Skip to content

Commit f1d2b81

Browse files
damzdamz
committed
extmod/modussl_mbedtls: Add support for PSK authentication
1 parent 139bc1f commit f1d2b81

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

extmod/modussl_mbedtls.c

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,8 @@ struct ssl_args {
7575
mp_arg_val_t cadata;
7676
mp_arg_val_t do_handshake;
7777
mp_arg_val_t dtls;
78+
mp_arg_val_t psk_identity;
79+
mp_arg_val_t psk_key;
7880
};
7981

8082
STATIC const mp_obj_type_t ussl_socket_type;
@@ -242,6 +244,22 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
242244
mbedtls_ssl_conf_dbg(&o->conf, mbedtls_debug, NULL);
243245
#endif
244246

247+
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
248+
// banana();
249+
if (args->psk_identity.u_obj != mp_const_none && args->psk_key.u_obj != mp_const_none) {
250+
size_t psk_identity_len;
251+
size_t psk_key_len;
252+
const byte *psk_identity = (const byte *)mp_obj_str_get_data(args->psk_identity.u_obj, &psk_identity_len);
253+
const byte *psk_key = (const byte *)mp_obj_str_get_data(args->psk_key.u_obj, &psk_key_len);
254+
// len should include terminating null
255+
ret = mbedtls_ssl_conf_psk(&o->conf, (const unsigned char *) psk_key, psk_key_len, (const unsigned char *) psk_identity, psk_identity_len);
256+
if (ret != 0) {
257+
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; // use general error for all key errors
258+
goto cleanup;
259+
}
260+
}
261+
#endif
262+
245263
ret = mbedtls_ssl_setup(&o->ssl, &o->conf);
246264
if (ret != 0) {
247265
goto cleanup;
@@ -466,6 +484,8 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_
466484
{ MP_QSTR_cadata, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
467485
{ MP_QSTR_do_handshake, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} },
468486
{ MP_QSTR_dtls, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
487+
{ MP_QSTR_psk_identity, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
488+
{ MP_QSTR_psk_key, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
469489
};
470490

471491
// TODO: Check that sock implements stream protocol

ports/esp32/boards/sdkconfig.base

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ CONFIG_LWIP_PPP_CHAP_SUPPORT=y
4747
# Use 4kiB output buffer instead of default 16kiB (because IDF heap is fragmented in 4.0)
4848
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
4949
CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
50+
CONFIG_MBEDTLS_PSK_MODES=y
51+
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y
5052

5153
# ULP coprocessor support
5254
CONFIG_ESP32_ULP_COPROC_ENABLED=y

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy