1#!/usr/bin/env python3 2 3# generate_tls13_compat_tests.py 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20""" 21Generate TLSv1.3 Compat test cases 22 23""" 24 25import sys 26import os 27import argparse 28import itertools 29from collections import namedtuple 30 31# define certificates configuration entry 32Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile']) 33# define the certificate parameters for signature algorithms 34CERTIFICATES = { 35 'ecdsa_secp256r1_sha256': Certificate('data_files/test-ca2.crt', 36 'data_files/ecdsa_secp256r1.crt', 37 'data_files/ecdsa_secp256r1.key'), 38 'ecdsa_secp384r1_sha384': Certificate('data_files/test-ca2.crt', 39 'data_files/ecdsa_secp384r1.crt', 40 'data_files/ecdsa_secp384r1.key'), 41 'ecdsa_secp521r1_sha512': Certificate('data_files/test-ca2.crt', 42 'data_files/ecdsa_secp521r1.crt', 43 'data_files/ecdsa_secp521r1.key'), 44 'rsa_pss_rsae_sha256': Certificate('data_files/test-ca_cat12.crt', 45 'data_files/server2-sha256.crt', 'data_files/server2.key' 46 ) 47} 48 49CIPHER_SUITE_IANA_VALUE = { 50 "TLS_AES_128_GCM_SHA256": 0x1301, 51 "TLS_AES_256_GCM_SHA384": 0x1302, 52 "TLS_CHACHA20_POLY1305_SHA256": 0x1303, 53 "TLS_AES_128_CCM_SHA256": 0x1304, 54 "TLS_AES_128_CCM_8_SHA256": 0x1305 55} 56 57SIG_ALG_IANA_VALUE = { 58 "ecdsa_secp256r1_sha256": 0x0403, 59 "ecdsa_secp384r1_sha384": 0x0503, 60 "ecdsa_secp521r1_sha512": 0x0603, 61 'rsa_pss_rsae_sha256': 0x0804, 62} 63 64NAMED_GROUP_IANA_VALUE = { 65 'secp256r1': 0x17, 66 'secp384r1': 0x18, 67 'secp521r1': 0x19, 68 'x25519': 0x1d, 69 'x448': 0x1e, 70} 71 72 73class TLSProgram: 74 """ 75 Base class for generate server/client command. 76 """ 77 78 # pylint: disable=too-many-arguments 79 def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None, 80 cert_sig_alg=None, compat_mode=True): 81 self._ciphers = [] 82 self._sig_algs = [] 83 self._named_groups = [] 84 self._cert_sig_algs = [] 85 if ciphersuite: 86 self.add_ciphersuites(ciphersuite) 87 if named_group: 88 self.add_named_groups(named_group) 89 if signature_algorithm: 90 self.add_signature_algorithms(signature_algorithm) 91 if cert_sig_alg: 92 self.add_cert_signature_algorithms(cert_sig_alg) 93 self._compat_mode = compat_mode 94 95 # add_ciphersuites should not override by sub class 96 def add_ciphersuites(self, *ciphersuites): 97 self._ciphers.extend( 98 [cipher for cipher in ciphersuites if cipher not in self._ciphers]) 99 100 # add_signature_algorithms should not override by sub class 101 def add_signature_algorithms(self, *signature_algorithms): 102 self._sig_algs.extend( 103 [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs]) 104 105 # add_named_groups should not override by sub class 106 def add_named_groups(self, *named_groups): 107 self._named_groups.extend( 108 [named_group for named_group in named_groups if named_group not in self._named_groups]) 109 110 # add_cert_signature_algorithms should not override by sub class 111 def add_cert_signature_algorithms(self, *signature_algorithms): 112 self._cert_sig_algs.extend( 113 [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs]) 114 115 # pylint: disable=no-self-use 116 def pre_checks(self): 117 return [] 118 119 # pylint: disable=no-self-use 120 def cmd(self): 121 if not self._cert_sig_algs: 122 self._cert_sig_algs = list(CERTIFICATES.keys()) 123 return self.pre_cmd() 124 125 # pylint: disable=no-self-use 126 def post_checks(self): 127 return [] 128 129 # pylint: disable=no-self-use 130 def pre_cmd(self): 131 return ['false'] 132 133 # pylint: disable=unused-argument,no-self-use 134 def hrr_post_checks(self, named_group): 135 return [] 136 137 138class OpenSSLBase(TLSProgram): 139 """ 140 Generate base test commands for OpenSSL. 