From a25ffab4227326e314771235953e347b5257ff85 Mon Sep 17 00:00:00 2001 From: Joe Subbiani Date: Fri, 6 Aug 2021 09:41:27 +0100 Subject: [PATCH] Integrate tests as unit tests into one file Rather than having the tests seperated into different files, they were integrated into translate_ciphers.py and can be run from root using: `python -m unittest tests/scripts/translate_ciphers.py` test_translate_ciphers_format.sh was originally made as a testing ground before having the translation tool being implmented into compat.sh. Translating it to python code makes it redundant and therefore it will be removed. Signed-off-by: Joe Subbiani --- tests/scripts/all.sh | 5 +- .../scripts/test_translate_ciphers_format.sh | 125 ---- tests/scripts/test_translate_ciphers_names.py | 508 ----------------- tests/scripts/translate_ciphers.py | 533 +++++++++++++++++- 4 files changed, 533 insertions(+), 638 deletions(-) delete mode 100755 tests/scripts/test_translate_ciphers_format.sh delete mode 100755 tests/scripts/test_translate_ciphers_names.py diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c3517b140..fbb55db8e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2750,9 +2750,8 @@ component_check_test_helpers () { # harmless info on stdout so it can be suppress with --quiet. ./tests/scripts/test_generate_test_code.py 2>&1 - msg "test: translate_ciphers.py" - ./tests/scripts/test_translate_ciphers_format.sh - ./tests/scripts/test_translate_ciphers_names.py + msg "unit test: translate_ciphers.py" + python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 } ################################################################ diff --git a/tests/scripts/test_translate_ciphers_format.sh b/tests/scripts/test_translate_ciphers_format.sh deleted file mode 100755 index 1dc7bbc0e..000000000 --- a/tests/scripts/test_translate_ciphers_format.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/sh - -# test_translate_ciphers_format.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# Test translate_ciphers.py formatting by comparing the translated -# ciphersuite names to the true names. As in compat.sh, the spaces between -# the ciphersuite names are normalised. -# -# On fail, the translated cipher suite names do not match the correct ones. -# In this case the difference will be printed in stdout. -# -# This files main purpose is to ensure translate_ciphers.py can take strings -# in the expected format and return them in the format compat.sh will expect. - -set -eu - -if cd $( dirname $0 ); then :; else - echo "cd $( dirname $0 ) failed" >&2 - exit 1 -fi - -fail=0 - -# Initalize ciphers translated from Mbed TLS using translate_ciphers.py -O_TRANSLATED_CIPHERS="" -G_TRANSLATED_CIPHERS="" - -# Initalize ciphers that are known to be in the correct format -O_CIPHERS="" -G_CIPHERS="" - -# Mbed TLS ciphersuite names to be translated -# into GnuTLS and OpenSSL -CIPHERS="TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " - -G=$(./translate_ciphers.py g $CIPHERS) || fail=1 -G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" - -O=$(./translate_ciphers.py o $CIPHERS) || fail=1 -O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" - -G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+NULL:+SHA1 \ - +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ - " -O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-NULL-SHA \ - ECDHE-ECDSA-DES-CBC3-SHA \ - ECDHE-ECDSA-AES128-SHA \ - ECDHE-ECDSA-AES256-SHA \ - " - -# Mbed TLS ciphersuite names to be translated -# into GnuTLS and OpenSSL -CIPHERS="TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " - -G=$(./translate_ciphers.py g $CIPHERS) || fail=1 -G_TRANSLATED_CIPHERS="$G_TRANSLATED_CIPHERS $G" - -O=$(./translate_ciphers.py o $CIPHERS) || fail=1 -O_TRANSLATED_CIPHERS="$O_TRANSLATED_CIPHERS $O" - -G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ - " -O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-AES128-SHA256 \ - ECDHE-ECDSA-AES256-SHA384 \ - ECDHE-ECDSA-AES128-GCM-SHA256 \ - ECDHE-ECDSA-AES256-GCM-SHA384 \ - " - -# Normalise spacing -G_TRANSLATED_CIPHERS=$( echo $G_TRANSLATED_CIPHERS ) -O_TRANSLATED_CIPHERS=$( echo $O_TRANSLATED_CIPHERS ) - -G_CIPHERS=$( echo $G_CIPHERS ) -O_CIPHERS=$( echo $O_CIPHERS ) - -# Compare the compat.sh names with the translated names -# Upon fail, print them to view the differences -if [ "$G_TRANSLATED_CIPHERS" != "$G_CIPHERS" ] -then - echo "GnuTLS Translated: $G_TRANSLATED_CIPHERS" - echo "GnuTLS Original: $G_CIPHERS" - fail=1 -fi -if [ "$O_TRANSLATED_CIPHERS" != "$O_CIPHERS" ] -then - echo "OpenSSL Translated: $O_TRANSLATED_CIPHERS" - echo "OpenSSL Original: $O_CIPHERS" - fail=1 -fi - -exit $fail diff --git a/tests/scripts/test_translate_ciphers_names.py b/tests/scripts/test_translate_ciphers_names.py deleted file mode 100755 index 59ebef1d4..000000000 --- a/tests/scripts/test_translate_ciphers_names.py +++ /dev/null @@ -1,508 +0,0 @@ -#!/usr/bin/env python3 - -# test_translate_ciphers_names.py -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -""" -Test translate_ciphers.py by running every Mbed TLS ciphersuite name -combination through the translate functions and comparing them to their -correct GNUTLS or OpenSSL counterpart. -""" -from translate_ciphers import translate_gnutls, translate_ossl - -def assert_equal(translate, original): - """ - Compare the translated ciphersuite name against the original - On fail, print the mismatch on the screen to directly compare the - differences - """ - try: - assert translate == original - except AssertionError: - print("%s\n%s\n" %(translate, original)) - raise AssertionError - -def test_all_common(): - """ - Translate the Mbed TLS ciphersuite names to the common OpenSSL and - GnuTLS ciphersuite names, and compare them with the true, expected - corresponding OpenSSL and GnuTLS ciphersuite names - """ - ciphers = [ - ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", - "+ECDHE-ECDSA:+NULL:+SHA1", - "ECDHE-ECDSA-NULL-SHA"), - ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-ECDSA:+3DES-CBC:+SHA1", - "ECDHE-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", - "ECDHE-ECDSA-AES128-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", - "ECDHE-ECDSA-AES256-SHA"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", - "ECDHE-ECDSA-AES128-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", - "ECDHE-ECDSA-AES256-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", - "ECDHE-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", - "ECDHE-ECDSA-AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - "+DHE-RSA:+AES-128-CBC:+SHA1", - "DHE-RSA-AES128-SHA"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - "+DHE-RSA:+AES-256-CBC:+SHA1", - "DHE-RSA-AES256-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", - "DHE-RSA-CAMELLIA128-SHA"), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", - "DHE-RSA-CAMELLIA256-SHA"), - ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+DHE-RSA:+3DES-CBC:+SHA1", - "EDH-RSA-DES-CBC3-SHA"), - ("TLS-RSA-WITH-AES-256-CBC-SHA", - "+RSA:+AES-256-CBC:+SHA1", - "AES256-SHA"), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - "+RSA:+CAMELLIA-256-CBC:+SHA1", - "CAMELLIA256-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA", - "+RSA:+AES-128-CBC:+SHA1", - "AES128-SHA"), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - "+RSA:+CAMELLIA-128-CBC:+SHA1", - "CAMELLIA128-SHA"), - ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", - "+RSA:+3DES-CBC:+SHA1", - "DES-CBC3-SHA"), - ("TLS-RSA-WITH-NULL-MD5", - "+RSA:+NULL:+MD5", - "NULL-MD5"), - ("TLS-RSA-WITH-NULL-SHA", - "+RSA:+NULL:+SHA1", - "NULL-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - "+ECDHE-RSA:+AES-128-CBC:+SHA1", - "ECDHE-RSA-AES128-SHA"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - "+ECDHE-RSA:+AES-256-CBC:+SHA1", - "ECDHE-RSA-AES256-SHA"), - ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-RSA:+3DES-CBC:+SHA1", - "ECDHE-RSA-DES-CBC3-SHA"), - ("TLS-ECDHE-RSA-WITH-NULL-SHA", - "+ECDHE-RSA:+NULL:+SHA1", - "ECDHE-RSA-NULL-SHA"), - ("TLS-RSA-WITH-AES-128-CBC-SHA256", - "+RSA:+AES-128-CBC:+SHA256", - "AES128-SHA256"), - ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - "+DHE-RSA:+AES-128-CBC:+SHA256", - "DHE-RSA-AES128-SHA256"), - ("TLS-RSA-WITH-AES-256-CBC-SHA256", - "+RSA:+AES-256-CBC:+SHA256", - "AES256-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - "+DHE-RSA:+AES-256-CBC:+SHA256", - "DHE-RSA-AES256-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - "+ECDHE-RSA:+AES-128-CBC:+SHA256", - "ECDHE-RSA-AES128-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - "+ECDHE-RSA:+AES-256-CBC:+SHA384", - "ECDHE-RSA-AES256-SHA384"), - ("TLS-RSA-WITH-AES-128-GCM-SHA256", - "+RSA:+AES-128-GCM:+AEAD", - "AES128-GCM-SHA256"), - ("TLS-RSA-WITH-AES-256-GCM-SHA384", - "+RSA:+AES-256-GCM:+AEAD", - "AES256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - "+DHE-RSA:+AES-128-GCM:+AEAD", - "DHE-RSA-AES128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - "+DHE-RSA:+AES-256-GCM:+AEAD", - "DHE-RSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - "+ECDHE-RSA:+AES-128-GCM:+AEAD", - "ECDHE-RSA-AES128-GCM-SHA256"), - ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - "+ECDHE-RSA:+AES-256-GCM:+AEAD", - "ECDHE-RSA-AES256-GCM-SHA384"), - ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", - "+PSK:+3DES-CBC:+SHA1", - "PSK-3DES-EDE-CBC-SHA"), - ("TLS-PSK-WITH-AES-128-CBC-SHA", - "+PSK:+AES-128-CBC:+SHA1", - "PSK-AES128-CBC-SHA"), - ("TLS-PSK-WITH-AES-256-CBC-SHA", - "+PSK:+AES-256-CBC:+SHA1", - "PSK-AES256-CBC-SHA"), - - ("TLS-ECDH-ECDSA-WITH-NULL-SHA", - None, - "ECDH-ECDSA-NULL-SHA"), - ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - None, - "ECDH-ECDSA-DES-CBC3-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - None, - "ECDH-ECDSA-AES128-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - None, - "ECDH-ECDSA-AES256-SHA"), - ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - None, - "ECDH-ECDSA-AES128-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - None, - "ECDH-ECDSA-AES256-SHA384"), - ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - None, - "ECDH-ECDSA-AES128-GCM-SHA256"), - ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - None, - "ECDH-ECDSA-AES256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ECDSA-ARIA256-GCM-SHA384"), - ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ECDSA-ARIA128-GCM-SHA256"), - ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-ECDSA-CHACHA20-POLY1305"), - ("TLS-RSA-WITH-DES-CBC-SHA", - None, - "DES-CBC-SHA"), - ("TLS-DHE-RSA-WITH-DES-CBC-SHA", - None, - "EDH-RSA-DES-CBC-SHA"), - ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ECDHE-ARIA256-GCM-SHA384"), - ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-RSA-ARIA256-GCM-SHA384"), - ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", - None, - "ARIA256-GCM-SHA384"), - ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ECDHE-ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-RSA-ARIA128-GCM-SHA256"), - ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", - None, - "ARIA128-GCM-SHA256"), - ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-RSA-CHACHA20-POLY1305"), - ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-RSA-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "DHE-PSK-ARIA256-GCM-SHA384"), - ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "DHE-PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", - None, - "PSK-ARIA256-GCM-SHA384"), - ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", - None, - "PSK-ARIA128-GCM-SHA256"), - ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "PSK-CHACHA20-POLY1305"), - ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "ECDHE-PSK-CHACHA20-POLY1305"), - ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - None, - "DHE-PSK-CHACHA20-POLY1305"), - - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-NULL-SHA256", - "+RSA:+NULL:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM", - "+RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM", - "+RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM", - "+DHE-RSA:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM", - "+DHE-RSA:+AES-256-CCM:+AEAD", - None), - ("TLS-RSA-WITH-AES-128-CCM-8", - "+RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-RSA-WITH-AES-256-CCM-8", - "+RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-128-CCM-8", - "+DHE-RSA:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-RSA-WITH-AES-256-CCM-8", - "+DHE-RSA:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+DHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - "+DHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - "+DHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - "+ECDHE-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - "+ECDHE-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - "+ECDHE-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - "+RSA-PSK:+3DES-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - "+RSA-PSK:+AES-256-CBC:+SHA1", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - "+RSA-PSK:+AES-128-CBC:+SHA1", - None), - ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - "+ECDHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - "+ECDHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA384", - "+ECDHE-PSK:+NULL:+SHA384", - None), - ("TLS-ECDHE-PSK-WITH-NULL-SHA256", - "+ECDHE-PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-CBC-SHA256", - "+PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-256-CBC-SHA384", - "+PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - "+DHE-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - "+DHE-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-NULL-SHA256", - "+PSK:+NULL:+SHA256", - None), - ("TLS-PSK-WITH-NULL-SHA384", - "+PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA256", - "+DHE-PSK:+NULL:+SHA256", - None), - ("TLS-DHE-PSK-WITH-NULL-SHA384", - "+DHE-PSK:+NULL:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - "+RSA-PSK:+AES-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - "+RSA-PSK:+AES-128-CBC:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA256", - "+RSA-PSK:+NULL:+SHA256", - None), - ("TLS-RSA-PSK-WITH-NULL-SHA384", - "+RSA-PSK:+NULL:+SHA384", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", - None), - ("TLS-PSK-WITH-AES-128-GCM-SHA256", - "+PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-GCM-SHA384", - "+PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - "+DHE-PSK:+AES-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - "+DHE-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM", - "+PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM", - "+PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM", - "+DHE-PSK:+AES-128-CCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM", - "+DHE-PSK:+AES-256-CCM:+AEAD", - None), - ("TLS-PSK-WITH-AES-128-CCM-8", - "+PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-PSK-WITH-AES-256-CCM-8", - "+PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-128-CCM-8", - "+DHE-PSK:+AES-128-CCM-8:+AEAD", - None), - ("TLS-DHE-PSK-WITH-AES-256-CCM-8", - "+DHE-PSK:+AES-256-CCM-8:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", - None), - ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - "+RSA-PSK:+AES-256-GCM:+AEAD", - None), - ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - "+RSA-PSK:+AES-128-GCM:+AEAD", - None), - ] - - for m, g_exp, o_exp in ciphers: - - if g_exp is not None: - g = translate_gnutls(m) - assert_equal(g, g_exp) - - if o_exp is not None: - o = translate_ossl(m) - assert_equal(o, o_exp) - -test_all_common() diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index eec340735..44ffb400b 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -21,12 +21,541 @@ Translate ciphersuite names in MBedTLS format to OpenSSL and GNUTLS standards. -sys.argv[1] should be "g" or "o" for GNUTLS or OpenSSL. -sys.argv[2] should be a string containing one or more ciphersuite names. +To test the translation functions run: +python3 -m unittest