mirror of
https://github.com/licsber/micropython.git
synced 2024-09-20 00:50:24 +08:00
all: Update bindings, ports and tests for mbedtls v3.5.1.
Changes include: - Some mbedtls source files renamed or deprecated. - Our `mbedtls_config.h` files are renamed to `mbedtls_config_port.h`, so they don't clash with mbedtls's new default configuration file named `mbedtls_config.h`. - MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE is deprecated. - MBEDTLS_HAVE_TIME now requires an `mbedtls_ms_time` function to be defined but it's only used for TLSv1.3 (currently not enabled in MicroPython so there is a lazy implementation, i.e. seconds * 1000). - `tests/multi_net/ssl_data.py` is removed (due to deprecation of MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE), there are the existing `ssl_cert_rsa.py` and `sslcontext_server_client.py` tests which do very similar, simple SSL data transfer. - Tests now use an EC key by default (they are smaller and faster), and the RSA key has been regenerated due to the old PKCS encoding used by openssl rsa command, see https://stackoverflow.com/questions/40822328/openssl-rsa-key-pem-and-der-conversion-does-not-match (and `tests/README.md` has been updated accordingly). Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
This commit is contained in:
parent
92136cbe67
commit
f3d1495fd3
@ -174,20 +174,24 @@ if(MICROPY_SSL_MBEDTLS)
|
|||||||
${MICROPY_DIR}/lib/mbedtls_errors/mp_mbedtls_errors.c
|
${MICROPY_DIR}/lib/mbedtls_errors/mp_mbedtls_errors.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/aes.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/aes.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/aesni.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/aesni.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/arc4.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/asn1parse.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/asn1parse.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/asn1write.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/asn1write.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/base64.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/base64.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_core.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_mod.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_mod_raw.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/bignum.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/bignum.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/blowfish.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/camellia.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/camellia.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ccm.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ccm.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/certs.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/chacha20.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/chacha20.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/chachapoly.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/chachapoly.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/cipher.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/cipher.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/cipher_wrap.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/cipher_wrap.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/nist_kw.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/aria.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/cmac.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/cmac.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/mps_reader.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/mps_trace.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ctr_drbg.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ctr_drbg.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/debug.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/debug.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/des.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/des.c
|
||||||
@ -200,17 +204,13 @@ if(MICROPY_SSL_MBEDTLS)
|
