Hoernchen has uploaded this change for review. (
https://gerrit.osmocom.org/c/pysim/+/40525?usp=email )
Change subject: smdpp: add proper brp cert support
......................................................................
smdpp: add proper brp cert support
Change-Id: I6906732f7d193a9c2234075f4a82df5e0ed46100
---
M .gitignore
M osmo-smdpp.py
2 files changed, 12 insertions(+), 6 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/25/40525/1
diff --git a/.gitignore b/.gitignore
index 6b74841..7a2e150 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,9 +7,10 @@
/.local
/build
/pySim.egg-info
-/smdpp-data/sm-dp-sessions
+/smdpp-data/sm-dp-sessions*
dist
tags
smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem
+smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.pem
smdpp-data/generated
smdpp-data/certs/dhparam2048.pem
diff --git a/osmo-smdpp.py b/osmo-smdpp.py
index b3494ec..41c3562 100755
--- a/osmo-smdpp.py
+++ b/osmo-smdpp.py
@@ -346,7 +346,9 @@
else:
self.dp_pb.cert_from_der_file(os.path.join(cert_dir, 'DPpb',
'CERT_S_SM_DPpb_ECDSA_NIST.der'))
self.dp_pb.privkey_from_pem_file(os.path.join(cert_dir, 'DPpb',
'SK_S_SM_DPpb_ECDSA_NIST.pem'))
- self.rss = rsp.RspSessionStore(os.path.join(DATA_DIR,
"sm-dp-sessions"))
+ # Use different session database files for BRP and NIST to avoid file
locking during concurrent runs
+ session_db_suffix = "BRP" if use_brainpool else "NIST"
+ self.rss = rsp.RspSessionStore(os.path.join(DATA_DIR,
f"sm-dp-sessions-{session_db_suffix}"))
@app.handle_errors(ApiError)
def handle_apierror(self, request: IRequest, failure):
@@ -777,18 +779,21 @@
parser.add_argument("-c", "--certdir", help=f"cert subdir relative to
{DATA_DIR}", default="certs")
parser.add_argument("-s", "--nossl", help="do NOT use ssl",
action='store_true', default=False)
parser.add_argument("-v", "--verbose", help="dump more raw info",
action='store_true', default=False)
+ parser.add_argument("-b", "--brainpool", help="Use Brainpool curves
instead of NIST",
+ action='store_true', default=False)
args = parser.parse_args()
logging.basicConfig(level=logging.DEBUG if args.verbose else
logging.WARNING)
common_cert_path = os.path.join(DATA_DIR, args.certdir)
- hs = SmDppHttpServer(server_hostname=HOSTNAME,
ci_certs_path=os.path.join(common_cert_path, 'CertificateIssuer'),
common_cert_path=common_cert_path, use_brainpool=False)
+ hs = SmDppHttpServer(server_hostname=HOSTNAME,
ci_certs_path=os.path.join(common_cert_path, 'CertificateIssuer'),
common_cert_path=common_cert_path, use_brainpool=args.brainpool)
if(args.nossl):
hs.app.run(args.host, args.port)
else:
- cert_derpath = Path(common_cert_path) / 'DPtls' /
'CERT_S_SM_DP_TLS_NIST.der'
- cert_pempath = Path(common_cert_path) / 'DPtls' /
'CERT_S_SM_DP_TLS_NIST.pem'
- cert_skpath = Path(common_cert_path) / 'DPtls' /
'SK_S_SM_DP_TLS_NIST.pem'
+ curve_type = 'BRP' if args.brainpool else 'NIST'
+ cert_derpath = Path(common_cert_path) / 'DPtls' /
f'CERT_S_SM_DP_TLS_{curve_type}.der'
+ cert_pempath = Path(common_cert_path) / 'DPtls' /
f'CERT_S_SM_DP_TLS_{curve_type}.pem'
+ cert_skpath = Path(common_cert_path) / 'DPtls' /
f'SK_S_SM_DP_TLS_{curve_type}.pem'
dhparam_path = Path(common_cert_path) / "dhparam2048.pem"
if not dhparam_path.exists():
print("Generating dh params, this takes a few seconds..")
--
To view, visit https://gerrit.osmocom.org/c/pysim/+/40525?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I6906732f7d193a9c2234075f4a82df5e0ed46100
Gerrit-Change-Number: 40525
Gerrit-PatchSet: 1
Gerrit-Owner: Hoernchen <[email protected]>
