--- a/connectors/ERPC/PSK_Adapter.py Fri Mar 15 08:48:32 2024 +0100
+++ b/connectors/ERPC/PSK_Adapter.py Fri Mar 15 09:20:11 2024 +0100
@@ -1,31 +1,24 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
-# This file is part of Beremiz, a Integrated Development Environment for
-# programming IEC 61131-3 automates supporting plcopen standard and CanFestival.
-#
-# Copyright (C) 2019: Edouard TISSERANT
-#
+# Written by Edouard TISSERANT (C) 2024
+# This file is part of Beremiz IDE
# See COPYING file for copyrights details.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
"""
The TLS-PSK adapter that handles SSL connections instead of regular sockets,
but using Pre Shared Keys instead of Certificates
+
+Corresponding stunnel.conf on PLC side:
+
+ [ERPCPSK]
+ accept = 4000
+ connect = 127.0.0.1:3000
+ ciphers = PSK
+ sslVersion = TLSv1.2
+ PSKsecrets = psk.txt
+
"""
import socket
@@ -44,18 +37,20 @@
super(TCPTransport, self).__init__()
self._host = host
self._port = port
- self._isServer = isServer
self._sock = None
+ self._isServer = False
if sslpsk is None:
raise ImportError("sslpsk module is not available")
+ self.sslpskctx = sslpsk.SSLPSKContext(ssl.PROTOCOL_TLSv1_2)
+ self.sslpskctx.set_ciphers('PSK')
+ self.sslpskctx.psk = psk
+
raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
raw_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
raw_sock.connect((self._host, self._port))
- self._sock = sslpsk.wrap_socket(
- raw_sock, psk=psk, server_side=False,
- ciphers="PSK-AES256-CBC-SHA", # available in openssl 1.0.2
- ssl_version=ssl.PROTOCOL_TLSv1)
+
+ self._sock = self.sslpskctx.wrap_socket(raw_sock, server_side=False)