Modify the comments to include the use of the translate function
and retire the explanation of maintaining 2 seperate lists
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
- Replace uses of mbed and gnu with mbedtls and gnutls respectivley.
- Uses sys.exit() rather than exit()
- Rename format() as it is an inbuilt python function
- Add error information if incorrect arguments are passsed to
translate_ciphers.py
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
After every edge case to append which ciphers were being used
a call to translate_ciphers.py was being made.
Now a call to translate_ciphers are made at the end of every
function where ciphersuite names are being added. This occurs
3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and
OpenSSL and another 1 for MBedTLS and GNUTLS.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
In translate_ciphers.py there were 2 format functions that were
virtually identical and a check was made beforehand to decide
which one to call. Now the check is made inside a single function
to reduce duplicate code
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Replace the OpenSSL $O_CIPHERS and GNU $G_CIPHERS declarations
with calls to translate_ciphersuite.py
Declared a new variable for each sublist $CIPHERS which is appended
to MBedTLS $M_CIPHERS and translated+appended to the OpenSSL and GNU
lists.
Fixes#4674
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Changes to pass tests/scripts/check_files.py
-Add missing new line at end of each file
-Remove any trailing whitespaces
-Added file shebang comments
Added license info and purpose of file descriptions. The 2 test_translate...
files may not be stay later down the line, but incase they do become
permanent, it is good to add the appropriate comments now.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
To be used by compat.sh, the files were moved to the same directory.
The files were also renamed to be distinguishable aside from their
file extensions
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Added formatting functions to translate_ciphersuite.py to take a string
of multiple ciphersuite names, in the current compat.sh and output the
translated ciphersuite names in the same format
Created test_translate.sh which uses samples from compat.sh to compare
against the translated versions to ensure the translations are produced
in the correct format
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Moved the test over to a seperate file, where I can start experimenting with
how the script will be called.
Commented and improved the translation functions. They should be more readable,
however I added comments anyway to quickly identify every step involved with
te translation from MBedTLS to GNU or OpenSSL
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Created 2 functions
- translate_gnu()
- translate_ossl()
Each function takes a parameter `m_cipher` (expected in the MBedTLS naming
standard), and through a series of edge cases/replaces, modifies the
ciphersuite name to match the GNU and OpenSSL naming conventions respectively.
This will serve as to maintain a single list that can be translated, rather
than maintaining 3 lists for OpenSSL and GNU also.
This commit serves as a checkpoint, and the program will be cleaned up in the
future.
The program currently runs a series of tests to check every given ciphersuite name
combination in compat.sh to ensure they are translated correctly.
Some OpenSSL names appear to have typos and as such have been corrected in
this program until I have recieved more information. The errors were commented
out to keep note of.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
v3.7.2 introduces DISABLE_TLS13_COMPAT_MODE. That can be
used to verify if TLS13 COMPATIBLE is not available.
Change-Id: Id68748e92504835b5a63b2565a618f728e7222f6
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.
Where possible, just stick to size_t.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We previously had tests for not sending enough (additional) data, but
were missing tests for sending too much. I have added these to the state
tests, as I don't think this is complex enough to deserve a standalone
test.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.
This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This was already documented for mbedtls_md_info_t. Also document it for
mbedtls_pk_info_t (where it's fairly obvious since the structure is not
defined in a public header) and for mbedtls_cipher_info_t (where it's not
obvious since the structure is defined in a public header).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The structures mbedtls_x509_time, mbedtls_x509_crl_entry, mbedtls_x509_crl,
mbedtls_x509_crt, mbedtls_x509_san_other_name,
mbedtls_x509_subject_alternative_name, mbedtls_x509_csr are designed to
expose the result of parsing X.509 data. Document many of their fields as
being publicly readable.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The structures mbedtls_asn1_buf, mbedtls_asn1_bitstring,
mbedtls_asn1_sequence and mbedtls_asn1_named_data are designed to allow
access to data after parsing. Make their fields public.
Document that chaining fields are essentially read-only.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().
Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.
TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.
Call the new functions in unit tests, so they're at least smoke-tested.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The whole point of this structure is to provide information, both for the
library's own sake and to applications.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167 Warning[Pe550]: variable "ret" was set but never used
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