141 """ 142 143 NAMED_GROUP = { 144 'secp256r1': 'P-256', 145 'secp384r1': 'P-384', 146 'secp521r1': 'P-521', 147 'x25519': 'X25519', 148 'x448': 'X448', 149 } 150 151 def cmd(self): 152 ret = super().cmd() 153 154 if self._ciphers: 155 ciphersuites = ':'.join(self._ciphers) 156 ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)] 157 158 if self._sig_algs: 159 signature_algorithms = set(self._sig_algs + self._cert_sig_algs) 160 signature_algorithms = ':'.join(signature_algorithms) 161 ret += ["-sigalgs {signature_algorithms}".format( 162 signature_algorithms=signature_algorithms)] 163 164 if self._named_groups: 165 named_groups = ':'.join( 166 map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups)) 167 ret += ["-groups {named_groups}".format(named_groups=named_groups)] 168 169 ret += ['-msg -tls1_3'] 170 if not self._compat_mode: 171 ret += ['-no_middlebox'] 172 173 return ret 174 175 def pre_checks(self): 176 return ["requires_openssl_tls1_3"] 177 178 179class OpenSSLServ(OpenSSLBase): 180 """ 181 Generate test commands for OpenSSL server. 182 """ 183 184 def cmd(self): 185 ret = super().cmd() 186 ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache'] 187 return ret 188 189 def post_checks(self): 190 return ['-c "HTTP/1.0 200 ok"'] 191 192 def pre_cmd(self): 193 ret = ['$O_NEXT_SRV_NO_CERT'] 194 for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): 195 ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] 196 return ret 197 198 199class OpenSSLCli(OpenSSLBase): 200 """ 201 Generate test commands for OpenSSL client. 202 """ 203 204 def pre_cmd(self): 205 return ['$O_NEXT_CLI_NO_CERT', 206 '-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] 207 208 209class GnuTLSBase(TLSProgram): 210 """ 211 Generate base test commands for GnuTLS. 212 """ 213 214 CIPHER_SUITE = { 215 'TLS_AES_256_GCM_SHA384': [ 216 'AES-256-GCM', 217 'SHA384', 218 'AEAD'], 219 'TLS_AES_128_GCM_SHA256': [ 220 'AES-128-GCM', 221 'SHA256', 222 'AEAD'], 223 'TLS_CHACHA20_POLY1305_SHA256': [ 224 'CHACHA20-POLY1305', 225 'SHA256', 226 'AEAD'], 227 'TLS_AES_128_CCM_SHA256': [ 228 'AES-128-CCM', 229 'SHA256', 230 'AEAD'], 231 'TLS_AES_128_CCM_8_SHA256': [ 232 'AES-128-CCM-8', 233 'SHA256', 234 'AEAD']} 235 236 SIGNATURE_ALGORITHM = { 237 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'], 238 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'], 239 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'], 240 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']} 241 242 NAMED_GROUP = { 243 'secp256r1': ['GROUP-SECP256R1'], 244 'secp384r1': ['GROUP-SECP384R1'], 245 'secp521r1': ['GROUP-SECP521R1'], 246 'x25519': ['GROUP-X25519'], 247 'x448': ['GROUP-X448'], 248 } 249 250 def pre_checks(self): 251 return ["requires_gnutls_tls1_3", 252 "requires_gnutls_next_no_ticket", 253 "requires_gnutls_next_disable_tls13_compat", ] 254 255 def cmd(self): 256 ret = super().cmd() 257 258 priority_string_list = [] 259 260 def update_priority_string_list(items, map_table): 261 for item in items: 262 for i in map_table[item]: 263 if i not in priority_string_list: 264 yield i 265 266 if self._ciphers: 267 priority_string_list.extend(update_priority_string_list( 268 self._ciphers, self.CIPHER_SUITE)) 269 else: 270 priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL']) 271 272 if self._sig_algs: 273 signature_algorithms = set(self._sig_algs + self._cert_sig_algs) 274 priority_string_list.extend(update_priority_string_list( 275 signature_algorithms, self.SIGNATURE_ALGORITHM)) 276 else: 277 priority_string_list.append('SIGN-ALL') 278 279 280 if self._named_groups: 281 priority_string_list.extend(update_priority_string_list( 282 self._named_groups, self.NAMED_GROUP)) 283 else: 284 priority_string_list.append('GROUP-ALL') 285 286 priority_string_list = ['NONE'] + \ 287 priority_string_list + ['VERS-TLS1.3'] 288 289 priority_string = ':+'.join(priority_string_list) 290 priority_string += ':%NO_TICKETS' 291 292 if not self._compat_mode: 293 priority_string += [':%DISABLE_TLS13_COMPAT_MODE'] 294 295 ret += ['--priority={priority_string}'.format( 296 priority_string=priority_string)] 297 return ret 298 299class GnuTLSServ(GnuTLSBase): 300 """ 301 Generate test commands for GnuTLS server. 