| #!/usr/bin/env python3 |
| |
| # translate_ciphers.py |
| # |
| # Copyright The Mbed TLS Contributors |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # Purpose |
| # |
| # Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS |
| # standards. |
| # |
| # Format and analyse strings past in via input arguments to match |
| # the expected strings utilised in compat.sh. |
| # |
| # sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. |
| # sys.argv[2] should be a string containing one or more |
| # ciphersuite names. |
| |
| import re |
| import sys |
| |
| def translate_gnutls(m_cipher): |
| # Remove "TLS-" |
| # Replace "-WITH-" with ":+" |
| # Remove "EDE" |
| m_cipher = "+" + m_cipher[4:] |
| m_cipher = m_cipher.replace("-WITH-", ":+") |
| m_cipher = m_cipher.replace("-EDE", "") |
| |
| # SHA == SHA1, if the last 3 chars are SHA append 1 |
| if m_cipher[-3:] == "SHA": |
| m_cipher = m_cipher+"1" |
| |
| # CCM or CCM-8 should be followed by ":+AEAD" |
| if "CCM" in m_cipher: |
| m_cipher = m_cipher+":+AEAD" |
| |
| # Replace the last "-" with ":+" |
| # Replace "GCM:+SHAxyz" with "GCM:+AEAD" |
| else: |
| index=m_cipher.rindex("-") |
| m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:] |
| m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher) |
| |
| return m_cipher |
| |
| def translate_ossl(m_cipher): |
| # Remove "TLS-" |
| # Remove "WITH" |
| m_cipher = m_cipher[4:] |
| m_cipher = m_cipher.replace("-WITH", "") |
| |
| # Remove the "-" from "ABC-xyz" |
| m_cipher = m_cipher.replace("AES-", "AES") |
| m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA") |
| m_cipher = m_cipher.replace("ARIA-", "ARIA") |
| |
| # Remove "RSA" if it is at the beginning |
| if m_cipher[:4] == "RSA-": |
| m_cipher = m_cipher[4:] |
| |
| # For all circumstances outside of PSK |
| if "PSK" not in m_cipher: |
| m_cipher = m_cipher.replace("-EDE", "") |
| m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") |
| |
| # Remove "CBC" if it is not prefixed by DES |
| if "CBC" in m_cipher: |
| index = m_cipher.rindex("CBC") |
| if m_cipher[index-4:index-1] != "DES": |
| m_cipher = m_cipher.replace("CBC-", "") |
| |
| # ECDHE-RSA-ARIA does not exist in OpenSSL |
| m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA") |
| |
| # POLY1305 should not be followed by anything |
| if "POLY1305" in m_cipher: |
| index = m_cipher.rindex("POLY1305") |
| m_cipher=m_cipher[:index+8] |
| |
| # If DES is being used, Replace DHE with EDH |
| if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher: |
| m_cipher = m_cipher.replace("DHE", "EDH") |
| |
| return m_cipher |
| |
| def format_ciphersuite_names(mode, ciphers): |
| try: |
| t = {"g": translate_gnutls, "o": translate_ossl}[mode] |
| return " ".join(t(c) for c in ciphers.split()) |
| except Exception as E: |
| if E != mode: print(E) |
| else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"") |
| sys.exit(1) |
| |
| def main(): |
| if len(sys.argv) != 3: |
| print("""Incorrect number of arguments. |
| The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS. |
| The second argument should a single space seperated string of MBedTLS ciphersuite names""") |
| sys.exit(1) |
| print(format_ciphersuite_names(sys.argv[1], sys.argv[2])) |
| sys.exit(0) |
| |
| if __name__ == "__main__": |
| main() |