yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Integrate tests as unit tests into one file

Browse source 
Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`

test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
This commit is contained in:
Joe Subbiani 2021-08-06 09:41:27 +01:00
parent f2de374fc1
commit a25ffab422
4 changed files with 533 additions and 638 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tests/scripts/all.sh
View file

@ -2750,9 +2750,8 @@ component_check_test_helpers () {
# harmless info on stdout so it can be suppress with --quiet.
./tests/scripts/test_generate_test_code.py 2>&1
msg "test: translate_ciphers.py"
./tests/scripts/test_translate_ciphers_format.sh
./tests/scripts/test_translate_ciphers_names.py
msg "unit test: translate_ciphers.py"
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
}
################################################################

125
tests/scripts/test_translate_ciphers_format.sh
View file

@ -1,125 +0,0 @@
#!/bin/sh
# test_translate_ciphers_format.sh
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# Test translate_ciphers.py formatting by comparing the translated
# ciphersuite names to the true names. As in compat.sh, the spaces between
# the ciphersuite names are normalised.
#
# On fail, the translated cipher suite names do not match the correct ones.
# In this case the difference will be printed in stdout.
#
# This files main purpose is to ensure translate_ciphers.py can take strings
# in the expected format and return them in the format compat.sh will expect.
set -eu
if cd $( dirname $0 ); then :; else
echo "cd $( dirname $0 ) failed" >&2
exit 1
fi
fail=0
# Initalize ciphers translated from Mbed TLS using translate_ciphers.py
O_TRANSLATED_CIPHERS=""
G_TRANSLATED_CIPHERS=""
# Initalize ciphers that are known to be in the correct format
O_CIPHERS=""
G_CIPHERS=""
# Mbed TLS ciphersuite names to be translated
# into GnuTLS and OpenSSL
CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
G=$(./translate_ciphers.py g $CIPHERS) || fail=1
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
O=$(./translate_ciphers.py o $CIPHERS) || fail=1
O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
G_CIPHERS="$G_CIPHERS \
+ECDHE-ECDSA:+NULL:+SHA1 \
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
"
O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
"
# Mbed TLS ciphersuite names to be translated
# into GnuTLS and OpenSSL
CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
"
G=$(./translate_ciphers.py g $CIPHERS) || fail=1
G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G"
O=$(./translate_ciphers.py o $CIPHERS) || fail=1
O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O"
G_CIPHERS="$G_CIPHERS \
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
"
O_CIPHERS="$O_CIPHERS \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
"
# Normalise spacing
G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS )
O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS )
G_CIPHERS=$( echo $G_CIPHERS )
O_CIPHERS=$( echo $O_CIPHERS )
# Compare the compat.sh names with the translated names
# Upon fail, print them to view the differences
if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ]
then
echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS"
echo "GnuTLS Original: $G_CIPHERS"
fail=1
fi
if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ]
then
echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS"
echo "OpenSSL Original: $O_CIPHERS"
fail=1
fi
exit $fail

508
tests/scripts/test_translate_ciphers_names.py
View file

@ -1,508 +0,0 @@
#!/usr/bin/env python3
# test_translate_ciphers_names.py
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
"""
Test translate_ciphers.py by running every Mbed TLS ciphersuite name
combination through the translate functions and comparing them to their
correct GNUTLS or OpenSSL counterpart.
