synss / python-mbedtls Goto Github PK
View Code? Open in Web Editor NEWCryptographic library with an mbed TLS back end
License: MIT License
python-mbedtls's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![pre-commit-ci[bot] avatar](https://avatars.githubusercontent.com/in/68672?v=4 "pre-commit-ci[bot]")
Stargazers
Watchers
Forkers
weieast murphyzhao stepheny edmont jayvdb stensonsimon krolken sensorhound-icampbell thatdonfc rrlapointe victorlawn j-devel nicho2 jnetops january147 wukasun martinapalmucci chenzheng102 isombyt lukaskuzmiak urigold quduoduo1 dfrancis urg muratgenc sebachm94python-mbedtls's Issues
Incompatibility with mbedtls version 3.0.0
Description
Upgrading mbedtls to latest stable version 3.0.0 causes compatibility issues with python-mbedtls.
Current behavior
Building wheels for package results in error
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: error: implicit declaration of function 'mbedtls_mpi_is_prime' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
__pyx_t_2 = __Pyx_PyInt_From_int(mbedtls_mpi_is_prime((&__pyx_v_self->_ctx), (&mbedtls_ctr_drbg_random), (&__pyx_v_7mbedtls_3mpi___rng->_ctx))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
^
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: note: did you mean 'mbedtls_mpi_gen_prime'?
/usr/local/include/mbedtls/bignum.h:1002:5: note: 'mbedtls_mpi_gen_prime' declared here
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
^
1 error generated.
Full output
❯ env LDFLAGS="-I/usr/local/Cellar/mbedtls/3.0.0/include -L/usr/local/Cellar/mbedtls/3.0.0/lib" pip3 install python-mbedtls --no-cache-dir
Looking in indexes: https://pypi.org/simple, https://pypi%40dronetag.cz:****@pypi.dronetag.cz/
Collecting python-mbedtls
Downloading python-mbedtls-1.5.1.tar.gz (122 kB)
|████████████████████████████████| 122 kB 3.3 MB/s
Installing build dependencies ... done
Getting requirements to build wheel ... done
Installing backend dependencies ... done
Preparing wheel metadata ... done
Requirement already satisfied: certifi in /usr/local/lib/python3.9/site-packages (from python-mbedtls) (2021.5.30)
Building wheels for collected packages: python-mbedtls
Building wheel for python-mbedtls (PEP 517) ... error
ERROR: Command errored out with exit status 1:
command: /usr/local/opt/[email protected]/bin/python3.9 /usr/local/lib/python3.9/site-packages/pip/_vendor/pep517/in_process/_in_process.py build_wheel /var/folders/nr/d4vr6w_97gg039v6gxyfrzkw0000gn/T/tmp9e4wj54w
cwd: /private/var/folders/nr/d4vr6w_97gg039v6gxyfrzkw0000gn/T/pip-install-ltzuoka5/python-mbedtls_51fd5414c21142678e58258c68a1a045
Complete output (61 lines):
loading: '/usr/local/lib/libmbedtls.dylib'
mbedtls version: mbed TLS 3.0.0
python-mbedtls version: 1.5.1running bdist_wheel
running build
running build_py
creating build
creating build/3.9.6
creating build/3.9.6/lib.macosx-10.15-x86_64-3.9
creating build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls
copying src/mbedtls/hashlib.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls
copying src/mbedtls/__init__.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls
copying src/mbedtls/secrets.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls
copying src/mbedtls/hmac.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls
creating build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/ARIA.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/ARC4.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/AES.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/__init__.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/DES3.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/Camellia.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/CHACHA20.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/Blowfish.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/DES3dbl.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
copying src/mbedtls/cipher/DES.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher
running build_ext
cythoning src/mbedtls/_platform.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.c
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls
cythoning src/mbedtls/mpi.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c
cythoning src/mbedtls/pk.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/pk.c
cythoning src/mbedtls/tls.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/tls.c
cythoning src/mbedtls/version.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/version.c
cythoning src/mbedtls/_random.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_random.c
cythoning src/mbedtls/hkdf.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/hkdf.c
cythoning src/mbedtls/x509.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/x509.c
cythoning src/mbedtls/exceptions.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/exceptions.c
cythoning src/mbedtls/_ringbuf.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_ringbuf.c
cythoning src/mbedtls/_md.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_md.c
cythoning src/mbedtls/cipher/_cipher.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/cipher/_cipher.c
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/cipher
building 'mbedtls._platform' extension
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex
creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls
clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/include -I/usr/local/opt/[email protected]/include -I/usr/local/opt/sqlite/include -I/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/include/python3.9 -c build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.c -o build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.o
clang -bundle -undefined dynamic_lookup -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/Cellar/mbedtls/3.0.0/include -L/usr/local/Cellar/mbedtls/3.0.0/lib build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.o -L -L/usr/local/lib -L/usr/local/opt/[email protected]/lib -L/usr/local/opt/sqlite/lib -lmbedcrypto -lmbedtls -lmbedx509 -o build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/_platform.cpython-39-darwin.so
ld: warning: directory not found for option '-L-L/usr/local/lib'
building 'mbedtls.mpi' extension
clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/include -I/usr/local/opt/[email protected]/include -I/usr/local/opt/sqlite/include -I/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/include/python3.9 -c build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c -o build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.o
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: error: implicit declaration of function 'mbedtls_mpi_is_prime' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
__pyx_t_2 = __Pyx_PyInt_From_int(mbedtls_mpi_is_prime((&__pyx_v_self->_ctx), (&mbedtls_ctr_drbg_random), (&__pyx_v_7mbedtls_3mpi___rng->_ctx))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
^
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: note: did you mean 'mbedtls_mpi_gen_prime'?
/usr/local/include/mbedtls/bignum.h:1002:5: note: 'mbedtls_mpi_gen_prime' declared here
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
^
1 error generated.
error: command '/usr/bin/clang' failed with exit code 1
----------------------------------------
ERROR: Failed building wheel for python-mbedtls
Failed to build python-mbedtls
ERROR: Could not build wheels for python-mbedtls which use PEP 517 and cannot be installed directly
Expected behavior
Passing build or specification of maximum supported mbedtls version in README.md
Environment
macOS 10.15.7
Python 3.9.6
mbedtls 3.0.0 installed via brew
Wrap Hashing module
Hashing Module Level Design
[...]
Component overview
The Hashing module provides one-way hashing functions. Hashing functions are used to create a fixed-length representation of a block of data so that when the data changes the hash value does not match. The hash value is also known as a (message) digest.
A hashing function is generally used for creating a hash message authentication code (HMAC) when sending a message. Such a HMAC can be used in combination with a previously exchanged symmetric key as a message integrity and authentication control.
With this module you can thus:
- Create a hash value/message digest for a file, a stream or a buffer.
- Create a HMAC for a stream or a buffer.
Issue with loading private keys and trailing null bytes
Hello,
I believe I have encountered a bug that I want to bring to your attention.
I am submitting a …
- bug report
- feature request
Description
Current behavior
When creating and saving a private key with python-mbedtls, the resulting file contains a large number of trailing null bytes:
For example:
'-----BEGIN EC PRIVATE KEY-----\n ... Regular EC Key content ... \n-----END EC PRIVATE KEY-----\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ...... '
When removing those null bytes, the key can no longer be read. Furthermore, externally generated keys (i.e. with openssl) cannot be loaded. Reading such a file results in the error:
mbedtls.exceptions.TLSError: TLSError([0x3D62] 'PK - Invalid key tag or value : ASN1 - ASN1 tag was of an unexpected value')
Expected behavior
I expected the key.export_key("PEM") function to generate a string containing just the PEM encoded key without any trailing bytes.
Furthermore, I expected to be able to load openssl generated keys.
Minimal demo of the problem and steps to reproduce
The code I used to generate and save a key:
import mbedtls
key = mbedtls.pk.ECC()
_ = key.generate()
open("./key.pem", "w").write(key.export_key("PEM"))The code I used to read a key:
import mbedtls
key = mbedtls.pk.ECC.from_file("./key.pem")The above code works perfectly fine as long as the key was saved with the first code snippet and the null bytes are left in place. It fails however for openssl generated certificates and certificates with the null bytes removed.
Other information
Debian 11
Python 3.9.2
pyhton-mbedtls 2.5.1
mbed TLS 2.28.1
The file size seems to be always 7672 bytes. So perhaps a buffer of fixed size is written out and expected.
