diff options
37 files changed, 156 insertions, 132 deletions
diff --git a/extmod/extmod.cmake b/extmod/extmod.cmake index ac10faa86..a55cd76f8 100644 --- a/extmod/extmod.cmake +++ b/extmod/extmod.cmake @@ -174,20 +174,24 @@ if(MICROPY_SSL_MBEDTLS) ${MICROPY_DIR}/lib/mbedtls_errors/mp_mbedtls_errors.c ${MICROPY_LIB_MBEDTLS_DIR}/library/aes.c ${MICROPY_LIB_MBEDTLS_DIR}/library/aesni.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/arc4.c ${MICROPY_LIB_MBEDTLS_DIR}/library/asn1parse.c ${MICROPY_LIB_MBEDTLS_DIR}/library/asn1write.c ${MICROPY_LIB_MBEDTLS_DIR}/library/base64.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_core.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_mod.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/bignum_mod_raw.c ${MICROPY_LIB_MBEDTLS_DIR}/library/bignum.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/blowfish.c ${MICROPY_LIB_MBEDTLS_DIR}/library/camellia.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ccm.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/certs.c ${MICROPY_LIB_MBEDTLS_DIR}/library/chacha20.c ${MICROPY_LIB_MBEDTLS_DIR}/library/chachapoly.c ${MICROPY_LIB_MBEDTLS_DIR}/library/cipher.c ${MICROPY_LIB_MBEDTLS_DIR}/library/cipher_wrap.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/nist_kw.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/aria.c ${MICROPY_LIB_MBEDTLS_DIR}/library/cmac.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/mps_reader.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/mps_trace.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ctr_drbg.c ${MICROPY_LIB_MBEDTLS_DIR}/library/debug.c ${MICROPY_LIB_MBEDTLS_DIR}/library/des.c @@ -200,17 +204,13 @@ if(MICROPY_SSL_MBEDTLS) ${MICROPY_LIB_MBEDTLS_DIR}/library/entropy.c ${MICROPY_LIB_MBEDTLS_DIR}/library/entropy_poll.c ${MICROPY_LIB_MBEDTLS_DIR}/library/gcm.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/havege.c ${MICROPY_LIB_MBEDTLS_DIR}/library/hmac_drbg.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/md2.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/md4.c ${MICROPY_LIB_MBEDTLS_DIR}/library/md5.c ${MICROPY_LIB_MBEDTLS_DIR}/library/md.c ${MICROPY_LIB_MBEDTLS_DIR}/library/oid.c ${MICROPY_LIB_MBEDTLS_DIR}/library/padlock.c ${MICROPY_LIB_MBEDTLS_DIR}/library/pem.c ${MICROPY_LIB_MBEDTLS_DIR}/library/pk.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs11.c ${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs12.c ${MICROPY_LIB_MBEDTLS_DIR}/library/pkcs5.c ${MICROPY_LIB_MBEDTLS_DIR}/library/pkparse.c @@ -221,15 +221,17 @@ if(MICROPY_SSL_MBEDTLS) ${MICROPY_LIB_MBEDTLS_DIR}/library/poly1305.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ripemd160.c ${MICROPY_LIB_MBEDTLS_DIR}/library/rsa.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/rsa_internal.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/rsa_alt_helpers.c ${MICROPY_LIB_MBEDTLS_DIR}/library/sha1.c ${MICROPY_LIB_MBEDTLS_DIR}/library/sha256.c ${MICROPY_LIB_MBEDTLS_DIR}/library/sha512.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cache.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ciphersuites.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cli.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls12_client.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls12_server.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_client.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_cookie.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_srv.c + ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_debug_helpers_generated.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_msg.