extmod/moducryptolib: Add AES-CTR support.
Selectable at compile time via MICROPY_PY_UCRYPTOLIB_CTR. Disabled by default.
This commit is contained in:
parent
906fb89fd7
commit
ef9843653b
|
@ -22,9 +22,11 @@ Classes
|
|||
* *mode* is:
|
||||
|
||||
* ``1`` (or ``ucryptolib.MODE_ECB`` if it exists) for Electronic Code Book (ECB).
|
||||
* ``2`` (or ``ucryptolib.MODE_CBC`` if it exists) for Cipher Block Chaining (CBC)
|
||||
* ``2`` (or ``ucryptolib.MODE_CBC`` if it exists) for Cipher Block Chaining (CBC).
|
||||
* ``6`` (or ``ucryptolib.MODE_CTR`` if it exists) for Counter mode (CTR).
|
||||
|
||||
* *IV* is an initialization vector for CBC mode.
|
||||
* For Counter mode, *IV* is the initial value for the counter.
|
||||
|
||||
.. method:: encrypt(in_buf, [out_buf])
|
||||
|
||||
|
|
|
@ -41,10 +41,17 @@
|
|||
|
||||
// values follow PEP 272
|
||||
enum {
|
||||
UCRYPTOLIB_MODE_MIN = 0,
|
||||
UCRYPTOLIB_MODE_ECB,
|
||||
UCRYPTOLIB_MODE_CBC,
|
||||
UCRYPTOLIB_MODE_MAX,
|
||||
UCRYPTOLIB_MODE_ECB = 1,
|
||||
UCRYPTOLIB_MODE_CBC = 2,
|
||||
UCRYPTOLIB_MODE_CTR = 6,
|
||||
};
|
||||
|
||||
struct ctr_params {
|
||||
// counter is the IV of the AES context.
|
||||
|
||||
size_t offset; // in encrypted_counter
|
||||
// encrypted counter
|
||||
uint8_t encrypted_counter[16];
|
||||
};
|
||||
|
||||
#if MICROPY_SSL_AXTLS
|
||||
|
@ -82,6 +89,19 @@ typedef struct _mp_obj_aes_t {
|
|||
uint8_t key_type: 2;
|
||||
} mp_obj_aes_t;
|
||||
|
||||
STATIC inline bool is_ctr_mode(int block_mode) {
|
||||
#if MICROPY_PY_UCRYPTOLIB_CTR
|
||||
return block_mode == UCRYPTOLIB_MODE_CTR;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
STATIC inline struct ctr_params *ctr_params_from_aes(mp_obj_aes_t *o) {
|
||||
// ctr_params follows aes object struct
|
||||
return (struct ctr_params*)&o[1];
|
||||
}
|
||||
|
||||
#if MICROPY_SSL_AXTLS
|
||||
STATIC void aes_initial_set_key_impl(AES_CTX_IMPL *ctx, const uint8_t *key, size_t keysize, const uint8_t iv[16]) {
|
||||
assert(16 == keysize || 32 == keysize);
|
||||
|
@ -155,20 +175,38 @@ STATIC void aes_process_ecb_impl(AES_CTX_IMPL *ctx, const uint8_t in[16], uint8_
|
|||
STATIC void aes_process_cbc_impl(AES_CTX_IMPL *ctx, const uint8_t *in, uint8_t *out, size_t in_len, bool encrypt) {
|
||||
mbedtls_aes_crypt_cbc(&ctx->u.mbedtls_ctx, encrypt ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT, in_len, ctx->iv, in, out);
|
||||
}
|
||||
|
||||
#if MICROPY_PY_UCRYPTOLIB_CTR
|
||||
STATIC void aes_process_ctr_impl(AES_CTX_IMPL *ctx, const uint8_t *in, uint8_t *out, size_t in_len, struct ctr_params *ctr_params) {
