Description

Micropython package for doing fast rsa and elliptic curve cryptography, specifically digital signatures. ECDSA API design inspired from fastecdsa and implementation based on tomsfastmath.

[!TIP] If you find ucrypto useful, consider :star: this project and why not ... Buy me a coffee :smile:

Examples

• Signing and Verifying ufastrsa

  from ufastrsa.rsa import RSA, genrsa
  
  def main():
  
      bits = 1024
      print("RSA bits", bits)
      r = RSA(*genrsa(bits, e=65537))
      if r:
          print("RSA OK")
          data = b"a message to sign and encrypt via RSA"
          print("random data len:", len(data), data)
          assert r.pkcs_verify(r.pkcs_sign(data)) == data
          print("pkcs_verify OK")
          assert r.pkcs_decrypt(r.pkcs_encrypt(data)) == data
          print("pkcs_decrypt OK")
  
  if __name__ == "__main__":
      main()

• Signing and Verifying ufastecdsa

  try:
      from ufastecdsa import curve, ecdsa, keys, util
  
      get_bit_length = util.get_bit_length
  except ImportError:
      from fastecdsa import curve, ecdsa, keys, util
  
      get_bit_length = int.bit_length
  
  def main():
  
      # private_key = 82378264402520040413352233063555671940555718680152892238371187003380781159101
      # public_key = keys.get_public_key(private_key, curve.P256)
  
      private_key, public_key = keys.gen_keypair(curve.P256)
      print("private_key:", private_key)
      print("public_key:", public_key.x, public_key.y, public_key.curve.name)
  
      m = "a message to sign via ECDSA"
  
      r, s = ecdsa.sign(m, private_key)
  
      print("R:", r)
      print("S:", s)
  
      verified = ecdsa.verify((r, s), m, public_key)
      print(verified)
  
  if __name__ == "__main__":
      main()

  • Arbitrary Elliptic Curve Arithmetic

    
    from _crypto import ECC

  P256 = ECC.Curve( 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff, -0x3, 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b, 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551, 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296, 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 )

  S = ECC.Point( 0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9, 0xc093ae7ff36e5380fc01a5aad1e66659702de80f53cec576b6350b243042a256, P256 )

  T = ECC.Point( 0x55a8b00f8da1d44e62f6b3b25316212e39540dc861c89575bb8cf92e35e0986b, 0x5421c3209c2d6c704835d82ac4c3dd90f61a8a52598b9e7ab656e9d8c8b24316, P256 )

  print("S==S = ", S == S)

  print("S==T = ", S == T)

  R = S + T print("S+T = ({:X}, {:X})".format(R.x, R.y))

  R = S - T print("S-T = ({:X}, {:X})".format(R.x, R.y))

  R = 2 * S print("2S = ({:X}, {:X})".format(R.x, R.y))

  d = 0xc51e4753afdec1e6b6c6a5b992f43f8dd0c7a8933072708b6522468b2ffb06fd e = 0xd37f628ece72a462f0145cbefe3f0b355ee8332d37acdd83a358016aea029db7 R = (d S) + (e T) print("dS+eT = ({:X}, {:X})".format(R.x, R.y))

  R = S + S print("S+S = ({:X}, {:X})".format(R.x, R.y))

  R = S - S print("S-S = ({:X}, {:X})".format(R.x, R.y))

• for other examples: tests

Optimizations are disabled by default for easy build on different platforms

#define TFM_NO_ASM

// #define TFM_ECC192
// #define TFM_ECC224
// #define TFM_ECC256
// #define TFM_ECC384
// #define TFM_ECC512
// #define TFM_RSA512
// #define TFM_RSA1024
// #define TFM_RSA2048

Compiling the cmodule into MicroPython

To build such a module, compile MicroPython with an extra make flag named USER_C_MODULES set to the directory containing all modules you want included (not to the module itself).