302 """ 303 304 def pre_cmd(self): 305 ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4'] 306 307 for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): 308 ret += ['--x509certfile {cert} --x509keyfile {key}'.format( 309 cert=cert, key=key)] 310 return ret 311 312 def post_checks(self): 313 return ['-c "HTTP/1.0 200 OK"'] 314 315 316class GnuTLSCli(GnuTLSBase): 317 """ 318 Generate test commands for GnuTLS client. 319 """ 320 321 def pre_cmd(self): 322 return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share', 323 '--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] 324 325 326class MbedTLSBase(TLSProgram): 327 """ 328 Generate base test commands for mbedTLS. 329 """ 330 331 CIPHER_SUITE = { 332 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384', 333 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256', 334 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256', 335 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256', 336 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'} 337 338 def cmd(self): 339 ret = super().cmd() 340 ret += ['debug_level=4'] 341 342 343 if self._ciphers: 344 ciphers = ','.join( 345 map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers)) 346 ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)] 347 348 if self._sig_algs + self._cert_sig_algs: 349 ret += ['sig_algs={sig_algs}'.format( 350 sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))] 351 352 if self._named_groups: 353 named_groups = ','.join(self._named_groups) 354 ret += ["curves={named_groups}".format(named_groups=named_groups)] 355 ret += ['force_version=tls13'] 356 return ret 357 358 def pre_checks(self): 359 ret = ['requires_config_enabled MBEDTLS_DEBUG_C', 360 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED'] 361 362 if self._compat_mode: 363 ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] 364 365 if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: 366 ret.append( 367 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') 368 return ret 369 370 371class MbedTLSServ(MbedTLSBase): 372 """ 373 Generate test commands for mbedTLS server. 374 """ 375 376 def cmd(self): 377 ret = super().cmd() 378 ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0'] 379 return ret 380 381 def pre_checks(self): 382 return ['requires_config_enabled MBEDTLS_SSL_SRV_C'] + super().pre_checks() 383 384 def post_checks(self): 385 check_strings = ["Protocol is TLSv1.3"] 386 if self._ciphers: 387 check_strings.append( 388 "server hello, chosen ciphersuite: {} ( id={:04d} )".format( 389 self.CIPHER_SUITE[self._ciphers[0]], 390 CIPHER_SUITE_IANA_VALUE[self._ciphers[0]])) 391 if self._sig_algs: 392 check_strings.append( 393 "received signature algorithm: 0x{:x}".format( 394 SIG_ALG_IANA_VALUE[self._sig_algs[0]])) 395 396 for named_group in self._named_groups: 397 check_strings += ['got named group: {named_group}({iana_value:04x})'.format( 398 named_group=named_group, 399 iana_value=NAMED_GROUP_IANA_VALUE[named_group])] 400 401 check_strings.append("Certificate verification was skipped") 402 return ['-s "{}"'.format(i) for i in check_strings] 403 404 def pre_cmd(self): 405 ret = ['$P_SRV'] 406 for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): 407 ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] 408 return ret 409 410 def hrr_post_checks(self, named_group): 411 return ['-s "HRR selected_group: {:s}"'.format(named_group)] 412 413 414class MbedTLSCli(MbedTLSBase): 415 """ 416 Generate test commands for mbedTLS client. 