|
||||
mbedtls_aes_crypt_ctr(&ctx->u.mbedtls_ctx, in_len, &ctr_params->offset, ctx->iv, ctr_params->encrypted_counter, in, out);
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
STATIC mp_obj_t ucryptolib_aes_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
|
||||
mp_arg_check_num(n_args, n_kw, 2, 3, false);
|
||||
mp_obj_aes_t *o = m_new_obj(mp_obj_aes_t);
|
||||
o->base.type = type;
|
||||
|
||||
o->block_mode = mp_obj_get_int(args[1]);
|
||||
o->key_type = AES_KEYTYPE_NONE;
|
||||
const mp_int_t block_mode = mp_obj_get_int(args[1]);
|
||||
|
||||
if (o->block_mode <= UCRYPTOLIB_MODE_MIN || o->block_mode >= UCRYPTOLIB_MODE_MAX) {
|
||||
switch (block_mode) {
|
||||
case UCRYPTOLIB_MODE_ECB:
|
||||
case UCRYPTOLIB_MODE_CBC:
|
||||
#if MICROPY_PY_UCRYPTOLIB_CTR
|
||||
case UCRYPTOLIB_MODE_CTR:
|
||||
#endif
|
||||
break;
|
||||
|
||||
default:
|
||||
mp_raise_ValueError("mode");
|
||||
}
|
||||
|
||||
mp_obj_aes_t *o = m_new_obj_var(mp_obj_aes_t, struct ctr_params, !!is_ctr_mode(block_mode));
|
||||
o->base.type = type;
|
||||
|
||||
o->block_mode = block_mode;
|
||||
o->key_type = AES_KEYTYPE_NONE;
|
||||
|
||||
mp_buffer_info_t keyinfo;
|
||||
mp_get_buffer_raise(args[0], &keyinfo, MP_BUFFER_READ);
|
||||
if (32 != keyinfo.len && 16 != keyinfo.len) {
|
||||
|
@ -183,10 +221,14 @@ STATIC mp_obj_t ucryptolib_aes_make_new(const mp_obj_type_t *type, size_t n_args
|
|||
if (16 != ivinfo.len) {
|
||||
mp_raise_ValueError("IV");
|
||||
}
|
||||
} else if (o->block_mode == UCRYPTOLIB_MODE_CBC) {
|
||||
} else if (o->block_mode == UCRYPTOLIB_MODE_CBC || is_ctr_mode(o->block_mode)) {
|
||||
mp_raise_ValueError("IV");
|
||||
}
|
||||
|
||||
if (is_ctr_mode(block_mode)) {
|
||||
ctr_params_from_aes(o)->offset = 0;
|
||||
}
|
||||
|
||||
aes_initial_set_key_impl(&o->ctx, keyinfo.buf, keyinfo.len, ivinfo.buf);
|
||||
|
||||
return MP_OBJ_FROM_PTR(o);
|
||||
|
@ -204,7 +246,7 @@ STATIC mp_obj_t aes_process(size_t n_args, const mp_obj_t *args, bool encrypt) {
|
|||
mp_buffer_info_t in_bufinfo;
|
||||
mp_get_buffer_raise(in_buf, &in_bufinfo, MP_BUFFER_READ);
|
||||
|
||||
if (in_bufinfo.len % 16 != 0) {
|
||||
if (!is_ctr_mode(self->block_mode) && in_bufinfo.len % 16 != 0) {
|
||||
mp_raise_ValueError("blksize % 16");
|
||||
}
|
||||
|
||||
|
@ -224,7 +266,9 @@ STATIC mp_obj_t aes_process(size_t n_args, const mp_obj_t *args, bool encrypt) {
|
|||
}
|
||||
|
||||
if (AES_KEYTYPE_NONE == self->key_type) {
|
||||
aes_final_set_key_impl(&self->ctx, encrypt);
|
||||
// always set key for encryption if CTR mode.
|
||||
const bool encrypt_mode = encrypt || is_ctr_mode(self->block_mode);
|
||||
aes_final_set_key_impl(&self->ctx, encrypt_mode);
|
||||
self->key_type = encrypt ? AES_KEYTYPE_ENC : AES_KEYTYPE_DEC;
|
||||
} else {
|
||||
if ((encrypt && self->key_type == AES_KEYTYPE_DEC) ||
|
||||
|
@ -234,14 +278,26 @@ STATIC mp_obj_t aes_process(size_t n_args, const mp_obj_t *args, bool encrypt) {
|
|||
}
|
||||
}
|
||||
|
||||
if (self->block_mode == UCRYPTOLIB_MODE_ECB) {
|
||||
switch (self->block_mode) {
|
||||
case UCRYPTOLIB_MODE_ECB: {
|
||||
uint8_t *in = in_bufinfo.buf, *out = out_buf_ptr;
|
||||
uint8_t *top = in + in_bufinfo.len;
|
||||
for (; in < top; in += 16, out += 16) {
|
||||
aes_process_ecb_impl(&self->ctx, in, out, encrypt);
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
|
||||
case UCRYPTOLIB_MODE_CBC:
|
||||
aes_process_cbc_impl(&self->ctx, in_bufinfo.buf, out_buf_ptr, in_bufinfo.len, encrypt);
|
||||
break;
|
||||
|
||||
#if MICROPY_PY_UCRYPTOLIB_CTR
|
||||
case UCRYPTOLIB_MODE_CTR:
|
||||
aes_process_ctr_impl(&self->ctx, in_bufinfo.buf, out_buf_ptr, in_bufinfo.len,
|
||||
ctr_params_from_aes(self));
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (out_buf != MP_OBJ_NULL) {
|
||||
|
@ -279,6 +335,9 @@ STATIC const mp_rom_map_elem_t mp_module_ucryptolib_globals_table[] = {
|
|||
#if MICROPY_PY_UCRYPTOLIB_CONSTS
|
||||
{ MP_ROM_QSTR(MP_QSTR_MODE_ECB), MP_ROM_INT(UCRYPTOLIB_MODE_ECB) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_MODE_CBC), MP_ROM_INT(UCRYPTOLIB_MODE_CBC) },
|
||||
#if MICROPY_PY_UCRYPTOLIB_CTR
|
||||
{ MP_ROM_QSTR(MP_QSTR_MODE_CTR), MP_ROM_INT(UCRYPTOLIB_MODE_CTR) },
|
||||
#endif
|
||||
#endif
|
||||
};
|
||||
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
#define MICROPY_PY_FRAMEBUF (1)
|
||||
#define MICROPY_PY_COLLECTIONS_NAMEDTUPLE__ASDICT (1)
|
||||
#define MICROPY_PY_UCRYPTOLIB (1)
|
||||
#define MICROPY_PY_UCRYPTOLIB_CTR (1)
|
||||
|
||||
// TODO these should be generic, not bound to fatfs
|
||||
#define mp_type_fileio mp_type_vfs_posix_fileio
|
||||
|
|
|
@ -1281,6 +1281,11 @@ typedef double mp_float_t;
|
|||
#define MICROPY_PY_UCRYPTOLIB (0)
|
||||
#endif
|
||||
|
||||
// Depends on MICROPY_PY_UCRYPTOLIB
|
||||
#ifndef MICROPY_PY_UCRYPTOLIB_CTR
|
||||
#define MICROPY_PY_UCRYPTOLIB_CTR (0)
|
||||
#endif
|
||||
|
||||
#ifndef MICROPY_PY_UCRYPTOLIB_CONSTS
|
||||
#define MICROPY_PY_UCRYPTOLIB_CONSTS (0)
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
try:
|
||||
from ucryptolib import aes
|
||||
except ImportError:
|
||||
print("SKIP")
|
||||
raise SystemExit
|
||||
|
||||
|
||||
def _new(k, ctr_initial):
|
||||
return aes(k, 6, ctr_initial)
|
||||
|
||||
|
||||
try:
|
||||
_new(b'x' * 16, b'x' * 16)
|
||||
except ValueError as e:
|
||||
# is CTR support disabled?
|
||||
if e.args[0] == "mode":
|
||||
print("SKIP")
|
||||
raise SystemExit
|
||||
raise e
|
||||
|
||||
crypto = _new(b"1234" * 4, b"5678" * 4)
|
||||
enc = crypto.encrypt(b'a')
|
||||
print(enc)
|
||||
enc += crypto.encrypt(b'b' * 1000)
|
||||
print(enc)
|
||||
|
||||
crypto = _new(b"1234" * 4, b"5678" * 4)
|
||||
print(crypto.decrypt(enc))
|
|
@ -0,0 +1,3 @@
|
|||
b'\x06'
|
||||
b'\x06(F\x08\xc3hB\xfdO\x05;\xf6\x96\xfe\xad\xe0\xca\xe6\xd1\xa2m\t\x91v>|\xee\xe0q\xbc]\x9a`\xfal\x87\xa6e\xfb\x8a\xf4\xb2-\xc4x,\xfc@=,\x90\xf4\xe9h\xf0\xfc\xfb\xe6\x03\xf0d\xb6\xcdObZ\xde\x1b\xe2\x84-%=\xa9\xe4\x05\xab\xd7\x044\xf4$\xd0)\xfd\xd6\xdbL\xdd\xe6\x0cp\xca^p\xaaA\x8b\xb3!\xe3\x13\xfa\x7f#\xfa0\xbd\x0b\x9cX\xec\xed\x1c\xbc\x06\xa4\xa8\x17\xbfg\x98dW\xb9~\x04\xec\xe6lZ\xb0\xab\xd5\xc6v\xe4\x8f\x98G\xff\x9b\x8a\xae\xfd\xe5\xed\x96\x1b\xe2\x99u3\xeb\x9faYr;\xf0g\xf2\x9cq\x8dI\x1cL\xc9\xa8\xb0\xdeD\xd5\x06\x87u=\xcd\x10\x1c\xab\x14\x06n\x99\x13\x89\x9f5\xea\xd2\x08\x9e\xef$?\xb9\xdeQ\x0b\x90CH\xea@V\x94\x1a\xdd\x7f\x1dz\x82\xaay\xea$Lv\x07\x8e\xce\xb8oN\x15\xf8,\x05\x00\xd9H\xf4\xbe\xb8\xee\x0e\xd6Hjh\xc6\x11\xf8:\xfe\xed\xba_\xaf\x8e\'\x0c\x7fZ\xd5\xb7\xbc\xba\xd3+\xf1\x98i\xab\x0c-\xd9\xe6>\x9e\xd0\xe6>\x9f\xebn\xf0\x15\xd9:\xec\xf7aXa\xb2,CAB7\x18g\xcc#\xbc\xb8\xf9\xa7\xf4V\xba\x0baN\x88\xb1\xea\x94\x05\x0cV\x99_\xc4\xe6\xb2\xd1|\x92\x05*@U\xe4\\\x8dR\x98\xdf\xbfS\x97\x12^\tr\x1f\x12\x8f\xdfi\x8e=\xc4I\xfcB\r\x99f\xe3\xe31\xee\xa9\xcd\x91\x1a\x1ei\xfd\xf4\x84\xc6\xda\x9e\xf3\x8aKn\xaa\xf7\x9eS\xcc\xbaXZ\x0cpbk\x18\x1f\x9aAl>y\xad\xcb\xcf\xe1Wm\xe7\xdd\xcc\x10eW\xe4h\x1dY\xb5Zs\xf1\xe7\x16_\xdc:I1R\xd3\xfe\xb1)\t\xddE\xbax\x06R\xdc\x1dSdlu\xd1\x9c\x00\xaf\x87\x8d1\xbf$\x08\xc6/y\xdf\x1f\x97z(\xff\xb9\xcb\xf2,\x91\xd7\xa0W\xfc\xe3\xe2\x905\x17O\xaf\x18\xc7\xb8?