|||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/entropy.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/entropy.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/entropy_poll.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/entropy_poll.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/gcm.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/gcm.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/havege.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/hmac_drbg.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/hmac_drbg.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/md2.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/md4.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/md5.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/md5.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/md.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/md.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/oid.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/oid.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/padlock.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/padlock.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pem.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/pem.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pk.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/pk.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs11.c
|
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs12.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs12.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs5.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs5.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/pkparse.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/pkparse.c
|
||||||
@ -221,15 +221,17 @@ if(MICROPY_SSL_MBEDTLS)
|
|||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/poly1305.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/poly1305.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ripemd160.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ripemd160.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/rsa.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/rsa.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/rsa_internal.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/rsa_alt_helpers.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/sha1.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/sha1.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/sha256.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/sha256.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/sha512.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/sha512.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cache.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cache.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ciphersuites.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ciphersuites.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cli.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls12_client.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls12_server.c
|
||||||
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_client.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cookie.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cookie.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_srv.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_debug_helpers_generated.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_msg.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_msg.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ticket.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ticket.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls.c
|
||||||
@ -242,11 +244,10 @@ if(MICROPY_SSL_MBEDTLS)
|
|||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/x509_csr.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/x509_csr.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_crt.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_crt.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_csr.c
|
${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_csr.c
|
||||||
${MICROPY_LIB_MBEDTLS_DIR}/library/xtea.c
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if(NOT MBEDTLS_CONFIG_FILE)
|
if(NOT MBEDTLS_CONFIG_FILE)
|
||||||
set(MBEDTLS_CONFIG_FILE "${MICROPY_PORT_DIR}/mbedtls/mbedtls_config.h")
|
set(MBEDTLS_CONFIG_FILE "${MICROPY_PORT_DIR}/mbedtls/mbedtls_config_port.h")
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
target_compile_definitions(micropy_lib_mbedtls INTERFACE
|
target_compile_definitions(micropy_lib_mbedtls INTERFACE
|
||||||
|
@ -231,7 +231,7 @@ SRC_THIRDPARTY_C += $(addprefix $(AXTLS_DIR)/,\
|
|||||||
)
|
)
|
||||||
else ifeq ($(MICROPY_SSL_MBEDTLS),1)
|
else ifeq ($(MICROPY_SSL_MBEDTLS),1)
|
||||||
MBEDTLS_DIR = lib/mbedtls
|
MBEDTLS_DIR = lib/mbedtls
|
||||||
MBEDTLS_CONFIG_FILE ?= \"mbedtls/mbedtls_config.h\"
|
MBEDTLS_CONFIG_FILE ?= \"mbedtls/mbedtls_config_port.h\"
|
||||||
GIT_SUBMODULES += $(MBEDTLS_DIR)
|
GIT_SUBMODULES += $(MBEDTLS_DIR)
|
||||||
CFLAGS_EXTMOD += -DMBEDTLS_CONFIG_FILE=$(MBEDTLS_CONFIG_FILE)
|
CFLAGS_EXTMOD += -DMBEDTLS_CONFIG_FILE=$(MBEDTLS_CONFIG_FILE)
|
||||||
CFLAGS_EXTMOD += -DMICROPY_SSL_MBEDTLS=1 -I$(TOP)/$(MBEDTLS_DIR)/include
