3 ."d@s@ddlmZmZddlmZGdddeZGdddeZdS) ) check_outputCalledProcessError)ConfigGeneratorc@seZdZdZdddhZdddddddd d d ddd d dddZddddddddZddddddddddd Zd d!d"Zd#d$d%d&d'd(Z e d)d*Z e d+d,Z e d-d.Z e d/d0Zd1S)2OpenSSLGeneratoropensslZtlsZsslz-AES256z-AES128z-SHA256z -CHACHA20z-SEEDz!IDEAz!DESz-3DESz!RC4z!RC2z !eNULL:!aNULL)z AES-256-CTRz AES-128-CTRz AES-256-GCMz AES-128-GCMz AES-256-CBCz AES-128-CBCzCHACHA20-POLY1305zSEED-CBCzIDEA-CBCzDES-CBCzRC4-40z DES40-CBCz3DES-CBCzRC4-128zRC2-CBCZNULLZkRSAZkEECDHZkPSKZkDHEPSKZkEDHZ kECDHEPSK)RSAECDHEPSKzDHE-PSKzDHE-RSAzDHE-DSSz ECDHE-PSKz-kRSAz-kEECDHz-aRSAz-aDSSz-kPSKz-kDHEPSKz -kECDHEPSK) ZANONZDHZECDHr r zDHE-RSAzDHE-DSSr zDHE-PSKz ECDHE-PSKz!MD5z-SHA1)zHMAC-MD5z HMAC-SHA1ZTLS_AES_256_GCM_SHA384ZTLS_AES_128_GCM_SHA256ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_CCM_SHA256ZTLS_AES_128_CCM_8_SHA256)z AES-256-GCMz AES-128-GCMzCHACHA20-POLY1305z AES-128-CCMz AES-128-CCM8c Csd}|j}|j}|jd}|jd}|dks4|dkrB|j|d}nH|dksR|dkr`|j|d}n*|dksp|dkr~|j|d }n |j|d }x<|d D]0}y|j||j|}Wqtk rYqXqWx>|d D]2}y|j||j|}Wqtk rYqXqWx@|d D]4}y|j||j|}Wntk rBYnXqWd |d krrd|d krr|j|d}x@|dD]4}y|j||j|}Wntk rYnXq|W|j|d}|j|d}|j|d}|j|d}|S)Nr min_dh_size min_rsa_sizeiz @SECLEVEL=0iz @SECLEVEL=1i z @SECLEVEL=2z @SECLEVEL=3Z key_exchangecipherz AES-128-CCMz AES-256-CCMz-AESCCMZmacz-SHA384z -CAMELLIAz-ARIAz-AESCCM8) enabledZdisabledZintegersappendkey_exchange_mapKeyErrorkey_exchange_not_mapcipher_not_map mac_not_map)clspolicyspZipr r ir>./usr/share/crypto-policies/python/policygenerators/openssl.pygenerate_ciphersFsN            z!OpenSSLGenerator.generate_ciphersc CsLd}|j}x<|dD]0}y|j||j|}Wqtk rBYqXqW|S)Nrr)rrciphersuite_mapr)rrrrrrrrgenerate_ciphersuites{s z&OpenSSLGenerator.generate_ciphersuitescCs |j|S)N)r)rrrrrgenerate_configsz OpenSSLGenerator.generate_configc Csd}ytdd|g}Wn>tk rB|jd|jd|dStk rTdSXd|ksfd |kr|jd |jd |dSdS) NrZciphersz-There is an error in openssl generated policyz policy: %sFTsNULLsADHz0There is NULL or ADH in openssl generated policyz Policy: %s)rrZeprintOSError)rconfigoutputrrr test_configs  zOpenSSLGenerator.test_configN)__name__ __module__ __qualname__ CONFIG_NAMEZSCOPESrrrrr classmethodrrr r%rrrrr s\  5 rc@sleZdZdZdddddddd d Zd d d ddddddddddddddddddZed d!Zed"d#Zd$S)%OpenSSLConfigGeneratorZ opensslcnfrZSSLv3ZTLSv1zTLSv1.1zTLSv1.2zTLSv1.3ZDTLSv1zDTLSv1.2)NzSSL3.0zTLS1.0zTLS1.1zTLS1.2zTLS1.3zDTLS1.0zDTLS1.2zRSA+SHA1zDSA+SHA1z ECDSA+SHA1z RSA+SHA224z DSA+SHA224z ECDSA+SHA224z RSA+SHA256z DSA+SHA256z ECDSA+SHA256z RSA+SHA384z DSA+SHA384z ECDSA+SHA384z RSA+SHA512z DSA+SHA512z ECDSA+SHA512z&rsa_pss_pss_sha256:rsa_pss_rsae_sha256z&rsa_pss_pss_sha384:rsa_pss_rsae_sha384z&rsa_pss_pss_sha512:rsa_pss_rsae_sha512Zed25519Zed448)zRSA-SHA1zDSA-SHA1z ECDSA-SHA1z RSA-SHA2-224z DSA-SHA2-224zECDSA-SHA2-224z RSA-SHA2-256z DSA-SHA2-256zECDSA-SHA2-256z RSA-SHA2-384z DSA-SHA2-384zECDSA-SHA2-384z RSA-SHA2-512z DSA-SHA2-512zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512z EDDSA-ED25519z EDDSA-ED448cs|j}d}|j|7}|d7}|d7}|j|7}|d7}|jrd|d7}|dj|jd7}|jr|d7}|dj|jd7}|jr|d7}|dj|jd7}|jr|d7}|dj|jd7}fd d |d D}|d d j|7}|S)NzCipherString =  zCiphersuites = zTLS.MinProtocol = zTLS.MaxProtocol =zDTLS.MinProtocol =zDTLS.MaxProtocol =cs g|]}|jkrj|qSr)sign_map).0r)rrr sz:OpenSSLConfigGenerator.generate_config..ZsignzSignatureAlgorithms = :) rrrZmin_tls_version protocol_mapZmax_tls_versionZmin_dtls_versionZmax_dtls_versionjoin)rrrrZsig_algsr)rrr s.  z&OpenSSLConfigGenerator.generate_configcCsdS)NTr)rr#rrrr%sz"OpenSSLConfigGenerator.test_configN) r&r'r(r)r2r.r*r r%rrrrr+s> r+N) subprocessrrZconfiggeneratorrrr+rrrrs