programs: Extract client/server programs from tests

Synss · Synss · commit 4cd10cb5c0ce · 2022-01-07T21:07:26.000+01:00
The code is extracted from the tests in a slightly simpler version
and augmented with command-line arguments.

This patch further removes the end-to-end tests using these
classes:  They were skipped anyway because too complex and flaky.
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -26,6 +26,8 @@ This repository's issues are reserved for feature requests and bug reports.
 
 ### Steps to reproduce
 
+<!-- Using `programs/client.py` and `programs/server.py` if possible -->
+
 1.
 1.
 1.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@
 
 * tls: Add support for session caching.
 * tls: Add context manager to `TLSWrappedSocket`
+* programs: Add example DTLS and TLS client and server.
 * ci: Drop CircleCI.
 * Update wheels to mbedtls 2.16.12
 * Add support for Python 3.10.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -6,6 +6,7 @@ include *.toml
 include *.txt
 include ChangeLog
 recursive-include docs *.rst
+recursive-include programs *.py
 recursive-include requirements *.in
 recursive-include requirements *.txt
 recursive-include scripts *.sh
diff --git a/programs/client.py b/programs/client.py
@@ -0,0 +1,159 @@
+#!/usr/bin/env python
+"""An example DTLS/TLS client.
+
+Run ./programs/client.py --help.
+
+"""
+
+import argparse
+import socket
+from contextlib import suppress
+
+from mbedtls.exceptions import TLSError
+from mbedtls.tls import (
+    ClientContext,
+    DTLSConfiguration,
+    TLSConfiguration,
+    _enable_debug_output,
+    _set_debug_level,
+)
+
+__all__ = ["Client"]
+
+
+def _echo_tls(sock, buffer, chunksize):
+    view = memoryview(buffer)
+    received = bytearray()
+    for idx in range(0, len(view), chunksize):
+        part = view[idx : idx + chunksize]
+        _sent = sock.send(part)
+        received += sock.recv(chunksize)
+    return received
+
+
+def _echo_dtls(sock, buffer, chunksize):
+    view = memoryview(buffer)
+    received = bytearray()
+    for idx in range(0, len(view), chunksize):
+        part = view[idx : idx + chunksize]
+        _sent = sock.send(part)
+        data, _addr = sock.recvfrom(chunksize)
+        received += data
+    return received
+
+
+class Client:
+    def __init__(self, cli_conf, proto, srv_address, srv_hostname):
+        super().__init__()
+        self.cli_conf = cli_conf
+        self.proto = proto
+        self.srv_address = srv_address
+        self.srv_hostname = srv_hostname
+        self._sock = None
+        self._echo = {
+            socket.SOCK_STREAM: _echo_tls,
+            socket.SOCK_DGRAM: _echo_dtls,
+        }[self.proto]
+
+    def __enter__(self):
+        self.start()
+        return self
+
+    def __exit__(self, *exc_info):
+        self.stop()
+
+    def __del__(self):
+        self.stop()
+
+    @property
+    def context(self):
+        if self._sock is None:
+            return None
+        return self._sock.context
+
+    def do_handshake(self):
+        if not self._sock:
+            return
+
+        self._sock.do_handshake()
+
+    def echo(self, buffer, chunksize):
+        if not self._sock:
+            return b""
+
+        return bytes(self._echo(self._sock, buffer, chunksize))
+
+    def start(self):
+        if self._sock:
+            self.stop()
+
+        self._sock = ClientContext(self.cli_conf).wrap_socket(
+            socket.socket(socket.AF_INET, self.proto),
+            server_hostname=self.srv_hostname,
+        )
+        self._sock.connect(self.srv_address)
+
+    def stop(self):
+        if not self._sock:
+            return
+
+        with suppress(TLSError, OSError):
+            self._sock.close()
+        self._sock = None
+
+    def restart(self):
+        self.stop()
+        self.start()
+
+
+def parse_args():
+    class PSKArg(argparse.Action):
+        def __call__(self, parser, namespace, values, option_string=None):
+            def entry(kv):
+                k, v = kv.split(b"=")
+                return k.decode("utf-8"), v
+
+            setattr(namespace, self.dest, entry(values))
+
+    parser = argparse.ArgumentParser(description="client")
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument(
+        "--tls", dest="proto", action="store_const", const=socket.SOCK_STREAM
+    )
+    group.add_argument(
+        "--dtls", dest="proto", action="store_const", const=socket.SOCK_DGRAM
+    )
+    parser.add_argument("--address", default="127.0.0.1")
+    parser.add_argument("--port", default=4433, type=int)
+    parser.add_argument("--debug", type=int)
+    parser.add_argument("--server-name", default="localhost")
+    parser.add_argument(
+        "--psk",
+        type=lambda x: x.encode("latin1"),
+        action=PSKArg,
+        metavar="CLI=SECRET",
+    )
+    parser.add_argument("message", default="hello")
+    return parser.parse_args()
+
+
+def main(args):
+    conf = {
+        socket.SOCK_STREAM: TLSConfiguration,
+        socket.SOCK_DGRAM: DTLSConfiguration,
