalise spacing -M_CIPHERS=$( echo "$M_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -G_CIPHERS=$( echo "$G_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -O_CIPHERS=$( echo "$O_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS ) +O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS ) -Mt_CIPHERS=$( echo "$Mt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -Gt_CIPHERS=$( echo "$Gt_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') -Ot_CIPHERS=$( echo "$Ot_CIPHERS" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//') +G_CIPHERS=$( echo $G_CIPHERS ) +O_CIPHERS=$( echo $O_CIPHERS ) # Compare the compat.sh names with the translated names # Upon fail, print them to view the differences -if [ "$Mt_CIPHERS" != "$M_CIPHERS" ] +if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ] then - echo "MBEDTLS Translated: $M_CIPHERS" - echo "MBEDTLS Original: $Mt_CIPHERS" + echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS" + echo "GnuTLS Original: $G_CIPHERS" + fail=1 fi -if [ "$Gt_CIPHERS" != "$G_CIPHERS" ] +if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ] then - echo "GNUTLS Translated: $G_CIPHERS" - echo "GNUTLS Original: $Gt_CIPHERS" -fi -if [ "$Ot_CIPHERS" != "$O_CIPHERS" ] -then - echo "OpenSSL Translated: $O_CIPHERS" - echo "OpenSSL Original: $Ot_CIPHERS" + echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS" + echo "OpenSSL Original: $O_CIPHERS" + fail=1 fi + +exit $fail diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py index 84bcc9931d..33ad4e3db7 100755 --- a/tests/scripts/test_translate_ciphers_names.py +++ b/tests/scripts/test_translate_ciphers_names.py @@ -19,11 +19,11 @@ # """ -Test translate_ciphers.py by running every MBedTLS ciphersuite name +Test translate_ciphers.py by running every Mbed TLS ciphersuite name combination through the translate functions and comparing them to their correct GNUTLS or OpenSSL counterpart. """ - +import sys from translate_ciphers import translate_gnutls, translate_ossl def assert_equal(translate, original): @@ -36,431 +36,474 @@ def assert_equal(translate, original): assert translate == original except AssertionError: print("%s\n%s\n" %(translate, original)) + sys.exit(1) def test_all_common(): """ - Translate the MBedTLS ciphersuite names to the common OpenSSL and - GnuTLS ciphersite names, and compare them with the true, expected + Translate the Mbed TLS ciphersuite names to the common OpenSSL and + GnuTLS ciphersuite names, and compare them with the true, expected corresponding OpenSSL and GnuTLS ciphersuite names """ - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + ciphers = [ + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "ECDHE-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "ECDHE-ECDSA-AES128-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + "ECDHE-ECDSA-AES256-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "ECDHE-ECDSA-AES128-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "ECDHE-ECDSA-AES256-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + "ECDHE-ECDSA-AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "+DHE-RSA:+AES-128-CBC:+SHA1", + "DHE-RSA-AES128-SHA"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "DHE-RSA-AES256-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "DHE-RSA-CAMELLIA128-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "DHE-RSA-CAMELLIA256-SHA"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "CAMELLIA256-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA", + "+RSA:+AES-128-CBC:+SHA1", + "AES128-SHA"), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "CAMELLIA128-SHA"), + ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "+RSA:+3DES-CBC:+SHA1", + "DES-CBC3-SHA"), + ("TLS-RSA-WITH-NULL-MD5", + "+RSA:+NULL:+MD5", + "NULL-MD5"), + ("TLS-RSA-WITH-NULL-SHA", + "+RSA:+NULL:+SHA1", + "NULL-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "ECDHE-RSA-AES128-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "ECDHE-RSA-AES256-SHA"), + ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "ECDHE-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-RSA-WITH-NULL-SHA", + "+ECDHE-RSA:+NULL:+SHA1", + "ECDHE-RSA-NULL-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA256", + "+RSA:+AES-128-CBC:+SHA256", + "AES128-SHA256"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "DHE-RSA-AES128-SHA256"), + ("TLS-RSA-WITH-AES-256-CBC-SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "AES256-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "DHE-RSA-AES256-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "ECDHE-RSA-AES128-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "ECDHE-RSA-AES256-SHA384"), + ("TLS-RSA-WITH-AES-128-GCM-SHA256", + "+RSA:+AES-128-GCM:+AEAD", + "AES128-GCM-SHA256"), + ("TLS-RSA-WITH-AES-256-GCM-SHA384", + "+RSA:+AES-256-GCM:+AEAD", + "AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "DHE-RSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "DHE-RSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "ECDHE-RSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + "ECDHE-RSA-AES256-GCM-SHA384"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), + ("TLS-PSK-WITH-AES-128-CBC-SHA", + "+PSK:+AES-128-CBC:+SHA1", + "PSK-AES128-CBC-SHA"), + ("TLS-PSK-WITH-AES-256-CBC-SHA", + "+PSK:+AES-256-CBC:+SHA1", + "PSK-AES256-CBC-SHA"), - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + ("TLS-ECDH-ECDSA-WITH-NULL-SHA", + None, + "ECDH-ECDSA-NULL-SHA"), + ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + None, + "ECDH-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + None, + "ECDH-ECDSA-AES128-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + None, + "ECDH-ECDSA-AES256-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + None, + "ECDH-ECDSA-AES128-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + None, + "ECDH-ECDSA-AES256-SHA384"), + ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + None, + "ECDH-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + None, + "ECDH-ECDSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ECDSA-ARIA256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ECDSA-ARIA128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-RSA-WITH-DES-CBC-SHA", + None, + "DES-CBC-SHA"), + ("TLS-DHE-RSA-WITH-DES-CBC-SHA", + None, + "EDH-RSA-DES-CBC-SHA"), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-RSA-ARIA256-GCM-SHA384"), + ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ARIA256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-RSA-ARIA128-GCM-SHA256"), + ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-RSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-RSA-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-PSK-ARIA256-GCM-SHA384"), + ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "PSK-ARIA256-GCM-SHA384"), + ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "PSK-CHACHA20-POLY1305"), + ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-PSK-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-PSK-CHACHA20-POLY1305"), - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-AES-256-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "TLS-RSA-WITH-AES-128-CBC-SHA", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-WITH-NULL-MD5", - "TLS-RSA-WITH-NULL-SHA", - - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDHE-RSA-WITH-NULL-SHA", - - "TLS-RSA-WITH-AES-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-RSA-WITH-AES-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "TLS-RSA-WITH-AES-128-GCM-SHA256", - "TLS-RSA-WITH-AES-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - - "TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-PSK-WITH-AES-128-CBC-SHA", - "TLS-PSK-WITH-AES-256-CBC-SHA", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+NULL:+SHA1", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - - "+DHE-RSA:+AES-128-CBC:+SHA1", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "+DHE-RSA:+3DES-CBC:+SHA1", - "+RSA:+AES-256-CBC:+SHA1", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "+RSA:+AES-128-CBC:+SHA1", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "+RSA:+3DES-CBC:+SHA1", - "+RSA:+NULL:+MD5", - "+RSA:+NULL:+SHA1", - - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "+ECDHE-RSA:+NULL:+SHA1", - - "+RSA:+AES-128-CBC:+SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "+RSA:+AES-128-GCM:+AEAD", - "+RSA:+AES-256-GCM:+AEAD", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - - "+PSK:+3DES-CBC:+SHA1", - "+PSK:+AES-128-CBC:+SHA1", - "+PSK:+AES-256-CBC:+SHA1", - ] - o_ciphers = [ - "ECDHE-ECDSA-NULL-SHA", - "ECDHE-ECDSA-DES-CBC3-SHA", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA", - - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - - "DHE-RSA-AES128-SHA", - "DHE-RSA-AES256-SHA", - "DHE-RSA-CAMELLIA128-SHA", - "DHE-RSA-CAMELLIA256-SHA", - "EDH-RSA-DES-CBC3-SHA", - "AES256-SHA", - "CAMELLIA256-SHA", - "AES128-SHA", - "CAMELLIA128-SHA", - "DES-CBC3-SHA", - "NULL-MD5", - "NULL-SHA", - - "ECDHE-RSA-AES128-SHA", - "ECDHE-RSA-AES256-SHA", - "ECDHE-RSA-DES-CBC3-SHA", - "ECDHE-RSA-NULL-SHA", - - #"NULL-SHA256", - "AES128-SHA256", - "DHE-RSA-AES128-SHA256", - "AES256-SHA256", - "DHE-RSA-AES256-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-RSA-AES256-SHA384", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES256-GCM-SHA384", - - "PSK-3DES-EDE-CBC-SHA", - "PSK-AES128-CBC-SHA", - "PSK-AES256-CBC-SHA", + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-NULL-SHA256", + "+RSA:+NULL:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM", + "+RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM", + "+RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM", + "+DHE-RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM", + "+DHE-RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM-8", + "+RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM-8", + "+RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM-8", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM-8", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+DHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "+DHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + "+DHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "+RSA-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "+RSA-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + "+RSA-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA384", + "+ECDHE-PSK:+NULL:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA256", + "+ECDHE-PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-CBC-SHA256", + "+PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-256-CBC-SHA384", + "+PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "+DHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "+DHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-NULL-SHA256", + "+PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-NULL-SHA384", + "+PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA256", + "+DHE-PSK:+NULL:+SHA256", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA384", + "+DHE-PSK:+NULL:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "+RSA-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA256", + "+RSA-PSK:+NULL:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA384", + "+RSA-PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-GCM-SHA256", + "+PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-GCM-SHA384", + "+PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "+DHE-PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "+DHE-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM", + "+PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM", + "+PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM", + "+DHE-PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM", + "+DHE-PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM-8", + "+PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM-8", + "+PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM-8", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM-8", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "+RSA-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + "+RSA-PSK:+AES-128-GCM:+AEAD", + None), ] - for m, g_exp, o_exp in zip(m_ciphers, g_ciphers, o_ciphers): + for m, g_exp, o_exp in ciphers: - g = translate_gnutls(m) - assert_equal(g, g_exp) + if g_exp != None: + g = translate_gnutls(m) + assert_equal(g, g_exp) - o = translate_ossl(m) - assert_equal(o, o_exp) - -def test_mbedtls_ossl_common(): - """ - Translate the MBedTLS ciphersuite names to the common OpenSSL - ciphersite names, and compare them with the true, expected - corresponding OpenSSL ciphersuite name - """ - m_ciphers = [ - "TLS-ECDH-ECDSA-WITH-NULL-SHA", - "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-RSA-WITH-DES-CBC-SHA", - - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - ] - o_ciphers = [ - "ECDH-ECDSA-NULL-SHA", - "ECDH-ECDSA-DES-CBC3-SHA", - "ECDH-ECDSA-AES128-SHA", - "ECDH-ECDSA-AES256-SHA", - - "ECDH-ECDSA-AES128-SHA256", - "ECDH-ECDSA-AES256-SHA384", - "ECDH-ECDSA-AES128-GCM-SHA256", - "ECDH-ECDSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-ARIA256-GCM-SHA384", - "ECDHE-ECDSA-ARIA128-GCM-SHA256", - "ECDHE-ECDSA-CHACHA20-POLY1305", - - "DES-CBC-SHA", - "EDH-RSA-DES-CBC-SHA", - - "ECDHE-ARIA256-GCM-SHA384", - "DHE-RSA-ARIA256-GCM-SHA384", - "ARIA256-GCM-SHA384", - "ECDHE-ARIA128-GCM-SHA256", - "DHE-RSA-ARIA128-GCM-SHA256", - "ARIA128-GCM-SHA256", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - - "DHE-PSK-ARIA256-GCM-SHA384", - "DHE-PSK-ARIA128-GCM-SHA256", - "PSK-ARIA256-GCM-SHA384", - "PSK-ARIA128-GCM-SHA256", - "PSK-CHACHA20-POLY1305", - "ECDHE-PSK-CHACHA20-POLY1305", - "DHE-PSK-CHACHA20-POLY1305", - ] - - for m, o_exp in zip(m_ciphers, o_ciphers): - - o = translate_ossl(m) - assert_equal(o, o_exp) - -def test_mbedtls_gnutls_common(): - """ - Translate the MBedTLS ciphersuite names to the common GnuTLS - ciphersite names, and compare them with the true, expected - corresponding GnuTLS ciphersuite names - """ - m_ciphers = [ - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - - "TLS-RSA-WITH-NULL-SHA256", - - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-WITH-AES-128-CCM", - "TLS-RSA-WITH-AES-256-CCM", - "TLS-DHE-RSA-WITH-AES-128-CCM", - "TLS-DHE-RSA-WITH-AES-256-CCM", - "TLS-RSA-WITH-AES-128-CCM-8", - "TLS-RSA-WITH-AES-256-CCM-8", - "TLS-DHE-RSA-WITH-AES-128-CCM-8", - "TLS-DHE-RSA-WITH-AES-256-CCM-8", - - "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-ECDHE-PSK-WITH-NULL-SHA384", - "TLS-ECDHE-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-AES-128-CBC-SHA256", - "TLS-PSK-WITH-AES-256-CBC-SHA384", - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "TLS-PSK-WITH-NULL-SHA256", - "TLS-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-NULL-SHA256", - "TLS-DHE-PSK-WITH-NULL-SHA384", - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA256", - "TLS-RSA-PSK-WITH-NULL-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "TLS-PSK-WITH-AES-128-GCM-SHA256", - "TLS-PSK-WITH-AES-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "TLS-PSK-WITH-AES-128-CCM", - "TLS-PSK-WITH-AES-256-CCM", - "TLS-DHE-PSK-WITH-AES-128-CCM", - "TLS-DHE-PSK-WITH-AES-256-CCM", - "TLS-PSK-WITH-AES-128-CCM-8", - "TLS-PSK-WITH-AES-256-CCM-8", - "TLS-DHE-PSK-WITH-AES-128-CCM-8", - "TLS-DHE-PSK-WITH-AES-256-CCM-8", - "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - ] - g_ciphers = [ - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - - "+RSA:+NULL:+SHA256", - - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - "+RSA:+AES-128-CCM:+AEAD", - "+RSA:+AES-256-CCM:+AEAD", - "+DHE-RSA:+AES-128-CCM:+AEAD", - "+DHE-RSA:+AES-256-CCM:+AEAD", - "+RSA:+AES-128-CCM-8:+AEAD", - "+RSA:+AES-256-CCM-8:+AEAD", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - - "+DHE-PSK:+3DES-CBC:+SHA1", - "+DHE-PSK:+AES-128-CBC:+SHA1", - "+DHE-PSK:+AES-256-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+3DES-CBC:+SHA1", - "+RSA-PSK:+AES-256-CBC:+SHA1", - "+RSA-PSK:+AES-128-CBC:+SHA1", - - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+ECDHE-PSK:+NULL:+SHA384", - "+ECDHE-PSK:+NULL:+SHA256", - "+PSK:+AES-128-CBC:+SHA256", - "+PSK:+AES-256-CBC:+SHA384", - "+DHE-PSK:+AES-128-CBC:+SHA256", - "+DHE-PSK:+AES-256-CBC:+SHA384", - "+PSK:+NULL:+SHA256", - "+PSK:+NULL:+SHA384", - "+DHE-PSK:+NULL:+SHA256", - "+DHE-PSK:+NULL:+SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - "+RSA-PSK:+AES-128-CBC:+SHA256", - "+RSA-PSK:+NULL:+SHA256", - "+RSA-PSK:+NULL:+SHA384", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - "+PSK:+AES-128-GCM:+AEAD", - "+PSK:+AES-256-GCM:+AEAD", - "+DHE-PSK:+AES-128-GCM:+AEAD", - "+DHE-PSK:+AES-256-GCM:+AEAD", - "+PSK:+AES-128-CCM:+AEAD", - "+PSK:+AES-256-CCM:+AEAD", - "+DHE-PSK:+AES-128-CCM:+AEAD", - "+DHE-PSK:+AES-256-CCM:+AEAD", - "+PSK:+AES-128-CCM-8:+AEAD", - "+PSK:+AES-256-CCM-8:+AEAD", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - "+RSA-PSK:+AES-256-GCM:+AEAD", - "+RSA-PSK:+AES-128-GCM:+AEAD", - ] - - for m, g_exp in zip(m_ciphers, g_ciphers): - - g = translate_gnutls(m) - assert_equal(g, g_exp) + if o_exp != None: + o = translate_ossl(m) + assert_equal(o, o_exp) test_all_common() -test_mbedtls_ossl_common() -test_mbedtls_gnutls_common() diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 66c878ac39..39339c3d23 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -21,15 +21,13 @@ Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS standards. -Format and analyse strings past in via input arguments to match -the expected strings utilised in compat.sh. - sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. sys.argv[2] should be a string containing one or more ciphersuite names. """ import re import sys +import argparse def translate_gnutls(m_cipher): """ @@ -37,27 +35,25 @@ def translate_gnutls(m_cipher): and return the GnuTLS naming convention """ - # Remove "TLS-" - # Replace "-WITH-" with ":+" - # Remove "EDE" - m_cipher = "+" + m_cipher[4:] + m_cipher = re.sub(r'\ATLS-', '+', m_cipher) m_cipher = m_cipher.replace("-WITH-", ":+") m_cipher = m_cipher.replace("-EDE", "") - # SHA == SHA1, if the last 3 chars are SHA append 1 + # SHA in Mbed TLS == SHA1 GnuTLS, + # if the last 3 chars are SHA append 1 if m_cipher[-3:] == "SHA": m_cipher = m_cipher+"1" # CCM or CCM-8 should be followed by ":+AEAD" - if "CCM" in m_cipher: + # Replace "GCM:+SHAxyz" with "GCM:+AEAD" + if "CCM" in m_cipher or "GCM" in m_cipher: + m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher) m_cipher = m_cipher+":+AEAD" # Replace the last "-" with ":+" - # Replace "GCM:+SHAxyz" with "GCM:+AEAD" else: index = m_cipher.rindex("-") - m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] - m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) + m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:] return m_cipher @@ -67,9 +63,7 @@ def translate_ossl(m_cipher): and return the OpenSSL naming convention """ - # Remove "TLS-" - # Remove "WITH" - m_cipher = m_cipher[4:] + m_cipher = re.sub(r'^TLS-', '', m_cipher) m_cipher = m_cipher.replace("-WITH", "") # Remove the "-" from "ABC-xyz" @@ -78,8 +72,7 @@ def translate_ossl(m_cipher): m_cipher = m_cipher.replace("ARIA-", "ARIA") # Remove "RSA" if it is at the beginning - if m_cipher[:4] == "RSA-": - m_cipher = m_cipher[4:] + m_cipher = re.sub(r'^RSA-', r'', m_cipher) # For all circumstances outside of PSK if "PSK" not in m_cipher: @@ -87,10 +80,7 @@ def translate_ossl(m_cipher): m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") # Remove "CBC" if it is not prefixed by DES - if "CBC" in m_cipher: - index = m_cipher.rindex("CBC") - if m_cipher[index-4:index-1] != "DES": - m_cipher = m_cipher.replace("CBC-", "") + m_cipher = re.sub(r'(?