TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b0aba9a46e4c327b0da97139e23fa477ed06fc75 / . / tests / scripts / translate_ciphers.py
blob: 6f6c5d82434a713842114d9fd9ab1b1612f016f3 [file] [log] [blame]
Joe Subbiania16ccac2021-07-22 18:52:17 +0100[diff] [blame]1#!/usr/bin/env python3
2
3# translate_ciphers.py
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]19
20"""
Joe Subbianib0aba9a2021-08-25 09:56:57 +0100[diff] [blame^]21Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]22standards.
23
Joe Subbiania25ffab2021-08-06 09:41:27 +0100[diff] [blame]24To test the translation functions run:
25python3 -m unittest translate_cipher.py
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]26"""
Joe Subbiania16ccac2021-07-22 18:52:17 +0100[diff] [blame]27
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]28import re
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]29import argparse
Joe Subbiania25ffab2021-08-06 09:41:27 +0100[diff] [blame]30import unittest
31
32class TestTranslateCiphers(unittest.TestCase):
33 """
34 Ensure translate_ciphers.py translates and formats ciphersuite names
35 correctly
36 """
37 def test_translate_all_cipher_names(self):
38 """
39 Translate the Mbed TLS ciphersuite names to the common OpenSSL and
40 GnuTLS ciphersuite names, and compare them with the true, expected
41 corresponding OpenSSL and GnuTLS ciphersuite names
42 """
43 ciphers = [
44 ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
45 "+ECDHE-ECDSA:+NULL:+SHA1",
46 "ECDHE-ECDSA-NULL-SHA"),
47 ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
48 "+ECDHE-ECDSA:+3DES-CBC:+SHA1",
49 "ECDHE-ECDSA-DES-CBC3-SHA"),
50 ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
51 "+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
52 "ECDHE-ECDSA-AES128-SHA"),
53 ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
54 "+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
55 "ECDHE-ECDSA-AES256-SHA"),
56 ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
57 "+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
58 "ECDHE-ECDSA-AES128-SHA256"),
59 ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
60 "+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
61 "ECDHE-ECDSA-AES256-SHA384"),
62 ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
63 "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
64 "ECDHE-ECDSA-AES128-GCM-SHA256"),
65 ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
66 "+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
67 "ECDHE-ECDSA-AES256-GCM-SHA384"),
68 ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
69 "+DHE-RSA:+AES-128-CBC:+SHA1",
70 "DHE-RSA-AES128-SHA"),
71 ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
72 "+DHE-RSA:+AES-256-CBC:+SHA1",
73 "DHE-RSA-AES256-SHA"),
74 ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
75 "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
76 "DHE-RSA-CAMELLIA128-SHA"),
77 ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
78 "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
79 "DHE-RSA-CAMELLIA256-SHA"),
80 ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
81 "+DHE-RSA:+3DES-CBC:+SHA1",
82 "EDH-RSA-DES-CBC3-SHA"),
83 ("TLS-RSA-WITH-AES-256-CBC-SHA",
84 "+RSA:+AES-256-CBC:+SHA1",
85 "AES256-SHA"),
86 ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
87 "+RSA:+CAMELLIA-256-CBC:+SHA1",
88 "CAMELLIA256-SHA"),
89 ("TLS-RSA-WITH-AES-128-CBC-SHA",
90 "+RSA:+AES-128-CBC:+SHA1",
91 "AES128-SHA"),
92 ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
93 "+RSA:+CAMELLIA-128-CBC:+SHA1",
94 "CAMELLIA128-SHA"),
95 ("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
96 "+RSA:+3DES-CBC:+SHA1",
97 "DES-CBC3-SHA"),
98 ("TLS-RSA-WITH-NULL-MD5",
99 "+RSA:+NULL:+MD5",
100 "NULL-MD5"),
101 ("TLS-RSA-WITH-NULL-SHA",
102 "+RSA:+NULL:+SHA1",
103 "NULL-SHA"),
104 ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
105 "+ECDHE-RSA:+AES-128-CBC:+SHA1",
106 "ECDHE-RSA-AES128-SHA"),
107 ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
108 "+ECDHE-RSA:+AES-256-CBC:+SHA1",
109 "ECDHE-RSA-AES256-SHA"),
110 ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
111 "+ECDHE-RSA:+3DES-CBC:+SHA1",
112 "ECDHE-RSA-DES-CBC3-SHA"),
113 ("TLS-ECDHE-RSA-WITH-NULL-SHA",
114 "+ECDHE-RSA:+NULL:+SHA1",
115 "ECDHE-RSA-NULL-SHA"),
116 ("TLS-RSA-WITH-AES-128-CBC-SHA256",
117 "+RSA:+AES-128-CBC:+SHA256",
118 "AES128-SHA256"),
119 ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
120 "+DHE-RSA:+AES-128-CBC:+SHA256",