+    }[args.proto](pre_shared_key=args.psk, validate_certificates=False)
+
+    if args.debug is not None:
+        _enable_debug_output(conf)
+        _set_debug_level(args.debug)
+
+    with Client(
+        conf, args.proto, (args.address, args.port), args.server_name
+    ) as cli:
+        cli.do_handshake()
+        received = cli.echo(args.message.encode("utf-8"), 1024)
+    print(received.decode("utf-8"))
+
+
+if __name__ == "__main__":
+    main(parse_args())
diff --git a/programs/server.py b/programs/server.py
@@ -0,0 +1,171 @@
+#!/usr/bin/env python
+"""An example DTLS/TLS server.
+
+Run ./programs/server.py --help.
+
+"""
+
+import argparse
+import socket
+from contextlib import suppress
+from functools import partial
+
+from mbedtls.exceptions import TLSError
+from mbedtls.tls import (
+    DTLSConfiguration,
+    HelloVerifyRequest,
+    ServerContext,
+    TLSConfiguration,
+    _enable_debug_output,
+    _set_debug_level,
+)
+
+__all__ = ["Server"]
+
+
+def _make_tls_connection(sock):
+    assert sock
+    conn, _addr = sock.accept()
+    return conn
+
+
+def _make_dtls_connection(sock):
+    assert sock
+    conn, addr = sock.accept()
+    conn.setcookieparam(addr[0].encode("ascii"))
+    with suppress(HelloVerifyRequest):
+        conn.do_handshake()
+
+    _, (conn, addr) = conn, conn.accept()
+    _.close()
+    conn.setcookieparam(addr[0].encode("ascii"))
+    return conn
+
+
+class Server:
+    def __init__(self, srv_conf, proto, address):
+        super().__init__()
+        self.srv_conf = srv_conf
+        self.proto = proto
+        self.address = address
+        self._make_connection = {
+            socket.SOCK_STREAM: _make_tls_connection,
+            socket.SOCK_DGRAM: _make_dtls_connection,
+        }[self.proto]
+        self._sock = None
+
+    def __enter__(self):
+        self.start()
+        return self
+
+    def __exit__(self, *exc_info):
+        self.stop()
+
+    def __del__(self):
+        self.stop()
+
+    @property
+    def context(self):
+        if self._sock is None:
+            return None
+        return self._sock.context
+
+    def start(self):
+        if self._sock:
+            self.stop()
+
+        self._sock = ServerContext(self.srv_conf).wrap_socket(
+            socket.socket(socket.AF_INET, self.proto)
+        )
+        self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self._sock.bind(self.address)
+        if self.proto is socket.SOCK_STREAM:
+            self._sock.listen(1)
+
+    def stop(self):
+        if not self._sock:
+            return
+
+        self._sock.close()
+        self._sock = None
+
+    def run(self, conn_handler):
+        if not self._sock:
+            raise ConnectionRefusedError("server not started")
+
+        while True:
+            self._run(conn_handler)
+
+    def _run(self, conn_handler):
+        with self._make_connection(self._sock) as conn:
+            try:
+                conn.do_handshake()
+            except TLSError:
+                return
+            conn_handler(conn)
+
+
+def echo_handler(conn, *, packet_size):
+    data = conn.recv(packet_size)
+    sent = 0
+    view = memoryview(data)
+    while sent != len(data):
+        sent += conn.send(view[sent:])
+
+
+def parse_args():
+    class PSKStoreArg(argparse.Action):
+        def __call__(self, parser, namespace, values, option_string=None):
+            def entry(kv):
+                k, v = kv.split(b"=")
+                return k.decode("utf-8"), v
+
+            setattr(
+                namespace,
+                self.dest,
+                dict(entry(kv) for kv in values.split(b",")),
+            )
+
+    parser = argparse.ArgumentParser(description="server")
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument(
+        "--tls", dest="proto", action="store_const", const=socket.SOCK_STREAM
+    )
+    group.add_argument(
+        "--dtls", dest="proto", action="store_const", const=socket.SOCK_DGRAM
+    )
+    parser.add_argument("--address", default="0.0.0.0")
+    parser.add_argument("--port", default=4433, type=int)
+    parser.add_argument("--debug", type=int)
+    parser.add_argument(
+        "--psk-store",
+        type=lambda x: x.encode("latin1"),
+        action=PSKStoreArg,
+        metavar="CLI1=SECRET1,CLI2=SECRET2...",
+    )
+    return parser.parse_args()
+
+
+def main(args):
+    conf = {
+        socket.SOCK_STREAM: TLSConfiguration,
+        socket.SOCK_DGRAM: DTLSConfiguration,
+    }[args.proto](
+        pre_shared_key_store=args.psk_store,
+        validate_certificates=False,
+    )
+
+    if args.debug is not None:
+        _enable_debug_output(conf)
+        _set_debug_level(args.debug)
+
+    with Server(conf, args.proto, (args.address, args.port)) as srv:
+        srv.run(partial(echo_handler, packet_size=4069))
+
+
+if __name__ == "__main__":
+    import faulthandler
+
+    faulthandler.enable()
+    with suppress(KeyboardInterrupt):
+        main(parse_args())
diff --git a/tests/test_tls.py b/tests/test_tls.py