"""
from translate_ciphers import translate_gnutls, translate_ossl
def assert_equal(translate, original):
"""
Compare the translated ciphersuite name against the original
On fail, print the mismatch on the screen to directly compare the
differences
"""
try:
assert translate == original
except AssertionError:
print("%s\n%s\n" %(translate, original))
raise AssertionError
def test_all_common():
"""
Translate the Mbed TLS ciphersuite names to the common OpenSSL and
GnuTLS ciphersuite names, and compare them with the true, expected
corresponding OpenSSL and GnuTLS ciphersuite names
"""
ciphers = [
("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
"+ECDHE-ECDSA:+NULL:+SHA1",
"ECDHE-ECDSA-NULL-SHA"),
("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
"ECDHE-ECDSA-DES-CBC3-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
"ECDHE-ECDSA-AES128-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
"ECDHE-ECDSA-AES256-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
"ECDHE-ECDSA-AES128-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
"ECDHE-ECDSA-AES256-SHA384"),
("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
"ECDHE-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
"ECDHE-ECDSA-AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"+DHE-RSA:+AES-128-CBC:+SHA1",
"DHE-RSA-AES128-SHA"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"+DHE-RSA:+AES-256-CBC:+SHA1",
"DHE-RSA-AES256-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
"DHE-RSA-CAMELLIA128-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
"DHE-RSA-CAMELLIA256-SHA"),
("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+DHE-RSA:+3DES-CBC:+SHA1",
"EDH-RSA-DES-CBC3-SHA"),
("TLS-RSA-WITH-AES-256-CBC-SHA",
"+RSA:+AES-256-CBC:+SHA1",
"AES256-SHA"),
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+RSA:+CAMELLIA-256-CBC:+SHA1",
"CAMELLIA256-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA",
"+RSA:+AES-128-CBC:+SHA1",
"AES128-SHA"),
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+RSA:+CAMELLIA-128-CBC:+SHA1",
"CAMELLIA128-SHA"),
("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"+RSA:+3DES-CBC:+SHA1",
"DES-CBC3-SHA"),
("TLS-RSA-WITH-NULL-MD5",
"+RSA:+NULL:+MD5",
"NULL-MD5"),
("TLS-RSA-WITH-NULL-SHA",
"+RSA:+NULL:+SHA1",
"NULL-SHA"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
"ECDHE-RSA-AES128-SHA"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
"ECDHE-RSA-AES256-SHA"),
("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-RSA:+3DES-CBC:+SHA1",
"ECDHE-RSA-DES-CBC3-SHA"),
("TLS-ECDHE-RSA-WITH-NULL-SHA",
"+ECDHE-RSA:+NULL:+SHA1",
"ECDHE-RSA-NULL-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA256",
"+RSA:+AES-128-CBC:+SHA256",
"AES128-SHA256"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"+DHE-RSA:+AES-128-CBC:+SHA256",
"DHE-RSA-AES128-SHA256"),
("TLS-RSA-WITH-AES-256-CBC-SHA256",
"+RSA:+AES-256-CBC:+SHA256",
"AES256-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"+DHE-RSA:+AES-256-CBC:+SHA256",
"DHE-RSA-AES256-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
"ECDHE-RSA-AES128-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
"ECDHE-RSA-AES256-SHA384"),
("TLS-RSA-WITH-AES-128-GCM-SHA256",
"+RSA:+AES-128-GCM:+AEAD",
"AES128-GCM-SHA256"),
("TLS-RSA-WITH-AES-256-GCM-SHA384",
"+RSA:+AES-256-GCM:+AEAD",
"AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"+DHE-RSA:+AES-128-GCM:+AEAD",
"DHE-RSA-AES128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"+DHE-RSA:+AES-256-GCM:+AEAD",
"DHE-RSA-AES256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
"ECDHE-RSA-AES128-GCM-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
"ECDHE-RSA-AES256-GCM-SHA384"),
("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
"+PSK:+3DES-CBC:+SHA1",
"PSK-3DES-EDE-CBC-SHA"),
("TLS-PSK-WITH-AES-128-CBC-SHA",
"+PSK:+AES-128-CBC:+SHA1",
"PSK-AES128-CBC-SHA"),
("TLS-PSK-WITH-AES-256-CBC-SHA",
"+PSK:+AES-256-CBC:+SHA1",
"PSK-AES256-CBC-SHA"),
("TLS-ECDH-ECDSA-WITH-NULL-SHA",
None,
"ECDH-ECDSA-NULL-SHA"),
("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
None,
"ECDH-ECDSA-DES-CBC3-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
None,
"ECDH-ECDSA-AES128-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
None,
"ECDH-ECDSA-AES256-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
None,
"ECDH-ECDSA-AES128-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
None,
"ECDH-ECDSA-AES256-SHA384"),
("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
None,
"ECDH-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
None,
"ECDH-ECDSA-AES256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ECDSA-ARIA256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ECDSA-ARIA128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-ECDSA-CHACHA20-POLY1305"),