I truncated the string obtained from the export method with:
rstrip("\x00")
The following code makes the truncated certificate as well as openssl certificates parsable again:
import mbedtls
buf = open("./key.pem").read()
key = mbedtls.pk.ECC.from_PEM(buf.ljust(7672, "\x00"))Ubuntu 16.04.3 LTS x64 with Python 2.7 Fails to Build
From a clean install of Ubuntu, I follow the instructions in the README.md, but it fails to install. I'm not sure what all you would need in order to reproduce the error. I only included the first part of the errors from the build. It looks like I'm missing some necessary libraries.
unflavored@ubuntu:/tmp/test$ python -V
Python 2.7.12
unflavored@ubuntu:/tmp/test$ virtualenv venv
Running virtualenv with interpreter /usr/bin/python2
New python executable in /tmp/test/venv/bin/python2
Also creating executable in /tmp/test/venv/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
unflavored@ubuntu:/tmp/test$ source venv/bin/activate
(venv) unflavored@ubuntu:/tmp/test$ python -m pip install python-mbedtls
Collecting python-mbedtls
Using cached python-mbedtls-0.8.tar.gz
Building wheels for collected packages: python-mbedtls
Running setup.py bdist_wheel for python-mbedtls: started
Running setup.py bdist_wheel for python-mbedtls: finished with status 'error'
Complete output from command /tmp/test/venv/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-90lU9g/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpBunVKDpip-wheel- --python-tag cp27:
running bdist_wheel
running build
running build_ext
cythoning mbedtls/exceptions.pyx to mbedtls/exceptions.c
building 'mbedtls.exceptions' extension
creating build
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/mbedtls
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/exceptions.c -o build/temp.linux-x86_64-2.7/mbedtls/exceptions.o
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/mbedtls
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/exceptions.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/exceptions.so
cythoning mbedtls/random.pyx to mbedtls/random.c
building 'mbedtls.random' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/random.c -o build/temp.linux-x86_64-2.7/mbedtls/random.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/random.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/random.so
cythoning mbedtls/hash.pyx to mbedtls/hash.c
building 'mbedtls.hash' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/hash.c -o build/temp.linux-x86_64-2.7/mbedtls/hash.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/hash.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/hash.so
cythoning mbedtls/x509.pyx to mbedtls/x509.c
Error compiling Cython file:
------------------------------------------------------------
...
__copyright__ = "Copyright 2018, Mathias Laurin"
__license__ = "MIT License"
from libc.stdlib cimport malloc, free
cimport x509
^
------------------------------------------------------------
mbedtls/x509.pyx:9:8: 'mbedtls/x509.pxd' not found
Error compiling Cython file:
------------------------------------------------------------
...
from libc.stdlib cimport malloc, free
cimport x509
cimport mbedtls._mpi as _mpi
^
------------------------------------------------------------
mbedtls/x509.pyx:11:8: 'mbedtls/_mpi.pxd' not found
Error compiling Cython file:
------------------------------------------------------------
...
serial (int or bytes): The serial number.
"""
if not serial:
return
cdef _mpi.MPI ser = _mpi.MPI(serial)
^
------------------------------------------------------------
mbedtls/x509.pyx:180:13: 'MPI' is not a type identifier
Error compiling Cython file:
------------------------------------------------------------
...
return # Implementation detail.
self._from_buffer(bytearray(buffer))
...
server.py error
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
in 2.3.0 executing ./server.py --dtls --debug 3 --port 9009 --address 149.28.170.96 --psk-store "CLI1=asecretkey","CLI2=Client_identity" gives:
_enable_debug_output(conf)
TypeError: Argument 'conf' has incorrect type (expected mbedtls._tls.MbedTLSConfiguration, got DTLSConfiguration)
There is no similar error in 2.2.0
Current behavior
Expected behavior
Steps to reproduce
Minimal demo of the problem
>>> import mbedtls
...Other information
Any plans to add DTLS support?
It would be if other parts, e.g. the really great DTLS support in mbedTLS, were also supported, even if just partially. Any plans to add a wrapper?
Refactor API to PEP272, PEP452
Tests for TLSv1 disabled
The tests for TLSv1 do not pass.
Build for Thread (EC-J-PAKE support)
Hi, I'm trying to build python-mbedtls with EC-J_PAKE support for Thread usage. ARM provides a special configuration file which allows to cover those minimal requirements. I tried replacing the default config and resulted in a lot of errors.
At the moment it's OK for me to have incremental support (not minimal) and I think that can be achieved by defining MBEDTLS_USER_CONFIG_FILE as the config-thread.h.
So I introduced these changes: edmont@bd4afe2
But when trying to build (python3 setup.py build) I get this warning:
build-3.7.3/temp.linux-x86_64-3.7/pyrex/mbedtls/tls.c:16957:10: warning: implicit declaration of function ‘mbedtls_ssl_set_hs_ecjpake_password’; did you mean ‘mbedtls_ssl_get_record_expansion’? [-Wimplicit-function-declaration]
What am I missing?
Implement padding control for crypto
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
Currently all symmetric block ciphers default to the padding whichever one was set in mbedtls at compilation time. Because it's by default not MBEDTLS_PADDING_NONE the current setup excludes many usecases for the ciphers.
Current behavior
As I see currently it's using MBEDTLS_PADDING_PKCS7.
Expected behavior
Either default to MBEDTLS_PADDING_NONE and have the user's implement padding on their own, or expose the mbedtls_cipher_set_padding_mode to the user.
(NOTE: should be applied to both encryption and decryption context a the same time)
Steps to reproduce
Minimal demo of the problem
Other information
Add support for libmbedtls 2.11.0 features
See mbedtls release notes:
Features
- (2.11) Added support for the XTS block cipher mode with AES (AES-XTS). Contributed by Aorimn in pull request #414.
- (2.11) Implemented the HMAC-based extract-and-expand key derivation function (HKDF) per RFC 5869. Contributed by Thomas Fossati.
- (2.11) For TLS servers, added support for offloading private key operations to an external cryptoprocessor. Private key operations can be asynchronous to allow non-blocking operation of the TLS server stack.
- (2.11) Added support for ARIA cipher (RFC 5794) and associated TLS ciphersuites (RFC 6209). ARIA is disabled by default. To enable, see MBEDTLS_ARIA_C in config.h.
- (2.11) Added support for the CCM* block cipher mode as defined in IEEE Std 802.15.4.
- (2.11) Added an additional block mode, OFB (Output Feedback) per NIST SP 800-38a, to the AES module and cipher abstraction module.
pk.get_supported_curves raise `ValueError: b'x25519' is not a valid Curve`
Bug report
Description
Calling pk.get_supported_curves() raises following error
Traceback (most recent call last):
File "minimal-example.py", line 3, in <module>
print(pk.get_supported_curves())
File "src/mbedtls/pk.pyx", line 116, in mbedtls.pk.get_supported_curves
File "/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 384, in __call__
return cls.__new__(cls, value)
File "/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 702, in __new__
raise ve_exc
ValueError: b'x25519' is not a valid Curve
Environment
macOS 10.15.7
Python 3.9.6
mbedtls 2.27.0 installed via brew
Minimal demo of the problem
from mbedtls import pk
print(pk.get_supported_curves())Add support for Chacha/Poly
See libmbedtls 2.12.0 release notes.
TLSWrappedBuffer do_handshake fails
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- [X ] bug report
- feature request
Description
I'm trying to set up a client context and inspect the handshake messages without using sockets. # _pep543.TLSWrappedBuffer
Current behavior
When invoking do_handshake() I get mbedtls.exceptions.TLSError: TLSError([0x7100] 'SSL - Bad input parameters to function')
Expected behavior
I expect to get a WantReadError or a WantWriteError and be able to obtain the initial handshake bytes
Steps to reproduce
from mbedtls import tls
ctx = tls.ClientContext(tls.TLSConfiguration(validate_certificates=False))
ssl = ctx.wrap_buffers(None)
ssl.do_handshake()
This should produce WantWriteError
Minimal demo of the problem
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from mbedtls import tls
ls.TLSConfiguration(validate_certificates=False))
ssl = ctx.wrap_buffers(None)
ssl.do_handshake()>>>
>>> ctx = tls.ClientContext(tls.TLSConfiguration(validate_certificates=False))
>>> ssl = ctx.wrap_buffers(None)
>>> ssl.do_handshake()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "src/mbedtls/tls.pyx", line 1460, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src/mbedtls/tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake
File "src/mbedtls/tls.pyx", line 1286, in mbedtls.tls._BaseContext._do_handshake_step
File "src/mbedtls/tls.pyx", line 1305, in mbedtls.tls._BaseContext._handle_handshake_response
File "src/mbedtls/exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src/mbedtls/exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x7100] 'SSL - Bad input parameters to function')
Other information
Awesome project, thank you for it!
