diff options
| author | Jack Lloyd <[email protected]> | 2015-11-13 12:52:20 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-11-13 12:52:20 -0500 |
| commit | 406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch) | |
| tree | fcb26fab346948c2647ff7db4144bb9d5ed07295 /src/scripts | |
| parent | 3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff) | |
Add TLS_PSK tests
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
Diffstat (limited to 'src/scripts')
| -rwxr-xr-x | src/scripts/tls_suite_info.py | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 8589ddeec..dc0468c88 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -3,7 +3,7 @@ """ Used to generate lib/tls/tls_suite_info.cpp from IANA params -(C) 2011, 2012, 2013, 2014 Jack Lloyd +(C) 2011, 2012, 2013, 2014, 2015 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ @@ -53,7 +53,6 @@ def to_ciphersuite_info(code, name): mac_algo = 'SHA256' cipher_info = { - 'RC4': ('RC4',None), 'CHACHA20': ('ChaCha',32), 'IDEA': ('IDEA',16), 'DES': ('DES',8), @@ -72,7 +71,6 @@ def to_ciphersuite_info(code, name): 'SHA384': 'SHA-384', 'SHA512': 'SHA-512', - 'RC4': 'RC4', 'CHACHA': 'ChaCha', '3DES': 'TripleDES', @@ -122,28 +120,26 @@ def to_ciphersuite_info(code, name): return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % ( code, sig_algo, kex_algo, "ChaCha20Poly1305", cipher_keylen, iv_len, 0, 0, mac_algo) - stream_ciphers = ['RC4'] + mode = cipher[-1] + if mode not in ['CBC', 'GCM', 'CCM(8)', 'CCM', 'OCB']: + print "#warning Unknown mode %s" % (' '.join(cipher)) - if cipher_algo not in stream_ciphers: - mode = cipher[-1] - if mode not in ['CBC', 'GCM', 'CCM(8)', 'CCM', 'OCB']: - print "#warning Unknown mode %s" % (' '.join(cipher)) + ivlen = 8 if cipher_algo == '3DES' else 16 - ivlen = 8 if cipher_algo == '3DES' else 16 - - if mode != 'CBC': - if mode == 'OCB': - cipher_algo += '/OCB(12)' - else: - cipher_algo += '/' + mode + if mode != 'CBC': + if mode == 'OCB': + cipher_algo += '/OCB(12)' + else: + cipher_algo += '/' + mode - if cipher_algo in stream_ciphers or mode == 'CBC': + if mode == 'CBC': return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, 0, "%s", %d)' % ( code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo]) - elif mode == 'OCB': + elif mode == 'OCB': return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % ( code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, 0, mac_algo) + else: iv_bytes_from_hs = 4 iv_bytes_from_rec = 8 @@ -242,9 +238,6 @@ def main(args = None): def define_custom_ciphersuite(name, code): suites[name] = (code, to_ciphersuite_info(code, name)) - # From http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 - define_custom_ciphersuite('DHE_DSS_WITH_RC4_128_SHA', '0066') - if options.with_chacha: # Google servers - draft-agl-tls-chacha20poly1305-04 define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13') |