("TLS-RSA-WITH-DES-CBC-SHA",
None,
"DES-CBC-SHA"),
("TLS-DHE-RSA-WITH-DES-CBC-SHA",
None,
"EDH-RSA-DES-CBC-SHA"),
("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ARIA256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-RSA-ARIA256-GCM-SHA384"),
("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ARIA256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-RSA-ARIA128-GCM-SHA256"),
("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-RSA-CHACHA20-POLY1305"),
("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-RSA-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-PSK-ARIA256-GCM-SHA384"),
("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"PSK-ARIA256-GCM-SHA384"),
("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"PSK-CHACHA20-POLY1305"),
("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-PSK-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-PSK-CHACHA20-POLY1305"),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-RSA-WITH-NULL-SHA256",
"+RSA:+NULL:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+RSA:+CAMELLIA-256-CBC:+SHA256",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-WITH-AES-128-CCM",
"+RSA:+AES-128-CCM:+AEAD",
None),
("TLS-RSA-WITH-AES-256-CCM",
"+RSA:+AES-256-CCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-128-CCM",
"+DHE-RSA:+AES-128-CCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-256-CCM",
"+DHE-RSA:+AES-256-CCM:+AEAD",
None),
("TLS-RSA-WITH-AES-128-CCM-8",
"+RSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-RSA-WITH-AES-256-CCM-8",
"+RSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-128-CCM-8",
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-256-CCM-8",
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
"+DHE-PSK:+3DES-CBC:+SHA1",
None),
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
"+DHE-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
"+DHE-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-PSK:+3DES-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
"+RSA-PSK:+3DES-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
"+RSA-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
"+RSA-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-PSK-WITH-NULL-SHA384",
"+ECDHE-PSK:+NULL:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-NULL-SHA256",
"+ECDHE-PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-AES-128-CBC-SHA256",
"+PSK:+AES-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-256-CBC-SHA384",
"+PSK:+AES-256-CBC:+SHA384",
None),
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
"+DHE-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
"+DHE-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-NULL-SHA256",
"+PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-NULL-SHA384",
"+PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-NULL-SHA256",
"+DHE-PSK:+NULL:+SHA256",
None),
("TLS-DHE-PSK-WITH-NULL-SHA384",
"+DHE-PSK:+NULL:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
"+RSA-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
"+RSA-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA256",
"+RSA-PSK:+NULL:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA384",
"+RSA-PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-128-GCM-SHA256",
"+PSK:+AES-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-GCM-SHA384",
"+PSK:+AES-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
"+DHE-PSK:+AES-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
"+DHE-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM",
"+PSK:+AES-128-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM",
"+PSK:+AES-256-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM",
"+DHE-PSK:+AES-128-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM",
"+DHE-PSK:+AES-256-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM-8",
"+PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM-8",
"+PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM-8",
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM-8",
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
"+RSA-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
"+RSA-PSK:+AES-128-GCM:+AEAD",
None),
]
for m, g_exp, o_exp in ciphers:
if g_exp is not None:
g = translate_gnutls(m)
assert_equal(g, g_exp)
if o_exp is not None:
o = translate_ossl(m)
assert_equal(o, o_exp)
test_all_common()

533
tests/scripts/translate_ciphers.py
View file

@ -21,12 +21,541 @@
Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS
standards.
sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL.
sys.argv[2] should be a string containing one or more ciphersuite names.