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_ticket.c ${MICROPY_LIB_MBEDTLS_DIR}/library/ssl_tls.c @@ -242,11 +244,10 @@ if(MICROPY_SSL_MBEDTLS) ${MICROPY_LIB_MBEDTLS_DIR}/library/x509_csr.c ${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_crt.c ${MICROPY_LIB_MBEDTLS_DIR}/library/x509write_csr.c - ${MICROPY_LIB_MBEDTLS_DIR}/library/xtea.c ) if(NOT MBEDTLS_CONFIG_FILE) - set(MBEDTLS_CONFIG_FILE "${MICROPY_PORT_DIR}/mbedtls/mbedtls_config.h") + set(MBEDTLS_CONFIG_FILE "${MICROPY_PORT_DIR}/mbedtls/mbedtls_config_port.h") endif() target_compile_definitions(micropy_lib_mbedtls INTERFACE diff --git a/extmod/extmod.mk b/extmod/extmod.mk index 59e530d34..fdaa3d930 100644 --- a/extmod/extmod.mk +++ b/extmod/extmod.mk @@ -231,7 +231,7 @@ SRC_THIRDPARTY_C += $(addprefix $(AXTLS_DIR)/,\ ) else ifeq ($(MICROPY_SSL_MBEDTLS),1) MBEDTLS_DIR = lib/mbedtls -MBEDTLS_CONFIG_FILE ?= \"mbedtls/mbedtls_config.h\" +MBEDTLS_CONFIG_FILE ?= \"mbedtls/mbedtls_config_port.h\" GIT_SUBMODULES += $(MBEDTLS_DIR) CFLAGS_EXTMOD += -DMBEDTLS_CONFIG_FILE=$(MBEDTLS_CONFIG_FILE) CFLAGS_EXTMOD += -DMICROPY_SSL_MBEDTLS=1 -I$(TOP)/$(MBEDTLS_DIR)/include @@ -239,20 +239,25 @@ SRC_THIRDPARTY_C += lib/mbedtls_errors/mp_mbedtls_errors.c SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\ aes.c \ aesni.c \ - arc4.c \ asn1parse.c \ asn1write.c \ base64.c \ + bignum_core.c \ + bignum_mod.c \ + bignum_mod_raw.c \ bignum.c \ - blowfish.c \ camellia.c \ ccm.c \ - certs.c \ chacha20.c \ chachapoly.c \ cipher.c \ cipher_wrap.c \ + nist_kw.c \ + aria.c \ cmac.c \ + constant_time.c \ + mps_reader.c \ + mps_trace.c \ ctr_drbg.c \ debug.c \ des.c \ @@ -265,17 +270,13 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\ entropy.c \ entropy_poll.c \ gcm.c \ - havege.c \ hmac_drbg.c \ - md2.c \ - md4.c \ md5.c \ md.c \ oid.c \ padlock.c \ pem.c \ pk.c \ - pkcs11.c \ pkcs12.c \ pkcs5.c \ pkparse.c \ @@ -286,20 +287,21 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\ poly1305.c \ ripemd160.c \ rsa.c \ - rsa_internal.c \ + rsa_alt_helpers.c \ sha1.c \ sha256.c \ sha512.c \ ssl_cache.c \ ssl_ciphersuites.c \ - ssl_cli.c \ + ssl_client.c \ ssl_cookie.c \ - ssl_srv.c \ + ssl_debug_helpers_generated.c \ ssl_msg.c \ ssl_ticket.c \ ssl_tls.c \ + ssl_tls12_client.c \ + ssl_tls12_server.c \ timing.c \ - constant_time.c \ x509.c \ x509_create.c \ x509_crl.c \ @@ -307,7 +309,6 @@ SRC_THIRDPARTY_C += $(addprefix $(MBEDTLS_DIR)/library/,\ x509_csr.c \ x509write_crt.c \ x509write_csr.c \ - xtea.c \ ) endif endif diff --git a/extmod/mbedtls/mbedtls_config_common.h b/extmod/mbedtls/mbedtls_config_common.h index 95458f18d..db1562f27 100644 --- a/extmod/mbedtls/mbedtls_config_common.h +++ b/extmod/mbedtls/mbedtls_config_common.h @@ -45,9 +45,9 @@ #define MBEDTLS_ECP_DP_SECP224K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -// #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED // enabling this currently breaks ssl_data.py test #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_CAN_ECDH +#define MBEDTLS_PK_CAN_ECDSA_SIGN #define MBEDTLS_PKCS1_V15 #define MBEDTLS_SHA256_SMALLER #define MBEDTLS_SSL_PROTO_TLS1 @@ -81,12 +81,13 @@ #define MBEDTLS_PLATFORM_C #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C +#define MBEDTLS_SHA224_C #define MBEDTLS_SHA256_C +#define MBEDTLS_SHA384_C #define MBEDTLS_SHA512_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C @@ -97,6 +98,7 @@ #define MBEDTLS_PLATFORM_MEMORY #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS #define MBEDTLS_ENTROPY_HARDWARE_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY // Bare-metal memory allocation hooks. #include <stdlib.h> @@ -109,7 +111,4 @@ void