Lightweight porting of cryptography to Micropython based on ARM Mbed TLS
Tip
If you find ucryptography useful, consider ⭐ this project and why not ... Buy me a coffee 😄
try:
from cryptography import hashes, rsa, padding
except ImportError:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import padding
message = b"A message I want to sign"
chosen_hash = hashes.SHA256()
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
signature = private_key.sign(
message,
padding.PSS(
mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size
),
chosen_hash,
)
public_key = private_key.public_key()
public_key.verify(
signature,
message,
padding.PSS(
mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size
),
chosen_hash,
)
Important
Currently needs a patch to the file extmod/mbedtls/mbedtls_config_common.h
to enable all its functionality.
diff
diff --git a/extmod/mbedtls/mbedtls_config_common.h b/extmod/mbedtls/mbedtls_config_common.h
index db1562f27..d938c829a 100644
--- a/extmod/mbedtls/mbedtls_config_common.h
+++ b/extmod/mbedtls/mbedtls_config_common.h
@@ -46,9 +46,11 @@
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_BASE64_C
#define MBEDTLS_CAN_ECDH
#define MBEDTLS_PK_CAN_ECDSA_SIGN
#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_PROTO_TLS1
#define MBEDTLS_SSL_PROTO_TLS1_1
@@ -67,17 +69,23 @@
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_DES_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_GENPRIME
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
UNIX port (coverage)
$ git clone https://github.com/micropython/micropython.git
$ cd micropython
micropython$ git submodule update --init --depth 1
micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography
micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch
micropython$ cd usercmodule/ucryptography
ucryptography$ git submodule update --init --depth 1
ucryptography$ cd ../../
micropython$ make -j2 -C mpy-cross/
micropython$ make -j2 -C ports/unix/ VARIANT="coverage" MICROPY_SSL_AXTLS=0 MICROPY_SSL_MBEDTLS=1 USER_C_MODULES="$(pwd)/usercmodule"
ESP32 port (ESP32_GENERIC_C3)
$ git clone https://github.com/micropython/micropython.git
$ cd micropython
micropython$ git submodule update --init --depth 1
micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography
micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch
micropython$ cd usercmodule/ucryptography
ucryptography$ git submodule update --init --depth 1
ucryptography$ cd ../../
micropython$ make -j2 -C mpy-cross/
micropython$ make -C ports/esp32 BOARD=ESP32_GENERIC_C3 USER_C_MODULES="$(pwd)/usercmodule/ucryptography/micropython.cmake"
STM32 port (ARDUINO_PORTENTA_H7)
$ git clone https://github.com/micropython/micropython.git
$ cd micropython
micropython$ git submodule update --init --depth 1
micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography
micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch
micropython$ cd usercmodule/ucryptography
ucryptography$ git submodule update --init --depth 1
ucryptography$ cd ../../
micropython$ make -j2 -C mpy-cross/
micropython$ make -C ports/stm32 BOARD=ARDUINO_PORTENTA_H7 USER_C_MODULES="$(pwd)/usercmodule"
- ciphers
- AESGCM
- Cipher
- algorithms
- AES
- TripleDES
- modes
- CBC
- ECB
- GCM
- ec
- ECDH
- ECDSA
- SECP256R1
- SECP384R1
- SECP521R1
- EllipticCurvePublicKey
- from_encoded_point
- EllipticCurvePublicNumbers
- EllipticCurvePrivateKey
- EllipticCurvePrivateNumbers
- generate_private_key
- derive_private_key
- ed25519
- Ed25519PrivateKey
- Ed25519PublicKey
- exceptions
- InvalidSignature
- AlreadyFinalized
- UnsupportedAlgorithm
- InvalidKey
- InvalidToken
- hashes
- SHA1
- SHA256
- SHA384
- SHA512
- BLAKE2s
- Hash
- hmac
- HMAC
- padding
- PKCS1v15
- PSS
- OAEP
- MGF1
- calculate_max_pss_salt_length
- rsa
- RSAPublicKey
- RSAPublicNumbers
- RSAPrivateKey
- RSAPrivateNumbers
- rsa_crt_iqmp
- rsa_crt_dmp1
- rsa_crt_dmq1
- rsa_recover_prime_factors
- generate_private_key
- serialization
- load_der_public_key
- load_der_private_key
- NoEncryption
- Encoding
- DER
- PEM
- X962
- Raw
- PublicFormat
- SubjectPublicKeyInfo
- UncompressedPoint
- Raw
- PrivateFormat
- TraditionalOpenSSL
- Raw
- twofactor
- HOTP
- TOTP
- utils
- RFC6979
- Prehashed
- constant_time_bytes_eq
- bit_length
- encode_dss_signature
- decode_dss_signature
- rsa_deduce_private_exponent
- x509
- load_der_x509_certificate
- Certificate