Make crypto context update their own IV
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
Not sure if it's a feature request or a bug.
Currently the main function for performing encryption or decryption is done via mbedtls_cipher_crypt which doesn't update the IV value (or at least the new IV value is not used in subsequent calls to encrypt and decrypt functions, this results in using multiple calls for any block cipher like AES-CBC/CFB/OFB... will yield incorrect result.
Current behavior
Expected behavior
I'd recommend to modify the pxd/pyx code to update the fresh IV after each successful encryption/decryption call.
Steps to reproduce
Minimal demo of the problem
In case you disagree with the information stated in the description I'll produce an example script, just let me know.
Other information
Add cache configurability
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- [X ] feature request
Description
Hi, I am currently trying to do some benchmarks with different DTLS setups, and for that I would need to be able to modify the value of the session cache timeout so that I'm not stuck with the default value of 1 day
Current behavior
It is currently impossible to modify the session cache timeout value from this package's bindings to mbedtls
Expected behavior
Have the mbedtls_ssl_cache_set_max_entries, mbedtls_ssl_cache_set_timeout, and mbedtls_ssl_conf_session_cache exposed through the Python bindings so that the behavior of mbedtls cache can be modified
Other information
Update coverage statistics
Server cannot accept multiple clients in multithreading
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
Hi, I try to test socket server with multiple clients, using multi threading on the server side, but only can connect one client after accept per time, until that client socket is closed, then it is possible to accept another client, if two clients are running at same time, the second client is doing handshake either to timeout or succeeded when the last client socket is closed.
Thanks
Current behavior
Expected behavior
Steps to reproduce
- run server
- run two client at same time (within 10 seconds)
Minimal demo of the problem
#DTLS server
import os
from _thread import *
import asyncio
import time
import structlog
from contextlib import suppress
from mbedtls import tls
import socket
import functools
from mbedtls.tls import *
import struct
from mbedtls.tls import _enable_debug_output, _set_debug_level
def block(cb, *args, **kwargs):
while True:
try:
result = cb(*args, **kwargs)
except (WantReadError, WantWriteError):
print(" .", cb.__name__)
else:
print(" .", "done", cb.__name__, result)
return result
srv_conf = tls.DTLSConfiguration(
ciphers=(
# PSK Requires the selection PSK ciphers.
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
),
pre_shared_key_store={
"client0": b"a secret",
"client1": b"other secret",
"client42": b"the secret",
"client100": b"yet another one",
},
)
_enable_debug_output(srv_conf)
_set_debug_level(1)
HOST, PORT = "0.0.0.0", 2883
dtls_srv_ctx = tls.ServerContext(srv_conf)
bindsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
dtls_srv = dtls_srv_ctx.wrap_socket(bindsock)
dtls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
dtls_srv.bind((HOST, PORT))
ThreadCount = 0
def threaded_client(connection, address):
while True:
data = block(client.recv, 2048)
block(client.send, data)
if data == b"\0":
break
client.close()
while True:
print(f"> waiting to accept:")
cli0, cli_address0 = dtls_srv.accept()
print(f"> accepted:")
cli0.setcookieparam(cli_address0[0].encode("ascii"))
try:
block(cli0.do_handshake)
except HelloVerifyRequest:
print("HVR")
cli1, cli_address1 = cli0.accept()
cli0.close()
cli1.setcookieparam(cli_address1[0].encode("ascii"))
block(cli1.do_handshake)
print(" .", "handshake", cli1.negotiated_tls_version())
client = cli1
client_address = cli_address1
print('Connected to: ' + client_address[0] + ':' + str(client_address[1]))
start_new_thread(threaded_client, (client, client_address,))
ThreadCount += 1
print('Thread Number: ' + str(ThreadCount))
dtls_srv.close()
#DTLS client
import socket
import struct
import time
from mbedtls import tls
from mbedtls.x509 import CRT
from mbedtls.tls import *
from mbedtls.tls import _enable_debug_output, _set_debug_level
cli_conf = tls.DTLSConfiguration(pre_shared_key=("client42", b"the secret"))
_enable_debug_output(cli_conf)
_set_debug_level(1)
address = ("127.0.0.1", 2883)
host, port = address
ctx = ClientContext(cli_conf)
cli = ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP),
server_hostname="localhost",
)
print(" .", "connect", address)
cli.connect(address)
def block(cb, *args, **kwargs):
while True:
try:
result = cb(*args, **kwargs)
except (WantReadError, WantWriteError):
print(" .", cb.__name__)
else:
print(" .", "done", cb.__name__, result)
return result
block(cli.do_handshake)
print(" .", "handshake", cli.negotiated_tls_version())
msg = b"hello"
for _ in range(5):
nn = block(cli.send, msg)
print(" .", "S", nn, len(msg))
data, addr = block(cli.recvfrom, 4096)
print(" .", "R", nn, data)
time.sleep(2)
else:
block(cli.send, b"\0")
block(cli.recvfrom, 4096)
print(cli)
cli.close()
Other information
won't install/compile
Hi,
Trying to build it fails:
building 'mbedtls._md' extension
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-g
cc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c -o build-3.6.8/temp.linux-
x86_64-3.6/build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.o
build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c: In function ‘pyx_pf_7mbedtls_3_md_6MDBase_10block_size___get’:
build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c:4795:62: error: dereferencing pointer to incomplete type
__pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_self->_ctx.md_info->block_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
This is with:
- python-mbedtls-0.18.0
- mbedtls-2.28.0
Installation fails on Raspberry Pi 4
I am submitting a …
- bug report
- feature request
Description
When installing on Raspberry Pi 4, fails due to fatal error: mbedtls/bignum.h: No such file or directory
#include "mbedtls/bignum.h"
Current behavior
Fails to install
Expected behavior
Should install
Steps to reproduce
- Update Raspberry Pi to latest
- pip3 install python-mbedtls
- See error in log.
Minimal demo of the problem
pi@raspberrypi:~ $ pip3 install python-mbedtls
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting python-mbedtls
Using cached https://files.pythonhosted.org/packages/4e/b7/1e29337f668485c79bec77c95e2d361a5375eac8bfefba5ab8adff1fa5dd/python-mbedtls-1.4.1.tar.gz
Installing build dependencies ... done
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from python-mbedtls) (2018.8.24)
Building wheels for collected packages: python-mbedtls
Running setup.py bdist_wheel for python-mbedtls ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /tmp/pip-wheel-5psloyj4 --python-tag cp37:
Library not found
loading: None
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 133, in
version=mbedtls_version_info, url=mbedtls_url
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 65, in check_mbedtls_support
mbedtls_version(lib), sep=os.linesep
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 45, in mbedtls_version
lib.mbedtls_version_get_string_full(output_p)
File "/usr/lib/python3.7/ctypes/init.py", line 369, in getattr
func = self.getitem(name)
File "/usr/lib/python3.7/ctypes/init.py", line 374, in getitem
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /usr/bin/python3: undefined symbol: mbedtls_version_get_string_full
Failed building wheel for python-mbedtls
Running setup.py clean for python-mbedtls
Failed to build python-mbedtls
Installing collected packages: python-mbedtls
Running setup.py install for python-mbedtls ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-cx3phpq9/install-record.txt --single-version-externally-managed --compile --user --prefix=:
running install
running build
running build_py
creating build
creating build/3.7.3
creating build/3.7.3/lib.linux-armv7l-3.7
creating build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/hmac.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/init.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/secrets.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/hashlib.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
creating build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES3dbl.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/ARIA.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES3.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/AES.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/Blowfish.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/Camellia.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/CHACHA20.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/ARC4.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/init.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
running build_ext
cythoning src/mbedtls/mpi.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c
creating build/3.7.3/temp.linux-armv7l-3.7
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls
cythoning src/mbedtls/_ringbuf.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_ringbuf.c
cythoning src/mbedtls/exceptions.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/exceptions.c
cythoning src/mbedtls/x509.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/x509.c
cythoning src/mbedtls/version.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/version.c
cythoning src/mbedtls/_platform.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_platform.c
cythoning src/mbedtls/_random.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_random.c
cythoning src/mbedtls/tls.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/tls.c
cythoning src/mbedtls/pk.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/pk.c
cythoning src/mbedtls/hkdf.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/hkdf.c
cythoning src/mbedtls/_md.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_md.c
cythoning src/mbedtls/cipher/_cipher.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/cipher/_cipher.c
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/cipher
building 'mbedtls.mpi' extension
creating build/3.7.3/temp.linux-armv7l-3.7/build
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls
arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c -o build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.o
build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c:608:10: fatal error: mbedtls/bignum.h: No such file or directory
#include "mbedtls/bignum.h"
^~~~~~~~~~~~~~~~~~
compilation terminated.
error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-cx3phpq9/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-zj03qrrr/python-mbedtls/
Other information
None
Installation broken on macOS 10.15.7 and ports python3 or apple python3
I am submitting a …
- bug report
- feature request
Description
The latest version of python-mbedtls 1.4.0 does not seem to install correctly on macOS Catalina 10.15.7. After attempting to install multiple times via pip3 or from source using Apple's version of pip3/python3 or a macports selected version of pip3/python3, the package always is missing the dynamically loaded shared objects in the medbtls python directory. This prevents importing of the mbedtls package. I have a working version of the same package on Ubuntu 18.04 LTS which includes the missing objects but am not sure how to get the package working on macOS.