translate_cipher.py """ import re import argparse +import unittest + +class TestTranslateCiphers(unittest.TestCase): + """ + Ensure translate_ciphers.py translates and formats ciphersuite names + correctly + """ + def test_translate_all_cipher_names(self): + """ + Translate the Mbed TLS ciphersuite names to the common OpenSSL and + GnuTLS ciphersuite names, and compare them with the true, expected + corresponding OpenSSL and GnuTLS ciphersuite names + """ + ciphers = [ + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-ECDSA:+3DES-CBC:+SHA1", + "ECDHE-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA1", + "ECDHE-ECDSA-AES128-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA1", + "ECDHE-ECDSA-AES256-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-ECDSA:+AES-128-CBC:+SHA256", + "ECDHE-ECDSA-AES128-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-ECDSA:+AES-256-CBC:+SHA384", + "ECDHE-ECDSA-AES256-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-ECDSA:+AES-256-GCM:+AEAD", + "ECDHE-ECDSA-AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "+DHE-RSA:+AES-128-CBC:+SHA1", + "DHE-RSA-AES128-SHA"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "+DHE-RSA:+AES-256-CBC:+SHA1", + "DHE-RSA-AES256-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA1", + "DHE-RSA-CAMELLIA128-SHA"), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA1", + "DHE-RSA-CAMELLIA256-SHA"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "+RSA:+CAMELLIA-256-CBC:+SHA1", + "CAMELLIA256-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA", + "+RSA:+AES-128-CBC:+SHA1", + "AES128-SHA"), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "+RSA:+CAMELLIA-128-CBC:+SHA1", + "CAMELLIA128-SHA"), + ("TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "+RSA:+3DES-CBC:+SHA1", + "DES-CBC3-SHA"), + ("TLS-RSA-WITH-NULL-MD5", + "+RSA:+NULL:+MD5", + "NULL-MD5"), + ("TLS-RSA-WITH-NULL-SHA", + "+RSA:+NULL:+SHA1", + "NULL-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "+ECDHE-RSA:+AES-128-CBC:+SHA1", + "ECDHE-RSA-AES128-SHA"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "+ECDHE-RSA:+AES-256-CBC:+SHA1", + "ECDHE-RSA-AES256-SHA"), + ("TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-RSA:+3DES-CBC:+SHA1", + "ECDHE-RSA-DES-CBC3-SHA"), + ("TLS-ECDHE-RSA-WITH-NULL-SHA", + "+ECDHE-RSA:+NULL:+SHA1", + "ECDHE-RSA-NULL-SHA"), + ("TLS-RSA-WITH-AES-128-CBC-SHA256", + "+RSA:+AES-128-CBC:+SHA256", + "AES128-SHA256"), + ("TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "+DHE-RSA:+AES-128-CBC:+SHA256", + "DHE-RSA-AES128-SHA256"), + ("TLS-RSA-WITH-AES-256-CBC-SHA256", + "+RSA:+AES-256-CBC:+SHA256", + "AES256-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "+DHE-RSA:+AES-256-CBC:+SHA256", + "DHE-RSA-AES256-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "+ECDHE-RSA:+AES-128-CBC:+SHA256", + "ECDHE-RSA-AES128-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "+ECDHE-RSA:+AES-256-CBC:+SHA384", + "ECDHE-RSA-AES256-SHA384"), + ("TLS-RSA-WITH-AES-128-GCM-SHA256", + "+RSA:+AES-128-GCM:+AEAD", + "AES128-GCM-SHA256"), + ("TLS-RSA-WITH-AES-256-GCM-SHA384", + "+RSA:+AES-256-GCM:+AEAD", + "AES256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "+DHE-RSA:+AES-128-GCM:+AEAD", + "DHE-RSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "+DHE-RSA:+AES-256-GCM:+AEAD", + "DHE-RSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-RSA:+AES-128-GCM:+AEAD", + "ECDHE-RSA-AES128-GCM-SHA256"), + ("TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "+ECDHE-RSA:+AES-256-GCM:+AEAD", + "ECDHE-RSA-AES256-GCM-SHA384"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), + ("TLS-PSK-WITH-AES-128-CBC-SHA", + "+PSK:+AES-128-CBC:+SHA1", + "PSK-AES128-CBC-SHA"), + ("TLS-PSK-WITH-AES-256-CBC-SHA", + "+PSK:+AES-256-CBC:+SHA1", + "PSK-AES256-CBC-SHA"), + + ("TLS-ECDH-ECDSA-WITH-NULL-SHA", + None, + "ECDH-ECDSA-NULL-SHA"), + ("TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + None, + "ECDH-ECDSA-DES-CBC3-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + None, + "ECDH-ECDSA-AES128-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + None, + "ECDH-ECDSA-AES256-SHA"), + ("TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + None, + "ECDH-ECDSA-AES128-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + None, + "ECDH-ECDSA-AES256-SHA384"), + ("TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + None, + "ECDH-ECDSA-AES128-GCM-SHA256"), + ("TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + None, + "ECDH-ECDSA-AES256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ECDSA-ARIA256-GCM-SHA384"), + ("TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ECDSA-ARIA128-GCM-SHA256"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-RSA-WITH-DES-CBC-SHA", + None, + "DES-CBC-SHA"), + ("TLS-DHE-RSA-WITH-DES-CBC-SHA", + None, + "EDH-RSA-DES-CBC-SHA"), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), + ("TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-RSA-ARIA256-GCM-SHA384"), + ("TLS-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ARIA256-GCM-SHA384"), + ("TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ECDHE-ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-RSA-ARIA128-GCM-SHA256"), + ("TLS-RSA-WITH-ARIA-128-GCM-SHA256", + None, + "ARIA128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-RSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-RSA-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "DHE-PSK-ARIA256-GCM-SHA384"), + ("TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "DHE-PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-ARIA-256-GCM-SHA384", + None, + "PSK-ARIA256-GCM-SHA384"), + ("TLS-PSK-WITH-ARIA-128-GCM-SHA256", + None, + "PSK-ARIA128-GCM-SHA256"), + ("TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "PSK-CHACHA20-POLY1305"), + ("TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-PSK-CHACHA20-POLY1305"), + ("TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + None, + "DHE-PSK-CHACHA20-POLY1305"), + + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + "+ECDHE-ECDSA:+AES-256-CCM:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + "+ECDHE-ECDSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + "+ECDHE-ECDSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-NULL-SHA256", + "+RSA:+NULL:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "+DHE-RSA:+CAMELLIA-256-CBC:+SHA256", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM", + "+RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM", + "+RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM", + "+DHE-RSA:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM", + "+DHE-RSA:+AES-256-CCM:+AEAD", + None), + ("TLS-RSA-WITH-AES-128-CCM-8", + "+RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-RSA-WITH-AES-256-CCM-8", + "+RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-128-CCM-8", + "+DHE-RSA:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-RSA-WITH-AES-256-CCM-8", + "+DHE-RSA:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+DHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + "+DHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + "+DHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + "+ECDHE-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + "+ECDHE-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + "+ECDHE-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + "+RSA-PSK:+3DES-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + "+RSA-PSK:+AES-256-CBC:+SHA1", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + "+RSA-PSK:+AES-128-CBC:+SHA1", + None), + ("TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + "+ECDHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + "+ECDHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA384", + "+ECDHE-PSK:+NULL:+SHA384", + None), + ("TLS-ECDHE-PSK-WITH-NULL-SHA256", + "+ECDHE-PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-CBC-SHA256", + "+PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-256-CBC-SHA384", + "+PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + "+DHE-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + "+DHE-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-NULL-SHA256", + "+PSK:+NULL:+SHA256", + None), + ("TLS-PSK-WITH-NULL-SHA384", + "+PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA256", + "+DHE-PSK:+NULL:+SHA256", + None), + ("TLS-DHE-PSK-WITH-NULL-SHA384", + "+DHE-PSK:+NULL:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + "+RSA-PSK:+AES-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + "+RSA-PSK:+AES-128-CBC:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA256", + "+RSA-PSK:+NULL:+SHA256", + None), + ("TLS-RSA-PSK-WITH-NULL-SHA384", + "+RSA-PSK:+NULL:+SHA384", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+DHE-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+DHE-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + "+RSA-PSK:+CAMELLIA-256-CBC:+SHA384", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + "+RSA-PSK:+CAMELLIA-128-CBC:+SHA256", + None), + ("TLS-PSK-WITH-AES-128-GCM-SHA256", + "+PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-GCM-SHA384", + "+PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + "+DHE-PSK:+AES-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + "+DHE-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM", + "+PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM", + "+PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM", + "+DHE-PSK:+AES-128-CCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM", + "+DHE-PSK:+AES-256-CCM:+AEAD", + None), + ("TLS-PSK-WITH-AES-128-CCM-8", + "+PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-PSK-WITH-AES-256-CCM-8", + "+PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-128-CCM-8", + "+DHE-PSK:+AES-128-CCM-8:+AEAD", + None), + ("TLS-DHE-PSK-WITH-AES-256-CCM-8", + "+DHE-PSK:+AES-256-CCM-8:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+RSA-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+RSA-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + "+DHE-PSK:+CAMELLIA-128-GCM:+AEAD", + None), + ("TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + "+DHE-PSK:+CAMELLIA-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + "+RSA-PSK:+AES-256-GCM:+AEAD", + None), + ("TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + "+RSA-PSK:+AES-128-GCM:+AEAD", + None), + ] + + for m, g_exp, o_exp in ciphers: + + if g_exp is not None: + g = translate_gnutls(m) + self.assertEqual(g, g_exp) + + if o_exp is not None: + o = translate_ossl(m) + self.assertEqual(o, o_exp) + + def test_cipher_format(self): + """ + Ensure translate_ciphers.py can take names in the expected + format and return them in the format compat.sh will expect. + """ + # Ciphers in Mbed TLS format + ciphers = "TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + " + ciphers = "%s \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " % ciphers + + # Corresponding ciphers in GnuTLS format + g_ciphers = "+ECDHE-ECDSA:+NULL:+SHA1 \ + +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ + " + g_ciphers = "%s \ + +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ + +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ + +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ + +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ + " % g_ciphers + + # Corresponding ciphers in OpenSSL format + o_ciphers = "ECDHE-ECDSA-NULL-SHA \ + ECDHE-ECDSA-DES-CBC3-SHA \ + ECDHE-ECDSA-AES128-SHA \ + ECDHE-ECDSA-AES256-SHA \ + " + o_ciphers = "%s \ + ECDHE-ECDSA-AES128-SHA256 \ + ECDHE-ECDSA-AES256-SHA384 \ + ECDHE-ECDSA-AES128-GCM-SHA256 \ + ECDHE-ECDSA-AES256-GCM-SHA384 \ + " % o_ciphers + + # Translate ciphers in mbedtls format + g_translated = format_ciphersuite_names("g", ciphers.split()) + o_translated = format_ciphersuite_names("o", ciphers.split()) + + # Normalise whitespace + g_ciphers = (" ").join(g_ciphers.split()) + o_ciphers = (" ").join(o_ciphers.split()) + + self.assertEqual(g_translated, g_ciphers) + self.assertEqual(o_translated, o_ciphers) def translate_gnutls(m_cipher): """