[tor-commits] [tor/master] Teach gen_server_ciphers about CCM and Chacha.
nickm at torproject.org
nickm at torproject.org
Fri Jan 27 21:49:07 UTC 2017
commit 8a9eca12677f906dcd7e2161c3c5b4e338b9d204
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Jan 24 15:29:26 2017 -0500
Teach gen_server_ciphers about CCM and Chacha.
Also, teach it to not use 3DES any more.
---
scripts/codegen/gen_server_ciphers.py | 50 ++++++++++++++++++++++-------------
1 file changed, 32 insertions(+), 18 deletions(-)
diff --git a/scripts/codegen/gen_server_ciphers.py b/scripts/codegen/gen_server_ciphers.py
index 0dca8a6..7b61d86 100755
--- a/scripts/codegen/gen_server_ciphers.py
+++ b/scripts/codegen/gen_server_ciphers.py
@@ -13,7 +13,8 @@ import sys
EPHEMERAL_INDICATORS = [ "_EDH_", "_DHE_", "_ECDHE_" ]
BAD_STUFF = [ "_DES_40_", "MD5", "_RC4_", "_DES_64_",
- "_SEED_", "_CAMELLIA_", "_NULL" ]
+ "_SEED_", "_CAMELLIA_", "_NULL",
+ "_CCM_8", "_DES_", ]
# these never get #ifdeffed.
MANDATORY = [
@@ -48,15 +49,23 @@ def usable_cipher(ciph):
# All fields we sort on, in order of priority.
FIELDS = [ 'cipher', 'fwsec', 'mode', 'digest', 'bitlength' ]
# Map from sorted fields to recognized value in descending order of goodness
-FIELD_VALS = { 'cipher' : [ 'AES', 'DES'],
+FIELD_VALS = { 'cipher' : [ 'AES', 'CHACHA20' ],
'fwsec' : [ 'ECDHE', 'DHE' ],
- 'mode' : [ 'GCM', 'CBC' ],
- 'digest' : [ 'SHA384', 'SHA256', 'SHA' ],
+ 'mode' : [ 'POLY1305', 'GCM', 'CCM', 'CBC', ],
+ 'digest' : [ 'n/a', 'SHA384', 'SHA256', 'SHA', ],
'bitlength' : [ '256', '128', '192' ],
}
class Ciphersuite(object):
def __init__(self, name, fwsec, cipher, bitlength, mode, digest):
+ if fwsec == 'EDH':
+ fwsec = 'DHE'
+
+ if mode in [ '_CBC3', '_CBC', '' ]:
+ mode = 'CBC'
+ elif mode == '_GCM':
+ mode = 'GCM'
+
self.name = name
self.fwsec = fwsec
self.cipher = cipher
@@ -74,27 +83,32 @@ class Ciphersuite(object):
def parse_cipher(ciph):
m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)(|_CBC|_CBC3|_GCM)_(SHA|SHA256|SHA384)$', ciph)
- if not m:
- print "/* Couldn't parse %s ! */"%ciph
- return None
+ if m:
+ fwsec, cipher, bits, mode, digest = m.groups()
+ return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest)
+
+ m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)_CCM', ciph)
+ if m:
+ fwsec, cipher, bits = m.groups()
+ return Ciphersuite(ciph, fwsec, cipher, bits, "CCM", "n/a")
- fwsec, cipher, bits, mode, digest = m.groups()
- if fwsec == 'EDH':
- fwsec = 'DHE'
+ m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_CHACHA20_POLY1305', ciph)
+ if m:
+ fwsec, = m.groups()
+ return Ciphersuite(ciph, fwsec, "CHACHA20", "256", "POLY1305", "n/a")
- if mode in [ '_CBC3', '_CBC', '' ]:
- mode = 'CBC'
- elif mode == '_GCM':
- mode = 'GCM'
+ print "/* Couldn't parse %s ! */"%ciph
+ return None
- return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest)
ALL_CIPHERS = []
for fname in sys.argv[1:]:
- ALL_CIPHERS += (parse_cipher(c)
- for c in find_ciphers(fname)
- if usable_cipher(c) )
+ for c in find_ciphers(fname):
+ if usable_cipher(c):
+ parsed = parse_cipher(c)
+ if parsed != None:
+ ALL_CIPHERS.append(parsed)
ALL_CIPHERS.sort(key=Ciphersuite.sort_key)
More information about the tor-commits
mailing list