Current behavior
After installing mbedtls (from MacPorts) either using pip3 to install python-mbedtls or installing from the source package (as in the egg example below), the mbedtls package cannot be imported in a python script as follows:
$ python3
Python 3.6.12 (default, Sep 6 2020, 12:48:16)
[GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/__init__.py", line 8, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/__init__.py", line 12, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/AES.py", line 11, in <module>
ModuleNotFoundError: No module named 'mbedtls.exceptions'
Here are the contents of the egg referenced above:
$ unzip -l /opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg
Archive: /opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg
Length Date Time Name
--------- ---------- ----- ----
24255 11-22-2020 01:53 EGG-INFO/PKG-INFO
1978 11-22-2020 01:53 EGG-INFO/SOURCES.txt
1 11-22-2020 01:53 EGG-INFO/dependency_links.txt
70 11-22-2020 01:53 EGG-INFO/requires.txt
8 11-22-2020 01:53 EGG-INFO/top_level.txt
1 11-22-2020 01:53 EGG-INFO/zip-safe
742 10-17-2020 06:16 mbedtls/__init__.py
1563 10-17-2020 06:16 mbedtls/hashlib.py
1707 10-17-2020 06:16 mbedtls/hmac.py
1252 10-17-2020 06:16 mbedtls/secrets.py
749 11-22-2020 01:53 mbedtls/__pycache__/__init__.cpython-36.pyc
2031 11-22-2020 01:53 mbedtls/__pycache__/hashlib.cpython-36.pyc
2103 11-22-2020 01:53 mbedtls/__pycache__/hmac.cpython-36.pyc
1393 11-22-2020 01:53 mbedtls/__pycache__/secrets.cpython-36.pyc
2155 10-17-2020 06:16 mbedtls/cipher/AES.py
1046 10-17-2020 06:16 mbedtls/cipher/ARC4.py
1763 10-17-2020 06:16 mbedtls/cipher/ARIA.py
1471 10-17-2020 06:16 mbedtls/cipher/Blowfish.py
1637 10-17-2020 06:16 mbedtls/cipher/CHACHA20.py
1552 10-17-2020 06:16 mbedtls/cipher/Camellia.py
1322 10-17-2020 06:16 mbedtls/cipher/DES.py
1409 10-17-2020 06:16 mbedtls/cipher/DES3.py
1400 10-17-2020 06:16 mbedtls/cipher/DES3dbl.py
574 10-17-2020 06:16 mbedtls/cipher/__init__.py
1798 11-22-2020 01:53 mbedtls/cipher/__pycache__/AES.cpython-36.pyc
1112 11-22-2020 01:53 mbedtls/cipher/__pycache__/ARC4.cpython-36.pyc
1753 11-22-2020 01:53 mbedtls/cipher/__pycache__/ARIA.cpython-36.pyc
1441 11-22-2020 01:53 mbedtls/cipher/__pycache__/Blowfish.cpython-36.pyc
1700 11-22-2020 01:53 mbedtls/cipher/__pycache__/CHACHA20.cpython-36.pyc
1505 11-22-2020 01:53 mbedtls/cipher/__pycache__/Camellia.cpython-36.pyc
1361 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES.cpython-36.pyc
1425 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES3.cpython-36.pyc
1419 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES3dbl.cpython-36.pyc
671 11-22-2020 01:53 mbedtls/cipher/__pycache__/__init__.cpython-36.pyc
--------- -------
66367 34 files
The same occurred when trying to install using apple's python3. Here are the contents of the mbedtls directory after installation:
$ ll /Library/Python/3.8/site-packages/mbedtls/
total 32
drwxr-xr-x 7 root wheel 224 22 Nov 08:59 ./
drwxr-xr-x 23 root wheel 736 22 Nov 08:59 ../
-rw-r--r-- 1 root wheel 742 22 Nov 08:59 __init__.py
drwxr-xr-x 12 root wheel 384 22 Nov 08:59 cipher/
-rw-r--r-- 1 root wheel 1563 22 Nov 08:59 hashlib.py
-rw-r--r-- 1 root wheel 1707 22 Nov 08:59 hmac.py
-rw-r--r-- 1 root wheel 1252 22 Nov 08:59 secrets.py
Here are the contents of the build directory when building from source:
$ ll python-mbedtls-1.4.0/build/3.6.12/lib/mbedtls/
total 32
drwxr-xr-x 7 tom staff 224 22 Nov 01:43 ./
drwxr-xr-x 3 tom staff 96 22 Nov 01:43 ../
-rw-r--r-- 1 tom staff 742 17 Oct 06:16 __init__.py
drwxr-xr-x 12 tom staff 384 22 Nov 01:43 cipher/
-rw-r--r-- 1 tom staff 1563 17 Oct 06:16 hashlib.py
-rw-r--r-- 1 tom staff 1707 17 Oct 06:16 hmac.py
-rw-r--r-- 1 tom staff 1252 17 Oct 06:16 secrets.py
Expected behavior
It looks like the there are a number of modules that should be loaded dynamically as shared objects but for some reason these are not being built/installed. On Ubuntu 18.04LTS, here is how things look with a working installation:
$ ll /usr/local/lib/python3.6/dist-packages/mbedtls/
total 15656
drwxr-sr-x 4 root staff 4096 Oct 29 16:33 ./
drwxrwsr-x 5 root staff 4096 Oct 29 16:33 ../
drwxr-sr-x 3 root staff 4096 Oct 29 16:33 cipher/
-rwxr-xr-x 1 root staff 322144 Oct 29 16:33 exceptions.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1563 Oct 29 16:33 hashlib.py
-rwxr-xr-x 1 root staff 1154448 Oct 29 16:33 hkdf.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1707 Oct 29 16:33 hmac.py
-rw-r--r-- 1 root staff 742 Oct 29 16:33 __init__.py
-rwxr-xr-x 1 root staff 1257320 Oct 29 16:33 _md.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1654856 Oct 29 16:33 mpi.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 2351800 Oct 29 16:33 pk.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1006928 Oct 29 16:33 _platform.cpython-36m-x86_64-linux-gnu.so*
drwxr-sr-x 2 root staff 4096 Oct 29 16:33 __pycache__/
-rwxr-xr-x 1 root staff 1175248 Oct 29 16:33 _random.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1113456 Oct 29 16:33 _ringbuf.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1252 Oct 29 16:33 secrets.py
-rwxr-xr-x 1 root staff 3155440 Oct 29 16:32 tls.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 190800 Oct 29 16:33 version.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 2598216 Oct 29 16:33 x509.cpython-36m-x86_64-linux-gnu.so*
$ python3
Python 3.6.9 (default, Oct 8 2020, 12:12:24)
[GCC 8.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
>>>
Steps to reproduce
- Install mbedtls libraries (e.g. "sudo port install mbedtls")
- Use pip3 to install python-mbedtls "sudo -H pip3 install python-mbedtls"
- Run python3 and try to import mbedtls
Minimal demo of the problem
$ python3
Python 3.6.12 (default, Sep 6 2020, 12:48:16)
[GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/__init__.py", line 8, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/__init__.py", line 12, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/AES.py", line 11, in <module>
ModuleNotFoundError: No module named 'mbedtls.exceptions'
Other information
macOS Catalina v10.15.7
pip 20.2.4
Python 3.6.12
mbedtls @2.24.0
Implement getpeercert
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
I need to obtain the server's certificate after a successful handshake. In PEP there is a function documented getpeercert but I see in the code this is not implemented (commented out).
Would it be possible to obtain the server's certificate in some other way? If not, I'd like to ask you to add this feature.
Current behavior
getpeercert is not implemented
Expected behavior
getpeercert to be implemented
Steps to reproduce
N/A
Minimal demo of the problem
N/A
Other information
I don't need it in parsed form, binary DER is more than enough.
Installation fails in windows with python 3.7.2 in windows env
I am submitting a …
- [ x] bug report
- feature request
Description
Installation of this module fails in windows environment with python 3.7.2
When installing the module using "pip install python-mbedtls==1.3.1" in win env, i am getting below error
"WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError('Cannot connect to proxy.', NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x03DCF770>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))': /simple/python-mbedtls/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) "
ERROR: Could not find a version that satisfies the requirement python-mbedtls==1.3.1 (from versions: none)
ERROR: No matching distribution found for python-mbedtls==1.3.1
I think, when i see the installation" section, i came to know that this library supports for linux and macos.
It would be really helpful - if the support is available for win environment,since I could not find a library that supports "PSK" cipher suites PSK-AES128-GCM-SHA256 and PSK-NULL-SHA256 for both TLS and DTLS communication.
I see that this library supports for both TLS and DTLS communication for both the ciphers that is mentioned above.
Current behavior
Getting an error when trying to install python-mbedtls module using pip command.
ERROR: Could not find a version that satisfies the requirement python-mbedtls==1.3.1 (from versions: none)
ERROR: No matching distribution found for python-mbedtls==1.3.1
Expected behavior
Expecting : This library shall be able to install in windows env.
how to build the package or generate the wheel package in case of win env would be really helpful .
Steps to reproduce
1.use "pip install python-mbedtls==1.3.1" in python terminal in windows os.
Minimal demo of the problem
Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))': /simple/python-mbedtls/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) "
Detailed log is attached for further investigation.
[log_mbedtls.txt]
Other information
Windows 10 64-bit OS
Python 3.7.2
pip 20.1.1
I want to clarify this doubt,however i have only option to bring this notice as an issue.
Need threaded DTLS server example
Hi.
Very need threaded server example for DTLS.
Thanks.
Executing server.py gives:
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
Current behavior
Expected behavior
Steps to reproduce
Minimal demo of the problem
>>> import mbedtls
...Other information
DTLS Handshake Timeout
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
I am trying to use DTLS for a high-latency connection (30s+), which doesn't work because the client keeps retrying the handshake with way to short delays for my application (the default is 1-60s).
Current behavior
handshake timeout is not configurable (parameter commented out here: https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.pyx#L777)
Expected behavior
handshake timeout is configurable (somehow, preferably in DTLSConfiguration)
Binding: mbedtls_ssl_conf_handshake_timeout
Tests failing on openSUSE Tumbleweed Python 2.7
Project at https://build.opensuse.org/package/show/home:jayvdb:strictyaml/python-python-mbedtls
It builds both python 2 & then 3.
Python 3 passes the tests, but there are a lot of failures for Python 2.
The logs are there. Let me know if you want me to copy them over.
Show whole source code
Description
While I was following the library code flow,
I noticed that it was impossible to find definitions of some functions
such as "mbedtls_pk_check_pair" (used in https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/pk.pyx,
and declared in https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/pk.pxd).
Please, would you help me to find all source code?
Tests fail if mbedtls built without ARIA support
I am submitting a …
- bug report
- feature request
Description
python-mbedtls fails some of its test suite if mbedtls isn't built with ARIA support.
[...]
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98850>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30e020>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98b90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30ec00>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98ed0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30e020>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99210>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a2ac0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99550>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a1ee0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99890>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a2ac0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0c3d0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361760>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0c710>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361940>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0ca50>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0cd90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361e40>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d0d0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d410>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3622a0>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d750>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0da90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362700>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0ddd0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e110>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362b60>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e450>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e790>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362fc0>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
_____________________________________________________________ TestGenericCipher.test_cbc_requires_padding[mbedtls.cipher.ARIA] ______________________________________________________________
self = <test_cipher.TestGenericCipher object at 0x7f5cead43c50>, module = <module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>
randbytes = <function randbytes.<locals>.function at 0x7f5cea4a79c0>
def test_cbc_requires_padding(
self, module: CipherType, randbytes: Callable[[int], bytes]
) -> None:
mode = Mode.CBC
if mode not in SUPPORTED_MODES[module]:
return pytest.skip( # type: ignore[return-value]
f"unsupported mode for {module!r}: {mode!s}"
)
sizes = SUPPORTED_SIZES[module][mode]
for key_size in sizes.key_size:
> cipher = module.new(
randbytes(key_size), mode, iv=randbytes(sizes.iv_size)
)
tests/test_cipher.py:445:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
================================================================================== short test summary info ==================================================================================
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestGenericCipher::test_cbc_requires_padding[mbedtls.cipher.ARIA] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
================================================================== 73 failed, 2575 passed, 101 skipped, 7 xfailed in 8.20s ==================================================================
Current behavior
Tests fail unexpectedly.
Expected behavior
Tests which need ARIA should be skipped if support is unavailable.
2.28.I
Steps to reproduce
-
Build mbedtls on Gentoo (see configuration at https://gitweb.gentoo.org/repo/gentoo.git/tree/net-libs/mbedtls/mbedtls-2.28.1.ebuild)
-
Run python-mbedtls test suite either from 2.5.1 or master
Other information
I'm using mbedtls-2.28.1 installed from the Gentoo packaging for it. We've not had any problems like this before so I don't think our configuration is too odd, but I've discovered today that mbedtls is wildly configurable!
I've attached my /usr/include/mbedtls/config.h: config.h.gz
Question: is RSASSA_PSS supported by wrapper code?
Hi,
First thing, Thank You for your exceptional work in producing this Cython wrapper for mbedTLS.
I was wondering, is it possible to use RSASSA_PSS to sign bytes with mbedtls.pk.RSA? If so, could you please provide an example? I've been looking in the source code, looking how to use mbedtls_pk_type_t.MBEDTLS_PK_RSASSA_PSS, but could not find it.
I just noticed that RSASSA_PSS is commented in CIPHER_NAME tuple, so I suspect this is not implemented?
Kind Regards,
Roberto
Renegotiate Issues
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- [x ] feature request
Description
Currently, I am trying to initiate a DTLS handshake in which the server handles things in a very particular way.
The flow is this:
Client Hello (client)
Hello Verify Request (server)
Client Hello + cookie (client)
Hello Request (server)
Client Hello #no cookie# (client)
Server Hello
etc...
I believe what I need access too is the ability to set this to 1
_tls.mbedtls_ssl_conf_renegotiation(&self._ctx, 0) line 446 tls.pyx
Current behavior
Renegotiation is disabled and I believe that is what I need enabled. I would also love if the bindings for mbedtls legacy negotiation options where accessible
Expected behavior
Allow users to modify these values when setting up a context for tls or dtls
Steps to reproduce
Using default DTLS config provided in docs, works as expected until renegotiation occurs.
Other information
If this is something that is already available, please provide info on how to achieve this, thank you in advance.
(D)TLS PSK Examples not working on Windows build
I am submitting a …
- [ x] bug report
- feature request
Description
Setup:
- mbedtls was built using VS2019 as recommended here.
- python-mbedtls was built from source following the same instructions
- python versions tried: 3.8 and 3.9
The module was successfully setup, hashing functions proved to be working. It appears that all the functionality is working except TLS. A (D)TLS PSK client and server were setup.
The ClientHello message gets sent but the server fails on do_handshake function.