To test the translation functions run:
python3 -m unittest translate_cipher.py
"""
import re
import argparse
import unittest
class TestTranslateCiphers(unittest.TestCase):
"""
Ensure translate_ciphers.py translates and formats ciphersuite names
correctly
"""
def test_translate_all_cipher_names(self):
"""
Translate the Mbed TLS ciphersuite names to the common OpenSSL and
GnuTLS ciphersuite names, and compare them with the true, expected
corresponding OpenSSL and GnuTLS ciphersuite names
"""
ciphers = [
("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
"+ECDHE-ECDSA:+NULL:+SHA1",
"ECDHE-ECDSA-NULL-SHA"),
("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-ECDSA:+3DES-CBC:+SHA1",
"ECDHE-ECDSA-DES-CBC3-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
"ECDHE-ECDSA-AES128-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
"ECDHE-ECDSA-AES256-SHA"),
("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
"ECDHE-ECDSA-AES128-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
"ECDHE-ECDSA-AES256-SHA384"),
("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
"ECDHE-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
"ECDHE-ECDSA-AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"+DHE-RSA:+AES-128-CBC:+SHA1",
"DHE-RSA-AES128-SHA"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"+DHE-RSA:+AES-256-CBC:+SHA1",
"DHE-RSA-AES256-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
"DHE-RSA-CAMELLIA128-SHA"),
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
"DHE-RSA-CAMELLIA256-SHA"),
("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+DHE-RSA:+3DES-CBC:+SHA1",
"EDH-RSA-DES-CBC3-SHA"),
("TLS-RSA-WITH-AES-256-CBC-SHA",
"+RSA:+AES-256-CBC:+SHA1",
"AES256-SHA"),
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"+RSA:+CAMELLIA-256-CBC:+SHA1",
"CAMELLIA256-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA",
"+RSA:+AES-128-CBC:+SHA1",
"AES128-SHA"),
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"+RSA:+CAMELLIA-128-CBC:+SHA1",
"CAMELLIA128-SHA"),
("TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"+RSA:+3DES-CBC:+SHA1",
"DES-CBC3-SHA"),
("TLS-RSA-WITH-NULL-MD5",
"+RSA:+NULL:+MD5",
"NULL-MD5"),
("TLS-RSA-WITH-NULL-SHA",
"+RSA:+NULL:+SHA1",
"NULL-SHA"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"+ECDHE-RSA:+AES-128-CBC:+SHA1",
"ECDHE-RSA-AES128-SHA"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"+ECDHE-RSA:+AES-256-CBC:+SHA1",
"ECDHE-RSA-AES256-SHA"),
("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-RSA:+3DES-CBC:+SHA1",
"ECDHE-RSA-DES-CBC3-SHA"),
("TLS-ECDHE-RSA-WITH-NULL-SHA",
"+ECDHE-RSA:+NULL:+SHA1",
"ECDHE-RSA-NULL-SHA"),
("TLS-RSA-WITH-AES-128-CBC-SHA256",
"+RSA:+AES-128-CBC:+SHA256",
"AES128-SHA256"),
("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"+DHE-RSA:+AES-128-CBC:+SHA256",
"DHE-RSA-AES128-SHA256"),
("TLS-RSA-WITH-AES-256-CBC-SHA256",
"+RSA:+AES-256-CBC:+SHA256",
"AES256-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"+DHE-RSA:+AES-256-CBC:+SHA256",
"DHE-RSA-AES256-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"+ECDHE-RSA:+AES-128-CBC:+SHA256",
"ECDHE-RSA-AES128-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"+ECDHE-RSA:+AES-256-CBC:+SHA384",
"ECDHE-RSA-AES256-SHA384"),
("TLS-RSA-WITH-AES-128-GCM-SHA256",
"+RSA:+AES-128-GCM:+AEAD",
"AES128-GCM-SHA256"),
("TLS-RSA-WITH-AES-256-GCM-SHA384",
"+RSA:+AES-256-GCM:+AEAD",
"AES256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"+DHE-RSA:+AES-128-GCM:+AEAD",
"DHE-RSA-AES128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"+DHE-RSA:+AES-256-GCM:+AEAD",
"DHE-RSA-AES256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"+ECDHE-RSA:+AES-128-GCM:+AEAD",
"ECDHE-RSA-AES128-GCM-SHA256"),
("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"+ECDHE-RSA:+AES-256-GCM:+AEAD",
"ECDHE-RSA-AES256-GCM-SHA384"),
("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
"+PSK:+3DES-CBC:+SHA1",
"PSK-3DES-EDE-CBC-SHA"),
("TLS-PSK-WITH-AES-128-CBC-SHA",
"+PSK:+AES-128-CBC:+SHA1",
"PSK-AES128-CBC-SHA"),
("TLS-PSK-WITH-AES-256-CBC-SHA",
"+PSK:+AES-256-CBC:+SHA1",
"PSK-AES256-CBC-SHA"),
