sslpsk fork for pymobiledevice3
Project description
sslpsk3
This module adds TLS-PSK support to the Python 2.7 and 3.x ssl
package. Simply use
sslpsk3.wrap_socket(sock, psk=b'...', ...)
instead of
ssl.wrap_socket(sock, ...)
Installation
pip install sslpsk3
pip builds from source for Linux and Mac OSX, so a C compiler, the Python
development headers, and the openSSL development headers are required. For
Microsoft Windows, pre-built binaries are available so there are no such
prerequisites.
Usage
sslpsk3.wrap_socket(...) is a drop-in replacement for ssl.wrap_socket(...) that
supports two additional arguments, psk and hint.
psk sets the preshared key and, optionally, the identity for a client
connection. hint sets the identity hint for a server connection and is
optional.
For client connections, psk can be one of four things:
- Just the preshared key.
sslpsk3.wrap_socket(sock, psk=b'mypsk')
- A tuple of the preshared key and client identity.
sslpsk3.wrap_socket(sock, psk=(b'mypsk', b'myidentity'))
- A function mapping the server identity hint to the preshared key.
PSK_FOR = {b'server1' : b'abcdef',
b'server2' : b'123456'}
sslpsk3.wrap_socket(sock, psk=lambda hint: PSK_FOR[hint])
- A function mapping the server identity hint to a tuple of the preshared key and client identity.
PSK_FOR = {b'server1' : b'abcdef',
b'server2' : b'123456'}
ID_FOR = {b'server1' : b'clientA',
b'server2' : b'clientB'}
sslpsk3.wrap_socket(sock, psk=lambda hint: (PSK_FOR[hint], ID_FOR[hint]))
For server connections, psk can be one of two things:
- Just the preshared key.
sslpsk3.wrap_socket(sock, server_side=True, psk=b'mypsk')
- A function mapping the client identity to the preshared key.
PSK_FOR = {b'clientA' : b'abcdef',
b'clientB' : b'123456'}
sslpsk3.wrap_socket(sock, server_side=True, psk=lambda identity: PSK_FOR[identity])
Additionally for server connections, the optional server identity hint is
specified using the hint argument.
sslpsk3.wrap_socket(sock, server_side=True, hint=b'myidentity', psk=b'mypsk')
If hint is not specified, None, or the empty string, the identity hint
will not be sent to the client.
Example Server
from __future__ import print_function
import socket
import ssl
import sslpsk_pmd3
PSKS = {'client1': 'abcdef',
'client2': '123456'}
def server(host, port):
tcp_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
tcp_sock.bind((host, port))
tcp_sock.listen(1)
sock, _ = tcp_sock.accept()
ssl_sock = sslpsk_pmd3.wrap_socket(sock,
server_side=True,
ssl_version=ssl.PROTOCOL_TLSv1,
ciphers='ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH',
psk=lambda identity: PSKS[identity],
hint=b'server1')
msg = ssl_sock.recv(4).decode()
print('Server received: %s' % (msg))
msg = "pong"
ssl_sock.sendall(msg.encode())
ssl_sock.shutdown(socket.SHUT_RDWR)
ssl_sock.close()
def main():
host = '127.0.0.1'
port = 6000
server(host, port)
if __name__ == '__main__':
main()
Example Client
from __future__ import print_function
import socket
import ssl
import sslpsk_pmd3
PSKS = {b'server1': b'abcdef',
b'server2': b'uvwxyz'}
def client(host, port, psk):
tcp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_socket.connect((host, port))
ssl_sock = sslpsk_pmd3.wrap_socket(tcp_socket,
ssl_version=ssl.PROTOCOL_TLSv1,
ciphers='ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH',
psk=lambda hint: (PSKS[hint], b'client1'))
msg = "ping"
ssl_sock.sendall(msg.encode())
msg = ssl_sock.recv(4).decode()
print('Client received: %s' % (msg))
ssl_sock.shutdown(socket.SHUT_RDWR)
ssl_sock.close()
def main():
host = '127.0.0.1'
port = 6000
client(host, port, PSKS)
if __name__ == '__main__':
main()
Changelog
- 0.1.0 (July 31, 2017)
- initial release
- 1.0.0 (August 2, 2017)
- include tests in pip distribution
- add support for Windows
- 1.0.1 (August 11, 2020)
- OpenSSL 1.1.1
- Fix with _sslobj
- Build from source in Windows with error description, when OpenSSL files are not present
Acknowledgments
Fork of drbild/sslpsk.
The main approach was borrowed from webgravel/common-ssl.
Contributing
Please submit bugs, questions, suggestions, or (ideally) contributions as issues and pull requests on GitHub.
Maintainers
Sidney Kuyateh
License
Copyright 2017 David R. Bild, 2020 Sidney Kuyateh
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License from the LICENSE.txt file or at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for sslpsk_pmd3-1.0.1-cp312-cp312-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0fb98e4fc9a778d956568b488dfe31d1cc3606397227561c7657f5b4a3253b6d |
|
| MD5 | caf39f94b8e4cfa31f625ceecae54830 |
|
| BLAKE2b-256 | 512bcdd1026d4c5ade315e7258077cae1557d09e724de6b6421bcc6ff48026d5 |
Hashes for sslpsk_pmd3-1.0.1-cp312-cp312-macosx_10_9_universal2.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ff90de29e3ec51ea7f7928dba4d191a0de9d089b9de13d57e3205038110571d7 |
|
| MD5 | 8c531a3e73cad1692ad43c420b06c0dd |
|
| BLAKE2b-256 | 0b3b330ecde1a765da4f30ea286aebb0b59be7cb2a10b93b5088def06195cb2a |
Hashes for sslpsk_pmd3-1.0.1-cp311-cp311-macosx_10_9_universal2.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 76e7cb74af24f3bd1895551c070fe5f4505b72dac8364daa77d0cf35205b4e99 |
|
| MD5 | 8e6ab235b8ef92e25e6fa6c03f1f1dcd |
|
| BLAKE2b-256 | 4af4ce05c2f8062b5185eeef7198623c36b4f421d18c014b82f5f16a4c62ac37 |