|
CFLAGS_EXTMOD += -DMICROPY_SSL_MBEDTLS=1 -I$(TOP)/$(MBEDTLS_DIR)/include
|
||||||
@ -239,20 +239,25 @@ SRC_THIRDPARTY_C += lib/mbedtls_errors/mp_mbedtls_errors.c
|
|||||||
SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\
|
SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\
|
||||||
aes.c \
|
aes.c \
|
||||||
aesni.c \
|
aesni.c \
|
||||||
arc4.c \
|
|
||||||
asn1parse.c \
|
asn1parse.c \
|
||||||
asn1write.c \
|
asn1write.c \
|
||||||
base64.c \
|
base64.c \
|
||||||
|
bignum_core.c \
|
||||||
|
bignum_mod.c \
|
||||||
|
bignum_mod_raw.c \
|
||||||
bignum.c \
|
bignum.c \
|
||||||
blowfish.c \
|
|
||||||
camellia.c \
|
camellia.c \
|
||||||
ccm.c \
|
ccm.c \
|
||||||
certs.c \
|
|
||||||
chacha20.c \
|
chacha20.c \
|
||||||
chachapoly.c \
|
chachapoly.c \
|
||||||
cipher.c \
|
cipher.c \
|
||||||
cipher_wrap.c \
|
cipher_wrap.c \
|
||||||
|
nist_kw.c \
|
||||||
|
aria.c \
|
||||||
cmac.c \
|
cmac.c \
|
||||||
|
constant_time.c \
|
||||||
|
mps_reader.c \
|
||||||
|
mps_trace.c \
|
||||||
ctr_drbg.c \
|
ctr_drbg.c \
|
||||||
debug.c \
|
debug.c \
|
||||||
des.c \
|
des.c \
|
||||||
@ -265,17 +270,13 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\
|
|||||||
entropy.c \
|
entropy.c \
|
||||||
entropy_poll.c \
|
entropy_poll.c \
|
||||||
gcm.c \
|
gcm.c \
|
||||||
havege.c \
|
|
||||||
hmac_drbg.c \
|
hmac_drbg.c \
|
||||||
md2.c \
|
|
||||||
md4.c \
|
|
||||||
md5.c \
|
md5.c \
|
||||||
md.c \
|
md.c \
|
||||||
oid.c \
|
oid.c \
|
||||||
padlock.c \
|
padlock.c \
|
||||||
pem.c \
|
pem.c \
|
||||||
pk.c \
|
pk.c \
|
||||||
pkcs11.c \
|
|
||||||
pkcs12.c \
|
pkcs12.c \
|
||||||
pkcs5.c \
|
pkcs5.c \
|
||||||
pkparse.c \
|
pkparse.c \
|
||||||
@ -286,20 +287,21 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\
|
|||||||
poly1305.c \
|
poly1305.c \
|
||||||
ripemd160.c \
|
ripemd160.c \
|
||||||
rsa.c \
|
rsa.c \
|
||||||
rsa_internal.c \
|
rsa_alt_helpers.c \
|
||||||
sha1.c \
|
sha1.c \
|
||||||
sha256.c \
|
sha256.c \
|
||||||
sha512.c \
|
sha512.c \
|
||||||
ssl_cache.c \
|
ssl_cache.c \
|
||||||
ssl_ciphersuites.c \
|
ssl_ciphersuites.c \
|
||||||
ssl_cli.c \
|
ssl_client.c \
|
||||||
ssl_cookie.c \
|
ssl_cookie.c \
|
||||||
ssl_srv.c \
|
ssl_debug_helpers_generated.c \
|
||||||
ssl_msg.c \
|
ssl_msg.c \
|
||||||
ssl_ticket.c \
|
ssl_ticket.c \
|
||||||
ssl_tls.c \
|
ssl_tls.c \
|
||||||
|
ssl_tls12_client.c \
|
||||||
|
ssl_tls12_server.c \
|
||||||
timing.c \
|
timing.c \
|
||||||
constant_time.c \
|
|
||||||
x509.c \
|
x509.c \
|
||||||
x509_create.c \
|
x509_create.c \
|
||||||
x509_crl.c \
|
x509_crl.c \
|
||||||
@ -307,7 +309,6 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\
|
|||||||
x509_csr.c \
|
x509_csr.c \
|
||||||
x509write_crt.c \
|
x509write_crt.c \
|
||||||
x509write_csr.c \
|
x509write_csr.c \
|
||||||
xtea.c \
|
|
||||||
)
|
)
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
@ -45,9 +45,9 @@
|
|||||||
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||||
// #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED // enabling this currently breaks ssl_data.py test
|
|
||||||
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
#define MBEDTLS_NO_PLATFORM_ENTROPY
|
#define MBEDTLS_CAN_ECDH
|
||||||
|
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||||
#define MBEDTLS_PKCS1_V15
|
#define MBEDTLS_PKCS1_V15
|
||||||
#define MBEDTLS_SHA256_SMALLER
|
#define MBEDTLS_SHA256_SMALLER
|
||||||
#define MBEDTLS_SSL_PROTO_TLS1
|
#define MBEDTLS_SSL_PROTO_TLS1
|
||||||
@ -81,12 +81,13 @@
|
|||||||
#define MBEDTLS_PLATFORM_C
|
#define MBEDTLS_PLATFORM_C
|
||||||
#define MBEDTLS_RSA_C
|
#define MBEDTLS_RSA_C
|
||||||
#define MBEDTLS_SHA1_C
|
#define MBEDTLS_SHA1_C
|
||||||
|
#define MBEDTLS_SHA224_C
|
||||||
#define MBEDTLS_SHA256_C
|
#define MBEDTLS_SHA256_C
|
||||||
|
#define MBEDTLS_SHA384_C
|
||||||
#define MBEDTLS_SHA512_C
|
#define MBEDTLS_SHA512_C
|
||||||
#define MBEDTLS_SSL_CLI_C
|
#define MBEDTLS_SSL_CLI_C
|
||||||
#define MBEDTLS_SSL_SRV_C
|
#define MBEDTLS_SSL_SRV_C
|
||||||
#define MBEDTLS_SSL_TLS_C
|
#define MBEDTLS_SSL_TLS_C
|
||||||
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
|
||||||
#define MBEDTLS_X509_CRT_PARSE_C
|
#define MBEDTLS_X509_CRT_PARSE_C
|
||||||
#define MBEDTLS_X509_USE_C
|
#define MBEDTLS_X509_USE_C
|
||||||
|
|
||||||
@ -97,6 +98,7 @@
|
|||||||
#define MBEDTLS_PLATFORM_MEMORY
|
#define MBEDTLS_PLATFORM_MEMORY
|
||||||
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||||
#define MBEDTLS_ENTROPY_HARDWARE_ALT
|
#define MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||||
|
#define MBEDTLS_NO_PLATFORM_ENTROPY
|
||||||
|
|
||||||
// Bare-metal memory allocation hooks.
|
// Bare-metal memory allocation hooks.