("TLS-ECDH-ECDSA-WITH-NULL-SHA",
None,
"ECDH-ECDSA-NULL-SHA"),
("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
None,
"ECDH-ECDSA-DES-CBC3-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
None,
"ECDH-ECDSA-AES128-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
None,
"ECDH-ECDSA-AES256-SHA"),
("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
None,
"ECDH-ECDSA-AES128-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
None,
"ECDH-ECDSA-AES256-SHA384"),
("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
None,
"ECDH-ECDSA-AES128-GCM-SHA256"),
("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
None,
"ECDH-ECDSA-AES256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ECDSA-ARIA256-GCM-SHA384"),
("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ECDSA-ARIA128-GCM-SHA256"),
("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-ECDSA-CHACHA20-POLY1305"),
("TLS-RSA-WITH-DES-CBC-SHA",
None,
"DES-CBC-SHA"),
("TLS-DHE-RSA-WITH-DES-CBC-SHA",
None,
"EDH-RSA-DES-CBC-SHA"),
("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ECDHE-ARIA256-GCM-SHA384"),
("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-RSA-ARIA256-GCM-SHA384"),
("TLS-RSA-WITH-ARIA-256-GCM-SHA384",
None,
"ARIA256-GCM-SHA384"),
("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ECDHE-ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-RSA-ARIA128-GCM-SHA256"),
("TLS-RSA-WITH-ARIA-128-GCM-SHA256",
None,
"ARIA128-GCM-SHA256"),
("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-RSA-CHACHA20-POLY1305"),
("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-RSA-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"DHE-PSK-ARIA256-GCM-SHA384"),
("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"DHE-PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-ARIA-256-GCM-SHA384",
None,
"PSK-ARIA256-GCM-SHA384"),
("TLS-PSK-WITH-ARIA-128-GCM-SHA256",
None,
"PSK-ARIA128-GCM-SHA256"),
("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"PSK-CHACHA20-POLY1305"),
("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"ECDHE-PSK-CHACHA20-POLY1305"),
("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
None,
"DHE-PSK-CHACHA20-POLY1305"),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
"+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
"+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
"+ECDHE-ECDSA:+AES-256-CCM:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
"+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
"+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-RSA-WITH-NULL-SHA256",
"+RSA:+NULL:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+RSA:+CAMELLIA-256-CBC:+SHA256",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-WITH-AES-128-CCM",
"+RSA:+AES-128-CCM:+AEAD",
None),
("TLS-RSA-WITH-AES-256-CCM",
"+RSA:+AES-256-CCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-128-CCM",
"+DHE-RSA:+AES-128-CCM:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-256-CCM",
"+DHE-RSA:+AES-256-CCM:+AEAD",
None),
("TLS-RSA-WITH-AES-128-CCM-8",
"+RSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-RSA-WITH-AES-256-CCM-8",
"+RSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-128-CCM-8",
"+DHE-RSA:+AES-128-CCM-8:+AEAD",
None),
("TLS-DHE-RSA-WITH-AES-256-CCM-8",
"+DHE-RSA:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
"+DHE-PSK:+3DES-CBC:+SHA1",
None),
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
"+DHE-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
"+DHE-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
"+ECDHE-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
"+ECDHE-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
"+ECDHE-PSK:+3DES-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
"+RSA-PSK:+3DES-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
"+RSA-PSK:+AES-256-CBC:+SHA1",
None),
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
"+RSA-PSK:+AES-128-CBC:+SHA1",
None),
("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
"+ECDHE-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