Exception thrown: mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
Included .pcap trace: python-mbedtls_rst.zip
Current behavior
Client error traceback:
Traceback (most recent call last):
File "...\mbedtls\mbedtls-test.py", line 36, in
block(tls_cli.do_handshake)
File "...\mbedtls\mbedtls-test.py", line 26, in block
return callback(*args, **kwargs)
File "src\mbedtls\tls.pyx", line 1691, in mbedtls.tls.TLSWrappedSocket.do_handshake
File "src\mbedtls\tls.pyx", line 1458, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src\mbedtls\tls.pyx", line 1276, in mbedtls.tls._BaseContext._do_handshake
File "src\mbedtls\tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake_step
File "src\mbedtls\tls.pyx", line 1300, in mbedtls.tls._BaseContext._handle_handshake_response
File "src\mbedtls\exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src\mbedtls\exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
Server error traceback:
Traceback (most recent call last):
File "...\mbedtls\mbedtls-test-server.py", line 60, in
server_main_loop(tls_srv)
File "...\mbedtls\mbedtls-test-server.py", line 33, in server_main_loop
block(conn.do_handshake)
File "...\mbedtls\mbedtls-test-server.py", line 27, in block
return callback(*args, **kwargs)
File "src\mbedtls\tls.pyx", line 1691, in mbedtls.tls.TLSWrappedSocket.do_handshake
File "src\mbedtls\tls.pyx", line 1458, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src\mbedtls\tls.pyx", line 1276, in mbedtls.tls._BaseContext._do_handshake
File "src\mbedtls\tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake_step
File "src\mbedtls\tls.pyx", line 1300, in mbedtls.tls._BaseContext._handle_handshake_response
File "src\mbedtls\exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src\mbedtls\exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
Expected behavior
The handshake should be successful.
Steps to reproduce
- Run server
- Run client
Minimal demo of the problem
Server code:
import socket
from mbedtls import tls
import contextlib
get_request = "\r\n".join((
"GET / HTTP/1.0",
"",
"")).encode("ascii")
http_response = "\r\n".join((
"HTTP/1.0 200 OK",
"Content-Type: text/html",
"",
"<h2>Test Server</h2>",
"<p>Successful connection.</p>",
"")).encode("ascii")
http_error = "\r\n".join((
"HTTP/1.0 400 Bad Request",
"",
""))
def block(callback, *args, **kwargs):
while True:
with contextlib.suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
def server_main_loop(sock):
conn, addr = sock.accept()
print(conn, addr)
block(conn.do_handshake)
data = conn.recv(1024)
if data == get_request:
conn.sendall(http_response)
else:
conn.sendall(http_error)
srv_conf = tls.TLSConfiguration(
ciphers=(
# PSK Requires the selection PSK ciphers.
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
),
pre_shared_key_store={
"test2": b"secret"
}
)
tls_srv_ctx = tls.ServerContext(srv_conf)
tls_srv = tls_srv_ctx.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
port = 4433
tls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
tls_srv.bind(("127.0.0.1", port))
tls_srv.listen(1)
server_main_loop(tls_srv)Client code:
import socket
from mbedtls import tls
import contextlib
get_request = "\r\n".join((
"GET / HTTP/1.0",
"",
"")).encode("ascii")
http_response = "\r\n".join((
"HTTP/1.0 200 OK",
"Content-Type: text/html",
"",
"<h2>Test Server</h2>",
"<p>Successful connection.</p>",
"")).encode("ascii")
http_error = "\r\n".join((
"HTTP/1.0 400 Bad Request",
"",
""))
def block(callback, *args, **kwargs):
while True:
with contextlib.suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
cli_conf = tls.TLSConfiguration(pre_shared_key=("test2", b"secret"))
tls_cli_ctx = tls.ClientContext(cli_conf)
tls_cli = tls_cli_ctx.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM), server_hostname=None)
tls_cli.connect(("127.0.0.1", 4433))
block(tls_cli.do_handshake)
tls_cli.send(get_request)Other information
AES GCM 128 and 256 fails TAG test vector
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
AES GCM 128 and 256 fails TAG test vector.
AES GCM 128 test vector:
key = '00000000000000000000000000000000'
nonce = '000000000000000000000000'
plaintext = ''
ciphertext = ''
adata = ''
mac = '58e2fccefa7e3061367f1d57a4e7455a'
AES256 GCM test vector:
key = '0000000000000000000000000000000000000000000000000000000000000000'
nonce = '000000000000000000000000'
plaintext = ''
ciphertext = ''
adata = ''
mac = '530f8afbc74536b9a963b4f1c4cb738b'
Current behavior
When trying to perform encryption with the above test vectors, the module produces the following error:
CIPHER - Decryption of block requires a full block'
Also note that the error message specifies DECRYPTION but it's an encryption operation.
Expected behavior
Passing the test :)
Steps to reproduce
pip install python-mbedtls- Execute the sample script
Minimal demo of the problem
from mbedtls import cipher as mbedcipher
key = bytes.fromhex('00000000000000000000000000000000')
nonce = bytes.fromhex('000000000000000000000000')
plaintext = b''
ciphertext = b''
adata = b''
mac = bytes.fromhex('530f8afbc74536b9a963b4f1c4cb738b')
cipherobj = mbedcipher.AES.new(key, mbedcipher.MODE_GCM, nonce, adata)
cipherobj.encrypt(plaintext)
Other information
This test passes on cryptography pycryptodome pycryptodomex and pyaes modules.
Use of PSK for DTLS
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- [x ] feature request
Description
I read the source code and I can't see a way to use PSK for DTLS. It seems only to handle certificates.
Is there a way to specify the use of PSK with the current implementation? Otherwise what would be needed to implement PSK?
Is it possible to have a PSK store? My use case involves many devices with a different PSK. I haven't found a good way of managing individual device PSK in other open source projects so thought it might be best to look at a lower level implementation as mbedTLS.
Compile Issues
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
I am having a hell of a time compiling this project from source on Linux Ubuntu Desktop LTS
Current behavior
I get this error when trying to run build wheel
main
- local python=python3
- local system=linux
- build python3
- local python=python3
- python3 --version
Python 3.8.10 - python3 setup.py bdist_wheel
Library not found
The paths are probably not set correctly but let's try anyway
build/3.8.10/temp.linux-x86_64-3.8/pyrex/mbedtls/tls.c:797:10: fatal error: mbedtls/net_sockets.h: No such file or directory
797 | #include "mbedtls/net_sockets.h"
| ^~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
I get the same error when trying to install with sudo python3 setup.py install
Expected behavior
I was getting a similar error trying to compile on linux. it does not appear the requirements.txt in main dir, nor the build.txt or tests.txt in requirements dir covers everything you need. I also went and installed pretty much everything in this stackoverflow thread
https://stackoverflow.com/questions/26053982/setup-script-exited-with-error-command-x86-64-linux-gnu-gcc-failed-with-exit
still not working. I need to be able to compile this myself to apply the changes we talked about in a previous ticket
ModuleNotFoundError: No module named 'mbedtls.exceptions'
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
Missing mbedtls.exceptions module when importing mbedtls.cipher
Current behavior
Error when importing mbedtls.cipher
Expected behavior
python can find mbedtls.exception module
Steps to reproduce
- Install python-mbedtls version 1.4.0
- Import mbedtls.cipher module
Minimal demo of the problem
>>> from mbedtls import cipher
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.8/site-packages/mbedtls/__init__.py", line 8, in <module>
import mbedtls.cipher as cipher
File "/usr/lib/python3.8/site-packages/mbedtls/cipher/__init__.py", line 12, in <module>
from . import AES, ARC4, ARIA, CHACHA20, DES, DES3, Blowfish, Camellia, DES3dbl
File "/usr/lib/python3.8/site-packages/mbedtls/cipher/AES.py", line 11, in <module>
from mbedtls.exceptions import TLSError
ModuleNotFoundError: No module named 'mbedtls.exceptions'## Other information
fails to run
$ sudo pip3 install python-mbedtls
WARNING: Running pip install with root privileges is generally not a good idea. Try pip3 install --user instead.
Collecting python-mbedtls
Using cached https://files.pythonhosted.org/packages/bc/ba/23dc1786580315753a0738b90b5679de2487e3fc802e360de42eacc956c3/python-mbedtls-1.7.0.tar.gz
Requirement already satisfied: certifi in /usr/local/lib/python3.6/site-packages (from python-mbedtls)
Requirement already satisfied: typing_extensions in /usr/local/lib/python3.6/site-packages (from python-mbedtls)
Installing collected packages: python-mbedtls
Running setup.py install for python-mbedtls ... done
Successfully installed python-mbedtls-1.7.0
$ python3
Python 3.6.8 (default, Nov 16 2020, 16:55:22)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
from mbedtls._tls import _enable_debug_output, _set_debug_level
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib64/python3.6/site-packages/mbedtls/init.py", line 15, in
import mbedtls.tls as tls
File "/usr/local/lib64/python3.6/site-packages/mbedtls/tls.py", line 17, in
from ._tls import (
ImportError: /usr/local/lib64/python3.6/site-packages/mbedtls/_tls.cpython-36m-x86_64-linux-gnu.so: undefined symbol: mbedtls_cipher_set_padding_mode
This is with both mbedtls-2.16.12 as well as mbedtls-2.28.0.