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
@ -109,7 +111,4 @@ void m_tracked_free(void *ptr);
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// Include mbedtls configuration checker.
|
|
||||||
#include "mbedtls/check_config.h"
|
|
||||||
|
|
||||||
#endif // MICROPY_INCLUDED_MBEDTLS_CONFIG_COMMON_H
|
#endif // MICROPY_INCLUDED_MBEDTLS_CONFIG_COMMON_H
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
extern time_t mimxrt_rtctime_seconds(time_t *timer);
|
extern time_t mimxrt_rtctime_seconds(time_t *timer);
|
||||||
#define MBEDTLS_PLATFORM_TIME_MACRO mimxrt_rtctime_seconds
|
#define MBEDTLS_PLATFORM_TIME_MACRO mimxrt_rtctime_seconds
|
||||||
|
#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time
|
||||||
|
|
||||||
// Set MicroPython-specific options.
|
// Set MicroPython-specific options.
|
||||||
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
@ -28,10 +28,11 @@
|
|||||||
|
|
||||||
#ifdef MICROPY_SSL_MBEDTLS
|
#ifdef MICROPY_SSL_MBEDTLS
|
||||||
|
|
||||||
#include "mbedtls_config.h"
|
#include "mbedtls_config_port.h"
|
||||||
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
#include "fsl_snvs_lp.h"
|
#include "fsl_snvs_lp.h"
|
||||||
#include "shared/timeutils/timeutils.h"
|
#include "shared/timeutils/timeutils.h"
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void trng_random_data(unsigned char *output, size_t len);
|
void trng_random_data(unsigned char *output, size_t len);
|
||||||
@ -52,6 +53,13 @@ time_t mimxrt_rtctime_seconds(time_t *timer) {
|
|||||||
SNVS_LP_SRTC_GetDatetime(SNVS, &date);
|
SNVS_LP_SRTC_GetDatetime(SNVS, &date);
|
||||||
return timeutils_seconds_since_epoch(date.year, date.month, date.day, date.hour, date.minute, date.second);
|
return timeutils_seconds_since_epoch(date.year, date.month, date.day, date.hour, date.minute, date.second);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ms_time_t mbedtls_ms_time(void) {
|
||||||
|
time_t *tv = NULL;
|
||||||
|
mbedtls_ms_time_t current_ms;
|
||||||
|
current_ms = mimxrt_rtctime_seconds(tv) * 1000;
|
||||||
|
return current_ms;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
|
|
||||||
#define MBEDTLS_ECP_NIST_OPTIM
|
#define MBEDTLS_ECP_NIST_OPTIM
|
||||||
|
|
||||||
#include "ports/renesas-ra/mbedtls/mbedtls_config.h"
|
#include "ports/renesas-ra/mbedtls/mbedtls_config_port.h"
|
||||||
|
|
||||||
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
extern time_t ra_rtctime_seconds(time_t *timer);
|
extern time_t ra_rtctime_seconds(time_t *timer);
|
||||||
#define MBEDTLS_PLATFORM_TIME_MACRO ra_rtctime_seconds
|
#define MBEDTLS_PLATFORM_TIME_MACRO ra_rtctime_seconds
|
||||||
|
#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time
|
||||||
|
|
||||||
// Set MicroPython-specific options.
|
// Set MicroPython-specific options.
|
||||||
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
@ -25,11 +25,12 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "rng.h"
|
#include "rng.h"
|
||||||
#include "mbedtls_config.h"
|
#include "mbedtls_config_port.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
#include "rtc.h"
|
#include "rtc.h"
|
||||||
#include "shared/timeutils/timeutils.h"
|
#include "shared/timeutils/timeutils.h"
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {
|
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {
|
||||||
@ -57,6 +58,13 @@ time_t ra_rtctime_seconds(time_t *timer) {
|
|||||||
rtc_get_date(&date);
|
rtc_get_date(&date);
|
||||||
return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds);
|
return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ms_time_t mbedtls_ms_time(void) {
|
||||||
|
time_t *tv = NULL;
|
||||||
|
mbedtls_ms_time_t current_ms;
|
||||||
|
current_ms = ra_rtctime_seconds(tv) * 1000;
|
||||||
|
return current_ms;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
|
@ -37,6 +37,7 @@
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
time_t rp2_rtctime_seconds(time_t *timer);
|
time_t rp2_rtctime_seconds(time_t *timer);
|
||||||
#define MBEDTLS_PLATFORM_TIME_MACRO rp2_rtctime_seconds
|
#define MBEDTLS_PLATFORM_TIME_MACRO rp2_rtctime_seconds
|
||||||
|
#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time
|
||||||
|
|
||||||
// Set MicroPython-specific options.
