rbit / pydtls

Datagram Transport Layer Security for Python
Apache License 2.0
72 stars 45 forks source link

Python 3 support #11

Open chrysn opened 7 years ago

chrysn commented 7 years ago

pydtls currently does not support Python 3.

I've tried the trivial porting steps of running 2to3, and replaced a few str/bytes changes, but the largest chunk of work seems to be in dtls/patch.py where pydtls is accessing socket internals that changed (eg. _sock, but even if that was Python 2 idiom for accessing the fileno, changing socket(_sock=other._sock) to socket(fileno=other.fileno()) didn't get me far on the test suite).

Please consider adding support for current Python versions.

notedit commented 7 years ago

+1

chrysn commented 7 years ago

I've made some progress with crude Python 3 porting -- far from production quality (I'm completely disregarding anything pre-3 right now, introducing memory leaks to keep the originals from cloned socket objects from closing the clones at GC time, etc), but it might lead to insights on what's needed for a proper port (eg. that checking for sock.type == SOCK_DGRAM needs to be replaced with a getsockopt, because the type nowadays contains information on nonblockingness).

I'll publish the branch when it's good enough for a simple demo to run or I get stuck, but probably today.

chrysn commented 7 years ago

My python3 branch contains now a mess of changes that might be sufficient to get simple things running. IMO next steps are:

The above got me far enough to discover that I'll be blocked by https://bugs.python.org/issue19084 with pydtls (no way to use preshared keys (PSK) with Python's ssl). I'll stay subscribed to this bug in case anything around my patches is unclear, but unless I see a roadmap with the underlying PSK issue with ssl is resolved, I won't push this any further on my own.

rbit commented 7 years ago

Where are you encountering the PSK issue?

chrysn commented 7 years ago

On Tue, Apr 11, 2017 at 11:53:35AM -0700, Ray Brown wrote:

Where are you encountering the PSK issue?

I take this as a question for the application I have for PSK: the CoAP protocol (like HTTP but suitable for very constrained ("IoT") devices) uses DTLS 1.2 as its transport layer encryption, and the first widely available devices that support it out of the box use preshared keys for easy deployment (https://github.com/chrysn/aiocoap/issues/67).

rbit commented 7 years ago

I see. Thank you. What is the sequence of events that would require the PSK code path to be wired through the standard ssl module, as opposed to through PyDTLS into OpenSSL?

chrysn commented 7 years ago

I don't really need it wired through stdlib; it just seemed to me that the ciphers of pydtls all come from ssl, and that that would be the way to go. If the TLS_PSK_WITH_AES_128_CCM_8 cipher could be directly added to pydtls, that would save me quite some trouble :-)

rbit commented 7 years ago

PyDTLS imports the standard ssl module only for the use case that enables passing of datagram sockets to that module's public functions. This allows users to use standard ssl module syntax, semantics, and error mechanisms. For uses cases not requiring this, there is the SSLConnection interface (see the README). SSLConnection objects are used entirely independently of the standard ssl module.

My feeling about a Python 3 port is that it should be mostly independent of the standard ssl module - perhaps only dealing with it where performance demands (see the section Multi-thread Support in the README); patch.py should probably be cut entirely. It's not that upgrading the standard ssl module isn't a good thing - leveraging users' knowledge and familiarity with its conventions is powerful. However, upgrading the standard ssl module for datagram support requires reaching into its internal and undocumented implementation details, as you've probably noticed. Chasing the active code base of Python 3 in this way is probably not something most maintainers would want to sign up for. This does mean that the unit tests need to be adapted to use SSLConnection directly, though.

hgarcia101685 commented 3 years ago

Is active development on this being done? I'd be willing to contribute wherever needed if that will help

chrysn commented 3 years ago

It appears that the fork at https://github.com/mobius-software-ltd/pyton3-dtls is what now populates the PyPI pytho3-dtls package.

It's all a bit unclear, because the package from the @mobius-software-ltd repo claims to be installable as pip install python3-dtls while the PyPI image says its home page is's yet another one (https://github.com/mcfreis/pydtls by @mcfreis but that hasn't seen the most recent updates PyPI has). Some clarification, both from in this repo (stating it's abandoned and on Python 2, and where to look at for successors) as well as on the forks on lineage (or picking a canonical repository at least) would be appreciated.

hgarcia101685 commented 3 years ago

Thanks for the info @chrysn !