1 import os |
1 import os |
2 #from binascii import hexlify |
2 from binascii import b2a_hqx |
3 from runtime.spawn_subprocess import call |
3 from runtime.spawn_subprocess import call |
4 |
4 |
5 restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"] |
5 restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"] |
6 |
|
7 # stunnel takes no encoding for PSK, so we try to lose minimum entropy |
|
8 # by using all possible chars except '\0\n\r' (checked stunnel parser to be sure) |
|
9 translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)]) |
|
10 |
6 |
11 _PSKpath = None |
7 _PSKpath = None |
12 |
8 |
13 def PSKgen(ID, PSKpath): |
9 def PSKgen(ID, PSKpath): |
14 |
10 |
15 # 236 bytes is empirical maximum when using : |
11 # b2a_hqx output len is 4/3 input len |
16 # - stunnel 5.36 on server with openssl 1.0.2k |
12 secret = os.urandom(192) # int(256/1.3333) |
17 # - python-sslpsk 1.0.0 on client with openssl 1.0.2k |
13 secretstring = b2a_hqx(secret) |
18 secret = os.urandom(236) |
|
19 |
14 |
20 secretstring = secret.translate(translator) |
|
21 PSKstring = ID+":"+secretstring |
15 PSKstring = ID+":"+secretstring |
22 with open(PSKpath, 'w') as f: |
16 with open(PSKpath, 'w') as f: |
23 f.write(PSKstring) |
17 f.write(PSKstring) |
24 call(restart_stunnel_cmdline) |
18 call(restart_stunnel_cmdline) |
25 |
19 |