|
// Set MicroPython-specific options.
|
||||||
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
@ -27,10 +27,11 @@
|
|||||||
|
|
||||||
#ifdef MICROPY_SSL_MBEDTLS
|
#ifdef MICROPY_SSL_MBEDTLS
|
||||||
|
|
||||||
#include "mbedtls_config.h"
|
#include "mbedtls_config_port.h"
|
||||||
|
|
||||||
#include "hardware/rtc.h"
|
#include "hardware/rtc.h"
|
||||||
#include "shared/timeutils/timeutils.h"
|
#include "shared/timeutils/timeutils.h"
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
|
|
||||||
extern uint8_t rosc_random_u8(size_t cycles);
|
extern uint8_t rosc_random_u8(size_t cycles);
|
||||||
|
|
||||||
@ -48,4 +49,10 @@ time_t rp2_rtctime_seconds(time_t *timer) {
|
|||||||
return timeutils_seconds_since_epoch(t.year, t.month, t.day, t.hour, t.min, t.sec);
|
return timeutils_seconds_since_epoch(t.year, t.month, t.day, t.hour, t.min, t.sec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ms_time_t mbedtls_ms_time(void) {
|
||||||
|
time_t *tv = NULL;
|
||||||
|
mbedtls_ms_time_t current_ms;
|
||||||
|
current_ms = rp2_rtctime_seconds(tv) * 1000;
|
||||||
|
return current_ms;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
|
|
||||||
#define MBEDTLS_ECP_NIST_OPTIM
|
#define MBEDTLS_ECP_NIST_OPTIM
|
||||||
|
|
||||||
#include "ports/stm32/mbedtls/mbedtls_config.h"
|
#include "ports/stm32/mbedtls/mbedtls_config_port.h"
|
||||||
|
|
||||||
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
|
|
||||||
#define MBEDTLS_ECP_NIST_OPTIM
|
#define MBEDTLS_ECP_NIST_OPTIM
|
||||||
|
|
||||||
#include "ports/stm32/mbedtls/mbedtls_config.h"
|
#include "ports/stm32/mbedtls/mbedtls_config_port.h"
|
||||||
|
|
||||||
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
|
|
||||||
#define MBEDTLS_ECP_NIST_OPTIM
|
#define MBEDTLS_ECP_NIST_OPTIM
|
||||||
|
|
||||||
#include "ports/stm32/mbedtls/mbedtls_config.h"
|
#include "ports/stm32/mbedtls/mbedtls_config_port.h"
|
||||||
|
|
||||||
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
extern time_t stm32_rtctime_seconds(time_t *timer);
|
extern time_t stm32_rtctime_seconds(time_t *timer);
|
||||||
#define MBEDTLS_PLATFORM_TIME_MACRO stm32_rtctime_seconds
|
#define MBEDTLS_PLATFORM_TIME_MACRO stm32_rtctime_seconds
|
||||||
|
#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time
|
||||||
|
|
||||||
// Set MicroPython-specific options.
|
// Set MicroPython-specific options.
|
||||||
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
|
@ -25,11 +25,12 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "rng.h"
|
#include "rng.h"
|
||||||
#include "mbedtls_config.h"
|
#include "mbedtls_config_port.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
#include "rtc.h"
|
#include "rtc.h"
|
||||||
#include "shared/timeutils/timeutils.h"
|
#include "shared/timeutils/timeutils.h"
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {
|
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {
|
||||||
@ -57,6 +58,13 @@ time_t stm32_rtctime_seconds(time_t *timer) {
|
|||||||
HAL_RTC_GetDate(&RTCHandle, &date, RTC_FORMAT_BIN);
|
HAL_RTC_GetDate(&RTCHandle, &date, RTC_FORMAT_BIN);
|
||||||
return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds);
|
return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ms_time_t mbedtls_ms_time(void) {
|
||||||
|
time_t *tv = NULL;
|
||||||
|
mbedtls_ms_time_t current_ms;
|
||||||
|
current_ms = stm32_rtctime_seconds(tv) * 1000;
|
||||||
|
return current_ms;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||||
|
@ -30,7 +30,6 @@
|
|||||||
#define MBEDTLS_CIPHER_MODE_CTR // needed for MICROPY_PY_CRYPTOLIB_CTR
|
#define MBEDTLS_CIPHER_MODE_CTR // needed for MICROPY_PY_CRYPTOLIB_CTR
|
||||||
|
|
||||||
// Enable mbedtls modules
|
// Enable mbedtls modules
|
||||||
#define MBEDTLS_HAVEGE_C
|
|
||||||
#define MBEDTLS_TIMING_C
|
#define MBEDTLS_TIMING_C
|
||||||
|
|
||||||
// Include common mbedtls configuration.