121 "DHE-RSA-AES128-SHA256"),
122 ("TLS-RSA-WITH-AES-256-CBC-SHA256",
123 "+RSA:+AES-256-CBC:+SHA256",
124 "AES256-SHA256"),
125 ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
126 "+DHE-RSA:+AES-256-CBC:+SHA256",
127 "DHE-RSA-AES256-SHA256"),
128 ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
129 "+ECDHE-RSA:+AES-128-CBC:+SHA256",
130 "ECDHE-RSA-AES128-SHA256"),
131 ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
132 "+ECDHE-RSA:+AES-256-CBC:+SHA384",
133 "ECDHE-RSA-AES256-SHA384"),
134 ("TLS-RSA-WITH-AES-128-GCM-SHA256",
135 "+RSA:+AES-128-GCM:+AEAD",
136 "AES128-GCM-SHA256"),
137 ("TLS-RSA-WITH-AES-256-GCM-SHA384",
138 "+RSA:+AES-256-GCM:+AEAD",
139 "AES256-GCM-SHA384"),
140 ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
141 "+DHE-RSA:+AES-128-GCM:+AEAD",
142 "DHE-RSA-AES128-GCM-SHA256"),
143 ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
144 "+DHE-RSA:+AES-256-GCM:+AEAD",
145 "DHE-RSA-AES256-GCM-SHA384"),
146 ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
147 "+ECDHE-RSA:+AES-128-GCM:+AEAD",
148 "ECDHE-RSA-AES128-GCM-SHA256"),
149 ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
150 "+ECDHE-RSA:+AES-256-GCM:+AEAD",
151 "ECDHE-RSA-AES256-GCM-SHA384"),
152 ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
153 "+PSK:+3DES-CBC:+SHA1",
154 "PSK-3DES-EDE-CBC-SHA"),
155 ("TLS-PSK-WITH-AES-128-CBC-SHA",
156 "+PSK:+AES-128-CBC:+SHA1",
157 "PSK-AES128-CBC-SHA"),
158 ("TLS-PSK-WITH-AES-256-CBC-SHA",
159 "+PSK:+AES-256-CBC:+SHA1",
160 "PSK-AES256-CBC-SHA"),
161
162 ("TLS-ECDH-ECDSA-WITH-NULL-SHA",
163 None,
164 "ECDH-ECDSA-NULL-SHA"),
165 ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
166 None,
167 "ECDH-ECDSA-DES-CBC3-SHA"),
168 ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
169 None,
170 "ECDH-ECDSA-AES128-SHA"),
171 ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
172 None,
173 "ECDH-ECDSA-AES256-SHA"),
174 ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
175 None,
176 "ECDH-ECDSA-AES128-SHA256"),
177 ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
178 None,
179 "ECDH-ECDSA-AES256-SHA384"),
180 ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
181 None,
182 "ECDH-ECDSA-AES128-GCM-SHA256"),
183 ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
184 None,
185 "ECDH-ECDSA-AES256-GCM-SHA384"),
186 ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
187 None,
188 "ECDHE-ECDSA-ARIA256-GCM-SHA384"),
189 ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
190 None,
191 "ECDHE-ECDSA-ARIA128-GCM-SHA256"),
192 ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
193 None,
194 "ECDHE-ECDSA-CHACHA20-POLY1305"),
195 ("TLS-RSA-WITH-DES-CBC-SHA",
196 None,
197 "DES-CBC-SHA"),
198 ("TLS-DHE-RSA-WITH-DES-CBC-SHA",
199 None,
200 "EDH-RSA-DES-CBC-SHA"),
201 ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
202 None,
203 "ECDHE-ARIA256-GCM-SHA384"),
204 ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
205 None,
206 "DHE-RSA-ARIA256-GCM-SHA384"),
207 ("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
208 None,
209 "ARIA256-GCM-SHA384"),
210 ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
211 None,
212 "ECDHE-ARIA128-GCM-SHA256"),
213 ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
214 None,
215 "DHE-RSA-ARIA128-GCM-SHA256"),
216 ("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
217 None,
218 "ARIA128-GCM-SHA256"),
219 ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
220 None,
221 "DHE-RSA-CHACHA20-POLY1305"),
222 ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
223 None,
224 "ECDHE-RSA-CHACHA20-POLY1305"),
225 ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
226 None,
227 "DHE-PSK-ARIA256-GCM-SHA384"),
228 ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
229 None,
230 "DHE-PSK-ARIA128-GCM-SHA256"),
231 ("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
232 None,
233 "PSK-ARIA256-GCM-SHA384"),
234 ("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
235 None,
236 "PSK-ARIA128-GCM-SHA256"),
237 ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
238 None,
239 "PSK-CHACHA20-POLY1305"),
240 ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
241 None,
242 "ECDHE-PSK-CHACHA20-POLY1305"),
243 ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
244 None,
245 "DHE-PSK-CHACHA20-POLY1305"),
246
247 ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
248 "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
249 None),
250 ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