417 """ 418 419 def pre_cmd(self): 420 return ['$P_CLI', 421 'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] 422 423 def pre_checks(self): 424 return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks() 425 426 def hrr_post_checks(self, named_group): 427 ret = ['-c "received HelloRetryRequest message"'] 428 ret += ['-c "selected_group ( {:d} )"'.format(NAMED_GROUP_IANA_VALUE[named_group])] 429 return ret 430 431 def post_checks(self): 432 check_strings = ["Protocol is TLSv1.3"] 433 if self._ciphers: 434 check_strings.append( 435 "server hello, chosen ciphersuite: ( {:04x} ) - {}".format( 436 CIPHER_SUITE_IANA_VALUE[self._ciphers[0]], 437 self.CIPHER_SUITE[self._ciphers[0]])) 438 if self._sig_algs: 439 check_strings.append( 440 "Certificate Verify: Signature algorithm ( {:04x} )".format( 441 SIG_ALG_IANA_VALUE[self._sig_algs[0]])) 442 443 for named_group in self._named_groups: 444 check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format( 445 named_group=named_group, 446 iana_value=NAMED_GROUP_IANA_VALUE[named_group])] 447 448 check_strings.append("Verifying peer X.509 certificate... ok") 449 return ['-c "{}"'.format(i) for i in check_strings] 450 451 452SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ} 453CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli} 454 455 456def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None): 457 """ 458 Generate test case with `ssl-opt.sh` format. 459 """ 460 name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format( 461 client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group) 462 463 server_object = SERVER_CLASSES[server](ciphersuite=cipher, 464 named_group=named_group, 465 signature_algorithm=sig_alg, 466 cert_sig_alg=sig_alg) 467 client_object = CLIENT_CLASSES[client](ciphersuite=cipher, 468 named_group=named_group, 469 signature_algorithm=sig_alg, 470 cert_sig_alg=sig_alg) 471 472 cmd = ['run_test "{}"'.format(name), 473 '"{}"'.format(' '.join(server_object.cmd())), 474 '"{}"'.format(' '.join(client_object.cmd())), 475 '0'] 476 cmd += server_object.post_checks() 477 cmd += client_object.post_checks() 478 cmd += ['-C "received HelloRetryRequest message"'] 479 prefix = ' \\\n' + (' '*9) 480 cmd = prefix.join(cmd) 481 return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) 482 483 484def generate_hrr_compat_test(client=None, server=None, 485 client_named_group=None, server_named_group=None, 486 cert_sig_alg=None): 487 """ 488 Generate Hello Retry Request test case with `ssl-opt.sh` format. 489 """ 490 name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format( 491 client=client, server=server, c_named_group=client_named_group, 492 s_named_group=server_named_group) 493 server_object = SERVER_CLASSES[server](named_group=server_named_group, 494 cert_sig_alg=cert_sig_alg) 495 496 client_object = CLIENT_CLASSES[client](named_group=client_named_group, 497 cert_sig_alg=cert_sig_alg) 498 client_object.add_named_groups(server_named_group) 499 500 cmd = ['run_test "{}"'.format(name), 501 '"{}"'.format(' '.join(server_object.cmd())), 502 '"{}"'.format(' '.join(client_object.cmd())), 503 '0'] 504 cmd += server_object.post_checks() 505 cmd += client_object.post_checks() 506 cmd += server_object.hrr_post_checks(server_named_group) 507 cmd += client_object.hrr_post_checks(server_named_group) 508 prefix = ' \\\n' + (' '*9) 509 cmd = prefix.join(cmd) 510 return '\n'.join(server_object.pre_checks() + 511 client_object.pre_checks() + 512 [cmd]) 513 514SSL_OUTPUT_HEADER = '''#!/bin/sh 515 516# {filename} 517# 518# Copyright The Mbed TLS Contributors 519# SPDX-License-Identifier: Apache-2.0 520# 521# Licensed under the Apache License, Version 2.0 (the "License"); you may 522# not use this file except in compliance with the License. 523# You may obtain a copy of the License at 524# 525# http://www.apache.org/licenses/LICENSE-2.0 526# 527# Unless required by applicable law or agreed to in writing, software 528# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 529# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 530# See the License for the specific language governing permissions and 531# limitations under the License. 532# 533# Purpose 534# 535# List TLS1.3 compat test cases. They are generated by 536# `{cmd}`. 