|
// Include common mbedtls configuration.
|
@ -189,7 +189,7 @@ In this case CN is: micropython.local
|
|||||||
|
|
||||||
Convert them to DER format:
|
Convert them to DER format:
|
||||||
```
|
```
|
||||||
$ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER
|
$ openssl pkey -in rsa_key.pem -out rsa_key.der -outform DER
|
||||||
$ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
|
$ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
BIN
tests/multi_net/ec_cert.der
Normal file
BIN
tests/multi_net/ec_cert.der
Normal file
Binary file not shown.
BIN
tests/multi_net/ec_key.der
Normal file
BIN
tests/multi_net/ec_key.der
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
56
tests/multi_net/ssl_cert_ec.py
Normal file
56
tests/multi_net/ssl_cert_ec.py
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
# Simple test creating an SSL connection and transferring some data
|
||||||
|
# This test won't run under CPython because CPython doesn't have key/cert
|
||||||
|
|
||||||
|
try:
|
||||||
|
import binascii, os, socket, ssl
|
||||||
|
except ImportError:
|
||||||
|
print("SKIP")
|
||||||
|
raise SystemExit
|
||||||
|
|
||||||
|
PORT = 8000
|
||||||
|
|
||||||
|
# These are test certificates. See tests/README.md for details.
|
||||||
|
certfile = "ec_cert.der"
|
||||||
|
keyfile = "ec_key.der"
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.stat(certfile)
|
||||||
|
os.stat(keyfile)
|
||||||
|
except OSError:
|
||||||
|
print("SKIP")
|
||||||
|
raise SystemExit
|
||||||
|
|
||||||
|
with open(certfile, "rb") as cf:
|
||||||
|
cert = cadata = cf.read()
|
||||||
|
|
||||||
|
with open(keyfile, "rb") as kf:
|
||||||
|
key = kf.read()
|
||||||
|
|
||||||
|
|
||||||
|
# Server
|
||||||
|
def instance0():
|
||||||
|
multitest.globals(IP=multitest.get_network_ip())
|
||||||
|
s = socket.socket()
|
||||||
|
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||||
|
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
||||||
|
s.listen(1)
|
||||||
|
multitest.next()
|
||||||
|
s2, _ = s.accept()
|
||||||
|
s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert)
|
||||||
|
print(s2.read(16))
|
||||||
|
s2.write(b"server to client")
|
||||||
|
s2.close()
|
||||||
|
s.close()
|
||||||
|
|
||||||
|
|
||||||
|
# Client
|
||||||
|
def instance1():
|
||||||
|
multitest.next()
|
||||||
|
s = socket.socket()
|
||||||
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
||||||
|
s = ssl.wrap_socket(
|
||||||
|
s, cert_reqs=ssl.CERT_REQUIRED, server_hostname="micropython.local", cadata=cadata
|
||||||
|
)
|
||||||
|
s.write(b"client to server")
|
||||||
|
print(s.read(16))
|
||||||
|
s.close()
|
@ -1,67 +0,0 @@
|
|||||||
# Simple test creating an SSL connection and transferring some data
|
|
||||||
# This test won't run under CPython because it requires key/cert
|
|
||||||
|
|
||||||
try:
|
|
||||||
import binascii, socket, ssl
|
|
||||||
except ImportError:
|
|
||||||
print("SKIP")
