Skip to content

Latest commit

 

History

History
247 lines (197 loc) · 7.91 KB

README.md

File metadata and controls

247 lines (197 loc) · 7.91 KB

Description

Micropython package for doing fast rsa and elliptic curve cryptography, specifically digital signatures. ECDSA API design inspired from fastecdsa and implementation based on tomsfastmath.

Tip

If you find ucrypto useful, consider ⭐ this project and why not ... Buy me a coffee 😄

Examples

  • Signing and Verifying ufastrsa

    from ufastrsa.rsa import RSA, genrsa
    
    
    def main():
    
        bits = 1024
        print("RSA bits", bits)
        r = RSA(*genrsa(bits, e=65537))
        if r:
            print("RSA OK")
            data = b"a message to sign and encrypt via RSA"
            print("random data len:", len(data), data)
            assert r.pkcs_verify(r.pkcs_sign(data)) == data
            print("pkcs_verify OK")
            assert r.pkcs_decrypt(r.pkcs_encrypt(data)) == data
            print("pkcs_decrypt OK")
    
    
    if __name__ == "__main__":
        main()
  • Signing and Verifying ufastecdsa

    try:
        from ufastecdsa import curve, ecdsa, keys, util
    
        get_bit_length = util.get_bit_length
    except ImportError:
        from fastecdsa import curve, ecdsa, keys, util
    
        get_bit_length = int.bit_length
    
    
    def main():
    
        # private_key = 82378264402520040413352233063555671940555718680152892238371187003380781159101
        # public_key = keys.get_public_key(private_key, curve.P256)
    
        private_key, public_key = keys.gen_keypair(curve.P256)
        print("private_key:", private_key)
        print("public_key:", public_key.x, public_key.y, public_key.curve.name)
    
        m = "a message to sign via ECDSA"
    
        r, s = ecdsa.sign(m, private_key)
    
        print("R:", r)
        print("S:", s)
    
        verified = ecdsa.verify((r, s), m, public_key)
        print(verified)
    
    
    if __name__ == "__main__":
        main()
  • Arbitrary Elliptic Curve Arithmetic

    from _crypto import ECC
    
    P256 = ECC.Curve(
        0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff,
        -0x3,
        0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b,
        0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551,
        0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296,
        0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5
    )
    
    S = ECC.Point(
        0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9,
        0xc093ae7ff36e5380fc01a5aad1e66659702de80f53cec576b6350b243042a256,
        P256
    )
    
    T = ECC.Point(
        0x55a8b00f8da1d44e62f6b3b25316212e39540dc861c89575bb8cf92e35e0986b,
        0x5421c3209c2d6c704835d82ac4c3dd90f61a8a52598b9e7ab656e9d8c8b24316,
        P256
    )
    
    print("S==S  = ", S == S)
    
    print("S==T  = ", S == T)
    
    R = S + T
    print("S+T   = ({:X}, {:X})".format(R.x, R.y))
    
    R = S - T
    print("S-T   = ({:X}, {:X})".format(R.x, R.y))
    
    R = 2 * S
    print("2S    = ({:X}, {:X})".format(R.x, R.y))
    
    d = 0xc51e4753afdec1e6b6c6a5b992f43f8dd0c7a8933072708b6522468b2ffb06fd
    e = 0xd37f628ece72a462f0145cbefe3f0b355ee8332d37acdd83a358016aea029db7
    R = (d * S) + (e * T)
    print("dS+eT = ({:X}, {:X})".format(R.x, R.y))
    
    R = S + S
    print("S+S   = ({:X}, {:X})".format(R.x, R.y))
    
    R = S - S
    print("S-S   = ({:X}, {:X})".format(R.x, R.y))
  • for other examples: tests

Optimizations are disabled by default for easy build on different platforms

#define TFM_NO_ASM

// #define TFM_ECC192
// #define TFM_ECC224
// #define TFM_ECC256
// #define TFM_ECC384
// #define TFM_ECC512
// #define TFM_RSA512
// #define TFM_RSA1024
// #define TFM_RSA2048

Compiling the cmodule into MicroPython

To build such a module, compile MicroPython with an extra make flag named USER_C_MODULES set to the directory containing all modules you want included (not to the module itself).

