| gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \
cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \
kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \
- name = "TLS_" kx "_WITH_" cipher "_" mac; gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \
+ if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \
+ gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \
| sort -n \
| cut -d'#' -f2- \
| column -t \
mac = mac.replace("UMAC-", "UMAC");
var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC");
var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA");
- if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
- console.log("Broken: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
+
+ if (cs.mac == "AEAD" && cipher.indexOf("GCM") == -1) {
+ if (kx + "-" + cipher != cs.gnutlsname) {
+ console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname);
+ process.exit(1);
+ }
+ } else {
+ if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
+ console.log("Broken ciphersuite: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
+ process.exit(1);
+ }
}
if (cs.name !== i) {
console.log("Name doesn't match index:", cs.name, i);
projects / thirdparty / gnutls.git / commitdiff