|
|
||||||
raise SystemExit
|
|
||||||
|
|
||||||
PORT = 8000
|
|
||||||
|
|
||||||
# This self-signed key/cert pair is randomly generated and to be used for
|
|
||||||
# testing/demonstration only. You should always generate your own key/cert.
|
|
||||||
key = binascii.unhexlify(
|
|
||||||
b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef"
|
|
||||||
b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f"
|
|
||||||
b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0"
|
|
||||||
b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d"
|
|
||||||
b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86"
|
|
||||||
b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483"
|
|
||||||
b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102"
|
|
||||||
b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044"
|
|
||||||
b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f"
|
|
||||||
)
|
|
||||||
cert = binascii.unhexlify(
|
|
||||||
b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355"
|
|
||||||
b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504"
|
|
||||||
b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106"
|
|
||||||
b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61"
|
|
||||||
b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075"
|
|
||||||
b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531"
|
|
||||||
b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958"
|
|
||||||
b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468"
|
|
||||||
b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20"
|
|
||||||
b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18"
|
|
||||||
b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a"
|
|
||||||
b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8"
|
|
||||||
b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef"
|
|
||||||
b"979b57f0b3"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
# Server
|
|
||||||
def instance0():
|
|
||||||
multitest.globals(IP=multitest.get_network_ip())
|
|
||||||
s = socket.socket()
|
|
||||||
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
||||||
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
|
||||||
s.listen(1)
|
|
||||||
multitest.next()
|
|
||||||
s2, _ = s.accept()
|
|
||||||
s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert)
|
|
||||||
print(s2.read(16))
|
|
||||||
s2.write(b"server to client")
|
|
||||||
s2.close()
|
|
||||||
s.close()
|
|
||||||
|
|
||||||
|
|
||||||
# Client
|
|
||||||
def instance1():
|
|
||||||
multitest.next()
|
|
||||||
s = socket.socket()
|
|
||||||
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
|
||||||
s = ssl.wrap_socket(s)
|
|
||||||
s.write(b"client to server")
|
|
||||||
print(s.read(16))
|
|
||||||
s.close()
|
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -12,8 +12,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--- instance0 ---
|
--- instance0 ---
|
||||||
b'client to server'
|
b'client to server'
|
||||||
--- instance1 ---
|
--- instance1 ---
|
||||||
3082058930820371a00302010202141b3da08b15005eea265d0b57b8ba99812ab274cb300d06092a864886f70d01010b05003054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c301e170d3233313131393032323932375a170d3238313131373032323932375a3054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c30820222300d06092a864886f70d01010105000382020f003082020a0282020100deee37780ebca47e0f414ba033ebe692d2bc374a0eb1f42556bf266ad704208116ee0d8b2fd0b518074ad0981c4fd1322de81696ccea838884b06f56d3ebe49cf0561050f6f8ced5f7f4f13d086b28779a9647bbfae6c3f3ad68a5b28ee8a1ceb260d87ea300316599c4dd9f6082f89164b590df8695add518339f6730dec4f05b1ef63548329b0a48823035b23737f3303b56aa251dd8dcf0c20e6c1d291374c185ae657b349c20721c7c01a1b393c96d4c5f2bc8e2dfca7dab896e2fa84dee53d2bb6dbd1056970fa1812315e8ee9d92b3cb93e0b563d274bf07dd79600ef403b91d4ce814418b28cfaeb2b7d8401e64f6d4f39283df3204f2fe01f2fd289f5d2078d9ee2f96b6de1fd4284d9274fa38b0ad9ffcce8ffe66673be2cf304ee1b27c7cacaaf4ca76f1e84419e6e80f540add3e91cd469903e9ceb6bd2b1c33caa59acb5516ce8ac00e73d7a551bb65d39bd6af04411e81c20e6bd474d797a0bcd498e26