m_tracked_free(void *ptr); #endif -// Include mbedtls configuration checker. -#include "mbedtls/check_config.h" - #endif // MICROPY_INCLUDED_MBEDTLS_CONFIG_COMMON_H diff --git a/ports/mimxrt/mbedtls/mbedtls_config.h b/ports/mimxrt/mbedtls/mbedtls_config_port.h index f264ed4ad..414f30527 100644 --- a/ports/mimxrt/mbedtls/mbedtls_config.h +++ b/ports/mimxrt/mbedtls/mbedtls_config_port.h @@ -30,6 +30,7 @@ #include <time.h> extern time_t mimxrt_rtctime_seconds(time_t *timer); #define MBEDTLS_PLATFORM_TIME_MACRO mimxrt_rtctime_seconds +#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time // Set MicroPython-specific options. #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1) diff --git a/ports/mimxrt/mbedtls/mbedtls_port.c b/ports/mimxrt/mbedtls/mbedtls_port.c index 044de317f..230e264bf 100644 --- a/ports/mimxrt/mbedtls/mbedtls_port.c +++ b/ports/mimxrt/mbedtls/mbedtls_port.c @@ -28,10 +28,11 @@ #ifdef MICROPY_SSL_MBEDTLS -#include "mbedtls_config.h" +#include "mbedtls_config_port.h" #if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE) #include "fsl_snvs_lp.h" #include "shared/timeutils/timeutils.h" +#include "mbedtls/platform_time.h" #endif void trng_random_data(unsigned char *output, size_t len); @@ -52,6 +53,13 @@ time_t mimxrt_rtctime_seconds(time_t *timer) { SNVS_LP_SRTC_GetDatetime(SNVS, &date); return timeutils_seconds_since_epoch(date.year, date.month, date.day, date.hour, date.minute, date.second); } + +mbedtls_ms_time_t mbedtls_ms_time(void) { + time_t *tv = NULL; + mbedtls_ms_time_t current_ms; + current_ms = mimxrt_rtctime_seconds(tv) * 1000; + return current_ms; +} #endif #if defined(MBEDTLS_HAVE_TIME_DATE) diff --git a/ports/renesas-ra/boards/ARDUINO_PORTENTA_C33/mbedtls_config_board.h b/ports/renesas-ra/boards/ARDUINO_PORTENTA_C33/mbedtls_config_board.h index 63c1b284f..ef264a46b 100644 --- a/ports/renesas-ra/boards/ARDUINO_PORTENTA_C33/mbedtls_config_board.h +++ b/ports/renesas-ra/boards/ARDUINO_PORTENTA_C33/mbedtls_config_board.h @@ -3,6 +3,6 @@ #define MBEDTLS_ECP_NIST_OPTIM -#include "ports/renesas-ra/mbedtls/mbedtls_config.h" +#include "ports/renesas-ra/mbedtls/mbedtls_config_port.h" #endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */ diff --git a/ports/renesas-ra/mbedtls/mbedtls_config.h b/ports/renesas-ra/mbedtls/mbedtls_config_port.h index f036f536c..5660566ff 100644 --- a/ports/renesas-ra/mbedtls/mbedtls_config.h +++ b/ports/renesas-ra/mbedtls/mbedtls_config_port.h @@ -30,6 +30,7 @@ #include <time.h> extern time_t ra_rtctime_seconds(time_t *timer); #define MBEDTLS_PLATFORM_TIME_MACRO ra_rtctime_seconds +#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time // Set MicroPython-specific options. #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1) diff --git a/ports/renesas-ra/mbedtls/mbedtls_port.c b/ports/renesas-ra/mbedtls/mbedtls_port.c index 10c89bbcf..feeefa9c0 100644 --- a/ports/renesas-ra/mbedtls/mbedtls_port.c +++ b/ports/renesas-ra/mbedtls/mbedtls_port.c @@ -25,11 +25,12 @@ */ #include "rng.h" -#include "mbedtls_config.h" +#include "mbedtls_config_port.h" #if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE) #include "rtc.h" #include "shared/timeutils/timeutils.h" +#include "mbedtls/platform_time.h" #endif int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) { @@ -57,6 +58,13 @@ time_t ra_rtctime_seconds(time_t *timer) { rtc_get_date(&date); return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds); } + +mbedtls_ms_time_t mbedtls_ms_time(void) { + time_t *tv = NULL; + mbedtls_ms_time_t current_ms; + current_ms = ra_rtctime_seconds(tv) * 1000; + return current_ms; +} #endif #if defined(MBEDTLS_HAVE_TIME_DATE) diff --git a/ports/rp2/mbedtls/mbedtls_config.h b/ports/rp2/mbedtls/mbedtls_config_port.h index 81be6c111..4e4c6e263 100644 --- a/ports/rp2/mbedtls/mbedtls_config.h +++ b/ports/rp2/mbedtls/mbedtls_config_port.h @@ -37,6 +37,7 @@ #include <time.h> time_t rp2_rtctime_seconds(time_t *timer); #define MBEDTLS_PLATFORM_TIME_MACRO rp2_rtctime_seconds +#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time // Set MicroPython-specific options. #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1) diff --git a/ports/rp2/mbedtls/mbedtls_port.c b/ports/rp2/mbedtls/mbedtls_port.c index 9067eca90..9b1e0d20e 100644 --- a/ports/rp2/mbedtls/mbedtls_port.c +++ b/ports/rp2/mbedtls/mbedtls_port.c @@ -27,10 +27,11 @@ #ifdef MICROPY_SSL_MBEDTLS -#include "mbedtls_config.h" +#include "mbedtls_config_port.h" #include "hardware/rtc.h" #include "shared/timeutils/timeutils.h" +#include "mbedtls/platform_time.h" extern uint8_t rosc_random_u8(size_t cycles); @@ -48,4 +49,10 @@ time_t rp2_rtctime_seconds(time_t *timer) { return timeutils_seconds_since_epoch(t.year, t.month, t.day, t.hour, t.min, t.sec); } +mbedtls_ms_time_t mbedtls_ms_time(void) { + time_t *tv = NULL; + mbedtls_ms_time_t current_ms; + current_ms = rp2_rtctime_seconds(tv) * 1000; + return current_ms; +} #endif diff --git a/ports/stm32/boards/ARDUINO_GIGA/mbedtls_config_board.h b/ports/stm32/boards/ARDUINO_GIGA/mbedtls_config_board.h index 0e1703f1b..07aef7946 100644 --- a/ports/stm32/boards/ARDUINO_GIGA/mbedtls_config_board.h +++ b/ports/stm32/boards/ARDUINO_GIGA/mbedtls_config_board.h @@ -3,6 +3,6 @@ #define MBEDTLS_ECP_NIST_OPTIM -#include "ports/stm32/mbedtls/mbedtls_config.h" +#include "ports/stm32/mbedtls/mbedtls_config_port.h" #endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */ diff --git a/ports/stm32/boards/ARDUINO_NICLA_VISION/mbedtls_config_board.h b/ports/stm32/boards/ARDUINO_NICLA_VISION/mbedtls_config_board.h index 0e1703f1b..07aef7946 100644 --- a/ports/stm32/boards/ARDUINO_NICLA_VISION/mbedtls_config_board.h +++ b/ports/stm32/boards/ARDUINO_NICLA_VISION/mbedtls_config_board.h @@ -3,6 +3,6 @@ #define MBEDTLS_ECP_NIST_OPTIM -#include "ports/stm32/mbedtls/mbedtls_config.h" +#include "ports/stm32/mbedtls/mbedtls_config_port.h" #endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */ diff --git a/ports/stm32/boards/ARDUINO_PORTENTA_H7/mbedtls_config_board.h b/ports/stm32/boards/ARDUINO_PORTENTA_H7/mbedtls_config_board.h index 0e1703f1b..07aef7946 100644 --- a/ports/stm32/boards/ARDUINO_PORTENTA_H7/mbedtls_config_board.h +++ b/ports/stm32/boards/ARDUINO_PORTENTA_H7/mbedtls_config_board.h @@ -3,6 +3,6 @@ #define MBEDTLS_ECP_NIST_OPTIM -#include "ports/stm32/mbedtls/mbedtls_config.h" +#include "ports/stm32/mbedtls/mbedtls_config_port.h" #endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_BOARD_H */ diff --git a/ports/stm32/mbedtls/mbedtls_config.h b/ports/stm32/mbedtls/mbedtls_config_port.h index 336fee0a1..5f8bb1cfd 100644 --- a/ports/stm32/mbedtls/mbedtls_config.h +++ b/ports/stm32/mbedtls/mbedtls_config_port.h @@ -30,6 +30,7 @@ #include <time.h> extern time_t stm32_rtctime_seconds(time_t *timer); #define MBEDTLS_PLATFORM_TIME_MACRO stm32_rtctime_seconds +#define MBEDTLS_PLATFORM_MS_TIME_ALT mbedtls_ms_time // Set MicroPython-specific options. #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1) diff --git a/ports/stm32/mbedtls/mbedtls_port.c b/ports/stm32/mbedtls/mbedtls_port.c index cdfcd172a..a51144871 100644 --- a/ports/stm32/mbedtls/mbedtls_port.c +++ b/ports/stm32/mbedtls/mbedtls_port.c @@ -25,11 +25,12 @@ */ #include "rng.h" -#include "mbedtls_config.h" +#include "mbedtls_config_port.h" #if defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_HAVE_TIME_DATE) #include "rtc.h" #include "shared/timeutils/timeutils.h" +#include "mbedtls/platform_time.h" #endif int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) { @@ -57,6 +58,13 @@ time_t stm32_rtctime_seconds(time_t *timer) { HAL_RTC_GetDate(&RTCHandle, &date, RTC_FORMAT_BIN); return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds); } + +mbedtls_ms_time_t mbedtls_ms_time(void) { + time_t *tv = NULL; + mbedtls_ms_time_t current_ms; + current_ms = stm32_rtctime_seconds(tv) * 1000; + return current_ms; +} #endif #if defined(MBEDTLS_HAVE_TIME_DATE) diff --git a/ports/unix/mbedtls/mbedtls_config.h b/ports/unix/mbedtls/mbedtls_config_port.h index 629064abc..c619de9b8 100644 --- a/ports/unix/mbedtls/mbedtls_config.h +++ b/ports/unix/mbedtls/mbedtls_config_port.h @@ -30,7 +30,6 @@ #define MBEDTLS_CIPHER_MODE_CTR // needed for MICROPY_PY_CRYPTOLIB_CTR // Enable mbedtls modules -#define MBEDTLS_HAVEGE_C #define MBEDTLS_TIMING_C // Include common mbedtls configuration. diff --git a/tests/README.md b/tests/README.md index 47fcacf40..3bc626bf9 100644 --- a/tests/README.md +++ b/tests/README.md @@ -189,7 +189,7 @@ In this case CN is: micropython.local Convert them to DER format: ``` -$ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER +$ openssl pkey -in rsa_key.pem -out rsa_key.der -outform DER $ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER ``` diff --git a/tests/multi_net/asyncio_tls_server_client.py b/tests/multi_net/asyncio_tls_server_client.py index 59e13ec45..98f15c662 100644 --- a/tests/multi_net/asyncio_tls_server_client.py +++ b/tests/multi_net/asyncio_tls_server_client.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/asyncio_tls_server_client_cert_required_error.py b/tests/multi_net/asyncio_tls_server_client_cert_required_error.py index 8607e4ff1..178ad3927 100644 --- a/tests/multi_net/asyncio_tls_server_client_cert_required_error.py +++ b/tests/multi_net/asyncio_tls_server_client_cert_required_error.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/asyncio_tls_server_client_readline.py b/tests/multi_net/asyncio_tls_server_client_readline.py index fd8685f5a..da5f1afee 100644 --- a/tests/multi_net/asyncio_tls_server_client_readline.py +++ b/tests/multi_net/asyncio_tls_server_client_readline.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/asyncio_tls_server_client_verify_error.py b/tests/multi_net/asyncio_tls_server_client_verify_error.py index c600dcc2c..362f0fc8e 100644 --- a/tests/multi_net/asyncio_tls_server_client_verify_error.py +++ b/tests/multi_net/asyncio_tls_server_client_verify_error.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/ec_cert.der b/tests/multi_net/ec_cert.der Binary files differnew file mode 100644 index 000000000..a503a39df --- /dev/null +++ b/tests/multi_net/ec_cert.der diff --git a/tests/multi_net/ec_key.der b/tests/multi_net/ec_key.der Binary files differnew file mode 100644 index 000000000..7d50fe3bc --- /dev/null +++ b/tests/multi_net/ec_key.der diff --git a/tests/multi_net/expired_cert.der b/tests/multi_net/expired_cert.der Binary files differindex 8e1db02ae..3801fca17 100644 --- a/tests/multi_net/expired_cert.der +++ b/tests/multi_net/expired_cert.der diff --git a/tests/multi_net/rsa_cert.der b/tests/multi_net/rsa_cert.der Binary files differindex 8fae71d4b..d0ea34bf4 100644 --- a/tests/multi_net/rsa_cert.der +++ b/tests/multi_net/rsa_cert.der diff --git a/tests/multi_net/rsa_key.der b/tests/multi_net/rsa_key.der Binary files differindex c2cfb76d2..c9c535ae6 100644 --- a/tests/multi_net/rsa_key.der +++ b/tests/multi_net/rsa_key.der