Build error
I tried to build the latest repro on CentOS 1804 x64 and got a failure.
cmd issued: sudo /usr/local/bin/python3.7 setup.py install
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/usr/local/include/python3.7m -c build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.c -o build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.o
build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.c:611:33: fatal error: mbedtls/md_internal.h: No such file or directory
#include "mbedtls/md_internal.h"
^
compilation terminated.
error: command 'gcc' failed with exit status 1
update
I also tried the 0.14.0 version from here and got a different build error:
https://pypi.org/project/python-mbedtls/#files
sudo /usr/local/bin/python3.7 setup.py install
running install
running bdist_egg
running egg_info
writing src/python_mbedtls.egg-info/PKG-INFO
writing dependency_links to src/python_mbedtls.egg-info/dependency_links.txt
writing requirements to src/python_mbedtls.egg-info/requires.txt
writing top-level names to src/python_mbedtls.egg-info/top_level.txt
reading manifest file 'src/python_mbedtls.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'src/python_mbedtls.egg-info/SOURCES.txt'
installing library code to build-3.7.1/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build-3.7.1
creating build-3.7.1/lib.linux-x86_64-3.7
creating build-3.7.1/lib.linux-x86_64-3.7/mbedtls
copying src/mbedtls/init.py -> build-3.7.1/lib.linux-x86_64-3.7/mbedtls
creating build-3.7.1/lib.linux-x86_64-3.7/mbedtls/cipher
copying src/mbedtls/cipher/init.py -> build-3.7.1/lib.linux-x86_64-3.7/mbedtls/cipher
running build_ext
cythoning src/mbedtls/x509.pyx to build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c
creating build-3.7.1/temp.linux-x86_64-3.7
creating build-3.7.1/temp.linux-x86_64-3.7/pyrex
creating build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
building 'mbedtls.x509' extension
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/usr/local/include/python3.7m -c build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c -o build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.o
build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c:611:26: fatal error: mbedtls/asn1.h: No such file or directory
#include "mbedtls/asn1.h"
^
compilation terminated.
error: command 'gcc' failed with exit status 1
Wrap Public Key module
Public Key Module Level Design
[...]
Component overview
The Public Key module provides asymmetric cryptography functions that are mainly used for:
- Public/private keypair generation.
- Parsing and writing keys.
- Key exchange.
- Message signing and verification.
- Message encryption/decryption.
The Public Key module does not interact with other modules, although it is loosely coupled with the RNG module, e.g. for prime number generation and blinding.
Is session caching support? and if not, can you add it?
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
I am looking for a way to use session caching with this package. I have not found documentation on it so I assume that it is not supported. Could this be something that you would consider adding?
Current behavior
No session caching, at least it is not documented
Expected behavior
Steps to reproduce
Minimal demo of the problem
>>> import mbedtls
...Other information
Vulnerable shared libraries might make python-mbedtls vulnerable. Can you help upgrade to patch versions?
Hi, @Synss , @stepheny , I'd like to report a vulnerability issue in python-mbedtls_1.7.0.
Dependency Graph between Python and Shared Libraries
Issue Description
As shown in the above dependency graph (Here shows part of the dependency graph, which depends on vulnerable shared libraries), python-mbedtls_1.7.0 directly or transitively depends on 8 C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
libmbedcrypto-ac73041f.so.3 ,libmbedtls-47606ffb.so.12 and libmbedx509-91f761cc.so.0 from C project mbedtls(version:2.16.11) exposed 2 vulnerabilities:
CVE-2021-45451, CVE-2021-45450
Suggested Vulnerability Patch Versions
mbedtls has fixed the vulnerabilities in versions >=3.1.0
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (python-mbedtls has 15,250 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~
Best regards,
Joe Gardner
Can I call mbedtls_ecdh_gen_public directly with python-mbedtls.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- [x ] feature request
Description
hi Synss,
I want to specific argments p_rng for mbedtls_ecdh_gen_public, it's usually in c coding, but I can't find a way to do this with python-mbedtls.
thanks for your great work on python-mbedtls, it's very useful to me.
Current behavior
currently, I try to this in python code, but it always crash at so.mbedtls_ecdh_gen_public.
so = ctypes.CDLL("/usr/local/lib/python2.7/site-packages/mbedtls/pk.so")
ecdh_ctx = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
d = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
Q = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
RNG = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
so.mbedtls_ecdh_init(ecdh_ctx)
so.mbedtls_mpi_init(d)
so.mbedtls_ecp_point_init(Q)
so.mbedtls_ctr_drbg_init(RNG)
so.mbedtls_ecp_group_load(ecdh_ctx, 9)
so.mbedtls_ecdh_gen_public(ecdh_ctx, d, Q, so.mbedtls_ctr_drbg_random, RNG)
print ecdh_ctx
Expected behavior
Steps to reproduce
Minimal demo of the problem
>>> import mbedtls
...Other information
AES CBC produce encrypted data with double length compared to Cryptodome and C mbedtls
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
16 byte input data should produce 16 byte encrypted data. Cryptodome and mbedtls on my ESP32 micro controller are behaving like that. But python-mbedtls produces 32 byte encrypted data.
Here is the sample of my source code for ESP32
mbedtls_aes_context aes;
const unsigned char key[16] = "My 16-bytes key";
unsigned char iv[16] = "My 16-bytes iv.";
size_t length = 16;
unsigned char in[length], out[length*2];
for (size_t i = 0; i < length; i++) in[i] = 0;
for (size_t i = 0; i < length*2; i++) out[i] = 0;
mbedtls_aes_setkey_enc(&aes, key, 16*8);
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, length,iv,in, out);
delay(500);
Serial.print("Encrypted from ESP32 : ");
for (size_t i = 0; i < length*2; i++){
Serial.printf("%d, ",(char)out[i]);
}
Serial.println();
That program print:
Encrypted from ESP32 : 98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
As you can see, there are 16 non zero data in output byte array of length 32.
Current behavior
16 byte input data produces 32 byte encrypted data. The problem is python-mbedtls refuse to decrypt 16 byte encrypted data from Cryptodome and ESP32 mbedtls while giving this error
File "desktop/simetrikRemote.py", line 12, in <module>
print([int(x) for x in d.decrypt(dec_byte[:16])])
File "src/mbedtls/cipher/_cipher.pyx", line 289, in mbedtls.cipher._cipher.Cipher.decrypt
File "src/mbedtls/cipher/_cipher.pyx", line 276, in mbedtls.cipher._cipher.Cipher._crypt
File "src/mbedtls/exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src/mbedtls/exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x6200] 'CIPHER - Input data contains invalid padding and is rejected')`
Expected behavior
16 byte input data produces 16 byte encrypted data and python-mbedtls can decrypt encryption from another AES implementation.
Steps to reproduce
- Encrypt using AES CBC
Minimal demo of the problem
from Cryptodome.Cipher import AES
from mbedtls import cipher
key = b'My 16-bytes key\0'
iv = b"My 16-bytes iv.\0"
raw = bytearray(16) #list of zeros
d1 = AES.new(key, AES.MODE_CBC, iv)
enc1 = d1.encrypt(raw)
print("length of encrypted data using cryptodome: ", len(enc1))
print([int(x) for x in enc1])
d2 = cipher.AES.new(key, cipher.MODE_CBC, iv)
enc2 = d2.encrypt(raw)
print("length of encrypted data using python-mbedtls: ", len(enc2))
print([int(x) for x in enc2])
The program above prints:
length of encrypted data using cryptodome: 16
[98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164]
length of encrypted data using python-mbedtls: 32
[98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164, 204, 133, 178, 79, 207, 47, 52, 158, 254, 38, 43, 177, 175, 127, 252, 6]
From where that additional 16 byte come from?