251 "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
252 None),
253 ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
254 "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
255 None),
256 ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
257 "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
258 None),
259 ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
260 "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
261 None),
262 ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
263 "+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
264 None),
265 ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
266 "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
267 None),
268 ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
269 "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
270 None),
271 ("TLS-RSA-WITH-NULL-SHA256",
272 "+RSA:+NULL:+SHA256",
273 None),
274 ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
275 "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
276 None),
277 ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
278 "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
279 None),
280 ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
281 "+RSA:+CAMELLIA-128-CBC:+SHA256",
282 None),
283 ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
284 "+RSA:+CAMELLIA-256-CBC:+SHA256",
285 None),
286 ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
287 "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
288 None),
289 ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
290 "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
291 None),
292 ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
293 "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
294 None),
295 ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
296 "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
297 None),
298 ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
299 "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
300 None),
301 ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
302 "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
303 None),
304 ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
305 "+RSA:+CAMELLIA-128-GCM:+AEAD",
306 None),
307 ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
308 "+RSA:+CAMELLIA-256-GCM:+AEAD",
309 None),
310 ("TLS-RSA-WITH-AES-128-CCM",
311 "+RSA:+AES-128-CCM:+AEAD",
312 None),
313 ("TLS-RSA-WITH-AES-256-CCM",
314 "+RSA:+AES-256-CCM:+AEAD",
315 None),
316 ("TLS-DHE-RSA-WITH-AES-128-CCM",
317 "+DHE-RSA:+AES-128-CCM:+AEAD",
318 None),
319 ("TLS-DHE-RSA-WITH-AES-256-CCM",
320 "+DHE-RSA:+AES-256-CCM:+AEAD",
321 None),
322 ("TLS-RSA-WITH-AES-128-CCM-8",
323 "+RSA:+AES-128-CCM-8:+AEAD",
324 None),
325 ("TLS-RSA-WITH-AES-256-CCM-8",
326 "+RSA:+AES-256-CCM-8:+AEAD",
327 None),
328 ("TLS-DHE-RSA-WITH-AES-128-CCM-8",
329 "+DHE-RSA:+AES-128-CCM-8:+AEAD",
330 None),
331 ("TLS-DHE-RSA-WITH-AES-256-CCM-8",
332 "+DHE-RSA:+AES-256-CCM-8:+AEAD",
333 None),
334 ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
335 "+DHE-PSK:+3DES-CBC:+SHA1",
336 None),
337 ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
338 "+DHE-PSK:+AES-128-CBC:+SHA1",
339 None),
340 ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
341 "+DHE-PSK:+AES-256-CBC:+SHA1",
342 None),
343 ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
344 "+ECDHE-PSK:+AES-256-CBC:+SHA1",
345 None),
346 ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
347 "+ECDHE-PSK:+AES-128-CBC:+SHA1",
348 None),
349 ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
350 "+ECDHE-PSK:+3DES-CBC:+SHA1",
351 None),
352 ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
353 "+RSA-PSK:+3DES-CBC:+SHA1",
354 None),
355 ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
356 "+RSA-PSK:+AES-256-CBC:+SHA1",
357 None),
358 ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
359 "+RSA-PSK:+AES-128-CBC:+SHA1",
360 None),
361 ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
362 "+ECDHE-PSK:+AES-256-CBC:+SHA384",
363 None),
364 ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
365 "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
366 None),
367 ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
368 "+ECDHE-PSK:+AES-128-CBC:+SHA256",
369 None),
370 ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
371 "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
372 None),
373 ("TLS-ECDHE-PSK-WITH-NULL-SHA384",
374 "+ECDHE-PSK:+NULL:+SHA384",
375 None),
376 ("TLS-ECDHE-PSK-WITH-NULL-SHA256",
377 "+ECDHE-PSK:+NULL:+SHA256",
378 None),
379 ("TLS-PSK-WITH-AES-128-CBC-SHA256",
380 "+PSK:+AES-128-CBC:+SHA256",
381 None),
382 ("TLS-PSK-WITH-AES-256-CBC-SHA384",
383 "+PSK:+AES-256-CBC:+SHA384",
384 None),
385 ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
386 "+DHE-PSK:+AES-128-CBC:+SHA256",
387 None),
388 ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
389 "+DHE-PSK:+AES-256-CBC:+SHA384",
390 None),
391 ("TLS-PSK-WITH-NULL-SHA256",
392 "+PSK:+NULL:+SHA256",
393 None),
394 ("TLS-PSK-WITH-NULL-SHA384",
395 "+PSK:+NULL:+SHA384",
396 None),
397 ("TLS-DHE-PSK-WITH-NULL-SHA256",
398 "+DHE-PSK:+NULL:+SHA256",
399 None),
400 ("TLS-DHE-PSK-WITH-NULL-SHA384",
401 "+DHE-PSK:+NULL:+SHA384",
402 None),
403 ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
404 "+RSA-PSK:+AES-256-CBC:+SHA384",
405 None),
406 ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
407 "+RSA-PSK:+AES-128-CBC:+SHA256",
408 None),
409 ("TLS-RSA-PSK-WITH-NULL-SHA256",
410 "+RSA-PSK:+NULL:+SHA256",
411 None),
412 ("TLS-RSA-PSK-WITH-NULL-SHA384",
413 "+RSA-PSK:+NULL:+SHA384",
414 None),
415 ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
416 "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
417 None),
418 ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
419 "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
420 None),
421 ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
422 "+PSK:+CAMELLIA-128-CBC:+SHA256",
423 None),
424 ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
425 "+PSK:+CAMELLIA-256-CBC:+SHA384",
426 None),
427 ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
428 "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
429 None),
430 ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
431 "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
432 None),
433 ("TLS-PSK-WITH-AES-128-GCM-SHA256",
434 "+PSK:+AES-128-GCM:+AEAD",
435 None),
436 ("TLS-PSK-WITH-AES-256-GCM-SHA384",
437 "+PSK:+AES-256-GCM:+AEAD",
438 None),
439 ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
440 "+DHE-PSK:+AES-128-GCM:+AEAD",
441 None),
442 ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
443 "+DHE-PSK:+AES-256-GCM:+AEAD",
444 None),
445 ("TLS-PSK-WITH-AES-128-CCM",
446 "+PSK:+AES-128-CCM:+AEAD",
447 None),
448 ("TLS-PSK-WITH-AES-256-CCM",
449 "+PSK:+AES-256-CCM:+AEAD",
450 None),
451 ("TLS-DHE-PSK-WITH-AES-128-CCM",
452 "+DHE-PSK:+AES-128-CCM:+AEAD",
453 None),
454 ("TLS-DHE-PSK-WITH-AES-256-CCM",
455 "+DHE-PSK:+AES-256-CCM:+AEAD",
456 None),
457 ("TLS-PSK-WITH-AES-128-CCM-8",
458 "+PSK:+AES-128-CCM-8:+AEAD",
459 None),
460 ("TLS-PSK-WITH-AES-256-CCM-8",
461 "+PSK:+AES-256-CCM-8:+AEAD",
462 None),
463 ("TLS-DHE-PSK-WITH-AES-128-CCM-8",
464 "+DHE-PSK:+AES-128-CCM-8:+AEAD",
465 None),
466 ("TLS-DHE-PSK-WITH-AES-256-CCM-8",
467 "+DHE-PSK:+AES-256-CCM-8:+AEAD",
468 None),
469 ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
470 "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
471 None),
472 ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
473 "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
474 None),
475 ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
476 "+PSK:+CAMELLIA-128-GCM:+AEAD",
477 None),
478 ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
479 "+PSK:+CAMELLIA-256-GCM:+AEAD",
480 None),
481 ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
482 "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
483 None),
484 ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
485 "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
486 None),
487 ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
488 "+RSA-PSK:+AES-256-GCM:+AEAD",
489 None),
490 ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
491 "+RSA-PSK:+AES-128-GCM:+AEAD",
492 None),
493 ]
494
495 for m, g_exp, o_exp in ciphers:
496
497 if g_exp is not None:
498 g = translate_gnutls(m)
499 self.assertEqual(g, g_exp)
500
501 if o_exp is not None:
502 o = translate_ossl(m)
503 self.assertEqual(o, o_exp)
504
Joe Subbiani0fadf8e2021-07-27 15:22:26 +0100[diff] [blame]505def translate_gnutls(m_cipher):
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]506 """
Joe Subbianib0aba9a2021-08-25 09:56:57 +0100[diff] [blame^]507 Translate m_cipher from Mbed TLS ciphersuite naming convention
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]508 and return the GnuTLS naming convention
509 """
510
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]511 m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]512 m_cipher = m_cipher.replace("-WITH-", ":+")
