Hoernchen has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40525?usp=email ) Change subject: smdpp: add proper brp cert support ...................................................................... smdpp: add proper brp cert support Change-Id: I6906732f7d193a9c2234075f4a82df5e0ed46100 --- M .gitignore M osmo-smdpp.py 2 files changed, 12 insertions(+), 6 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/25/40525/1 diff --git a/.gitignore b/.gitignore index 6b74841..7a2e150 100644 --- a/.gitignore +++ b/.gitignore @@ -7,9 +7,10 @@ /.local /build /pySim.egg-info -/smdpp-data/sm-dp-sessions +/smdpp-data/sm-dp-sessions* dist tags smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem +smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.pem smdpp-data/generated smdpp-data/certs/dhparam2048.pem diff --git a/osmo-smdpp.py b/osmo-smdpp.py index b3494ec..41c3562 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -346,7 +346,9 @@ else: self.dp_pb.cert_from_der_file(os.path.join(cert_dir, 'DPpb', 'CERT_S_SM_DPpb_ECDSA_NIST.der')) self.dp_pb.privkey_from_pem_file(os.path.join(cert_dir, 'DPpb', 'SK_S_SM_DPpb_ECDSA_NIST.pem')) - self.rss = rsp.RspSessionStore(os.path.join(DATA_DIR, "sm-dp-sessions")) + # Use different session database files for BRP and NIST to avoid file locking during concurrent runs + session_db_suffix = "BRP" if use_brainpool else "NIST" + self.rss = rsp.RspSessionStore(os.path.join(DATA_DIR, f"sm-dp-sessions-{session_db_suffix}")) @app.handle_errors(ApiError) def handle_apierror(self, request: IRequest, failure): @@ -777,18 +779,21 @@ parser.add_argument("-c", "--certdir", help=f"cert subdir relative to {DATA_DIR}", default="certs") parser.add_argument("-s", "--nossl", help="do NOT use ssl", action='store_true', default=False) parser.add_argument("-v", "--verbose", help="dump more raw info", action='store_true', default=False) + parser.add_argument("-b", "--brainpool", help="Use Brainpool curves instead of NIST", + action='store_true', default=False) args = parser.parse_args() logging.basicConfig(level=logging.DEBUG if args.verbose else logging.WARNING) common_cert_path = os.path.join(DATA_DIR, args.certdir) - hs = SmDppHttpServer(server_hostname=HOSTNAME, ci_certs_path=os.path.join(common_cert_path, 'CertificateIssuer'), common_cert_path=common_cert_path, use_brainpool=False) + hs = SmDppHttpServer(server_hostname=HOSTNAME, ci_certs_path=os.path.join(common_cert_path, 'CertificateIssuer'), common_cert_path=common_cert_path, use_brainpool=args.brainpool) if(args.nossl): hs.app.run(args.host, args.port) else: - cert_derpath = Path(common_cert_path) / 'DPtls' / 'CERT_S_SM_DP_TLS_NIST.der' - cert_pempath = Path(common_cert_path) / 'DPtls' / 'CERT_S_SM_DP_TLS_NIST.pem' - cert_skpath = Path(common_cert_path) / 'DPtls' / 'SK_S_SM_DP_TLS_NIST.pem' + curve_type = 'BRP' if args.brainpool else 'NIST' + cert_derpath = Path(common_cert_path) / 'DPtls' / f'CERT_S_SM_DP_TLS_{curve_type}.der' + cert_pempath = Path(common_cert_path) / 'DPtls' / f'CERT_S_SM_DP_TLS_{curve_type}.pem' + cert_skpath = Path(common_cert_path) / 'DPtls' / f'SK_S_SM_DP_TLS_{curve_type}.pem' dhparam_path = Path(common_cert_path) / "dhparam2048.pem" if not dhparam_path.exists(): print("Generating dh params, this takes a few seconds..") -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40525?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I6906732f7d193a9c2234075f4a82df5e0ed46100 Gerrit-Change-Number: 40525 Gerrit-PatchSet: 1 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de>