search

drbild / sslpsk

Adds TLS-PSK support to the Python ssl package
Apache License 2.0
25 stars 32 forks source link

Support for binary hint and identity strings in Python 3 #16

Closed kueblc closed 3 years ago

kueblc commented 4 years ago

Hi @drbild, great work on this library. I have a script that is running fine with python2 but fails in python3. It seems to have problems when either the hint or identity contain non-unicode sequences.

This fork had intended to fix it, but it doesn't seem to be working with my system. https://github.com/M4dmartig4n/sslpsk/commit/157f063b66a0d5f148860c45de04458eac96935d

When hint is of type bytes:

Traceback (most recent call last):
  File "./psk-frontend.py", line 111, in <module>
    main()
  File "./psk-frontend.py", line 107, in main
    p.data_ready_cb(s)
  File "./psk-frontend.py", line 78, in data_ready_cb
    self.new_client(_s)
  File "./psk-frontend.py", line 68, in new_client
    hint=self.hint)
  File "/usr/local/lib/python3.6/dist-packages/sslpsk/sslpsk.py", line 104, in wrap_socket
    _ssl_set_psk_server_callback(sock, cb, hint)
  File "/usr/local/lib/python3.6/dist-packages/sslpsk/sslpsk.py", line 80, in _ssl_set_psk_server_callback
    _      = _sslpsk.sslpsk_use_psk_identity_hint(_sslobj(sock), hint if hint else "")
TypeError: argument 2 must be str, not bytes

Here the identity is non-unicode, position 20 is indeed 0xfc.

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfc in position 20: invalid start byte

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "./psk-frontend.py", line 111, in <module>
    main()
  File "./psk-frontend.py", line 107, in main
    p.data_ready_cb(s)
  File "./psk-frontend.py", line 78, in data_ready_cb
    self.new_client(_s)
  File "./psk-frontend.py", line 68, in new_client
    hint=self.hint)
  File "/usr/local/lib/python3.6/dist-packages/sslpsk/sslpsk.py", line 110, in wrap_socket
    sock.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
SystemError: <class 'ssl.SSLError'> returned a result with an error set

For reference, the script being used is part of tuya-convert, which creates a connection with Tuya IoT devices. As a workaround we're forcing python2, but since python2 is being deprecated I'd like to get it working in python3.

Oddly this only seems to impact some users, others have reported that python3 works fine for them. This makes me think it might be a problem with part of the build process in different environments.

Thanks in advance for any insight you might have into this issue.

drbild commented 4 years ago

Thanks for the detailed report and kind words, @kueblc .

I've never tried with a non-UTF8-compatible psk or identity hint before.

Can you please try with this branch: https://github.com/drbild/sslpsk/tree/use-byte-string-for-identity-hints? It updates the whole library to use byte-strings, instead of unicode strings, for both psks and identity hints.

kueblc commented 4 years ago

Hi @drbild, thanks for getting back to me so quickly. I'm having some unrelated computer issues so I haven't been able to test this yet. I will do so ASAP and get back to you then.

kueblc commented 4 years ago

I can confirm this resolves the issue for me on Ubuntu 18.04, OpenSSL 1.1.1, Python 3.6.8.

Thank you so much for the quick resolution!

paravoid commented 4 years ago

Ping! It'd be great to see a release with this + #11 merged in :)

drbild commented 3 years ago

Fixed by #20