Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Teach gen_server_ciphers about CCM and Chacha.

Also, teach it to not use 3DES any more.
Nick Mathewson 7 years ago
parent
9e8671bb9a
commit
8a9eca1267
1 changed files with 32 additions and 18 deletions
Split View Show Diff Stats
  1. 32 18
      scripts/codegen/gen_server_ciphers.py

+ 32 - 18
scripts/codegen/gen_server_ciphers.py
View File 

@@ -13,7 +13,8 @@ import sys
 
 
 EPHEMERAL_INDICATORS = [ "_EDH_", "_DHE_", "_ECDHE_" ]
 
 BAD_STUFF = [ "_DES_40_", "MD5", "_RC4_", "_DES_64_",
 
-              "_SEED_", "_CAMELLIA_", "_NULL" ]
 
+              "_SEED_", "_CAMELLIA_", "_NULL",
 
+              "_CCM_8", "_DES_", ]
 
 
 # these never get #ifdeffed.
 
 MANDATORY = [
 
@@ -48,15 +49,23 @@ def usable_cipher(ciph):
 
 # All fields we sort on, in order of priority.
 
 FIELDS = [ 'cipher', 'fwsec', 'mode',  'digest', 'bitlength' ]
 
 # Map from sorted fields to recognized value in descending order of goodness
 
-FIELD_VALS = { 'cipher' : [ 'AES', 'DES'],
 
+FIELD_VALS = { 'cipher' : [ 'AES', 'CHACHA20' ],
 
                'fwsec' : [ 'ECDHE', 'DHE' ],
 
-               'mode' : [ 'GCM', 'CBC' ],
 
-               'digest' : [ 'SHA384', 'SHA256', 'SHA' ],
 
+               'mode' : [ 'POLY1305', 'GCM', 'CCM', 'CBC', ],
 
+               'digest' : [ 'n/a', 'SHA384', 'SHA256', 'SHA', ],
 
                'bitlength' : [ '256', '128', '192' ],
 
 }
 
 
 class Ciphersuite(object):
 
     def __init__(self, name, fwsec, cipher, bitlength, mode, digest):
 
+        if fwsec == 'EDH':
 
+            fwsec = 'DHE'
 
+
 
+        if mode in [ '_CBC3', '_CBC', '' ]:
 
+            mode = 'CBC'
 
+        elif mode == '_GCM':
 
+            mode = 'GCM'
 
+
 
         self.name = name
 
         self.fwsec = fwsec
 
         self.cipher = cipher
 
@@ -74,27 +83,32 @@ class Ciphersuite(object):
 
 def parse_cipher(ciph):
 
     m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)(|_CBC|_CBC3|_GCM)_(SHA|SHA256|SHA384)$', ciph)
 
 
-    if not m:
 
-        print "/* Couldn't parse %s ! */"%ciph
 
-        return None
 
+    if m:
 
+        fwsec, cipher, bits, mode, digest = m.groups()
 
+        return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest)
 
+
 
+    m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)_CCM', ciph)
 
+    if m:
 
+        fwsec, cipher, bits = m.groups()
 
+        return Ciphersuite(ciph, fwsec, cipher, bits, "CCM", "n/a")
 
 
-    fwsec, cipher, bits, mode, digest = m.groups()
 
-    if fwsec == 'EDH':
 
-        fwsec = 'DHE'
 
+    m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_CHACHA20_POLY1305', ciph)
 
+    if m:
 
+        fwsec, = m.groups()
 
+        return Ciphersuite(ciph, fwsec, "CHACHA20", "256", "POLY1305", "n/a")
 
 
-    if mode in [ '_CBC3', '_CBC', '' ]:
 
-        mode = 'CBC'
 
-    elif mode == '_GCM':
 
-        mode = 'GCM'
 
+    print "/* Couldn't parse %s ! */"%ciph
 
+    return None
 
 
-    return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest)
 
 
 ALL_CIPHERS = []
 
 
 for fname in sys.argv[1:]:
 
-    ALL_CIPHERS += (parse_cipher(c)
 
-                           for c in find_ciphers(fname)
 
-                           if usable_cipher(c) )
 
+    for c in find_ciphers(fname):
 
+        if usable_cipher(c):
 
+            parsed = parse_cipher(c)
 
+            if parsed != None:
 
+                ALL_CIPHERS.append(parsed)
 
 
 ALL_CIPHERS.sort(key=Ciphersuite.sort_key)