Other information
python-mbedtls : 1.4.0
OS : Arch Linux
error control nb args
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
- bug report
- feature request
Description
in the file tls.py, there is an error about the length of args in function sendto (line 302)
Current behavior
def sendto(self, message, *args):
if not 2 <= len(args) <= 3:
raise TypeError(
"sendto() takes 2 or 3 arguments (%i given)" % (1 + len(args))
)
args can have one or two 'arg' : flag and address also the control must be:
if not 1 <= len(args) <= 2:
Installation failed on MacOS with Python 3.7
I don't know if it only happened on my side. The system information is as below:
MacOS 10.14.6
Python 3.7.3
pip 19.1.1
When installing the package with command "pip install python-mbedtls -i https://pypi.python.org/simple", I got the following error:
......
build-3.7.3/temp.macosx-10.7-x86_64-3.7/pyrex/mbedtls/_platform.c:596:10: fatal error: 'mbedtls/platform_util.h' file not found
#include "mbedtls/platform_util.h"
^~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
error: command 'gcc' failed with exit status 1
----------------------------------------
ERROR: Failed building wheel for python-mbedtls
The full logs can be found in attached logs.txt
Please have a look at it. Thanks.
Wrap X509 module
Wrap Cipher module
Symmetric Cipher (Cipher) Module Level Design
[...]
Component overview
The Cipher module provides symmetric encryption and decryption
using some chosen ciphers in a generic way.The Cipher module does not interact with other modules.
Wrap Random number generation module
RFE: “When to use this” in documentation
I am submitting a …
- bug report
- feature request
Description
It would be nice to have a section of the main documentation that outlines the intended uses of this module versus ssl. mbedTLS is quite a bit slower than OpenSSL, and on any device that needs mbedTLS’s lightness it’s probably advantageous to use a compiled language rather than python. The notion of “alternative” TLS libraries intrigues me, but the performance hit makes it seem hard to justify.
The number of GitHub forks & stars here, though, suggests that someone finds it of use, so I’m curious what those use cases are. Having them in the docs would probably help potential users to know “sooner-rather-than-later” that python-mbedtls is right for them.
Thanks for reading!
DTLS on windows
I am submitting a …
- bug report
- feature request
Description
I have :
-1- Download-mbedTLS.PS1 (version 2.16.9)
-2- Install-mbedTLS.PS1
-3- launch python setup.py install (my python version is 3.7.8
all seems OK
I try DTLS example (DTLS client and server)
Current behavior
when the client try to do handshake, the server give an exception:
Traceback (most recent call last):
File "", line 1, in
File "src\mbedtls\tls.pyx", line 1557, in mbedtls.tls.TLSWrappedSocket.accept
OSError: [WinError 10040] Un message envoyé sur un socket datagramme était plus volumineux que le tampon de messages interne ou qu’une autre limite réseau ou bien le tampon utilisé pour recevoir un datagramme était plus petit que le datagramme lui-même
it's at the moment where the server receive the "client hello"
def accept(self):
if self.type == _socket.SOCK_STREAM:
conn, address = self._socket.accept()
else:
data, address = self._socket.recvfrom(1, _socket.MSG_PEEK)
Expected behavior
No exception
Steps to reproduce
1.Run server
2.Run client
Minimal demo of the problem
code server :
from mbedtls import tls
import datetime as dt
from mbedtls import hashlib
from mbedtls import pk
from mbedtls import x509
import socket
from contextlib import suppress
import multiprocessing as mp
def block(callback, *args, **kwargs):
while True:
with suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
def dtls_server_main_loop(sock):
"""A simple DTLS echo server."""
conn, addr = sock.accept()
print(conn,addr)
conn.setcookieparam(addr[0].encode())
with suppress(tls.HelloVerifyRequest):
block(conn.do_handshake)
conn, addr = conn.accept()
conn.setcookieparam(addr[0].encode())
block(conn.do_handshake)
data = conn.recv(4096)
conn.send(data)
def server_main_loop(sock):
conn, addr = sock.accept()
print(conn, addr)
block(conn.do_handshake)
data = conn.recv(4096)
if data == get_request:
conn.sendall(http_response)
else:
conn.sendall(http_error)
if __name__ == "__main__":
# Here, the trusted root is a self-signed CA certificate ca0_crt signed by ca0_key
now = dt.datetime.utcnow()
ca0_key = pk.RSA()
_ = ca0_key.generate()
ca0_csr = x509.CSR.new(ca0_key, "CN=Trusted CA", hashlib.sha256())
ca0_crt = x509.CRT.selfsign(
ca0_csr, ca0_key,
not_before=now, not_after=now + dt.timedelta(days=90),
serial_number=0x123456,
basic_constraints=x509.BasicConstraints(True, 1))
#An intermediate then issues a Certificate Singing Request(CSR) that the root CA signs:
ca1_key = pk.ECC()
_ = ca1_key.generate()
ca1_csr = x509.CSR.new(ca1_key, "CN=Intermediate CA", hashlib.sha256())
ca1_crt = ca0_crt.sign(
ca1_csr, ca0_key, now, now + dt.timedelta(days=90), 0x123456,
basic_constraints = x509.BasicConstraints(ca=True, max_path_length=3))
# And finally, the intermediate CA signs a certificate for the End Entity on the basis of a new CSR:
ee0_key = pk.ECC()
_ = ee0_key.generate()
ee0_csr = x509.CSR.new(ee0_key, "CN=End Entity", hashlib.sha256())
ee0_crt = ca1_crt.sign(
ee0_csr, ca1_key, now, now + dt.timedelta(days=90), 0x987654)
# The emitting certificate can be used to verify the next certificate in the chain:
print(f'la validation du certificat est {ca1_crt.verify(ee0_crt)}')
print(f'la validation du certificat est {ca0_crt.verify(ca1_crt)}')
# the trust store just consists in the root certificate ca0_crt
trust_store = tls.TrustStore()
trust_store.add(ca0_crt)
# context serveur
dtls_srv_ctx = tls.ServerContext(tls.DTLSConfiguration(
trust_store = trust_store,
certificate_chain = ([ee0_crt, ca1_crt], ee0_key),
validate_certificates = False
))
# The DTLS contexts can now wrap UDP sockets.
dtls_srv = dtls_srv_ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
)
port = 4443
dtls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
dtls_srv.bind(("0.0.0.0", port))
#In contrast with TCP (TLS), there is not call to listen() for UDP.
#runner = mp.Process(target=dtls_server_main_loop, args=(dtls_srv, ))
#runner.start()
server_main_loop(dtls_srv)
-- code client
from mbedtls import tls
import datetime as dt
from mbedtls import hashlib
from mbedtls import pk
from mbedtls import x509
import socket
from contextlib import suppress
import multiprocessing as mp
def block(callback, *args, **kwargs):
while True:
with suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
if __name__ == "__main__":
# Here, the trusted root is a self-signed CA certificate ca0_crt signed by ca0_key
now = dt.datetime.utcnow()
ca0_key = pk.RSA()
_ = ca0_key.generate()
ca0_csr = x509.CSR.new(ca0_key, "CN=Trusted CA", hashlib.sha256())
ca0_crt = x509.CRT.selfsign(
ca0_csr, ca0_key,
not_before=now, not_after=now + dt.timedelta(days=90),
serial_number=0x123456,
basic_constraints=x509.BasicConstraints(True, 1))
#An intermediate then issues a Certificate Singing Request(CSR) that the root CA signs:
ca1_key = pk.ECC()
_ = ca1_key.generate()
ca1_csr = x509.CSR.new(ca1_key, "CN=Intermediate CA", hashlib.sha256())
ca1_crt = ca0_crt.sign(
ca1_csr, ca0_key, now, now + dt.timedelta(days=90), 0x123456,
basic_constraints = x509.BasicConstraints(ca=True, max_path_length=3))
# And finally, the intermediate CA signs a certificate for the End Entity on the basis of a new CSR:
ee0_key = pk.ECC()
_ = ee0_key.generate()
ee0_csr = x509.CSR.new(ee0_key, "CN=End Entity", hashlib.sha256())
ee0_crt = ca1_crt.sign(
ee0_csr, ca1_key, now, now + dt.timedelta(days=90), 0x987654)
# The emitting certificate can be used to verify the next certificate in the chain:
print(f'la validation du certificat est {ca1_crt.verify(ee0_crt)}')
print(f'la validation du certificat est {ca0_crt.verify(ca1_crt)}')
# the trust store just consists in the root certificate ca0_crt
trust_store = tls.TrustStore()
trust_store.add(ca0_crt)
#client
dtls_cli_ctx = tls.ClientContext(tls.DTLSConfiguration(
trust_store = trust_store,
validate_certificates = True,
))
dtls_cli = dtls_cli_ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM),
server_hostname=None,
)
port = 4443
dtls_cli.connect(("localhost", port))
block(dtls_cli.do_handshake)
DATAGRAM = b"hello datagram"
block(dtls_cli.send, DATAGRAM)
block(dtls_cli.recv, 4096)
Other information
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.