diff --git a/tests/multi_net/ssl_cert_ec.py b/tests/multi_net/ssl_cert_ec.py new file mode 100644 index 000000000..2c5734e05 --- /dev/null +++ b/tests/multi_net/ssl_cert_ec.py @@ -0,0 +1,56 @@ +# Simple test creating an SSL connection and transferring some data +# This test won't run under CPython because CPython doesn't have key/cert + +try: + import binascii, os, socket, ssl +except ImportError: + print("SKIP") + raise SystemExit + +PORT = 8000 + +# These are test certificates. See tests/README.md for details. +certfile = "ec_cert.der" +keyfile = "ec_key.der" + +try: + os.stat(certfile) + os.stat(keyfile) +except OSError: + print("SKIP") + raise SystemExit + +with open(certfile, "rb") as cf: + cert = cadata = cf.read() + +with open(keyfile, "rb") as kf: + key = kf.read() + + +# Server +def instance0(): + multitest.globals(IP=multitest.get_network_ip()) + s = socket.socket() + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) + s.listen(1) + multitest.next() + s2, _ = s.accept() + s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert) + print(s2.read(16)) + s2.write(b"server to client") + s2.close() + s.close() + + +# Client +def instance1(): + multitest.next() + s = socket.socket() + s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) + s = ssl.wrap_socket( + s, cert_reqs=ssl.CERT_REQUIRED, server_hostname="micropython.local", cadata=cadata + ) + s.write(b"client to server") + print(s.read(16)) + s.close() diff --git a/tests/multi_net/ssl_data.py.exp b/tests/multi_net/ssl_cert_ec.py.exp index 909c496d0..909c496d0 100644 --- a/tests/multi_net/ssl_data.py.exp +++ b/tests/multi_net/ssl_cert_ec.py.exp diff --git a/tests/multi_net/ssl_data.py b/tests/multi_net/ssl_data.py deleted file mode 100644 index a21c8c658..000000000 --- a/tests/multi_net/ssl_data.py +++ /dev/null @@ -1,67 +0,0 @@ -# Simple test creating an SSL connection and transferring some data -# This test won't run under CPython because it requires key/cert - -try: - import binascii, socket, ssl -except ImportError: - print("SKIP") - raise SystemExit - -PORT = 8000 - -# This self-signed key/cert pair is randomly generated and to be used for -# testing/demonstration only. You should always generate your own key/cert. -key = binascii.unhexlify( - b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef" - b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f" - b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0" - b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d" - b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86" - b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483" - b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102" - b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044" - b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f" -) -cert = binascii.unhexlify( - b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355" - b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504" - b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106" - b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61" - b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075" - b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531" - b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958" - b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468" - b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20" - b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18" - b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a" - b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8" - b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef" - b"979b57f0b3" -) - - -# Server -def instance0(): - multitest.globals(IP=multitest.get_network_ip()) - s = socket.socket() - s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) - s.listen(1) - multitest.next() - s2, _ = s.accept() - s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert) - print(s2.read(16)) - s2.write(b"server to client") - s2.close() - s.close() - - -# Client -def instance1(): - multitest.next() - s = socket.socket() - s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) - s = ssl.wrap_socket(s) - s.write(b"client to server") - print(s.read(16)) - s.close() diff --git a/tests/multi_net/sslcontext_check_hostname_error.py b/tests/multi_net/sslcontext_check_hostname_error.py index ac39211b0..d85363f00 100644 --- a/tests/multi_net/sslcontext_check_hostname_error.py +++ b/tests/multi_net/sslcontext_check_hostname_error.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/sslcontext_getpeercert.py b/tests/multi_net/sslcontext_getpeercert.py index 8748c1f78..e9d96be24 100644 --- a/tests/multi_net/sslcontext_getpeercert.py +++ b/tests/multi_net/sslcontext_getpeercert.py @@ -12,8 +12,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/sslcontext_getpeercert.py.exp b/tests/multi_net/sslcontext_getpeercert.py.exp index 7b0e9d40a..e7a0ab0b4 100644 --- a/tests/multi_net/sslcontext_getpeercert.py.exp +++ b/tests/multi_net/sslcontext_getpeercert.py.exp @@ -1,5 +1,5 @@ --- instance0 --- b'client to server' --- instance1 --- -3082058930820371a00302010202141b3da08b15005eea265d0b57b8ba99812ab274cb300d06092a864886f70d01010b05003054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c301e170d3233313131393032323932375a170d3238313131373032323932375a3054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c30820222300d06092a864886f70d01010105000382020f003082020a0282020100deee37780ebca47e0f414ba033ebe692d2bc374a0eb1f42556bf266ad704208116ee0d8b2fd0b518074ad0981c4fd1322de81696ccea838884b06f56d3ebe49cf0561050f6f8ced5f7f4f13d086b28779a9647bbfae6c3f3ad68a5b28ee8a1ceb260d87ea300316599c4dd9f6082f89164b590df8695add518339f6730dec4f05b1ef63548329b0a48823035b23737f3303b56aa251dd8dcf0c20e6c1d291374c185ae657b349c20721c7c01a1b393c96d4c5f2bc8e2dfca7dab896e2fa84dee53d2bb6dbd1056970fa1812315e8ee9d92b3cb93e0b563d274bf07dd79600ef403b91d4ce814418b28cfaeb2b7d8401e64f6d4f39283df3204f2fe01f2fd289f5d2078d9ee2f96b6de1fd4284d9274fa38b0ad9ffcce8ffe66673be2cf304ee1b27c7cacaaf4ca76f1e84419e6e80f540add3e91cd469903e9ceb6bd2b1c33caa59acb5516ce8ac00e73d7a551bb65d39bd6af04411e81c20e6bd474d797a0bcd498e26720bd60ae4f900bb1afa59c7ac7a336273c7734ca5874ea63fb8ec787ab702041442da11a922baf5fbeb9eeea4f9f49cb1f659b561806d2169dbed07c43558c908c94e16491fe1a22cd92b8f33c1184353bdc985c88722f65e48024910f723035c0d33b789928296fb193cec6350884243b00bf51422ad09fb7012bd9cad4716803422be0d111deace913fac8cb2be1e96fa8449068430e5424bd0bd10203010001a3533051301d0603551d0e041604147d392a82ab464936fd7d74226694556a2945fd8d301f0603551d230418301680147d392a82ab464936fd7d74226694556a2945fd8d300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382020100ae40c015e3eade8dabc84ee357ac9d694e7cd69ce4a1b265880273d16257119aa72fb2aa8b841e2899bea3e8690146f24d963a37825c93bf745447dc6ab09b5f2947671dca13b1e71f5c3e43011d74cdc688ed1215b3016071ae7235d77f79d7bb81f097bb04a08ccf400717721b29e2ea913eb23614610597deee477ed716db7e8ebe11aed39c7035f48259dfa54d88871c1f67159d52ce11eb111fa00708a7d7081c07fd92d54abbaec7ff1b50ce2f6f358857d2f55d1c7b5aa6dd66b9c3c2e654397e2d5330aca9834ff8fd749ce968c706fe3bb1b8510a379ec1910d7ece0212c34d56a2073fb7f25c88fe298568e448d03ec30b348f7d9a8836390216a6da7a8efed50dfb8c21a8531efc158e7f4398f87af18d1bd2926d08d34364bf5d85e88040dff3d3f1da6268dbc0cafa64f544c065380fa695a8d015b385aed0a1fd9ff1d7c2b28a549e04c1132b421f85a85640acac11c69416859fb9b461eeddffa92ae303b35c7233537077068de558dd02715e25aee976a97879038d2952be0d327892ab2fc78716b0d7aab4b923d5d79905f7f8b6a18c42e466fec62f84b6e5957deae0964dab8436b0e0cd4e08012661bafb9588fbfd7068fd6c08ab79101a4bdfe21d95cd0ee0aad7dd8a3ed128071c0ec2d063dc6dfa63189e51bf5d9259e776d7623f745a73f4e12e5c2b90493de1c6436b339e1400891e3e35c31057 +308201d330820179a00302010202144315a7cd8f69febe2640314e7c97d60a2523ad15300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303131343034353335335a170d3235303131333034353335335a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d0301070342000449b7f5fa687cb25a9464c397508149992f445c860bcf7002958eb4337636c6af840cd4c8cf3b96f2384860d8ae3ee3fa135dba051e8605e62bd871689c6af43ca3533051301d0603551d0e0416041441b3ae171d91e330411d8543ba45e0f2d5b2951b301f0603551d2304183016801441b3ae171d91e330411d8543ba45e0f2d5b2951b300f0603551d130101ff040530030101ff300a06082a8648ce3d04030203480030450220587f61c34739d6fab5802a674dcc54443ae9c87da374078c4ee1cd83f4ad1694022100cfc45dcf264888c6ba2c36e78bd27bb67856d7879a052dd7aa7ecf7215f7b992 b'server to client' diff --git a/tests/multi_net/sslcontext_server_client.py b/tests/multi_net/sslcontext_server_client.py index c263ae31b..473c9c376 100644 --- a/tests/multi_net/sslcontext_server_client.py +++ b/tests/multi_net/sslcontext_server_client.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -certfile = "rsa_cert.der" -keyfile = "rsa_key.der" +certfile = "ec_cert.der" +keyfile = "ec_key.der" try: os.stat(certfile) diff --git a/tests/multi_net/sslcontext_server_client_ciphers.py b/tests/multi_net/sslcontext_server_client_ciphers.py index be7c332b4..d65d860fb 100644 --- a/tests/multi_net/sslcontext_server_client_ciphers.py +++ b/tests/multi_net/sslcontext_server_client_ciphers.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) @@ -48,8 +48,8 @@ def instance1(): s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ciphers = client_ctx.get_ciphers() - assert "TLS-RSA-WITH-AES-256-CBC-SHA256" in ciphers - client_ctx.set_ciphers(["TLS-RSA-WITH-AES-256-CBC-SHA256"]) + assert "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" in ciphers + client_ctx.set_ciphers(["TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"]) client_ctx.verify_mode = ssl.CERT_REQUIRED client_ctx.load_verify_locations(cafile=cafile) s = client_ctx.wrap_socket(s, server_hostname="micropython.local") diff --git a/tests/multi_net/sslcontext_server_client_files.py b/tests/multi_net/sslcontext_server_client_files.py index e1ea1b3aa..64a4215c7 100644 --- a/tests/multi_net/sslcontext_server_client_files.py +++ b/tests/multi_net/sslcontext_server_client_files.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/sslcontext_verify_error.py b/tests/multi_net/sslcontext_verify_error.py index 4a7a6cfcc..5dc461e77 100644 --- a/tests/multi_net/sslcontext_verify_error.py +++ b/tests/multi_net/sslcontext_verify_error.py @@ -11,8 +11,8 @@ except ImportError: PORT = 8000 # These are test certificates. See tests/README.md for details. -cert = cafile = "rsa_cert.der" -key = "rsa_key.der" +cert = cafile = "ec_cert.der" +key = "ec_key.der" try: os.stat(cafile) diff --git a/tests/multi_net/sslcontext_verify_time_error.py b/tests/multi_net/sslcontext_verify_time_error.py index e5dc49645..fbefdecf9 100644 --- a/tests/multi_net/sslcontext_verify_time_error.py +++ b/tests/multi_net/sslcontext_verify_time_error.py @@ -12,7 +12,7 @@ PORT = 8000 # These are test certificates. See tests/README.md for details. cert = cafile = "expired_cert.der" -key = "rsa_key.der" +key = "ec_key.der" try: os.stat(cafile) |