-#/bin/sh
+#!/bin/sh
# ./scan-gnutls.sh > gnutls-ciphers.js
echo 'var gnutls_ciphersuites = {'
-cd ../../../lib/algorithms/ && gcc -E ciphersuites.c -I.. -I../../ -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I../../gl -I../includes -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \
- | awk '/^static const gnutls_cipher_suite_entry_st cs_algorithms/, /;/ { print; }' \
- | grep '{' | head -n-1 | tail -n+2 \
- | sed -r -e 's#\{ *0x(..), *0x(..) *\}#0x\1\2#;s# *\{ *"#"#;s#\}##;s#, +# #g' \
- -e 's#GNUTLS_VERSION_UNKNOWN#unknown#' \
- -e 's#GNUTLS_DTLS_VERSION_MIN#GNUTLS_DTLS1_0#;s#GNUTLS_TLS1 #GNUTLS_TLS1_0 #' \
- -e 's#TLS([0-9])_([0-9])#TLS\1.\2#g;s#GNUTLS_SSL3#SSL3.0#;s#_#-#g;s#GNUTLS-(CIPHER|KX|MAC)-##g;s#GNUTLS-##g' \
- | gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \
- cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \
- kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \
- if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \
- gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \
- | sort -n \
- | cut -d'#' -f2- \
- | column -t \
- | sed -e 's#: #: #g;s#, #, #g;s#{ #{ #g;s#^# #'
+srcdir="${srcdir:-..}"
+top_builddir="${top_builddir:-../../..}"
+gcc -E "${srcdir}/../../lib/algorithms/ciphersuites.c" -I"${top_builddir}" -I"${srcdir}/../../lib" -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I"${srcdir}/../../gl" -I"${srcdir}/../includes" -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \
+ | awk '/^static const gnutls_cipher_suite_entry_st cs_algorithms/, /;/ { print; }' \
+ | grep '{' | head -n-1 | tail -n+2 \
+ | sed -r -e 's#\{ *0x(..), *0x(..) *\}#0x\1\2#;s# *\{ *"#"#;s#\}##;s#, +# #g' \
+ -e 's#GNUTLS_VERSION_UNKNOWN#unknown#' \
+ -e 's#GNUTLS_DTLS_VERSION_MIN#GNUTLS_DTLS1_0#;s#GNUTLS_TLS1 #GNUTLS_TLS1_0 #' \
+ -e 's#TLS([0-9])_([0-9])#TLS\1.\2#g;s#GNUTLS_SSL3#SSL3.0#;s#_#-#g;s#GNUTLS-(CIPHER|KX|MAC)-##g;s#GNUTLS-##g' \
+ | gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \
+ cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \
+ kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \
+ if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \
+ gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \
+ | sort -n \
+ | cut -d'#' -f2- \
+ | column -t \
+ | sed -e 's#: #: #g;s#, #, #g;s#{ #{ #g;s#^# #'
echo '};'
var vm = require('vm');
function include(path) {
- var code = fs.readFileSync(path, 'utf-8');
- vm.runInThisContext(code, path);
+ var code = fs.readFileSync(path, 'utf-8');
+ vm.runInThisContext(code, path);
}
-include('./gnutls-ciphers.js');
-include('./registry-ciphers.js');
+srcdir=process.env["srcdir"];
+if (srcdir == undefined) {
+ srcdir = ".";
+}
+builddir=process.env['builddir']
+if (builddir == undefined) {
+ builddir = ".";
+}
+include(builddir + "/gnutls-ciphers.js");
+include(srcdir + "/registry-ciphers.js");
(function() {
// console.log("Test: ", require('util').inspect(priority_config(priority(s)), false, 10));
// console.log("Test: ", require('util').inspect(priority_ciphersuites(priority(s)), false, 10));
- // check whether gnutls ciphersuite names match the kx/cipher/mac/prf combination
- for (var i in gnutls_ciphersuites) {
- if (!gnutls_ciphersuites.hasOwnProperty(i)) continue;
- var cs = gnutls_ciphersuites[i];
- var mac = cs.mac;
- if (mac == "AEAD") mac = cs.prf.replace("DIG-", "");
- mac = mac.replace("UMAC-", "UMAC");
- var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC");
- var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA");
+ // check whether gnutls ciphersuite names match the kx/cipher/mac/prf combination
+ for (var i in gnutls_ciphersuites) {
+ if (!gnutls_ciphersuites.hasOwnProperty(i)) continue;
+ var cs = gnutls_ciphersuites[i];
+ var mac = cs.mac;
+ if (mac == "AEAD") mac = cs.prf.replace("DIG-", "");
+ mac = mac.replace("UMAC-", "UMAC");
+ var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC");
+ var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA");
+
+ if (cs.mac == "AEAD") {
+ if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) {
+ console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname);
+ process.exit(1);
+ }
+ } else {
+ if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
+ console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
+ process.exit(1);
+ }
+ }
+ if (cs.name !== i) {
+ console.log("Name doesn't match index:", cs.name, i);
+ process.exit(1);
+ }
+ if (!registry_ciphersuites[cs.id]) {
+ if (cipher.match(/SALSA20/)) {
+ var warned_salsa20;
+ if (!warned_salsa20) {
+ /* warn only once */
+ console.log("Unofficial SALSA20 ciphers");
+ warned_salsa20 = 1;
+ }
+ } else {
+ console.log("Unofficial cipher:", cs.name, cs.id);
+ }
+ } else if (registry_ciphersuites[cs.id] !== cs.name) {
+ if (cs.name !== "TLS_DHE_PSK_WITH_AES_128_CCM_8" &&
+ cs.name !== "TLS_DHE_PSK_WITH_AES_256_CCM_8") {
+ console.log("Name doesn't match official name for id:", cs.name, registry_ciphersuites[cs.id], cs.id);
+ process.exit(1);
+ }
+ }
+ }
- if (cs.mac == "AEAD") {
- if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) {
- console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname);
- process.exit(1);
- }
- } else {
- if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
- console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
- process.exit(1);
- }
- }
- if (cs.name !== i) {
- console.log("Name doesn't match index:", cs.name, i);
- process.exit(1);
- }
- if (!registry_ciphersuites[cs.id]) {
- if (cipher.match(/SALSA20/)) {
- var warned_salsa20;
- if (!warned_salsa20) {
- /* warn only once */
- console.log("Unofficial SALSA20 ciphers");
- warned_salsa20 = 1;
- }
- } else {
- console.log("Unofficial cipher:", cs.name, cs.id);
- }
- } else if (registry_ciphersuites[cs.id] !== cs.name) {
- if (cs.name !== "TLS_DHE_PSK_WITH_AES_128_CCM_8" &&
- cs.name !== "TLS_DHE_PSK_WITH_AES_256_CCM_8") {
- console.log("Name doesn't match official name for id:", cs.name, registry_ciphersuites[cs.id], cs.id);
- process.exit(1);
- }
- }
- }
-
- process.exit(0);
+ process.exit(0);
})();
projects / thirdparty / gnutls.git / commitdiff
