Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/dmazzella/ucryptography

Lightweight porting of pyca/cryptography to Micropython based on ARM Mbed TLS
https://github.com/dmazzella/ucryptography

Last synced: 2 months ago
JSON representation

Lightweight porting of pyca/cryptography to Micropython based on ARM Mbed TLS

Host: GitHub
URL: https://github.com/dmazzella/ucryptography
Owner: dmazzella
License: mit
Created: 2019-07-30T10:32:13.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-03-14T16:12:58.000Z (4 months ago)
Last Synced: 2024-03-14T18:12:21.713Z (4 months ago)
Language: C
Homepage:
Size: 494 KB
Stars: 4
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-micropython - ucryptography - Lightweight porting of pyca/cryptography to MicroPython based on ARM Mbed TLS. (Libraries / Communications)

README

        # ucryptography

Lightweight porting of [cryptography](https://github.com/pyca/cryptography)  to Micropython based on [ARM Mbed TLS](https://github.com/ARMmbed/mbedtls)

> [!TIP]

> If you find **ucryptography** useful, consider :star: this project

> and why not ... [Buy me a coffee](https://www.buymeacoffee.com/damianomazp) :smile:

## Basic usage

```python

try:

    from cryptography import hashes, rsa, padding

except ImportError:

    from cryptography.hazmat.primitives import hashes

    from cryptography.hazmat.primitives.asymmetric import rsa

    from cryptography.hazmat.primitives.asymmetric import padding

message = b"A message I want to sign"

chosen_hash = hashes.SHA256()

private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)

signature = private_key.sign(

    message,

    padding.PSS(

        mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size

    ),

    chosen_hash,

)

public_key = private_key.public_key()

public_key.verify(

    signature,

    message,

    padding.PSS(

        mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size

    ),

    chosen_hash,

)

```

## More examples

- [tests/cryptography](https://github.com/dmazzella/ucryptography/tree/master/tests/cryptography)

## How to build

> [!IMPORTANT]

> Currently needs a patch to the file `extmod/mbedtls/mbedtls_config_common.h` to enable all its functionality.

diff



```diff

diff --git a/extmod/mbedtls/mbedtls_config_common.h b/extmod/mbedtls/mbedtls_config_common.h

index db1562f27..d938c829a 100644

--- a/extmod/mbedtls/mbedtls_config_common.h

+++ b/extmod/mbedtls/mbedtls_config_common.h

@@ -46,9 +46,11 @@

 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED

 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

+#define MBEDTLS_BASE64_C

 #define MBEDTLS_CAN_ECDH

 #define MBEDTLS_PK_CAN_ECDSA_SIGN

 #define MBEDTLS_PKCS1_V15

+#define MBEDTLS_PKCS1_V21

 #define MBEDTLS_SHA256_SMALLER

 #define MBEDTLS_SSL_PROTO_TLS1

 #define MBEDTLS_SSL_PROTO_TLS1_1

@@ -67,17 +69,23 @@

 #define MBEDTLS_BIGNUM_C

 #define MBEDTLS_CIPHER_C

 #define MBEDTLS_CTR_DRBG_C

+#define MBEDTLS_DES_C

 #define MBEDTLS_ECDH_C

 #define MBEDTLS_ECDSA_C

 #define MBEDTLS_ECP_C

 #define MBEDTLS_ENTROPY_C

 #define MBEDTLS_ERROR_C

+#define MBEDTLS_GCM_C

+#define MBEDTLS_GENPRIME

 #define MBEDTLS_MD_C

 #define MBEDTLS_MD5_C

 #define MBEDTLS_OID_C

+#define MBEDTLS_PEM_PARSE_C

+#define MBEDTLS_PEM_WRITE_C

 #define MBEDTLS_PKCS5_C

 #define MBEDTLS_PK_C

 #define MBEDTLS_PK_PARSE_C

+#define MBEDTLS_PK_WRITE_C

 #define MBEDTLS_PLATFORM_C

 #define MBEDTLS_RSA_C

 #define MBEDTLS_SHA1_C

