IDE: Fix encrypted ERPC: newer TLS, better error handling, re-add explicit ERPCS scheme, use sslpsk better.
--- a/connectors/ERPC/PSK_Adapter.py Tue Feb 27 12:11:24 2024 +0100
+++ b/connectors/ERPC/PSK_Adapter.py Thu Mar 14 12:00:36 2024 +0100
@@ -1,31 +1,24 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
-# This file is part of Beremiz, a Integrated Development Environment for
-# programming IEC 61131-3 automates supporting plcopen standard and CanFestival.
-#
-# Copyright (C) 2019: Edouard TISSERANT
-#
+# Written by Edouard TISSERANT (C) 2024
+# This file is part of Beremiz IDE
# See COPYING file for copyrights details.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
"""
The TLS-PSK adapter that handles SSL connections instead of regular sockets,
but using Pre Shared Keys instead of Certificates
+
+Corresponding stunnel.conf on PLC side:
+
+ [ERPCPSK]
+ accept = 4000
+ connect = 127.0.0.1:3000
+ ciphers = PSK
+ sslVersion = TLSv1.2
+ PSKsecrets = psk.txt
+
"""
import socket
@@ -44,18 +37,20 @@
super(TCPTransport, self).__init__()
self._host = host
self._port = port
- self._isServer = isServer
self._sock = None
+ self._isServer = False
if sslpsk is None:
raise ImportError("sslpsk module is not available")
+ self.sslpskctx = sslpsk.SSLPSKContext(ssl.PROTOCOL_TLSv1_2)
+ self.sslpskctx.set_ciphers('PSK')
+ self.sslpskctx.psk = psk
+
raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
raw_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
raw_sock.connect((self._host, self._port))
- self._sock = sslpsk.wrap_socket(
- raw_sock, psk=psk, server_side=False,
- ciphers="PSK-AES256-CBC-SHA", # available in openssl 1.0.2
- ssl_version=ssl.PROTOCOL_TLSv1)
+
+ self._sock = self.sslpskctx.wrap_socket(raw_sock, server_side=False)
--- a/connectors/ERPC/__init__.py Tue Feb 27 12:11:24 2024 +0100
+++ b/connectors/ERPC/__init__.py Thu Mar 14 12:00:36 2024 +0100
@@ -91,7 +91,18 @@
if port:
port = int(port)
else:
- port = 3000
+ # default port depends on security
+ port = 4000 if IDhash else 3000
+
+ if not IDhash and _scheme=="ERPCS":
+ confnodesroot.logger.write_error(
+ f'Invalid URI "{uri}": ERPCS requires PLC ID after "#"\n')
+ return None
+ elif IDhash and _scheme!="ERPCS":
+ confnodesroot.logger.write_error(
+ f'URI "{uri}": Non-encrypted ERPC does not take a PLC ID after "#"\n')
+ return None
+
except Exception as e:
confnodesroot.logger.write_error(
'Malformed URI "%s": %s\n' % (uri, str(e)))
@@ -136,13 +147,13 @@
if IDhash:
ID = IDhash[0]
# load PSK from project
- secpath = os.path.join(str(confnodesroot.ProjectPath), 'psk', ID + '.secret')
+ secpath = os.path.join(confnodesroot.ProjectPath, 'psk', ID + '.secret')
if not os.path.exists(secpath):
confnodesroot.logger.write_error(
'Error: Pre-Shared-Key Secret in %s is missing!\n' % secpath)
return None
- secret = open(secpath).read().partition(':')[2].rstrip('\n\r')
- transport = SSLPSKClientTransport(host, port, (secret, ID))
+ secret = open(secpath).read().partition(':')[2].rstrip('\n\r').encode()
+ transport = SSLPSKClientTransport(host, port, (secret, ID.encode()))
else:
# TODO if serial URI then
# transport = erpc.transport.SerialTransport(device, baudrate)
--- a/connectors/ERPC_dialog.py Tue Feb 27 12:11:24 2024 +0100
+++ b/connectors/ERPC_dialog.py Thu Mar 14 12:00:36 2024 +0100
@@ -14,7 +14,7 @@
('port', _("Port:"))]
# (scheme, model, secure)
-models = [("LOCAL", [], False), ("ERPC", model, False)]
+models = [("LOCAL", [], False), ("ERPC", model, False), ("ERPCS", model, True)]
Schemes = list(zip(*models))[0]