| author | Edouard Tisserant |
| Tue, 23 Oct 2018 16:19:20 +0200 | |
| changeset 2323 | 33a0dbabccd3 |
| parent 2321 | 0a3103cd825d |
| child 2324 | 1cf3768ebf85 |
| permissions | -rw-r--r-- |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
1 |
import os |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
2 |
#from binascii import hexlify |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
3 |
from runtime.spawn_subprocess import call |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
4 |
|
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
5 |
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"] |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
6 |
|
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
7 |
# stunnel takes no encoding for psk, so we try to lose minimum entropy |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
8 |
# by using all possible chars except '\0\n\r' (checked stunnel parser to be sure) |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
9 |
translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)]) |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
10 |
|
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
11 |
def pskgen(ID, pskpath): |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
12 |
secret = os.urandom(256) # 2048 bits is still safe nowadays |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
13 |
|
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
14 |
# following makes 512 length string, rejected by stunnel |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
15 |
# using binascii hexlify loses 50% entropy |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
16 |
# secretstring = hexlify(secret) |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
17 |
|
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
18 |
secretstring = secret.translate(translator) |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
19 |
pskstring = ID+":"+secretstring |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
20 |
with open(pskpath, 'w') as f: |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
21 |
f.write(pskstring) |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
22 |
call(restart_stunnel_cmdline) |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
23 |
|
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
24 |
def ensurepsk(ID, pskpath): |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
25 |
# check if already there |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
26 |
if not os.path.exists(pskpath): |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
27 |
# create if needed |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
28 |
pskgen(ID, pskpath) |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
29 |