"+ECDHE-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-ECDHE-PSK-WITH-NULL-SHA384",
"+ECDHE-PSK:+NULL:+SHA384",
None),
("TLS-ECDHE-PSK-WITH-NULL-SHA256",
"+ECDHE-PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-AES-128-CBC-SHA256",
"+PSK:+AES-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-256-CBC-SHA384",
"+PSK:+AES-256-CBC:+SHA384",
None),
("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
"+DHE-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
"+DHE-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-NULL-SHA256",
"+PSK:+NULL:+SHA256",
None),
("TLS-PSK-WITH-NULL-SHA384",
"+PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-NULL-SHA256",
"+DHE-PSK:+NULL:+SHA256",
None),
("TLS-DHE-PSK-WITH-NULL-SHA384",
"+DHE-PSK:+NULL:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
"+RSA-PSK:+AES-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
"+RSA-PSK:+AES-128-CBC:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA256",
"+RSA-PSK:+NULL:+SHA256",
None),
("TLS-RSA-PSK-WITH-NULL-SHA384",
"+RSA-PSK:+NULL:+SHA384",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
"+RSA-PSK:+CAMELLIA-256-CBC:+SHA384",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
"+RSA-PSK:+CAMELLIA-128-CBC:+SHA256",
None),
("TLS-PSK-WITH-AES-128-GCM-SHA256",
"+PSK:+AES-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-GCM-SHA384",
"+PSK:+AES-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
"+DHE-PSK:+AES-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
"+DHE-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM",
"+PSK:+AES-128-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM",
"+PSK:+AES-256-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM",
"+DHE-PSK:+AES-128-CCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM",
"+DHE-PSK:+AES-256-CCM:+AEAD",
None),
("TLS-PSK-WITH-AES-128-CCM-8",
"+PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-PSK-WITH-AES-256-CCM-8",
"+PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-128-CCM-8",
"+DHE-PSK:+AES-128-CCM-8:+AEAD",
None),
("TLS-DHE-PSK-WITH-AES-256-CCM-8",
"+DHE-PSK:+AES-256-CCM-8:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+RSA-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+RSA-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
"+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
None),
("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
"+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
"+RSA-PSK:+AES-256-GCM:+AEAD",
None),
("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
"+RSA-PSK:+AES-128-GCM:+AEAD",
None),
]
for m, g_exp, o_exp in ciphers:
if g_exp is not None:
g = translate_gnutls(m)
self.assertEqual(g, g_exp)
if o_exp is not None:
o = translate_ossl(m)
self.assertEqual(o, o_exp)
def test_cipher_format(self):
"""
Ensure translate_ciphers.py can take names in the expected
format and return them in the format compat.sh will expect.
"""
# Ciphers in Mbed TLS format
ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
"
ciphers = "%s \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
" % ciphers
# Corresponding ciphers in GnuTLS format
g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1 \
+ECDHE-ECDSA:+3DES-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
"
g_ciphers = "%s \
+ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
+ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
+ECDHE-ECDSA:+AES-128-GCM:+AEAD \
+ECDHE-ECDSA:+AES-256-GCM:+AEAD \
" % g_ciphers
# Corresponding ciphers in OpenSSL format
o_ciphers = "ECDHE-ECDSA-NULL-SHA \
ECDHE-ECDSA-DES-CBC3-SHA \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
"
o_ciphers = "%s \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
" % o_ciphers
# Translate ciphers in mbedtls format
g_translated = format_ciphersuite_names("g", ciphers.split())
o_translated = format_ciphersuite_names("o", ciphers.split())
# Normalise whitespace
g_ciphers = (" ").join(g_ciphers.split())
o_ciphers = (" ").join(o_ciphers.split())
self.assertEqual(g_translated, g_ciphers)
self.assertEqual(o_translated, o_ciphers)
def translate_gnutls(m_cipher):
"""