1 #!/usr/bin/env python |
1 #!/usr/bin/env python |
2 # -*- coding: utf-8 -*- |
2 # -*- coding: utf-8 -*- |
3 |
3 |
4 # This file is part of Beremiz, a Integrated Development Environment for |
4 # Written by Edouard TISSERANT (C) 2024 |
5 # programming IEC 61131-3 automates supporting plcopen standard and CanFestival. |
5 # This file is part of Beremiz IDE |
6 # |
|
7 # Copyright (C) 2019: Edouard TISSERANT |
|
8 # |
|
9 # See COPYING file for copyrights details. |
6 # See COPYING file for copyrights details. |
10 # |
|
11 # This program is free software; you can redistribute it and/or |
|
12 # modify it under the terms of the GNU General Public License |
|
13 # as published by the Free Software Foundation; either version 2 |
|
14 # of the License, or (at your option) any later version. |
|
15 # |
|
16 # This program is distributed in the hope that it will be useful, |
|
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
19 # GNU General Public License for more details. |
|
20 # |
|
21 # You should have received a copy of the GNU General Public License |
|
22 # along with this program; if not, write to the Free Software |
|
23 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
24 |
7 |
25 |
8 |
26 """ |
9 """ |
27 The TLS-PSK adapter that handles SSL connections instead of regular sockets, |
10 The TLS-PSK adapter that handles SSL connections instead of regular sockets, |
28 but using Pre Shared Keys instead of Certificates |
11 but using Pre Shared Keys instead of Certificates |
|
12 |
|
13 Corresponding stunnel.conf on PLC side: |
|
14 |
|
15 [ERPCPSK] |
|
16 accept = 4000 |
|
17 connect = 127.0.0.1:3000 |
|
18 ciphers = PSK |
|
19 sslVersion = TLSv1.2 |
|
20 PSKsecrets = psk.txt |
|
21 |
29 """ |
22 """ |
30 |
23 |
31 import socket |
24 import socket |
32 import ssl |
25 import ssl |
33 |
26 |
42 def __init__(self, host, port, psk): |
35 def __init__(self, host, port, psk): |
43 """ overrides TCPTransport's __init__ to wrap socket in SSl wrapper """ |
36 """ overrides TCPTransport's __init__ to wrap socket in SSl wrapper """ |
44 super(TCPTransport, self).__init__() |
37 super(TCPTransport, self).__init__() |
45 self._host = host |
38 self._host = host |
46 self._port = port |
39 self._port = port |
47 self._isServer = isServer |
|
48 self._sock = None |
40 self._sock = None |
|
41 self._isServer = False |
49 |
42 |
50 if sslpsk is None: |
43 if sslpsk is None: |
51 raise ImportError("sslpsk module is not available") |
44 raise ImportError("sslpsk module is not available") |
52 |
45 |
|
46 self.sslpskctx = sslpsk.SSLPSKContext(ssl.PROTOCOL_TLSv1_2) |
|
47 self.sslpskctx.set_ciphers('PSK') |
|
48 self.sslpskctx.psk = psk |
|
49 |
53 raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
50 raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
54 raw_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) |
51 raw_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) |
55 raw_sock.connect((self._host, self._port)) |
52 raw_sock.connect((self._host, self._port)) |
56 self._sock = sslpsk.wrap_socket( |
53 |
57 raw_sock, psk=psk, server_side=False, |
54 self._sock = self.sslpskctx.wrap_socket(raw_sock, server_side=False) |
58 ciphers="PSK-AES256-CBC-SHA", # available in openssl 1.0.2 |
|
59 ssl_version=ssl.PROTOCOL_TLSv1) |
|
60 |
55 |
61 |
56 |