513 m_cipher = m_cipher.replace("-EDE", "")
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]514
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]515 # SHA in Mbed TLS == SHA1 GnuTLS,
516 # if the last 3 chars are SHA append 1
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]517 if m_cipher[-3:] == "SHA":
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]518 m_cipher = m_cipher+"1"
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]519
520 # CCM or CCM-8 should be followed by ":+AEAD"
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]521 # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
522 if "CCM" in m_cipher or "GCM" in m_cipher:
523 m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]524 m_cipher = m_cipher+":+AEAD"
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]525
526 # Replace the last "-" with ":+"
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]527 else:
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]528 index = m_cipher.rindex("-")
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]529 m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]530
531 return m_cipher
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]532
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]533def translate_ossl(m_cipher):
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]534 """
Joe Subbianib0aba9a2021-08-25 09:56:57 +0100[diff] [blame^]535 Translate m_cipher from Mbed TLS ciphersuite naming convention
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]536 and return the OpenSSL naming convention
537 """
538
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]539 m_cipher = re.sub(r'^TLS-', '', m_cipher)
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]540 m_cipher = m_cipher.replace("-WITH", "")
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]541
542 # Remove the "-" from "ABC-xyz"
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]543 m_cipher = m_cipher.replace("AES-", "AES")
544 m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
545 m_cipher = m_cipher.replace("ARIA-", "ARIA")
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]546
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]547 # Remove "RSA" if it is at the beginning
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]548 m_cipher = re.sub(r'^RSA-', r'', m_cipher)
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]549
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]550 # For all circumstances outside of PSK
551 if "PSK" not in m_cipher:
552 m_cipher = m_cipher.replace("-EDE", "")
553 m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
554
555 # Remove "CBC" if it is not prefixed by DES
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]556 m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]557
558 # ECDHE-RSA-ARIA does not exist in OpenSSL
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]559 m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
560
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]561 # POLY1305 should not be followed by anything
562 if "POLY1305" in m_cipher:
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]563 index = m_cipher.rindex("POLY1305")
Joe Subbianif849a932021-07-28 16:50:30 +0100[diff] [blame]564 m_cipher = m_cipher[:index+8]
Joe Subbiani3ad58322021-07-21 16:48:54 +0100[diff] [blame]565
566 # If DES is being used, Replace DHE with EDH
567 if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
568 m_cipher = m_cipher.replace("DHE", "EDH")
Joe Subbiani83944842021-07-20 18:26:03 +0100[diff] [blame]569
570 return m_cipher
Joe Subbiani97cd5992021-07-22 16:08:29 +0100[diff] [blame]571
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]572def format_ciphersuite_names(mode, names):
573 t = {"g": translate_gnutls, "o": translate_ossl}[mode]
574 return " ".join(t(c) for c in names)
Joe Subbiani97cd5992021-07-22 16:08:29 +0100[diff] [blame]575
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]576def main(target, names):
577 print(format_ciphersuite_names(target, names))
Joe Subbiani97cd5992021-07-22 16:08:29 +0100[diff] [blame]578
579if __name__ == "__main__":
Joe Subbiani918ee792021-07-30 16:57:04 +0100[diff] [blame]580 PARSER = argparse.ArgumentParser()
581 PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
582 PARSER.add_argument('names', metavar='NAMES', nargs='+')
583 ARGS = PARSER.parse_args()
584 main(ARGS.target, ARGS.names)