  • Example:

    PYBD_SF6

    ~ git clone https://github.com/micropython/micropython.git micropython
    ➜  ~ cd micropython
    ➜  micropython (master) ✗ git submodule update --init
    ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/stm32/boards/PYBD_SF6/cmodules/ucrypto
    ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/stm32/ BOARD="PYBD_SF6" USER_C_MODULES="$(pwd)/ports/stm32/boards/PYBD_SF6/cmodules"

    ESP32_GENERIC

    ~ git clone https://github.com/micropython/micropython.git micropython
    ➜  ~ cd micropython
    ➜  micropython (master) ✗ git submodule update --init
    ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/esp32/boards/ESP32_GENERIC/cmodules/ucrypto
    ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/esp32/ BOARD="ESP32_GENERIC" USER_C_MODULES="$(pwd)/ports/esp32/boards/ESP32_GENERIC/cmodules/ucrypto/micropython.cmake"

    ARDUINO_NANO_RP2040_CONNECT

    ~ git clone https://github.com/micropython/micropython.git micropython
    ➜  ~ cd micropython
    ➜  micropython (master) ✗ git submodule update --init
    ➜  micropython (master) ✗ git clone https://github.com/dmazzella/ucrypto.git ports/rp2/boards/ARDUINO_NANO_RP2040_CONNECT/cmodules/ucrypto
    ➜  micropython (master) ✗ make -j8 -C mpy-cross && make -j8 -C ports/rp2/ BOARD="ARDUINO_NANO_RP2040_CONNECT" USER_C_MODULES="$(pwd)/ports/rp2/boards/ARDUINO_NANO_RP2040_CONNECT/cmodules/ucrypto/micropython.cmake"

Build size:

The build size depends on the asm optimizations of the tomsfastmath library that are enabled into ucrypto/tomsfastmath/tfm_mpi.h

#define TFM_ECC192
#define TFM_ECC224
#define TFM_ECC256
#define TFM_ECC384
#define TFM_ECC512
#define TFM_RSA512
#define TFM_RSA1024
#define TFM_RSA2048
  • PYBD_SF6 without ucrypto:
    LINK build-PYBD_SF6/firmware.elf
    text	   data	    bss	    dec	    hex	filename
    1012856	    328	 100576	1113760	 10fea0	build-PYBD_SF6/firmware.elf
    
  • PYBD_SF6 with ucrypto and with tomsfastmath only ECC 256 asm optimizations:
    // #define TFM_ECC192
    // #define TFM_ECC224
    #define TFM_ECC256
    // #define TFM_ECC384
    // #define TFM_ECC512
    // #define TFM_RSA512
    // #define TFM_RSA1024
    // #define TFM_RSA2048
    LINK build-PYBD_SF6/firmware.elf
    text	   data	    bss	    dec	    hex	filename
    1034872	    452	 101600	1136924	 11591c	build-PYBD_SF6/firmware.elf
    
  • PYBD_SF6 with ucrypto and without tomsfastmath RSA asm optimizations:
    #define TFM_ECC192
    #define TFM_ECC224
    #define TFM_ECC256
    #define TFM_ECC384
    #define TFM_ECC512
    // #define TFM_RSA512
    // #define TFM_RSA1024
    // #define TFM_RSA2048
    LINK build-PYBD_SF6/firmware.elf
    text	   data	    bss	    dec	    hex	filename
    1042552	    452	 101600	1144604	 11771c	build-PYBD_SF6/firmware.elf
    
  • PYBD_SF6 with ucrypto and full tomsfastmath asm optimizations:
    LINK build-PYBD_SF6/firmware.elf
    text	   data	    bss	    dec	    hex	filename
    1209976	    452	 101600	1312028	 14051c	build-PYBD_SF6/firmware.elf
    

To see which optimizations are enabled in the build:

MicroPython v1.19.1-705-gac5934c96-dirty on 2022-11-22; PORTENTA with STM32H747
Type "help()" for more information.
>>> import _crypto
>>> print(_crypto.NUMBER.ident())
TomsFastMath v0.13.1-next

Sizeofs
        fp_digit = 4
        fp_word  = 8

FP_MAX_SIZE = 4352

Defines: 
 TFM_ARM  TFM_ECC192  TFM_ECC224  TFM_ECC256  TFM_ECC384  TFM_ECC512  TFM_RSA512  TFM_RSA1024  TFM_RSA2048  TFM_ASM  TFM_MUL6  TFM_SQR6  TFM_MUL7  TFM_SQR7  TFM_MUL8  TFM_SQR8  TFM_MUL12  TFM_SQR12  TFM_SMALL_SET  TFM_MUL17  TFM_SQR17  TFM_MUL32  TFM_SQR32  TFM_MUL64  TFM_SQR64 

>>>