diff options
| author | lloyd <[email protected]> | 2014-01-01 21:20:55 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2014-01-01 21:20:55 +0000 |
| commit | 197dc467dec28a04c3b2f30da7cef122dfbb13e9 (patch) | |
| tree | cdbd3ddaec051c72f0a757db461973d90c37b97a /src/build-data | |
| parent | 62faac373c07cfe10bc8c309e89ebdd30d8e5eaa (diff) | |
Shuffle things around. Add NIST X.509 test to build.
Diffstat (limited to 'src/build-data')
| -rwxr-xr-x | src/build-data/scripts/dist.py | 362 | ||||
| -rwxr-xr-x | src/build-data/scripts/tls_suite_info.py | 273 |
2 files changed, 0 insertions, 635 deletions
diff --git a/src/build-data/scripts/dist.py b/src/build-data/scripts/dist.py deleted file mode 100755 index 56aabd45f..000000000 --- a/src/build-data/scripts/dist.py +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/bin/env python - -""" -Release script for botan (http://botan.randombit.net/) - -(C) 2011, 2012, 2013 Jack Lloyd - -Distributed under the terms of the Botan license -""" - -import errno -import logging -import optparse -import os -import shlex -import StringIO -import shutil -import subprocess -import sys -import tarfile -import datetime -import hashlib - -def check_subprocess_results(subproc, name): - (stdout, stderr) = subproc.communicate() - - stdout = stdout.strip() - stderr = stderr.strip() - - if subproc.returncode != 0: - if stdout != '': - logging.error(stdout) - if stderr != '': - logging.error(stderr) - raise Exception('Running %s failed' % (name)) - else: - if stderr != '': - logging.debug(stderr) - - return stdout - -def run_monotone(db, args): - cmd = ['mtn', '--db', db] + args - - logging.debug('Running %s' % (' '.join(cmd))) - - mtn = subprocess.Popen(cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - - return check_subprocess_results(mtn, 'mtn') - -def get_certs(db, rev_id): - tokens = shlex.split(run_monotone(db, ['automate', 'certs', rev_id])) - - def usable_cert(cert): - if 'signature' not in cert or cert['signature'] != 'ok': - return False - if 'trust' not in cert or cert['trust'] != 'trusted': - return False - if 'name' not in cert or 'value' not in cert: - return False - return True - - def cert_builder(tokens): - pairs = zip(tokens[::2], tokens[1::2]) - current_cert = {} - for pair in pairs: - if pair[0] == 'trust': - if usable_cert(current_cert): - name = current_cert['name'] - value = current_cert['value'] - current_cert = {} - - logging.debug('Cert %s "%s" for rev %s' % (name, value, rev_id)) - yield (name, value) - - current_cert[pair[0]] = pair[1] - - certs = dict(cert_builder(tokens)) - return certs - -def datestamp(db, rev_id): - certs = get_certs(db, rev_id) - - if 'date' in certs: - datestamp = int(certs['date'].replace('-','')[0:8]) - logging.info('Using datestamp %s for rev %s' % (datestamp, rev_id)) - return datestamp - - logging.info('Could not retreive date for %s' % (rev_id)) - return 0 - -def gpg_sign(keyid, passphrase_file, files, detached = True): - - options = ['--armor', '--detach-sign'] if detached else ['--clearsign'] - - gpg_cmd = ['gpg', '--batch'] + options + ['--local-user', keyid] - if passphrase_file != None: - gpg_cmd[1:1] = ['--passphrase-file', passphrase_file] - - for filename in files: - logging.info('Signing %s using PGP id %s' % (filename, keyid)) - - cmd = gpg_cmd + [filename] - - logging.debug('Running %s' % (' '.join(cmd))) - - gpg = subprocess.Popen(cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - - check_subprocess_results(gpg, 'gpg') - - return [filename + '.asc' for filename in files] - -def parse_args(args): - parser = optparse.OptionParser( - "usage: %prog [options] <version #>\n" + - " %prog [options] snapshot <branch>" - ) - - parser.add_option('--verbose', action='store_true', - default=False, help='Extra debug output') - - parser.add_option('--quiet', action='store_true', - default=False, help='Only show errors') - - parser.add_option('--output-dir', metavar='DIR', - default='.', - help='Where to place output (default %default)') - - parser.add_option('--mtn-db', metavar='DB', - default=os.getenv('BOTAN_MTN_DB', ''), - help='Set monotone db (default \'%default\')') - - parser.add_option('--print-output-names', action='store_true', - help='Print output archive filenames to stdout') - - parser.add_option('--archive-types', metavar='LIST', default='tbz,tgz', - help='Set