\x94^\xf5@\x80\x8d\xaa*p\xbeR0i\x17\x1e\'-\xfa\xd9\xb2\x03\xb8\x1fY\x13\xc1{\x7f\xa9\x86\t\x99\xee\xa2\xba\xab\xc1\xbb\x07a\xa5J\x01\x98\xe8\x8e\xa1\x8aV\xc1)^A\xd9\xe7\xfej`\xb4\xe9\xd3C\xab\xd4\xdb\xb1\x8c\x83\xaa&\xf1\xe2\xfc\xa1Lb\xa8\xbb\xd6\x83\xb7\xd8\xc5\x9e\xb5\xed\x1b\xe6\x91\x90\xe4\xfa\xfdD\xc2\xcb\xb7U\xb3|?(\x86=\xc2\xff\xd3P\xd2\xc5y\x93\x13r\xcd>5\x80\xde\xdaJ\xdd\x8b\xfa\x14\xd1\x85\xa8P\x06(F\xb3?\xefm\x8e\xe5C\xfe\x98\xaf\xed\xd1!(\x1f.\xc6M\xba\x00\xcb\xbfg5\xc8\x9d\x97+\x14\x87\xf5\x9d4\xb4l\xd5\xc5>\x90\xf2\x06\xa2\xc1R\x89\xf0P\xb4\xe5\x97\xdb\x07\xd3\xc6q\x08\xb9\xe7\r\xf9\x13\x8215\xcb\x92\xed\x99\xc7"\x1e\xe3Zsh\x0e\xe7\xae\x10Xs&)\x1d\xe5\xd5\xbc\x95\x8e\xa3\xd6k[k\x9c\xa0%\xd4\x83%\x88}\x90\xf0\xa7\xc7\xa4(\xdaE\xb9~\xae\x05\xbd}\xe2\xd0\xa5Y\xc1aV[\xab\x93S\xa6\xacg\r\x14\xc6\xe2J\xd6\xcck"\xcc\xfb\xb3\x97\x14\x13\x0b\xd1\xf5\xe7)_\x1e\x0b\xbb\x01\xf7\x11u\x85b\xdf\xab\xe3\xbb:\x84zF\x14u\xfe\x89\x90\xbc\xcaF\x15y\xa3\xa4[\xce\xcf-\xae\x18\x97N\xaa\xed\x84A\xfc\x9e\xeb\xb3\xfcH\x8ej\xcc\x9f \x1b\xc1\x1f}\'q.\xc0^\xd99\x1e\x91b-\xf9\xed\xfd\x9a\x7f\xb6\rO\xea\xc8\x94\xea\xf6\xb4\xdb\xf5\xc7\xb3\xef\xf6D\x12>5\xf3\x9d*\xc9\xf8\x9f]\xb01{d\xe7\'\x8f\xc0\xfbKB\x8dd\xb1\x84\x804\xbe\xe2?AT\x14\xdb4eJ\x96\xc5\xb9%\xe5\x1c\xc0L\xae\xd6O\xde\x1fjJIRD\x96\xa2\xdb\xfc\xc6t\xce\xe6\xe8"\x81\xe6\xc7\x7fuz\xb3\x91\'D\xac\xb2\x93O\xee\x14\xaa7yT\xcf\x81p\x0b(\xa1d\xda\xf8\xcb\x01\x98\x07\'\xfe/\xe4\xca\xab\x03uR"zY\xfb\x1f\x02\xc5\x9c\xa0\'\x89\xffO\x88cK\xac\xb1+S0]%E\x1a\xeb\x04\xf7\x0b\xba\xa0\xbb\xbd|\x06@T\xee\xe7\x17\xa1T\xe3"\x07\x07q'
|
||||
b'abbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
|
Loading…
Reference in New Issue