2021-07-22 19:52:17 +02:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
# translate_ciphers.py
|
|
|
|
#
|
|
|
|
# Copyright The Mbed TLS Contributors
|
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
# not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
# Purpose
|
|
|
|
#
|
2021-07-27 16:22:26 +02:00
|
|
|
# Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
|
2021-07-22 19:52:17 +02:00
|
|
|
# standards.
|
|
|
|
#
|
|
|
|
# Format and analyse strings past in via input arguments to match
|
|
|
|
# the expected strings utilised in compat.sh.
|
|
|
|
#
|
2021-07-27 16:22:26 +02:00
|
|
|
# sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
|
2021-07-22 19:52:17 +02:00
|
|
|
# sys.argv[2] should be a string containing one or more
|
|
|
|
# ciphersuite names.
|
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
import re
|
2021-07-22 17:08:29 +02:00
|
|
|
import sys
|
2021-07-20 19:26:03 +02:00
|
|
|
|
2021-07-27 16:22:26 +02:00
|
|
|
def translate_gnutls(m_cipher):
|
2021-07-21 17:48:54 +02:00
|
|
|
# Remove "TLS-"
|
|
|
|
# Replace "-WITH-" with ":+"
|
|
|
|
# Remove "EDE"
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = "+" + m_cipher[4:]
|
|
|
|
m_cipher = m_cipher.replace("-WITH-", ":+")
|
|
|
|
m_cipher = m_cipher.replace("-EDE", "")
|
2021-07-21 17:48:54 +02:00
|
|
|
|
|
|
|
# SHA == SHA1, if the last 3 chars are SHA append 1
|
|
|
|
if m_cipher[-3:] == "SHA":
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = m_cipher+"1"
|
2021-07-21 17:48:54 +02:00
|
|
|
|
|
|
|
# CCM or CCM-8 should be followed by ":+AEAD"
|
|
|
|
if "CCM" in m_cipher:
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = m_cipher+":+AEAD"
|
2021-07-21 17:48:54 +02:00
|
|
|
|
|
|
|
# Replace the last "-" with ":+"
|
|
|
|
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
|
2021-07-20 19:26:03 +02:00
|
|
|
else:
|
|
|
|
index=m_cipher.rindex("-")
|
|
|
|
m_cipher = m_cipher[:index]+":+"+m_cipher[index+1:]
|
2021-07-21 17:48:54 +02:00
|
|
|
m_cipher = re.sub(r"GCM\:\+SHA\d\d\d", "GCM:+AEAD", m_cipher)
|
2021-07-20 19:26:03 +02:00
|
|
|
|
|
|
|
return m_cipher
|
2021-07-21 17:48:54 +02:00
|
|
|
|
2021-07-20 19:26:03 +02:00
|
|
|
def translate_ossl(m_cipher):
|
2021-07-21 17:48:54 +02:00
|
|
|
# Remove "TLS-"
|
|
|
|
# Remove "WITH"
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = m_cipher[4:]
|
|
|
|
m_cipher = m_cipher.replace("-WITH", "")
|
2021-07-21 17:48:54 +02:00
|
|
|
|
|
|
|
# Remove the "-" from "ABC-xyz"
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = m_cipher.replace("AES-", "AES")
|
|
|
|
m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
|
|
|
|
m_cipher = m_cipher.replace("ARIA-", "ARIA")
|
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
# Remove "RSA" if it is at the beginning
|
2021-07-20 19:26:03 +02:00
|
|
|
if m_cipher[:4] == "RSA-":
|
|
|
|
m_cipher = m_cipher[4:]
|
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
# For all circumstances outside of PSK
|
|
|
|
if "PSK" not in m_cipher:
|
|
|
|
m_cipher = m_cipher.replace("-EDE", "")
|
|
|
|
m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
|
|
|
|
|
|
|
|
# Remove "CBC" if it is not prefixed by DES
|
|
|
|
if "CBC" in m_cipher:
|
|
|
|
index = m_cipher.rindex("CBC")
|
|
|
|
if m_cipher[index-4:index-1] != "DES":
|
|
|
|
m_cipher = m_cipher.replace("CBC-", "")
|
|
|
|
|
|
|
|
# ECDHE-RSA-ARIA does not exist in OpenSSL
|
2021-07-20 19:26:03 +02:00
|
|
|
m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
|
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
# POLY1305 should not be followed by anything
|
|
|
|
if "POLY1305" in m_cipher:
|
2021-07-20 19:26:03 +02:00
|
|
|
index = m_cipher.rindex("POLY1305")
|
|
|
|
m_cipher=m_cipher[:index+8]
|
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
# If DES is being used, Replace DHE with EDH
|
|
|
|
if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
|
|
|
|
m_cipher = m_cipher.replace("DHE", "EDH")
|
2021-07-20 19:26:03 +02:00
|
|
|
|
2021-07-21 17:48:54 +02:00
|
|
|
return m_cipher
|
2021-07-22 17:08:29 +02:00
|
|
|
|
2021-07-27 16:22:26 +02:00
|
|
|
def format_ciphersuite_names(mode, ciphers):
|
|
|
|
#ciphers = ciphers.split()
|
|
|
|
#t_ciphers = []
|
|
|
|
#if mode == "g":
|
|
|
|
# for i in ciphers:
|
|
|
|
# t_ciphers.append(translate_gnutls(i))
|
|
|
|
#elif mode == "o":
|
|
|
|
# for i in ciphers:
|
|
|
|
# t_ciphers.append(translate_ossl(i))
|
|
|
|
#else:
|
|
|
|
# print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
|
|
|
|
# exit(1)
|
|
|
|
#return " ".join(t_ciphers)
|
|
|
|
try:
|
|
|
|
t = {"g": translate_gnutls, "o": translate_ossl}[mode]
|
|
|
|
return " ".join(t(c) for c in ciphers.split())
|
|
|
|
except Exception as E:
|
|
|
|
if E != mode: print(E)
|
|
|
|
else: print("Incorrect use of argument 1, should be either \"g\" or \"o\"")
|
|
|
|
sys.exit(1)
|
2021-07-22 17:08:29 +02:00
|
|
|
|
|
|
|
def main():
|
2021-07-27 16:22:26 +02:00
|
|
|
if len(sys.argv) != 3:
|
2021-07-27 17:32:21 +02:00
|
|
|
print("""Incorrect number of arguments.
|
2021-07-27 16:22:26 +02:00
|
|
|
The first argument with either an \"o\" for OpenSSL or \"g\" for GNUTLS.
|
|
|
|
The second argument should a single space seperated string of MBedTLS ciphersuite names""")
|
|
|
|
sys.exit(1)
|
|
|
|
print(format_ciphersuite_names(sys.argv[1], sys.argv[2]))
|
|
|
|
sys.exit(0)
|
2021-07-22 17:08:29 +02:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2021-07-22 19:52:17 +02:00
|
|
|
main()
|