mirror
/
micropython
kopia lustrzana https://github.com/micropython/micropython
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

extmod/modtls_mbedtls: Add server-side support for TLS tickets. 

Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
pull/12780/head
Daniël van de Giessen 2024-03-19 15:16:15 +01:00
rodzic 12025f0979
commit 4ea1d63ef6
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 9F0EF4D3441C8163
2 zmienionych plików z 28 dodań i 0 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

25
extmod/modtls_mbedtls.c
Wyświetl plik

@ -54,6 +54,14 @@
#include "mbedtls/version.h"
#endif
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
#include "mbedtls/ssl_ticket.h"
#endif
#define MP_STREAM_POLL_RDWR (MP_STREAM_POLL_RD | MP_STREAM_POLL_WR)
// This corresponds to an SSLContext object.
@ -65,6 +73,9 @@ typedef struct _mp_obj_ssl_context_t {
mbedtls_x509_crt cacert;
mbedtls_x509_crt cert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_context ticket;
#endif
int authmode;
int *ciphersuites;
mp_obj_t handler;
@ -283,6 +294,9 @@ static mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
mbedtls_x509_crt_init(&self->cacert);
mbedtls_x509_crt_init(&self->cert);
mbedtls_pk_init(&self->pkey);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_init(&self->ticket);
#endif
self->ciphersuites = NULL;
self->handler = mp_const_none;
@ -321,6 +335,14 @@ static mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
mbedtls_ssl_conf_dbg(&self->conf, mbedtls_debug, NULL);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
ret = mbedtls_ssl_ticket_setup(&self->ticket, mbedtls_ctr_drbg_random, &self->ctr_drbg, MBEDTLS_CIPHER_AES_256_GCM, 86400);
if (ret != 0) {
mbedtls_raise_error(ret);
}
mbedtls_ssl_conf_session_tickets_cb(&self->conf, mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse, &self->ticket);
#endif
return MP_OBJ_FROM_PTR(self);
}
@ -352,6 +374,9 @@ static void ssl_context_attr(mp_obj_t self_in, qstr attr, mp_obj_t *dest) {
#if MICROPY_PY_SSL_FINALISER
static mp_obj_t ssl_context___del__(mp_obj_t self_in) {
mp_obj_ssl_context_t *self = MP_OBJ_TO_PTR(self_in);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free(&self->ticket);
#endif
mbedtls_pk_free(&self->pkey);
mbedtls_x509_crt_free(&self->cert);
mbedtls_x509_crt_free(&self->cacert);

3
ports/unix/mbedtls/mbedtls_config_port.h
Wyświetl plik

@ -28,8 +28,11 @@
// Set mbedtls configuration
#define MBEDTLS_CIPHER_MODE_CTR // needed for MICROPY_PY_CRYPTOLIB_CTR
#define MBEDTLS_SSL_SESSION_TICKETS
// Enable mbedtls modules
#define MBEDTLS_GCM_C
#define MBEDTLS_SSL_TICKET_C
#define MBEDTLS_TIMING_C
// Include common mbedtls configuration.