```



***

UNIX port (coverage)



```bash

$ git clone https://github.com/micropython/micropython.git

$ cd micropython

micropython$ git submodule update --init --depth 1

micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography

micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch

micropython$ cd usercmodule/ucryptography

ucryptography$ git submodule update --init --depth 1

ucryptography$ cd ../../

micropython$ make -j2 -C mpy-cross/

micropython$ make -j2 -C ports/unix/ VARIANT="coverage" MICROPY_SSL_AXTLS=0 MICROPY_SSL_MBEDTLS=1 USER_C_MODULES="$(pwd)/usercmodule"

```



ESP32 port (ESP32_GENERIC_C3)



```bash

$ git clone https://github.com/micropython/micropython.git

$ cd micropython

micropython$ git submodule update --init --depth 1

micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography

micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch

micropython$ cd usercmodule/ucryptography

ucryptography$ git submodule update --init --depth 1

ucryptography$ cd ../../

micropython$ make -j2 -C mpy-cross/

micropython$ make -C ports/esp32 BOARD=ESP32_GENERIC_C3 USER_C_MODULES="$(pwd)/usercmodule/ucryptography/micropython.cmake"

```



STM32 port (ARDUINO_PORTENTA_H7)



```bash

$ git clone https://github.com/micropython/micropython.git

$ cd micropython

micropython$ git submodule update --init --depth 1

micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography

micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch

micropython$ cd usercmodule/ucryptography

ucryptography$ git submodule update --init --depth 1

ucryptography$ cd ../../

micropython$ make -j2 -C mpy-cross/

micropython$ make -C ports/stm32 BOARD=ARDUINO_PORTENTA_H7 USER_C_MODULES="$(pwd)/usercmodule/ucryptography/micropython.cmake"

```



## Goals 

![In progress](https://progress-bar.dev/100/?title=completed)

- [x] ciphers

  - [x] AESGCM

  - [x] Cipher

  - [x] algorithms

    - [x] AES

    - [x] TripleDES

  - [x] modes

    - [x] CBC

    - [x] ECB

    - [x] GCM

- [x] ec

  - [x] ECDH

  - [x] ECDSA

  - [x] SECP256R1

  - [x] SECP384R1

  - [x] SECP521R1

  - [x] EllipticCurvePublicKey

    - [x] from_encoded_point

  - [x] EllipticCurvePublicNumbers

  - [x] EllipticCurvePrivateKey

  - [x] EllipticCurvePrivateNumbers

  - [x] generate_private_key

  - [x] derive_private_key

- [x] ed25519

  - [x] Ed25519PrivateKey

  - [x] Ed25519PublicKey

- [x] exceptions

  - [x] InvalidSignature

  - [x] AlreadyFinalized

  - [x] UnsupportedAlgorithm

  - [x] InvalidKey

  - [x] InvalidToken

- [x] hashes

  - [x] SHA1

  - [x] SHA256

  - [x] SHA384

  - [x] SHA512

  - [x] BLAKE2s

  - [x] Hash

- [x] hmac

  - [x] HMAC

- [x] padding

  - [x] PKCS1v15

  - [x] PSS

  - [x] OAEP

  - [x] MGF1

  - [x] calculate_max_pss_salt_length

- [x] rsa

  - [x] RSAPublicKey

  - [x] RSAPublicNumbers

  - [x] RSAPrivateKey

  - [x] RSAPrivateNumbers

  - [x] rsa_crt_iqmp

  - [x] rsa_crt_dmp1

  - [x] rsa_crt_dmq1

  - [x] rsa_recover_prime_factors

  - [x] generate_private_key

- [x] serialization

  - [x] load_der_public_key

  - [x] load_der_private_key

  - [x] NoEncryption

  - [x] Encoding

    - [x] DER

    - [x] PEM

    - [x] X962

    - [x] Raw

  - [x] PublicFormat

    - [x] SubjectPublicKeyInfo

    - [x] UncompressedPoint

    - [x] Raw

  - [x] PrivateFormat

    - [x] TraditionalOpenSSL

    - [x] Raw

- [x] twofactor

  - [x] HOTP

  - [x] TOTP

- [x] utils

  - [x] RFC6979

  - [x] Prehashed

  - [x] constant_time_bytes_eq

  - [x] bit_length

  - [x] encode_dss_signature

  - [x] decode_dss_signature

  - [x] rsa_deduce_private_exponent

- [x] x509

  - [x] load_der_x509_certificate

  - [x] Certificate