Lightweight porting of cryptography to Micropython based on ARM Mbed TLS
[!TIP] If you find ucryptography useful, consider :star: this project and why not ... Buy me a coffee :smile:
try:
from cryptography import hashes, rsa, padding
except ImportError:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import padding
message = b"A message I want to sign"
chosen_hash = hashes.SHA256()
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
signature = private_key.sign(
message,
padding.PSS(
mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size
),
chosen_hash,
)
public_key = private_key.public_key()
public_key.verify(
signature,
message,
padding.PSS(
mgf=padding.MGF1(chosen_hash), salt_length=chosen_hash.digest_size
),
chosen_hash,
)
[!IMPORTANT] Currently needs a patch to the file
extmod/mbedtls/mbedtls_config_common.h
to enable all its functionality.
```diff diff --git a/extmod/mbedtls/mbedtls_config_common.h b/extmod/mbedtls/mbedtls_config_common.h index db1562f27..d938c829a 100644 --- a/extmod/mbedtls/mbedtls_config_common.h +++ b/extmod/mbedtls/mbedtls_config_common.h @@ -46,9 +46,11 @@ #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_BASE64_C #define MBEDTLS_CAN_ECDH #define MBEDTLS_PK_CAN_ECDSA_SIGN #define MBEDTLS_PKCS1_V15 +#define MBEDTLS_PKCS1_V21 #define MBEDTLS_SHA256_SMALLER #define MBEDTLS_SSL_PROTO_TLS1 #define MBEDTLS_SSL_PROTO_TLS1_1 @@ -67,17 +69,23 @@ #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_DES_C #define MBEDTLS_ECDH_C #define MBEDTLS_ECDSA_C #define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_GENPRIME #define MBEDTLS_MD_C #define MBEDTLS_MD5_C #define MBEDTLS_OID_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_PEM_WRITE_C #define MBEDTLS_PKCS5_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C #define MBEDTLS_PLATFORM_C #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C ```
```bash $ git clone https://github.com/micropython/micropython.git $ cd micropython micropython$ git submodule update --init --depth 1 micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch micropython$ cd usercmodule/ucryptography ucryptography$ git submodule update --init --depth 1 ucryptography$ cd ../../ micropython$ make -j2 -C mpy-cross/ micropython$ make -j2 -C ports/unix/ VARIANT="coverage" MICROPY_SSL_AXTLS=0 MICROPY_SSL_MBEDTLS=1 USER_C_MODULES="$(pwd)/usercmodule" ```
```bash $ git clone https://github.com/micropython/micropython.git $ cd micropython micropython$ git submodule update --init --depth 1 micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch micropython$ cd usercmodule/ucryptography ucryptography$ git submodule update --init --depth 1 ucryptography$ cd ../../ micropython$ make -j2 -C mpy-cross/ micropython$ make -C ports/esp32 BOARD=ESP32_GENERIC_C3 USER_C_MODULES="$(pwd)/usercmodule/ucryptography/micropython.cmake" ```
```bash $ git clone https://github.com/micropython/micropython.git $ cd micropython micropython$ git submodule update --init --depth 1 micropython$ git clone https://github.com/dmazzella/ucryptography.git usercmodule/ucryptography micropython$ git apply usercmodule/ucryptography/patches/extmod__mbedtls__mbedtls_config_common.h.patch micropython$ cd usercmodule/ucryptography ucryptography$ git submodule update --init --depth 1 ucryptography$ cd ../../ micropython$ make -j2 -C mpy-cross/ micropython$ make -C ports/stm32 BOARD=ARDUINO_PORTENTA_H7 USER_C_MODULES="$(pwd)/usercmodule" ```