| author | Edouard Tisserant |
| Tue, 30 Oct 2018 09:46:46 +0100 | |
| changeset 2326 | d42ae2877b6e |
| parent 2325 | 71593d3f880b |
| child 2328 | 7eb6cb70bf5b |
| permissions | -rw-r--r-- |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
1 |
import os |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
2 |
#from binascii import hexlify |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
3 |
from runtime.spawn_subprocess import call |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
4 |
|
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
5 |
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"] |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
6 |
|
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
7 |
# stunnel takes no encoding for PSK, so we try to lose minimum entropy |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
8 |
# by using all possible chars except '\0\n\r' (checked stunnel parser to be sure) |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
9 |
translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)]) |
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
10 |
|
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
11 |
_PSKpath = None |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
12 |
|
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
13 |
def PSKgen(ID, PSKpath): |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
14 |
|
|
2325
71593d3f880b
PYRO PSK: adjusted cipher and key length to be usable with openSSL 1.0.2k.
Edouard Tisserant
parents:
2324
diff
changeset
|
15 |
# 236 bytes is empirical maximum when using : |
|
71593d3f880b
PYRO PSK: adjusted cipher and key length to be usable with openSSL 1.0.2k.
Edouard Tisserant
parents:
2324
diff
changeset
|
16 |
# - stunnel 5.36 on server with openssl 1.0.2k |
|
71593d3f880b
PYRO PSK: adjusted cipher and key length to be usable with openSSL 1.0.2k.
Edouard Tisserant
parents:
2324
diff
changeset
|
17 |
# - python-sslpsk 1.0.0 on client with openssl 1.0.2k |
|
71593d3f880b
PYRO PSK: adjusted cipher and key length to be usable with openSSL 1.0.2k.
Edouard Tisserant
parents:
2324
diff
changeset
|
18 |
secret = os.urandom(236) |
|
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
19 |
|
|
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
20 |
secretstring = secret.translate(translator) |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
21 |
PSKstring = ID+":"+secretstring |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
22 |
with open(PSKpath, 'w') as f: |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
23 |
f.write(PSKstring) |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
24 |
call(restart_stunnel_cmdline) |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
25 |
|
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
26 |
def ensurePSK(ID, PSKpath): |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
27 |
global _PSKpath |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
28 |
_PSKpath = PSKpath |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
29 |
# check if already there |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
30 |
if not os.path.exists(PSKpath): |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
31 |
# create if needed |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
32 |
PSKgen(ID, PSKpath) |
|
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
33 |
|
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
34 |
def getPSKID(): |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
35 |
if _PSKpath is not None : |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
36 |
if not os.path.exists(_PSKpath): |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
37 |
confnodesroot.logger.write_error( |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
38 |
'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath) |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
39 |
return None |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
40 |
ID,_sep,PSK = open(_PSKpath).read().partition(':')
|
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
41 |
PSK = PSK.rstrip('\n\r')
|
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
42 |
return (ID,PSK) |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
43 |
return None |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
44 |