537# 538# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py` 539# AND REGENERATE THIS FILE. 540# 541''' 542 543def main(): 544 """ 545 Main function of this program 546 """ 547 parser = argparse.ArgumentParser() 548 549 parser.add_argument('-o', '--output', nargs='?', 550 default=None, help='Output file path if `-a` was set') 551 552 parser.add_argument('-a', '--generate-all-tls13-compat-tests', action='store_true', 553 default=False, help='Generate all available tls13 compat tests') 554 555 parser.add_argument('--list-ciphers', action='store_true', 556 default=False, help='List supported ciphersuites') 557 558 parser.add_argument('--list-sig-algs', action='store_true', 559 default=False, help='List supported signature algorithms') 560 561 parser.add_argument('--list-named-groups', action='store_true', 562 default=False, help='List supported named groups') 563 564 parser.add_argument('--list-servers', action='store_true', 565 default=False, help='List supported TLS servers') 566 567 parser.add_argument('--list-clients', action='store_true', 568 default=False, help='List supported TLS Clients') 569 570 parser.add_argument('server', choices=SERVER_CLASSES.keys(), nargs='?', 571 default=list(SERVER_CLASSES.keys())[0], 572 help='Choose TLS server program for test') 573 parser.add_argument('client', choices=CLIENT_CLASSES.keys(), nargs='?', 574 default=list(CLIENT_CLASSES.keys())[0], 575 help='Choose TLS client program for test') 576 parser.add_argument('cipher', choices=CIPHER_SUITE_IANA_VALUE.keys(), nargs='?', 577 default=list(CIPHER_SUITE_IANA_VALUE.keys())[0], 578 help='Choose cipher suite for test') 579 parser.add_argument('sig_alg', choices=SIG_ALG_IANA_VALUE.keys(), nargs='?', 580 default=list(SIG_ALG_IANA_VALUE.keys())[0], 581 help='Choose cipher suite for test') 582 parser.add_argument('named_group', choices=NAMED_GROUP_IANA_VALUE.keys(), nargs='?', 583 default=list(NAMED_GROUP_IANA_VALUE.keys())[0], 584 help='Choose cipher suite for test') 585 586 args = parser.parse_args() 587 588 def get_all_test_cases(): 589 # Generate normal compat test cases 590 for client, server, cipher, named_group, sig_alg in \ 591 itertools.product(CLIENT_CLASSES.keys(), 592 SERVER_CLASSES.keys(), 593 CIPHER_SUITE_IANA_VALUE.keys(), 594 NAMED_GROUP_IANA_VALUE.keys(), 595 SIG_ALG_IANA_VALUE.keys()): 596 if server == 'mbedTLS' or client == 'mbedTLS': 597 yield generate_compat_test(client=client, server=server, 598 cipher=cipher, named_group=named_group, 599 sig_alg=sig_alg) 600 601 602 # Generate Hello Retry Request compat test cases 603 for client, server, client_named_group, server_named_group in \ 604 itertools.product(CLIENT_CLASSES.keys(), 605 SERVER_CLASSES.keys(), 606 NAMED_GROUP_IANA_VALUE.keys(), 607 NAMED_GROUP_IANA_VALUE.keys()): 608 609 if (client == 'mbedTLS' or server == 'mbedTLS') and \ 610 client_named_group != server_named_group: 611 yield generate_hrr_compat_test(client=client, server=server, 612 client_named_group=client_named_group, 613 server_named_group=server_named_group, 614 cert_sig_alg="ecdsa_secp256r1_sha256") 615 616 if args.generate_all_tls13_compat_tests: 617 if args.output: 618 with open(args.output, 'w', encoding="utf-8") as f: 619 f.write(SSL_OUTPUT_HEADER.format( 620 filename=os.path.basename(args.output), cmd=' '.join(sys.argv))) 621 f.write('\n\n'.join(get_all_test_cases())) 622 f.write('\n') 623 else: 624 print('\n\n'.join(get_all_test_cases())) 625 return 0 626 627 if args.list_ciphers or args.list_sig_algs or args.list_named_groups \ 628 or args.list_servers or args.list_clients: 629 if args.list_ciphers: 630 print(*CIPHER_SUITE_IANA_VALUE.keys()) 631 if args.list_sig_algs: 632 print(*SIG_ALG_IANA_VALUE.keys()) 633 if args.list_named_groups: 634 print(*NAMED_GROUP_IANA_VALUE.keys()) 635 if args.list_servers: 636 print(*SERVER_CLASSES.keys()) 637 if args.list_clients: 638 print(*CLIENT_CLASSES.keys()) 639 return 0 640 641 print(generate_compat_test(server=args.server, client=args.client, sig_alg=args.sig_alg, 642 cipher=args.cipher, named_group=args.named_group)) 643 return 0 644 645 646if __name__ == "__main__": 647 sys.exit(main()) 648