archive types to generate (default %default)') - - parser.add_option('--pgp-key-id', metavar='KEYID', - default='EFBADFBC', - help='PGP signing key (default %default, "none" to disable)') - - parser.add_option('--pgp-passphrase-file', metavar='FILE', - default=None, - help='PGP signing key passphrase file') - - parser.add_option('--write-hash-file', metavar='FILE', default=None, - help='Write a file with checksums') - - return parser.parse_args(args) - -def remove_file_if_exists(fspath): - try: - os.unlink(fspath) - except OSError as e: - if e.errno != errno.ENOENT: - raise - -def main(args = None): - if args is None: - args = sys.argv[1:] - - (options, args) = parse_args(args) - - def log_level(): - if options.verbose: - return logging.DEBUG - if options.quiet: - return logging.ERROR - return logging.INFO - - logging.basicConfig(stream = sys.stderr, - format = '%(levelname) 7s: %(message)s', - level = log_level()) - - if options.mtn_db == '': - logging.error('No monotone db set (use --mtn-db)') - return 1 - - if not os.access(options.mtn_db, os.R_OK): - logging.error('Monotone db %s not found' % (options.mtn_db)) - return 1 - - if len(args) == 0 or len(args) >= 3: - logging.error('Usage error, try --help') - return 1 - - # Sanity check arguments - - if args[0] == 'snapshot': - - if len(args) == 1: - logging.error('Missing branch name for snapshot command') - return 1 - - logging.info('Creating snapshot release from branch %s', args[1]) - - elif len(args) == 1: - try: - logging.info('Creating release for version %s' % (args[0])) - - (major,minor,patch) = map(int, args[0].split('.')) - - assert args[0] == '%d.%d.%d' % (major,minor,patch) - except: - logging.error('Invalid version number %s' % (args[0])) - return 1 - - else: - logging.error('Usage error, try --help') - return 1 - - def selector(args): - if args[0] == 'snapshot': - return 'h:' + args[1] - else: - return 't:' + args[0] - - def output_name(args): - if args[0] == 'snapshot': - datestamp = datetime.date.today().isoformat().replace('-', '') - - def snapshot_name(branch): - if branch == 'net.randombit.botan': - return 'trunk' - elif branch == 'net.randombit.botan.1_10': - return '1.10' - else: - return branch - - return 'botan-%s-snapshot-%s' % (snapshot_name(args[1]), datestamp) - else: - return 'Botan-' + args[0] - - rev_id = run_monotone(options.mtn_db, ['automate', 'select', selector(args)]) - - if rev_id == '': - logging.error('No revision matching %s found' % (selector(args))) - return 2 - - logging.info('Found revision id %s' % (rev_id)) - - output_basename = output_name(args) - - logging.debug('Output basename %s' % (output_basename)) - - if os.access(output_basename, os.X_OK): - logging.info('Removing existing output dir %s' % (output_basename)) - shutil.rmtree(output_basename) - - run_monotone(options.mtn_db, - ['checkout', '--quiet', '-r', rev_id, output_basename]) - - shutil.rmtree(os.path.join(output_basename, '_MTN')) - remove_file_if_exists(os.path.join(output_basename, '.mtn-ignore')) - - version_file = os.path.join(output_basename, 'botan_version.py') - - if os.access(version_file, os.R_OK): - # rewrite botan_version.py - - contents = open(version_file).readlines() - - def content_rewriter(): - for line in contents: - if line == 'release_vc_rev = None\n': - yield 'release_vc_rev = \'mtn:%s\'\n' % (rev_id) - elif line == 'release_datestamp = 0\n': - yield 'release_datestamp = %d\n' % (datestamp(options.mtn_db, rev_id)) - elif line == "release_type = \'unreleased\'\n": - if args[0] == 'snapshot': - yield "release_type = 'snapshot'\n" - else: - yield "release_type = 'released'\n" - else: - yield line - - open(version_file, 'w').write(''.join(list(content_rewriter()))) - else: - logging.error('Cannot find %s' % (version_file)) - return 2 - - try: - os.makedirs(options.output_dir) - except OSError as e: - if e.errno != errno.EEXIST: - logging.error('Creating dir %s failed %s' % (options.output_dir, e)) - return 2 - - output_files = [] - - archives = options.archive_types.split(',') if options.archive_types != '' else [] - - hash_file = None - if options.write_hash_file != None: - hash_file = open(options.write_hash_file, 'w') - - for archive in archives: - logging.debug('Writing archive type "%s"' % (archive)) - - output_archive = output_basename + '.' + archive - - remove_file_if_exists(output_archive) - remove_file_if_exists(output_archive + '.asc') - - if archive in ['tgz', 'tbz']: - - def write_mode(): - if archive == 'tgz': - return 'w:gz' - elif archive == 'tbz': - return 'w:bz2' - - archive = tarfile.open(output_archive, write_mode()) - archive.add(output_basename) - archive.close() - - if hash_file != None: - sha256 = hashlib.new('sha256') - sha256.update(open(output_archive).read()) - hash_file.write("%s %s\n" % (sha256.hexdigest(), output_archive)) - else: - raise Exception('Unknown archive type "%s"' % (archive)) - - output_files.append(output_archive) - - if hash_file != None: - hash_file.close() - - shutil.rmtree(output_basename) - - if options.print_output_names: - for output_file in output_files: - print(output_file) - - if options.pgp_key_id != 'none': - if options.write_hash_file != None: - output_files += gpg_sign(options.pgp_key_id, options.pgp_passphrase_file, - [options.write_hash_file], False) - else: - output_files += gpg_sign(options.pgp_key_id, options.pgp_passphrase_file, - output_files, True) - - if options.output_dir != '.': - for output_file in output_files: - logging.debug('Moving %s to %s' % (output_file, options.output_dir)) - shutil.move(output_file, os.path.join(options.output_dir, output_file)) - - return 0 - -if __name__ == '__main__': - try: - sys.exit(main()) - except Exception as e: - logging.error(e) - import traceback - logging.info(traceback.format_exc()) - sys.exit(1) diff --git a/src/build-data/scripts/tls_suite_info.py b/src/build-data/scripts/tls_suite_info.py deleted file mode 100755 index dd507bc28..000000000 --- a/src/build-data/scripts/tls_suite_info.py +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/env python2 - -""" -Used to generate src/tls/tls_suite_info.cpp - -(C) 2011, 2012, 2013 Jack Lloyd - -Distributed under the terms of the Botan license - -""" - -import sys -import re -import datetime -import hashlib - -def to_ciphersuite_info(code, name): - - (sig_and_kex,cipher_and_mac) = name.split('_WITH_') - - if sig_and_kex == 'RSA': - sig_algo = 'RSA' - kex_algo = 'RSA' - elif 'PSK' in sig_and_kex: - sig_algo = '' - kex_algo = sig_and_kex - elif 'SRP' in sig_and_kex: - srp_info = sig_and_kex.split('_') - if len(srp_info) == 2: # 'SRP_' + hash - kex_algo = sig_and_kex - sig_algo = '' - else: - kex_algo = '_'.join(srp_info[0:-1]) - sig_algo = srp_info[-1] - else: - (kex_algo, sig_algo) = sig_and_kex.split('_') - - cipher_and_mac = cipher_and_mac.split('_') - - mac_algo = cipher_and_mac[-1] - - cipher = cipher_and_mac[:-1] - - if mac_algo == '8' and cipher[-1] == 'CCM': - cipher = cipher[:-1] - mac_algo = 'CCM_8' - - if mac_algo == 'CCM': - cipher += ['CCM'] - mac_algo = 'SHA256' - elif mac_algo == 'CCM_8': - cipher += ['CCM-8'] - mac_algo = 'SHA256' - - cipher_info = { - 'RC4': ('RC4',None), - 'IDEA': ('IDEA',16), - 'DES': ('DES',8), - '3DES': ('3DES',24), - 'CAMELLIA': ('Camellia',None), - 'AES': ('AES',None), - 'SEED': ('SEED',16), - 'ARIA': ('ARIA',16) - } - - tls_to_botan_names = { - 'anon': '', - 'MD5': 'MD5', - 'SHA': 'SHA-1', - 'SHA256': 'SHA-256', - 'SHA384': 'SHA-384', - 'SHA512': 'SHA-512', - - 'RC4': 'RC4', - '3DES': 'TripleDES', - - 'DSS': 'DSA', - 'ECDSA': 'ECDSA', - 'RSA': 'RSA', - 'SRP_SHA': 'SRP_SHA', - 'DHE': 'DH', - 'DH': 'DH', - 'ECDHE': 'ECDH', - 'ECDH': 'ECDH', - '': '', - 'PSK': 'PSK', - 'DHE_PSK': 'DHE_PSK', - 'PSK_DHE': 'DHE_PSK', - 'ECDHE_PSK': 'ECDHE_PSK', - } - - mac_keylen = { - 'MD5': 16, - 'SHA-1': 20, - 'SHA-256': 32, - 'SHA-384': 48, - 'SHA-512': 64, - } - - mac_algo = tls_to_botan_names[mac_algo] - sig_algo = tls_to_botan_names[sig_algo] - kex_algo = tls_to_botan_names[kex_algo] - - (cipher_algo, cipher_keylen) = cipher_info[cipher[0]] - - if cipher_keylen is None: - cipher_keylen = int(cipher[1]) / 8 - - if cipher_algo in ['AES', 'Camellia']: - cipher_algo += '-%d' % (cipher_keylen*8) - - modestr = '' - mode = '' - ivlen = 0 - if cipher_algo != 'RC4': - mode = cipher[-1] - if mode not in ['CBC', 'GCM', 'CCM-8', 'CCM', 'OCB']: - print "#warning Unknown mode %s" % (' '.join(cipher)) - - ivlen = 8 if cipher_algo == '3DES' else 16 - - if mode != 'CBC': - cipher_algo += '/' + mode - - if cipher_algo != 'RC4' and mode != 'CBC': - return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "AEAD", %d, "%s")' % ( - code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, mac_algo) - else: - return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "%s", %d)' % ( - code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo]) - -def open_input(args): - iana_url = 'https://www.iana.org/assignments/tls-parameters/tls-parameters.txt' - - if len(args) == 1: - try: - return open('tls-parameters.txt') - except: - pass - - import urllib2 - return urllib2.urlopen(iana_url) - else: - return open(args[1]) - -def main(args = None): - if args is None: - args = sys.argv - - weak_crypto = ['EXPORT', 'RC2', 'IDEA', '_DES_', 'WITH_NULL'] - static_dh = ['ECDH_ECDSA', 'ECDH_RSA', 'DH_DSS', 'DH_RSA'] # not supported - protocol_goop = ['SCSV', 'KRB5'] - maybe_someday = ['ARIA', 'RSA_PSK'] - not_supported = weak_crypto + static_dh + protocol_goop + maybe_someday - - include_srp_aead = False - include_ocb = False - include_eax = False - save_file = True - - ciphersuite_re = re.compile(' +0x([0-9a-fA-F][0-9a-fA-F]),0x([0-9a-fA-F][0-9a-fA-F]) + TLS_([A-Za-z_0-9]+) ') - - suites = {} - suite_codes = {} - - contents = '' - - for line in open_input(args): - contents += line - match = ciphersuite_re.match(line) - if match: - code = match.group(1) + match.group(2) - name = match.group(3) - - should_use = True - for ns in not_supported: - if ns in name: - should_use = False - - if should_use: - suites[name] = (code, to_ciphersuite_info(code, name)) - - sha1 = hashlib.sha1() - sha1.update(contents) - contents_hash = sha1.hexdigest() - - if save_file: - out = open('tls-parameters.txt', 'w') - out.write(contents) - out.close() - - def define_custom_ciphersuite(name, code): - suites[name] = (code, to_ciphersuite_info(code, name)) - - # From http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 - define_custom_ciphersuite('DHE_DSS_WITH_RC4_128_SHA', '0066') - - # Expermental things - if include_ocb: - define_custom_ciphersuite('ECDHE_ECDSA_AES_128_OCB_SHA256', 'FF80') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_OCB_SHA384', 'FF81') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FF82') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_OCB_SHA384', 'FF83') - - define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FF85') - define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA384', 'FF86') - - if include_eax: - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_EAX_SHA256', 'FF90') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_EAX_SHA384', 'FF91') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_EAX_SHA256', 'FF92') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_EAX_SHA384', 'FF93') - - if include_srp_aead: - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_GCM_SHA384', 'FFA0') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_GCM_SHA384', 'FFA1') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_GCM_SHA384', 'FFA2') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_GCM_SHA384', 'FFA3') - - if include_ocb: - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_OCB_SHA384', 'FFA4') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_OCB_SHA384', 'FFA5') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_OCB_SHA384', 'FFA6') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_OCB_SHA384', 'FFA7') - - if include_eax: - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_EAX_SHA384', 'FFA8') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_EAX_SHA384', 'FFA9') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_EAX_SHA384', 'FFAA') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_EAX_SHA384', 'FFAB') - - - def header(): - return """/* -* TLS cipher suite information -* -* This file was automatically generated from the IANA assignments -* (tls-parameters.txt hash %s) -* by %s on %s -* -* Released under the terms of the Botan license -*/ -""" % (contents_hash, sys.argv[0], datetime.date.today().strftime("%Y-%m-%d")) - - print header() - - print """#include <botan/tls_ciphersuite.h> - -namespace Botan { - -namespace TLS { - -Ciphersuite Ciphersuite::by_id(u16bit suite) - { - switch(suite) - {""" - - for k in sorted(suites.keys()): - print " case 0x%s: // %s" % (suites[k][0], k) - print " return %s;" % (suites[k][1]) - print - - print """ } - - return Ciphersuite(); // some unknown ciphersuite - } - -} - -}""" - -if __name__ == '__main__': - sys.exit(main()) |