• Example:

  PYBD_SF6

  ➜  ~ git clone https://github.com/micropython/micropython.git micropython
  ➜  ~ cd micropython
  ➜  micropython (master) ✗ git submodule update --init
  ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/stm32/boards/PYBD_SF6/cmodules/ucrypto
  ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/stm32/ BOARD="PYBD_SF6" USER_C_MODULES="$(pwd)/ports/stm32/boards/PYBD_SF6/cmodules"

  ESP32_GENERIC

  ➜  ~ git clone https://github.com/micropython/micropython.git micropython
  ➜  ~ cd micropython
  ➜  micropython (master) ✗ git submodule update --init
  ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/esp32/boards/ESP32_GENERIC/cmodules/ucrypto
  ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/esp32/ BOARD="ESP32_GENERIC" USER_C_MODULES="$(pwd)/ports/esp32/boards/ESP32_GENERIC/cmodules/ucrypto/micropython.cmake"

  ARDUINO_NANO_RP2040_CONNECT

  ➜  ~ git clone https://github.com/micropython/micropython.git micropython
  ➜  ~ cd micropython
  ➜  micropython (master) ✗ git submodule update --init
  ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/rp2/boards/ARDUINO_NANO_RP2040_CONNECT/cmodules/ucrypto
  ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/rp2/ BOARD="ARDUINO_NANO_RP2040_CONNECT" USER_C_MODULES="$(pwd)/ports/rp2/boards/ARDUINO_NANO_RP2040_CONNECT/cmodules/ucrypto/micropython.cmake"

Build size:

The build size depends on the asm optimizations of the tomsfastmath library that are enabled into ucrypto/tomsfastmath/tfm_mpi.h

#define TFM_ECC192
#define TFM_ECC224
#define TFM_ECC256
#define TFM_ECC384
#define TFM_ECC512
#define TFM_RSA512
#define TFM_RSA1024
#define TFM_RSA2048

• PYBD_SF6 without ucrypto:

  LINK build-PYBD_SF6/firmware.elf
  text       data     bss     dec     hex filename
  1012856     328  100576 1113760  10fea0 build-PYBD_SF6/firmware.elf

• PYBD_SF6 with ucrypto and with tomsfastmath only ECC 256 asm optimizations:

  // #define TFM_ECC192
  // #define TFM_ECC224
  #define TFM_ECC256
  // #define TFM_ECC384
  // #define TFM_ECC512
  // #define TFM_RSA512
  // #define TFM_RSA1024
  // #define TFM_RSA2048

  LINK build-PYBD_SF6/firmware.elf
  text       data     bss     dec     hex filename
  1034872     452  101600 1136924  11591c build-PYBD_SF6/firmware.elf

• PYBD_SF6 with ucrypto and without tomsfastmath RSA asm optimizations:

  #define TFM_ECC192
  #define TFM_ECC224
  #define TFM_ECC256
  #define TFM_ECC384
  #define TFM_ECC512
  // #define TFM_RSA512
  // #define TFM_RSA1024
  // #define TFM_RSA2048

  LINK build-PYBD_SF6/firmware.elf
  text       data     bss     dec     hex filename
  1042552     452  101600 1144604  11771c build-PYBD_SF6/firmware.elf

• PYBD_SF6 with ucrypto and full tomsfastmath asm optimizations:

  LINK build-PYBD_SF6/firmware.elf
  text       data     bss     dec     hex filename
  1209976     452  101600 1312028  14051c build-PYBD_SF6/firmware.elf

To see which optimizations are enabled in the build:

MicroPython v1.19.1-705-gac5934c96-dirty on 2022-11-22; PORTENTA with STM32H747
Type "help()" for more information.
>>> import _crypto
>>> print(_crypto.NUMBER.ident())
TomsFastMath v0.13.1-next

Sizeofs
        fp_digit = 4
        fp_word  = 8

FP_MAX_SIZE = 4352

Defines: 
 TFM_ARM  TFM_ECC192  TFM_ECC224  TFM_ECC256  TFM_ECC384  TFM_ECC512  TFM_RSA512  TFM_RSA1024  TFM_RSA2048  TFM_ASM  TFM_MUL6  TFM_SQR6  TFM_MUL7  TFM_SQR7  TFM_MUL8  TFM_SQR8  TFM_MUL12  TFM_SQR12  TFM_SMALL_SET  TFM_MUL17  TFM_SQR17  TFM_MUL32  TFM_SQR32  TFM_MUL64  TFM_SQR64 

>>>