kopia lustrzana https://github.com/micropython/micropython
extmod/modtls_mbedtls: Test SSLSession reuse.
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>pull/12780/head
rodzic
4ea1d63ef6
commit
feae3a7545
|
@ -0,0 +1,131 @@
|
||||||
|
# Test creating an SSL connection with certificates as bytes objects.
|
||||||
|
|
||||||
|
try:
|
||||||
|
from io import IOBase
|
||||||
|
import os
|
||||||
|
import socket
|
||||||
|
import ssl
|
||||||
|
except ImportError:
|
||||||
|
print("SKIP")
|
||||||
|
raise SystemExit
|
||||||
|
|
||||||
|
if not hasattr(ssl, "SSLSession"):
|
||||||
|
print("SKIP")
|
||||||
|
raise SystemExit
|
||||||
|
|
||||||
|
PORT = 8000
|
||||||
|
|
||||||
|
# These are test certificates. See tests/README.md for details.
|
||||||
|
certfile = "ec_cert.der"
|
||||||
|
keyfile = "ec_key.der"
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.stat(certfile)
|
||||||
|
os.stat(keyfile)
|
||||||
|
except OSError:
|
||||||
|
print("SKIP")
|
||||||
|
raise SystemExit
|
||||||
|
|
||||||
|
with open(certfile, "rb") as cf:
|
||||||
|
cert = cadata = cf.read()
|
||||||
|
|
||||||
|
with open(keyfile, "rb") as kf:
|
||||||
|
key = kf.read()
|
||||||
|
|
||||||
|
|
||||||
|
# Helper class to count number of bytes going over a TCP socket
|
||||||
|
class CountingStream(IOBase):
|
||||||
|
def __init__(self, stream):
|
||||||
|
self.stream = stream
|
||||||
|
self.count = 0
|
||||||
|
|
||||||
|
def readinto(self, buf, nbytes=None):
|
||||||
|
result = self.stream.readinto(buf) if nbytes is None else self.stream.readinto(buf, nbytes)
|
||||||
|
self.count += result
|
||||||
|
return result
|
||||||
|
|
||||||
|
def write(self, buf):
|
||||||
|
self.count += len(buf)
|
||||||
|
return self.stream.write(buf)
|
||||||
|
|
||||||
|
def ioctl(self, req, arg):
|
||||||
|
if hasattr(self.stream, "ioctl"):
|
||||||
|
return self.stream.ioctl(req, arg)
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
# Server
|
||||||
|
def instance0():
|
||||||
|
multitest.globals(IP=multitest.get_network_ip())
|
||||||
|
s = socket.socket()
|
||||||
|
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||||
|
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
||||||
|
s.listen(1)
|
||||||
|
multitest.next()
|
||||||
|
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||||
|
server_ctx.load_cert_chain(cert, key)
|
||||||
|
for i in range(7):
|
||||||
|
s2, _ = s.accept()
|
||||||
|
s2 = server_ctx.wrap_socket(s2, server_side=True)
|
||||||
|
print(s2.read(18))
|
||||||
|
s2.write(b"server to client {}".format(i))
|
||||||
|
s2.close()
|
||||||
|
s.close()
|
||||||
|
|
||||||
|
|
||||||
|
# Client
|
||||||
|
def instance1():
|
||||||
|
multitest.next()
|
||||||
|
|
||||||
|
def connect_and_count(i, session, set_method="wrap_socket"):
|
||||||
|
s = socket.socket()
|
||||||
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
||||||
|
s = CountingStream(s)
|
||||||
|
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||||
|
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
|
client_ctx.load_verify_locations(cadata=cadata)
|
||||||
|
wrap_socket_kwargs = {}
|
||||||
|
if set_method == "wrap_socket":
|
||||||
|
wrap_socket_kwargs = {"session": session}
|
||||||
|
elif set_method == "socket_attr":
|
||||||
|
wrap_socket_kwargs = {"do_handshake_on_connect": False}
|
||||||
|
s2 = client_ctx.wrap_socket(s, server_hostname="micropython.local", **wrap_socket_kwargs)
|
||||||
|
if set_method == "socket_attr" and session is not None:
|
||||||
|
s2.session = session
|
||||||
|
s2.write(b"client to server {}".format(i))
|
||||||
|
print(s2.read(18))
|
||||||
|
session = s2.session
|
||||||
|
print(type(session))
|
||||||
|
s2.close()
|
||||||
|
return session, s.count
|
||||||
|
|
||||||
|
# No session reuse
|
||||||
|
session, count_without_reuse = connect_and_count(0, None)
|
||||||
|
|
||||||
|
# Direct session reuse
|
||||||
|
session, count = connect_and_count(1, session, "wrap_socket")
|
||||||
|
print(count < count_without_reuse)
|
||||||
|
|
||||||
|
# Serialized session reuse
|
||||||
|
session = ssl.SSLSession(session.serialize())
|
||||||
|
session, count = connect_and_count(2, session, "wrap_socket")
|
||||||
|
print(count < count_without_reuse)
|
||||||
|
|
||||||
|
# Serialized session reuse (using buffer protocol)
|
||||||
|
session = ssl.SSLSession(bytes(session))
|
||||||
|
session, count = connect_and_count(3, session, "wrap_socket")
|
||||||
|
print(count < count_without_reuse)
|
||||||
|
|
||||||
|
# Direct session reuse
|
||||||
|
session, count = connect_and_count(4, session, "socket_attr")
|
||||||
|
print(count < count_without_reuse)
|
||||||
|
|
||||||
|
# Serialized session reuse
|
||||||
|
session = ssl.SSLSession(session.serialize())
|
||||||
|
session, count = connect_and_count(5, session, "socket_attr")
|
||||||
|
print(count < count_without_reuse)
|
||||||
|
|
||||||
|
# Serialized session reuse (using buffer protocol)
|
||||||
|
session = ssl.SSLSession(bytes(session))
|
||||||
|
session, count = connect_and_count(6, session, "socket_attr")
|
||||||
|
print(count < count_without_reuse)
|
|
@ -0,0 +1,29 @@
|
||||||
|
--- instance0 ---
|
||||||
|
b'client to server 0'
|
||||||
|
b'client to server 1'
|
||||||
|
b'client to server 2'
|
||||||
|
b'client to server 3'
|
||||||
|
b'client to server 4'
|
||||||
|
b'client to server 5'
|
||||||
|
b'client to server 6'
|
||||||
|
--- instance1 ---
|
||||||
|
b'server to client 0'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
b'server to client 1'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
||||||
|
b'server to client 2'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
||||||
|
b'server to client 3'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
||||||
|
b'server to client 4'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
||||||
|
b'server to client 5'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
||||||
|
b'server to client 6'
|
||||||
|
<class 'SSLSession'>
|
||||||
|
True
|
Ładowanie…
Reference in New Issue