720bd60ae4f900bb1afa59c7ac7a336273c7734ca5874ea63fb8ec787ab702041442da11a922baf5fbeb9eeea4f9f49cb1f659b561806d2169dbed07c43558c908c94e16491fe1a22cd92b8f33c1184353bdc985c88722f65e48024910f723035c0d33b789928296fb193cec6350884243b00bf51422ad09fb7012bd9cad4716803422be0d111deace913fac8cb2be1e96fa8449068430e5424bd0bd10203010001a3533051301d0603551d0e041604147d392a82ab464936fd7d74226694556a2945fd8d301f0603551d230418301680147d392a82ab464936fd7d74226694556a2945fd8d300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382020100ae40c015e3eade8dabc84ee357ac9d694e7cd69ce4a1b265880273d16257119aa72fb2aa8b841e2899bea3e8690146f24d963a37825c93bf745447dc6ab09b5f2947671dca13b1e71f5c3e43011d74cdc688ed1215b3016071ae7235d77f79d7bb81f097bb04a08ccf400717721b29e2ea913eb23614610597deee477ed716db7e8ebe11aed39c7035f48259dfa54d88871c1f67159d52ce11eb111fa00708a7d7081c07fd92d54abbaec7ff1b50ce2f6f358857d2f55d1c7b5aa6dd66b9c3c2e654397e2d5330aca9834ff8fd749ce968c706fe3bb1b8510a379ec1910d7ece0212c34d56a2073fb7f25c88fe298568e448d03ec30b348f7d9a8836390216a6da7a8efed50dfb8c21a8531efc158e7f4398f87af18d1bd2926d08d34364bf5d85e88040dff3d3f1da6268dbc0cafa64f544c065380fa695a8d015b385aed0a1fd9ff1d7c2b28a549e04c1132b421f85a85640acac11c69416859fb9b461eeddffa92ae303b35c7233537077068de558dd02715e25aee976a97879038d2952be0d327892ab2fc78716b0d7aab4b923d5d79905f7f8b6a18c42e466fec62f84b6e5957deae0964dab8436b0e0cd4e08012661bafb9588fbfd7068fd6c08ab79101a4bdfe21d95cd0ee0aad7dd8a3ed128071c0ec2d063dc6dfa63189e51bf5d9259e776d7623f745a73f4e12e5c2b90493de1c6436b339e1400891e3e35c31057
|
308201d330820179a00302010202144315a7cd8f69febe2640314e7c97d60a2523ad15300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303131343034353335335a170d3235303131333034353335335a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d0301070342000449b7f5fa687cb25a9464c397508149992f445c860bcf7002958eb4337636c6af840cd4c8cf3b96f2384860d8ae3ee3fa135dba051e8605e62bd871689c6af43ca3533051301d0603551d0e0416041441b3ae171d91e330411d8543ba45e0f2d5b2951b301f0603551d2304183016801441b3ae171d91e330411d8543ba45e0f2d5b2951b300f0603551d130101ff040530030101ff300a06082a8648ce3d04030203480030450220587f61c34739d6fab5802a674dcc54443ae9c87da374078c4ee1cd83f4ad1694022100cfc45dcf264888c6ba2c36e78bd27bb67856d7879a052dd7aa7ecf7215f7b992
|
||||||
b'server to client'
|
b'server to client'
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
certfile = "rsa_cert.der"
|
certfile = "ec_cert.der"
|
||||||
keyfile = "rsa_key.der"
|
keyfile = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(certfile)
|
os.stat(certfile)
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
@ -48,8 +48,8 @@ def instance1():
|
|||||||
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
||||||
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||||
ciphers = client_ctx.get_ciphers()
|
ciphers = client_ctx.get_ciphers()
|
||||||
assert "TLS-RSA-WITH-AES-256-CBC-SHA256" in ciphers
|
assert "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" in ciphers
|
||||||
client_ctx.set_ciphers(["TLS-RSA-WITH-AES-256-CBC-SHA256"])
|
client_ctx.set_ciphers(["TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"])
|
||||||
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
client_ctx.load_verify_locations(cafile=cafile)
|
client_ctx.load_verify_locations(cafile=cafile)
|
||||||
s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
|
s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -11,8 +11,8 @@ except ImportError:
|
|||||||
PORT = 8000
|
PORT = 8000
|
||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "rsa_cert.der"
|
cert = cafile = "ec_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
@ -12,7 +12,7 @@ PORT = 8000
|
|||||||
|
|
||||||
# These are test certificates. See tests/README.md for details.
|
# These are test certificates. See tests/README.md for details.
|
||||||
cert = cafile = "expired_cert.der"
|
cert = cafile = "expired_cert.der"
|
||||||
key = "rsa_key.der"
|
key = "ec_key.der"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
os.stat(cafile)
|
os.stat(cafile)
|
||||||
|
Loading…
Reference in New Issue
Block a user